CESNET
diff --git a/‎process-plugin-api/process/quic/src/opensslContextWrapper.hpp‎ b/‎process-plugin-api/process/quic/src/opensslContextWrapper.hpp‎
diff --git a/‎process-plugin-api/process/quic/src/quic.cpp‎
Lines changed: 126 additions & 292 deletions b/‎process-plugin-api/process/quic/src/quic.cpp‎
Lines changed: 126 additions & 292 deletions
diff --git a/‎process-plugin-api/process/quic/src/quicDirection.hpp‎
Lines changed: 2 additions & 2 deletions b/‎process-plugin-api/process/quic/src/quicDirection.hpp‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎process-plugin-api/process/quic/src/quicExport.hpp‎
Lines changed: 20 additions & 13 deletions b/‎process-plugin-api/process/quic/src/quicExport.hpp‎
Lines changed: 20 additions & 13 deletions
diff --git a/‎process-plugin-api/process/quic/src/quicHeader.hpp‎
Lines changed: 4 additions & 4 deletions b/‎process-plugin-api/process/quic/src/quicHeader.hpp‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎process-plugin-api/process/quic/src/quicInitialHeaderView.cpp‎
Lines changed: 14 additions & 15 deletions b/‎process-plugin-api/process/quic/src/quicInitialHeaderView.cpp‎
Lines changed: 14 additions & 15 deletions
diff --git a/‎process-plugin-api/process/quic/src/quicInitialHeaderView.hpp‎
Lines changed: 3 additions & 2 deletions b/‎process-plugin-api/process/quic/src/quicInitialHeaderView.hpp‎
Lines changed: 3 additions & 2 deletions
@@ -7,8 +7,8 @@
 namespace ipxp
 {
 enum class QUICDirection : uint8_t {
-    CLIENT_TO_SERVER = static_cast<uint8_t>(Direction::Forward),
-    SERVER_TO_CLIENT = static_cast<uint8_t>(Direction::Reverse),
+    CLIENT_TO_SERVER,
+    SERVER_TO_CLIENT,
 };
 
 } // namespace ipxp
@@ -5,37 +5,44 @@
 #include <span>
 #include <boost/static_string.hpp>
 #include <boost/container/static_vector.hpp>
-
+#include <vector>
 
 #include "burst.hpp"
 
 namespace ipxp
 {
 
+constexpr static std::size_t MAX_CONNECTION_ID_LENGTH = 20;
+using ConnectionId = container::static_vector<uint8_t, MAX_CONNECTION_ID_LENGTH>;
+
 struct QUICExport {
 	constexpr static std::size_t BUFFER_SIZE = 255;
-	constexpr static std::size_t MAX_CONNECTION_ID_LENGTH = 20;
+	boost::static_string<BUFFER_SIZE> sni;
+	boost::static_string<BUFFER_SIZE> userAgent;
+	
 	constexpr static std::size_t MAX_PACKETS = 30;
+	boost::container::static_vector<uint8_t, MAX_PACKETS> packetTypes;
+
 	constexpr static std::size_t MAX_TLS_EXTENSIONS = 30;
-	constexpr static std::size_t MAX_BUFFER_SIZE = 1500;
+	boost::container::static_vector<uint16_t, MAX_TLS_EXTENSIONS> tlsExtensionTypes;
+	boost::container::static_vector<uint16_t, MAX_TLS_EXTENSIONS> tlsExtensionLengths;
+	
+	constexpr static std::size_t MAX_TLS_PAYLOAD_TO_SAVE = 1500;
+	std::vector<std::byte> extensionsPayload;
 
