From: William Lallemand <wlallemand@haproxy.com>
Date: Thu, 18 Jul 2024 13:03:54 +0000 (+0200)
Subject: MINOR: quic: rename confusing wording aes to hp
X-Git-Tag: v3.1-dev5~86
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d55a297b8541d5a2c593a127e0305161d284ce61;p=thirdparty%2Fhaproxy.git

MINOR: quic: rename confusing wording aes to hp

Some of the crypto functions used for headers protection in QUIC are
named with an "aes" name even thought they are not used for AES
encryption only.

This patch renames these "aes" to "hp" so it is clearer.
---

diff --git a/include/haproxy/quic_tls.h b/include/haproxy/quic_tls.h
index 69194148d1..3b0a40970a 100644
--- a/include/haproxy/quic_tls.h
+++ b/include/haproxy/quic_tls.h
@@ -119,14 +119,14 @@ void quic_aead_iv_build(unsigned char *iv, size_t ivlen,
                         unsigned char *aead_iv, size_t aead_ivlen, uint64_t pn);
 
 /* HP protection (AES) */
-int quic_tls_dec_aes_ctx_init(EVP_CIPHER_CTX **aes_ctx,
+int quic_tls_dec_hp_ctx_init(EVP_CIPHER_CTX **aes_ctx,
                               const EVP_CIPHER *aes, unsigned char *key);
-int quic_tls_enc_aes_ctx_init(EVP_CIPHER_CTX **aes_ctx,
+int quic_tls_enc_hp_ctx_init(EVP_CIPHER_CTX **aes_ctx,
                               const EVP_CIPHER *aes, unsigned char *key);
-int quic_tls_aes_decrypt(unsigned char *out,
+int quic_tls_hp_decrypt(unsigned char *out,
                          const unsigned char *in, size_t inlen,
                          EVP_CIPHER_CTX *ctx);
-int quic_tls_aes_encrypt(unsigned char *out,
+int quic_tls_hp_encrypt(unsigned char *out,
                          const unsigned char *in, size_t inlen,
                          EVP_CIPHER_CTX *ctx);
 
@@ -959,7 +959,7 @@ static inline int qc_new_isecs(struct quic_conn *qc,
 	if (!quic_tls_rx_ctx_init(&rx_ctx->ctx, rx_ctx->aead, rx_ctx->key))
 		goto err;
 
-	if (!quic_tls_enc_aes_ctx_init(&rx_ctx->hp_ctx, rx_ctx->hp, rx_ctx->hp_key))
+	if (!quic_tls_enc_hp_ctx_init(&rx_ctx->hp_ctx, rx_ctx->hp, rx_ctx->hp_key))
 		goto err;
 
 	if (!quic_tls_derive_keys(ctx->tx.aead, ctx->tx.hp, ctx->tx.md, ver,
@@ -972,7 +972,7 @@ static inline int qc_new_isecs(struct quic_conn *qc,
 	if (!quic_tls_tx_ctx_init(&tx_ctx->ctx, tx_ctx->aead, tx_ctx->key))
 		goto err;
 
-	if (!quic_tls_enc_aes_ctx_init(&tx_ctx->hp_ctx, tx_ctx->hp, tx_ctx->hp_key))
+	if (!quic_tls_enc_hp_ctx_init(&tx_ctx->hp_ctx, tx_ctx->hp, tx_ctx->hp_key))
 		goto err;
 
 	TRACE_LEAVE(QUIC_EV_CONN_ISEC, qc, rx_init_sec, tx_init_sec);
diff --git a/src/quic_rx.c b/src/quic_rx.c
index 083454272c..462f996d00 100644
--- a/src/quic_rx.c
+++ b/src/quic_rx.c
@@ -91,7 +91,7 @@ static int qc_do_rm_hp(struct quic_conn *qc,
 
 	sample = pn + QUIC_PACKET_PN_MAXLEN;
 
-	if (!quic_tls_aes_decrypt(mask, sample, sizeof mask, tls_ctx->rx.hp_ctx)) {
+	if (!quic_tls_hp_decrypt(mask, sample, sizeof mask, tls_ctx->rx.hp_ctx)) {
 		TRACE_ERROR("HP removing failed", QUIC_EV_CONN_RMHP, qc, pkt);
 		goto leave;
 	}
diff --git a/src/quic_ssl.c b/src/quic_ssl.c
index 0b27c7403b..79c56d3bbc 100644
--- a/src/quic_ssl.c
+++ b/src/quic_ssl.c
@@ -217,7 +217,7 @@ static int ha_quic_set_encryption_secrets(SSL *ssl, enum ssl_encryption_level_t
 		goto leave;
 	}
 
-	if (!quic_tls_dec_aes_ctx_init(&rx->hp_ctx, rx->hp, rx->hp_key)) {
+	if (!quic_tls_dec_hp_ctx_init(&rx->hp_ctx, rx->hp, rx->hp_key)) {
 		TRACE_ERROR("could not initial RX TLS cipher context for HP", QUIC_EV_CONN_RWSEC, qc);
 		goto leave;
 	}
@@ -260,7 +260,7 @@ write:
 		goto leave;
 	}
 
