gfe-relnote: Remove client-side support for Channel ID from QUIC. Not flag protected.
PiperOrigin-RevId: 247261939
Change-Id: Id2d70ab42cb47b76c783a06b7773871886c75c56
diff --git a/quic/test_tools/crypto_test_utils.cc b/quic/test_tools/crypto_test_utils.cc
index 318cd73..0157456 100644
--- a/quic/test_tools/crypto_test_utils.cc
+++ b/quic/test_tools/crypto_test_utils.cc
@@ -43,126 +43,6 @@
namespace quic {
namespace test {
-TestChannelIDKey::TestChannelIDKey(EVP_PKEY* ecdsa_key)
- : ecdsa_key_(ecdsa_key) {}
-TestChannelIDKey::~TestChannelIDKey() {}
-
-bool TestChannelIDKey::Sign(QuicStringPiece signed_data,
- std::string* out_signature) const {
- bssl::ScopedEVP_MD_CTX md_ctx;
- if (EVP_DigestSignInit(md_ctx.get(), nullptr, EVP_sha256(), nullptr,
- ecdsa_key_.get()) != 1) {
- return false;
- }
-
- EVP_DigestUpdate(md_ctx.get(), ChannelIDVerifier::kContextStr,
- strlen(ChannelIDVerifier::kContextStr) + 1);
- EVP_DigestUpdate(md_ctx.get(), ChannelIDVerifier::kClientToServerStr,
- strlen(ChannelIDVerifier::kClientToServerStr) + 1);
- EVP_DigestUpdate(md_ctx.get(), signed_data.data(), signed_data.size());
-
- size_t sig_len;
- if (!EVP_DigestSignFinal(md_ctx.get(), nullptr, &sig_len)) {
- return false;
- }
-
- std::unique_ptr<uint8_t[]> der_sig(new uint8_t[sig_len]);
- if (!EVP_DigestSignFinal(md_ctx.get(), der_sig.get(), &sig_len)) {
- return false;
- }
-
- uint8_t* derp = der_sig.get();
- bssl::UniquePtr<ECDSA_SIG> sig(
- d2i_ECDSA_SIG(nullptr, const_cast<const uint8_t**>(&derp), sig_len));
- if (sig.get() == nullptr) {
- return false;
- }
-
- // The signature consists of a pair of 32-byte numbers.
- static const size_t kSignatureLength = 32 * 2;
- std::unique_ptr<uint8_t[]> signature(new uint8_t[kSignatureLength]);
- if (!BN_bn2bin_padded(&signature[0], 32, sig->r) ||
- !BN_bn2bin_padded(&signature[32], 32, sig->s)) {
- return false;
- }
-
- *out_signature =
- std::string(reinterpret_cast<char*>(signature.get()), kSignatureLength);
-
- return true;
-}
-
-std::string TestChannelIDKey::SerializeKey() const {
- // i2d_PublicKey will produce an ANSI X9.62 public key which, for a P-256
- // key, is 0x04 (meaning uncompressed) followed by the x and y field
- // elements as 32-byte, big-endian numbers.
- static const int kExpectedKeyLength = 65;
-
- int len = i2d_PublicKey(ecdsa_key_.get(), nullptr);
- if (len != kExpectedKeyLength) {
- return "";
- }
-
- uint8_t buf[kExpectedKeyLength];
- uint8_t* derp = buf;
- i2d_PublicKey(ecdsa_key_.get(), &derp);
-
- return std::string(reinterpret_cast<char*>(buf + 1), kExpectedKeyLength - 1);
-}
-
-TestChannelIDSource::~TestChannelIDSource() {}
-
-QuicAsyncStatus TestChannelIDSource::GetChannelIDKey(
- const std::string& hostname,
- std::unique_ptr<ChannelIDKey>* channel_id_key,
- ChannelIDSourceCallback* /*callback*/) {
- *channel_id_key = QuicMakeUnique<TestChannelIDKey>(HostnameToKey(hostname));
- return QUIC_SUCCESS;
-}
-
-// static
-EVP_PKEY* TestChannelIDSource::HostnameToKey(const std::string& hostname) {
- // In order to generate a deterministic key for a given hostname the
- // hostname is hashed with SHA-256 and the resulting digest is treated as a
- // big-endian number. The most-significant bit is cleared to ensure that
- // the resulting value is less than the order of the group and then it's
- // taken as a private key. Given the private key, the public key is
- // calculated with a group multiplication.