-	boost::static_string<BUFFER_SIZE> sni;
-	boost::static_string<BUFFER_SIZE> userAgent;
 	uint32_t quicVersion;
 	uint32_t quicClientVersion;
 	uint64_t quicTokenLength;
-	boost::static_string<MAX_CONNECTION_ID_LENGTH> originalClientId;
-	boost::static_string<MAX_CONNECTION_ID_LENGTH> originalServerId;
-	boost::static_string<MAX_CONNECTION_ID_LENGTH> serverId;
-	boost::static_string<MAX_CONNECTION_ID_LENGTH> retryScid;
 	uint8_t multiplexedCount;
 	uint8_t quicZeroRTTCount;
 	uint8_t clientHelloParsed;
 	uint16_t serverPort;
-	boost::container::static_vector<uint8_t, MAX_PACKETS> packetTypes;
-	boost::container::static_vector<uint16_t, MAX_TLS_EXTENSIONS> tlsExtensionTypes;
-	boost::container::static_vector<uint16_t, MAX_TLS_EXTENSIONS> tlsExtensionLengths;
-	boost::container::static_vector<std::byte, MAX_BUFFER_SIZE> extensionsPayload;
+
+	ConnectionId originalClientId;
+	ConnectionId originalServerId;
+	ConnectionId sourceId;
+	ConnectionId retrySCID;
+
 
 
 
 
@@ -8,19 +8,19 @@
 namespace ipxp
 {
 
-struct FirstQUICHeader {
+struct PrimaryQUICHeader {
 	uint8_t headerForm;
 	uint32_t version;
 	uint8_t destConnectionIdLength;
 
 	constexpr static 
-	std::optional<FirstQUICHeader> 
+	std::optional<PrimaryQUICHeader> 
     createFromPayload(std::span<const std::byte> payload) noexcept
 	{
-		if (payload.size() < sizeof(FirstQUICHeader)) {
+		if (payload.size() < sizeof(PrimaryQUICHeader)) {
 			return std::nullopt;
 		}
-		return FirstQUICHeader{
+		return PrimaryQUICHeader{
 			.headerForm = static_cast<uint8_t>(payload[0]),
 			.version = ntohl(*reinterpret_cast<const uint32_t*>(&payload[1])),
 			.destConnectionIdLength = static_cast<uint8_t>(payload[5])
 
@@ -167,10 +167,7 @@ createInitialSecrets(std::span<const std::byte> destConnectionId,
 
 	// HKDF-Extract
 	//std::unique_ptr<EVP_PKEY_CTX> publicKeyContext 
-	auto publicKeyContext 
-        = std::unique_ptr<EVP_PKEY_CTX, std::function<void(EVP_PKEY_CTX*)>>{
-            EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, nullptr), EVP_PKEY_CTX_free
-        };
+	auto publicKeyContext = createKeyContext();
 
     const ExpandedLabel expandedLabel 
         = expandLabel<QUICInitialHeaderView::SHA2_256_LENGTH>(
@@ -356,7 +353,7 @@ bool decryptInitialHeader(const QUICInitialSecrets& initialSecrets,
     return true;
 }
 
-constexpr static std::optional<std::array<std::byte, QUICInitialHeaderView::MAX_BUFFER_SIZE>>
+constexpr static std::optional<std::array<std::byte, ReassembledFrame::capacity()>>
 decryptPayload(std::span<const std::byte> encryptedPayload) noexcept
 {
     const std::array<std::byte, 16> authTag;
@@ -365,15 +362,14 @@ decryptPayload(std::span<const std::byte> encryptedPayload) noexcept
         return std::nullopt;
     }
 	/* Input is --> "header || ciphertext (buffer) || auth tag (16 bytes)" */
-    if (encryptedPayload.size() > QUICInitialHeaderView::MAX_BUFFER_SIZE) {
+    if (encryptedPayload.size() > ReassembledFrame::capacity()) {
 		return std::nullopt;
 	}
 
 	std::size_t decryptedLength;
 
-    auto decryptedPayload 
-        = std::make_optional<std::array<std::byte, 
-        QUICInitialHeaderView::MAX_BUFFER_SIZE>>();
+    auto decryptedPayload = std::make_optional<std::array<std::byte, 
+        ReassembledFrame::capacity()>>();
 
 	// https://datatracker.ietf.org/doc/html/draft-ietf-quic-tls-34#section-5.3
 	// "These cipher suites have a 16-byte authentication tag and produce an output 16 bytes larger
@@ -384,7 +380,6 @@ decryptPayload(std::span<const std::byte> encryptedPayload) noexcept
     std::copy(encryptedPayload.data() + encryptedPayload.size() - 16, 
         encryptedPayload.data() + encryptedPayload.size(), authTag.begin());
 
