diff options
122 files changed, 267 insertions, 22100 deletions
@@ -1326,8 +1326,6 @@ grpc_cc_library( "src/core/lib/security/credentials/oauth2/oauth2_credentials.cc", "src/core/lib/security/credentials/plugin/plugin_credentials.cc", "src/core/lib/security/credentials/ssl/ssl_credentials.cc", - "src/core/lib/security/credentials/alts/alts_credentials.cc", - "src/core/lib/security/security_connector/alts_security_connector.cc", "src/core/lib/security/security_connector/security_connector.cc", "src/core/lib/security/transport/client_auth_filter.cc", "src/core/lib/security/transport/secure_endpoint.cc", @@ -1351,8 +1349,6 @@ grpc_cc_library( "src/core/lib/security/credentials/oauth2/oauth2_credentials.h", "src/core/lib/security/credentials/plugin/plugin_credentials.h", "src/core/lib/security/credentials/ssl/ssl_credentials.h", - "src/core/lib/security/credentials/alts/alts_credentials.h", - "src/core/lib/security/security_connector/alts_security_connector.h", "src/core/lib/security/security_connector/security_connector.h", "src/core/lib/security/transport/auth_filters.h", "src/core/lib/security/transport/secure_endpoint.h", @@ -1364,7 +1360,6 @@ grpc_cc_library( language = "c++", public_hdrs = GRPC_SECURE_PUBLIC_HDRS, deps = [ - "alts_util", "grpc_base", "grpc_transport_chttp2_alpn", "tsi", @@ -1588,118 +1583,15 @@ grpc_cc_library( ) grpc_cc_library( - name = "alts_frame_protector", - srcs = [ - "src/core/tsi/alts/crypt/aes_gcm.cc", - "src/core/tsi/alts/crypt/gsec.cc", - "src/core/tsi/alts/frame_protector/alts_counter.cc", - "src/core/tsi/alts/frame_protector/alts_crypter.cc", - "src/core/tsi/alts/frame_protector/alts_frame_protector.cc", - "src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc", - "src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc", - "src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc", - "src/core/tsi/alts/frame_protector/frame_handler.cc", - "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc", - "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc", - "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc", - "src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc", - "src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc", - ], - hdrs = [ - "src/core/tsi/alts/crypt/gsec.h", - "src/core/tsi/alts/frame_protector/alts_counter.h", - "src/core/tsi/alts/frame_protector/alts_crypter.h", - "src/core/tsi/alts/frame_protector/alts_frame_protector.h", - "src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h", - "src/core/tsi/alts/frame_protector/frame_handler.h", - "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h", - "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h", - "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h", - "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h", - "src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h", - "src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h", - "src/core/tsi/transport_security_grpc.h", - ], - external_deps = [ - "libssl", - ], - language = "c++", - deps = [ - "gpr", - "grpc_base", - "tsi_interface", - ], -) - -grpc_cc_library( - name = "alts_proto", - srcs = [ - "src/core/tsi/alts/handshaker/altscontext.pb.c", - "src/core/tsi/alts/handshaker/handshaker.pb.c", - "src/core/tsi/alts/handshaker/transport_security_common.pb.c", - ], - hdrs = [ - "src/core/tsi/alts/handshaker/altscontext.pb.h", - "src/core/tsi/alts/handshaker/handshaker.pb.h", - "src/core/tsi/alts/handshaker/transport_security_common.pb.h", - ], - external_deps = [ - "nanopb", - ], - language = "c++", -) - -grpc_cc_library( - name = "alts_util", - srcs = [ - "src/core/lib/security/credentials/alts/check_gcp_environment.cc", - "src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc", - "src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc", - "src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc", - "src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc", - "src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc", - "src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc", - "src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc", - "src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc", - "src/core/tsi/alts/handshaker/transport_security_common_api.cc", - ], - hdrs = [ - "src/core/lib/security/credentials/alts/check_gcp_environment.h", - "src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h", - "src/core/tsi/alts/handshaker/alts_handshaker_service_api.h", - "src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h", - "src/core/tsi/alts/handshaker/transport_security_common_api.h", - ], - external_deps = [ - "nanopb", - ], - language = "c++", - deps = [ - "alts_proto", - "gpr", - "grpc_base", - ], -) - -grpc_cc_library( name = "tsi", srcs = [ "src/core/tsi/alts_transport_security.cc", - "src/core/tsi/alts/handshaker/alts_handshaker_client.cc", - "src/core/tsi/alts/handshaker/alts_tsi_event.cc", - "src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc", - "src/core/tsi/alts/handshaker/alts_tsi_utils.cc", "src/core/tsi/fake_transport_security.cc", "src/core/tsi/ssl_transport_security.cc", "src/core/tsi/transport_security_grpc.cc", ], hdrs = [ "src/core/tsi/alts_transport_security.h", - "src/core/tsi/alts/handshaker/alts_handshaker_client.h", - "src/core/tsi/alts/handshaker/alts_tsi_event.h", - "src/core/tsi/alts/handshaker/alts_tsi_handshaker.h", - "src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h", - "src/core/tsi/alts/handshaker/alts_tsi_utils.h", "src/core/tsi/fake_transport_security.h", "src/core/tsi/ssl_transport_security.h", "src/core/tsi/ssl_types.h", @@ -1710,11 +1602,7 @@ grpc_cc_library( ], language = "c++", deps = [ - "alts_frame_protector", - "alts_util", - "gpr", "grpc_base", - "grpc_transport_chttp2_client_insecure", "tsi_interface", ], ) diff --git a/CMakeLists.txt b/CMakeLists.txt index 5dfbdcb85a..ab4fa8a253 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -91,8 +91,6 @@ endif() set(CMAKE_POSITION_INDEPENDENT_CODE TRUE) -add_definitions(-DPB_FIELD_16BIT) - if (MSVC) include(cmake/msvc_static_runtime.cmake) add_definitions(-D_WIN32_WINNT=0x600 -D_SCL_SECURE_NO_WARNINGS -D_CRT_SECURE_NO_WARNINGS -D_WINSOCK_DEPRECATED_NO_WARNINGS) @@ -471,19 +469,6 @@ add_dependencies(buildtests_c uri_fuzzer_test_one_entry) add_custom_target(buildtests_cxx) add_dependencies(buildtests_cxx alarm_test) -add_dependencies(buildtests_cxx alts_counter_test) -add_dependencies(buildtests_cxx alts_crypt_test) -add_dependencies(buildtests_cxx alts_crypter_test) -add_dependencies(buildtests_cxx alts_frame_handler_test) -add_dependencies(buildtests_cxx alts_frame_protector_test) -add_dependencies(buildtests_cxx alts_grpc_record_protocol_test) -add_dependencies(buildtests_cxx alts_handshaker_client_test) -add_dependencies(buildtests_cxx alts_handshaker_service_api_test) -add_dependencies(buildtests_cxx alts_iovec_record_protocol_test) -add_dependencies(buildtests_cxx alts_security_connector_test) -add_dependencies(buildtests_cxx alts_tsi_handshaker_test) -add_dependencies(buildtests_cxx alts_tsi_utils_test) -add_dependencies(buildtests_cxx alts_zero_copy_grpc_protector_test) add_dependencies(buildtests_cxx async_end2end_test) add_dependencies(buildtests_cxx auth_property_iterator_test) add_dependencies(buildtests_cxx backoff_test) @@ -532,8 +517,6 @@ add_dependencies(buildtests_cxx bm_pollset) endif() add_dependencies(buildtests_cxx channel_arguments_test) add_dependencies(buildtests_cxx channel_filter_test) -add_dependencies(buildtests_cxx check_gcp_environment_linux_test) -add_dependencies(buildtests_cxx check_gcp_environment_windows_test) add_dependencies(buildtests_cxx chttp2_settings_timeout_test) add_dependencies(buildtests_cxx cli_call_test) add_dependencies(buildtests_cxx client_channel_stress_test) @@ -555,7 +538,6 @@ add_dependencies(buildtests_cxx exception_test) add_dependencies(buildtests_cxx filter_end2end_test) add_dependencies(buildtests_cxx generic_end2end_test) add_dependencies(buildtests_cxx golden_file_test) -add_dependencies(buildtests_cxx grpc_alts_credentials_options_test) add_dependencies(buildtests_cxx grpc_cli) add_dependencies(buildtests_cxx grpc_tool_test) add_dependencies(buildtests_cxx grpclb_api_test) @@ -629,7 +611,6 @@ add_dependencies(buildtests_cxx stress_test) add_dependencies(buildtests_cxx thread_manager_test) add_dependencies(buildtests_cxx thread_stress_test) add_dependencies(buildtests_cxx transport_pid_controller_test) -add_dependencies(buildtests_cxx transport_security_common_api_test) if(_gRPC_PLATFORM_LINUX OR _gRPC_PLATFORM_MAC OR _gRPC_PLATFORM_POSIX) add_dependencies(buildtests_cxx writes_per_rpc_test) endif() @@ -650,44 +631,6 @@ add_custom_target(buildtests DEPENDS buildtests_c buildtests_cxx) endif (gRPC_BUILD_TESTS) -if (gRPC_BUILD_TESTS) - -add_library(alts_test_util - test/core/tsi/alts/crypt/gsec_test_util.cc - test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.cc -) - -if(WIN32 AND MSVC) - set_target_properties(alts_test_util PROPERTIES COMPILE_PDB_NAME "alts_test_util" - COMPILE_PDB_OUTPUT_DIRECTORY "${CMAKE_BINARY_DIR}" - ) - if (gRPC_INSTALL) - install(FILES ${CMAKE_CURRENT_BINARY_DIR}/alts_test_util.pdb - DESTINATION ${gRPC_INSTALL_LIBDIR} OPTIONAL - ) - endif() -endif() - - -target_include_directories(alts_test_util - PUBLIC $<INSTALL_INTERFACE:${gRPC_INSTALL_INCLUDEDIR}> $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/include> - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR} - PRIVATE ${_gRPC_SSL_INCLUDE_DIR} - PRIVATE ${_gRPC_PROTOBUF_INCLUDE_DIR} - PRIVATE ${_gRPC_ZLIB_INCLUDE_DIR} - PRIVATE ${_gRPC_BENCHMARK_INCLUDE_DIR} - PRIVATE ${_gRPC_CARES_INCLUDE_DIR} - PRIVATE ${_gRPC_GFLAGS_INCLUDE_DIR} -) - -target_link_libraries(alts_test_util - ${_gRPC_SSL_LIBRARIES} - ${_gRPC_ALLTARGETS_LIBRARIES} - grpc -) - - -endif (gRPC_BUILD_TESTS) add_library(gpr src/core/lib/gpr/alloc.cc @@ -1016,7 +959,6 @@ add_library(grpc src/core/ext/filters/http/server/http_server_filter.cc src/core/lib/http/httpcli_security_connector.cc src/core/lib/security/context/security_context.cc - src/core/lib/security/credentials/alts/alts_credentials.cc src/core/lib/security/credentials/composite/composite_credentials.cc src/core/lib/security/credentials/credentials.cc src/core/lib/security/credentials/credentials_metadata.cc @@ -1030,7 +972,6 @@ add_library(grpc src/core/lib/security/credentials/oauth2/oauth2_credentials.cc src/core/lib/security/credentials/plugin/plugin_credentials.cc src/core/lib/security/credentials/ssl/ssl_credentials.cc - src/core/lib/security/security_connector/alts_security_connector.cc src/core/lib/security/security_connector/security_connector.cc src/core/lib/security/transport/client_auth_filter.cc src/core/lib/security/transport/secure_endpoint.cc @@ -1040,45 +981,14 @@ add_library(grpc src/core/lib/security/transport/tsi_error.cc src/core/lib/security/util/json_util.cc src/core/lib/surface/init_secure.cc - src/core/tsi/alts/crypt/aes_gcm.cc - src/core/tsi/alts/crypt/gsec.cc - src/core/tsi/alts/frame_protector/alts_counter.cc - src/core/tsi/alts/frame_protector/alts_crypter.cc - src/core/tsi/alts/frame_protector/alts_frame_protector.cc - src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc - src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc - src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc - src/core/tsi/alts/frame_protector/frame_handler.cc - src/core/tsi/alts/handshaker/alts_handshaker_client.cc - src/core/tsi/alts/handshaker/alts_tsi_event.cc - src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc - src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc - src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc - src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc - src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc - src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc - src/core/lib/security/credentials/alts/check_gcp_environment.cc - src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc - src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc - src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc - src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc - src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc - src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc - src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc - src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc - src/core/tsi/alts/handshaker/alts_tsi_utils.cc - src/core/tsi/alts/handshaker/transport_security_common_api.cc - src/core/tsi/alts/handshaker/altscontext.pb.c - src/core/tsi/alts/handshaker/handshaker.pb.c - src/core/tsi/alts/handshaker/transport_security_common.pb.c - third_party/nanopb/pb_common.c - third_party/nanopb/pb_decode.c - third_party/nanopb/pb_encode.c + src/core/tsi/alts_transport_security.cc + src/core/tsi/fake_transport_security.cc + src/core/tsi/ssl_transport_security.cc + src/core/tsi/transport_security_grpc.cc src/core/tsi/transport_security.cc src/core/tsi/transport_security_adapter.cc - src/core/ext/transport/chttp2/client/insecure/channel_create.cc - src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc - src/core/ext/transport/chttp2/client/chttp2_connector.cc + src/core/ext/transport/chttp2/server/chttp2_server.cc + src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc src/core/ext/filters/client_channel/backup_poller.cc src/core/ext/filters/client_channel/channel_connectivity.cc src/core/ext/filters/client_channel/client_channel.cc @@ -1102,14 +1012,11 @@ add_library(grpc src/core/ext/filters/client_channel/subchannel_index.cc src/core/ext/filters/client_channel/uri_parser.cc src/core/ext/filters/deadline/deadline_filter.cc - src/core/tsi/alts_transport_security.cc - src/core/tsi/fake_transport_security.cc - src/core/tsi/ssl_transport_security.cc - src/core/tsi/transport_security_grpc.cc - src/core/ext/transport/chttp2/server/chttp2_server.cc - src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc + src/core/ext/transport/chttp2/client/chttp2_connector.cc src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc + src/core/ext/transport/chttp2/client/insecure/channel_create.cc + src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc src/core/ext/transport/inproc/inproc_plugin.cc src/core/ext/transport/inproc/inproc_transport.cc src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc @@ -1118,6 +1025,9 @@ add_library(grpc src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c + third_party/nanopb/pb_common.c + third_party/nanopb/pb_decode.c + third_party/nanopb/pb_encode.c src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc src/core/ext/filters/client_channel/lb_policy/subchannel_list.cc @@ -1417,7 +1327,6 @@ add_library(grpc_cronet src/core/ext/filters/deadline/deadline_filter.cc src/core/lib/http/httpcli_security_connector.cc src/core/lib/security/context/security_context.cc - src/core/lib/security/credentials/alts/alts_credentials.cc src/core/lib/security/credentials/composite/composite_credentials.cc src/core/lib/security/credentials/credentials.cc src/core/lib/security/credentials/credentials_metadata.cc @@ -1431,7 +1340,6 @@ add_library(grpc_cronet src/core/lib/security/credentials/oauth2/oauth2_credentials.cc src/core/lib/security/credentials/plugin/plugin_credentials.cc src/core/lib/security/credentials/ssl/ssl_credentials.cc - src/core/lib/security/security_connector/alts_security_connector.cc src/core/lib/security/security_connector/security_connector.cc src/core/lib/security/transport/client_auth_filter.cc src/core/lib/security/transport/secure_endpoint.cc @@ -1441,49 +1349,13 @@ add_library(grpc_cronet src/core/lib/security/transport/tsi_error.cc src/core/lib/security/util/json_util.cc src/core/lib/surface/init_secure.cc - src/core/tsi/alts/crypt/aes_gcm.cc - src/core/tsi/alts/crypt/gsec.cc - src/core/tsi/alts/frame_protector/alts_counter.cc - src/core/tsi/alts/frame_protector/alts_crypter.cc - src/core/tsi/alts/frame_protector/alts_frame_protector.cc - src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc - src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc - src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc - src/core/tsi/alts/frame_protector/frame_handler.cc - src/core/tsi/alts/handshaker/alts_handshaker_client.cc - src/core/tsi/alts/handshaker/alts_tsi_event.cc - src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc - src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc - src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc - src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc - src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc - src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc - src/core/lib/security/credentials/alts/check_gcp_environment.cc - src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc - src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc - src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc - src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc - src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc - src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc - src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc - src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc - src/core/tsi/alts/handshaker/alts_tsi_utils.cc - src/core/tsi/alts/handshaker/transport_security_common_api.cc - src/core/tsi/alts/handshaker/altscontext.pb.c - src/core/tsi/alts/handshaker/handshaker.pb.c - src/core/tsi/alts/handshaker/transport_security_common.pb.c - third_party/nanopb/pb_common.c - third_party/nanopb/pb_decode.c - third_party/nanopb/pb_encode.c - src/core/tsi/transport_security.cc - src/core/tsi/transport_security_adapter.cc - src/core/ext/transport/chttp2/client/insecure/channel_create.cc - src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc - src/core/ext/transport/chttp2/client/chttp2_connector.cc src/core/tsi/alts_transport_security.cc src/core/tsi/fake_transport_security.cc src/core/tsi/ssl_transport_security.cc src/core/tsi/transport_security_grpc.cc + src/core/tsi/transport_security.cc + src/core/tsi/transport_security_adapter.cc + src/core/ext/transport/chttp2/client/chttp2_connector.cc src/core/ext/filters/load_reporting/server_load_reporting_filter.cc src/core/ext/filters/load_reporting/server_load_reporting_plugin.cc src/core/plugin_registry/grpc_cronet_plugin_registry.cc @@ -8789,462 +8661,6 @@ target_link_libraries(alarm_test endif (gRPC_BUILD_TESTS) if (gRPC_BUILD_TESTS) -add_executable(alts_counter_test - test/core/tsi/alts/frame_protector/alts_counter_test.cc - third_party/googletest/googletest/src/gtest-all.cc - third_party/googletest/googlemock/src/gmock-all.cc -) - - -target_include_directories(alts_counter_test - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR} - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include - PRIVATE ${_gRPC_SSL_INCLUDE_DIR} - PRIVATE ${_gRPC_PROTOBUF_INCLUDE_DIR} - PRIVATE ${_gRPC_ZLIB_INCLUDE_DIR} - PRIVATE ${_gRPC_BENCHMARK_INCLUDE_DIR} - PRIVATE ${_gRPC_CARES_INCLUDE_DIR} - PRIVATE ${_gRPC_GFLAGS_INCLUDE_DIR} - PRIVATE third_party/googletest/googletest/include - PRIVATE third_party/googletest/googletest - PRIVATE third_party/googletest/googlemock/include - PRIVATE third_party/googletest/googlemock - PRIVATE ${_gRPC_PROTO_GENS_DIR} -) - -target_link_libraries(alts_counter_test - ${_gRPC_PROTOBUF_LIBRARIES} - ${_gRPC_ALLTARGETS_LIBRARIES} - alts_test_util - gpr - grpc - ${_gRPC_GFLAGS_LIBRARIES} -) - -endif (gRPC_BUILD_TESTS) -if (gRPC_BUILD_TESTS) - -add_executable(alts_crypt_test - test/core/tsi/alts/crypt/aes_gcm_test.cc - third_party/googletest/googletest/src/gtest-all.cc - third_party/googletest/googlemock/src/gmock-all.cc -) - - -target_include_directories(alts_crypt_test - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR} - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include - PRIVATE ${_gRPC_SSL_INCLUDE_DIR} - PRIVATE ${_gRPC_PROTOBUF_INCLUDE_DIR} - PRIVATE ${_gRPC_ZLIB_INCLUDE_DIR} - PRIVATE ${_gRPC_BENCHMARK_INCLUDE_DIR} - PRIVATE ${_gRPC_CARES_INCLUDE_DIR} - PRIVATE ${_gRPC_GFLAGS_INCLUDE_DIR} - PRIVATE third_party/googletest/googletest/include - PRIVATE third_party/googletest/googletest - PRIVATE third_party/googletest/googlemock/include - PRIVATE third_party/googletest/googlemock - PRIVATE ${_gRPC_PROTO_GENS_DIR} -) - -target_link_libraries(alts_crypt_test - ${_gRPC_PROTOBUF_LIBRARIES} - ${_gRPC_ALLTARGETS_LIBRARIES} - alts_test_util - gpr_test_util - gpr - grpc - ${_gRPC_GFLAGS_LIBRARIES} -) - -endif (gRPC_BUILD_TESTS) -if (gRPC_BUILD_TESTS) - -add_executable(alts_crypter_test - test/core/tsi/alts/frame_protector/alts_crypter_test.cc - third_party/googletest/googletest/src/gtest-all.cc - third_party/googletest/googlemock/src/gmock-all.cc -) - - -target_include_directories(alts_crypter_test - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR} - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include - PRIVATE ${_gRPC_SSL_INCLUDE_DIR} - PRIVATE ${_gRPC_PROTOBUF_INCLUDE_DIR} - PRIVATE ${_gRPC_ZLIB_INCLUDE_DIR} - PRIVATE ${_gRPC_BENCHMARK_INCLUDE_DIR} - PRIVATE ${_gRPC_CARES_INCLUDE_DIR} - PRIVATE ${_gRPC_GFLAGS_INCLUDE_DIR} - PRIVATE third_party/googletest/googletest/include - PRIVATE third_party/googletest/googletest - PRIVATE third_party/googletest/googlemock/include - PRIVATE third_party/googletest/googlemock - PRIVATE ${_gRPC_PROTO_GENS_DIR} -) - -target_link_libraries(alts_crypter_test - ${_gRPC_PROTOBUF_LIBRARIES} - ${_gRPC_ALLTARGETS_LIBRARIES} - alts_test_util - gpr - grpc - ${_gRPC_GFLAGS_LIBRARIES} -) - -endif (gRPC_BUILD_TESTS) -if (gRPC_BUILD_TESTS) - -add_executable(alts_frame_handler_test - test/core/tsi/alts/frame_protector/frame_handler_test.cc - third_party/googletest/googletest/src/gtest-all.cc - third_party/googletest/googlemock/src/gmock-all.cc -) - - -target_include_directories(alts_frame_handler_test - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR} - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include - PRIVATE ${_gRPC_SSL_INCLUDE_DIR} - PRIVATE ${_gRPC_PROTOBUF_INCLUDE_DIR} - PRIVATE ${_gRPC_ZLIB_INCLUDE_DIR} - PRIVATE ${_gRPC_BENCHMARK_INCLUDE_DIR} - PRIVATE ${_gRPC_CARES_INCLUDE_DIR} - PRIVATE ${_gRPC_GFLAGS_INCLUDE_DIR} - PRIVATE third_party/googletest/googletest/include - PRIVATE third_party/googletest/googletest - PRIVATE third_party/googletest/googlemock/include - PRIVATE third_party/googletest/googlemock - PRIVATE ${_gRPC_PROTO_GENS_DIR} -) - -target_link_libraries(alts_frame_handler_test - ${_gRPC_PROTOBUF_LIBRARIES} - ${_gRPC_ALLTARGETS_LIBRARIES} - alts_test_util - gpr - grpc - ${_gRPC_GFLAGS_LIBRARIES} -) - -endif (gRPC_BUILD_TESTS) -if (gRPC_BUILD_TESTS) - -add_executable(alts_frame_protector_test - test/core/tsi/alts/frame_protector/alts_frame_protector_test.cc - test/core/tsi/transport_security_test_lib.cc - third_party/googletest/googletest/src/gtest-all.cc - third_party/googletest/googlemock/src/gmock-all.cc -) - - -target_include_directories(alts_frame_protector_test - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR} - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include - PRIVATE ${_gRPC_SSL_INCLUDE_DIR} - PRIVATE ${_gRPC_PROTOBUF_INCLUDE_DIR} - PRIVATE ${_gRPC_ZLIB_INCLUDE_DIR} - PRIVATE ${_gRPC_BENCHMARK_INCLUDE_DIR} - PRIVATE ${_gRPC_CARES_INCLUDE_DIR} - PRIVATE ${_gRPC_GFLAGS_INCLUDE_DIR} - PRIVATE third_party/googletest/googletest/include - PRIVATE third_party/googletest/googletest - PRIVATE third_party/googletest/googlemock/include - PRIVATE third_party/googletest/googlemock - PRIVATE ${_gRPC_PROTO_GENS_DIR} -) - -target_link_libraries(alts_frame_protector_test - ${_gRPC_PROTOBUF_LIBRARIES} - ${_gRPC_ALLTARGETS_LIBRARIES} - alts_test_util - gpr - grpc - ${_gRPC_GFLAGS_LIBRARIES} -) - -endif (gRPC_BUILD_TESTS) -if (gRPC_BUILD_TESTS) - -add_executable(alts_grpc_record_protocol_test - test/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_test.cc - third_party/googletest/googletest/src/gtest-all.cc - third_party/googletest/googlemock/src/gmock-all.cc -) - - -target_include_directories(alts_grpc_record_protocol_test - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR} - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include - PRIVATE ${_gRPC_SSL_INCLUDE_DIR} - PRIVATE ${_gRPC_PROTOBUF_INCLUDE_DIR} - PRIVATE ${_gRPC_ZLIB_INCLUDE_DIR} - PRIVATE ${_gRPC_BENCHMARK_INCLUDE_DIR} - PRIVATE ${_gRPC_CARES_INCLUDE_DIR} - PRIVATE ${_gRPC_GFLAGS_INCLUDE_DIR} - PRIVATE third_party/googletest/googletest/include - PRIVATE third_party/googletest/googletest - PRIVATE third_party/googletest/googlemock/include - PRIVATE third_party/googletest/googlemock - PRIVATE ${_gRPC_PROTO_GENS_DIR} -) - -target_link_libraries(alts_grpc_record_protocol_test - ${_gRPC_PROTOBUF_LIBRARIES} - ${_gRPC_ALLTARGETS_LIBRARIES} - alts_test_util - gpr - grpc - ${_gRPC_GFLAGS_LIBRARIES} -) - -endif (gRPC_BUILD_TESTS) -if (gRPC_BUILD_TESTS) - -add_executable(alts_handshaker_client_test - test/core/tsi/alts/handshaker/alts_handshaker_client_test.cc - third_party/googletest/googletest/src/gtest-all.cc - third_party/googletest/googlemock/src/gmock-all.cc -) - - -target_include_directories(alts_handshaker_client_test - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR} - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include - PRIVATE ${_gRPC_SSL_INCLUDE_DIR} - PRIVATE ${_gRPC_PROTOBUF_INCLUDE_DIR} - PRIVATE ${_gRPC_ZLIB_INCLUDE_DIR} - PRIVATE ${_gRPC_BENCHMARK_INCLUDE_DIR} - PRIVATE ${_gRPC_CARES_INCLUDE_DIR} - PRIVATE ${_gRPC_GFLAGS_INCLUDE_DIR} - PRIVATE third_party/googletest/googletest/include - PRIVATE third_party/googletest/googletest - PRIVATE third_party/googletest/googlemock/include - PRIVATE third_party/googletest/googlemock - PRIVATE ${_gRPC_PROTO_GENS_DIR} -) - -target_link_libraries(alts_handshaker_client_test - ${_gRPC_PROTOBUF_LIBRARIES} - ${_gRPC_ALLTARGETS_LIBRARIES} - alts_test_util - gpr - grpc - ${_gRPC_GFLAGS_LIBRARIES} -) - -endif (gRPC_BUILD_TESTS) -if (gRPC_BUILD_TESTS) - -add_executable(alts_handshaker_service_api_test - test/core/tsi/alts/handshaker/alts_handshaker_service_api_test.cc - third_party/googletest/googletest/src/gtest-all.cc - third_party/googletest/googlemock/src/gmock-all.cc -) - - -target_include_directories(alts_handshaker_service_api_test - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR} - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include - PRIVATE ${_gRPC_SSL_INCLUDE_DIR} - PRIVATE ${_gRPC_PROTOBUF_INCLUDE_DIR} - PRIVATE ${_gRPC_ZLIB_INCLUDE_DIR} - PRIVATE ${_gRPC_BENCHMARK_INCLUDE_DIR} - PRIVATE ${_gRPC_CARES_INCLUDE_DIR} - PRIVATE ${_gRPC_GFLAGS_INCLUDE_DIR} - PRIVATE third_party/googletest/googletest/include - PRIVATE third_party/googletest/googletest - PRIVATE third_party/googletest/googlemock/include - PRIVATE third_party/googletest/googlemock - PRIVATE ${_gRPC_PROTO_GENS_DIR} -) - -target_link_libraries(alts_handshaker_service_api_test - ${_gRPC_PROTOBUF_LIBRARIES} - ${_gRPC_ALLTARGETS_LIBRARIES} - alts_test_util - gpr - grpc - ${_gRPC_GFLAGS_LIBRARIES} -) - -endif (gRPC_BUILD_TESTS) -if (gRPC_BUILD_TESTS) - -add_executable(alts_iovec_record_protocol_test - test/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol_test.cc - third_party/googletest/googletest/src/gtest-all.cc - third_party/googletest/googlemock/src/gmock-all.cc -) - - -target_include_directories(alts_iovec_record_protocol_test - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR} - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include - PRIVATE ${_gRPC_SSL_INCLUDE_DIR} - PRIVATE ${_gRPC_PROTOBUF_INCLUDE_DIR} - PRIVATE ${_gRPC_ZLIB_INCLUDE_DIR} - PRIVATE ${_gRPC_BENCHMARK_INCLUDE_DIR} - PRIVATE ${_gRPC_CARES_INCLUDE_DIR} - PRIVATE ${_gRPC_GFLAGS_INCLUDE_DIR} - PRIVATE third_party/googletest/googletest/include - PRIVATE third_party/googletest/googletest - PRIVATE third_party/googletest/googlemock/include - PRIVATE third_party/googletest/googlemock - PRIVATE ${_gRPC_PROTO_GENS_DIR} -) - -target_link_libraries(alts_iovec_record_protocol_test - ${_gRPC_PROTOBUF_LIBRARIES} - ${_gRPC_ALLTARGETS_LIBRARIES} - alts_test_util - gpr - grpc - ${_gRPC_GFLAGS_LIBRARIES} -) - -endif (gRPC_BUILD_TESTS) -if (gRPC_BUILD_TESTS) - -add_executable(alts_security_connector_test - test/core/security/alts_security_connector_test.cc - third_party/googletest/googletest/src/gtest-all.cc - third_party/googletest/googlemock/src/gmock-all.cc -) - - -target_include_directories(alts_security_connector_test - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR} - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include - PRIVATE ${_gRPC_SSL_INCLUDE_DIR} - PRIVATE ${_gRPC_PROTOBUF_INCLUDE_DIR} - PRIVATE ${_gRPC_ZLIB_INCLUDE_DIR} - PRIVATE ${_gRPC_BENCHMARK_INCLUDE_DIR} - PRIVATE ${_gRPC_CARES_INCLUDE_DIR} - PRIVATE ${_gRPC_GFLAGS_INCLUDE_DIR} - PRIVATE third_party/googletest/googletest/include - PRIVATE third_party/googletest/googletest - PRIVATE third_party/googletest/googlemock/include - PRIVATE third_party/googletest/googlemock - PRIVATE ${_gRPC_PROTO_GENS_DIR} -) - -target_link_libraries(alts_security_connector_test - ${_gRPC_PROTOBUF_LIBRARIES} - ${_gRPC_ALLTARGETS_LIBRARIES} - gpr - grpc - ${_gRPC_GFLAGS_LIBRARIES} -) - -endif (gRPC_BUILD_TESTS) -if (gRPC_BUILD_TESTS) - -add_executable(alts_tsi_handshaker_test - test/core/tsi/alts/handshaker/alts_tsi_handshaker_test.cc - third_party/googletest/googletest/src/gtest-all.cc - third_party/googletest/googlemock/src/gmock-all.cc -) - - -target_include_directories(alts_tsi_handshaker_test - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR} - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include - PRIVATE ${_gRPC_SSL_INCLUDE_DIR} - PRIVATE ${_gRPC_PROTOBUF_INCLUDE_DIR} - PRIVATE ${_gRPC_ZLIB_INCLUDE_DIR} - PRIVATE ${_gRPC_BENCHMARK_INCLUDE_DIR} - PRIVATE ${_gRPC_CARES_INCLUDE_DIR} - PRIVATE ${_gRPC_GFLAGS_INCLUDE_DIR} - PRIVATE third_party/googletest/googletest/include - PRIVATE third_party/googletest/googletest - PRIVATE third_party/googletest/googlemock/include - PRIVATE third_party/googletest/googlemock - PRIVATE ${_gRPC_PROTO_GENS_DIR} -) - -target_link_libraries(alts_tsi_handshaker_test - ${_gRPC_PROTOBUF_LIBRARIES} - ${_gRPC_ALLTARGETS_LIBRARIES} - alts_test_util - gpr - grpc - ${_gRPC_GFLAGS_LIBRARIES} -) - -endif (gRPC_BUILD_TESTS) -if (gRPC_BUILD_TESTS) - -add_executable(alts_tsi_utils_test - test/core/tsi/alts/handshaker/alts_tsi_utils_test.cc - third_party/googletest/googletest/src/gtest-all.cc - third_party/googletest/googlemock/src/gmock-all.cc -) - - -target_include_directories(alts_tsi_utils_test - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR} - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include - PRIVATE ${_gRPC_SSL_INCLUDE_DIR} - PRIVATE ${_gRPC_PROTOBUF_INCLUDE_DIR} - PRIVATE ${_gRPC_ZLIB_INCLUDE_DIR} - PRIVATE ${_gRPC_BENCHMARK_INCLUDE_DIR} - PRIVATE ${_gRPC_CARES_INCLUDE_DIR} - PRIVATE ${_gRPC_GFLAGS_INCLUDE_DIR} - PRIVATE third_party/googletest/googletest/include - PRIVATE third_party/googletest/googletest - PRIVATE third_party/googletest/googlemock/include - PRIVATE third_party/googletest/googlemock - PRIVATE ${_gRPC_PROTO_GENS_DIR} -) - -target_link_libraries(alts_tsi_utils_test - ${_gRPC_PROTOBUF_LIBRARIES} - ${_gRPC_ALLTARGETS_LIBRARIES} - alts_test_util - gpr - grpc - ${_gRPC_GFLAGS_LIBRARIES} -) - -endif (gRPC_BUILD_TESTS) -if (gRPC_BUILD_TESTS) - -add_executable(alts_zero_copy_grpc_protector_test - test/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector_test.cc - third_party/googletest/googletest/src/gtest-all.cc - third_party/googletest/googlemock/src/gmock-all.cc -) - - -target_include_directories(alts_zero_copy_grpc_protector_test - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR} - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include - PRIVATE ${_gRPC_SSL_INCLUDE_DIR} - PRIVATE ${_gRPC_PROTOBUF_INCLUDE_DIR} - PRIVATE ${_gRPC_ZLIB_INCLUDE_DIR} - PRIVATE ${_gRPC_BENCHMARK_INCLUDE_DIR} - PRIVATE ${_gRPC_CARES_INCLUDE_DIR} - PRIVATE ${_gRPC_GFLAGS_INCLUDE_DIR} - PRIVATE third_party/googletest/googletest/include - PRIVATE third_party/googletest/googletest - PRIVATE third_party/googletest/googlemock/include - PRIVATE third_party/googletest/googlemock - PRIVATE ${_gRPC_PROTO_GENS_DIR} -) - -target_link_libraries(alts_zero_copy_grpc_protector_test - ${_gRPC_PROTOBUF_LIBRARIES} - ${_gRPC_ALLTARGETS_LIBRARIES} - alts_test_util - gpr - grpc - ${_gRPC_GFLAGS_LIBRARIES} -) - -endif (gRPC_BUILD_TESTS) -if (gRPC_BUILD_TESTS) - add_executable(async_end2end_test test/cpp/end2end/async_end2end_test.cc third_party/googletest/googletest/src/gtest-all.cc @@ -10054,74 +9470,6 @@ target_link_libraries(channel_filter_test endif (gRPC_BUILD_TESTS) if (gRPC_BUILD_TESTS) -add_executable(check_gcp_environment_linux_test - test/core/security/check_gcp_environment_linux_test.cc - third_party/googletest/googletest/src/gtest-all.cc - third_party/googletest/googlemock/src/gmock-all.cc -) - - -target_include_directories(check_gcp_environment_linux_test - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR} - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include - PRIVATE ${_gRPC_SSL_INCLUDE_DIR} - PRIVATE ${_gRPC_PROTOBUF_INCLUDE_DIR} - PRIVATE ${_gRPC_ZLIB_INCLUDE_DIR} - PRIVATE ${_gRPC_BENCHMARK_INCLUDE_DIR} - PRIVATE ${_gRPC_CARES_INCLUDE_DIR} - PRIVATE ${_gRPC_GFLAGS_INCLUDE_DIR} - PRIVATE third_party/googletest/googletest/include - PRIVATE third_party/googletest/googletest - PRIVATE third_party/googletest/googlemock/include - PRIVATE third_party/googletest/googlemock - PRIVATE ${_gRPC_PROTO_GENS_DIR} -) - -target_link_libraries(check_gcp_environment_linux_test - ${_gRPC_PROTOBUF_LIBRARIES} - ${_gRPC_ALLTARGETS_LIBRARIES} - grpc - gpr - ${_gRPC_GFLAGS_LIBRARIES} -) - -endif (gRPC_BUILD_TESTS) -if (gRPC_BUILD_TESTS) - -add_executable(check_gcp_environment_windows_test - test/core/security/check_gcp_environment_windows_test.cc - third_party/googletest/googletest/src/gtest-all.cc - third_party/googletest/googlemock/src/gmock-all.cc -) - - -target_include_directories(check_gcp_environment_windows_test - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR} - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include - PRIVATE ${_gRPC_SSL_INCLUDE_DIR} - PRIVATE ${_gRPC_PROTOBUF_INCLUDE_DIR} - PRIVATE ${_gRPC_ZLIB_INCLUDE_DIR} - PRIVATE ${_gRPC_BENCHMARK_INCLUDE_DIR} - PRIVATE ${_gRPC_CARES_INCLUDE_DIR} - PRIVATE ${_gRPC_GFLAGS_INCLUDE_DIR} - PRIVATE third_party/googletest/googletest/include - PRIVATE third_party/googletest/googletest - PRIVATE third_party/googletest/googlemock/include - PRIVATE third_party/googletest/googlemock - PRIVATE ${_gRPC_PROTO_GENS_DIR} -) - -target_link_libraries(check_gcp_environment_windows_test - ${_gRPC_PROTOBUF_LIBRARIES} - ${_gRPC_ALLTARGETS_LIBRARIES} - grpc - gpr - ${_gRPC_GFLAGS_LIBRARIES} -) - -endif (gRPC_BUILD_TESTS) -if (gRPC_BUILD_TESTS) - add_executable(chttp2_settings_timeout_test test/core/transport/chttp2/settings_timeout_test.cc third_party/googletest/googletest/src/gtest-all.cc @@ -10915,40 +10263,6 @@ target_link_libraries(golden_file_test endif (gRPC_BUILD_TESTS) if (gRPC_BUILD_TESTS) -add_executable(grpc_alts_credentials_options_test - test/core/security/grpc_alts_credentials_options_test.cc - third_party/googletest/googletest/src/gtest-all.cc - third_party/googletest/googlemock/src/gmock-all.cc -) - - -target_include_directories(grpc_alts_credentials_options_test - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR} - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include - PRIVATE ${_gRPC_SSL_INCLUDE_DIR} - PRIVATE ${_gRPC_PROTOBUF_INCLUDE_DIR} - PRIVATE ${_gRPC_ZLIB_INCLUDE_DIR} - PRIVATE ${_gRPC_BENCHMARK_INCLUDE_DIR} - PRIVATE ${_gRPC_CARES_INCLUDE_DIR} - PRIVATE ${_gRPC_GFLAGS_INCLUDE_DIR} - PRIVATE third_party/googletest/googletest/include - PRIVATE third_party/googletest/googletest - PRIVATE third_party/googletest/googlemock/include - PRIVATE third_party/googletest/googlemock - PRIVATE ${_gRPC_PROTO_GENS_DIR} -) - -target_link_libraries(grpc_alts_credentials_options_test - ${_gRPC_PROTOBUF_LIBRARIES} - ${_gRPC_ALLTARGETS_LIBRARIES} - grpc - gpr - ${_gRPC_GFLAGS_LIBRARIES} -) - -endif (gRPC_BUILD_TESTS) -if (gRPC_BUILD_TESTS) - add_executable(grpc_cli test/cpp/util/grpc_cli.cc third_party/googletest/googletest/src/gtest-all.cc @@ -13289,41 +12603,6 @@ target_link_libraries(transport_pid_controller_test endif (gRPC_BUILD_TESTS) if (gRPC_BUILD_TESTS) - -add_executable(transport_security_common_api_test - test/core/tsi/alts/handshaker/transport_security_common_api_test.cc - third_party/googletest/googletest/src/gtest-all.cc - third_party/googletest/googlemock/src/gmock-all.cc -) - - -target_include_directories(transport_security_common_api_test - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR} - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include - PRIVATE ${_gRPC_SSL_INCLUDE_DIR} - PRIVATE ${_gRPC_PROTOBUF_INCLUDE_DIR} - PRIVATE ${_gRPC_ZLIB_INCLUDE_DIR} - PRIVATE ${_gRPC_BENCHMARK_INCLUDE_DIR} - PRIVATE ${_gRPC_CARES_INCLUDE_DIR} - PRIVATE ${_gRPC_GFLAGS_INCLUDE_DIR} - PRIVATE third_party/googletest/googletest/include - PRIVATE third_party/googletest/googletest - PRIVATE third_party/googletest/googlemock/include - PRIVATE third_party/googletest/googlemock - PRIVATE ${_gRPC_PROTO_GENS_DIR} -) - -target_link_libraries(transport_security_common_api_test - ${_gRPC_PROTOBUF_LIBRARIES} - ${_gRPC_ALLTARGETS_LIBRARIES} - alts_test_util - gpr - grpc - ${_gRPC_GFLAGS_LIBRARIES} -) - -endif (gRPC_BUILD_TESTS) -if (gRPC_BUILD_TESTS) if(_gRPC_PLATFORM_LINUX OR _gRPC_PLATFORM_MAC OR _gRPC_PLATFORM_POSIX) add_executable(writes_per_rpc_test @@ -338,8 +338,6 @@ CPPFLAGS += -g -Wall -Wextra -Werror -Wno-long-long -Wno-unused-parameter -DOSAT COREFLAGS += -fno-rtti -fno-exceptions LDFLAGS += -g -DEFINES += PB_FIELD_16BIT - CPPFLAGS += $(CPPFLAGS_$(CONFIG)) CFLAGS += $(CFLAGS_$(CONFIG)) CXXFLAGS += $(CXXFLAGS_$(CONFIG)) @@ -1096,19 +1094,6 @@ uri_fuzzer_test: $(BINDIR)/$(CONFIG)/uri_fuzzer_test uri_parser_test: $(BINDIR)/$(CONFIG)/uri_parser_test wakeup_fd_cv_test: $(BINDIR)/$(CONFIG)/wakeup_fd_cv_test alarm_test: $(BINDIR)/$(CONFIG)/alarm_test -alts_counter_test: $(BINDIR)/$(CONFIG)/alts_counter_test -alts_crypt_test: $(BINDIR)/$(CONFIG)/alts_crypt_test -alts_crypter_test: $(BINDIR)/$(CONFIG)/alts_crypter_test -alts_frame_handler_test: $(BINDIR)/$(CONFIG)/alts_frame_handler_test -alts_frame_protector_test: $(BINDIR)/$(CONFIG)/alts_frame_protector_test -alts_grpc_record_protocol_test: $(BINDIR)/$(CONFIG)/alts_grpc_record_protocol_test -alts_handshaker_client_test: $(BINDIR)/$(CONFIG)/alts_handshaker_client_test -alts_handshaker_service_api_test: $(BINDIR)/$(CONFIG)/alts_handshaker_service_api_test -alts_iovec_record_protocol_test: $(BINDIR)/$(CONFIG)/alts_iovec_record_protocol_test -alts_security_connector_test: $(BINDIR)/$(CONFIG)/alts_security_connector_test -alts_tsi_handshaker_test: $(BINDIR)/$(CONFIG)/alts_tsi_handshaker_test -alts_tsi_utils_test: $(BINDIR)/$(CONFIG)/alts_tsi_utils_test -alts_zero_copy_grpc_protector_test: $(BINDIR)/$(CONFIG)/alts_zero_copy_grpc_protector_test async_end2end_test: $(BINDIR)/$(CONFIG)/async_end2end_test auth_property_iterator_test: $(BINDIR)/$(CONFIG)/auth_property_iterator_test backoff_test: $(BINDIR)/$(CONFIG)/backoff_test @@ -1129,8 +1114,6 @@ bm_metadata: $(BINDIR)/$(CONFIG)/bm_metadata bm_pollset: $(BINDIR)/$(CONFIG)/bm_pollset channel_arguments_test: $(BINDIR)/$(CONFIG)/channel_arguments_test channel_filter_test: $(BINDIR)/$(CONFIG)/channel_filter_test -check_gcp_environment_linux_test: $(BINDIR)/$(CONFIG)/check_gcp_environment_linux_test -check_gcp_environment_windows_test: $(BINDIR)/$(CONFIG)/check_gcp_environment_windows_test chttp2_settings_timeout_test: $(BINDIR)/$(CONFIG)/chttp2_settings_timeout_test cli_call_test: $(BINDIR)/$(CONFIG)/cli_call_test client_channel_stress_test: $(BINDIR)/$(CONFIG)/client_channel_stress_test @@ -1150,7 +1133,6 @@ exception_test: $(BINDIR)/$(CONFIG)/exception_test filter_end2end_test: $(BINDIR)/$(CONFIG)/filter_end2end_test generic_end2end_test: $(BINDIR)/$(CONFIG)/generic_end2end_test golden_file_test: $(BINDIR)/$(CONFIG)/golden_file_test -grpc_alts_credentials_options_test: $(BINDIR)/$(CONFIG)/grpc_alts_credentials_options_test grpc_cli: $(BINDIR)/$(CONFIG)/grpc_cli grpc_cpp_plugin: $(BINDIR)/$(CONFIG)/grpc_cpp_plugin grpc_csharp_plugin: $(BINDIR)/$(CONFIG)/grpc_csharp_plugin @@ -1209,7 +1191,6 @@ stress_test: $(BINDIR)/$(CONFIG)/stress_test thread_manager_test: $(BINDIR)/$(CONFIG)/thread_manager_test thread_stress_test: $(BINDIR)/$(CONFIG)/thread_stress_test transport_pid_controller_test: $(BINDIR)/$(CONFIG)/transport_pid_controller_test -transport_security_common_api_test: $(BINDIR)/$(CONFIG)/transport_security_common_api_test writes_per_rpc_test: $(BINDIR)/$(CONFIG)/writes_per_rpc_test public_headers_must_be_c89: $(BINDIR)/$(CONFIG)/public_headers_must_be_c89 gen_hpack_tables: $(BINDIR)/$(CONFIG)/gen_hpack_tables @@ -1371,7 +1352,7 @@ plugins: $(PROTOC_PLUGINS) privatelibs: privatelibs_c privatelibs_cxx -privatelibs_c: $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc_test_util_unsecure.a $(LIBDIR)/$(CONFIG)/libreconnect_server.a $(LIBDIR)/$(CONFIG)/libtest_tcp_server.a $(LIBDIR)/$(CONFIG)/libz.a $(LIBDIR)/$(CONFIG)/libares.a $(LIBDIR)/$(CONFIG)/libbad_client_test.a $(LIBDIR)/$(CONFIG)/libbad_ssl_test_server.a $(LIBDIR)/$(CONFIG)/libend2end_tests.a $(LIBDIR)/$(CONFIG)/libend2end_nosec_tests.a +privatelibs_c: $(LIBDIR)/$(CONFIG)/libgpr_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc_test_util_unsecure.a $(LIBDIR)/$(CONFIG)/libreconnect_server.a $(LIBDIR)/$(CONFIG)/libtest_tcp_server.a $(LIBDIR)/$(CONFIG)/libz.a $(LIBDIR)/$(CONFIG)/libares.a $(LIBDIR)/$(CONFIG)/libbad_client_test.a $(LIBDIR)/$(CONFIG)/libbad_ssl_test_server.a $(LIBDIR)/$(CONFIG)/libend2end_tests.a $(LIBDIR)/$(CONFIG)/libend2end_nosec_tests.a pc_c: $(LIBDIR)/$(CONFIG)/pkgconfig/grpc.pc pc_c_unsecure: $(LIBDIR)/$(CONFIG)/pkgconfig/grpc_unsecure.pc @@ -1581,19 +1562,6 @@ buildtests_c: privatelibs_c \ ifeq ($(EMBED_OPENSSL),true) buildtests_cxx: privatelibs_cxx \ $(BINDIR)/$(CONFIG)/alarm_test \ - $(BINDIR)/$(CONFIG)/alts_counter_test \ - $(BINDIR)/$(CONFIG)/alts_crypt_test \ - $(BINDIR)/$(CONFIG)/alts_crypter_test \ - $(BINDIR)/$(CONFIG)/alts_frame_handler_test \ - $(BINDIR)/$(CONFIG)/alts_frame_protector_test \ - $(BINDIR)/$(CONFIG)/alts_grpc_record_protocol_test \ - $(BINDIR)/$(CONFIG)/alts_handshaker_client_test \ - $(BINDIR)/$(CONFIG)/alts_handshaker_service_api_test \ - $(BINDIR)/$(CONFIG)/alts_iovec_record_protocol_test \ - $(BINDIR)/$(CONFIG)/alts_security_connector_test \ - $(BINDIR)/$(CONFIG)/alts_tsi_handshaker_test \ - $(BINDIR)/$(CONFIG)/alts_tsi_utils_test \ - $(BINDIR)/$(CONFIG)/alts_zero_copy_grpc_protector_test \ $(BINDIR)/$(CONFIG)/async_end2end_test \ $(BINDIR)/$(CONFIG)/auth_property_iterator_test \ $(BINDIR)/$(CONFIG)/backoff_test \ @@ -1614,8 +1582,6 @@ buildtests_cxx: privatelibs_cxx \ $(BINDIR)/$(CONFIG)/bm_pollset \ $(BINDIR)/$(CONFIG)/channel_arguments_test \ $(BINDIR)/$(CONFIG)/channel_filter_test \ - $(BINDIR)/$(CONFIG)/check_gcp_environment_linux_test \ - $(BINDIR)/$(CONFIG)/check_gcp_environment_windows_test \ $(BINDIR)/$(CONFIG)/chttp2_settings_timeout_test \ $(BINDIR)/$(CONFIG)/cli_call_test \ $(BINDIR)/$(CONFIG)/client_channel_stress_test \ @@ -1635,7 +1601,6 @@ buildtests_cxx: privatelibs_cxx \ $(BINDIR)/$(CONFIG)/filter_end2end_test \ $(BINDIR)/$(CONFIG)/generic_end2end_test \ $(BINDIR)/$(CONFIG)/golden_file_test \ - $(BINDIR)/$(CONFIG)/grpc_alts_credentials_options_test \ $(BINDIR)/$(CONFIG)/grpc_cli \ $(BINDIR)/$(CONFIG)/grpc_tool_test \ $(BINDIR)/$(CONFIG)/grpclb_api_test \ @@ -1687,7 +1652,6 @@ buildtests_cxx: privatelibs_cxx \ $(BINDIR)/$(CONFIG)/thread_manager_test \ $(BINDIR)/$(CONFIG)/thread_stress_test \ $(BINDIR)/$(CONFIG)/transport_pid_controller_test \ - $(BINDIR)/$(CONFIG)/transport_security_common_api_test \ $(BINDIR)/$(CONFIG)/writes_per_rpc_test \ $(BINDIR)/$(CONFIG)/boringssl_crypto_test_data \ $(BINDIR)/$(CONFIG)/boringssl_asn1_test \ @@ -1746,19 +1710,6 @@ buildtests_cxx: privatelibs_cxx \ else buildtests_cxx: privatelibs_cxx \ $(BINDIR)/$(CONFIG)/alarm_test \ - $(BINDIR)/$(CONFIG)/alts_counter_test \ - $(BINDIR)/$(CONFIG)/alts_crypt_test \ - $(BINDIR)/$(CONFIG)/alts_crypter_test \ - $(BINDIR)/$(CONFIG)/alts_frame_handler_test \ - $(BINDIR)/$(CONFIG)/alts_frame_protector_test \ - $(BINDIR)/$(CONFIG)/alts_grpc_record_protocol_test \ - $(BINDIR)/$(CONFIG)/alts_handshaker_client_test \ - $(BINDIR)/$(CONFIG)/alts_handshaker_service_api_test \ - $(BINDIR)/$(CONFIG)/alts_iovec_record_protocol_test \ - $(BINDIR)/$(CONFIG)/alts_security_connector_test \ - $(BINDIR)/$(CONFIG)/alts_tsi_handshaker_test \ - $(BINDIR)/$(CONFIG)/alts_tsi_utils_test \ - $(BINDIR)/$(CONFIG)/alts_zero_copy_grpc_protector_test \ $(BINDIR)/$(CONFIG)/async_end2end_test \ $(BINDIR)/$(CONFIG)/auth_property_iterator_test \ $(BINDIR)/$(CONFIG)/backoff_test \ @@ -1779,8 +1730,6 @@ buildtests_cxx: privatelibs_cxx \ $(BINDIR)/$(CONFIG)/bm_pollset \ $(BINDIR)/$(CONFIG)/channel_arguments_test \ $(BINDIR)/$(CONFIG)/channel_filter_test \ - $(BINDIR)/$(CONFIG)/check_gcp_environment_linux_test \ - $(BINDIR)/$(CONFIG)/check_gcp_environment_windows_test \ $(BINDIR)/$(CONFIG)/chttp2_settings_timeout_test \ $(BINDIR)/$(CONFIG)/cli_call_test \ $(BINDIR)/$(CONFIG)/client_channel_stress_test \ @@ -1800,7 +1749,6 @@ buildtests_cxx: privatelibs_cxx \ $(BINDIR)/$(CONFIG)/filter_end2end_test \ $(BINDIR)/$(CONFIG)/generic_end2end_test \ $(BINDIR)/$(CONFIG)/golden_file_test \ - $(BINDIR)/$(CONFIG)/grpc_alts_credentials_options_test \ $(BINDIR)/$(CONFIG)/grpc_cli \ $(BINDIR)/$(CONFIG)/grpc_tool_test \ $(BINDIR)/$(CONFIG)/grpclb_api_test \ @@ -1852,7 +1800,6 @@ buildtests_cxx: privatelibs_cxx \ $(BINDIR)/$(CONFIG)/thread_manager_test \ $(BINDIR)/$(CONFIG)/thread_stress_test \ $(BINDIR)/$(CONFIG)/transport_pid_controller_test \ - $(BINDIR)/$(CONFIG)/transport_security_common_api_test \ $(BINDIR)/$(CONFIG)/writes_per_rpc_test \ $(BINDIR)/$(CONFIG)/resolver_component_test_unsecure \ $(BINDIR)/$(CONFIG)/resolver_component_test \ @@ -2139,32 +2086,6 @@ flaky_test_c: buildtests_c test_cxx: buildtests_cxx $(E) "[RUN] Testing alarm_test" $(Q) $(BINDIR)/$(CONFIG)/alarm_test || ( echo test alarm_test failed ; exit 1 ) - $(E) "[RUN] Testing alts_counter_test" - $(Q) $(BINDIR)/$(CONFIG)/alts_counter_test || ( echo test alts_counter_test failed ; exit 1 ) - $(E) "[RUN] Testing alts_crypt_test" - $(Q) $(BINDIR)/$(CONFIG)/alts_crypt_test || ( echo test alts_crypt_test failed ; exit 1 ) - $(E) "[RUN] Testing alts_crypter_test" - $(Q) $(BINDIR)/$(CONFIG)/alts_crypter_test || ( echo test alts_crypter_test failed ; exit 1 ) - $(E) "[RUN] Testing alts_frame_handler_test" - $(Q) $(BINDIR)/$(CONFIG)/alts_frame_handler_test || ( echo test alts_frame_handler_test failed ; exit 1 ) - $(E) "[RUN] Testing alts_frame_protector_test" - $(Q) $(BINDIR)/$(CONFIG)/alts_frame_protector_test || ( echo test alts_frame_protector_test failed ; exit 1 ) - $(E) "[RUN] Testing alts_grpc_record_protocol_test" - $(Q) $(BINDIR)/$(CONFIG)/alts_grpc_record_protocol_test || ( echo test alts_grpc_record_protocol_test failed ; exit 1 ) - $(E) "[RUN] Testing alts_handshaker_client_test" - $(Q) $(BINDIR)/$(CONFIG)/alts_handshaker_client_test || ( echo test alts_handshaker_client_test failed ; exit 1 ) - $(E) "[RUN] Testing alts_handshaker_service_api_test" - $(Q) $(BINDIR)/$(CONFIG)/alts_handshaker_service_api_test || ( echo test alts_handshaker_service_api_test failed ; exit 1 ) - $(E) "[RUN] Testing alts_iovec_record_protocol_test" - $(Q) $(BINDIR)/$(CONFIG)/alts_iovec_record_protocol_test || ( echo test alts_iovec_record_protocol_test failed ; exit 1 ) - $(E) "[RUN] Testing alts_security_connector_test" - $(Q) $(BINDIR)/$(CONFIG)/alts_security_connector_test || ( echo test alts_security_connector_test failed ; exit 1 ) - $(E) "[RUN] Testing alts_tsi_handshaker_test" - $(Q) $(BINDIR)/$(CONFIG)/alts_tsi_handshaker_test || ( echo test alts_tsi_handshaker_test failed ; exit 1 ) - $(E) "[RUN] Testing alts_tsi_utils_test" - $(Q) $(BINDIR)/$(CONFIG)/alts_tsi_utils_test || ( echo test alts_tsi_utils_test failed ; exit 1 ) - $(E) "[RUN] Testing alts_zero_copy_grpc_protector_test" - $(Q) $(BINDIR)/$(CONFIG)/alts_zero_copy_grpc_protector_test || ( echo test alts_zero_copy_grpc_protector_test failed ; exit 1 ) $(E) "[RUN] Testing async_end2end_test" $(Q) $(BINDIR)/$(CONFIG)/async_end2end_test || ( echo test async_end2end_test failed ; exit 1 ) $(E) "[RUN] Testing auth_property_iterator_test" @@ -2205,10 +2126,6 @@ test_cxx: buildtests_cxx $(Q) $(BINDIR)/$(CONFIG)/channel_arguments_test || ( echo test channel_arguments_test failed ; exit 1 ) $(E) "[RUN] Testing channel_filter_test" $(Q) $(BINDIR)/$(CONFIG)/channel_filter_test || ( echo test channel_filter_test failed ; exit 1 ) - $(E) "[RUN] Testing check_gcp_environment_linux_test" - $(Q) $(BINDIR)/$(CONFIG)/check_gcp_environment_linux_test || ( echo test check_gcp_environment_linux_test failed ; exit 1 ) - $(E) "[RUN] Testing check_gcp_environment_windows_test" - $(Q) $(BINDIR)/$(CONFIG)/check_gcp_environment_windows_test || ( echo test check_gcp_environment_windows_test failed ; exit 1 ) $(E) "[RUN] Testing