From 49a399d39ca9e80da313ec8cb8f620ef87f0574c Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Sat, 23 May 2020 09:27:37 +0900
Subject: [PATCH] Hide ngtcp2_crypto_derive_and_install_initial_key

---
 crypto/includes/ngtcp2/ngtcp2_crypto.h | 54 -------------------------
 crypto/shared.h                        | 55 ++++++++++++++++++++++++++
 2 files changed, 55 insertions(+), 54 deletions(-)

diff --git a/crypto/includes/ngtcp2/ngtcp2_crypto.h b/crypto/includes/ngtcp2/ngtcp2_crypto.h
index af2211dc..1beac11c 100644
--- a/crypto/includes/ngtcp2/ngtcp2_crypto.h
+++ b/crypto/includes/ngtcp2/ngtcp2_crypto.h
@@ -365,60 +365,6 @@ NGTCP2_EXTERN int ngtcp2_crypto_derive_and_install_tx_key(
     ngtcp2_conn *conn, uint8_t *key, uint8_t *iv, uint8_t *hp,
     ngtcp2_crypto_level level, const uint8_t *secret, size_t secretlen);
 
-/**
- * @function
- *
- * `ngtcp2_crypto_derive_and_install_initial_key` derives initial
- * keying materials and installs keys to |conn|.
- *
- * If |rx_secret| is not NULL, the secret for decryption is written to
- * the buffer pointed by |rx_secret|.  The length of secret is 32
- * bytes, and |rx_secret| must point to the buffer which has enough
- * capacity.
- *
- * If |tx_secret| is not NULL, the secret for encryption is written to
- * the buffer pointed by |tx_secret|.  The length of secret is 32
- * bytes, and |tx_secret| must point to the buffer which has enough
- * capacity.
- *
- * If |initial_secret| is not NULL, the initial secret is written to
- * the buffer pointed by |initial_secret|.  The length of secret is 32
- * bytes, and |initial_secret| must point to the buffer which has
- * enough capacity.
- *
- * |client_dcid| is the destination connection ID in first Initial
- * packet of client.
- *
- * If |rx_key| is not NULL, the derived packet protection key for
- * decryption is written to the buffer pointed by |rx_key|.  If
- * |rx_iv| is not NULL, the derived packet protection IV for
- * decryption is written to the buffer pointed by |rx_iv|.  If |rx_hp|
- * is not NULL, the derived header protection key for decryption is
- * written to the buffer pointed by |rx_hp|.
- *
- * If |tx_key| is not NULL, the derived packet protection key for
- * encryption is written to the buffer pointed by |tx_key|.  If
- * |tx_iv| is not NULL, the derived packet protection IV for
- * encryption is written to the buffer pointed by |tx_iv|.  If |tx_hp|
- * is not NULL, the derived header protection key for encryption is
- * written to the buffer pointed by |tx_hp|.
- *
- * The length of packet protection key and header protection key is 16
- * bytes long.  The length of packet protection IV is 12 bytes long.
- *
- * This function calls `ngtcp2_conn_set_initial_crypto_ctx` to set
- * initial AEAD and message digest algorithm.  After the successful
- * call of this function, application can use
- * `ngtcp2_conn_get_initial_crypto_ctx` to get the object.
- *
- * This function returns 0 if it succeeds, or -1.
- */
-NGTCP2_EXTERN int ngtcp2_crypto_derive_and_install_initial_key(
-    ngtcp2_conn *conn, uint8_t *rx_secret, uint8_t *tx_secret,
-    uint8_t *initial_secret, uint8_t *rx_key, uint8_t *rx_iv, uint8_t *rx_hp,
-    uint8_t *tx_key, uint8_t *tx_iv, uint8_t *tx_hp,
-    const ngtcp2_cid *client_dcid);
-
 /**
  * @function
  *
diff --git a/crypto/shared.h b/crypto/shared.h
index cbbec519..567a6c94 100644
--- a/crypto/shared.h
+++ b/crypto/shared.h
@@ -100,4 +100,59 @@ int ngtcp2_crypto_set_local_transport_params(void *tls, const uint8_t *buf,
  */
 int ngtcp2_crypto_set_remote_transport_params(ngtcp2_conn *conn, void *tls);
 
+
+/**
+ * @function
+ *
+ * `ngtcp2_crypto_derive_and_install_initial_key` derives initial
+ * keying materials and installs keys to |conn|.
+ *
+ * If |rx_secret| is not NULL, the secret for decryption is written to
+ * the buffer pointed by |rx_secret|.  The length of secret is 32
+ * bytes, and |rx_secret| must point to the buffer which has enough
+ * capacity.
+ *
+ * If |tx_secret| is not NULL, the secret for encryption is written to
+ * the buffer pointed by |tx_secret|.  The length of secret is 32
+ * bytes, and |tx_secret| must point to the buffer which has enough
+ * capacity.
+ *
+ * If |initial_secret| is not NULL, the initial secret is written to
+ * the buffer pointed by |initial_secret|.  The length of secret is 32
+ * bytes, and |initial_secret| must point to the buffer which has
+ * enough capacity.
+ *
+ * |client_dcid| is the destination connection ID in first Initial
+ * packet of client.
+ *
+ * If |rx_key| is not NULL, the derived packet protection key for
+ * decryption is written to the buffer pointed by |rx_key|.  If
+ * |rx_iv| is not NULL, the derived packet protection IV for
+ * decryption is written to the buffer pointed by |rx_iv|.  If |rx_hp|
+ * is not NULL, the derived header protection key for decryption is
+ * written to the buffer pointed by |rx_hp|.
+ *
+ * If |tx_key| is not NULL, the derived packet protection key for
+ * encryption is written to the buffer pointed by |tx_key|.  If
+ * |tx_iv| is not NULL, the derived packet protection IV for
+ * encryption is written to the buffer pointed by |tx_iv|.  If |tx_hp|
+ * is not NULL, the derived header protection key for encryption is
+ * written to the buffer pointed by |tx_hp|.
+ *
+ * The length of packet protection key and header protection key is 16
+ * bytes long.  The length of packet protection IV is 12 bytes long.
+ *
+ * This function calls `ngtcp2_conn_set_initial_crypto_ctx` to set
+ * initial AEAD and message digest algorithm.  After the successful
+ * call of this function, application can use
+ * `ngtcp2_conn_get_initial_crypto_ctx` to get the object.
+ *
+ * This function returns 0 if it succeeds, or -1.
+ */
+int ngtcp2_crypto_derive_and_install_initial_key(
+    ngtcp2_conn *conn, uint8_t *rx_secret, uint8_t *tx_secret,
+    uint8_t *initial_secret, uint8_t *rx_key, uint8_t *rx_iv, uint8_t *rx_hp,
+    uint8_t *tx_key, uint8_t *tx_iv, uint8_t *tx_hp,
+    const ngtcp2_cid *client_dcid);
+
 #endif /* NGTCP2_SHARED_H */
-- 
GitLab