MINOR: quic: rename confusing wording aes to hp

Some of the crypto functions used for headers protection in QUIC are
named with an "aes" name even thought they are not used for AES
encryption only.

This patch renames these "aes" to "hp" so it is clearer.

diff --git a/include/haproxy/quic_tls.h b/include/haproxy/quic_tls.h
index 69194148d15e20cbf2a8c955ca6ba16451bf949f..3b0a40970a3d0b0bf523409a7b8f4a78afcf023c 100644 (file)
--- a/include/haproxy/quic_tls.h
+++ b/include/haproxy/quic_tls.h
@@ -119,14 +119,14 @@ void quic_aead_iv_build(unsigned char *iv, size_t ivlen,
                         unsigned char *aead_iv, size_t aead_ivlen, uint64_t pn);
 
 /* HP protection (AES) */
-int quic_tls_dec_aes_ctx_init(EVP_CIPHER_CTX **aes_ctx,
+int quic_tls_dec_hp_ctx_init(EVP_CIPHER_CTX **aes_ctx,
                               const EVP_CIPHER *aes, unsigned char *key);
-int quic_tls_enc_aes_ctx_init(EVP_CIPHER_CTX **aes_ctx,
+int quic_tls_enc_hp_ctx_init(EVP_CIPHER_CTX **aes_ctx,
                               const EVP_CIPHER *aes, unsigned char *key);
-int quic_tls_aes_decrypt(unsigned char *out,
+int quic_tls_hp_decrypt(unsigned char *out,
                          const unsigned char *in, size_t inlen,
                          EVP_CIPHER_CTX *ctx);
-int quic_tls_aes_encrypt(unsigned char *out,
+int quic_tls_hp_encrypt(unsigned char *out,
                          const unsigned char *in, size_t inlen,
                          EVP_CIPHER_CTX *ctx);
 
@@ -959,7 +959,7 @@ static inline int qc_new_isecs(struct quic_conn *qc,
        if (!quic_tls_rx_ctx_init(&rx_ctx->ctx, rx_ctx->aead, rx_ctx->key))
                goto err;
 
-       if (!quic_tls_enc_aes_ctx_init(&rx_ctx->hp_ctx, rx_ctx->hp, rx_ctx->hp_key))
+       if (!quic_tls_enc_hp_ctx_init(&rx_ctx->hp_ctx, rx_ctx->hp, rx_ctx->hp_key))
                goto err;
 
        if (!quic_tls_derive_keys(ctx->tx.aead, ctx->tx.hp, ctx->tx.md, ver,
@@ -972,7 +972,7 @@ static inline int qc_new_isecs(struct quic_conn *qc,
        if (!quic_tls_tx_ctx_init(&tx_ctx->ctx, tx_ctx->aead, tx_ctx->key))
                goto err;
 
-       if (!quic_tls_enc_aes_ctx_init(&tx_ctx->hp_ctx, tx_ctx->hp, tx_ctx->hp_key))
+       if (!quic_tls_enc_hp_ctx_init(&tx_ctx->hp_ctx, tx_ctx->hp, tx_ctx->hp_key))
                goto err;
 
        TRACE_LEAVE(QUIC_EV_CONN_ISEC, qc, rx_init_sec, tx_init_sec);

diff --git a/src/quic_rx.c b/src/quic_rx.c
index 083454272c8a869b86e3d72e1bc6dd66758473fd..462f996d00f41c8c7129cf7a443ab1db3f562657 100644 (file)
--- a/src/quic_rx.c
+++ b/src/quic_rx.c
@@ -91,7 +91,7 @@ static int qc_do_rm_hp(struct quic_conn *qc,
 
        sample = pn + QUIC_PACKET_PN_MAXLEN;
 
-       if (!quic_tls_aes_decrypt(mask, sample, sizeof mask, tls_ctx->rx.hp_ctx)) {
+       if (!quic_tls_hp_decrypt(mask, sample, sizeof mask, tls_ctx->rx.hp_ctx)) {
                TRACE_ERROR("HP removing failed", QUIC_EV_CONN_RMHP, qc, pkt);
                goto leave;
        }

diff --git a/src/quic_ssl.c b/src/quic_ssl.c
index 0b27c7403b81a43feebfd2d456267ecee74eac24..79c56d3bbca570175d77b0ecbbff7cf1ca7629be 100644 (file)
--- a/src/quic_ssl.c
+++ b/src/quic_ssl.c
@@ -217,7 +217,7 @@ static int ha_quic_set_encryption_secrets(SSL *ssl, enum ssl_encryption_level_t
                goto leave;
        }
 
-       if (!quic_tls_dec_aes_ctx_init(&rx->hp_ctx, rx->hp, rx->hp_key)) {
+       if (!quic_tls_dec_hp_ctx_init(&rx->hp_ctx, rx->hp, rx->hp_key)) {
                TRACE_ERROR("could not initial RX TLS cipher context for HP", QUIC_EV_CONN_RWSEC, qc);
                goto leave;
        }
@@ -260,7 +260,7 @@ write:
                goto leave;
        }
 