chttp2_settings_timeout_test" $(Q) $(BINDIR)/$(CONFIG)/chttp2_settings_timeout_test || ( echo test chttp2_settings_timeout_test failed ; exit 1 ) $(E) "[RUN] Testing cli_call_test" @@ -2245,8 +2162,6 @@ test_cxx: buildtests_cxx $(Q) $(BINDIR)/$(CONFIG)/generic_end2end_test || ( echo test generic_end2end_test failed ; exit 1 ) $(E) "[RUN] Testing golden_file_test" $(Q) $(BINDIR)/$(CONFIG)/golden_file_test || ( echo test golden_file_test failed ; exit 1 ) - $(E) "[RUN] Testing grpc_alts_credentials_options_test" - $(Q) $(BINDIR)/$(CONFIG)/grpc_alts_credentials_options_test || ( echo test grpc_alts_credentials_options_test failed ; exit 1 ) $(E) "[RUN] Testing grpc_tool_test" $(Q) $(BINDIR)/$(CONFIG)/grpc_tool_test || ( echo test grpc_tool_test failed ; exit 1 ) $(E) "[RUN] Testing grpclb_api_test" @@ -2321,8 +2236,6 @@ test_cxx: buildtests_cxx $(Q) $(BINDIR)/$(CONFIG)/thread_stress_test || ( echo test thread_stress_test failed ; exit 1 ) $(E) "[RUN] Testing transport_pid_controller_test" $(Q) $(BINDIR)/$(CONFIG)/transport_pid_controller_test || ( echo test transport_pid_controller_test failed ; exit 1 ) - $(E) "[RUN] Testing transport_security_common_api_test" - $(Q) $(BINDIR)/$(CONFIG)/transport_security_common_api_test || ( echo test transport_security_common_api_test failed ; exit 1 ) $(E) "[RUN] Testing writes_per_rpc_test" $(Q) $(BINDIR)/$(CONFIG)/writes_per_rpc_test || ( echo test writes_per_rpc_test failed ; exit 1 ) $(E) "[RUN] Testing resolver_component_tests_runner_invoker_unsecure" @@ -2980,46 +2893,6 @@ clean: # The various libraries -LIBALTS_TEST_UTIL_SRC = \ - test/core/tsi/alts/crypt/gsec_test_util.cc \ - test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.cc \ - -PUBLIC_HEADERS_C += \ - -LIBALTS_TEST_UTIL_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(LIBALTS_TEST_UTIL_SRC)))) - - -ifeq ($(NO_SECURE),true) - -# You can't build secure libraries if you don't have OpenSSL. - -$(LIBDIR)/$(CONFIG)/libalts_test_util.a: openssl_dep_error - - -else - - -$(LIBDIR)/$(CONFIG)/libalts_test_util.a: $(ZLIB_DEP) $(OPENSSL_DEP) $(CARES_DEP) $(LIBALTS_TEST_UTIL_OBJS) - $(E) "[AR] Creating $@" - $(Q) mkdir -p `dirname $@` - $(Q) rm -f $(LIBDIR)/$(CONFIG)/libalts_test_util.a - $(Q) $(AR) $(AROPTS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBALTS_TEST_UTIL_OBJS) -ifeq ($(SYSTEM),Darwin) - $(Q) ranlib -no_warning_for_no_symbols $(LIBDIR)/$(CONFIG)/libalts_test_util.a -endif - - - - -endif - -ifneq ($(NO_SECURE),true) -ifneq ($(NO_DEPS),true) --include $(LIBALTS_TEST_UTIL_OBJS:.o=.dep) -endif -endif - - LIBGPR_SRC = \ src/core/lib/gpr/alloc.cc \ src/core/lib/gpr/arena.cc \ @@ -3322,7 +3195,6 @@ LIBGRPC_SRC = \ src/core/ext/filters/http/server/http_server_filter.cc \ src/core/lib/http/httpcli_security_connector.cc \ src/core/lib/security/context/security_context.cc \ - src/core/lib/security/credentials/alts/alts_credentials.cc \ src/core/lib/security/credentials/composite/composite_credentials.cc \ src/core/lib/security/credentials/credentials.cc \ src/core/lib/security/credentials/credentials_metadata.cc \ @@ -3336,7 +3208,6 @@ LIBGRPC_SRC = \ src/core/lib/security/credentials/oauth2/oauth2_credentials.cc \ src/core/lib/security/credentials/plugin/plugin_credentials.cc \ src/core/lib/security/credentials/ssl/ssl_credentials.cc \ - src/core/lib/security/security_connector/alts_security_connector.cc \ src/core/lib/security/security_connector/security_connector.cc \ src/core/lib/security/transport/client_auth_filter.cc \ src/core/lib/security/transport/secure_endpoint.cc \ @@ -3346,45 +3217,14 @@ LIBGRPC_SRC = \ src/core/lib/security/transport/tsi_error.cc \ src/core/lib/security/util/json_util.cc \ src/core/lib/surface/init_secure.cc \ - src/core/tsi/alts/crypt/aes_gcm.cc \ - src/core/tsi/alts/crypt/gsec.cc \ - src/core/tsi/alts/frame_protector/alts_counter.cc \ - src/core/tsi/alts/frame_protector/alts_crypter.cc \ - src/core/tsi/alts/frame_protector/alts_frame_protector.cc \ - src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc \ - src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc \ - src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc \ - src/core/tsi/alts/frame_protector/frame_handler.cc \ - src/core/tsi/alts/handshaker/alts_handshaker_client.cc \ - src/core/tsi/alts/handshaker/alts_tsi_event.cc \ - src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc \ - src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc \ - src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc \ - src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc \ - src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc \ - src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc \ - src/core/lib/security/credentials/alts/check_gcp_environment.cc \ - src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc \ - src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc \ - src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc \ - src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc \ - src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc \ - src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc \ - src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc \ - src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc \ - src/core/tsi/alts/handshaker/alts_tsi_utils.cc \ - src/core/tsi/alts/handshaker/transport_security_common_api.cc \ - src/core/tsi/alts/handshaker/altscontext.pb.c \ - src/core/tsi/alts/handshaker/handshaker.pb.c \ - src/core/tsi/alts/handshaker/transport_security_common.pb.c \ - third_party/nanopb/pb_common.c \ - third_party/nanopb/pb_decode.c \ - third_party/nanopb/pb_encode.c \ + src/core/tsi/alts_transport_security.cc \ + src/core/tsi/fake_transport_security.cc \ + src/core/tsi/ssl_transport_security.cc \ + src/core/tsi/transport_security_grpc.cc \ src/core/tsi/transport_security.cc \ src/core/tsi/transport_security_adapter.cc \ - src/core/ext/transport/chttp2/client/insecure/channel_create.cc \ - src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc \ - src/core/ext/transport/chttp2/client/chttp2_connector.cc \ + src/core/ext/transport/chttp2/server/chttp2_server.cc \ + src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc \ src/core/ext/filters/client_channel/backup_poller.cc \ src/core/ext/filters/client_channel/channel_connectivity.cc \ src/core/ext/filters/client_channel/client_channel.cc \ @@ -3408,14 +3248,11 @@ LIBGRPC_SRC = \ src/core/ext/filters/client_channel/subchannel_index.cc \ src/core/ext/filters/client_channel/uri_parser.cc \ src/core/ext/filters/deadline/deadline_filter.cc \ - src/core/tsi/alts_transport_security.cc \ - src/core/tsi/fake_transport_security.cc \ - src/core/tsi/ssl_transport_security.cc \ - src/core/tsi/transport_security_grpc.cc \ - src/core/ext/transport/chttp2/server/chttp2_server.cc \ - src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc \ + src/core/ext/transport/chttp2/client/chttp2_connector.cc \ src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc \ src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc \ + src/core/ext/transport/chttp2/client/insecure/channel_create.cc \ + src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc \ src/core/ext/transport/inproc/inproc_plugin.cc \ src/core/ext/transport/inproc/inproc_transport.cc \ src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc \ @@ -3424,6 +3261,9 @@ LIBGRPC_SRC = \ src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc \ src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc \ src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c \ + third_party/nanopb/pb_common.c \ + third_party/nanopb/pb_decode.c \ + third_party/nanopb/pb_encode.c \ src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc \ src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc \ src/core/ext/filters/client_channel/lb_policy/subchannel_list.cc \ @@ -3725,7 +3565,6 @@ LIBGRPC_CRONET_SRC = \ src/core/ext/filters/deadline/deadline_filter.cc \ src/core/lib/http/httpcli_security_connector.cc \ src/core/lib/security/context/security_context.cc \ - src/core/lib/security/credentials/alts/alts_credentials.cc \ src/core/lib/security/credentials/composite/composite_credentials.cc \ src/core/lib/security/credentials/credentials.cc \ src/core/lib/security/credentials/credentials_metadata.cc \ @@ -3739,7 +3578,6 @@ LIBGRPC_CRONET_SRC = \ src/core/lib/security/credentials/oauth2/oauth2_credentials.cc \ src/core/lib/security/credentials/plugin/plugin_credentials.cc \ src/core/lib/security/credentials/ssl/ssl_credentials.cc \ - src/core/lib/security/security_connector/alts_security_connector.cc \ src/core/lib/security/security_connector/security_connector.cc \ src/core/lib/security/transport/client_auth_filter.cc \ src/core/lib/security/transport/secure_endpoint.cc \ @@ -3749,49 +3587,13 @@ LIBGRPC_CRONET_SRC = \ src/core/lib/security/transport/tsi_error.cc \ src/core/lib/security/util/json_util.cc \ src/core/lib/surface/init_secure.cc \ - src/core/tsi/alts/crypt/aes_gcm.cc \ - src/core/tsi/alts/crypt/gsec.cc \ - src/core/tsi/alts/frame_protector/alts_counter.cc \ - src/core/tsi/alts/frame_protector/alts_crypter.cc \ - src/core/tsi/alts/frame_protector/alts_frame_protector.cc \ - src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc \ - src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc \ - src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc \ - src/core/tsi/alts/frame_protector/frame_handler.cc \ - src/core/tsi/alts/handshaker/alts_handshaker_client.cc \ - src/core/tsi/alts/handshaker/alts_tsi_event.cc \ - src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc \ - src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc \ - src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc \ - src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc \ - src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc \ - src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc \ - src/core/lib/security/credentials/alts/check_gcp_environment.cc \ - src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc \ - src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc \ - src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc \ - src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc \ - src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc \ - src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc \ - src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc \ - src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc \ - src/core/tsi/alts/handshaker/alts_tsi_utils.cc \ - src/core/tsi/alts/handshaker/transport_security_common_api.cc \ - src/core/tsi/alts/handshaker/altscontext.pb.c \ - src/core/tsi/alts/handshaker/handshaker.pb.c \ - src/core/tsi/alts/handshaker/transport_security_common.pb.c \ - third_party/nanopb/pb_common.c \ - third_party/nanopb/pb_decode.c \ - third_party/nanopb/pb_encode.c \ - src/core/tsi/transport_security.cc \ - src/core/tsi/transport_security_adapter.cc \ - src/core/ext/transport/chttp2/client/insecure/channel_create.cc \ - src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc \ - src/core/ext/transport/chttp2/client/chttp2_connector.cc \ src/core/tsi/alts_transport_security.cc \ src/core/tsi/fake_transport_security.cc \ src/core/tsi/ssl_transport_security.cc \ src/core/tsi/transport_security_grpc.cc \ + src/core/tsi/transport_security.cc \ + src/core/tsi/transport_security_adapter.cc \ + src/core/ext/transport/chttp2/client/chttp2_connector.cc \ src/core/ext/filters/load_reporting/server_load_reporting_filter.cc \ src/core/ext/filters/load_reporting/server_load_reporting_plugin.cc \ src/core/plugin_registry/grpc_cronet_plugin_registry.cc \ @@ -14439,568 +14241,6 @@ endif endif -ALTS_COUNTER_TEST_SRC = \ - test/core/tsi/alts/frame_protector/alts_counter_test.cc \ - -ALTS_COUNTER_TEST_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(ALTS_COUNTER_TEST_SRC)))) -ifeq ($(NO_SECURE),true) - -# You can't build secure targets if you don't have OpenSSL. - -$(BINDIR)/$(CONFIG)/alts_counter_test: openssl_dep_error - -else - - - - -ifeq ($(NO_PROTOBUF),true) - -# You can't build the protoc plugins or protobuf-enabled targets if you don't have protobuf 3.0.0+. - -$(BINDIR)/$(CONFIG)/alts_counter_test: protobuf_dep_error - -else - -$(BINDIR)/$(CONFIG)/alts_counter_test: $(PROTOBUF_DEP) $(ALTS_COUNTER_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a - $(E) "[LD] Linking $@" - $(Q) mkdir -p `dirname $@` - $(Q) $(LDXX) $(LDFLAGS) $(ALTS_COUNTER_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LDLIBSXX) $(LDLIBS_PROTOBUF) $(LDLIBS) $(LDLIBS_SECURE) $(GTEST_LIB) -o $(BINDIR)/$(CONFIG)/alts_counter_test - -endif - -endif - -$(OBJDIR)/$(CONFIG)/test/core/tsi/alts/frame_protector/alts_counter_test.o: $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a - -deps_alts_counter_test: $(ALTS_COUNTER_TEST_OBJS:.o=.dep) - -ifneq ($(NO_SECURE),true) -ifneq ($(NO_DEPS),true) --include $(ALTS_COUNTER_TEST_OBJS:.o=.dep) -endif -endif - - -ALTS_CRYPT_TEST_SRC = \ - test/core/tsi/alts/crypt/aes_gcm_test.cc \ - -ALTS_CRYPT_TEST_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(ALTS_CRYPT_TEST_SRC)))) -ifeq ($(NO_SECURE),true) - -# You can't build secure targets if you don't have OpenSSL. - -$(BINDIR)/$(CONFIG)/alts_crypt_test: openssl_dep_error - -else - - - - -ifeq ($(NO_PROTOBUF),true) - -# You can't build the protoc plugins or protobuf-enabled targets if you don't have protobuf 3.0.0+. - -$(BINDIR)/$(CONFIG)/alts_crypt_test: protobuf_dep_error - -else - -$(BINDIR)/$(CONFIG)/alts_crypt_test: $(PROTOBUF_DEP) $(ALTS_CRYPT_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a - $(E) "[LD] Linking $@" - $(Q) mkdir -p `dirname $@` - $(Q) $(LDXX) $(LDFLAGS) $(ALTS_CRYPT_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LDLIBSXX) $(LDLIBS_PROTOBUF) $(LDLIBS) $(LDLIBS_SECURE) $(GTEST_LIB) -o $(BINDIR)/$(CONFIG)/alts_crypt_test - -endif - -endif - -$(OBJDIR)/$(CONFIG)/test/core/tsi/alts/crypt/aes_gcm_test.o: $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a - -deps_alts_crypt_test: $(ALTS_CRYPT_TEST_OBJS:.o=.dep) - -ifneq ($(NO_SECURE),true) -ifneq ($(NO_DEPS),true) --include $(ALTS_CRYPT_TEST_OBJS:.o=.dep) -endif -endif - - -ALTS_CRYPTER_TEST_SRC = \ - test/core/tsi/alts/frame_protector/alts_crypter_test.cc \ - -ALTS_CRYPTER_TEST_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(ALTS_CRYPTER_TEST_SRC)))) -ifeq ($(NO_SECURE),true) - -# You can't build secure targets if you don't have OpenSSL. - -$(BINDIR)/$(CONFIG)/alts_crypter_test: openssl_dep_error - -else - - - - -ifeq ($(NO_PROTOBUF),true) - -# You can't build the protoc plugins or protobuf-enabled targets if you don't have protobuf 3.0.0+. - -$(BINDIR)/$(CONFIG)/alts_crypter_test: protobuf_dep_error - -else - -$(BINDIR)/$(CONFIG)/alts_crypter_test: $(PROTOBUF_DEP) $(ALTS_CRYPTER_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a - $(E) "[LD] Linking $@" - $(Q) mkdir -p `dirname $@` - $(Q) $(LDXX) $(LDFLAGS) $(ALTS_CRYPTER_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LDLIBSXX) $(LDLIBS_PROTOBUF) $(LDLIBS) $(LDLIBS_SECURE) $(GTEST_LIB) -o $(BINDIR)/$(CONFIG)/alts_crypter_test - -endif - -endif - -$(OBJDIR)/$(CONFIG)/test/core/tsi/alts/frame_protector/alts_crypter_test.o: $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a - -deps_alts_crypter_test: $(ALTS_CRYPTER_TEST_OBJS:.o=.dep) - -ifneq ($(NO_SECURE),true) -ifneq ($(NO_DEPS),true) --include $(ALTS_CRYPTER_TEST_OBJS:.o=.dep) -endif -endif - - -ALTS_FRAME_HANDLER_TEST_SRC = \ - test/core/tsi/alts/frame_protector/frame_handler_test.cc \ - -ALTS_FRAME_HANDLER_TEST_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(ALTS_FRAME_HANDLER_TEST_SRC)))) -ifeq ($(NO_SECURE),true) - -# You can't build secure targets if you don't have OpenSSL. - -$(BINDIR)/$(CONFIG)/alts_frame_handler_test: openssl_dep_error - -else - - - - -ifeq ($(NO_PROTOBUF),true) - -# You can't build the protoc plugins or protobuf-enabled targets if you don't have protobuf 3.0.0+. - -$(BINDIR)/$(CONFIG)/alts_frame_handler_test: protobuf_dep_error - -else - -$(BINDIR)/$(CONFIG)/alts_frame_handler_test: $(PROTOBUF_DEP) $(ALTS_FRAME_HANDLER_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a - $(E) "[LD] Linking $@" - $(Q) mkdir -p `dirname $@` - $(Q) $(LDXX) $(LDFLAGS) $(ALTS_FRAME_HANDLER_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LDLIBSXX) $(LDLIBS_PROTOBUF) $(LDLIBS) $(LDLIBS_SECURE) $(GTEST_LIB) -o $(BINDIR)/$(CONFIG)/alts_frame_handler_test - -endif - -endif - -$(OBJDIR)/$(CONFIG)/test/core/tsi/alts/frame_protector/frame_handler_test.o: $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a - -deps_alts_frame_handler_test: $(ALTS_FRAME_HANDLER_TEST_OBJS:.o=.dep) - -ifneq ($(NO_SECURE),true) -ifneq ($(NO_DEPS),true) --include $(ALTS_FRAME_HANDLER_TEST_OBJS:.o=.dep) -endif -endif - - -ALTS_FRAME_PROTECTOR_TEST_SRC = \ - test/core/tsi/alts/frame_protector/alts_frame_protector_test.cc \ - test/core/tsi/transport_security_test_lib.cc \ - -ALTS_FRAME_PROTECTOR_TEST_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(ALTS_FRAME_PROTECTOR_TEST_SRC)))) -ifeq ($(NO_SECURE),true) - -# You can't build secure targets if you don't have OpenSSL. - -$(BINDIR)/$(CONFIG)/alts_frame_protector_test: openssl_dep_error - -else - - - - -ifeq ($(NO_PROTOBUF),true) - -# You can't build the protoc plugins or protobuf-enabled targets if you don't have protobuf 3.0.0+. - -$(BINDIR)/$(CONFIG)/alts_frame_protector_test: protobuf_dep_error - -else - -$(BINDIR)/$(CONFIG)/alts_frame_protector_test: $(PROTOBUF_DEP) $(ALTS_FRAME_PROTECTOR_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a - $(E) "[LD] Linking $@" - $(Q) mkdir -p `dirname $@` - $(Q) $(LDXX) $(LDFLAGS) $(ALTS_FRAME_PROTECTOR_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LDLIBSXX) $(LDLIBS_PROTOBUF) $(LDLIBS) $(LDLIBS_SECURE) $(GTEST_LIB) -o $(BINDIR)/$(CONFIG)/alts_frame_protector_test - -endif - -endif - -$(OBJDIR)/$(CONFIG)/test/core/tsi/alts/frame_protector/alts_frame_protector_test.o: $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a - -$(OBJDIR)/$(CONFIG)/test/core/tsi/transport_security_test_lib.o: $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a - -deps_alts_frame_protector_test: $(ALTS_FRAME_PROTECTOR_TEST_OBJS:.o=.dep) - -ifneq ($(NO_SECURE),true) -ifneq ($(NO_DEPS),true) --include $(ALTS_FRAME_PROTECTOR_TEST_OBJS:.o=.dep) -endif -endif - - -ALTS_GRPC_RECORD_PROTOCOL_TEST_SRC = \ - test/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_test.cc \ - -ALTS_GRPC_RECORD_PROTOCOL_TEST_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(ALTS_GRPC_RECORD_PROTOCOL_TEST_SRC)))) -ifeq ($(NO_SECURE),true) - -# You can't build secure targets if you don't have OpenSSL. - -$(BINDIR)/$(CONFIG)/alts_grpc_record_protocol_test: openssl_dep_error - -else - - - - -ifeq ($(NO_PROTOBUF),true) - -# You can't build the protoc plugins or protobuf-enabled targets if you don't have protobuf 3.0.0+. - -$(BINDIR)/$(CONFIG)/alts_grpc_record_protocol_test: protobuf_dep_error - -else - -$(BINDIR)/$(CONFIG)/alts_grpc_record_protocol_test: $(PROTOBUF_DEP) $(ALTS_GRPC_RECORD_PROTOCOL_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a - $(E) "[LD] Linking $@" - $(Q) mkdir -p `dirname $@` - $(Q) $(LDXX) $(LDFLAGS) $(ALTS_GRPC_RECORD_PROTOCOL_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LDLIBSXX) $(LDLIBS_PROTOBUF) $(LDLIBS) $(LDLIBS_SECURE) $(GTEST_LIB) -o $(BINDIR)/$(CONFIG)/alts_grpc_record_protocol_test - -endif - -endif - -$(OBJDIR)/$(CONFIG)/test/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_test.o: $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a - -deps_alts_grpc_record_protocol_test: $(ALTS_GRPC_RECORD_PROTOCOL_TEST_OBJS:.o=.dep) - -ifneq ($(NO_SECURE),true) -ifneq ($(NO_DEPS),true) --include $(ALTS_GRPC_RECORD_PROTOCOL_TEST_OBJS:.o=.dep) -endif -endif - - -ALTS_HANDSHAKER_CLIENT_TEST_SRC = \ - test/core/tsi/alts/handshaker/alts_handshaker_client_test.cc \ - -ALTS_HANDSHAKER_CLIENT_TEST_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(ALTS_HANDSHAKER_CLIENT_TEST_SRC)))) -ifeq ($(NO_SECURE),true) - -# You can't build secure targets if you don't have OpenSSL. - -$(BINDIR)/$(CONFIG)/alts_handshaker_client_test: openssl_dep_error - -else - - - - -ifeq ($(NO_PROTOBUF),true) - -# You can't build the protoc plugins or protobuf-enabled targets if you don't have protobuf 3.0.0+. - -$(BINDIR)/$(CONFIG)/alts_handshaker_client_test: protobuf_dep_error - -else - -$(BINDIR)/$(CONFIG)/alts_handshaker_client_test: $(PROTOBUF_DEP) $(ALTS_HANDSHAKER_CLIENT_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a - $(E) "[LD] Linking $@" - $(Q) mkdir -p `dirname $@` - $(Q) $(LDXX) $(LDFLAGS) $(ALTS_HANDSHAKER_CLIENT_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LDLIBSXX) $(LDLIBS_PROTOBUF) $(LDLIBS) $(LDLIBS_SECURE) $(GTEST_LIB) -o $(BINDIR)/$(CONFIG)/alts_handshaker_client_test - -endif - -endif - -$(OBJDIR)/$(CONFIG)/test/core/tsi/alts/handshaker/alts_handshaker_client_test.o: $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a - -deps_alts_handshaker_client_test: $(ALTS_HANDSHAKER_CLIENT_TEST_OBJS:.o=.dep) - -ifneq ($(NO_SECURE),true) -ifneq ($(NO_DEPS),true) --include $(ALTS_HANDSHAKER_CLIENT_TEST_OBJS:.o=.dep) -endif -endif - - -ALTS_HANDSHAKER_SERVICE_API_TEST_SRC = \ - test/core/tsi/alts/handshaker/alts_handshaker_service_api_test.cc \ - -ALTS_HANDSHAKER_SERVICE_API_TEST_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(ALTS_HANDSHAKER_SERVICE_API_TEST_SRC)))) -ifeq ($(NO_SECURE),true) - -# You can't build secure targets if you don't have OpenSSL. - -$(BINDIR)/$(CONFIG)/alts_handshaker_service_api_test: openssl_dep_error - -else - - - - -ifeq ($(NO_PROTOBUF),true) - -# You can't build the protoc plugins or protobuf-enabled targets if you don't have protobuf 3.0.0+. - -$(BINDIR)/$(CONFIG)/alts_handshaker_service_api_test: protobuf_dep_error - -else - -$(BINDIR)/$(CONFIG)/alts_handshaker_service_api_test: $(PROTOBUF_DEP) $(ALTS_HANDSHAKER_SERVICE_API_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a - $(E) "[LD] Linking $@" - $(Q) mkdir -p `dirname $@` - $(Q) $(LDXX) $(LDFLAGS) $(ALTS_HANDSHAKER_SERVICE_API_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LDLIBSXX) $(LDLIBS_PROTOBUF) $(LDLIBS) $(LDLIBS_SECURE) $(GTEST_LIB) -o $(BINDIR)/$(CONFIG)/alts_handshaker_service_api_test - -endif - -endif - -$(OBJDIR)/$(CONFIG)/test/core/tsi/alts/handshaker/alts_handshaker_service_api_test.o: $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a - -deps_alts_handshaker_service_api_test: $(ALTS_HANDSHAKER_SERVICE_API_TEST_OBJS:.o=.dep) - -ifneq ($(NO_SECURE),true) -ifneq ($(NO_DEPS),true) --include $(ALTS_HANDSHAKER_SERVICE_API_TEST_OBJS:.o=.dep) -endif -endif - - -ALTS_IOVEC_RECORD_PROTOCOL_TEST_SRC = \ - test/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol_test.cc \ - -ALTS_IOVEC_RECORD_PROTOCOL_TEST_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(ALTS_IOVEC_RECORD_PROTOCOL_TEST_SRC)))) -ifeq ($(NO_SECURE),true) - -# You can't build secure targets if you don't have OpenSSL. - -$(BINDIR)/$(CONFIG)/alts_iovec_record_protocol_test: openssl_dep_error - -else - - - - -ifeq ($(NO_PROTOBUF),true) - -# You can't build the protoc plugins or protobuf-enabled targets if you don't have protobuf 3.0.0+. - -$(BINDIR)/$(CONFIG)/alts_iovec_record_protocol_test: protobuf_dep_error - -else - -$(BINDIR)/$(CONFIG)/alts_iovec_record_protocol_test: $(PROTOBUF_DEP) $(ALTS_IOVEC_RECORD_PROTOCOL_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a - $(E) "[LD] Linking $@" - $(Q) mkdir -p `dirname $@` - $(Q) $(LDXX) $(LDFLAGS) $(ALTS_IOVEC_RECORD_PROTOCOL_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LDLIBSXX) $(LDLIBS_PROTOBUF) $(LDLIBS) $(LDLIBS_SECURE) $(GTEST_LIB) -o $(BINDIR)/$(CONFIG)/alts_iovec_record_protocol_test - -endif - -endif - -$(OBJDIR)/$(CONFIG)/test/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol_test.o: $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a - -deps_alts_iovec_record_protocol_test: $(ALTS_IOVEC_RECORD_PROTOCOL_TEST_OBJS:.o=.dep) - -ifneq ($(NO_SECURE),true) -ifneq ($(NO_DEPS),true) --include $(ALTS_IOVEC_RECORD_PROTOCOL_TEST_OBJS:.o=.dep) -endif -endif - - -ALTS_SECURITY_CONNECTOR_TEST_SRC = \ - test/core/security/alts_security_connector_test.cc \ - -ALTS_SECURITY_CONNECTOR_TEST_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(ALTS_SECURITY_CONNECTOR_TEST_SRC)))) -ifeq ($(NO_SECURE),true) - -# You can't build secure targets if you don't have OpenSSL. - -$(BINDIR)/$(CONFIG)/alts_security_connector_test: openssl_dep_error - -else - - - - -ifeq ($(NO_PROTOBUF),true) - -# You can't build the protoc plugins or protobuf-enabled targets if you don't have protobuf 