-	if (!quic_tls_enc_aes_ctx_init(&tx->hp_ctx, tx->hp, tx->hp_key)) {
+	if (!quic_tls_enc_hp_ctx_init(&tx->hp_ctx, tx->hp, tx->hp_key)) {
 		TRACE_ERROR("could not initial TX TLS cipher context for HP", QUIC_EV_CONN_RWSEC, qc);
 		goto leave;
 	}
diff --git a/src/quic_tls.c b/src/quic_tls.c
index 94d9e7f82b..29fa734771 100644
--- a/src/quic_tls.c
+++ b/src/quic_tls.c
@@ -593,9 +593,9 @@ int quic_tls_rx_ctx_init(QUIC_AEAD_CTX **rx_ctx,
 	return 0;
 }
 
-/* Initialize <*aes_ctx> AES cipher context with <key> as key for encryption */
-int quic_tls_enc_aes_ctx_init(EVP_CIPHER_CTX **aes_ctx,
-                              const EVP_CIPHER *aes, unsigned char *key)
+/* Initialize <*hp_ctx> cipher context with <key> as key for header protection encryption */
+int quic_tls_enc_hp_ctx_init(EVP_CIPHER_CTX **hp_ctx,
+                              const EVP_CIPHER *hp, unsigned char *key)
 {
 	EVP_CIPHER_CTX *ctx;
 
@@ -603,10 +603,10 @@ int quic_tls_enc_aes_ctx_init(EVP_CIPHER_CTX **aes_ctx,
 	if (!ctx)
 		return 0;
 
-	if (!EVP_EncryptInit_ex(ctx, aes, NULL, key, NULL))
+	if (!EVP_EncryptInit_ex(ctx, hp, NULL, key, NULL))
 		goto err;
 
-	*aes_ctx = ctx;
+	*hp_ctx = ctx;
 	return 1;
 
  err:
@@ -614,12 +614,12 @@ int quic_tls_enc_aes_ctx_init(EVP_CIPHER_CTX **aes_ctx,
 	return 0;
 }
 
-/* Encrypt <inlen> bytes from <in> buffer into <out> with <ctx> as AES
+/* Encrypt <inlen> bytes from <in> buffer into <out> with <ctx> as
  * cipher context. This is the responsibility of the caller to check there
  * is at least <inlen> bytes of available space in <out> buffer.
  * Return 1 if succeeded, 0 if not.
  */
-int quic_tls_aes_encrypt(unsigned char *out,
+int quic_tls_hp_encrypt(unsigned char *out,
                          const unsigned char *in, size_t inlen,
                          EVP_CIPHER_CTX *ctx)
 {
@@ -633,9 +633,9 @@ int quic_tls_aes_encrypt(unsigned char *out,
 	return 1;
 }
 
-/* Initialize <*aes_ctx> AES cipher context with <key> as key for decryption */
-int quic_tls_dec_aes_ctx_init(EVP_CIPHER_CTX **aes_ctx,
-                              const EVP_CIPHER *aes, unsigned char *key)
+/* Initialize <*hp_ctx> cipher context with <key> as key for header protection decryption */
+int quic_tls_dec_hp_ctx_init(EVP_CIPHER_CTX **hp_ctx,
+                              const EVP_CIPHER *hp, unsigned char *key)
 {
 	EVP_CIPHER_CTX *ctx;
 
@@ -643,10 +643,10 @@ int quic_tls_dec_aes_ctx_init(EVP_CIPHER_CTX **aes_ctx,
 	if (!ctx)
 		return 0;
 
-	if (!EVP_DecryptInit_ex(ctx, aes, NULL, key, NULL))
+	if (!EVP_DecryptInit_ex(ctx, hp, NULL, key, NULL))
 		goto err;
 
-	*aes_ctx = ctx;
+	*hp_ctx = ctx;
 	return 1;
 
  err:
@@ -654,12 +654,12 @@ int quic_tls_dec_aes_ctx_init(EVP_CIPHER_CTX **aes_ctx,
 	return 0;
 }
 
-/* Decrypt <in> data into <out> with <ctx> as AES cipher context.
+/* Decrypt <in> data into <out> with <ctx> as cipher context.
  * This is the responsibility of the caller to check there is at least
  * <outlen> bytes into <in> buffer.
  * Return 1 if succeeded, 0 if not.
  */
-int quic_tls_aes_decrypt(unsigned char *out,
+int quic_tls_hp_decrypt(unsigned char *out,
                          const unsigned char *in, size_t inlen,
                          EVP_CIPHER_CTX *ctx)
 {
diff --git a/src/quic_tx.c b/src/quic_tx.c
index 37ff14fea4..550ac1bb94 100644
--- a/src/quic_tx.c
+++ b/src/quic_tx.c
@@ -1471,13 +1471,13 @@ void quic_apply_header_protection(struct quic_conn *qc, unsigned char *pos,
 	 * and at most 4 bytes for the packet number
 	 */
 	unsigned char mask[5] = {0};
-	EVP_CIPHER_CTX *aes_ctx = tls_ctx->tx.hp_ctx;
+	EVP_CIPHER_CTX *hp_ctx = tls_ctx->tx.hp_ctx;
 
 	TRACE_ENTER(QUIC_EV_CONN_TXPKT, qc);
 
 	*fail = 0;
 
-	if (!quic_tls_aes_encrypt(mask, pn + QUIC_PACKET_PN_MAXLEN, sizeof mask, aes_ctx)) {
+	if (!quic_tls_hp_encrypt(mask, pn + QUIC_PACKET_PN_MAXLEN, sizeof mask, hp_ctx)) {
 		TRACE_ERROR("could not apply header protection", QUIC_EV_CONN_TXPKT, qc);
 		*fail = 1;
 		goto out;