return aead_tag_length(ctx);
}
-ssize_t Curl_qc_encrypt(uint8_t *dest, size_t destlen,
- const uint8_t *plaintext, size_t plaintextlen,
- const struct Context *ctx,
- const uint8_t *key, size_t keylen,
- const uint8_t *nonce, size_t noncelen,
- const uint8_t *ad, size_t adlen)
+int Curl_qc_encrypt(uint8_t *dest,
+ const uint8_t *plaintext, size_t plaintextlen,
+ const struct Context *ctx,
+ const uint8_t *key,
+ const uint8_t *nonce, size_t noncelen,
+ const uint8_t *ad, size_t adlen)
{
size_t taglen = aead_tag_length(ctx);
EVP_CIPHER_CTX *actx;
- size_t outlen = 0;
+ int outlen = 0;
int len;
- (void)keylen;
-
- if(destlen < plaintextlen + taglen) {
- return -1;
- }
actx = EVP_CIPHER_CTX_new();
if(!actx)
if(EVP_EncryptFinal_ex(actx, dest + outlen, &len) != 1)
goto error;
- outlen += len;
- assert(outlen + taglen <= destlen);
-
if(EVP_CIPHER_CTX_ctrl(actx, EVP_CTRL_AEAD_GET_TAG,
(int)taglen, dest + outlen) != 1)
goto error;
- outlen += taglen;
-
EVP_CIPHER_CTX_free(actx);
- return outlen;
+ return 0;
error:
EVP_CIPHER_CTX_free(actx);
return -1;
}
-ssize_t Curl_qc_decrypt(uint8_t *dest, size_t destlen,
- const uint8_t *ciphertext, size_t ciphertextlen,
- const struct Context *ctx,
- const uint8_t *key, size_t keylen,
- const uint8_t *nonce, size_t noncelen,
- const uint8_t *ad, size_t adlen)
+int Curl_qc_decrypt(uint8_t *dest,
+ const uint8_t *ciphertext, size_t ciphertextlen,
+ const struct Context *ctx,
+ const uint8_t *key,
+ const uint8_t *nonce, size_t noncelen,
+ const uint8_t *ad, size_t adlen)
{
size_t taglen = aead_tag_length(ctx);
const uint8_t *tag;
EVP_CIPHER_CTX *actx;
- size_t outlen;
+ int outlen;
int len;
- (void)keylen;
- if(taglen > ciphertextlen || destlen + taglen < ciphertextlen) {
+ if(taglen > ciphertextlen)
return -1;
- }
ciphertextlen -= taglen;
tag = ciphertext + ciphertextlen;
outlen = len;
if(ctx->aead == EVP_aes_128_ccm())
- return outlen;
+ return 0;
if(EVP_CIPHER_CTX_ctrl(actx, EVP_CTRL_AEAD_SET_TAG,
(int)taglen, (char *)tag) != 1)
if(EVP_DecryptFinal_ex(actx, dest + outlen, &len) != 1)
goto error;
- outlen += len;
-
EVP_CIPHER_CTX_free(actx);
- return outlen;
+ return 0;
error:
EVP_CIPHER_CTX_free(actx);
return -1;
return keylen;
}
-ssize_t Curl_qc_hp_mask(uint8_t *dest, size_t destlen,
- const struct Context *ctx,
- const uint8_t *key, size_t keylen,
- const uint8_t *sample, size_t samplelen)
+int Curl_qc_hp_mask(uint8_t *dest, const struct Context *ctx,
+ const uint8_t *key, const uint8_t *sample)
{
static uint8_t PLAINTEXT[] = "\x00\x00\x00\x00\x00";
EVP_CIPHER_CTX *actx;
- size_t outlen = 0;
+ int outlen = 0;
int len;
- (void)destlen; /* TODO: make use of these! */
- (void)keylen;
- (void)samplelen;
-
actx = EVP_CIPHER_CTX_new();
if(!actx)
return -1;
DEBUGASSERT(len == 0);
- return outlen;
+ return 0;
error:
EVP_CIPHER_CTX_free(actx);
return -1;
int Curl_qc_negotiated_prf(struct Context *ctx, SSL *ssl);
int Curl_qc_negotiated_aead(struct Context *ctx, SSL *ssl);
size_t Curl_qc_aead_max_overhead(const struct Context *ctx);
-ssize_t Curl_qc_encrypt(uint8_t *dest, size_t destlen,
