Update LoadBalancerEncoder to draft-15. Affects only short, encrypted connection IDs, and thus has no effect on current production, or firmly planned deployments. PiperOrigin-RevId: 483467615
diff --git a/quiche/quic/load_balancer/load_balancer_config.cc b/quiche/quic/load_balancer/load_balancer_config.cc index 46a0f68..62d8898 100644 --- a/quiche/quic/load_balancer/load_balancer_config.cc +++ b/quiche/quic/load_balancer/load_balancer_config.cc
@@ -54,54 +54,59 @@ // TakePlaintextFrom{Left,Right}() reads the left or right half of 'from' and // expands it into a full encryption block ('to') in accordance with the // internet-draft. -void TakePlaintextFromLeft(uint8_t *to, uint8_t *from, uint8_t plaintext_len, - uint8_t index) { +void TakePlaintextFromLeft(const uint8_t *from, const uint8_t plaintext_len, + const uint8_t index, uint8_t *to) { uint8_t half = plaintext_len / 2; - memset(to, 0, kLoadBalancerBlockSize - 1); - memcpy(to, from, half); + + to[0] = plaintext_len; + to[1] = index; + memcpy(to + 2, from, half); if (plaintext_len % 2) { - to[half] = from[half] & 0xf0; + to[2 + half] = from[half] & 0xf0; + half++; } - to[kLoadBalancerBlockSize - 1] = plaintext_len + 1; - to[kLoadBalancerBlockSize - 2] = index; + memset(to + 2 + half, 0, kLoadBalancerBlockSize - 2 - half); } -void TakePlaintextFromRight(uint8_t *to, uint8_t *from, uint8_t plaintext_len, - uint8_t index) { - const uint8_t half = plaintext_len / 2; - const uint8_t write_point = kLoadBalancerBlockSize - half; - const uint8_t read_point = plaintext_len - half; - memset((to + 1), 0, kLoadBalancerBlockSize - 1); - memcpy(to + write_point, from + read_point, half); - if (plaintext_len % 2) { - to[write_point - 1] = from[read_point - 1] & 0x0f; - } - to[0] = plaintext_len + 1; +void TakePlaintextFromRight(const uint8_t *from, const uint8_t plaintext_len, + const uint8_t index, uint8_t *to) { + uint8_t half = plaintext_len / 2; + + to[0] = plaintext_len; to[1] = index; + memcpy(to + 2, from + half, half + (plaintext_len % 2)); + if (plaintext_len % 2) { + to[2] &= 0x0f; + half++; + } + memset(to + 2 + half, 0, kLoadBalancerBlockSize - 2 - half); } // CiphertextXorWith{Left,Right}() takes the relevant end of the ciphertext in // 'from' and XORs it with half of the ConnectionId stored at 'to', in // accordance with the internet-draft. -void CiphertextXorWithLeft(uint8_t *to, uint8_t *from, uint8_t plaintext_len) { +void CiphertextXorWithLeft(const uint8_t *from, const uint8_t plaintext_len, + uint8_t *to) { uint8_t half = plaintext_len / 2; for (int i = 0; i < half; i++) { - *(to + i) ^= *(from + i); + to[i] ^= from[i]; } if (plaintext_len % 2) { - *(to + half) ^= (*(from + half) & 0xf0); + to[half] ^= (from[half] & 0xf0); } } -void CiphertextXorWithRight(uint8_t *to, uint8_t *from, uint8_t plaintext_len) { - const uint8_t half = plaintext_len / 2; - const uint8_t write_point = plaintext_len - half; - const uint8_t read_point = kLoadBalancerBlockSize - half; +void CiphertextXorWithRight(const uint8_t *from, const uint8_t