-    // creating context
     auto cipherContext = createCipherContext();
 
 	if (!cipherContext || 
@@ -620,6 +615,7 @@ reassembleCryptoFrames(std::span<const std::byte> decryptedPayload) noexcept
                 cryptoData->size(), reassembledFrame->capacity() - reassembledFrame->size());
             reassembledFrame->insert(
                 cryptoData->begin(), cryptoData->begin() + sizeToCopy);
+
             frameLength = cryptoData->data() - 
                 decryptedPayload.data() + cryptoData->size();
         case FrameType::ACK1:
@@ -651,6 +647,7 @@ reassembleCryptoFrames(std::span<const std::byte> decryptedPayload) noexcept
 	return reassembledFrame;
 }
 
+constexpr
 bool QUICParser::parseTLSExtensions(TLSParser& parser)
 {
 	const bool extensionsParsed = parser.parseExtensions(
@@ -671,8 +668,8 @@ bool QUICParser::parseTLSExtensions(TLSParser& parser)
             || extension_type == TLSExtensionType::QUIC_TRANSPORT_PARAMETERS
             || extension_type == TLSExtensionType::QUIC_TRANSPORT_PARAMETERS_V2) {
             std::ranges::copy(extension.payload |
-                std::views::take(m_tlsExtensionBuffer.capacity()),
-                std::back_inserter(m_tlsExtensionBuffer));
+                std::views::take(QUICExport::MAX_TLS_PAYLOAD_TO_SAVE),
+                std::back_inserter(extensionsPayload));
         }
 
         if (!m_exportData.extensionTypes.full()) {
@@ -684,18 +681,20 @@ bool QUICParser::parseTLSExtensions(TLSParser& parser)
 	return extensionsParsed;
 }
 
-constexpr static
+constexpr
 bool QUICInitialHeaderView::parseTLS(const ReassembledFrame& reassembledFrame)
 {
     TLSParser parser;
 	if (!parser.parseHelloFromQUIC(toSpan(reassembledFrame))) {
 		return false;
 	}
+
     tlsHandshake = parser.handshake;
+
 	return parseTLSExtensions(parser);
 }
 
-constexpr static
+constexpr
 bool QUICInitialHeaderView::parse(std::span<const std::byte> destConnectionId, 
     std::span<const std::byte> salt,
     const PacketType packetType,
@@ -728,7 +727,7 @@ bool QUICInitialHeaderView::parse(std::span<const std::byte> destConnectionId,
 		// SNI and User Agent Extraction failed
 		return false;
 	}
-    
+
 	clientHelloParsed = tlsHandshake.type == TLSHandshake::Type::CLIENT_HELLO;
 
 	return true;
 
@@ -5,6 +5,7 @@
 #include <optional>
 
 #include "quicInitialSecrets.hpp"
+#include "quicExport.hpp"
 
 namespace ipxp
 {
@@ -21,7 +22,7 @@ struct QUICInitialHeaderView {
         = boost::container::static_vector<std::byte, MAX_BUFFER_SIZE>;
 
     using TLSExtensionBuffer 
-        = boost::container::static_vector<std::byte, MAX_BUFFER_SIZE>;
+        = boost::container::static_vector<std::byte, QUICExport::MAX_TLS_PAYLOAD_TO_SAVE>;
 
     enum class FrameType : uint8_t{
 		CRYPTO = 0x06,
@@ -55,7 +56,7 @@ struct QUICInitialHeaderView {
     std::optional<...> userAgent;
     boost::container::static_vector<uint16_t, MAX_TLS_EXTENSIONS> extensionTypes;
     boost::container::static_vector<uint16_t, MAX_TLS_EXTENSIONS> extensionLengths;
-    std::vector<const std::byte> extensionsPayload;
+    std::vector<std::byte> extensionsPayload;
 };
 
 } // namespace ipxp