- const uint8_t *plaintext, size_t plaintextlen,
- const struct Context *ctx,
- const uint8_t *key, size_t keylen,
- const uint8_t *nonce, size_t noncelen,
- const uint8_t *ad, size_t adlen);
-ssize_t Curl_qc_decrypt(uint8_t *dest, size_t destlen,
- const uint8_t *ciphertext, size_t ciphertextlen,
- const struct Context *ctx,
- const uint8_t *key, size_t keylen,
- const uint8_t *nonce, size_t noncelen,
- const uint8_t *ad, size_t adlen);
+int Curl_qc_encrypt(uint8_t *dest,
+ const uint8_t *plaintext, size_t plaintextlen,
+ const struct Context *ctx,
+ const uint8_t *key,
+ const uint8_t *nonce, size_t noncelen,
+ const uint8_t *ad, size_t adlen);
+int Curl_qc_decrypt(uint8_t *dest,
+ const uint8_t *ciphertext, size_t ciphertextlen,
+ const struct Context *ctx,
+ const uint8_t *key,
+ const uint8_t *nonce, size_t noncelen,
+ const uint8_t *ad, size_t adlen);
ssize_t Curl_qc_encrypt_pn(uint8_t *dest, size_t destlen,
const uint8_t *plaintext, size_t plaintextlen,
const struct Context *ctx,
const uint8_t *secret, size_t secretlen,
const struct Context *ctx);
-ssize_t Curl_qc_hp_mask(uint8_t *dest, size_t destlen,
- const struct Context *ctx,
- const uint8_t *key, size_t keylen,
- const uint8_t *sample, size_t samplelen);
+int Curl_qc_hp_mask(uint8_t *dest, const struct Context *ctx,
+ const uint8_t *key, const uint8_t *sample);
#endif /* USE_NGTCP2 */
#endif /* HEADER_CURL_VQUIC_NGTCP2_CRYPTO_H */
return 0;
}
-static ssize_t cb_in_encrypt(ngtcp2_conn *tconn,
- uint8_t *dest, size_t destlen,
- const uint8_t *plaintext,
- size_t plaintextlen,
- const uint8_t *key, size_t keylen,
- const uint8_t *nonce, size_t noncelen,
- const uint8_t *ad, size_t adlen,
- void *user_data)
+static int cb_in_encrypt(ngtcp2_conn *tconn, uint8_t *dest,
+ const uint8_t *plaintext, size_t plaintextlen,
+ const uint8_t *key, const uint8_t *nonce,
+ size_t noncelen, const uint8_t *ad, size_t adlen,
+ void *user_data)
{
struct quicsocket *qs = (struct quicsocket *)user_data;
- ssize_t nwrite = Curl_qc_encrypt(dest, destlen, plaintext, plaintextlen,
- &qs->hs_crypto_ctx,
- key, keylen, nonce, noncelen, ad, adlen);
+ int nwrite = Curl_qc_encrypt(dest, plaintext, plaintextlen,
+ &qs->hs_crypto_ctx,
+ key, nonce, noncelen, ad, adlen);
if(nwrite < 0) {
return NGTCP2_ERR_CALLBACK_FAILURE;
}
return nwrite;
}
-static ssize_t cb_in_decrypt(ngtcp2_conn *tconn,
- uint8_t *dest, size_t destlen,
- const uint8_t *ciphertext, size_t ciphertextlen,
- const uint8_t *key, size_t keylen,
- const uint8_t *nonce, size_t noncelen,
- const uint8_t *ad, size_t adlen,
- void *user_data)
+static int cb_in_decrypt(ngtcp2_conn *tconn, uint8_t *dest,
+ const uint8_t *ciphertext, size_t ciphertextlen,
+ const uint8_t *key, const uint8_t *nonce,
+ size_t noncelen, const uint8_t *ad, size_t adlen,
+ void *user_data)
{
struct quicsocket *qs = (struct quicsocket *)user_data;
(void)tconn;
- return Curl_qc_decrypt(dest, destlen, ciphertext, ciphertextlen,
- &qs->hs_crypto_ctx, key, keylen,
+ return Curl_qc_decrypt(dest, ciphertext, ciphertextlen,
+ &qs->hs_crypto_ctx, key,
nonce, noncelen, ad, adlen);