- SHA256_CTX sha256;
- SHA256_Init(&sha256);
- SHA256_Update(&sha256, hostname.data(), hostname.size());
-
- unsigned char digest[SHA256_DIGEST_LENGTH];
- SHA256_Final(digest, &sha256);
-
- // Ensure that the digest is less than the order of the P-256 group by
- // clearing the most-significant bit.
- digest[0] &= 0x7f;
-
- bssl::UniquePtr<BIGNUM> k(BN_new());
- CHECK(BN_bin2bn(digest, sizeof(digest), k.get()) != nullptr);
-
- bssl::UniquePtr<EC_GROUP> p256(
- EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
- CHECK(p256);
-
- bssl::UniquePtr<EC_KEY> ecdsa_key(EC_KEY_new());
- CHECK(ecdsa_key && EC_KEY_set_group(ecdsa_key.get(), p256.get()));
-
- bssl::UniquePtr<EC_POINT> point(EC_POINT_new(p256.get()));
- CHECK(EC_POINT_mul(p256.get(), point.get(), k.get(), nullptr, nullptr,
- nullptr));
-
- EC_KEY_set_private_key(ecdsa_key.get(), k.get());
- EC_KEY_set_public_key(ecdsa_key.get(), point.get());
-
- bssl::UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new());
- // EVP_PKEY_set1_EC_KEY takes a reference so no |release| here.
- EVP_PKEY_set1_EC_KEY(pkey.get(), ecdsa_key.get());
-
- return pkey.release();
-}
-
namespace crypto_test_utils {
namespace {
@@ -207,57 +87,13 @@
return false;
}
-// A ChannelIDSource that works in asynchronous mode unless the |callback|
-// argument to GetChannelIDKey is nullptr.
-class AsyncTestChannelIDSource : public ChannelIDSource, public CallbackSource {
- public:
- // |sync_source| is a synchronous ChannelIDSource.
- explicit AsyncTestChannelIDSource(
- std::unique_ptr<ChannelIDSource> sync_source)
- : sync_source_(std::move(sync_source)) {}
- ~AsyncTestChannelIDSource() override {}
-
- // ChannelIDSource implementation.
- QuicAsyncStatus GetChannelIDKey(const std::string& hostname,
- std::unique_ptr<ChannelIDKey>* channel_id_key,
- ChannelIDSourceCallback* callback) override {
- // Synchronous mode.
- if (!callback) {
- return sync_source_->GetChannelIDKey(hostname, channel_id_key, nullptr);
- }
-
- // Asynchronous mode.
- QuicAsyncStatus status =
- sync_source_->GetChannelIDKey(hostname, &channel_id_key_, nullptr);
- if (status != QUIC_SUCCESS) {
- return QUIC_FAILURE;
- }
- callback_.reset(callback);
- return QUIC_PENDING;
- }
-
- // CallbackSource implementation.
