uint8_t hpkey[PTLS_MAX_SECRET_SIZE];
int ret;
- if (hp_ctx != NULL)
- *hp_ctx = NULL;
*aead_ctx = NULL;
-
/* generate new header protection key */
if (hp_ctx != NULL)
{
- if ((ret =
- ptls_hkdf_expand_label (hash, hpkey, aead->ctr_cipher->key_size,
- ptls_iovec_init (secret,
- hash->digest_size),
- "quic hp", ptls_iovec_init (NULL, 0),
- NULL)) != 0)
+ *hp_ctx = NULL;
+ ret = ptls_hkdf_expand_label (hash, hpkey, aead->ctr_cipher->key_size,
+ ptls_iovec_init (secret,
+ hash->digest_size),
+ "quic hp", ptls_iovec_init (NULL, 0),
+ NULL);
+ if (ret)
goto Exit;
- if ((*hp_ctx =
- ptls_cipher_new (aead->ctr_cipher, is_enc, hpkey)) == NULL)
+ *hp_ctx = ptls_cipher_new (aead->ctr_cipher, is_enc, hpkey);
+ if (NULL == *hp_ctx)
{
ret = PTLS_ERROR_NO_MEMORY;
goto Exit;
}
/* generate new AEAD context */
- if ((*aead_ctx =
- ptls_aead_new (aead, hash, is_enc, secret,
- QUICLY_AEAD_BASE_LABEL)) == NULL)
+ *aead_ctx = ptls_aead_new (aead, hash, is_enc, secret,
+ QUICLY_AEAD_BASE_LABEL);
+ if (NULL == *aead_ctx)
{
ret = PTLS_ERROR_NO_MEMORY;
goto Exit;
{
quic_ctx_t *qctx = quic_get_conn_ctx (conn);
if (qctx->ingress_keys.aead_ctx != NULL)
- {
- qctx->key_phase_ingress++;
- }
+ qctx->key_phase_ingress++;
qctx->ingress_keys.aead_ctx = *aead_ctx;
if (hp_ctx != NULL)
ret = 0;
Exit:
- if (ret != 0)
+ if (ret)
{
if (*aead_ctx != NULL)
{
ptls_aead_free (*aead_ctx);
*aead_ctx = NULL;
}
- if (*hp_ctx != NULL)
+ if (hp_ctx && *hp_ctx != NULL)
{
ptls_cipher_free (*hp_ctx);
*hp_ctx = NULL;
assert (0);
}
- ctx->super.do_decrypt = quic_crypto_aead_decrypt;
+ if (quic_main.vnet_crypto_enabled)
+ {
+ ctx->super.do_decrypt = quic_crypto_aead_decrypt;
- ctx->super.do_encrypt_init = quic_crypto_aead_encrypt_init;
- ctx->super.do_encrypt_update = quic_crypto_aead_encrypt_update;
- ctx->super.do_encrypt_final = quic_crypto_aead_encrypt_final;
- ctx->super.dispose_crypto = quic_crypto_aead_dispose_crypto;
+ ctx->super.do_encrypt_init = quic_crypto_aead_encrypt_init;
+ ctx->super.do_encrypt_update = quic_crypto_aead_encrypt_update;
+ ctx->super.do_encrypt_final = quic_crypto_aead_encrypt_final;
+ ctx->super.dispose_crypto = quic_crypto_aead_dispose_crypto;
- clib_rwlock_writer_lock (&quic_main.crypto_keys_quic_rw_lock);
- ctx->key_index = vnet_crypto_key_add (vm, algo,
- (u8 *) key, _ctx->algo->key_size);
- clib_rwlock_writer_unlock (&quic_main.crypto_keys_quic_rw_lock);
+ clib_rwlock_writer_lock (&quic_main.crypto_keys_quic_rw_lock);
+ ctx->key_index = vnet_crypto_key_add (vm, algo,
+ (u8 *) key, _ctx->algo->key_size);
+ clib_rwlock_writer_unlock (&quic_main.crypto_keys_quic_rw_lock);
+ }
+ else
+ {
+ if (!strcmp (ctx->super.algo->name, "AES128-GCM"))
+ ptls_openssl_aes128gcm.setup_crypto (_ctx, is_enc, key);
+ else if (!strcmp (ctx->super.algo->name, "AES256-GCM"))
+ ptls_openssl_aes256gcm.setup_crypto (_ctx, is_enc, key);
+ }
return 0;
}