mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2026-05-05 04:56:10 +02:00
Code Issues Projects Releases Wiki Activity

MINOR: quic: rename confusing wording aes to hp

Browse Source 
Some of the crypto functions used for headers protection in QUIC are
named with an "aes" name even thought they are not used for AES
encryption only.

This patch renames these "aes" to "hp" so it is clearer.
This commit is contained in:
William Lallemand 2024-07-18 15:03:54 +02:00
parent 31c831e29b
commit d55a297b85
5 changed files with 25 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
include/haproxy/quic_tls.h
View File

@ -119,14 +119,14 @@ void quic_aead_iv_build(unsigned char *iv, size_t ivlen,
unsigned char *aead_iv, size_t aead_ivlen, uint64_t pn);
/* HP protection (AES) */
int quic_tls_dec_aes_ctx_init(EVP_CIPHER_CTX **aes_ctx,
int quic_tls_dec_hp_ctx_init(EVP_CIPHER_CTX **aes_ctx,
const EVP_CIPHER *aes, unsigned char *key);
int quic_tls_enc_aes_ctx_init(EVP_CIPHER_CTX **aes_ctx,
int quic_tls_enc_hp_ctx_init(EVP_CIPHER_CTX **aes_ctx,
const EVP_CIPHER *aes, unsigned char *key);
int quic_tls_aes_decrypt(unsigned char *out,
int quic_tls_hp_decrypt(unsigned char *out,
const unsigned char *in, size_t inlen,
EVP_CIPHER_CTX *ctx);
int quic_tls_aes_encrypt(unsigned char *out,
int quic_tls_hp_encrypt(unsigned char *out,
const unsigned char *in, size_t inlen,
EVP_CIPHER_CTX *ctx);
@ -959,7 +959,7 @@ static inline int qc_new_isecs(struct quic_conn *qc,
if (!quic_tls_rx_ctx_init(&rx_ctx->ctx, rx_ctx->aead, rx_ctx->key))
goto err;
if (!quic_tls_enc_aes_ctx_init(&rx_ctx->hp_ctx, rx_ctx->hp, rx_ctx->hp_key))
if (!quic_tls_enc_hp_ctx_init(&rx_ctx->hp_ctx, rx_ctx->hp, rx_ctx->hp_key))
goto err;
if (!quic_tls_derive_keys(ctx->tx.aead, ctx->tx.hp, ctx->tx.md, ver,
@ -972,7 +972,7 @@ static inline int qc_new_isecs(struct quic_conn *qc,
if (!quic_tls_tx_ctx_init(&tx_ctx->ctx, tx_ctx->aead, tx_ctx->key))
goto err;
if (!quic_tls_enc_aes_ctx_init(&tx_ctx->hp_ctx, tx_ctx->hp, tx_ctx->hp_key))
if (!quic_tls_enc_hp_ctx_init(&tx_ctx->hp_ctx, tx_ctx->hp, tx_ctx->hp_key))
goto err;
TRACE_LEAVE(QUIC_EV_CONN_ISEC, qc, rx_init_sec, tx_init_sec);

2
src/quic_rx.c
View File

@ -91,7 +91,7 @@ static int qc_do_rm_hp(struct quic_conn *qc,
sample = pn + QUIC_PACKET_PN_MAXLEN;
if (!quic_tls_aes_decrypt(mask, sample, sizeof mask, tls_ctx->rx.hp_ctx)) {
if (!quic_tls_hp_decrypt(mask, sample, sizeof mask, tls_ctx->rx.hp_ctx)) {
TRACE_ERROR("HP removing failed", QUIC_EV_CONN_RMHP, qc, pkt);
goto leave;
}

4
src/quic_ssl.c
View File

@ -217,7 +217,7 @@ static int ha_quic_set_encryption_secrets(SSL *ssl, enum ssl_encryption_level_t
goto leave;
}
if (!quic_tls_dec_aes_ctx_init(&rx->hp_ctx, rx->hp, rx->hp_key)) {
if (!quic_tls_dec_hp_ctx_init(&rx->hp_ctx, rx->hp, rx->hp_key)) {
TRACE_ERROR("could not initial RX TLS cipher context for HP", QUIC_EV_CONN_RWSEC, qc);
goto leave;
}
@ -260,7 +260,7 @@ write:
goto leave;
}
if (!quic_tls_enc_aes_ctx_init(&tx->hp_ctx, tx->hp, tx->hp_key)) {
if (!quic_tls_enc_hp_ctx_init(&tx->hp_ctx, tx->hp, tx->hp_key)) {
TRACE_ERROR("could not initial TX TLS cipher context for HP", QUIC_EV_CONN_RWSEC, qc);
goto leave;
}

