-static size_t
-quic_crypto_offload_aead_decrypt (quic_ctx_t * qctx,
- ptls_aead_context_t * _ctx, void *_output,
- const void *input, size_t inlen,
- uint64_t decrypted_pn, const void *aad,
- size_t aadlen);
-
-vnet_crypto_main_t *cm = &crypto_main;
-
-void
-quic_crypto_batch_tx_packets (quic_crypto_batch_ctx_t * batch_ctx)
-{
- vlib_main_t *vm = vlib_get_main ();
-
- if (batch_ctx->nb_tx_packets <= 0)
- return;
-
- clib_rwlock_reader_lock (&quic_main.crypto_keys_quic_rw_lock);
- vnet_crypto_process_ops (vm, batch_ctx->aead_crypto_tx_packets_ops,
- batch_ctx->nb_tx_packets);
- clib_rwlock_reader_unlock (&quic_main.crypto_keys_quic_rw_lock);
-
- for (int i = 0; i < batch_ctx->nb_tx_packets; i++)
- clib_mem_free (batch_ctx->aead_crypto_tx_packets_ops[i].iv);
-
- batch_ctx->nb_tx_packets = 0;
-}
-
-void
-quic_crypto_batch_rx_packets (quic_crypto_batch_ctx_t * batch_ctx)
-{
- vlib_main_t *vm = vlib_get_main ();
-
- if (batch_ctx->nb_rx_packets <= 0)
- return;
-
- clib_rwlock_reader_lock (&quic_main.crypto_keys_quic_rw_lock);
- vnet_crypto_process_ops (vm, batch_ctx->aead_crypto_rx_packets_ops,
- batch_ctx->nb_rx_packets);
- clib_rwlock_reader_unlock (&quic_main.crypto_keys_quic_rw_lock);
-
- for (int i = 0; i < batch_ctx->nb_rx_packets; i++)
- clib_mem_free (batch_ctx->aead_crypto_rx_packets_ops[i].iv);
-
- batch_ctx->nb_rx_packets = 0;
-}
-
-void
-build_iv (ptls_aead_context_t * ctx, uint8_t * iv, uint64_t seq)
-{
- size_t iv_size = ctx->algo->iv_size, i;
- const uint8_t *s = ctx->static_iv;
- uint8_t *d = iv;
- /* build iv */
- for (i = iv_size - 8; i != 0; --i)
- *d++ = *s++;
- i = 64;
- do
- {
- i -= 8;
- *d++ = *s++ ^ (uint8_t) (seq >> i);
- }
- while (i != 0);
-}
-
-static void
-do_finalize_send_packet (ptls_cipher_context_t * hp,
- quicly_datagram_t * packet,
- size_t first_byte_at, size_t payload_from)
-{
- uint8_t hpmask[1 + QUICLY_SEND_PN_SIZE] = {
- 0
- };
- size_t i;
-
- ptls_cipher_init (hp,
- packet->data.base + payload_from - QUICLY_SEND_PN_SIZE +
- QUICLY_MAX_PN_SIZE);
- ptls_cipher_encrypt (hp, hpmask, hpmask, sizeof (hpmask));
-
- packet->data.base[first_byte_at] ^=
- hpmask[0] &
- (QUICLY_PACKET_IS_LONG_HEADER (packet->data.base[first_byte_at]) ? 0xf :
- 0x1f);
-
- for (i = 0; i != QUICLY_SEND_PN_SIZE; ++i)
- packet->data.base[payload_from + i - QUICLY_SEND_PN_SIZE] ^=
- hpmask[i + 1];
-}
-
-void
-quic_crypto_finalize_send_packet (quicly_datagram_t * packet)
-{
- quic_encrypt_cb_ctx *encrypt_cb_ctx =
- (quic_encrypt_cb_ctx *) ((uint8_t *) packet + sizeof (*packet));
-
- for (int i = 0; i < encrypt_cb_ctx->snd_ctx_count; i++)
- {
- do_finalize_send_packet (encrypt_cb_ctx->snd_ctx[i].hp,
- packet,
- encrypt_cb_ctx->snd_ctx[i].first_byte_at,
- encrypt_cb_ctx->snd_ctx[i].payload_from);
- }
- encrypt_cb_ctx->snd_ctx_count = 0;
-}
-