Remove post-quantum experiment signal extension.
The experiment has concluded, so we don't need this anymore. Change-Id: Id99722394d5d0525f536bddea5df6cde8bb44c94 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/38944 Reviewed-by: Steven Valdez <svaldez@google.com> Commit-Queue: David Benjamin <davidben@google.com>
This commit is contained in:
David Benjamin
CQ bot account: commit-bot@chromium.org
parent
35c1075e83
commit
e0d95adb24
@ -3058,19 +3058,6 @@ OPENSSL_EXPORT const char *SSL_get_psk_identity_hint(const SSL *ssl);
|
||||
OPENSSL_EXPORT const char *SSL_get_psk_identity(const SSL *ssl);
|
||||
|
||||
|
||||
// Post-quantum experiment signaling extension.
|
||||
//
|
||||
// *** EXPERIMENTAL ***
|
||||
//
|
||||
// In order to define a control group in an experiment of post-quantum key
|
||||
// agreements, clients and servers may send a non-IANA defined extension as a
|
||||
// signaling bit. These functions should not be used without explicit permission
|
||||
// from BoringSSL-team.
|
||||
|
||||
OPENSSL_EXPORT void SSL_CTX_enable_pq_experiment_signal(SSL_CTX *ctx);
|
||||
OPENSSL_EXPORT int SSL_pq_experiment_signal_seen(const SSL *ssl);
|
||||
|
||||
|
||||
// QUIC transport parameters.
|
||||
//
|
||||
// draft-ietf-quic-tls defines a new TLS extension quic_transport_parameters
|
||||
|
||||
@ -244,9 +244,6 @@ extern "C" {
|
||||
// This is not an IANA defined extension number
|
||||
#define TLSEXT_TYPE_channel_id 30032
|
||||
|
||||
// This is not an IANA defined extension number
|
||||
#define TLSEXT_TYPE_pq_experiment_signal 54538
|
||||
|
||||
// status request value from RFC 3546
|
||||
#define TLSEXT_STATUSTYPE_nothing (-1)
|
||||
#define TLSEXT_STATUSTYPE_ocsp 1
|
||||
|
||||
@ -2374,10 +2374,6 @@ struct SSL3_STATE {
|
||||
// token_binding_negotiated is set if Token Binding was negotiated.
|
||||
bool token_binding_negotiated : 1;
|
||||
|
||||
// pq_experimental_signal_seen is true if the peer was observed
|
||||
// sending/echoing the post-quantum experiment signal.
|
||||
bool pq_experiment_signal_seen : 1;
|
||||
|
||||
// alert_dispatch is true there is an alert in |send_alert| to be sent.
|
||||
bool alert_dispatch : 1;
|
||||
|
||||
@ -3317,11 +3313,6 @@ struct ssl_ctx_st {
|
||||
// If enable_early_data is true, early data can be sent and accepted.
|
||||
bool enable_early_data : 1;
|
||||
|
||||
// pq_experiment_signal indicates that an empty extension should be sent
|
||||
// (for clients) or echoed (for servers) to indicate participation in an
|
||||
// experiment of post-quantum key exchanges.