28
src/quic_tls.c
View File

@ -593,9 +593,9 @@ int quic_tls_rx_ctx_init(QUIC_AEAD_CTX **rx_ctx,
return 0;
}
/* Initialize <*aes_ctx> AES cipher context with <key> as key for encryption */
int quic_tls_enc_aes_ctx_init(EVP_CIPHER_CTX **aes_ctx,
const EVP_CIPHER *aes, unsigned char *key)
/* Initialize <*hp_ctx> cipher context with <key> as key for header protection encryption */
int quic_tls_enc_hp_ctx_init(EVP_CIPHER_CTX **hp_ctx,
const EVP_CIPHER *hp, unsigned char *key)
{
EVP_CIPHER_CTX *ctx;
@ -603,10 +603,10 @@ int quic_tls_enc_aes_ctx_init(EVP_CIPHER_CTX **aes_ctx,
if (!ctx)
return 0;
if (!EVP_EncryptInit_ex(ctx, aes, NULL, key, NULL))
if (!EVP_EncryptInit_ex(ctx, hp, NULL, key, NULL))
goto err;
*aes_ctx = ctx;
*hp_ctx = ctx;
return 1;
err:
@ -614,12 +614,12 @@ int quic_tls_enc_aes_ctx_init(EVP_CIPHER_CTX **aes_ctx,
return 0;
}
/* Encrypt <inlen> bytes from <in> buffer into <out> with <ctx> as AES
/* Encrypt <inlen> bytes from <in> buffer into <out> with <ctx> as
* cipher context. This is the responsibility of the caller to check there
* is at least <inlen> bytes of available space in <out> buffer.
* Return 1 if succeeded, 0 if not.
*/
int quic_tls_aes_encrypt(unsigned char *out,
int quic_tls_hp_encrypt(unsigned char *out,
const unsigned char *in, size_t inlen,
EVP_CIPHER_CTX *ctx)
{
@ -633,9 +633,9 @@ int quic_tls_aes_encrypt(unsigned char *out,
return 1;
}
/* Initialize <*aes_ctx> AES cipher context with <key> as key for decryption */
int quic_tls_dec_aes_ctx_init(EVP_CIPHER_CTX **aes_ctx,
const EVP_CIPHER *aes, unsigned char *key)
/* Initialize <*hp_ctx> cipher context with <key> as key for header protection decryption */
int quic_tls_dec_hp_ctx_init(EVP_CIPHER_CTX **hp_ctx,
const EVP_CIPHER *hp, unsigned char *key)
{
EVP_CIPHER_CTX *ctx;
@ -643,10 +643,10 @@ int quic_tls_dec_aes_ctx_init(EVP_CIPHER_CTX **aes_ctx,
if (!ctx)
return 0;
if (!EVP_DecryptInit_ex(ctx, aes, NULL, key, NULL))
if (!EVP_DecryptInit_ex(ctx, hp, NULL, key, NULL))
goto err;
*aes_ctx = ctx;
*hp_ctx = ctx;
return 1;
err:
@ -654,12 +654,12 @@ int quic_tls_dec_aes_ctx_init(EVP_CIPHER_CTX **aes_ctx,
return 0;
}
/* Decrypt <in> data into <out> with <ctx> as AES cipher context.
/* Decrypt <in> data into <out> with <ctx> as cipher context.
* This is the responsibility of the caller to check there is at least
* <outlen> bytes into <in> buffer.
* Return 1 if succeeded, 0 if not.
*/
int quic_tls_aes_decrypt(unsigned char *out,
int quic_tls_hp_decrypt(unsigned char *out,
const unsigned char *in, size_t inlen,
EVP_CIPHER_CTX *ctx)
{

4
src/quic_tx.c
View File

@ -1471,13 +1471,13 @@ void quic_apply_header_protection(struct quic_conn *qc, unsigned char *pos,
* and at most 4 bytes for the packet number
*/
unsigned char mask[5] = {0};
EVP_CIPHER_CTX *aes_ctx = tls_ctx->tx.hp_ctx;
EVP_CIPHER_CTX *hp_ctx = tls_ctx->tx.hp_ctx;
TRACE_ENTER(QUIC_EV_CONN_TXPKT, qc);
*fail = 0;
if (!quic_tls_aes_encrypt(mask, pn + QUIC_PACKET_PN_MAXLEN, sizeof mask, aes_ctx)) {
if (!quic_tls_hp_encrypt(mask, pn + QUIC_PACKET_PN_MAXLEN, sizeof mask, hp_ctx)) {
TRACE_ERROR("could not apply header protection", QUIC_EV_CONN_TXPKT, qc);
*fail = 1;
goto out;