revert exposure of one function in #584; it is no longer needed

h2o · Jun 4, 2024 · 9e0ded8 · 9e0ded8
1 parent 467a28c
commit 9e0ded8
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 33 deletions.
diff --git a/include/quicly.h b/include/quicly.h
@@ -279,11 +279,6 @@ typedef struct st_quicly_salt_t {
     } retry;
 } quicly_salt_t;
 
-typedef struct st_quicly_cipher_context_t {
-    ptls_aead_context_t *aead;
-    ptls_cipher_context_t *header_protection;
-} quicly_cipher_context_t;
-
 struct st_quicly_context_t {
     /**
      * tls context to use
@@ -1183,12 +1178,6 @@ const quicly_salt_t *quicly_get_salt(uint32_t protocol_version);
  */
 int quicly_calc_initial_keys(ptls_cipher_suite_t *cs, uint8_t *ingress, uint8_t *egress, ptls_iovec_t cid, int is_client,
                              ptls_iovec_t salt);
-/**
- * initializes the cipher contexts given cid and salt
- * @param conn maybe NULL when called by quicly_accept; if so, the default crypto engine will be used
- */
-int quicly_setup_initial_encryption(ptls_cipher_suite_t *cs, quicly_cipher_context_t *ingress, quicly_cipher_context_t *egress,
-                                    ptls_iovec_t cid, int is_client, ptls_iovec_t salt, quicly_conn_t *conn);
 /**
  *
  */

diff --git a/lib/quicly.c b/lib/quicly.c
@@ -108,6 +108,11 @@ KHASH_MAP_INIT_INT64(quicly_stream_t, quicly_stream_t *)
         quicly_escape_unsafe_string(alloca(_l * 4 + 1), (s), _l);                                                                  \
     })
 
+struct st_quicly_cipher_context_t {
+    ptls_aead_context_t *aead;
+    ptls_cipher_context_t *header_protection;
+};
+
 struct st_quicly_pn_space_t {
     /**
      * acks to be sent to remote peer
@@ -142,8 +147,8 @@ struct st_quicly_pn_space_t {
 struct st_quicly_handshake_space_t {
     struct st_quicly_pn_space_t super;
     struct {
-        quicly_cipher_context_t ingress;
-        quicly_cipher_context_t egress;
+        struct st_quicly_cipher_context_t ingress;
+        struct st_quicly_cipher_context_t egress;
     } cipher;
     uint16_t largest_ingress_udp_payload_size;
 };
@@ -163,7 +168,7 @@ struct st_quicly_application_space_t {
             } key_phase;
         } ingress;
         struct {
-            quicly_cipher_context_t key;
+            struct st_quicly_cipher_context_t key;
             uint8_t secret[PTLS_MAX_DIGEST_SIZE];
             uint64_t key_phase;
             struct {
@@ -638,7 +643,7 @@ static ptls_aead_context_t *create_retry_aead(quicly_context_t *ctx, uint32_t pr
     return aead;
 }
 
-static void dispose_cipher(quicly_cipher_context_t *ctx)
+static void dispose_cipher(struct st_quicly_cipher_context_t *ctx)
 {
     ptls_aead_free(ctx->aead);
     ptls_cipher_free(ctx->header_protection);
@@ -1088,7 +1093,7 @@ static void crypto_handshake(quicly_conn_t *conn, size_t in_epoch, ptls_iovec_t
         assert(quicly_is_client(conn));
         if (conn->crypto.handshake_properties.client.early_data_acceptance == PTLS_EARLY_DATA_REJECTED) {
             dispose_cipher(&conn->application->cipher.egress.key);
-            conn->application->cipher.egress.key = (quicly_cipher_context_t){NULL};
+            conn->application->cipher.egress.key = (struct st_quicly_cipher_context_t){NULL};
             /* retire all packets with ack_epoch == 3; they are all 0-RTT packets */
             int ret;
             if ((ret = discard_sentmap_by_epoch(conn, 1u << QUICLY_EPOCH_1RTT)) != 0) {
@@ -2056,8 +2061,9 @@ int quicly_calc_initial_keys(ptls_cipher_suite_t *cs, uint8_t *ingress, uint8_t
 /**
  * @param conn maybe NULL when called by quicly_accept
  */
-int quicly_setup_initial_encryption(ptls_cipher_suite_t *cs, quicly_cipher_context_t *ingress, quicly_cipher_context_t *egress,
-                                    ptls_iovec_t cid, int is_client, ptls_iovec_t salt, quicly_conn_t *conn)
+static int setup_initial_encryption(ptls_cipher_suite_t *cs, struct st_quicly_cipher_context_t *ingress,
+                                    struct st_quicly_cipher_context_t *egress, ptls_iovec_t cid, int is_client, ptls_iovec_t salt,
+                                    quicly_conn_t *conn)
 {
     struct {
         uint8_t ingress[PTLS_MAX_DIGEST_SIZE];
@@ -2094,7 +2100,7 @@ static int reinstall_initial_encryption(quicly_conn_t *conn, int err_code_if_unk
     dispose_cipher(&conn->initial->cipher.egress);
 