|
||||
bool pq_experiment_signal : 1;
|
||||
|
||||
private:
|
||||
~ssl_ctx_st();
|
||||
friend void SSL_CTX_free(SSL_CTX *);
|
||||
|
||||
@ -179,7 +179,6 @@ SSL3_STATE::SSL3_STATE()
|
||||
early_data_accepted(false),
|
||||
tls13_downgrade(false),
|
||||
token_binding_negotiated(false),
|
||||
pq_experiment_signal_seen(false),
|
||||
alert_dispatch(false),
|
||||
renegotiate_pending(false),
|
||||
used_hello_retry_request(false) {}
|
||||
|
||||
@ -569,8 +569,7 @@ ssl_ctx_st::ssl_ctx_st(const SSL_METHOD *ssl_method)
|
||||
false_start_allowed_without_alpn(false),
|
||||
ignore_tls13_downgrade(false),
|
||||
handoff(false),
|
||||
enable_early_data(false),
|
||||
pq_experiment_signal(false) {
|
||||
enable_early_data(false) {
|
||||
CRYPTO_MUTEX_init(&lock);
|
||||
CRYPTO_new_ex_data(&ex_data);
|
||||
}
|
||||
@ -1238,14 +1237,6 @@ int SSL_send_fatal_alert(SSL *ssl, uint8_t alert) {
|
||||
return ssl_send_alert_impl(ssl, SSL3_AL_FATAL, alert);
|
||||
}
|
||||
|
||||
void SSL_CTX_enable_pq_experiment_signal(SSL_CTX *ctx) {
|
||||
ctx->pq_experiment_signal = true;
|
||||
}
|
||||
|
||||
int SSL_pq_experiment_signal_seen(const SSL *ssl) {
|
||||
return ssl->s3->pq_experiment_signal_seen;
|
||||
}
|
||||
|
||||
int SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params,
|
||||
size_t params_len) {
|
||||
return ssl->config && ssl->config->quic_transport_params.CopyFrom(
|
||||
|
||||
@ -2855,66 +2855,6 @@ static bool cert_compression_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
||||
}
|
||||
|
||||
|
||||
// Post-quantum experiment signal
|
||||
//
|
||||
// This extension may be used in order to identify a control group for
|
||||
// experimenting with post-quantum key exchange algorithms.
|
||||
|
||||
static bool ext_pq_experiment_signal_add_clienthello(SSL_HANDSHAKE *hs,
|
||||
CBB *out) {
|
||||
if (hs->ssl->ctx->pq_experiment_signal &&
|
||||
(!CBB_add_u16(out, TLSEXT_TYPE_pq_experiment_signal) ||
|
||||
!CBB_add_u16(out, 0))) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
static bool ext_pq_experiment_signal_parse_serverhello(SSL_HANDSHAKE *hs,
|
||||
uint8_t *out_alert,
|
||||
CBS *contents) {
|
||||
if (contents == nullptr) {
|
||||
return true;
|
||||
}
|
||||
|
||||
if (!hs->ssl->ctx->pq_experiment_signal || CBS_len(contents) != 0) {
|
||||
return false;
|
||||
}
|
||||
|
||||
hs->ssl->s3->pq_experiment_signal_seen = true;
|
||||
return true;
|
||||
}
|
||||
|
||||
static bool ext_pq_experiment_signal_parse_clienthello(SSL_HANDSHAKE *hs,
|
||||
uint8_t *out_alert,
|
||||
CBS *contents) {
|
||||
if (contents == nullptr) {
|
||||
return true;
|
||||
}
|
||||
|
||||
if (CBS_len(contents) != 0) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (hs->ssl->ctx->pq_experiment_signal) {
|
||||
hs->ssl->s3->pq_experiment_signal_seen = true;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
static bool ext_pq_experiment_signal_add_serverhello(SSL_HANDSHAKE *hs,
|
||||
CBB *out) {
|
||||
if (hs->ssl->s3->pq_experiment_signal_seen &&
|
||||
(!CBB_add_u16(out, TLSEXT_TYPE_pq_experiment_signal) ||
|
||||
!CBB_add_u16(out, 0))) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
// kExtensions contains all the supported extensions.