plaintext_len, + uint8_t *to) { + uint8_t half = plaintext_len / 2; + int i = 0; if (plaintext_len % 2) { - *(to + write_point - 1) ^= (*(from + read_point - 1) & 0x0f); + to[half] ^= (from[0] & 0x0f); + i++; } - for (int i = 0; i < half; i++) { - *(to + write_point + i) ^= *(from + read_point + i); + while ((half + i) < plaintext_len) { + to[half + i] ^= from[i]; + i++; } } @@ -146,18 +151,18 @@ return false; } if (index % 2) { // Odd indices go from left to right - TakePlaintextFromLeft(buf, target.data(), plaintext_len(), index); + TakePlaintextFromLeft(target.data(), plaintext_len(), index, buf); } else { - TakePlaintextFromRight(buf, target.data(), plaintext_len(), index); + TakePlaintextFromRight(target.data(), plaintext_len(), index, buf); } if (!BlockEncrypt(buf, buf)) { return false; } // XOR bits over the correct half. if (index % 2) { - CiphertextXorWithRight(target.data(), buf, plaintext_len()); + CiphertextXorWithRight(buf, plaintext_len(), target.data()); } else { - CiphertextXorWithLeft(target.data(), buf, plaintext_len()); + CiphertextXorWithLeft(buf, plaintext_len(), target.data()); } return true; }
diff --git a/quiche/quic/load_balancer/load_balancer_config_test.cc b/quiche/quic/load_balancer/load_balancer_config_test.cc index e19a3c9..bb3d367 100644 --- a/quiche/quic/load_balancer/load_balancer_config_test.cc +++ b/quiche/quic/load_balancer/load_balancer_config_test.cc
@@ -85,29 +85,28 @@ } // Compare EncryptionPass() results to the example in -// draft-ietf-quic-load-balancers-14, Section 4.3.2. +// draft-ietf-quic-load-balancers-15, Section 4.3.2. TEST_F(LoadBalancerConfigTest, TestEncryptionPassExample) { auto config = LoadBalancerConfig::Create(0, 3, 4, absl::string_view(raw_key, 16)); EXPECT_TRUE(config.has_value()); EXPECT_TRUE(config->IsEncrypted()); - std::array<uint8_t, 7> bytes = { - 0x31, 0x44, 0x1a, 0x9c, 0x69, 0xc2, 0x75, - }; + std::array<uint8_t, 7> bytes = {0x31, 0x44, 0x1a, 0x9c, 0x69, 0xc2, 0x75}; + std::array<uint8_t, 7> pass1 = {0x31, 0x44, 0x1a, 0x9f, 0x1a, 0x5b, 0x6b}; + std::array<uint8_t, 7> pass2 = {0x02, 0x8e, 0x1b, 0x5f, 0x1a, 0x5b, 0x6b}; + std::array<uint8_t, 7> pass3 = {0x02, 0x8e, 0x1b, 0x54, 0x94, 0x97, 0x62}; + std::array<uint8_t, 7> pass4 = {0x8e, 0x9a, 0x91, 0xf4, 0x94, 0x97, 0x62}; + // Input is too short. EXPECT_FALSE(config->EncryptionPass(absl::Span<uint8_t>(bytes.data(), 6), 0)); EXPECT_TRUE(config->EncryptionPass(absl::Span<uint8_t>(bytes), 1)); - EXPECT_TRUE((bytes == std::array<uint8_t, 7>( - {0x31, 0x44, 0x1a, 0x92, 0x52, 0xaa, 0xef}))); + EXPECT_EQ(bytes, pass1); EXPECT_TRUE(config->EncryptionPass(absl::Span<uint8_t>(bytes), 2)); - EXPECT_TRUE((bytes == std::array<uint8_t, 7>( - {0xe6, 0xa1, 0x3a, 0xb2, 0x52, 0xaa, 0xef}))); + EXPECT_EQ(bytes, pass2); EXPECT_TRUE(config->EncryptionPass(absl::Span<uint8_t>(bytes), 3)); - EXPECT_TRUE((bytes == std::array<uint8_t, 7>( - {0xe6, 0xa1, 0x3a, 0xbc, 0xe1, 0xe0, 0xd2}))); + EXPECT_EQ(bytes, pass3); EXPECT_TRUE(config->EncryptionPass(absl::Span<uint8_t>(bytes), 4)); - EXPECT_TRUE((bytes == std::array<uint8_t, 7>( - {0x32, 0xc3, 0x63, 0xfc, 0xe1, 0xe0, 0xd2}))); + EXPECT_EQ(bytes, pass4); } TEST_F(LoadBalancerConfigTest, EncryptionPassPlaintext) { @@ -116,6 +115,25 @@ EXPECT_FALSE(config->EncryptionPass(absl::Span<uint8_t>(bytes), 1)); } +// Check that the encryption pass code can decode its own ciphertext. Various +// pointer errors could cause the code to overwrite bits that contain +// important information. +TEST_F(LoadBalancerConfigTest, EncryptionPassesAreReversible) { + auto config = + LoadBalancerConfig::Create(0, 3, 4, absl::string_view(raw_key, 16)); + std::array<uint8_t, 7> bytes = { + 0x31, 0x44, 0x1a, 0x9c, 0x69, 0xc2, 0x75, + }; + std::array<uint8_t, 7> orig_bytes; + memcpy(orig_bytes.data(), bytes.data(), bytes.size()); + // Work left->right and right->left passes. + EXPECT_TRUE(config->EncryptionPass(absl::Span<uint8_t>(bytes), 1)); + EXPECT_TRUE(config->EncryptionPass(absl::Span<uint8_t>(bytes), 2)); + EXPECT_TRUE(config->EncryptionPass(absl::Span<uint8_t>(bytes), 2)); + EXPECT_TRUE(config->EncryptionPass(absl::Span<uint8_t>(bytes), 1)); + EXPECT_EQ(bytes, orig_bytes); +} + TEST_F(LoadBalancerConfigTest, InvalidBlockEncryption) { uint8_t pt[kLoadBalancerBlockSize], ct[kLoadBalancerBlockSize]; auto pt_config = LoadBalancerConfig::CreateUnencrypted(0, 8, 8); @@ -133,7 +151,7 @@ } // Block decrypt test from the Test Vector in -// draft-ietf-quic-load-balancers-14, Appendix B. +// draft-ietf-quic-load-balancers-15, Appendix B. TEST_F(LoadBalancerConfigTest, BlockEncryptionExample) { const uint8_t ptext[] = {0xed, 0x79, 0x3a, 0x51, 0xd4, 0x9b, 0x8f, 0x5f, 0xee, 0x08, 0x0d, 0xbf, 0x48, 0xc0, 0xd1, 0xe5};
diff --git a/quiche/quic/load_balancer/load_balancer_decoder_test.cc b/quiche/quic/load_balancer/load_balancer_decoder_test.cc index ee1feac..728467f 100644 --- a/quiche/quic/load_balancer/load_balancer_decoder_test.cc +++ b/quiche/quic/load_balancer/load_balancer_decoder_test.cc
@@ -57,7 +57,7 @@ } } -// Compare test vectors from Appendix B of draft-ietf-quic-load-balancers-14. +// Compare test vectors from Appendix B of draft-ietf-quic-load-balancers-15. TEST_F(LoadBalancerDecoderTest, DecoderTestVectors) { // Try (1) the "standard" CID length of 8 // (2) server_id_len > nonce_len, so there is a fourth decryption pass @@ -66,13 +66,13 @@ const struct LoadBalancerDecoderTestCase test_vectors[4] = { { *LoadBalancerConfig::Create(0, 3, 4, kKey), - QuicConnectionId({0x07, 0x27, 0xed, 0xaa, 0x37, 0xe7, 0xfa, 0xc8}), + QuicConnectionId({0x07, 0x41, 0x26, 0xee, 0x38, 0xbf, 0x54, 0x54}), MakeServerId(kServerId, 3), }, { *LoadBalancerConfig::Create(1, 10, 5, kKey), - QuicConnectionId({0x4f, 0x22, 0x61, 0x4a, 0x97, 0xce, 0xee, 0x84, - 0x34, 0x1e, 0xd7, 0xfb, 0xfe, 0xb1, 0xe6, 0xe2}), + QuicConnectionId({0x4f, 0xcd, 0x3f, 0x57, 0x2d, 0x4e, 0xef, 0xb0, + 0x46, 0xfd, 0xb5, 0x1d, 0x16, 0x4e, 0xfc, 0xcc}), MakeServerId(kServerId, 10), }, { @@ -84,9 +84,9 @@ }, { *LoadBalancerConfig::Create(0, 9, 9, kKey), - QuicConnectionId({0x12, 0x5e, 0x3b, 0x00, 0xaa, 0x5f, 0xcf, 0xd1, - 0xa9, 0xa5, 0x81, 0x02, 0xa8, 0x9a, 0x19, 0xa1, - 0xe4, 0xa1, 0x0e}), + QuicConnectionId({0x12, 0x12, 0x4d, 0x1e, 0xb8, 0xfb, 0xb2, 0x1e, + 0x4a, 0x49, 0x0c, 0xa5, 0x3c, 0xfe, 0x21, 0xd0, + 0x4a, 0xe6, 0x3a}), MakeServerId(kServerId, 9), }, };