     /* setup encryption context */
-    return quicly_setup_initial_encryption(
+    return setup_initial_encryption(
         get_aes128gcmsha256(conn->super.ctx), &conn->initial->cipher.ingress, &conn->initial->cipher.egress,
         ptls_iovec_init(conn->super.remote.cid_set.cids[0].cid.cid, conn->super.remote.cid_set.cids[0].cid.len), 1,
         ptls_iovec_init(salt->initial, sizeof(salt->initial)), NULL);
@@ -2719,9 +2725,9 @@ int quicly_connect(quicly_conn_t **_conn, quicly_context_t *ctx, const char *ser
 
     if ((ret = setup_handshake_space_and_flow(conn, QUICLY_EPOCH_INITIAL)) != 0)
         goto Exit;
-    if ((ret = quicly_setup_initial_encryption(get_aes128gcmsha256(ctx), &conn->initial->cipher.ingress,
-                                               &conn->initial->cipher.egress, ptls_iovec_init(server_cid->cid, server_cid->len), 1,
-                                               ptls_iovec_init(salt->initial, sizeof(salt->initial)), conn)) != 0)
+    if ((ret = setup_initial_encryption(get_aes128gcmsha256(ctx), &conn->initial->cipher.ingress, &conn->initial->cipher.egress,
+                                        ptls_iovec_init(server_cid->cid, server_cid->len), 1,
+                                        ptls_iovec_init(salt->initial, sizeof(salt->initial)), conn)) != 0)
         goto Exit;
 
     /* handshake (we always encode authentication CIDs, as we do not (yet) regenerate ClientHello when receiving Retry) */
@@ -3526,14 +3532,14 @@ struct st_quicly_send_context_t {
      * current encryption context
      */
     struct {
-        quicly_cipher_context_t *cipher;
+        struct st_quicly_cipher_context_t *cipher;
         uint8_t first_byte;
     } current;
     /**
      * packet under construction
      */
     struct {
-        quicly_cipher_context_t *cipher;
+        struct st_quicly_cipher_context_t *cipher;
         /**
          * points to the first byte of the target QUIC packet. It will not point to packet->octets.base[0] when the datagram
          * contains multiple QUIC packet.
@@ -5593,14 +5599,14 @@ uint8_t quicly_send_get_ecn_bits(quicly_conn_t *conn)
 size_t quicly_send_close_invalid_token(quicly_context_t *ctx, uint32_t protocol_version, ptls_iovec_t dest_cid,
                                        ptls_iovec_t src_cid, const char *err_desc, void *datagram)
 {
-    quicly_cipher_context_t egress = {};
+    struct st_quicly_cipher_context_t egress = {};
     const quicly_salt_t *salt;
 
     /* setup keys */
     if ((salt = quicly_get_salt(protocol_version)) == NULL)
         return SIZE_MAX;
-    if (quicly_setup_initial_encryption(get_aes128gcmsha256(ctx), NULL, &egress, src_cid, 0,
-                                        ptls_iovec_init(salt->initial, sizeof(salt->initial)), NULL) != 0)
+    if (setup_initial_encryption(get_aes128gcmsha256(ctx), NULL, &egress, src_cid, 0,
+                                 ptls_iovec_init(salt->initial, sizeof(salt->initial)), NULL) != 0)
         return SIZE_MAX;
 
     uint8_t *dst = datagram, *length_at;
@@ -6813,7 +6819,7 @@ int quicly_accept(quicly_conn_t **conn, quicly_context_t *ctx, struct sockaddr *
 {
     const quicly_salt_t *salt;
     struct {
-        quicly_cipher_context_t ingress, egress;
+        struct st_quicly_cipher_context_t ingress, egress;
         int alive;
     } cipher = {};
     ptls_iovec_t payload;
@@ -6839,9 +6845,8 @@ int quicly_accept(quicly_conn_t **conn, quicly_context_t *ctx, struct sockaddr *
         ret = QUICLY_TRANSPORT_ERROR_PROTOCOL_VIOLATION;
         goto Exit;
     }
-    if ((ret =
-             quicly_setup_initial_encryption(get_aes128gcmsha256(ctx), &cipher.ingress, &cipher.egress, packet->cid.dest.encrypted,
-                                             0, ptls_iovec_init(salt->initial, sizeof(salt->initial)), NULL)) != 0)
+    if ((ret = setup_initial_encryption(get_aes128gcmsha256(ctx), &cipher.ingress, &cipher.egress, packet->cid.dest.encrypted, 0,
+                                        ptls_iovec_init(salt->initial, sizeof(salt->initial)), NULL)) != 0)
         goto Exit;
     cipher.alive = 1;
     next_expected_pn = 0; /* is this correct? do we need to take care of underflow? */

diff --git a/t/test.c b/t/test.c
@@ -306,8 +306,8 @@ static void test_vector(void)
 
     /* decrypt */
     const quicly_salt_t *salt = quicly_get_salt(QUICLY_PROTOCOL_VERSION_DRAFT29);
-    ret = quicly_setup_initial_encryption(&ptls_openssl_aes128gcmsha256, &ingress, &egress, packet.cid.dest.encrypted, 0,
-                                          ptls_iovec_init(salt->initial, sizeof(salt->initial)), NULL);
+    ret = setup_initial_encryption(&ptls_openssl_aes128gcmsha256, &ingress, &egress, packet.cid.dest.encrypted, 0,
+                                   ptls_iovec_init(salt->initial, sizeof(salt->initial)), NULL);
     ok(ret == 0);
     ok(decrypt_packet(ingress.header_protection, aead_decrypt_fixed_key, ingress.aead, &next_expected_pn, &packet, &pn, &payload) ==
        0);