Update QUIC connection ID encryption library to reflect draft-ietf-quic-load-balancers-14.
Library not currently leveraged by production code.
PiperOrigin-RevId: 460538010
diff --git a/quiche/quic/load_balancer/load_balancer_config.cc b/quiche/quic/load_balancer/load_balancer_config.cc
index 56669e0..46a0f68 100644
--- a/quiche/quic/load_balancer/load_balancer_config.cc
+++ b/quiche/quic/load_balancer/load_balancer_config.cc
@@ -62,7 +62,8 @@
if (plaintext_len % 2) {
to[half] = from[half] & 0xf0;
}
- to[kLoadBalancerBlockSize - 1] = index;
+ to[kLoadBalancerBlockSize - 1] = plaintext_len + 1;
+ to[kLoadBalancerBlockSize - 2] = index;
}
void TakePlaintextFromRight(uint8_t *to, uint8_t *from, uint8_t plaintext_len,
@@ -75,7 +76,8 @@
if (plaintext_len % 2) {
to[write_point - 1] = from[read_point - 1] & 0x0f;
}
- to[0] = index;
+ to[0] = plaintext_len + 1;
+ to[1] = index;
}
// CiphertextXorWith{Left,Right}() takes the relevant end of the ciphertext in
diff --git a/quiche/quic/load_balancer/load_balancer_config_test.cc b/quiche/quic/load_balancer/load_balancer_config_test.cc
index f59a3be..c93f1e4 100644
--- a/quiche/quic/load_balancer/load_balancer_config_test.cc
+++ b/quiche/quic/load_balancer/load_balancer_config_test.cc
@@ -85,7 +85,7 @@
}
// Compare EncryptionPass() results to the example in
-// draft-ietf-quic-load-balancers-12, Section 5.3.2.
+// draft-ietf-quic-load-balancers-14, Section 4.3.2.
TEST_F(LoadBalancerConfigTest, TestEncryptionPassExample) {
auto config =
LoadBalancerConfig::Create(0, 3, 4, absl::string_view(raw_key, 16));
@@ -98,16 +98,16 @@
EXPECT_FALSE(config->EncryptionPass(absl::Span<uint8_t>(bytes.data(), 6), 0));
EXPECT_TRUE(config->EncryptionPass(absl::Span<uint8_t>(bytes), 1));
EXPECT_TRUE((bytes == std::array<uint8_t, 7>(
- {0x31, 0x44, 0x1a, 0x9d, 0xbc, 0x04, 0x26})));
+ {0x31, 0x44, 0x1a, 0x92, 0x52, 0xaa, 0xef})));
EXPECT_TRUE(config->EncryptionPass(absl::Span<uint8_t>(bytes), 2));
EXPECT_TRUE((bytes == std::array<uint8_t, 7>(
- {0x4f, 0xdd, 0x0c, 0x9d, 0xbc, 0x04, 0x26})));
+ {0xe6, 0xa1, 0x3a, 0xb2, 0x52, 0xaa, 0xef})));
EXPECT_TRUE(config->EncryptionPass(absl::Span<uint8_t>(bytes), 3));
EXPECT_TRUE((bytes == std::array<uint8_t, 7>(
- {0x4f, 0xdd, 0x0c, 0x9b, 0xba, 0x1e, 0xe0})));
+ {0xe6, 0xa1, 0x3a, 0xbc, 0xe1, 0xe0, 0xd2})));
EXPECT_TRUE(config->EncryptionPass(absl::Span<uint8_t>(bytes), 4));
EXPECT_TRUE((bytes == std::array<uint8_t, 7>(
- {0xe2, 0x3c, 0xb4, 0x2b, 0xba, 0x1e, 0xe0})));
+ {0x32, 0xc3, 0x63, 0xfc, 0xe1, 0xe0, 0xd2})));
}
TEST_F(LoadBalancerConfigTest, EncryptionPassPlaintext) {
@@ -133,7 +133,7 @@
}
// Block decrypt test from the Test Vector in
-// draft-ietf-quic-load-balancers-12, Appendix B.
+// draft-ietf-quic-load-balancers-14, Appendix B.
TEST_F(LoadBalancerConfigTest, BlockEncryptionExample) {
const uint8_t ptext[] = {0xed, 0x79, 0x3a, 0x51, 0xd4, 0x9b, 0x8f, 0x5f,
0xee, 0x08, 0x0d, 0xbf, 0x48, 0xc0, 0xd1, 0xe5};
diff --git a/quiche/quic/load_balancer/load_balancer_decoder_test.cc b/quiche/quic/load_balancer/load_balancer_decoder_test.cc
index e38fc0c..ee1feac 100644
--- a/quiche/quic/load_balancer/load_balancer_decoder_test.cc
+++ b/quiche/quic/load_balancer/load_balancer_decoder_test.cc
@@ -57,7 +57,7 @@
}
}
-// Compare test vectors from Appendix B of draft-ietf-quic-load-balancers-12.
