if (rv == QUIC_PACKET_TYPE_RECEIVE)
{
pctx->ptype = QUIC_PACKET_TYPE_RECEIVE;
- quic_ctx_t *qctx = quic_ctx_get (pctx->ctx_index, thread_index);
- quic_crypto_decrypt_packet (qctx, pctx);
+ if (quic_main.vnet_crypto_enabled)
+ {
+ quic_ctx_t *qctx = quic_ctx_get (pctx->ctx_index, thread_index);
+ quic_crypto_decrypt_packet (qctx, pctx);
+ }
return 0;
}
else if (rv == QUIC_PACKET_TYPE_MIGRATE)
qm->default_crypto_engine = CRYPTO_ENGINE_VPP;
qm->max_packets_per_key = DEFAULT_MAX_PACKETS_PER_KEY;
clib_rwlock_init (&qm->crypto_keys_quic_rw_lock);
+
+ vnet_crypto_main_t *cm = &crypto_main;
+ if (vec_len (cm->engines) == 0)
+ qm->vnet_crypto_enabled = 0;
+ else
+ qm->vnet_crypto_enabled = 1;
+
vec_free (a->name);
return 0;
}
assert (0);
}
- ctx->super.do_decrypt = quic_crypto_aead_decrypt;
+ if (quic_main.vnet_crypto_enabled)
+ {
+ ctx->super.do_decrypt = quic_crypto_aead_decrypt;
- ctx->super.do_encrypt_init = quic_crypto_aead_encrypt_init;
- ctx->super.do_encrypt_update = quic_crypto_aead_encrypt_update;
- ctx->super.do_encrypt_final = quic_crypto_aead_encrypt_final;
- ctx->super.dispose_crypto = quic_crypto_aead_dispose_crypto;
+ ctx->super.do_encrypt_init = quic_crypto_aead_encrypt_init;
+ ctx->super.do_encrypt_update = quic_crypto_aead_encrypt_update;
+ ctx->super.do_encrypt_final = quic_crypto_aead_encrypt_final;
+ ctx->super.dispose_crypto = quic_crypto_aead_dispose_crypto;
- clib_rwlock_writer_lock (&quic_main.crypto_keys_quic_rw_lock);
- ctx->key_index = vnet_crypto_key_add (vm, algo,
- (u8 *) key, _ctx->algo->key_size);
- clib_rwlock_writer_unlock (&quic_main.crypto_keys_quic_rw_lock);
+ clib_rwlock_writer_lock (&quic_main.crypto_keys_quic_rw_lock);
+ ctx->key_index = vnet_crypto_key_add (vm, algo,
+ (u8 *) key, _ctx->algo->key_size);
+ clib_rwlock_writer_unlock (&quic_main.crypto_keys_quic_rw_lock);
+ }
+ else
+ {
+ if (!strcmp (ctx->super.algo->name, "AES128-GCM"))
+ ptls_openssl_aes128gcm.setup_crypto (_ctx, is_enc, key);
+ else if (!strcmp (ctx->super.algo->name, "AES256-GCM"))
+ ptls_openssl_aes256gcm.setup_crypto (_ctx, is_enc, key);
+ }
return 0;
}