|
||||
static const struct tls_extension kExtensions[] = {
|
||||
{
|
||||
@ -3103,14 +3043,6 @@ static const struct tls_extension kExtensions[] = {
|
||||
ext_delegated_credential_parse_clienthello,
|
||||
dont_add_serverhello,
|
||||
},
|
||||
{
|
||||
TLSEXT_TYPE_pq_experiment_signal,
|
||||
NULL,
|
||||
ext_pq_experiment_signal_add_clienthello,
|
||||
ext_pq_experiment_signal_parse_serverhello,
|
||||
ext_pq_experiment_signal_parse_clienthello,
|
||||
ext_pq_experiment_signal_add_serverhello,
|
||||
},
|
||||
};
|
||||
|
||||
#define kNumExtensions (sizeof(kExtensions) / sizeof(struct tls_extension))
|
||||
|
||||
@ -669,13 +669,6 @@ static bool CheckHandshakeProperties(SSL *ssl, bool is_resume,
|
||||
return false;
|
||||
}
|
||||
|
||||
if (config->expect_pq_experiment_signal !=
|
||||
!!SSL_pq_experiment_signal_seen(ssl)) {
|
||||
fprintf(stderr, "Got %sPQ experiment signal, but wanted opposite. \n",
|
||||
SSL_pq_experiment_signal_seen(ssl) ? "" : "no ");
|
||||
return false;
|
||||
}
|
||||
|
||||
if ((config->expect_hrr && !SSL_used_hello_retry_request(ssl)) ||
|
||||
(config->expect_no_hrr && SSL_used_hello_retry_request(ssl))) {
|
||||
fprintf(stderr, "Got %sHRR, but wanted opposite.\n",
|
||||
|
||||
@ -126,7 +126,6 @@ const (
|
||||
extensionQUICTransportParams uint16 = 0xffa5 // draft-ietf-quic-tls-13
|
||||
extensionChannelID uint16 = 30032 // not IANA assigned
|
||||
extensionDelegatedCredentials uint16 = 0xff02 // not IANA assigned
|
||||
extensionPQExperimentSignal uint16 = 54538
|
||||
)
|
||||
|
||||
// TLS signaling cipher suite values
|
||||
@ -500,11 +499,6 @@ type Config struct {
|
||||
|
||||
CertCompressionAlgs map[uint16]CertCompressionAlg
|
||||
|
||||
// PQExperimentSignal instructs a client to send a non-IANA defined extension
|
||||
// that signals participation in an experiment of post-quantum key exchange
|
||||
// methods.
|
||||
PQExperimentSignal bool
|
||||
|
||||
// Bugs specifies optional misbehaviour to be used for testing other
|
||||
// implementations.
|
||||
Bugs ProtocolBugs
|
||||
@ -1648,10 +1642,6 @@ type ProtocolBugs struct {
|
||||
// DisableDelegatedCredentials, if true, disables client support for delegated
|
||||
// credentials.
|
||||
DisableDelegatedCredentials bool
|
||||
|
||||
// ExpectPQExperimentSignal specifies whether or not the post-quantum
|
||||
// experiment signal should be received by a client or server.
|
||||
ExpectPQExperimentSignal bool
|
||||
}
|
||||
|
||||
func (c *Config) serverInit() {
|
||||
|
||||
@ -128,7 +128,6 @@ func (c *Conn) clientHandshake() error {
|
||||
omitExtensions: c.config.Bugs.OmitExtensions,
|
||||
emptyExtensions: c.config.Bugs.EmptyExtensions,
|
||||
delegatedCredentials: !c.config.Bugs.DisableDelegatedCredentials,
|
||||
pqExperimentSignal: c.config.PQExperimentSignal,
|
||||
}
|
||||
|
||||
if maxVersion >= VersionTLS13 {
|
||||
@ -1672,10 +1671,6 @@ func (hs *clientHandshakeState) processServerExtensions(serverExtensions *server
|
||||
c.quicTransportParams = serverExtensions.quicTransportParams
|
||||
}
|
||||
|
||||
if c.config.Bugs.ExpectPQExperimentSignal != serverExtensions.pqExperimentSignal {
|
||||
return fmt.Errorf("tls: PQ experiment signal presence (%t) was not what was expected", serverExtensions.pqExperimentSignal)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
|
||||
@ -298,7 +298,6 @@ type clientHelloMsg struct {