+// Compare test vectors from Appendix B of draft-ietf-quic-load-balancers-14.
TEST_F(LoadBalancerDecoderTest, DecoderTestVectors) {
// Try (1) the "standard" CID length of 8
// (2) server_id_len > nonce_len, so there is a fourth decryption pass
@@ -66,13 +66,13 @@
const struct LoadBalancerDecoderTestCase test_vectors[4] = {
{
*LoadBalancerConfig::Create(0, 3, 4, kKey),
- QuicConnectionId({0x07, 0xfb, 0xfe, 0x05, 0xf7, 0x31, 0xb4, 0x25}),
+ QuicConnectionId({0x07, 0x27, 0xed, 0xaa, 0x37, 0xe7, 0xfa, 0xc8}),
MakeServerId(kServerId, 3),
},
{
*LoadBalancerConfig::Create(1, 10, 5, kKey),
- QuicConnectionId({0x4f, 0x01, 0x09, 0x56, 0xfb, 0x5c, 0x1d, 0x4d,
- 0x86, 0xe0, 0x10, 0x18, 0x3e, 0x0b, 0x7d, 0x1e}),
+ QuicConnectionId({0x4f, 0x22, 0x61, 0x4a, 0x97, 0xce, 0xee, 0x84,
+ 0x34, 0x1e, 0xd7, 0xfb, 0xfe, 0xb1, 0xe6, 0xe2}),
MakeServerId(kServerId, 10),
},
{
@@ -84,9 +84,9 @@
},
{
*LoadBalancerConfig::Create(0, 9, 9, kKey),
- QuicConnectionId({0x12, 0x7a, 0x28, 0x5a, 0x09, 0xf8, 0x52, 0x80,
- 0xf4, 0xfd, 0x6a, 0xbb, 0x43, 0x4a, 0x71, 0x59,
- 0xe4, 0xd3, 0xeb}),
+ QuicConnectionId({0x12, 0x5e, 0x3b, 0x00, 0xaa, 0x5f, 0xcf, 0xd1,
+ 0xa9, 0xa5, 0x81, 0x02, 0xa8, 0x9a, 0x19, 0xa1,
+ 0xe4, 0xa1, 0x0e}),
MakeServerId(kServerId, 9),
},
};
diff --git a/quiche/quic/load_balancer/load_balancer_encoder_test.cc b/quiche/quic/load_balancer/load_balancer_encoder_test.cc
index c267a2d..f1df860 100644
--- a/quiche/quic/load_balancer/load_balancer_encoder_test.cc
+++ b/quiche/quic/load_balancer/load_balancer_encoder_test.cc
@@ -157,22 +157,22 @@
struct LoadBalancerEncoderTestCase {
LoadBalancerConfig config;
- LoadBalancerServerId server_id;
QuicConnectionId connection_id;
+ LoadBalancerServerId server_id;
};
TEST_F(LoadBalancerEncoderTest, UnencryptedConnectionIdTestVectors) {
const struct LoadBalancerEncoderTestCase test_vectors[2] = {
{
*LoadBalancerConfig::CreateUnencrypted(0, 3, 4),
- MakeServerId(kServerId, 3),
QuicConnectionId({0x07, 0xed, 0x79, 0x3a, 0x80, 0x49, 0x71, 0x8a}),
+ MakeServerId(kServerId, 3),
},
{
*LoadBalancerConfig::CreateUnencrypted(1, 8, 5),
- MakeServerId(kServerId, 8),
QuicConnectionId({0x4d, 0xed, 0x79, 0x3a, 0x51, 0xd4, 0x9b, 0x8f,
0x5f, 0xee, 0x15, 0xda, 0x27, 0xc4}),
+ MakeServerId(kServerId, 8),
},
};
for (const auto &test : test_vectors) {
@@ -185,7 +185,7 @@
}
}
-// Follow example in draft-ietf-quic-load-balancers-12.
+// Follow example in draft-ietf-quic-load-balancers-14.