- void RunPendingCallbacks() override {
- if (callback_) {
- callback_->Run(&channel_id_key_);
- callback_.reset();
- }
- }
-
- private:
- std::unique_ptr<ChannelIDSource> sync_source_;
- std::unique_ptr<ChannelIDSourceCallback> callback_;
- std::unique_ptr<ChannelIDKey> channel_id_key_;
-};
-
} // anonymous namespace
FakeServerOptions::FakeServerOptions() {}
FakeServerOptions::~FakeServerOptions() {}
-FakeClientOptions::FakeClientOptions()
- : channel_id_enabled(false), channel_id_source_async(false) {}
+FakeClientOptions::FakeClientOptions() {}
FakeClientOptions::~FakeClientOptions() {}
@@ -446,19 +282,6 @@
QuicCryptoClientConfig crypto_config(ProofVerifierForTesting(),
TlsClientHandshaker::CreateSslCtx());
- AsyncTestChannelIDSource* async_channel_id_source = nullptr;
- if (options.channel_id_enabled) {
- std::unique_ptr<ChannelIDSource> source = ChannelIDSourceForTesting();
- if (options.channel_id_source_async) {
- auto temp = QuicMakeUnique<AsyncTestChannelIDSource>(std::move(source));
- async_channel_id_source = temp.get();
- source = std::move(temp);
- }
- crypto_config.SetChannelIDSource(std::move(source));
- }
- if (!options.token_binding_params.empty()) {
- crypto_config.tb_key_params = options.token_binding_params;
- }
TestQuicSpdyClientSession client_session(client_conn, DefaultQuicConfig(),
supported_versions, server_id,
&crypto_config);
@@ -471,25 +294,12 @@
client_session.GetMutableCryptoStream()->CryptoConnect();
CHECK_EQ(1u, client_conn->encrypted_packets_.size());
- CommunicateHandshakeMessagesAndRunCallbacks(
- client_conn, client_session.GetMutableCryptoStream(), server_conn, server,
- async_channel_id_source);
+ CommunicateHandshakeMessages(client_conn,
+ client_session.GetMutableCryptoStream(),
+ server_conn, server);
if (server->handshake_confirmed() && server->encryption_established()) {
CompareClientAndServerKeys(client_session.GetMutableCryptoStream(), server);
-
- if (options.channel_id_enabled) {
- std::unique_ptr<ChannelIDKey> channel_id_key;
- QuicAsyncStatus status =
- crypto_config.channel_id_source()->GetChannelIDKey(
- server_id.host(), &channel_id_key, nullptr);
- EXPECT_EQ(QUIC_SUCCESS, status);
- EXPECT_EQ(channel_id_key->SerializeKey(),
- server->crypto_negotiated_params().channel_id);
- EXPECT_EQ(
- options.channel_id_source_async,
- client_session.GetCryptoStream()->WasChannelIDSourceCallbackRun());
- }
}
return client_session.GetCryptoStream()->num_sent_client_hellos();
@@ -530,16 +340,6 @@
QuicCryptoStream* client,
PacketSavingConnection* server_conn,
QuicCryptoStream* server) {
- CommunicateHandshakeMessagesAndRunCallbacks(client_conn, client, server_conn,
- server, nullptr);
-}
-
-void CommunicateHandshakeMessagesAndRunCallbacks(
- PacketSavingConnection* client_conn,
- QuicCryptoStream* client,
- PacketSavingConnection* server_conn,
- QuicCryptoStream* server,
- CallbackSource* callback_source) {
size_t client_i = 0, server_i = 0;
while (!client->handshake_confirmed() || !server->handshake_confirmed()) {
ASSERT_GT(client_conn->encrypted_packets_.size(), client_i);
@@ -548,9 +348,6 @@
<< " packets client->server";
MovePackets(client_conn, &client_i, server, server_conn,
Perspective::IS_SERVER);
- if (callback_source) {
- callback_source->RunPendingCallbacks();
- }
if (client->handshake_confirmed() && server->handshake_confirmed()) {
break;
@@ -561,9 +358,6 @@
<< " packets server->client";
MovePackets(server_conn, &server_i, client, client_conn,
Perspective::IS_CLIENT);
- if (callback_source) {
- callback_source->RunPendingCallbacks();
- }
}
}
@@ -898,10 +692,6 @@
return *parsed;
}
-std::unique_ptr<ChannelIDSource> ChannelIDSourceForTesting() {
- return QuicMakeUnique<TestChannelIDSource>();
-}
-
void MovePackets(PacketSavingConnection* source_conn,
size_t* inout_packet_index,
QuicCryptoStream* dest_stream,
diff --git a/quic/test_tools/crypto_test_utils.h b/quic/test_tools/crypto_test_utils.h
index 5bb4b4e..1091c8c 100644
--- a/quic/test_tools/crypto_test_utils.h
+++ b/quic/test_tools/crypto_test_utils.h
@@ -20,7 +20,6 @@
namespace quic {
-class ChannelIDSource;
class CommonCertSets;
class ProofSource;
class ProofVerifier;
@@ -38,37 +37,6 @@
class PacketSavingConnection;
-class TestChannelIDKey : public ChannelIDKey {
- public:
- explicit TestChannelIDKey(EVP_PKEY* ecdsa_key);
- ~TestChannelIDKey() override;
-
- // ChannelIDKey implementation.