|
||||
pad int
|
||||
compressedCertAlgs []uint16
|
||||
delegatedCredentials bool
|
||||
pqExperimentSignal bool
|
||||
}
|
||||
|
||||
func (m *clientHelloMsg) equal(i interface{}) bool {
|
||||
@ -353,8 +352,7 @@ func (m *clientHelloMsg) equal(i interface{}) bool {
|
||||
m.emptyExtensions == m1.emptyExtensions &&
|
||||
m.pad == m1.pad &&
|
||||
eqUint16s(m.compressedCertAlgs, m1.compressedCertAlgs) &&
|
||||
m.delegatedCredentials == m1.delegatedCredentials &&
|
||||
m.pqExperimentSignal == m1.pqExperimentSignal
|
||||
m.delegatedCredentials == m1.delegatedCredentials
|
||||
}
|
||||
|
||||
func (m *clientHelloMsg) marshalKeyShares(bb *byteBuilder) {
|
||||
@ -600,10 +598,6 @@ func (m *clientHelloMsg) marshal() []byte {
|
||||
extensions.addU16(extensionDelegatedCredentials)
|
||||
extensions.addU16(0) // Length is always 0
|
||||
}
|
||||
if m.pqExperimentSignal {
|
||||
extensions.addU16(extensionPQExperimentSignal)
|
||||
extensions.addU16(0) // Length is always 0
|
||||
}
|
||||
|
||||
// The PSK extension must be last. See https://tools.ietf.org/html/rfc8446#section-4.2.11
|
||||
if len(m.pskIdentities) > 0 && !m.pskBinderFirst {
|
||||
@ -731,7 +725,6 @@ func (m *clientHelloMsg) unmarshal(data []byte) bool {
|
||||
m.extendedMasterSecret = false
|
||||
m.customExtension = ""
|
||||
m.delegatedCredentials = false
|
||||
m.pqExperimentSignal = false
|
||||
|
||||
if len(reader) == 0 {
|
||||
// ClientHello is optionally followed by extension data
|
||||
@ -967,11 +960,6 @@ func (m *clientHelloMsg) unmarshal(data []byte) bool {
|
||||
return false
|
||||
}
|
||||
m.delegatedCredentials = true
|
||||
case extensionPQExperimentSignal:
|
||||
if len(body) != 0 {
|
||||
return false
|
||||
}
|
||||
m.pqExperimentSignal = true
|
||||
}
|
||||
|
||||
if isGREASEValue(extension) {
|
||||
@ -1239,7 +1227,6 @@ type serverExtensions struct {
|
||||
supportedCurves []CurveID
|
||||
quicTransportParams []byte
|
||||
serverNameAck bool
|
||||
pqExperimentSignal bool
|
||||
}
|
||||
|
||||
func (m *serverExtensions) marshal(extensions *byteBuilder) {
|
||||
@ -1374,10 +1361,6 @@ func (m *serverExtensions) marshal(extensions *byteBuilder) {
|
||||
extensions.addU16(extensionServerName)
|
||||
extensions.addU16(0) // zero length
|
||||
}
|
||||
if m.pqExperimentSignal {
|
||||
extensions.addU16(extensionPQExperimentSignal)
|
||||
extensions.addU16(0) // zero length
|
||||
}
|
||||
}
|
||||
|
||||
func (m *serverExtensions) unmarshal(data byteReader, version uint16) bool {
|
||||
@ -1486,11 +1469,6 @@ func (m *serverExtensions) unmarshal(data byteReader, version uint16) bool {
|
||||
return false
|
||||
}
|
||||
m.hasEarlyData = true
|
||||
case extensionPQExperimentSignal:
|
||||
if len(body) != 0 {
|
||||
return false
|
||||
}
|
||||
m.pqExperimentSignal = true
|
||||
default:
|
||||
// Unknown extensions are illegal from the server.
|
||||
return false
|
||||
|
||||
@ -227,10 +227,6 @@ func (hs *serverHandshakeState) readClientHello() error {
|
||||
}
|
||||
}
|
||||
|
||||
if c.config.Bugs.ExpectPQExperimentSignal != hs.clientHello.pqExperimentSignal {
|
||||
return fmt.Errorf("tls: PQ experiment signal presence (%t) was not what was expected", hs.clientHello.pqExperimentSignal)
|
||||
}
|
||||
|
||||
c.clientVersion = hs.clientHello.vers
|
||||
|
||||
// Use the versions extension if supplied, otherwise use the legacy ClientHello version.