TEST_F(LoadBalancerEncoderTest, FollowSpecExample) {
const uint8_t config_id = 0, server_id_len = 3, nonce_len = 4;
const uint8_t raw_server_id[] = {
@@ -206,14 +206,14 @@
EXPECT_TRUE(encoder->UpdateConfig(
*config, *LoadBalancerServerId::Create(raw_server_id)));
EXPECT_TRUE(encoder->IsEncoding());
- const char raw_connection_id[] = {0x07, 0xe2, 0x3c, 0xb4,
- 0x2b, 0xba, 0x1e, 0xe0};
+ const char raw_connection_id[] = {0x07, 0x32, 0xc3, 0x63,
+ 0xfc, 0xe1, 0xe0, 0xd2};
auto expected =
QuicConnectionId(raw_connection_id, 1 + server_id_len + nonce_len);
EXPECT_EQ(encoder->GenerateConnectionId(), expected);
}
-// Compare test vectors from Appendix B of draft-ietf-quic-load-balancers-12.
+// Compare test vectors from Appendix B of draft-ietf-quic-load-balancers-14.
TEST_F(LoadBalancerEncoderTest, EncoderTestVectors) {
// Try (1) the "standard" ConnectionId length of 8
// (2) server_id_len > nonce_len, so there is a fourth decryption pass
@@ -222,28 +222,28 @@
const LoadBalancerEncoderTestCase test_vectors[4] = {
{
*LoadBalancerConfig::Create(0, 3, 4, kKey),
+ QuicConnectionId({0x07, 0x27, 0xed, 0xaa, 0x37, 0xe7, 0xfa, 0xc8}),
MakeServerId(kServerId, 3),
- QuicConnectionId({0x07, 0xfb, 0xfe, 0x05, 0xf7, 0x31, 0xb4, 0x25}),
},
{
*LoadBalancerConfig::Create(1, 10, 5, kKey),
+ QuicConnectionId({0x4f, 0x22, 0x61, 0x4a, 0x97, 0xce, 0xee, 0x84,
+ 0x34, 0x1e, 0xd7, 0xfb, 0xfe, 0xb1, 0xe6, 0xe2}),
MakeServerId(kServerId, 10),
- QuicConnectionId({0x4f, 0x01, 0x09, 0x56, 0xfb, 0x5c, 0x1d, 0x4d,
- 0x86, 0xe0, 0x10, 0x18, 0x3e, 0x0b, 0x7d, 0x1e}),
},
{
*LoadBalancerConfig::Create(2, 8, 8, kKey),
- MakeServerId(kServerId, 8),
QuicConnectionId({0x90, 0x4d, 0xd2, 0xd0, 0x5a, 0x7b, 0x0d, 0xe9,
0xb2, 0xb9, 0x90, 0x7a, 0xfb, 0x5e, 0xcf, 0x8c,
0xc3}),
+ MakeServerId(kServerId, 8),
},
{
*LoadBalancerConfig::Create(0, 9, 9, kKey),
+ QuicConnectionId({0x12, 0x5e, 0x3b, 0x00, 0xaa, 0x5f, 0xcf, 0xd1,
+ 0xa9, 0xa5, 0x81, 0x02, 0xa8, 0x9a, 0x19, 0xa1,
+ 0xe4, 0xa1, 0x0e}),
MakeServerId(kServerId, 9),
- QuicConnectionId({0x12, 0x7a, 0x28, 0x5a, 0x09, 0xf8, 0x52, 0x80,
- 0xf4, 0xfd, 0x6a, 0xbb, 0x43, 0x4a, 0x71, 0x59,
- 0xe4, 0xd3, 0xeb}),
},
};
for (const auto &test : test_vectors) {
@@ -268,7 +268,7 @@
LoadBalancerEncoderPeer::SetNumNoncesLeft(*encoder, 2);
EXPECT_EQ(encoder->num_nonces_left(), 2);
EXPECT_EQ(encoder->GenerateConnectionId(),
- QuicConnectionId({0x07, 0xba, 0x7f, 0x38, 0x2f, 0x5c, 0x22, 0x1d}));
+ QuicConnectionId({0x07, 0xf4, 0xeb, 0x21, 0xfb, 0x22, 0xa8, 0x40}));
EXPECT_EQ(encoder->num_nonces_left(), 1);
encoder->GenerateConnectionId();
EXPECT_EQ(encoder->IsEncoding(), false);
diff --git a/quiche/quic/load_balancer/load_balancer_server_id.h b/quiche/quic/load_balancer/load_balancer_server_id.h
index a3398a9..18fc40e 100644
--- a/quiche/quic/load_balancer/load_balancer_server_id.h
+++ b/quiche/quic/load_balancer/load_balancer_server_id.h
@@ -17,7 +17,7 @@
// LoadBalancerServerId is the globally understood identifier for a given pool
// member. It is unique to any given QUIC-LB configuration. See
-// draft-ietf-quic-load-balancers-12.
+// draft-ietf-quic-load-balancers.
// Note: this has nothing to do with QuicServerID. It's an unfortunate collision
// between an internal term for the destination identifiers for a particular
// deployment (QuicServerID) and the object of a load balancing decision