diff --git a/quiche/quic/load_balancer/load_balancer_encoder_test.cc b/quiche/quic/load_balancer/load_balancer_encoder_test.cc index 12d8fc7..88d09f4 100644 --- a/quiche/quic/load_balancer/load_balancer_encoder_test.cc +++ b/quiche/quic/load_balancer/load_balancer_encoder_test.cc
@@ -184,7 +184,7 @@ } } -// Follow example in draft-ietf-quic-load-balancers-14. +// Follow example in draft-ietf-quic-load-balancers-15. TEST_F(LoadBalancerEncoderTest, FollowSpecExample) { const uint8_t config_id = 0, server_id_len = 3, nonce_len = 4; const uint8_t raw_server_id[] = { @@ -205,14 +205,14 @@ EXPECT_TRUE(encoder->UpdateConfig( *config, *LoadBalancerServerId::Create(raw_server_id))); EXPECT_TRUE(encoder->IsEncoding()); - const char raw_connection_id[] = {0x07, 0x32, 0xc3, 0x63, - 0xfc, 0xe1, 0xe0, 0xd2}; + const char raw_connection_id[] = {0x07, 0x8e, 0x9a, 0x91, + 0xf4, 0x94, 0x97, 0x62}; auto expected = QuicConnectionId(raw_connection_id, 1 + server_id_len + nonce_len); EXPECT_EQ(encoder->GenerateConnectionId(), expected); } -// Compare test vectors from Appendix B of draft-ietf-quic-load-balancers-14. +// Compare test vectors from Appendix B of draft-ietf-quic-load-balancers-15. TEST_F(LoadBalancerEncoderTest, EncoderTestVectors) { // Try (1) the "standard" ConnectionId length of 8 // (2) server_id_len > nonce_len, so there is a fourth decryption pass @@ -221,13 +221,13 @@ const LoadBalancerEncoderTestCase test_vectors[4] = { { *LoadBalancerConfig::Create(0, 3, 4, kKey), - QuicConnectionId({0x07, 0x27, 0xed, 0xaa, 0x37, 0xe7, 0xfa, 0xc8}), + QuicConnectionId({0x07, 0x41, 0x26, 0xee, 0x38, 0xbf, 0x54, 0x54}), MakeServerId(kServerId, 3), }, { *LoadBalancerConfig::Create(1, 10, 5, kKey), - QuicConnectionId({0x4f, 0x22, 0x61, 0x4a, 0x97, 0xce, 0xee, 0x84, - 0x34, 0x1e, 0xd7, 0xfb, 0xfe, 0xb1, 0xe6, 0xe2}), + QuicConnectionId({0x4f, 0xcd, 0x3f, 0x57, 0x2d, 0x4e, 0xef, 0xb0, + 0x46, 0xfd, 0xb5, 0x1d, 0x16, 0x4e, 0xfc, 0xcc}), MakeServerId(kServerId, 10), }, { @@ -239,9 +239,9 @@ }, { *LoadBalancerConfig::Create(0, 9, 9, kKey), - QuicConnectionId({0x12, 0x5e, 0x3b, 0x00, 0xaa, 0x5f, 0xcf, 0xd1, - 0xa9, 0xa5, 0x81, 0x02, 0xa8, 0x9a, 0x19, 0xa1, - 0xe4, 0xa1, 0x0e}), + QuicConnectionId({0x12, 0x12, 0x4d, 0x1e, 0xb8, 0xfb, 0xb2, 0x1e, + 0x4a, 0x49, 0x0c, 0xa5, 0x3c, 0xfe, 0x21, 0xd0, + 0x4a, 0xe6, 0x3a}), MakeServerId(kServerId, 9), }, }; @@ -267,7 +267,7 @@ LoadBalancerEncoderPeer::SetNumNoncesLeft(*encoder, 2); EXPECT_EQ(encoder->num_nonces_left(), 2); EXPECT_EQ(encoder->GenerateConnectionId(), - QuicConnectionId({0x07, 0xf4, 0xeb, 0x21, 0xfb, 0x22, 0xa8, 0x40})); + QuicConnectionId({0x07, 0x1d, 0x4a, 0xb8, 0xc6, 0x1d, 0xd6, 0x5d})); EXPECT_EQ(encoder->num_nonces_left(), 1); encoder->GenerateConnectionId(); EXPECT_EQ(encoder->IsEncoding(), false);