-       if (!quic_tls_enc_aes_ctx_init(&tx->hp_ctx, tx->hp, tx->hp_key)) {
+       if (!quic_tls_enc_hp_ctx_init(&tx->hp_ctx, tx->hp, tx->hp_key)) {
                TRACE_ERROR("could not initial TX TLS cipher context for HP", QUIC_EV_CONN_RWSEC, qc);
                goto leave;
        }

diff --git a/src/quic_tls.c b/src/quic_tls.c
index 94d9e7f82ba7632d1a99a3fea91c4b0d3babc654..29fa7347714acc53421aaed8f64ec7202cfeb369 100644 (file)
--- a/src/quic_tls.c
+++ b/src/quic_tls.c
@@ -593,9 +593,9 @@ int quic_tls_rx_ctx_init(QUIC_AEAD_CTX **rx_ctx,
        return 0;
 }
 
-/* Initialize <*aes_ctx> AES cipher context with <key> as key for encryption */
-int quic_tls_enc_aes_ctx_init(EVP_CIPHER_CTX **aes_ctx,
-                              const EVP_CIPHER *aes, unsigned char *key)
+/* Initialize <*hp_ctx> cipher context with <key> as key for header protection encryption */
+int quic_tls_enc_hp_ctx_init(EVP_CIPHER_CTX **hp_ctx,
+                              const EVP_CIPHER *hp, unsigned char *key)
 {
        EVP_CIPHER_CTX *ctx;
 
@@ -603,10 +603,10 @@ int quic_tls_enc_aes_ctx_init(EVP_CIPHER_CTX **aes_ctx,
        if (!ctx)
                return 0;
 
-       if (!EVP_EncryptInit_ex(ctx, aes, NULL, key, NULL))
+       if (!EVP_EncryptInit_ex(ctx, hp, NULL, key, NULL))
                goto err;
 
-       *aes_ctx = ctx;
+       *hp_ctx = ctx;
        return 1;
 
  err:
@@ -614,12 +614,12 @@ int quic_tls_enc_aes_ctx_init(EVP_CIPHER_CTX **aes_ctx,
        return 0;
 }
 
-/* Encrypt <inlen> bytes from <in> buffer into <out> with <ctx> as AES
+/* Encrypt <inlen> bytes from <in> buffer into <out> with <ctx> as
  * cipher context. This is the responsibility of the caller to check there
  * is at least <inlen> bytes of available space in <out> buffer.
  * Return 1 if succeeded, 0 if not.
  */
-int quic_tls_aes_encrypt(unsigned char *out,
+int quic_tls_hp_encrypt(unsigned char *out,
                          const unsigned char *in, size_t inlen,
                          EVP_CIPHER_CTX *ctx)
 {
@@ -633,9 +633,9 @@ int quic_tls_aes_encrypt(unsigned char *out,
        return 1;
 }
 
-/* Initialize <*aes_ctx> AES cipher context with <key> as key for decryption */
-int quic_tls_dec_aes_ctx_init(EVP_CIPHER_CTX **aes_ctx,
-                              const EVP_CIPHER *aes, unsigned char *key)
+/* Initialize <*hp_ctx> cipher context with <key> as key for header protection decryption */
+int quic_tls_dec_hp_ctx_init(EVP_CIPHER_CTX **hp_ctx,
+                              const EVP_CIPHER *hp, unsigned char *key)
 {
        EVP_CIPHER_CTX *ctx;
 
@@ -643,10 +643,10 @@ int quic_tls_dec_aes_ctx_init(EVP_CIPHER_CTX **aes_ctx,
        if (!ctx)
                return 0;
 
-       if (!EVP_DecryptInit_ex(ctx, aes, NULL, key, NULL))
+       if (!EVP_DecryptInit_ex(ctx, hp, NULL, key, NULL))
                goto err;
 
-       *aes_ctx = ctx;
+       *hp_ctx = ctx;
        return 1;
 
  err:
@@ -654,12 +654,12 @@ int quic_tls_dec_aes_ctx_init(EVP_CIPHER_CTX **aes_ctx,
        return 0;
 }
 
-/* Decrypt <in> data into <out> with <ctx> as AES cipher context.
+/* Decrypt <in> data into <out> with <ctx> as cipher context.
  * This is the responsibility of the caller to check there is at least
  * <outlen> bytes into <in> buffer.
  * Return 1 if succeeded, 0 if not.
  */
-int quic_tls_aes_decrypt(unsigned char *out,
+int quic_tls_hp_decrypt(unsigned char *out,
                          const unsigned char *in, size_t inlen,
                          EVP_CIPHER_CTX *ctx)
 {

diff --git a/src/quic_tx.c b/src/quic_tx.c
index 37ff14fea405fe6443fd2b1b5fed3f2041d764ec..550ac1bb942dbce494e90deba4faa59bb06db0dd 100644 (file)
--- a/src/quic_tx.c
+++ b/src/quic_tx.c
@@ -1471,13 +1471,13 @@ void quic_apply_header_protection(struct quic_conn *qc, unsigned char *pos,
         * and at most 4 bytes for the packet number
         */
        unsigned char mask[5] = {0};
-       EVP_CIPHER_CTX *aes_ctx = tls_ctx->tx.hp_ctx;
+       EVP_CIPHER_CTX *hp_ctx = tls_ctx->tx.hp_ctx;
 
        TRACE_ENTER(QUIC_EV_CONN_TXPKT, qc);
 
        *fail = 0;
 
-       if (!quic_tls_aes_encrypt(mask, pn + QUIC_PACKET_PN_MAXLEN, sizeof mask, aes_ctx)) {
+       if (!quic_tls_hp_encrypt(mask, pn + QUIC_PACKET_PN_MAXLEN, sizeof mask, hp_ctx)) {
                TRACE_ERROR("could not apply header protection", QUIC_EV_CONN_TXPKT, qc);
                *fail = 1;
                goto out;