3.0.0+. - -$(BINDIR)/$(CONFIG)/alts_security_connector_test: protobuf_dep_error - -else - -$(BINDIR)/$(CONFIG)/alts_security_connector_test: $(PROTOBUF_DEP) $(ALTS_SECURITY_CONNECTOR_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a - $(E) "[LD] Linking $@" - $(Q) mkdir -p `dirname $@` - $(Q) $(LDXX) $(LDFLAGS) $(ALTS_SECURITY_CONNECTOR_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LDLIBSXX) $(LDLIBS_PROTOBUF) $(LDLIBS) $(LDLIBS_SECURE) $(GTEST_LIB) -o $(BINDIR)/$(CONFIG)/alts_security_connector_test - -endif - -endif - -$(OBJDIR)/$(CONFIG)/test/core/security/alts_security_connector_test.o: $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a - -deps_alts_security_connector_test: $(ALTS_SECURITY_CONNECTOR_TEST_OBJS:.o=.dep) - -ifneq ($(NO_SECURE),true) -ifneq ($(NO_DEPS),true) --include $(ALTS_SECURITY_CONNECTOR_TEST_OBJS:.o=.dep) -endif -endif - - -ALTS_TSI_HANDSHAKER_TEST_SRC = \ - test/core/tsi/alts/handshaker/alts_tsi_handshaker_test.cc \ - -ALTS_TSI_HANDSHAKER_TEST_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(ALTS_TSI_HANDSHAKER_TEST_SRC)))) -ifeq ($(NO_SECURE),true) - -# You can't build secure targets if you don't have OpenSSL. - -$(BINDIR)/$(CONFIG)/alts_tsi_handshaker_test: openssl_dep_error - -else - - - - -ifeq ($(NO_PROTOBUF),true) - -# You can't build the protoc plugins or protobuf-enabled targets if you don't have protobuf 3.0.0+. - -$(BINDIR)/$(CONFIG)/alts_tsi_handshaker_test: protobuf_dep_error - -else - -$(BINDIR)/$(CONFIG)/alts_tsi_handshaker_test: $(PROTOBUF_DEP) $(ALTS_TSI_HANDSHAKER_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a - $(E) "[LD] Linking $@" - $(Q) mkdir -p `dirname $@` - $(Q) $(LDXX) $(LDFLAGS) $(ALTS_TSI_HANDSHAKER_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LDLIBSXX) $(LDLIBS_PROTOBUF) $(LDLIBS) $(LDLIBS_SECURE) $(GTEST_LIB) -o $(BINDIR)/$(CONFIG)/alts_tsi_handshaker_test - -endif - -endif - -$(OBJDIR)/$(CONFIG)/test/core/tsi/alts/handshaker/alts_tsi_handshaker_test.o: $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a - -deps_alts_tsi_handshaker_test: $(ALTS_TSI_HANDSHAKER_TEST_OBJS:.o=.dep) - -ifneq ($(NO_SECURE),true) -ifneq ($(NO_DEPS),true) --include $(ALTS_TSI_HANDSHAKER_TEST_OBJS:.o=.dep) -endif -endif - - -ALTS_TSI_UTILS_TEST_SRC = \ - test/core/tsi/alts/handshaker/alts_tsi_utils_test.cc \ - -ALTS_TSI_UTILS_TEST_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(ALTS_TSI_UTILS_TEST_SRC)))) -ifeq ($(NO_SECURE),true) - -# You can't build secure targets if you don't have OpenSSL. - -$(BINDIR)/$(CONFIG)/alts_tsi_utils_test: openssl_dep_error - -else - - - - -ifeq ($(NO_PROTOBUF),true) - -# You can't build the protoc plugins or protobuf-enabled targets if you don't have protobuf 3.0.0+. - -$(BINDIR)/$(CONFIG)/alts_tsi_utils_test: protobuf_dep_error - -else - -$(BINDIR)/$(CONFIG)/alts_tsi_utils_test: $(PROTOBUF_DEP) $(ALTS_TSI_UTILS_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a - $(E) "[LD] Linking $@" - $(Q) mkdir -p `dirname $@` - $(Q) $(LDXX) $(LDFLAGS) $(ALTS_TSI_UTILS_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LDLIBSXX) $(LDLIBS_PROTOBUF) $(LDLIBS) $(LDLIBS_SECURE) $(GTEST_LIB) -o $(BINDIR)/$(CONFIG)/alts_tsi_utils_test - -endif - -endif - -$(OBJDIR)/$(CONFIG)/test/core/tsi/alts/handshaker/alts_tsi_utils_test.o: $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a - -deps_alts_tsi_utils_test: $(ALTS_TSI_UTILS_TEST_OBJS:.o=.dep) - -ifneq ($(NO_SECURE),true) -ifneq ($(NO_DEPS),true) --include $(ALTS_TSI_UTILS_TEST_OBJS:.o=.dep) -endif -endif - - -ALTS_ZERO_COPY_GRPC_PROTECTOR_TEST_SRC = \ - test/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector_test.cc \ - -ALTS_ZERO_COPY_GRPC_PROTECTOR_TEST_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(ALTS_ZERO_COPY_GRPC_PROTECTOR_TEST_SRC)))) -ifeq ($(NO_SECURE),true) - -# You can't build secure targets if you don't have OpenSSL. - -$(BINDIR)/$(CONFIG)/alts_zero_copy_grpc_protector_test: openssl_dep_error - -else - - - - -ifeq ($(NO_PROTOBUF),true) - -# You can't build the protoc plugins or protobuf-enabled targets if you don't have protobuf 3.0.0+. - -$(BINDIR)/$(CONFIG)/alts_zero_copy_grpc_protector_test: protobuf_dep_error - -else - -$(BINDIR)/$(CONFIG)/alts_zero_copy_grpc_protector_test: $(PROTOBUF_DEP) $(ALTS_ZERO_COPY_GRPC_PROTECTOR_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a - $(E) "[LD] Linking $@" - $(Q) mkdir -p `dirname $@` - $(Q) $(LDXX) $(LDFLAGS) $(ALTS_ZERO_COPY_GRPC_PROTECTOR_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LDLIBSXX) $(LDLIBS_PROTOBUF) $(LDLIBS) $(LDLIBS_SECURE) $(GTEST_LIB) -o $(BINDIR)/$(CONFIG)/alts_zero_copy_grpc_protector_test - -endif - -endif - -$(OBJDIR)/$(CONFIG)/test/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector_test.o: $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a - -deps_alts_zero_copy_grpc_protector_test: $(ALTS_ZERO_COPY_GRPC_PROTECTOR_TEST_OBJS:.o=.dep) - -ifneq ($(NO_SECURE),true) -ifneq ($(NO_DEPS),true) --include $(ALTS_ZERO_COPY_GRPC_PROTECTOR_TEST_OBJS:.o=.dep) -endif -endif - - ASYNC_END2END_TEST_SRC = \ test/cpp/end2end/async_end2end_test.cc \ @@ -15875,92 +15115,6 @@ endif endif -CHECK_GCP_ENVIRONMENT_LINUX_TEST_SRC = \ - test/core/security/check_gcp_environment_linux_test.cc \ - -CHECK_GCP_ENVIRONMENT_LINUX_TEST_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(CHECK_GCP_ENVIRONMENT_LINUX_TEST_SRC)))) -ifeq ($(NO_SECURE),true) - -# You can't build secure targets if you don't have OpenSSL. - -$(BINDIR)/$(CONFIG)/check_gcp_environment_linux_test: openssl_dep_error - -else - - - - -ifeq ($(NO_PROTOBUF),true) - -# You can't build the protoc plugins or protobuf-enabled targets if you don't have protobuf 3.0.0+. - -$(BINDIR)/$(CONFIG)/check_gcp_environment_linux_test: protobuf_dep_error - -else - -$(BINDIR)/$(CONFIG)/check_gcp_environment_linux_test: $(PROTOBUF_DEP) $(CHECK_GCP_ENVIRONMENT_LINUX_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr.a - $(E) "[LD] Linking $@" - $(Q) mkdir -p `dirname $@` - $(Q) $(LDXX) $(LDFLAGS) $(CHECK_GCP_ENVIRONMENT_LINUX_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LDLIBSXX) $(LDLIBS_PROTOBUF) $(LDLIBS) $(LDLIBS_SECURE) $(GTEST_LIB) -o $(BINDIR)/$(CONFIG)/check_gcp_environment_linux_test - -endif - -endif - -$(OBJDIR)/$(CONFIG)/test/core/security/check_gcp_environment_linux_test.o: $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr.a - -deps_check_gcp_environment_linux_test: $(CHECK_GCP_ENVIRONMENT_LINUX_TEST_OBJS:.o=.dep) - -ifneq ($(NO_SECURE),true) -ifneq ($(NO_DEPS),true) --include $(CHECK_GCP_ENVIRONMENT_LINUX_TEST_OBJS:.o=.dep) -endif -endif - - -CHECK_GCP_ENVIRONMENT_WINDOWS_TEST_SRC = \ - test/core/security/check_gcp_environment_windows_test.cc \ - -CHECK_GCP_ENVIRONMENT_WINDOWS_TEST_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(CHECK_GCP_ENVIRONMENT_WINDOWS_TEST_SRC)))) -ifeq ($(NO_SECURE),true) - -# You can't build secure targets if you don't have OpenSSL. - -$(BINDIR)/$(CONFIG)/check_gcp_environment_windows_test: openssl_dep_error - -else - - - - -ifeq ($(NO_PROTOBUF),true) - -# You can't build the protoc plugins or protobuf-enabled targets if you don't have protobuf 3.0.0+. - -$(BINDIR)/$(CONFIG)/check_gcp_environment_windows_test: protobuf_dep_error - -else - -$(BINDIR)/$(CONFIG)/check_gcp_environment_windows_test: $(PROTOBUF_DEP) $(CHECK_GCP_ENVIRONMENT_WINDOWS_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr.a - $(E) "[LD] Linking $@" - $(Q) mkdir -p `dirname $@` - $(Q) $(LDXX) $(LDFLAGS) $(CHECK_GCP_ENVIRONMENT_WINDOWS_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LDLIBSXX) $(LDLIBS_PROTOBUF) $(LDLIBS) $(LDLIBS_SECURE) $(GTEST_LIB) -o $(BINDIR)/$(CONFIG)/check_gcp_environment_windows_test - -endif - -endif - -$(OBJDIR)/$(CONFIG)/test/core/security/check_gcp_environment_windows_test.o: $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr.a - -deps_check_gcp_environment_windows_test: $(CHECK_GCP_ENVIRONMENT_WINDOWS_TEST_OBJS:.o=.dep) - -ifneq ($(NO_SECURE),true) -ifneq ($(NO_DEPS),true) --include $(CHECK_GCP_ENVIRONMENT_WINDOWS_TEST_OBJS:.o=.dep) -endif -endif - - CHTTP2_SETTINGS_TIMEOUT_TEST_SRC = \ test/core/transport/chttp2/settings_timeout_test.cc \ @@ -16826,49 +15980,6 @@ endif $(OBJDIR)/$(CONFIG)/test/cpp/codegen/golden_file_test.o: $(GENDIR)/src/proto/grpc/testing/compiler_test.pb.cc $(GENDIR)/src/proto/grpc/testing/compiler_test.grpc.pb.cc -GRPC_ALTS_CREDENTIALS_OPTIONS_TEST_SRC = \ - test/core/security/grpc_alts_credentials_options_test.cc \ - -GRPC_ALTS_CREDENTIALS_OPTIONS_TEST_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(GRPC_ALTS_CREDENTIALS_OPTIONS_TEST_SRC)))) -ifeq ($(NO_SECURE),true) - -# You can't build secure targets if you don't have OpenSSL. - -$(BINDIR)/$(CONFIG)/grpc_alts_credentials_options_test: openssl_dep_error - -else - - - - -ifeq ($(NO_PROTOBUF),true) - -# You can't build the protoc plugins or protobuf-enabled targets if you don't have protobuf 3.0.0+. - -$(BINDIR)/$(CONFIG)/grpc_alts_credentials_options_test: protobuf_dep_error - -else - -$(BINDIR)/$(CONFIG)/grpc_alts_credentials_options_test: $(PROTOBUF_DEP) $(GRPC_ALTS_CREDENTIALS_OPTIONS_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr.a - $(E) "[LD] Linking $@" - $(Q) mkdir -p `dirname $@` - $(Q) $(LDXX) $(LDFLAGS) $(GRPC_ALTS_CREDENTIALS_OPTIONS_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LDLIBSXX) $(LDLIBS_PROTOBUF) $(LDLIBS) $(LDLIBS_SECURE) $(GTEST_LIB) -o $(BINDIR)/$(CONFIG)/grpc_alts_credentials_options_test - -endif - -endif - -$(OBJDIR)/$(CONFIG)/test/core/security/grpc_alts_credentials_options_test.o: $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr.a - -deps_grpc_alts_credentials_options_test: $(GRPC_ALTS_CREDENTIALS_OPTIONS_TEST_OBJS:.o=.dep) - -ifneq ($(NO_SECURE),true) -ifneq ($(NO_DEPS),true) --include $(GRPC_ALTS_CREDENTIALS_OPTIONS_TEST_OBJS:.o=.dep) -endif -endif - - GRPC_CLI_SRC = \ test/cpp/util/grpc_cli.cc \ @@ -19322,49 +18433,6 @@ endif endif -TRANSPORT_SECURITY_COMMON_API_TEST_SRC = \ - test/core/tsi/alts/handshaker/transport_security_common_api_test.cc \ - -TRANSPORT_SECURITY_COMMON_API_TEST_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(TRANSPORT_SECURITY_COMMON_API_TEST_SRC)))) -ifeq ($(NO_SECURE),true) - -# You can't build secure targets if you don't have OpenSSL. - -$(BINDIR)/$(CONFIG)/transport_security_common_api_test: openssl_dep_error - -else - - - - -ifeq ($(NO_PROTOBUF),true) - -# You can't build the protoc plugins or protobuf-enabled targets if you don't have protobuf 3.0.0+. - -$(BINDIR)/$(CONFIG)/transport_security_common_api_test: protobuf_dep_error - -else - -$(BINDIR)/$(CONFIG)/transport_security_common_api_test: $(PROTOBUF_DEP) $(TRANSPORT_SECURITY_COMMON_API_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a - $(E) "[LD] Linking $@" - $(Q) mkdir -p `dirname $@` - $(Q) $(LDXX) $(LDFLAGS) $(TRANSPORT_SECURITY_COMMON_API_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LDLIBSXX) $(LDLIBS_PROTOBUF) $(LDLIBS) $(LDLIBS_SECURE) $(GTEST_LIB) -o $(BINDIR)/$(CONFIG)/transport_security_common_api_test - -endif - -endif - -$(OBJDIR)/$(CONFIG)/test/core/tsi/alts/handshaker/transport_security_common_api_test.o: $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a - -deps_transport_security_common_api_test: $(TRANSPORT_SECURITY_COMMON_API_TEST_OBJS:.o=.dep) - -ifneq ($(NO_SECURE),true) -ifneq ($(NO_DEPS),true) --include $(TRANSPORT_SECURITY_COMMON_API_TEST_OBJS:.o=.dep) -endif -endif - - WRITES_PER_RPC_TEST_SRC = \ test/cpp/performance/writes_per_rpc_test.cc \ @@ -23335,14 +22403,6 @@ src/core/ext/transport/cronet/transport/cronet_api_dummy.cc: $(OPENSSL_DEP) src/core/ext/transport/cronet/transport/cronet_transport.cc: $(OPENSSL_DEP) src/core/lib/http/httpcli_security_connector.cc: $(OPENSSL_DEP) src/core/lib/security/context/security_context.cc: $(OPENSSL_DEP) -src/core/lib/security/credentials/alts/alts_credentials.cc: $(OPENSSL_DEP) -src/core/lib/security/credentials/alts/check_gcp_environment.cc: $(OPENSSL_DEP) -src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc: $(OPENSSL_DEP) -src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc: $(OPENSSL_DEP) -src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc: $(OPENSSL_DEP) -src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc: $(OPENSSL_DEP) -src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc: $(OPENSSL_DEP) -src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc: $(OPENSSL_DEP) src/core/lib/security/credentials/composite/composite_credentials.cc: $(OPENSSL_DEP) src/core/lib/security/credentials/credentials.cc: $(OPENSSL_DEP) src/core/lib/security/credentials/credentials_metadata.cc: $(OPENSSL_DEP) @@ -23356,7 +22416,6 @@ src/core/lib/security/credentials/jwt/jwt_verifier.cc: $(OPENSSL_DEP) src/core/lib/security/credentials/oauth2/oauth2_credentials.cc: $(OPENSSL_DEP) src/core/lib/security/credentials/plugin/plugin_credentials.cc: $(OPENSSL_DEP) src/core/lib/security/credentials/ssl/ssl_credentials.cc: $(OPENSSL_DEP) -src/core/lib/security/security_connector/alts_security_connector.cc: $(OPENSSL_DEP) src/core/lib/security/security_connector/security_connector.cc: $(OPENSSL_DEP) src/core/lib/security/transport/client_auth_filter.cc: $(OPENSSL_DEP) src/core/lib/security/transport/secure_endpoint.cc: $(OPENSSL_DEP) @@ -23368,30 +22427,6 @@ src/core/lib/security/util/json_util.cc: $(OPENSSL_DEP) src/core/lib/surface/init_secure.cc: $(OPENSSL_DEP) src/core/plugin_registry/grpc_cronet_plugin_registry.cc: $(OPENSSL_DEP) src/core/plugin_registry/grpc_plugin_registry.cc: $(OPENSSL_DEP) -src/core/tsi/alts/crypt/aes_gcm.cc: $(OPENSSL_DEP) -src/core/tsi/alts/crypt/gsec.cc: $(OPENSSL_DEP) -src/core/tsi/alts/frame_protector/alts_counter.cc: $(OPENSSL_DEP) -src/core/tsi/alts/frame_protector/alts_crypter.cc: $(OPENSSL_DEP) -src/core/tsi/alts/frame_protector/alts_frame_protector.cc: $(OPENSSL_DEP) -src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc: $(OPENSSL_DEP) -src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc: $(OPENSSL_DEP) -src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc: $(OPENSSL_DEP) -src/core/tsi/alts/frame_protector/frame_handler.cc: $(OPENSSL_DEP) -src/core/tsi/alts/handshaker/alts_handshaker_client.cc: $(OPENSSL_DEP) -src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc: $(OPENSSL_DEP) -src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc: $(OPENSSL_DEP) -src/core/tsi/alts/handshaker/alts_tsi_event.cc: $(OPENSSL_DEP) -src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc: $(OPENSSL_DEP) -src/core/tsi/alts/handshaker/alts_tsi_utils.cc: $(OPENSSL_DEP) -src/core/tsi/alts/handshaker/altscontext.pb.c: $(OPENSSL_DEP) -src/core/tsi/alts/handshaker/handshaker.pb.c: $(OPENSSL_DEP) -src/core/tsi/alts/handshaker/transport_security_common.pb.c: $(OPENSSL_DEP) -src/core/tsi/alts/handshaker/transport_security_common_api.cc: $(OPENSSL_DEP) -src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc: $(OPENSSL_DEP) -src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc: $(OPENSSL_DEP) -src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc: $(OPENSSL_DEP) -src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc: $(OPENSSL_DEP) -src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc: $(OPENSSL_DEP) src/core/tsi/alts_transport_security.cc: $(OPENSSL_DEP) src/core/tsi/fake_transport_security.cc: $(OPENSSL_DEP) src/core/tsi/ssl_transport_security.cc: $(OPENSSL_DEP) @@ -23419,8 +22454,6 @@ test/core/end2end/data/test_root_cert.cc: $(OPENSSL_DEP) test/core/end2end/end2end_tests.cc: $(OPENSSL_DEP) test/core/end2end/tests/call_creds.cc: $(OPENSSL_DEP) test/core/security/oauth2_utils.cc: $(OPENSSL_DEP) -test/core/tsi/alts/crypt/gsec_test_util.cc: $(OPENSSL_DEP) -test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.cc: $(OPENSSL_DEP) test/core/util/reconnect_server.cc: $(OPENSSL_DEP) test/core/util/test_tcp_server.cc: $(OPENSSL_DEP) test/cpp/end2end/test_service_impl.cc: $(OPENSSL_DEP) diff --git a/bazel/grpc_build_system.bzl b/bazel/grpc_build_system.bzl index 662068ad2a..7bc186265d 100644 --- a/bazel/grpc_build_system.bzl +++ b/bazel/grpc_build_system.bzl @@ -57,12 +57,6 @@ def _maybe_update_cc_library_hdrs(hdrs): ret.append(h) return ret -def _maybe_update_cc_library_defines(name): - ret = [] - if name == "alts_proto": - ret += ["PB_FIELD_16BIT=1"] - return ret - def grpc_cc_library(name, srcs = [], public_hdrs = [], hdrs = [], external_deps = [], deps = [], standalone = False, language = "C++", testonly = False, visibility = None, @@ -70,11 +64,10 @@ def grpc_cc_library(name, srcs = [], public_hdrs = [], hdrs = [], copts = [] if language.upper() == "C": copts = if_not_windows(["-std=c99"]) - defines = _maybe_update_cc_library_defines(name) native.cc_library( name = name, srcs = srcs, - defines = defines + select({"//:grpc_no_ares": ["GRPC_ARES=0"], + defines = select({"//:grpc_no_ares": ["GRPC_ARES=0"], "//conditions:default": [],}) + select({"//:remote_execution": ["GRPC_PORT_ISOLATED_RUNTIME=1"], "//conditions:default": [],}) + diff --git a/build.yaml b/build.yaml index e2bb8bfa9f..e2d194041a 100644 --- a/build.yaml +++ b/build.yaml @@ -16,84 +16,6 @@ settings: g_stands_for: gorgeous version: 1.11.0-dev filegroups: -- name: alts_proto - headers: - - src/core/tsi/alts/handshaker/altscontext.pb.h - - src/core/tsi/alts/handshaker/handshaker.pb.h - - src/core/tsi/alts/handshaker/transport_security_common.pb.h - src: - - src/core/tsi/alts/handshaker/altscontext.pb.c - - src/core/tsi/alts/handshaker/handshaker.pb.c - - src/core/tsi/alts/handshaker/transport_security_common.pb.c - uses: - - nanopb -- name: alts_tsi - headers: - - src/core/tsi/alts/crypt/gsec.h - - src/core/tsi/alts/frame_protector/alts_counter.h - - src/core/tsi/alts/frame_protector/alts_crypter.h - - src/core/tsi/alts/frame_protector/alts_frame_protector.h - - src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h - - src/core/tsi/alts/frame_protector/frame_handler.h - - src/core/tsi/alts/handshaker/alts_handshaker_client.h - - src/core/tsi/alts/handshaker/alts_tsi_event.h - - src/core/tsi/alts/handshaker/alts_tsi_handshaker.h - - src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h - - src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h - - src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h - - src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h - - src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h - - src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h - - src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h - src: - - src/core/tsi/alts/crypt/aes_gcm.cc - - src/core/tsi/alts/crypt/gsec.cc - - src/core/tsi/alts/frame_protector/alts_counter.cc - - src/core/tsi/alts/frame_protector/alts_crypter.cc - - src/core/tsi/alts/frame_protector/alts_frame_protector.cc - - src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc - - src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc - - src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc - - src/core/tsi/alts/frame_protector/frame_handler.cc - - src/core/tsi/alts/handshaker/alts_handshaker_client.cc - - src/core/tsi/alts/handshaker/alts_tsi_event.cc - - src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc - - src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc - - src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc - - src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc - - src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc - - src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc - uses: - - alts_util - - grpc_base - - grpc_transport_chttp2_client_insecure - - tsi_interface - - tsi -- name: alts_util - headers: - - src/core/lib/security/credentials/alts/check_gcp_environment.h - - src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h - - src/core/tsi/alts/handshaker/alts_handshaker_service_api.h - - src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h - - src/core/tsi/alts/handshaker/alts_tsi_utils.h - - src/core/tsi/alts/handshaker/transport_security_common_api.h - src: - - src/core/lib/security/credentials/alts/check_gcp_environment.cc - - src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc - - src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc - - src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc - - src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc - - src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc - - src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc - - src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc - - src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc - - src/core/tsi/alts/handshaker/alts_tsi_utils.cc - - src/core/tsi/alts/handshaker/transport_security_common_api.cc - uses: - - alts_proto - - grpc_base - - tsi_interface - - nanopb - name: census public_headers: - include/grpc/census.h @@ -720,7 +642,6 @@ filegroups: - include/grpc/grpc_security.h headers: - src/core/lib/security/context/security_context.h - - src/core/lib/security/credentials/alts/alts_credentials.h - src/core/lib/security/credentials/composite/composite_credentials.h - src/core/lib/security/credentials/credentials.h - src/core/lib/security/credentials/fake/fake_credentials.h @@ -732,7 +653,6 @@ filegroups: - src/core/lib/security/credentials/oauth2/oauth2_credentials.h - src/core/lib/security/credentials/plugin/plugin_credentials.h - src/core/lib/security/credentials/ssl/ssl_credentials.h - - src/core/lib/security/security_connector/alts_security_connector.h - src/core/lib/security/security_connector/security_connector.h - src/core/lib/security/transport/auth_filters.h - src/core/lib/security/transport/secure_endpoint.h @@ -743,7 +663,6 @@ filegroups: src: - src/core/lib/http/httpcli_security_connector.cc - src/core/lib/security/context/security_context.cc - - src/core/lib/security/credentials/alts/alts_credentials.cc - src/core/lib/security/credentials/composite/composite_credentials.cc - src/core/lib/security/credentials/credentials.cc - src/core/lib/security/credentials/credentials_metadata.cc @@ -757,7 +676,6 @@ filegroups: - src/core/lib/security/credentials/oauth2/oauth2_credentials.cc - src/core/lib/security/credentials/plugin/plugin_credentials.cc - src/core/lib/security/credentials/ssl/ssl_credentials.cc - - src/core/lib/security/security_connector/alts_security_connector.cc - src/core/lib/security/security_connector/security_connector.cc - src/core/lib/security/transport/client_auth_filter.cc - src/core/lib/security/transport/secure_endpoint.cc @@ -769,7 +687,6 @@ filegroups: - src/core/lib/surface/init_secure.cc secure: true uses: - - alts_tsi - grpc_base - grpc_transport_chttp2_alpn - tsi @@ -1294,18 +1211,6 @@ filegroups: - grpc++ - grpc libs: -- name: alts_test_util - build: private - language: c - headers: - - test/core/tsi/alts/crypt/gsec_test_util.h - - test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.h - src: - - test/core/tsi/alts/crypt/gsec_test_util.cc - - test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.cc - deps: - - grpc - secure: true - name: gpr build: all language: c @@ -3591,125 +3496,6 @@ targets: - grpc_unsecure - gpr_test_util - gpr -- name: alts_counter_test - build: test - language: c++ - src: - - test/core/tsi/alts/frame_protector/alts_counter_test.cc - deps: - - alts_test_util - - gpr - - grpc -- name: alts_crypt_test - build: test - language: c++ - src: - - test/core/tsi/alts/crypt/aes_gcm_test.cc - deps: - - alts_test_util - - gpr_test_util - - gpr - - grpc -- name: alts_crypter_test - build: test - language: c++ - src: - - test/core/tsi/alts/frame_protector/alts_crypter_test.cc - deps: - - alts_test_util - - gpr - - grpc -- name: alts_frame_handler_test - build: test - language: c++ - src: - - test/core/tsi/alts/frame_protector/frame_handler_test.cc - deps: - - alts_test_util - - gpr - - grpc -- name: alts_frame_protector_test - build: test - language: c++ - src: - - test/core/tsi/alts/frame_protector/alts_frame_protector_test.cc - deps: - - alts_test_util - - gpr - - grpc - filegroups: - - transport_security_test_lib -- name: alts_grpc_record_protocol_test - build: test - language: c++ - src: - - test/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_test.cc - deps: - - alts_test_util - - gpr - - grpc -- name: alts_handshaker_client_test - build: test - language: c++ - src: - - test/core/tsi/alts/handshaker/alts_handshaker_client_test.cc - deps: - - alts_test_util - - gpr - - grpc -- name: alts_handshaker_service_api_test - build: test - language: c++ - src: - - test/core/tsi/alts/handshaker/alts_handshaker_service_api_test.cc - deps: - - alts_test_util - - gpr - - grpc -- name: alts_iovec_record_protocol_test - build: test - language: c++ - src: - - test/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol_test.cc - deps: - - alts_test_util - - gpr - - grpc -- name: alts_security_connector_test - build: test - language: c++ - src: - - test/core/security/alts_security_connector_test.cc - deps: - - gpr - - grpc -- name: alts_tsi_handshaker_test - build: test - language: c++ - src: - - test/core/tsi/alts/handshaker/alts_tsi_handshaker_test.cc - deps: - - alts_test_util - - gpr - - grpc -- name: alts_tsi_utils_test - build: test - language: c++ - src: - - test/core/tsi/alts/handshaker/alts_tsi_utils_test.cc - deps: - - alts_test_util - - gpr - - grpc -- name: alts_zero_copy_grpc_protector_test - build: test - language: c++ - src: - - test/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector_test.cc - deps: - - alts_test_util - - gpr - - grpc - name: async_end2end_test gtest: true build: test @@ -4093,22 +3879,6 @@ targets: - grpc - gpr uses_polling: false -- name: check_gcp_environment_linux_test - build: test - language: c++ - src: - - test/core/security/check_gcp_environment_linux_test.cc - deps: - - grpc - - gpr -- name: check_gcp_environment_windows_test - build: test - language: c++ - src: - - test/core/security/check_gcp_environment_windows_test.cc - deps: - - grpc - - gpr - name: chttp2_settings_timeout_test gtest: true build: test @@ -4367,14 +4137,6 @@ targets: args: - --generated_file_path=gens/src/proto/grpc/testing/ uses_polling: false -- name: grpc_alts_credentials_options_test - build: test - language: c++ - src: - - test/core/security/grpc_alts_credentials_options_test.cc - deps: - - grpc - - gpr - name: grpc_cli build: test run: false @@ -5210,15 +4972,6 @@ targets: - grpc - gpr_test_util - gpr -- name: transport_security_common_api_test - build: test - language: c++ - src: - - test/core/tsi/alts/handshaker/transport_security_common_api_test.cc - deps: - - alts_test_util - - gpr - - grpc - name: writes_per_rpc_test gtest: true cpu_cost: 0.5 @@ -244,7 +244,6 @@ if test "$PHP_GRPC" != "no"; then src/core/ext/filters/http/server/http_server_filter.cc \ src/core/lib/http/httpcli_security_connector.cc \ src/core/lib/security/context/security_context.cc \ - src/core/lib/security/credentials/alts/alts_credentials.cc \ src/core/lib/security/credentials/composite/composite_credentials.cc \ src/core/lib/security/credentials/credentials.cc \ src/core/lib/security/credentials/credentials_metadata.cc \ @@ -258,7 +257,6 @@ if test "$PHP_GRPC" != "no"; then src/core/lib/security/credentials/oauth2/oauth2_credentials.cc \ src/core/lib/security/credentials/plugin/plugin_credentials.cc \ src/core/lib/security/credentials/ssl/ssl_credentials.cc \ - src/core/lib/security/security_connector/alts_security_connector.cc \ src/core/lib/security/security_connector/security_connector.cc \ src/core/lib/security/transport/client_auth_filter.cc \ src/core/lib/security/transport/secure_endpoint.cc \ @@ -268,45 +266,14 @@ if test "$PHP_GRPC" != "no"; then src/core/lib/security/transport/tsi_error.cc \ src/core/lib/security/util/json_util.cc \ src/core/lib/surface/init_secure.cc \ - src/core/tsi/alts/crypt/aes_gcm.cc \ - src/core/tsi/alts/crypt/gsec.cc \ - src/core/tsi/alts/frame_protector/alts_counter.cc \ - src/core/tsi/alts/frame_protector/alts_crypter.cc \ - src/core/tsi/alts/frame_protector/alts_frame_protector.cc \ - src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc \ - src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc \ - src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc \ - src/core/tsi/alts/frame_protector/frame_handler.cc \ - src/core/tsi/alts/handshaker/alts_handshaker_client.cc \ - src/core/tsi/alts/handshaker/alts_tsi_event.cc \ - src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc \ - src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc \ - src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc \ - src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc \ - src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc \ - src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc \ - src/core/lib/security/credentials/alts/check_gcp_environment.cc \ - src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc \ - src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc \ - src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc \ - src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc \ - src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc \ - src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc \ - src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc \ - src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc \ - src/core/tsi/alts/handshaker/alts_tsi_utils.cc \ - src/core/tsi/alts/handshaker/transport_security_common_api.cc \ - src/core/tsi/alts/handshaker/altscontext.pb.c \ - src/core/tsi/alts/handshaker/handshaker.pb.c \ - src/core/tsi/alts/handshaker/transport_security_common.pb.c \ - third_party/nanopb/pb_common.c \ - third_party/nanopb/pb_decode.c \ - third_party/nanopb/pb_encode.c \ + src/core/tsi/alts_transport_security.cc \ + src/core/tsi/fake_transport_security.cc \ + src/core/tsi/ssl_transport_security.cc \ + src/core/tsi/transport_security_grpc.cc \ src/core/tsi/transport_security.cc \ src/core/tsi/transport_security_adapter.cc \ - src/core/ext/transport/chttp2/client/insecure/channel_create.cc \ - src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc \ - src/core/ext/transport/chttp2/client/chttp2_connector.cc \ + src/core/ext/transport/chttp2/server/chttp2_server.cc \ + src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc \ src/core/ext/filters/client_channel/backup_poller.cc \ src/core/ext/filters/client_channel/channel_connectivity.cc \ src/core/ext/filters/client_channel/client_channel.cc \ @@ -330,14 +297,11 @@ if test "$PHP_GRPC" != "no"; then src/core/ext/filters/client_channel/subchannel_index.cc \ src/core/ext/filters/client_channel/uri_parser.cc \ src/core/ext/filters/deadline/deadline_filter.cc \ - src/core/tsi/alts_transport_security.cc \ - src/core/tsi/fake_transport_security.cc \ - src/core/tsi/ssl_transport_security.cc \ - src/core/tsi/transport_security_grpc.cc \ - src/core/ext/transport/chttp2/server/chttp2_server.cc \ - src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc \ + src/core/ext/transport/chttp2/client/chttp2_connector.cc \ src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc \ src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc \ + src/core/ext/transport/chttp2/client/insecure/channel_create.cc \ + src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc \ src/core/ext/transport/inproc/inproc_plugin.cc \ src/core/ext/transport/inproc/inproc_transport.cc \ src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc \ @@ -346,6 +310,9 @@ if test "$PHP_GRPC" != "no"; then src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc \ src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc \ src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c \ + third_party/nanopb/pb_common.c \ + third_party/nanopb/pb_decode.c \ + third_party/nanopb/pb_encode.c \ src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc \ src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc \ src/core/ext/filters/client_channel/lb_policy/subchannel_list.cc \ @@ -668,7 +635,6 @@ if test "$PHP_GRPC" != "no"; then PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/profiling) PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/context) PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/credentials) - PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/credentials/alts) PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/credentials/composite) PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/credentials/fake) PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/credentials/google_default) @@ -685,10 +651,6 @@ if test "$PHP_GRPC" != "no"; then PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/transport) PHP_ADD_BUILD_DIR($ext_builddir/src/core/plugin_registry) PHP_ADD_BUILD_DIR($ext_builddir/src/core/tsi) - PHP_ADD_BUILD_DIR($ext_builddir/src/core/tsi/alts/crypt) - PHP_ADD_BUILD_DIR($ext_builddir/src/core/tsi/alts/frame_protector) - PHP_ADD_BUILD_DIR($ext_builddir/src/core/tsi/alts/handshaker) - PHP_ADD_BUILD_DIR($ext_builddir/src/core/tsi/alts/zero_copy_frame_protector) PHP_ADD_BUILD_DIR($ext_builddir/third_party/boringssl/crypto) PHP_ADD_BUILD_DIR($ext_builddir/third_party/boringssl/crypto/asn1) PHP_ADD_BUILD_DIR($ext_builddir/third_party/boringssl/crypto/base64) diff --git a/config.w32 b/config.w32 index 580607dd3d..5e41295cbf 100644 --- a/config.w32 +++ b/config.w32 @@ -221,7 +221,6 @@ if (PHP_GRPC != "no") { "src\\core\\ext\\filters\\http\\server\\http_server_filter.cc " + "src\\core\\lib\\http\\httpcli_security_connector.cc " + "src\\core\\lib\\security\\context\\security_context.cc " + - "src\\core\\lib\\security\\credentials\\alts\\alts_credentials.cc " + "src\\core\\lib\\security\\credentials\\composite\\composite_credentials.cc " + "src\\core\\lib\\security\\credentials\\credentials.cc " + "src\\core\\lib\\security\\credentials\\credentials_metadata.cc " + @@ -235,7 +234,6 @@ if (PHP_GRPC != "no") { "src\\core\\lib\\security\\credentials\\oauth2\\oauth2_credentials.cc " + "src\\core\\lib\\security\\credentials\\plugin\\plugin_credentials.cc " + "src\\core\\lib\\security\\credentials\\ssl\\ssl_credentials.cc " + - "src\\core\\lib\\security\\security_connector\\alts_security_connector.cc " + "src\\core\\lib\\security\\security_connector\\security_connector.cc " + "src\\core\\lib\\security\\transport\\client_auth_filter.cc " + "src\\core\\lib\\security\\transport\\secure_endpoint.cc " + @@ -245,45 +243,14 @@ if (PHP_GRPC != "no") { "src\\core\\lib\\security\\transport\\tsi_error.cc " + "src\\core\\lib\\security\\util\\json_util.cc " + "src\\core\\lib\\surface\\init_secure.cc " + - "src\\core\\tsi\\alts\\crypt\\aes_gcm.cc " + - "src\\core\\tsi\\alts\\crypt\\gsec.cc " + - "src\\core\\tsi\\alts\\frame_protector\\alts_counter.cc " + - "src\\core\\tsi\\alts\\frame_protector\\alts_crypter.cc " + - "src\\core\\tsi\\alts\\frame_protector\\alts_frame_protector.cc " + - "src\\core\\tsi\\alts\\frame_protector\\alts_record_protocol_crypter_common.cc " + - "src\\core\\tsi\\alts\\frame_protector\\alts_seal_privacy_integrity_crypter.cc " + - "src\\core\\tsi\\alts\\frame_protector\\alts_unseal_privacy_integrity_crypter.cc " + - "src\\core\\tsi\\alts\\frame_protector\\frame_handler.cc " + - "src\\core\\tsi\\alts\\handshaker\\alts_handshaker_client.cc " + - "src\\core\\tsi\\alts\\handshaker\\alts_tsi_event.cc " + - "src\\core\\tsi\\alts\\handshaker\\alts_tsi_handshaker.cc " + - "src\\core\\tsi\\alts\\zero_copy_frame_protector\\alts_grpc_integrity_only_record_protocol.cc " + - "src\\core\\tsi\\alts\\zero_copy_frame_protector\\alts_grpc_privacy_integrity_record_protocol.cc " + - "src\\core\\tsi\\alts\\zero_copy_frame_protector\\alts_grpc_record_protocol_common.cc " + - "src\\core\\tsi\\alts\\zero_copy_frame_protector\\alts_iovec_record_protocol.cc " + - "src\\core\\tsi\\alts\\zero_copy_frame_protector\\alts_zero_copy_grpc_protector.cc " + - "src\\core\\lib\\security\\credentials\\alts\\check_gcp_environment.cc " + - "src\\core\\lib\\security\\credentials\\alts\\check_gcp_environment_linux.cc " + - "src\\core\\lib\\security\\credentials\\alts\\check_gcp_environment_no_op.cc " + - "src\\core\\lib\\security\\credentials\\alts\\check_gcp_environment_windows.cc " + - "src\\core\\lib\\security\\credentials\\alts\\grpc_alts_credentials_client_options.cc " + - "src\\core\\lib\\security\\credentials\\alts\\grpc_alts_credentials_options.cc " + - "src\\core\\lib\\security\\credentials\\alts\\grpc_alts_credentials_server_options.cc " + - "src\\core\\tsi\\alts\\handshaker\\alts_handshaker_service_api.cc " + - "src\\core\\tsi\\alts\\handshaker\\alts_handshaker_service_api_util.cc " + - "src\\core\\tsi\\alts\\handshaker\\alts_tsi_utils.cc " + - "src\\core\\tsi\\alts\\handshaker\\transport_security_common_api.cc " + - "src\\core\\tsi\\alts\\handshaker\\altscontext.pb.c " + - "src\\core\\tsi\\alts\\handshaker\\handshaker.pb.c " + - "src\\core\\tsi\\alts\\handshaker\\transport_security_common.pb.c " + - "third_party\\nanopb\\pb_common.c " + - "third_party\\nanopb\\pb_decode.c " + - "third_party\\nanopb\\pb_encode.c " + + "src\\core\\tsi\\alts_transport_security.cc " + + "src\\core\\tsi\\fake_transport_security.cc " + + "src\\core\\tsi\\ssl_transport_security.cc " + + "src\\core\\tsi\\transport_security_grpc.cc " + "src\\core\\tsi\\transport_security.cc " + "src\\core\\tsi\\transport_security_adapter.cc " + - "src\\core\\ext\\transport\\chttp2\\client\\insecure\\channel_create.cc " + - "src\\core\\ext\\transport\\chttp2\\client\\insecure\\channel_create_posix.cc " + - "src\\core\\ext\\transport\\chttp2\\client\\chttp2_connector.cc " + + "src\\core\\ext\\transport\\chttp2\\server\\chttp2_server.cc " + + "src\\core\\ext\\transport\\chttp2\\client\\secure\\secure_channel_create.cc " + "src\\core\\ext\\filters\\client_channel\\backup_poller.cc " + "src\\core\\ext\\filters\\client_channel\\channel_connectivity.cc " + "src\\core\\ext\\filters\\client_channel\\client_channel.cc " + @@ -307,14 +274,11 @@ if (PHP_GRPC != "no") { "src\\core\\ext\\filters\\client_channel\\subchannel_index.cc " + "src\\core\\ext\\filters\\client_channel\\uri_parser.cc " + "src\\core\\ext\\filters\\deadline\\deadline_filter.cc " + - "src\\core\\tsi\\alts_transport_security.cc " + - "src\\core\\tsi\\fake_transport_security.cc " + - "src\\core\\tsi\\ssl_transport_security.cc " + - "src\\core\\tsi\\transport_security_grpc.cc " + - "src\\core\\ext\\transport\\chttp2\\server\\chttp2_server.cc " + - "src\\core\\ext\\transport\\chttp2\\client\\secure\\secure_channel_create.cc " + + "src\\core\\ext\\transport\\chttp2\\client\\chttp2_connector.cc " + "src\\core\\ext\\transport\\chttp2\\server\\insecure\\server_chttp2.cc " + "src\\core\\ext\\transport\\chttp2\\server\\insecure\\server_chttp2_posix.cc " + + "src\\core\\ext\\transport\\chttp2\\client\\insecure\\channel_create.cc " + + "src\\core\\ext\\transport\\chttp2\\client\\insecure\\channel_create_posix.cc " + "src\\core\\ext\\transport\\inproc\\inproc_plugin.cc " + "src\\core\\ext\\transport\\inproc\\inproc_transport.cc " + "src\\core\\ext\\filters\\client_channel\\lb_policy\\grpclb\\client_load_reporting_filter.cc " + @@ -323,6 +287,9 @@ if (PHP_GRPC != "no") { "src\\core\\ext\\filters\\client_channel\\lb_policy\\grpclb\\grpclb_client_stats.cc " + "src\\core\\ext\\filters\\client_channel\\lb_policy\\grpclb\\load_balancer_api.cc " + "src\\core\\ext\\filters\\client_channel\\lb_policy\\grpclb\\proto\\grpc\\lb\\v1\\load_balancer.pb.c " + + "third_party\\nanopb\\pb_common.c " + + "third_party\\nanopb\\pb_decode.c " + + "third_party\\nanopb\\pb_encode.c " + "src\\core\\ext\\filters\\client_channel\\resolver\\fake\\fake_resolver.cc " + "src\\core\\ext\\filters\\client_channel\\lb_policy\\pick_first\\pick_first.cc " + "src\\core\\ext\\filters\\client_channel\\lb_policy\\subchannel_list.cc " + @@ -681,7 +648,6 @@ if (PHP_GRPC != "no") { FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\lib\\security"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\lib\\security\\context"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\lib\\security\\credentials"); - FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\lib\\security\\credentials\\alts"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\lib\\security\\credentials\\composite"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\lib\\security\\credentials\\fake"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\lib\\security\\credentials\\google_default"); @@ -698,11 +664,6 @@ if (PHP_GRPC != "no") { FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\lib\\transport"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\plugin_registry"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\tsi"); - FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\tsi\\alts"); - FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\tsi\\alts\\crypt"); - FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\tsi\\alts\\frame_protector"); - FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\tsi\\alts\\handshaker"); - FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\tsi\\alts\\zero_copy_frame_protector"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\php"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\php\\ext"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\php\\ext\\grpc"); diff --git a/gRPC-C++.podspec b/gRPC-C++.podspec index 65a5dc66b4..821c16da45 100644 --- a/gRPC-C++.podspec +++ b/gRPC-C++.podspec @@ -260,7 +260,6 @@ Pod::Spec.new do |s| 'src/core/ext/filters/http/message_compress/message_compress_filter.h', 'src/core/ext/filters/http/server/http_server_filter.h', 'src/core/lib/security/context/security_context.h', - 'src/core/lib/security/credentials/alts/alts_credentials.h', 'src/core/lib/security/credentials/composite/composite_credentials.h', 'src/core/lib/security/credentials/credentials.h', 'src/core/lib/security/credentials/fake/fake_credentials.h', @@ -272,7 +271,6 @@ Pod::Spec.new do |s| 'src/core/lib/security/credentials/oauth2/oauth2_credentials.h', 'src/core/lib/security/credentials/plugin/plugin_credentials.h', 'src/core/lib/security/credentials/ssl/ssl_credentials.h', - 'src/core/lib/security/security_connector/alts_security_connector.h', 'src/core/lib/security/security_connector/security_connector.h', 'src/core/lib/security/transport/auth_filters.h', 'src/core/lib/security/transport/secure_endpoint.h', @@ -280,35 +278,15 @@ Pod::Spec.new do |s| 'src/core/lib/security/transport/target_authority_table.h', 'src/core/lib/security/transport/tsi_error.h', 'src/core/lib/security/util/json_util.h', - 'src/core/tsi/alts/crypt/gsec.h', - 'src/core/tsi/alts/frame_protector/alts_counter.h', - 'src/core/tsi/alts/frame_protector/alts_crypter.h', - 'src/core/tsi/alts/frame_protector/alts_frame_protector.h', - 'src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h', - 'src/core/tsi/alts/frame_protector/frame_handler.h', - 'src/core/tsi/alts/handshaker/alts_handshaker_client.h', - 'src/core/tsi/alts/handshaker/alts_tsi_event.h', - 'src/core/tsi/alts/handshaker/alts_tsi_handshaker.h', - 'src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h', - 'src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h', - 'src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h', - 'src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h', - 'src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h', - 'src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h', - 'src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h', - 'src/core/lib/security/credentials/alts/check_gcp_environment.h', - 'src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h', - 'src/core/tsi/alts/handshaker/alts_handshaker_service_api.h', - 'src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h', - 'src/core/tsi/alts/handshaker/alts_tsi_utils.h', - 'src/core/tsi/alts/handshaker/transport_security_common_api.h', - 'src/core/tsi/alts/handshaker/altscontext.pb.h', - 'src/core/tsi/alts/handshaker/handshaker.pb.h', - 'src/core/tsi/alts/handshaker/transport_security_common.pb.h', + 'src/core/tsi/alts_transport_security.h', + 'src/core/tsi/fake_transport_security.h', + 'src/core/tsi/ssl_transport_security.h', + 'src/core/tsi/ssl_types.h', + 'src/core/tsi/transport_security_grpc.h', 'src/core/tsi/transport_security.h', 'src/core/tsi/transport_security_adapter.h', 'src/core/tsi/transport_security_interface.h', - 'src/core/ext/transport/chttp2/client/chttp2_connector.h', + 'src/core/ext/transport/chttp2/server/chttp2_server.h', 'src/core/ext/filters/client_channel/backup_poller.h', 'src/core/ext/filters/client_channel/client_channel.h', 'src/core/ext/filters/client_channel/client_channel_factory.h', @@ -331,12 +309,7 @@ Pod::Spec.new do |s| 'src/core/ext/filters/client_channel/subchannel_index.h', 'src/core/ext/filters/client_channel/uri_parser.h', 'src/core/ext/filters/deadline/deadline_filter.h', - 'src/core/tsi/alts_transport_security.h', - 'src/core/tsi/fake_transport_security.h', - 'src/core/tsi/ssl_transport_security.h', - 'src/core/tsi/ssl_types.h', - 'src/core/tsi/transport_security_grpc.h', - 'src/core/ext/transport/chttp2/server/chttp2_server.h', + 'src/core/ext/transport/chttp2/client/chttp2_connector.h', 'src/core/ext/transport/inproc/inproc_transport.h', 'src/core/lib/avl/avl.h', 'src/core/lib/backoff/backoff.h', diff --git a/gRPC-Core.podspec b/gRPC-Core.podspec index 7f61719cb1..6c6c76991c 100644 --- a/gRPC-Core.podspec +++ b/gRPC-Core.podspec @@ -93,7 +93,7 @@ Pod::Spec.new do |s| } s.default_subspecs = 'Interface', 'Implementation' - s.compiler_flags = '-DGRPC_ARES=0', '-DPB_FIELD_16BIT' + s.compiler_flags = '-DGRPC_ARES=0' s.libraries = 'c++' # Like many other C libraries, gRPC-Core has its public headers under `include/<libname>/` and its @@ -271,7 +271,6 @@ Pod::Spec.new do |s| 'src/core/ext/filters/http/message_compress/message_compress_filter.h', 'src/core/ext/filters/http/server/http_server_filter.h', 'src/core/lib/security/context/security_context.h', - 'src/core/lib/security/credentials/alts/alts_credentials.h', 'src/core/lib/security/credentials/composite/composite_credentials.h', 'src/core/lib/security/credentials/credentials.h', 'src/core/lib/security/credentials/fake/fake_credentials.h', @@ -283,7 +282,6 @@ Pod::Spec.new do |s| 'src/core/lib/security/credentials/oauth2/oauth2_credentials.h', 'src/core/lib/security/credentials/plugin/plugin_credentials.h', 'src/core/lib/security/credentials/ssl/ssl_credentials.h', - 'src/core/lib/security/security_connector/alts_security_connector.h', 'src/core/lib/security/security_connector/security_connector.h', 'src/core/lib/security/transport/auth_filters.h', 'src/core/lib/security/transport/secure_endpoint.h', @@ -291,35 +289,15 @@ Pod::Spec.new do |s| 'src/core/lib/security/transport/target_authority_table.h', 'src/core/lib/security/transport/tsi_error.h', 'src/core/lib/security/util/json_util.h', - 'src/core/tsi/alts/crypt/gsec.h', - 'src/core/tsi/alts/frame_protector/alts_counter.h', - 'src/core/tsi/alts/frame_protector/alts_crypter.h', - 'src/core/tsi/alts/frame_protector/alts_frame_protector.h', - 'src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h', - 'src/core/tsi/alts/frame_protector/frame_handler.h', - 'src/core/tsi/alts/handshaker/alts_handshaker_client.h', - 'src/core/tsi/alts/handshaker/alts_tsi_event.h', - 'src/core/tsi/alts/handshaker/alts_tsi_handshaker.h', - 'src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h', - 'src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h', - 'src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h', - 'src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h', - 'src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h', - 'src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h', - 'src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h', - 'src/core/lib/security/credentials/alts/check_gcp_environment.h', - 'src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h', - 'src/core/tsi/alts/handshaker/alts_handshaker_service_api.h', - 'src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h', - 'src/core/tsi/alts/handshaker/alts_tsi_utils.h', - 'src/core/tsi/alts/handshaker/transport_security_common_api.h', - 'src/core/tsi/alts/handshaker/altscontext.pb.h', - 'src/core/tsi/alts/handshaker/handshaker.pb.h', - 'src/core/tsi/alts/handshaker/transport_security_common.pb.h', + 'src/core/tsi/alts_transport_security.h', + 'src/core/tsi/fake_transport_security.h', + 'src/core/tsi/ssl_transport_security.h', + 'src/core/tsi/ssl_types.h', + 'src/core/tsi/transport_security_grpc.h', 'src/core/tsi/transport_security.h', 'src/core/tsi/transport_security_adapter.h', 'src/core/tsi/transport_security_interface.h', - 'src/core/ext/transport/chttp2/client/chttp2_connector.h', + 'src/core/ext/transport/chttp2/server/chttp2_server.h', 'src/core/ext/filters/client_channel/backup_poller.h', 'src/core/ext/filters/client_channel/client_channel.h', 'src/core/ext/filters/client_channel/client_channel_factory.h', @@ -342,12 +320,7 @@ Pod::Spec.new do |s| 'src/core/ext/filters/client_channel/subchannel_index.h', 'src/core/ext/filters/client_channel/uri_parser.h', 'src/core/ext/filters/deadline/deadline_filter.h', - 'src/core/tsi/alts_transport_security.h', - 'src/core/tsi/fake_transport_security.h', - 'src/core/tsi/ssl_transport_security.h', - 'src/core/tsi/ssl_types.h', - 'src/core/tsi/transport_security_grpc.h', - 