-
- bool Sign(QuicStringPiece signed_data,
- std::string* out_signature) const override;
-
- std::string SerializeKey() const override;
-
- private:
- bssl::UniquePtr<EVP_PKEY> ecdsa_key_;
-};
-
-class TestChannelIDSource : public ChannelIDSource {
- public:
- ~TestChannelIDSource() override;
-
- // ChannelIDSource implementation.
-
- QuicAsyncStatus GetChannelIDKey(
- const std::string& hostname,
- std::unique_ptr<ChannelIDKey>* channel_id_key,
- ChannelIDSourceCallback* /*callback*/) override;
-
- private:
- static EVP_PKEY* HostnameToKey(const std::string& hostname);
-};
-
namespace crypto_test_utils {
// An interface for a source of callbacks. This is used for invoking
@@ -101,17 +69,6 @@
FakeClientOptions();
~FakeClientOptions();
- // If channel_id_enabled is true then the client will attempt to send a
- // ChannelID.
- bool channel_id_enabled;
-
- // If channel_id_source_async is true then the client will use an async
- // ChannelIDSource for testing. Ignored if channel_id_enabled is false.
- bool channel_id_source_async;
-
- // The Token Binding params that the client supports and will negotiate.
- QuicTagVector token_binding_params;
-
// If only_tls_versions is set, then the client will only use TLS for the
// crypto handshake.
bool only_tls_versions = false;
@@ -153,18 +110,6 @@
PacketSavingConnection* server_conn,
QuicCryptoStream* server);
-// CommunicateHandshakeMessagesAndRunCallbacks moves messages from |client|
-// to |server| and back until |client|'s handshake has completed. If
-// |callback_source| is not nullptr,
-// CommunicateHandshakeMessagesAndRunCallbacks also runs callbacks from
-// |callback_source| between processing messages.
-void CommunicateHandshakeMessagesAndRunCallbacks(
- PacketSavingConnection* client_conn,
- QuicCryptoStream* client,
- PacketSavingConnection* server_conn,
- QuicCryptoStream* server,
- CallbackSource* callback_source);
-
// AdvanceHandshake attempts to moves messages from |client| to |server| and
// |server| to |client|. Returns the number of messages moved.
std::pair<size_t, size_t> AdvanceHandshake(PacketSavingConnection* client_conn,
@@ -222,12 +167,6 @@
std::vector<std::pair<std::string, std::string>> tags_and_values,
int minimum_size_bytes);
-// ChannelIDSourceForTesting returns a ChannelIDSource that generates keys
-// deterministically based on the hostname given in the GetChannelIDKey call.
-// This ChannelIDSource works in synchronous mode, i.e., its GetChannelIDKey
-// method never returns QUIC_PENDING.
-std::unique_ptr<ChannelIDSource> ChannelIDSourceForTesting();
-
// MovePackets parses crypto handshake messages from packet number
// |*inout_packet_index| through to the last packet (or until a packet fails
// to decrypt) and has |dest_stream| process them. |*inout_packet_index| is
diff --git a/quic/test_tools/fuzzing/README.md b/quic/test_tools/fuzzing/README.md
new file mode 100644
index 0000000..b30ba8b
--- /dev/null
+++ b/quic/test_tools/fuzzing/README.md
@@ -0,0 +1,16 @@
+Examples of fuzz testing QUIC code using libfuzzer (go/libfuzzer).
+
+To build and run the examples:
+
+```sh
+$ blaze build --config=asan-fuzzer //gfe/quic/test_tools/fuzzing/...
+$ CORPUS_DIR=`mktemp -d` && echo ${CORPUS_DIR}
+$ ./blaze-bin/gfe/quic/test_tools/fuzzing/quic_framer_fuzzer ${CORPUS_DIR} -use_counters=0
+```
+
+By default this fuzzes with 64 byte chunks, to test the framer with more realistic
+size input, try 1350 (max payload size of a QUIC packet):
+
+```sh
+$ ./blaze-bin/gfe/quic/test_tools/fuzzing/quic_framer_fuzzer ${CORPUS_DIR} -use_counters=0 -max_len=1350
+```
diff --git a/quic/test_tools/simulator/README.md b/quic/test_tools/simulator/README.md
new file mode 100644
index 0000000..8582962
--- /dev/null
+++ b/quic/test_tools/simulator/README.md
@@ -0,0 +1,99 @@
+# QUIC network simulator
+
+This directory contains a discrete event network simulator which QUIC code uses
+for testing congestion control and other transmission control code that requires
+a network simulation for tests on QuicConnection level of abstraction.