}
-static ssize_t cb_encrypt_data(ngtcp2_conn *tconn,
- uint8_t *dest, size_t destlen,
- const uint8_t *plaintext, size_t plaintextlen,
- const uint8_t *key, size_t keylen,
- const uint8_t *nonce, size_t noncelen,
- const uint8_t *ad, size_t adlen,
- void *user_data)
+static int cb_encrypt_data(ngtcp2_conn *tconn,
+ uint8_t *dest,
+ const uint8_t *plaintext, size_t plaintextlen,
+ const uint8_t *key,
+ const uint8_t *nonce, size_t noncelen,
+ const uint8_t *ad, size_t adlen,
+ void *user_data)
{
struct quicsocket *qs = (struct quicsocket *)user_data;
- ssize_t rc;
+ int rc;
(void)tconn;
- rc = Curl_qc_encrypt(dest, destlen, plaintext, plaintextlen,
+ rc = Curl_qc_encrypt(dest, plaintext, plaintextlen,
&qs->crypto_ctx,
- key, keylen, nonce, noncelen, ad, adlen);
+ key, nonce, noncelen, ad, adlen);
if(rc < 0)
return NGTCP2_ERR_CALLBACK_FAILURE;
return rc;
}
-static ssize_t
-cb_decrypt_data(ngtcp2_conn *tconn,
- uint8_t *dest, size_t destlen,
- const uint8_t *ciphertext, size_t ciphertextlen,
- const uint8_t *key, size_t keylen,
- const uint8_t *nonce, size_t noncelen,
- const uint8_t *ad, size_t adlen,
- void *user_data)
+static int cb_decrypt_data(ngtcp2_conn *tconn, uint8_t *dest,
+ const uint8_t *ciphertext, size_t ciphertextlen,
+ const uint8_t *key,
+ const uint8_t *nonce, size_t noncelen,
+ const uint8_t *ad, size_t adlen,
+ void *user_data)
{
struct quicsocket *qs = (struct quicsocket *)user_data;
- ssize_t rc;
+ int rc;
(void)tconn;
- rc = Curl_qc_decrypt(dest, destlen, ciphertext, ciphertextlen,
- &qs->crypto_ctx,
- key, keylen, nonce, noncelen, ad, adlen);
+ rc = Curl_qc_decrypt(dest, ciphertext, ciphertextlen,
+ &qs->crypto_ctx, key, nonce, noncelen, ad, adlen);
if(rc < 0)
return NGTCP2_ERR_TLS_DECRYPT;
return rc;
return 0;
}
-static ssize_t cb_in_hp_mask(ngtcp2_conn *tconn, uint8_t *dest, size_t destlen,
- const uint8_t *key, size_t keylen,
- const uint8_t *sample, size_t samplelen,
- void *user_data)
+static int cb_in_hp_mask(ngtcp2_conn *tconn, uint8_t *dest,
+ const uint8_t *key, const uint8_t *sample,
+ void *user_data)
{
struct quicsocket *qs = (struct quicsocket *)user_data;
- ssize_t nwrite;
+ int nwrite;
(void)tconn;
- nwrite = Curl_qc_hp_mask(dest, destlen, &qs->hs_crypto_ctx,
- key, keylen, sample, samplelen);
+ nwrite = Curl_qc_hp_mask(dest, &qs->hs_crypto_ctx, key, sample);
if(nwrite < 0)
return NGTCP2_ERR_CALLBACK_FAILURE;
return nwrite;
}
-static ssize_t cb_hp_mask(ngtcp2_conn *tconn, uint8_t *dest, size_t destlen,
- const uint8_t *key, size_t keylen,
- const uint8_t *sample, size_t samplelen,
- void *user_data)
+static int cb_hp_mask(ngtcp2_conn *tconn, uint8_t *dest,
+ const uint8_t *key, const uint8_t *sample,
+ void *user_data)
{
struct quicsocket *qs = (struct quicsocket *)user_data;
- ssize_t nwrite;
+ int nwrite;
(void)tconn;
- nwrite = Curl_qc_hp_mask(dest, destlen, &qs->crypto_ctx,
- key, keylen, sample, samplelen);
+ nwrite = Curl_qc_hp_mask(dest, &qs->crypto_ctx, key, sample);
if(nwrite < 0)
return NGTCP2_ERR_CALLBACK_FAILURE;
projects / thirdparty / curl.git / commitdiff