'src/core/ext/transport/chttp2/server/chttp2_server.h', + 'src/core/ext/transport/chttp2/client/chttp2_connector.h', 'src/core/ext/transport/inproc/inproc_transport.h', 'src/core/lib/avl/avl.h', 'src/core/lib/backoff/backoff.h', @@ -658,7 +631,6 @@ Pod::Spec.new do |s| 'src/core/ext/filters/http/server/http_server_filter.cc', 'src/core/lib/http/httpcli_security_connector.cc', 'src/core/lib/security/context/security_context.cc', - 'src/core/lib/security/credentials/alts/alts_credentials.cc', 'src/core/lib/security/credentials/composite/composite_credentials.cc', 'src/core/lib/security/credentials/credentials.cc', 'src/core/lib/security/credentials/credentials_metadata.cc', @@ -672,7 +644,6 @@ Pod::Spec.new do |s| 'src/core/lib/security/credentials/oauth2/oauth2_credentials.cc', 'src/core/lib/security/credentials/plugin/plugin_credentials.cc', 'src/core/lib/security/credentials/ssl/ssl_credentials.cc', - 'src/core/lib/security/security_connector/alts_security_connector.cc', 'src/core/lib/security/security_connector/security_connector.cc', 'src/core/lib/security/transport/client_auth_filter.cc', 'src/core/lib/security/transport/secure_endpoint.cc', @@ -682,42 +653,14 @@ Pod::Spec.new do |s| 'src/core/lib/security/transport/tsi_error.cc', 'src/core/lib/security/util/json_util.cc', 'src/core/lib/surface/init_secure.cc', - 'src/core/tsi/alts/crypt/aes_gcm.cc', - 'src/core/tsi/alts/crypt/gsec.cc', - 'src/core/tsi/alts/frame_protector/alts_counter.cc', - 'src/core/tsi/alts/frame_protector/alts_crypter.cc', - 'src/core/tsi/alts/frame_protector/alts_frame_protector.cc', - 'src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc', - 'src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc', - 'src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc', - 'src/core/tsi/alts/frame_protector/frame_handler.cc', - 'src/core/tsi/alts/handshaker/alts_handshaker_client.cc', - 'src/core/tsi/alts/handshaker/alts_tsi_event.cc', - 'src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc', - 'src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc', - 'src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc', - 'src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc', - 'src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc', - 'src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc', - 'src/core/lib/security/credentials/alts/check_gcp_environment.cc', - 'src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc', - 'src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc', - 'src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc', - 'src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc', - 'src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc', - 'src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc', - 'src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc', - 'src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc', - 'src/core/tsi/alts/handshaker/alts_tsi_utils.cc', - 'src/core/tsi/alts/handshaker/transport_security_common_api.cc', - 'src/core/tsi/alts/handshaker/altscontext.pb.c', - 'src/core/tsi/alts/handshaker/handshaker.pb.c', - 'src/core/tsi/alts/handshaker/transport_security_common.pb.c', + 'src/core/tsi/alts_transport_security.cc', + 'src/core/tsi/fake_transport_security.cc', + 'src/core/tsi/ssl_transport_security.cc', + 'src/core/tsi/transport_security_grpc.cc', 'src/core/tsi/transport_security.cc', 'src/core/tsi/transport_security_adapter.cc', - 'src/core/ext/transport/chttp2/client/insecure/channel_create.cc', - 'src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc', - 'src/core/ext/transport/chttp2/client/chttp2_connector.cc', + 'src/core/ext/transport/chttp2/server/chttp2_server.cc', + 'src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc', 'src/core/ext/filters/client_channel/backup_poller.cc', 'src/core/ext/filters/client_channel/channel_connectivity.cc', 'src/core/ext/filters/client_channel/client_channel.cc', @@ -741,14 +684,11 @@ Pod::Spec.new do |s| 'src/core/ext/filters/client_channel/subchannel_index.cc', 'src/core/ext/filters/client_channel/uri_parser.cc', 'src/core/ext/filters/deadline/deadline_filter.cc', - 'src/core/tsi/alts_transport_security.cc', - 'src/core/tsi/fake_transport_security.cc', - 'src/core/tsi/ssl_transport_security.cc', - 'src/core/tsi/transport_security_grpc.cc', - 'src/core/ext/transport/chttp2/server/chttp2_server.cc', - 'src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc', + 'src/core/ext/transport/chttp2/client/chttp2_connector.cc', 'src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc', 'src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc', + 'src/core/ext/transport/chttp2/client/insecure/channel_create.cc', + 'src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc', 'src/core/ext/transport/inproc/inproc_plugin.cc', 'src/core/ext/transport/inproc/inproc_transport.cc', 'src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc', @@ -825,7 +765,6 @@ Pod::Spec.new do |s| 'src/core/ext/filters/http/message_compress/message_compress_filter.h', 'src/core/ext/filters/http/server/http_server_filter.h', 'src/core/lib/security/context/security_context.h', - 'src/core/lib/security/credentials/alts/alts_credentials.h', 'src/core/lib/security/credentials/composite/composite_credentials.h', 'src/core/lib/security/credentials/credentials.h', 'src/core/lib/security/credentials/fake/fake_credentials.h', @@ -837,7 +776,6 @@ Pod::Spec.new do |s| 'src/core/lib/security/credentials/oauth2/oauth2_credentials.h', 'src/core/lib/security/credentials/plugin/plugin_credentials.h', 'src/core/lib/security/credentials/ssl/ssl_credentials.h', - 'src/core/lib/security/security_connector/alts_security_connector.h', 'src/core/lib/security/security_connector/security_connector.h', 'src/core/lib/security/transport/auth_filters.h', 'src/core/lib/security/transport/secure_endpoint.h', @@ -845,35 +783,15 @@ Pod::Spec.new do |s| 'src/core/lib/security/transport/target_authority_table.h', 'src/core/lib/security/transport/tsi_error.h', 'src/core/lib/security/util/json_util.h', - 'src/core/tsi/alts/crypt/gsec.h', - 'src/core/tsi/alts/frame_protector/alts_counter.h', - 'src/core/tsi/alts/frame_protector/alts_crypter.h', - 'src/core/tsi/alts/frame_protector/alts_frame_protector.h', - 'src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h', - 'src/core/tsi/alts/frame_protector/frame_handler.h', - 'src/core/tsi/alts/handshaker/alts_handshaker_client.h', - 'src/core/tsi/alts/handshaker/alts_tsi_event.h', - 'src/core/tsi/alts/handshaker/alts_tsi_handshaker.h', - 'src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h', - 'src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h', - 'src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h', - 'src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h', - 'src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h', - 'src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h', - 'src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h', - 'src/core/lib/security/credentials/alts/check_gcp_environment.h', - 'src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h', - 'src/core/tsi/alts/handshaker/alts_handshaker_service_api.h', - 'src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h', - 'src/core/tsi/alts/handshaker/alts_tsi_utils.h', - 'src/core/tsi/alts/handshaker/transport_security_common_api.h', - 'src/core/tsi/alts/handshaker/altscontext.pb.h', - 'src/core/tsi/alts/handshaker/handshaker.pb.h', - 'src/core/tsi/alts/handshaker/transport_security_common.pb.h', + 'src/core/tsi/alts_transport_security.h', + 'src/core/tsi/fake_transport_security.h', + 'src/core/tsi/ssl_transport_security.h', + 'src/core/tsi/ssl_types.h', + 'src/core/tsi/transport_security_grpc.h', 'src/core/tsi/transport_security.h', 'src/core/tsi/transport_security_adapter.h', 'src/core/tsi/transport_security_interface.h', - 'src/core/ext/transport/chttp2/client/chttp2_connector.h', + 'src/core/ext/transport/chttp2/server/chttp2_server.h', 'src/core/ext/filters/client_channel/backup_poller.h', 'src/core/ext/filters/client_channel/client_channel.h', 'src/core/ext/filters/client_channel/client_channel_factory.h', @@ -896,12 +814,7 @@ Pod::Spec.new do |s| 'src/core/ext/filters/client_channel/subchannel_index.h', 'src/core/ext/filters/client_channel/uri_parser.h', 'src/core/ext/filters/deadline/deadline_filter.h', - 'src/core/tsi/alts_transport_security.h', - 'src/core/tsi/fake_transport_security.h', - 'src/core/tsi/ssl_transport_security.h', - 'src/core/tsi/ssl_types.h', - 'src/core/tsi/transport_security_grpc.h', - 'src/core/ext/transport/chttp2/server/chttp2_server.h', + 'src/core/ext/transport/chttp2/client/chttp2_connector.h', 'src/core/ext/transport/inproc/inproc_transport.h', 'src/core/lib/avl/avl.h', 'src/core/lib/backoff/backoff.h', @@ -1062,15 +975,8 @@ Pod::Spec.new do |s| ss.source_files = 'src/core/ext/transport/cronet/client/secure/cronet_channel_create.cc', 'src/core/ext/transport/cronet/transport/cronet_transport.cc', - 'third_party/nanopb/pb_common.c', - 'third_party/nanopb/pb_decode.c', - 'third_party/nanopb/pb_encode.c', 'src/core/ext/transport/cronet/transport/cronet_transport.h', - 'third_party/objective_c/Cronet/bidirectional_stream_c.h', - 'third_party/nanopb/pb.h', - 'third_party/nanopb/pb_common.h', - 'third_party/nanopb/pb_decode.h', - 'third_party/nanopb/pb_encode.h' + 'third_party/objective_c/Cronet/bidirectional_stream_c.h' end s.subspec 'Tests' do |ss| diff --git a/grpc.gemspec b/grpc.gemspec index 3df7cea33f..fbe70aa795 100644 --- a/grpc.gemspec +++ b/grpc.gemspec @@ -197,7 +197,6 @@ Gem::Specification.new do |s| s.files += %w( src/core/ext/filters/http/message_compress/message_compress_filter.h ) s.files += %w( src/core/ext/filters/http/server/http_server_filter.h ) s.files += %w( src/core/lib/security/context/security_context.h ) - s.files += %w( src/core/lib/security/credentials/alts/alts_credentials.h ) s.files += %w( src/core/lib/security/credentials/composite/composite_credentials.h ) s.files += %w( src/core/lib/security/credentials/credentials.h ) s.files += %w( src/core/lib/security/credentials/fake/fake_credentials.h ) @@ -209,7 +208,6 @@ Gem::Specification.new do |s| s.files += %w( src/core/lib/security/credentials/oauth2/oauth2_credentials.h ) s.files += %w( src/core/lib/security/credentials/plugin/plugin_credentials.h ) s.files += %w( src/core/lib/security/credentials/ssl/ssl_credentials.h ) - s.files += %w( src/core/lib/security/security_connector/alts_security_connector.h ) s.files += %w( src/core/lib/security/security_connector/security_connector.h ) s.files += %w( src/core/lib/security/transport/auth_filters.h ) s.files += %w( src/core/lib/security/transport/secure_endpoint.h ) @@ -217,39 +215,15 @@ Gem::Specification.new do |s| s.files += %w( src/core/lib/security/transport/target_authority_table.h ) s.files += %w( src/core/lib/security/transport/tsi_error.h ) s.files += %w( src/core/lib/security/util/json_util.h ) - s.files += %w( src/core/tsi/alts/crypt/gsec.h ) - s.files += %w( src/core/tsi/alts/frame_protector/alts_counter.h ) - s.files += %w( src/core/tsi/alts/frame_protector/alts_crypter.h ) - s.files += %w( src/core/tsi/alts/frame_protector/alts_frame_protector.h ) - s.files += %w( src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h ) - s.files += %w( src/core/tsi/alts/frame_protector/frame_handler.h ) - s.files += %w( src/core/tsi/alts/handshaker/alts_handshaker_client.h ) - s.files += %w( src/core/tsi/alts/handshaker/alts_tsi_event.h ) - s.files += %w( src/core/tsi/alts/handshaker/alts_tsi_handshaker.h ) - s.files += %w( src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h ) - s.files += %w( src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h ) - s.files += %w( src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h ) - s.files += %w( src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h ) - s.files += %w( src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h ) - s.files += %w( src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h ) - s.files += %w( src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h ) - s.files += %w( src/core/lib/security/credentials/alts/check_gcp_environment.h ) - s.files += %w( src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h ) - s.files += %w( src/core/tsi/alts/handshaker/alts_handshaker_service_api.h ) - s.files += %w( src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h ) - s.files += %w( src/core/tsi/alts/handshaker/alts_tsi_utils.h ) - s.files += %w( src/core/tsi/alts/handshaker/transport_security_common_api.h ) - s.files += %w( src/core/tsi/alts/handshaker/altscontext.pb.h ) - s.files += %w( src/core/tsi/alts/handshaker/handshaker.pb.h ) - s.files += %w( src/core/tsi/alts/handshaker/transport_security_common.pb.h ) - s.files += %w( third_party/nanopb/pb.h ) - s.files += %w( third_party/nanopb/pb_common.h ) - s.files += %w( third_party/nanopb/pb_decode.h ) - s.files += %w( third_party/nanopb/pb_encode.h ) + s.files += %w( src/core/tsi/alts_transport_security.h ) + s.files += %w( src/core/tsi/fake_transport_security.h ) + s.files += %w( src/core/tsi/ssl_transport_security.h ) + s.files += %w( src/core/tsi/ssl_types.h ) + s.files += %w( src/core/tsi/transport_security_grpc.h ) s.files += %w( src/core/tsi/transport_security.h ) s.files += %w( src/core/tsi/transport_security_adapter.h ) s.files += %w( src/core/tsi/transport_security_interface.h ) - s.files += %w( src/core/ext/transport/chttp2/client/chttp2_connector.h ) + s.files += %w( src/core/ext/transport/chttp2/server/chttp2_server.h ) s.files += %w( src/core/ext/filters/client_channel/backup_poller.h ) s.files += %w( src/core/ext/filters/client_channel/client_channel.h ) s.files += %w( src/core/ext/filters/client_channel/client_channel_factory.h ) @@ -272,12 +246,7 @@ Gem::Specification.new do |s| s.files += %w( src/core/ext/filters/client_channel/subchannel_index.h ) s.files += %w( src/core/ext/filters/client_channel/uri_parser.h ) s.files += %w( src/core/ext/filters/deadline/deadline_filter.h ) - s.files += %w( src/core/tsi/alts_transport_security.h ) - s.files += %w( src/core/tsi/fake_transport_security.h ) - s.files += %w( src/core/tsi/ssl_transport_security.h ) - s.files += %w( src/core/tsi/ssl_types.h ) - s.files += %w( src/core/tsi/transport_security_grpc.h ) - s.files += %w( src/core/ext/transport/chttp2/server/chttp2_server.h ) + s.files += %w( src/core/ext/transport/chttp2/client/chttp2_connector.h ) s.files += %w( src/core/ext/transport/inproc/inproc_transport.h ) s.files += %w( src/core/lib/avl/avl.h ) s.files += %w( src/core/lib/backoff/backoff.h ) @@ -412,6 +381,10 @@ Gem::Specification.new do |s| s.files += %w( src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h ) s.files += %w( src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h ) s.files += %w( src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.h ) + s.files += %w( third_party/nanopb/pb.h ) + s.files += %w( third_party/nanopb/pb_common.h ) + s.files += %w( third_party/nanopb/pb_decode.h ) + s.files += %w( third_party/nanopb/pb_encode.h ) s.files += %w( src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h ) s.files += %w( src/core/ext/filters/client_channel/lb_policy/subchannel_list.h ) s.files += %w( src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h ) @@ -588,7 +561,6 @@ Gem::Specification.new do |s| s.files += %w( src/core/ext/filters/http/server/http_server_filter.cc ) s.files += %w( src/core/lib/http/httpcli_security_connector.cc ) s.files += %w( src/core/lib/security/context/security_context.cc ) - s.files += %w( src/core/lib/security/credentials/alts/alts_credentials.cc ) s.files += %w( src/core/lib/security/credentials/composite/composite_credentials.cc ) s.files += %w( src/core/lib/security/credentials/credentials.cc ) s.files += %w( src/core/lib/security/credentials/credentials_metadata.cc ) @@ -602,7 +574,6 @@ Gem::Specification.new do |s| s.files += %w( src/core/lib/security/credentials/oauth2/oauth2_credentials.cc ) s.files += %w( src/core/lib/security/credentials/plugin/plugin_credentials.cc ) s.files += %w( src/core/lib/security/credentials/ssl/ssl_credentials.cc ) - s.files += %w( src/core/lib/security/security_connector/alts_security_connector.cc ) s.files += %w( src/core/lib/security/security_connector/security_connector.cc ) s.files += %w( src/core/lib/security/transport/client_auth_filter.cc ) s.files += %w( src/core/lib/security/transport/secure_endpoint.cc ) @@ -612,45 +583,14 @@ Gem::Specification.new do |s| s.files += %w( src/core/lib/security/transport/tsi_error.cc ) s.files += %w( src/core/lib/security/util/json_util.cc ) s.files += %w( src/core/lib/surface/init_secure.cc ) - s.files += %w( src/core/tsi/alts/crypt/aes_gcm.cc ) - s.files += %w( src/core/tsi/alts/crypt/gsec.cc ) - s.files += %w( src/core/tsi/alts/frame_protector/alts_counter.cc ) - s.files += %w( src/core/tsi/alts/frame_protector/alts_crypter.cc ) - s.files += %w( src/core/tsi/alts/frame_protector/alts_frame_protector.cc ) - s.files += %w( src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc ) - s.files += %w( src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc ) - s.files += %w( src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc ) - s.files += %w( src/core/tsi/alts/frame_protector/frame_handler.cc ) - s.files += %w( src/core/tsi/alts/handshaker/alts_handshaker_client.cc ) - s.files += %w( src/core/tsi/alts/handshaker/alts_tsi_event.cc ) - s.files += %w( src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc ) - s.files += %w( src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc ) - s.files += %w( src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc ) - s.files += %w( src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc ) - s.files += %w( src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc ) - s.files += %w( src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc ) - s.files += %w( src/core/lib/security/credentials/alts/check_gcp_environment.cc ) - s.files += %w( src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc ) - s.files += %w( src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc ) - s.files += %w( src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc ) - s.files += %w( src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc ) - s.files += %w( src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc ) - s.files += %w( src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc ) - s.files += %w( src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc ) - s.files += %w( src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc ) - s.files += %w( src/core/tsi/alts/handshaker/alts_tsi_utils.cc ) - s.files += %w( src/core/tsi/alts/handshaker/transport_security_common_api.cc ) - s.files += %w( src/core/tsi/alts/handshaker/altscontext.pb.c ) - s.files += %w( src/core/tsi/alts/handshaker/handshaker.pb.c ) - s.files += %w( src/core/tsi/alts/handshaker/transport_security_common.pb.c ) - s.files += %w( third_party/nanopb/pb_common.c ) - s.files += %w( third_party/nanopb/pb_decode.c ) - s.files += %w( third_party/nanopb/pb_encode.c ) + s.files += %w( src/core/tsi/alts_transport_security.cc ) + s.files += %w( src/core/tsi/fake_transport_security.cc ) + s.files += %w( src/core/tsi/ssl_transport_security.cc ) + s.files += %w( src/core/tsi/transport_security_grpc.cc ) s.files += %w( src/core/tsi/transport_security.cc ) s.files += %w( src/core/tsi/transport_security_adapter.cc ) - s.files += %w( src/core/ext/transport/chttp2/client/insecure/channel_create.cc ) - s.files += %w( src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc ) - s.files += %w( src/core/ext/transport/chttp2/client/chttp2_connector.cc ) + s.files += %w( src/core/ext/transport/chttp2/server/chttp2_server.cc ) + s.files += %w( src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc ) s.files += %w( src/core/ext/filters/client_channel/backup_poller.cc ) s.files += %w( src/core/ext/filters/client_channel/channel_connectivity.cc ) s.files += %w( src/core/ext/filters/client_channel/client_channel.cc ) @@ -674,14 +614,11 @@ Gem::Specification.new do |s| s.files += %w( src/core/ext/filters/client_channel/subchannel_index.cc ) s.files += %w( src/core/ext/filters/client_channel/uri_parser.cc ) s.files += %w( src/core/ext/filters/deadline/deadline_filter.cc ) - s.files += %w( src/core/tsi/alts_transport_security.cc ) - s.files += %w( src/core/tsi/fake_transport_security.cc ) - s.files += %w( src/core/tsi/ssl_transport_security.cc ) - s.files += %w( src/core/tsi/transport_security_grpc.cc ) - s.files += %w( src/core/ext/transport/chttp2/server/chttp2_server.cc ) - s.files += %w( src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc ) + s.files += %w( src/core/ext/transport/chttp2/client/chttp2_connector.cc ) s.files += %w( src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc ) s.files += %w( src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc ) + s.files += %w( src/core/ext/transport/chttp2/client/insecure/channel_create.cc ) + s.files += %w( src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc ) s.files += %w( src/core/ext/transport/inproc/inproc_plugin.cc ) s.files += %w( src/core/ext/transport/inproc/inproc_transport.cc ) s.files += %w( src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc ) @@ -690,6 +627,9 @@ Gem::Specification.new do |s| s.files += %w( src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc ) s.files += %w( src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc ) s.files += %w( src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c ) + s.files += %w( third_party/nanopb/pb_common.c ) + s.files += %w( third_party/nanopb/pb_decode.c ) + s.files += %w( third_party/nanopb/pb_encode.c ) s.files += %w( src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc ) s.files += %w( src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc ) s.files += %w( src/core/ext/filters/client_channel/lb_policy/subchannel_list.cc ) @@ -64,11 +64,11 @@ ], 'cflags_c': [ '-Werror', - '-std=c99', + '-std=c99' ], 'cflags_cc': [ '-Werror', - '-std=c++11', + '-std=c++11' ], 'include_dirs': [ '.', @@ -148,7 +148,7 @@ '-Wno-deprecated-declarations', '-stdlib=libc++', '-std=c++11', - '-Wno-error=deprecated-declarations', + '-Wno-error=deprecated-declarations' ], }, }] @@ -156,17 +156,6 @@ }, 'targets': [ { - 'target_name': 'alts_test_util', - 'type': 'static_library', - 'dependencies': [ - 'grpc', - ], - 'sources': [ - 'test/core/tsi/alts/crypt/gsec_test_util.cc', - 'test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.cc', - ], - }, - { 'target_name': 'gpr', 'type': 'static_library', 'dependencies': [ @@ -396,7 +385,6 @@ 'src/core/ext/filters/http/server/http_server_filter.cc', 'src/core/lib/http/httpcli_security_connector.cc', 'src/core/lib/security/context/security_context.cc', - 'src/core/lib/security/credentials/alts/alts_credentials.cc', 'src/core/lib/security/credentials/composite/composite_credentials.cc', 'src/core/lib/security/credentials/credentials.cc', 'src/core/lib/security/credentials/credentials_metadata.cc', @@ -410,7 +398,6 @@ 'src/core/lib/security/credentials/oauth2/oauth2_credentials.cc', 'src/core/lib/security/credentials/plugin/plugin_credentials.cc', 'src/core/lib/security/credentials/ssl/ssl_credentials.cc', - 'src/core/lib/security/security_connector/alts_security_connector.cc', 'src/core/lib/security/security_connector/security_connector.cc', 'src/core/lib/security/transport/client_auth_filter.cc', 'src/core/lib/security/transport/secure_endpoint.cc', @@ -420,45 +407,14 @@ 'src/core/lib/security/transport/tsi_error.cc', 'src/core/lib/security/util/json_util.cc', 'src/core/lib/surface/init_secure.cc', - 'src/core/tsi/alts/crypt/aes_gcm.cc', - 'src/core/tsi/alts/crypt/gsec.cc', - 'src/core/tsi/alts/frame_protector/alts_counter.cc', - 'src/core/tsi/alts/frame_protector/alts_crypter.cc', - 'src/core/tsi/alts/frame_protector/alts_frame_protector.cc', - 'src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc', - 'src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc', - 'src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc', - 'src/core/tsi/alts/frame_protector/frame_handler.cc', - 'src/core/tsi/alts/handshaker/alts_handshaker_client.cc', - 'src/core/tsi/alts/handshaker/alts_tsi_event.cc', - 'src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc', - 'src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc', - 'src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc', - 'src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc', - 'src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc', - 'src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc', - 