+
+## Actors
+
+The core of the simulator is the Simulator class, which maintains a virtual
+clock and an event queue. Any object in a simulation that needs to schedule
+events has to subclass Actor. Subclassing Actor involves:
+
+1. Calling the `Actor::Actor(Simulator*, std::string)` constructor to establish
+ the name of the object and the simulator it is associated with.
+2. Calling `Schedule(QuicTime)` to schedule the time at which `Act()` method is
+ called. `Schedule` will only cause the object to be rescheduled if the time
+ for which it is currently scheduled is later than the new time.
+3. Implementing `Act()` method with the relevant logic. The actor will be
+ removed from the event queue right before `Act()` is called.
+
+Here is a simple example of an object that outputs simulation time into the log
+every 100 ms.
+
+```c++
+class LogClock : public Actor {
+ public:
+ LogClock(Simulator* simulator, std::string name) : Actor(simulator, name) {
+ Schedule(clock_->Now());
+ }
+ ~LogClock() override {}
+
+ void Act() override {
+ QUIC_LOG(INFO) << "The current time is "
+ << clock_->Now().ToDebuggingValue();
+ Schedule(clock_->Now() + QuicTime::Delta::FromMilliseconds(100));
+ }
+};
+```
+
+A QuicAlarm object can be used to schedule events in the simulation using
+`Simulator::GetAlarmFactory()`.
+
+## Ports
+
+The simulated network transfers packets, which are modelled as an instance of
+struct `Packet`. A packet consists of source and destination address (which are
+just plain strings), a transmission timestamp and the UDP-layer payload.
+
+The simulation uses the push model: any object that wishes to transfer a packet
+to another component in the simulation has to explicitly do it itself. Any
+object that can accept a packet is called a *port*. There are two types of
+ports: unconstrained ports, which can always accept packets, and constrained
+ports, which signal when they can accept a new packet.
+
+An endpoint is an object that is connected to the network and can both receive
+and send packets. In our model, the endpoint always receives packets as an
+unconstrained port (*RX port*), and always writes packets to a constrained port
+(*TX port*).
+
+## Links
+
+The `SymmetricLink` class models a symmetric duplex links with finite bandwidth
+and propagation delay. It consists of a pair of identical `OneWayLink`s, which
+accept packets as a constrained port (where constrain comes from the finiteness
+of bandwidth) and outputs them into an unconstrained port. Two endpoints
+connected via a `SymmetricLink` look like this:
+
+```none
+ Endpoint A Endpoint B
++-----------+ SymmetricLink +-----------+
+| | +------------------------------+ | |
+| +---------+ | +------------------------+ | +---------+ |
+| | RX port <-----| OneWayLink *<-----| TX port | |
+| +---------+ | +------------------------+ | +---------+ |
+| | | | | |
+| +---------+ | +------------------------+ | +---------+ |
+| | TX port |----->* OneWayLink |-----> RX port | |
+| +---------+ | +------------------------+ | +---------+ |
+| | +------------------------------+ | |
++-----------+ +-----------+
+
+ ( -->* denotes constrained port)
+```
+
+In most common scenario, one of the endpoints is going to be a QUIC endpoint,
+and another is going to be a switch port.
+
+## Other objects
+
+Besides `SymmetricLink`, the simulator provides the following objects:
+
+* `Queue` allows to convert a constrained port into an unconstrained one by
+ buffering packets upon arrival. The queue has a finite size, and once the
+ queue is full, the packets are silently dropped.
+* `Switch` simulates a multi-port learning switch with a fixed queue for each
+ output port.
+* `QuicEndpoint` allows QuicConnection to be run over the simulated network.
+* `QuicEndpointMultiplexer` allows multiple connections to share the same
+ network endpoint.