|
||||
@ -1450,7 +1446,6 @@ func (hs *serverHandshakeState) processClientExtensions(serverExtensions *server
|
||||
}
|
||||
|
||||
serverExtensions.serverNameAck = c.config.Bugs.SendServerNameAck
|
||||
serverExtensions.pqExperimentSignal = hs.clientHello.pqExperimentSignal
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
@ -15235,67 +15235,6 @@ func addDelegatedCredentialTests() {
|
||||
})
|
||||
}
|
||||
|
||||
func addPQExperimentSignalTests() {
|
||||
testCases = append(testCases, testCase{
|
||||
testType: serverTest,
|
||||
name: "PQExperimentSignal-Server-NoEchoIfNotConfigured",
|
||||
config: Config{
|
||||
MinVersion: VersionTLS13,
|
||||
MaxVersion: VersionTLS13,
|
||||
Bugs: ProtocolBugs{
|
||||
ExpectPQExperimentSignal: false,
|
||||
},
|
||||
PQExperimentSignal: true,
|
||||
},
|
||||
})
|
||||
|
||||
testCases = append(testCases, testCase{
|
||||
testType: serverTest,
|
||||
name: "PQExperimentSignal-Server-Echo",
|
||||
config: Config{
|
||||
MinVersion: VersionTLS13,
|
||||
MaxVersion: VersionTLS13,
|
||||
Bugs: ProtocolBugs{
|
||||
ExpectPQExperimentSignal: true,
|
||||
},
|
||||
PQExperimentSignal: true,
|
||||
},
|
||||
flags: []string{
|
||||
"-enable-pq-experiment-signal",
|
||||
"-expect-pq-experiment-signal",
|
||||
},
|
||||
})
|
||||
|
||||
testCases = append(testCases, testCase{
|
||||
testType: clientTest,
|
||||
name: "PQExperimentSignal-Client-NotDefault",
|
||||
config: Config{
|
||||
MinVersion: VersionTLS13,
|
||||
MaxVersion: VersionTLS13,
|
||||
Bugs: ProtocolBugs{
|
||||
ExpectPQExperimentSignal: false,
|
||||
},
|
||||
PQExperimentSignal: true,
|
||||
},
|
||||
})
|
||||
|
||||
testCases = append(testCases, testCase{
|
||||
testType: clientTest,
|
||||
name: "PQExperimentSignal-Client",
|
||||
config: Config{
|
||||
MinVersion: VersionTLS13,
|
||||
MaxVersion: VersionTLS13,
|
||||
Bugs: ProtocolBugs{
|
||||
ExpectPQExperimentSignal: true,
|
||||
},
|
||||
},
|
||||
flags: []string{
|
||||
"-enable-pq-experiment-signal",
|
||||
"-expect-pq-experiment-signal",
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
func worker(statusChan chan statusMsg, c chan *testCase, shimPath string, wg *sync.WaitGroup) {
|
||||
defer wg.Done()
|
||||
|
||||
@ -15433,7 +15372,6 @@ func main() {
|
||||
addCertCompressionTests()
|
||||
addJDK11WorkaroundTests()
|
||||
addDelegatedCredentialTests()
|
||||
addPQExperimentSignalTests()
|
||||
|
||||
testCases = append(testCases, convertToSplitHandshakeTests(testCases)...)
|
||||
|
||||
|
||||
@ -151,8 +151,6 @@ const Flag<bool> kBoolFlags[] = {
|
||||
{"-key-update", &TestConfig::key_update},
|
||||
{"-expect-delegated-credential-used",
|
||||
&TestConfig::expect_delegated_credential_used},
|
||||
{"-enable-pq-experiment-signal", &TestConfig::enable_pq_experiment_signal},
|
||||
{"-expect-pq-experiment-signal", &TestConfig::expect_pq_experiment_signal},
|
||||
{"-expect-hrr", &TestConfig::expect_hrr},
|
||||
{"-expect-no-hrr", &TestConfig::expect_no_hrr},
|
||||
};
|
||||
@ -1322,10 +1320,6 @@ bssl::UniquePtr<SSL_CTX> TestConfig::SetupCtx(SSL_CTX *old_ctx) const {
|
||||
SSL_CTX_set_options(ssl_ctx.get(), SSL_OP_CIPHER_SERVER_PREFERENCE);
|
||||
}
|
||||
|
||||
if (enable_pq_experiment_signal) {
|
||||
SSL_CTX_enable_pq_experiment_signal(ssl_ctx.get());
|
||||
}
|
||||
|
||||
return ssl_ctx;
|
||||
}
|
||||
|
||||
|
||||
@ -176,8 +176,6 @@ struct TestConfig {
|
||||
bool expect_delegated_credential_used = false;
|
||||
std::string delegated_credential;
|
||||
std::string expect_early_data_reason;
|
||||
bool enable_pq_experiment_signal = false;
|
||||
bool expect_pq_experiment_signal = false;
|
||||
bool expect_hrr = false;
|
||||
bool expect_no_hrr = false;
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user