'src/core/lib/security/credentials/alts/check_gcp_environment.cc', - 'src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc', - 'src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc', - 'src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc', - 'src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc', - 'src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc', - 'src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc', - 'src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc', - 'src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc', - 'src/core/tsi/alts/handshaker/alts_tsi_utils.cc', - 'src/core/tsi/alts/handshaker/transport_security_common_api.cc', - 'src/core/tsi/alts/handshaker/altscontext.pb.c', - 'src/core/tsi/alts/handshaker/handshaker.pb.c', - 'src/core/tsi/alts/handshaker/transport_security_common.pb.c', - 'third_party/nanopb/pb_common.c', - 'third_party/nanopb/pb_decode.c', - 'third_party/nanopb/pb_encode.c', + 'src/core/tsi/alts_transport_security.cc', + 'src/core/tsi/fake_transport_security.cc', + 'src/core/tsi/ssl_transport_security.cc', + 'src/core/tsi/transport_security_grpc.cc', 'src/core/tsi/transport_security.cc', 'src/core/tsi/transport_security_adapter.cc', - 'src/core/ext/transport/chttp2/client/insecure/channel_create.cc', - 'src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc', - 'src/core/ext/transport/chttp2/client/chttp2_connector.cc', + 'src/core/ext/transport/chttp2/server/chttp2_server.cc', + 'src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc', 'src/core/ext/filters/client_channel/backup_poller.cc', 'src/core/ext/filters/client_channel/channel_connectivity.cc', 'src/core/ext/filters/client_channel/client_channel.cc', @@ -482,14 +438,11 @@ 'src/core/ext/filters/client_channel/subchannel_index.cc', 'src/core/ext/filters/client_channel/uri_parser.cc', 'src/core/ext/filters/deadline/deadline_filter.cc', - 'src/core/tsi/alts_transport_security.cc', - 'src/core/tsi/fake_transport_security.cc', - 'src/core/tsi/ssl_transport_security.cc', - 'src/core/tsi/transport_security_grpc.cc', - 'src/core/ext/transport/chttp2/server/chttp2_server.cc', - 'src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc', + 'src/core/ext/transport/chttp2/client/chttp2_connector.cc', 'src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc', 'src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc', + 'src/core/ext/transport/chttp2/client/insecure/channel_create.cc', + 'src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc', 'src/core/ext/transport/inproc/inproc_plugin.cc', 'src/core/ext/transport/inproc/inproc_transport.cc', 'src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc', @@ -498,6 +451,9 @@ 'src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc', 'src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc', 'src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c', + 'third_party/nanopb/pb_common.c', + 'third_party/nanopb/pb_decode.c', + 'third_party/nanopb/pb_encode.c', 'src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc', 'src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc', 'src/core/ext/filters/client_channel/lb_policy/subchannel_list.cc', diff --git a/package.xml b/package.xml index c4a6f6fc92..db03230eba 100644 --- a/package.xml +++ b/package.xml @@ -204,7 +204,6 @@ <file baseinstalldir="/" name="src/core/ext/filters/http/message_compress/message_compress_filter.h" role="src" /> <file baseinstalldir="/" name="src/core/ext/filters/http/server/http_server_filter.h" role="src" /> <file baseinstalldir="/" name="src/core/lib/security/context/security_context.h" role="src" /> - <file baseinstalldir="/" name="src/core/lib/security/credentials/alts/alts_credentials.h" role="src" /> <file baseinstalldir="/" name="src/core/lib/security/credentials/composite/composite_credentials.h" role="src" /> <file baseinstalldir="/" name="src/core/lib/security/credentials/credentials.h" role="src" /> <file baseinstalldir="/" name="src/core/lib/security/credentials/fake/fake_credentials.h" role="src" /> @@ -216,7 +215,6 @@ <file baseinstalldir="/" name="src/core/lib/security/credentials/oauth2/oauth2_credentials.h" role="src" /> <file baseinstalldir="/" name="src/core/lib/security/credentials/plugin/plugin_credentials.h" role="src" /> <file baseinstalldir="/" name="src/core/lib/security/credentials/ssl/ssl_credentials.h" role="src" /> - <file baseinstalldir="/" name="src/core/lib/security/security_connector/alts_security_connector.h" role="src" /> <file baseinstalldir="/" name="src/core/lib/security/security_connector/security_connector.h" role="src" /> <file baseinstalldir="/" name="src/core/lib/security/transport/auth_filters.h" role="src" /> <file baseinstalldir="/" name="src/core/lib/security/transport/secure_endpoint.h" role="src" /> @@ -224,39 +222,15 @@ <file baseinstalldir="/" name="src/core/lib/security/transport/target_authority_table.h" role="src" /> <file baseinstalldir="/" name="src/core/lib/security/transport/tsi_error.h" role="src" /> <file baseinstalldir="/" name="src/core/lib/security/util/json_util.h" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/crypt/gsec.h" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/frame_protector/alts_counter.h" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/frame_protector/alts_crypter.h" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/frame_protector/alts_frame_protector.h" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/frame_protector/frame_handler.h" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/handshaker/alts_handshaker_client.h" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/handshaker/alts_tsi_event.h" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/handshaker/alts_tsi_handshaker.h" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h" role="src" /> - <file baseinstalldir="/" name="src/core/lib/security/credentials/alts/check_gcp_environment.h" role="src" /> - <file baseinstalldir="/" name="src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/handshaker/alts_handshaker_service_api.h" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/handshaker/alts_tsi_utils.h" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/handshaker/transport_security_common_api.h" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/handshaker/altscontext.pb.h" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/handshaker/handshaker.pb.h" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/handshaker/transport_security_common.pb.h" role="src" /> - <file baseinstalldir="/" name="third_party/nanopb/pb.h" role="src" /> - <file baseinstalldir="/" name="third_party/nanopb/pb_common.h" role="src" /> - <file baseinstalldir="/" name="third_party/nanopb/pb_decode.h" role="src" /> - <file baseinstalldir="/" name="third_party/nanopb/pb_encode.h" role="src" /> + <file baseinstalldir="/" name="src/core/tsi/alts_transport_security.h" role="src" /> + <file baseinstalldir="/" name="src/core/tsi/fake_transport_security.h" role="src" /> + <file baseinstalldir="/" name="src/core/tsi/ssl_transport_security.h" role="src" /> + <file baseinstalldir="/" name="src/core/tsi/ssl_types.h" role="src" /> + <file baseinstalldir="/" name="src/core/tsi/transport_security_grpc.h" role="src" /> <file baseinstalldir="/" name="src/core/tsi/transport_security.h" role="src" /> <file baseinstalldir="/" name="src/core/tsi/transport_security_adapter.h" role="src" /> <file baseinstalldir="/" name="src/core/tsi/transport_security_interface.h" role="src" /> - <file baseinstalldir="/" name="src/core/ext/transport/chttp2/client/chttp2_connector.h" role="src" /> + <file baseinstalldir="/" name="src/core/ext/transport/chttp2/server/chttp2_server.h" role="src" /> <file baseinstalldir="/" name="src/core/ext/filters/client_channel/backup_poller.h" role="src" /> <file baseinstalldir="/" name="src/core/ext/filters/client_channel/client_channel.h" role="src" /> <file baseinstalldir="/" name="src/core/ext/filters/client_channel/client_channel_factory.h" role="src" /> @@ -279,12 +253,7 @@ <file baseinstalldir="/" name="src/core/ext/filters/client_channel/subchannel_index.h" role="src" /> <file baseinstalldir="/" name="src/core/ext/filters/client_channel/uri_parser.h" role="src" /> <file baseinstalldir="/" name="src/core/ext/filters/deadline/deadline_filter.h" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts_transport_security.h" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/fake_transport_security.h" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/ssl_transport_security.h" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/ssl_types.h" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/transport_security_grpc.h" role="src" /> - <file baseinstalldir="/" name="src/core/ext/transport/chttp2/server/chttp2_server.h" role="src" /> + <file baseinstalldir="/" name="src/core/ext/transport/chttp2/client/chttp2_connector.h" role="src" /> <file baseinstalldir="/" name="src/core/ext/transport/inproc/inproc_transport.h" role="src" /> <file baseinstalldir="/" name="src/core/lib/avl/avl.h" role="src" /> <file baseinstalldir="/" name="src/core/lib/backoff/backoff.h" role="src" /> @@ -419,6 +388,10 @@ <file baseinstalldir="/" name="src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h" role="src" /> <file baseinstalldir="/" name="src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h" role="src" /> <file baseinstalldir="/" name="src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.h" role="src" /> + <file baseinstalldir="/" name="third_party/nanopb/pb.h" role="src" /> + <file baseinstalldir="/" name="third_party/nanopb/pb_common.h" role="src" /> + <file baseinstalldir="/" name="third_party/nanopb/pb_decode.h" role="src" /> + <file baseinstalldir="/" name="third_party/nanopb/pb_encode.h" role="src" /> <file baseinstalldir="/" name="src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h" role="src" /> <file baseinstalldir="/" name="src/core/ext/filters/client_channel/lb_policy/subchannel_list.h" role="src" /> <file baseinstalldir="/" name="src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h" role="src" /> @@ -595,7 +568,6 @@ <file baseinstalldir="/" name="src/core/ext/filters/http/server/http_server_filter.cc" role="src" /> <file baseinstalldir="/" name="src/core/lib/http/httpcli_security_connector.cc" role="src" /> <file baseinstalldir="/" name="src/core/lib/security/context/security_context.cc" role="src" /> - <file baseinstalldir="/" name="src/core/lib/security/credentials/alts/alts_credentials.cc" role="src" /> <file baseinstalldir="/" name="src/core/lib/security/credentials/composite/composite_credentials.cc" role="src" /> <file baseinstalldir="/" name="src/core/lib/security/credentials/credentials.cc" role="src" /> <file baseinstalldir="/" name="src/core/lib/security/credentials/credentials_metadata.cc" role="src" /> @@ -609,7 +581,6 @@ <file baseinstalldir="/" name="src/core/lib/security/credentials/oauth2/oauth2_credentials.cc" role="src" /> <file baseinstalldir="/" name="src/core/lib/security/credentials/plugin/plugin_credentials.cc" role="src" /> <file baseinstalldir="/" name="src/core/lib/security/credentials/ssl/ssl_credentials.cc" role="src" /> - <file baseinstalldir="/" name="src/core/lib/security/security_connector/alts_security_connector.cc" role="src" /> <file baseinstalldir="/" name="src/core/lib/security/security_connector/security_connector.cc" role="src" /> <file baseinstalldir="/" name="src/core/lib/security/transport/client_auth_filter.cc" role="src" /> <file baseinstalldir="/" name="src/core/lib/security/transport/secure_endpoint.cc" role="src" /> @@ -619,45 +590,14 @@ <file baseinstalldir="/" name="src/core/lib/security/transport/tsi_error.cc" role="src" /> <file baseinstalldir="/" name="src/core/lib/security/util/json_util.cc" role="src" /> <file baseinstalldir="/" name="src/core/lib/surface/init_secure.cc" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/crypt/aes_gcm.cc" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/crypt/gsec.cc" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/frame_protector/alts_counter.cc" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/frame_protector/alts_crypter.cc" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/frame_protector/alts_frame_protector.cc" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/frame_protector/frame_handler.cc" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/handshaker/alts_handshaker_client.cc" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/handshaker/alts_tsi_event.cc" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc" role="src" /> - <file baseinstalldir="/" name="src/core/lib/security/credentials/alts/check_gcp_environment.cc" role="src" /> - <file baseinstalldir="/" name="src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc" role="src" /> - <file baseinstalldir="/" name="src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc" role="src" /> - <file baseinstalldir="/" name="src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc" role="src" /> - <file baseinstalldir="/" name="src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc" role="src" /> - <file baseinstalldir="/" name="src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc" role="src" /> - <file baseinstalldir="/" name="src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/handshaker/alts_tsi_utils.cc" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/handshaker/transport_security_common_api.cc" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/handshaker/altscontext.pb.c" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/handshaker/handshaker.pb.c" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts/handshaker/transport_security_common.pb.c" role="src" /> - <file baseinstalldir="/" name="third_party/nanopb/pb_common.c" role="src" /> - <file baseinstalldir="/" name="third_party/nanopb/pb_decode.c" role="src" /> - <file baseinstalldir="/" name="third_party/nanopb/pb_encode.c" role="src" /> + <file baseinstalldir="/" name="src/core/tsi/alts_transport_security.cc" role="src" /> + <file baseinstalldir="/" name="src/core/tsi/fake_transport_security.cc" role="src" /> + <file baseinstalldir="/" name="src/core/tsi/ssl_transport_security.cc" role="src" /> + <file baseinstalldir="/" name="src/core/tsi/transport_security_grpc.cc" role="src" /> <file baseinstalldir="/" name="src/core/tsi/transport_security.cc" role="src" /> <file baseinstalldir="/" name="src/core/tsi/transport_security_adapter.cc" role="src" /> - <file baseinstalldir="/" name="src/core/ext/transport/chttp2/client/insecure/channel_create.cc" role="src" /> - <file baseinstalldir="/" name="src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc" role="src" /> - <file baseinstalldir="/" name="src/core/ext/transport/chttp2/client/chttp2_connector.cc" role="src" /> + <file baseinstalldir="/" name="src/core/ext/transport/chttp2/server/chttp2_server.cc" role="src" /> + <file baseinstalldir="/" name="src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc" role="src" /> <file baseinstalldir="/" name="src/core/ext/filters/client_channel/backup_poller.cc" role="src" /> <file baseinstalldir="/" name="src/core/ext/filters/client_channel/channel_connectivity.cc" role="src" /> <file baseinstalldir="/" name="src/core/ext/filters/client_channel/client_channel.cc" role="src" /> @@ -681,14 +621,11 @@ <file baseinstalldir="/" name="src/core/ext/filters/client_channel/subchannel_index.cc" role="src" /> <file baseinstalldir="/" name="src/core/ext/filters/client_channel/uri_parser.cc" role="src" /> <file baseinstalldir="/" name="src/core/ext/filters/deadline/deadline_filter.cc" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/alts_transport_security.cc" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/fake_transport_security.cc" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/ssl_transport_security.cc" role="src" /> - <file baseinstalldir="/" name="src/core/tsi/transport_security_grpc.cc" role="src" /> - <file baseinstalldir="/" name="src/core/ext/transport/chttp2/server/chttp2_server.cc" role="src" /> - <file baseinstalldir="/" name="src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc" role="src" /> + <file baseinstalldir="/" name="src/core/ext/transport/chttp2/client/chttp2_connector.cc" role="src" /> <file baseinstalldir="/" name="src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc" role="src" /> <file baseinstalldir="/" name="src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc" role="src" /> + <file baseinstalldir="/" name="src/core/ext/transport/chttp2/client/insecure/channel_create.cc" role="src" /> + <file baseinstalldir="/" name="src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc" role="src" /> <file baseinstalldir="/" name="src/core/ext/transport/inproc/inproc_plugin.cc" role="src" /> <file baseinstalldir="/" name="src/core/ext/transport/inproc/inproc_transport.cc" role="src" /> <file baseinstalldir="/" name="src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc" role="src" /> @@ -697,6 +634,9 @@ <file baseinstalldir="/" name="src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc" role="src" /> <file baseinstalldir="/" name="src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc" role="src" /> <file baseinstalldir="/" name="src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c" role="src" /> + <file baseinstalldir="/" name="third_party/nanopb/pb_common.c" role="src" /> + <file baseinstalldir="/" name="third_party/nanopb/pb_decode.c" role="src" /> + <file baseinstalldir="/" name="third_party/nanopb/pb_encode.c" role="src" /> <file baseinstalldir="/" name="src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc" role="src" /> <file baseinstalldir="/" name="src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc" role="src" /> <file baseinstalldir="/" name="src/core/ext/filters/client_channel/lb_policy/subchannel_list.cc" role="src" /> @@ -118,7 +118,6 @@ if EXTRA_ENV_COMPILE_ARGS is None: EXTRA_ENV_COMPILE_ARGS += ' -std=c++11 -std=gnu99 -fvisibility=hidden -fno-wrapv -fno-exceptions' elif "darwin" in sys.platform: EXTRA_ENV_COMPILE_ARGS += ' -fvisibility=hidden -fno-wrapv -fno-exceptions' -EXTRA_ENV_COMPILE_ARGS += ' -DPB_FIELD_16BIT' if EXTRA_ENV_LINK_ARGS is None: EXTRA_ENV_LINK_ARGS = '' @@ -161,7 +160,7 @@ if "win32" in sys.platform: DEFINE_MACROS = ( ('OPENSSL_NO_ASM', 1), ('_WIN32_WINNT', 0x600), - ('GPR_BACKWARDS_COMPATIBILITY_MODE', 1)) + ('GPR_BACKWARDS_COMPATIBILITY_MODE', 1),) if "win32" in sys.platform: # TODO(zyc): Re-enble c-ares on x64 and x86 windows after fixing the # ares_library_init compilation issue diff --git a/src/core/lib/security/credentials/alts/alts_credentials.cc b/src/core/lib/security/credentials/alts/alts_credentials.cc deleted file mode 100644 index fa05d901bf..0000000000 --- a/src/core/lib/security/credentials/alts/alts_credentials.cc +++ /dev/null @@ -1,119 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <grpc/support/port_platform.h> - -#include "src/core/lib/security/credentials/alts/alts_credentials.h" - -#include <cstring> - -#include <grpc/grpc.h> -#include <grpc/support/alloc.h> -#include <grpc/support/log.h> -#include <grpc/support/string_util.h> - -#include "src/core/lib/security/credentials/alts/check_gcp_environment.h" -#include "src/core/lib/security/security_connector/alts_security_connector.h" - -#define GRPC_CREDENTIALS_TYPE_ALTS "Alts" -#define GRPC_ALTS_HANDSHAKER_SERVICE_URL "metadata.google.internal:8080" - -static void alts_credentials_destruct(grpc_channel_credentials* creds) { - grpc_alts_credentials* alts_creds = - reinterpret_cast<grpc_alts_credentials*>(creds); - grpc_alts_credentials_options_destroy(alts_creds->options); - gpr_free(alts_creds->handshaker_service_url); -} - -static void alts_server_credentials_destruct(grpc_server_credentials* creds) { - grpc_alts_server_credentials* alts_creds = - reinterpret_cast<grpc_alts_server_credentials*>(creds); - grpc_alts_credentials_options_destroy(alts_creds->options); - gpr_free(alts_creds->handshaker_service_url); -} - -static grpc_security_status alts_create_security_connector( - grpc_channel_credentials* creds, - grpc_call_credentials* request_metadata_creds, const char* target_name, - const grpc_channel_args* args, grpc_channel_security_connector** sc, - grpc_channel_args** new_args) { - return grpc_alts_channel_security_connector_create( - creds, request_metadata_creds, target_name, sc); -} - -static grpc_security_status alts_server_create_security_connector( - grpc_server_credentials* creds, grpc_server_security_connector** sc) { - return grpc_alts_server_security_connector_create(creds, sc); -} - -static const grpc_channel_credentials_vtable alts_credentials_vtable = { - alts_credentials_destruct, alts_create_security_connector, - /*duplicate_without_call_credentials=*/nullptr}; - -static const grpc_server_credentials_vtable alts_server_credentials_vtable = { - alts_server_credentials_destruct, alts_server_create_security_connector}; - -grpc_channel_credentials* grpc_alts_credentials_create_customized( - const grpc_alts_credentials_options* options, - const char* handshaker_service_url, bool enable_untrusted_alts) { - if (!enable_untrusted_alts && !grpc_alts_is_running_on_gcp()) { - return nullptr; - } - auto creds = static_cast<grpc_alts_credentials*>( - gpr_zalloc(sizeof(grpc_alts_credentials))); - creds->options = grpc_alts_credentials_options_copy(options); - creds->handshaker_service_url = - handshaker_service_url == nullptr - ? gpr_strdup(GRPC_ALTS_HANDSHAKER_SERVICE_URL) - : gpr_strdup(handshaker_service_url); - creds->base.type = GRPC_CREDENTIALS_TYPE_ALTS; - creds->base.vtable = &alts_credentials_vtable; - gpr_ref_init(&creds->base.refcount, 1); - return &creds->base; -} - -grpc_server_credentials* grpc_alts_server_credentials_create_customized( - const grpc_alts_credentials_options* options, - const char* handshaker_service_url, bool enable_untrusted_alts) { - if (!enable_untrusted_alts && !grpc_alts_is_running_on_gcp()) { - return nullptr; - } - auto creds = static_cast<grpc_alts_server_credentials*>( - gpr_zalloc(sizeof(grpc_alts_server_credentials))); - creds->options = grpc_alts_credentials_options_copy(options); - creds->handshaker_service_url = - handshaker_service_url == nullptr - ? gpr_strdup(GRPC_ALTS_HANDSHAKER_SERVICE_URL) - : gpr_strdup(handshaker_service_url); - creds->base.type = GRPC_CREDENTIALS_TYPE_ALTS; - creds->base.vtable = &alts_server_credentials_vtable; - gpr_ref_init(&creds->base.refcount, 1); - return &creds->base; -} - -grpc_channel_credentials* grpc_alts_credentials_create( - const grpc_alts_credentials_options* options) { - return grpc_alts_credentials_create_customized( - options, GRPC_ALTS_HANDSHAKER_SERVICE_URL, false); -} - -grpc_server_credentials* grpc_alts_server_credentials_create( - const grpc_alts_credentials_options* options) { - return grpc_alts_server_credentials_create_customized( - options, GRPC_ALTS_HANDSHAKER_SERVICE_URL, false); -} diff --git a/src/core/lib/security/credentials/alts/alts_credentials.h b/src/core/lib/security/credentials/alts/alts_credentials.h deleted file mode 100644 index 621789cf65..0000000000 --- a/src/core/lib/security/credentials/alts/alts_credentials.h +++ /dev/null @@ -1,102 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_ALTS_ALTS_CREDENTIALS_H -#define GRPC_CORE_LIB_SECURITY_CREDENTIALS_ALTS_ALTS_CREDENTIALS_H - -#include <grpc/support/port_platform.h> - -#include <grpc/grpc_security.h> - -#include "src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h" -#include "src/core/lib/security/credentials/credentials.h" - -/* Main struct for grpc ALTS channel credential. */ -typedef struct grpc_alts_credentials { - grpc_channel_credentials base; - grpc_alts_credentials_options* options; - char* handshaker_service_url; -} grpc_alts_credentials; - -/* Main struct for grpc ALTS server credential. */ -typedef struct grpc_alts_server_credentials { - grpc_server_credentials base; - grpc_alts_credentials_options* options; - char* handshaker_service_url; -} grpc_alts_server_credentials; - -/** - * This method creates an ALTS channel credential object. - * - * - options: grpc ALTS credentials options instance for client. - * - * It returns the created ALTS channel credential object. - */ -grpc_channel_credentials* grpc_alts_credentials_create( - const grpc_alts_credentials_options* options); - -/** - * This method creates an ALTS server credential object. - * - * - options: grpc ALTS credentials options instance for server. - * - * It returns the created ALTS server credential object. - */ -grpc_server_credentials* grpc_alts_server_credentials_create( - const grpc_alts_credentials_options* options); - -/** - * This method creates an ALTS channel credential object with customized - * information provided by caller. - * - * - options: grpc ALTS credentials options instance for client. - * - handshaker_service_url: address of ALTS handshaker service in the format of - * "host:port". If it's nullptr, the address of default metadata server will - * be used. - * - enable_untrusted_alts: a boolean flag used to enable ALTS in untrusted - * mode. This mode can be enabled when we are sure ALTS is running on GCP or - * for testing purpose. - * - * It returns nullptr if the flag is disabled AND ALTS is not running on GCP. - * Otherwise, it returns the created credential object. - */ - -grpc_channel_credentials* grpc_alts_credentials_create_customized( - const grpc_alts_credentials_options* options, - const char* handshaker_service_url, bool enable_untrusted_alts); - -/** - * This method creates an ALTS server credential object with customized - * information provided by caller. - * - * - options: grpc ALTS credentials options instance for server. - * - handshaker_service_url: address of ALTS handshaker service in the format of - * "host:port". If it's nullptr, the address of default metadata server will - * be used. - * - enable_untrusted_alts: a boolean flag used to enable ALTS in untrusted - * mode. This mode can be enabled when we are sure ALTS is running on GCP or - * for testing purpose. - * - * It returns nullptr if the flag is disabled and ALTS is not running on GCP. - * Otherwise, it returns the created credential object. - */ -grpc_server_credentials* grpc_alts_server_credentials_create_customized( - const grpc_alts_credentials_options* options, - const char* handshaker_service_url, bool enable_untrusted_alts); - -#endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_ALTS_ALTS_CREDENTIALS_H */ diff --git a/src/core/lib/security/credentials/alts/check_gcp_environment.cc b/src/core/lib/security/credentials/alts/check_gcp_environment.cc deleted file mode 100644 index 96807876cf..0000000000 --- a/src/core/lib/security/credentials/alts/check_gcp_environment.cc +++ /dev/null @@ -1,72 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <grpc/support/port_platform.h> - -#include "src/core/lib/security/credentials/alts/check_gcp_environment.h" - -#include <ctype.h> -#include <stdio.h> -#include <string.h> - -#include <grpc/support/alloc.h> -#include <grpc/support/log.h> - -const size_t kBiosDataBufferSize = 256; - -static char* trim(const char* src) { - if (src == nullptr) { - return nullptr; - } - char* des = nullptr; - size_t start = 0, end = strlen(src) - 1; - /* find the last character that is not a whitespace. */ - while (end != 0 && isspace(src[end])) { - end--; - } - /* find the first character that is not a whitespace. */ - while (start < strlen(src) && isspace(src[start])) { - start++; - } - if (start <= end) { - des = static_cast<char*>( - gpr_zalloc(sizeof(char) * (end - start + 2 /* '\0' */))); - memcpy(des, src + start, end - start + 1); - } - return des; -} - -namespace grpc_core { -namespace internal { - -char* read_bios_file(const char* bios_file) { - FILE* fp = fopen(bios_file, "r"); - if (!fp) { - gpr_log(GPR_ERROR, "BIOS data file cannot be opened."); - return nullptr; - } - char buf[kBiosDataBufferSize + 1]; - size_t ret = fread(buf, sizeof(char), kBiosDataBufferSize, fp); - buf[ret] = '\0'; - char* trimmed_buf = trim(buf); - fclose(fp); - return trimmed_buf; -} - -} // namespace internal -} // namespace grpc_core diff --git a/src/core/lib/security/credentials/alts/check_gcp_environment.h b/src/core/lib/security/credentials/alts/check_gcp_environment.h deleted file mode 100644 index aea4cea643..0000000000 --- a/src/core/lib/security/credentials/alts/check_gcp_environment.h +++ /dev/null @@ -1,57 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_ALTS_CHECK_GCP_ENVIRONMENT_H -#define GRPC_CORE_LIB_SECURITY_CREDENTIALS_ALTS_CHECK_GCP_ENVIRONMENT_H - -namespace grpc_core { -namespace internal { - -/** - * This method is a helper function that reads a file containing system bios - * data. Exposed for testing only. - * - * - bios_file: a file containing BIOS data used to determine GCE tenancy - * information. - * - * It returns a buffer containing the data read from the file. - */ -char* read_bios_file(const char* bios_file); - -/** - * This method checks if system BIOS data contains Google-specific phrases. - * Exposed for testing only. - * - * - bios_data: a buffer containing system BIOS data. - * - * It returns true if the BIOS data contains Google-specific phrases, and false - * otherwise. - */ -bool check_bios_data(const char* bios_data); - -} // namespace internal -} // namespace grpc_core - -/** - * This method checks if a VM (Windows or Linux) is running within Google - * compute Engine (GCE) or not. It returns true if the VM is running in GCE and - * false otherwise. - */ -bool grpc_alts_is_running_on_gcp(); - -#endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_ALTS_CHECK_GCP_ENVIRONMENT_H */ diff --git a/src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc b/src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc deleted file mode 100644 index 7c4d7a71cd..0000000000 --- a/src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc +++ /dev/null @@ -1,67 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <grpc/support/port_platform.h> - -#ifdef GPR_LINUX - -#include "src/core/lib/security/credentials/alts/check_gcp_environment.h" - -#include <grpc/support/alloc.h> -#include <grpc/support/sync.h> - -#include <string.h> - -#define GRPC_ALTS_EXPECT_NAME_GOOGLE "Google" -#define GRPC_ALTS_EXPECT_NAME_GCE "Google Compute Engine" -#define GRPC_ALTS_PRODUCT_NAME_FILE "/sys/class/dmi/id/product_name" - -static bool g_compute_engine_detection_done = false; -static bool g_is_on_compute_engine = false; -static gpr_mu g_mu; -static gpr_once g_once = GPR_ONCE_INIT; - -namespace grpc_core { -namespace internal { - -bool check_bios_data(const char* bios_data_file) { - char* bios_data = read_bios_file(bios_data_file); - bool result = (!strcmp(bios_data, GRPC_ALTS_EXPECT_NAME_GOOGLE)) || - (!strcmp(bios_data, GRPC_ALTS_EXPECT_NAME_GCE)); - gpr_free(bios_data); - return result; -} - -} // namespace internal -} // namespace grpc_core - -static void init_mu(void) { gpr_mu_init(&g_mu); } - -bool grpc_alts_is_running_on_gcp() { - gpr_once_init(&g_once, init_mu); - gpr_mu_lock(&g_mu); - if (!g_compute_engine_detection_done) { - g_is_on_compute_engine = - grpc_core::internal::check_bios_data(GRPC_ALTS_PRODUCT_NAME_FILE); - g_compute_engine_detection_done = true; - } - gpr_mu_unlock(&g_mu); - return g_is_on_compute_engine; -} - -#endif // GPR_LINUX diff --git a/src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc b/src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc deleted file mode 100644 index d97681b86d..0000000000 --- a/src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc +++ /dev/null @@ -1,33 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <grpc/support/port_platform.h> - -#if !defined(GPR_LINUX) && !defined(GPR_WINDOWS) - -#include "src/core/lib/security/credentials/alts/check_gcp_environment.h" - -#include <grpc/support/log.h> - -bool grpc_alts_is_running_on_gcp() { - gpr_log(GPR_ERROR, - "Platforms other than Linux and Windows are not supported"); - return false; -} - -#endif // !defined(LINUX) && !defined(GPR_WINDOWS) diff --git a/src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc b/src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc deleted file mode 100644 index 55efe0e9dd..0000000000 --- a/src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc +++ /dev/null @@ -1,114 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <grpc/support/port_platform.h> - -#ifdef GPR_WINDOWS - -#include "src/core/lib/security/credentials/alts/check_gcp_environment.h" - -#include <shellapi.h> -#include <stdio.h> -#include <tchar.h> -#include <windows.h> - -#include <grpc/support/alloc.h> -#include <grpc/support/log.h> -#include <grpc/support/sync.h> - -#define GRPC_ALTS_EXPECT_NAME_GOOGLE "Google" -#define GRPC_ALTS_WINDOWS_CHECK_COMMAND "powershell.exe" -#define GRPC_ALTS_WINDOWS_CHECK_COMMAND_ARGS \ - "(Get-WmiObject -Class Win32_BIOS).Manufacturer" -#define GRPC_ALTS_WINDOWS_CHECK_BIOS_FILE "windows_bios.data" - -const size_t kBiosDataBufferSize = 256; - -static bool g_compute_engine_detection_done = false; -static bool g_is_on_compute_engine = false; -static gpr_mu g_mu; -static gpr_once g_once = GPR_ONCE_INIT; - -namespace grpc_core { -namespace internal { - -bool check_bios_data(const char* bios_data_file) { - char* bios_data = read_bios_file(bios_data_file); - bool result = !strcmp(bios_data, GRPC_ALTS_EXPECT_NAME_GOOGLE); - remove(GRPC_ALTS_WINDOWS_CHECK_BIOS_FILE); - gpr_free(bios_data); - return result; -} - -} // namespace internal -} // namespace grpc_core - -static void init_mu(void) { gpr_mu_init(&g_mu); } - -static bool run_powershell() { - SECURITY_ATTRIBUTES sa; - sa.nLength = sizeof(sa); - sa.lpSecurityDescriptor = NULL; - sa.bInheritHandle = TRUE; - HANDLE h = CreateFile(_T(GRPC_ALTS_WINDOWS_CHECK_BIOS_FILE), GENERIC_WRITE, - FILE_SHARE_WRITE | FILE_SHARE_READ, &sa, OPEN_ALWAYS, - FILE_ATTRIBUTE_NORMAL, NULL); - if (h == INVALID_HANDLE_VALUE) { - gpr_log(GPR_ERROR, "CreateFile failed (%d).", GetLastError()); - return false; - } - PROCESS_INFORMATION pi; - STARTUPINFO si; - DWORD flags = CREATE_NO_WINDOW; - ZeroMemory(&pi, sizeof(pi)); - ZeroMemory(&si, sizeof(si)); - si.cb = sizeof(si); - si.dwFlags |= STARTF_USESTDHANDLES; - si.hStdInput = NULL; - si.hStdError = h; - si.hStdOutput = h; - TCHAR cmd[kBiosDataBufferSize]; - _sntprintf(cmd, kBiosDataBufferSize, _T("%s %s"), - _T(GRPC_ALTS_WINDOWS_CHECK_COMMAND), - _T(GRPC_ALTS_WINDOWS_CHECK_COMMAND_ARGS)); - if (!CreateProcess(NULL, cmd, NULL, NULL, TRUE, flags, NULL, NULL, &si, - &pi)) { - gpr_log(GPR_ERROR, "CreateProcess failed (%d).\n", GetLastError()); - return false; - } - WaitForSingleObject(pi.hProcess, INFINITE); - CloseHandle(pi.hProcess); - CloseHandle(pi.hThread); - CloseHandle(h); - return true; -} - -bool grpc_alts_is_running_on_gcp() { - gpr_once_init(&g_once, init_mu); - gpr_mu_lock(&g_mu); - if (!g_compute_engine_detection_done) { - g_is_on_compute_engine = - run_powershell() && - grpc_core::internal::check_bios_data(GRPC_ALTS_WINDOWS_CHECK_BIOS_FILE); - g_compute_engine_detection_done = true; - } - gpr_mu_unlock(&g_mu); - return g_is_on_compute_engine; -} - -#endif // GPR_WINDOWS diff --git a/src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc b/src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc deleted file mode 100644 index 7d54e8346f..0000000000 --- a/src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc +++ /dev/null @@ -1,126 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <grpc/support/port_platform.h> - -#include <stdlib.h> -#include <string.h> - -#include <grpc/support/alloc.h> -#include <grpc/support/log.h> -#include <grpc/support/string_util.h> - -#include "src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h" -#include "src/core/tsi/alts/handshaker/transport_security_common_api.h" - -static grpc_alts_credentials_options* alts_client_options_copy( - const grpc_alts_credentials_options* options); - -static void alts_client_options_destroy(grpc_alts_credentials_options* options); - -static target_service_account* target_service_account_create( - const char* service_account) { - if (service_account == nullptr) { - return nullptr; - } - auto* sa = static_cast<target_service_account*>( - gpr_zalloc(sizeof(target_service_account))); - sa->data = gpr_strdup(service_account); - return sa; -} - -bool grpc_alts_credentials_client_options_add_target_service_account( - grpc_alts_credentials_client_options* options, - const char* service_account) { - if (options == nullptr || service_account == nullptr) { - gpr_log( - GPR_ERROR, - "Invalid nullptr arguments to " - "grpc_alts_credentials_client_options_add_target_service_account()"); - return false; - } - target_service_account* node = target_service_account_create(service_account); - node->next = options->target_account_list_head; - options->target_account_list_head = node; - return true; -} - -static void target_service_account_destroy( - target_service_account* service_account) { - if (service_account == nullptr) { - return; - } - gpr_free(service_account->data); - gpr_free(service_account); -} - -static const grpc_alts_credentials_options_vtable vtable = { - alts_client_options_copy, alts_client_options_destroy}; - -grpc_alts_credentials_options* grpc_alts_credentials_client_options_create() { - auto client_options = static_cast<grpc_alts_credentials_client_options*>( - gpr_zalloc(sizeof(grpc_alts_credentials_client_options))); - client_options->base.vtable = &vtable; - return &client_options->base; -} - -static grpc_alts_credentials_options* alts_client_options_copy( - const grpc_alts_credentials_options* options) { - if (options == nullptr) { - return nullptr; - } - grpc_alts_credentials_options* new_options = - grpc_alts_credentials_client_options_create(); - auto new_client_options = - reinterpret_cast<grpc_alts_credentials_client_options*>(new_options); - /* Copy target service accounts. */ - target_service_account* prev = nullptr; - auto node = - (reinterpret_cast<const grpc_alts_credentials_client_options*>(options)) - ->target_account_list_head; - while (node != nullptr) { - target_service_account* new_node = - target_service_account_create(node->data); - if (prev == nullptr) { - new_client_options->target_account_list_head = new_node; - } else { - prev->next = new_node; - } - prev = new_node; - node = node->next; - } - /* Copy rpc protocol versions. */ - grpc_gcp_rpc_protocol_versions_copy(&options->rpc_versions, - &new_options->rpc_versions); - return new_options; -} - -static void alts_client_options_destroy( - grpc_alts_credentials_options* options) { - if (options == nullptr) { - return; - } - auto* client_options = - reinterpret_cast<grpc_alts_credentials_client_options*>(options); - target_service_account* node = client_options->target_account_list_head; - while (node != nullptr) { - target_service_account* next_node = node->next; - target_service_account_destroy(node); - node = next_node; - } -} diff --git a/src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc b/src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc deleted file mode 100644 index d428171540..0000000000 --- a/src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc +++ /dev/null @@ -1,46 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <grpc/support/port_platform.h> - -#include "src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h" - -#include <grpc/support/alloc.h> -#include <grpc/support/log.h> - -grpc_alts_credentials_options* grpc_alts_credentials_options_copy( - const grpc_alts_credentials_options* options) { - if (options != nullptr && options->vtable != nullptr && - options->vtable->copy != nullptr) { - return options->vtable->copy(options); - } - /* An error occurred. */ - gpr_log(GPR_ERROR, - "Invalid arguments to grpc_alts_credentials_options_copy()"); - return nullptr; -} - -void grpc_alts_credentials_options_destroy( - grpc_alts_credentials_options* options) { - if (options != nullptr) { - if (options->vtable != nullptr && options->vtable->destruct != nullptr) { - options->vtable->destruct(options); - } - gpr_free(options); - } -} diff --git a/src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h b/src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h deleted file mode 100644 index 4e46d9f2de..0000000000 --- a/src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h +++ /dev/null @@ -1,112 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_ALTS_GRPC_ALTS_CREDENTIALS_OPTIONS_H -#define GRPC_CORE_LIB_SECURITY_CREDENTIALS_ALTS_GRPC_ALTS_CREDENTIALS_OPTIONS_H - -#include <grpc/support/port_platform.h> - -#include <stdbool.h> - -#include "src/core/tsi/alts/handshaker/transport_security_common_api.h" - -/** - * Main interface for ALTS credentials options. The options will contain - * information that will be passed from grpc to TSI layer such as RPC protocol - * versions. ALTS client (channel) and server credentials will have their own - * implementation of this interface. The APIs listed in this header are - * thread-compatible. - */ -typedef struct grpc_alts_credentials_options grpc_alts_credentials_options; - -/* V-table for grpc_alts_credentials_options */ -typedef struct grpc_alts_credentials_options_vtable { - grpc_alts_credentials_options* (*copy)( - const grpc_alts_credentials_options* options); - void (*destruct)(grpc_alts_credentials_options* options); -} grpc_alts_credentials_options_vtable; - -struct grpc_alts_credentials_options { - const struct grpc_alts_credentials_options_vtable* vtable; - grpc_gcp_rpc_protocol_versions rpc_versions; -}; - -typedef struct target_service_account { - struct target_service_account* next; - char* data; -} target_service_account; - -/** - * Main struct for ALTS client credentials options. The options contain a - * a list of target service accounts (if specified) used for secure naming - * check. - */ -typedef struct grpc_alts_credentials_client_options { - grpc_alts_credentials_options base; - target_service_account* target_account_list_head; -} grpc_alts_credentials_client_options; - -/** - * Main struct for ALTS server credentials options. The options currently - * do not contain any server-specific fields. - */ -typedef struct grpc_alts_credentials_server_options { - grpc_alts_credentials_options base; -} grpc_alts_credentials_server_options; - -/** - * This method performs a deep copy on grpc_alts_credentials_options instance. - * - * - options: a grpc_alts_credentials_options instance that needs to be copied. - * - * It returns a new grpc_alts_credentials_options instance on success and NULL - * on failure. - */ -grpc_alts_credentials_options* grpc_alts_credentials_options_copy( - const grpc_alts_credentials_options* options); - -/** - * This method destroys a grpc_alts_credentials_options instance by - * de-allocating all of its occupied memory. - * - * - options: a grpc_alts_credentials_options instance that needs to be - * destroyed. - */ -void grpc_alts_credentials_options_destroy( - grpc_alts_credentials_options* options); - -/* This method creates a grpc ALTS credentials client options instance. */ -grpc_alts_credentials_options* grpc_alts_credentials_client_options_create(); - -/* This method creates a grpc ALTS credentials server options instance. */ -grpc_alts_credentials_options* grpc_alts_credentials_server_options_create(); - -/** - * This method adds a target service account to grpc ALTS credentials client - * options instance. - * - * - options: grpc ALTS credentials client options instance. - * - service_account: service account of target endpoint. - * - * It returns true on success and false on failure. - */ -bool grpc_alts_credentials_client_options_add_target_service_account( - grpc_alts_credentials_client_options* options, const char* service_account); - -#endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_ALTS_GRPC_ALTS_CREDENTIALS_OPTIONS_H \ - */ diff --git a/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc b/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc deleted file mode 100644 index 62aa7a620a..0000000000 --- a/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc +++ /dev/null @@ -1,58 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <grpc/support/port_platform.h> - -#include <stdlib.h> -#include <string.h> - -#include <grpc/support/alloc.h> -#include <grpc/support/log.h> - -#include "src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h" -#include "src/core/tsi/alts/handshaker/transport_security_common_api.h" - -static grpc_alts_credentials_options* alts_server_options_copy( - const grpc_alts_credentials_options* options); - -static void alts_server_options_destroy( - grpc_alts_credentials_options* options) {} - -static const grpc_alts_credentials_options_vtable vtable = { - alts_server_options_copy, alts_server_options_destroy}; - -grpc_alts_credentials_options* grpc_alts_credentials_server_options_create() { - grpc_alts_credentials_server_options* server_options = - static_cast<grpc_alts_credentials_server_options*>( - gpr_zalloc(sizeof(*server_options))); - server_options->base.vtable = &vtable; - return &server_options->base; -} - -static grpc_alts_credentials_options* alts_server_options_copy( - const grpc_alts_credentials_options* options) { - if (options == nullptr) { - return nullptr; - } - grpc_alts_credentials_options* new_options = - grpc_alts_credentials_server_options_create(); - /* Copy rpc protocol versions. */ - grpc_gcp_rpc_protocol_versions_copy(&options->rpc_versions, - &new_options->rpc_versions); - return new_options; -} diff --git a/src/core/lib/security/security_connector/alts_security_connector.cc b/src/core/lib/security/security_connector/alts_security_connector.cc deleted file mode 100644 index 5ff7d7938b..0000000000 --- a/src/core/lib/security/security_connector/alts_security_connector.cc +++ /dev/null @@ -1,287 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <grpc/support/port_platform.h> - -#include "src/core/lib/security/security_connector/alts_security_connector.h" - -#include <stdbool.h> -#include <string.h> - -#include <grpc/grpc.h> -#include <grpc/support/alloc.h> -#include <grpc/support/log.h> -#include <grpc/support/string_util.h> - -#include "src/core/lib/security/credentials/alts/alts_credentials.h" -#include "src/core/lib/security/transport/security_handshaker.h" -#include "src/core/lib/transport/transport.h" -#include "src/core/tsi/alts/handshaker/alts_tsi_handshaker.h" - -typedef struct { - grpc_channel_security_connector base; - char* target_name; -} grpc_alts_channel_security_connector; - -typedef struct { - grpc_server_security_connector base; -} grpc_alts_server_security_connector; - -static void alts_channel_destroy(grpc_security_connector* sc) { - if (sc == nullptr) { - return; - } - auto c = reinterpret_cast<grpc_alts_channel_security_connector*>(sc); - grpc_call_credentials_unref(c->base.request_metadata_creds); - grpc_channel_credentials_unref(c->base.channel_creds); - gpr_free(c->target_name); - gpr_free(sc); -} - -static void alts_server_destroy(grpc_security_connector* sc) { - if (sc == nullptr) { - return; - } - auto c = reinterpret_cast<grpc_alts_server_security_connector*>(sc); - grpc_server_credentials_unref(c->base.server_creds); - gpr_free(sc); -} - -static void alts_channel_add_handshakers( - grpc_channel_security_connector* sc, - grpc_handshake_manager* handshake_manager) { - tsi_handshaker* handshaker = nullptr; - auto c = reinterpret_cast<grpc_alts_channel_security_connector*>(sc); - grpc_alts_credentials* creds = - reinterpret_cast<grpc_alts_credentials*>(c->base.channel_creds); - GPR_ASSERT(alts_tsi_handshaker_create(creds->options, c->target_name, - creds->handshaker_service_url, true, - &handshaker) == TSI_OK); - grpc_handshake_manager_add(handshake_manager, grpc_security_handshaker_create( - handshaker, &sc->base)); -} - -static void alts_server_add_handshakers( - grpc_server_security_connector* sc, - grpc_handshake_manager* handshake_manager) { - tsi_handshaker* handshaker = nullptr; - auto c = reinterpret_cast<grpc_alts_server_security_connector*>(sc); - grpc_alts_server_credentials* creds = - reinterpret_cast<grpc_alts_server_credentials*>(c->base.server_creds); - GPR_ASSERT(alts_tsi_handshaker_create(creds->options, nullptr, - creds->handshaker_service_url, false, - &handshaker) == TSI_OK); - grpc_handshake_manager_add(handshake_manager, grpc_security_handshaker_create( - handshaker, &sc->base)); -} - -static void alts_set_rpc_protocol_versions( - grpc_gcp_rpc_protocol_versions* rpc_versions) { - grpc_gcp_rpc_protocol_versions_set_max(rpc_versions, - GRPC_PROTOCOL_VERSION_MAX_MAJOR, - GRPC_PROTOCOL_VERSION_MAX_MINOR); - grpc_gcp_rpc_protocol_versions_set_min(rpc_versions, - GRPC_PROTOCOL_VERSION_MIN_MAJOR, - GRPC_PROTOCOL_VERSION_MIN_MINOR); -} - -namespace grpc_core { -namespace internal { - -grpc_security_status grpc_alts_auth_context_from_tsi_peer( - const tsi_peer* peer, grpc_auth_context** ctx) { - if (peer == nullptr || ctx == nullptr) { - gpr_log(GPR_ERROR, - "Invalid arguments to grpc_alts_auth_context_from_tsi_peer()"); - return GRPC_SECURITY_ERROR; - } - *ctx = nullptr; - /* Validate certificate type. */ - const tsi_peer_property* cert_type_prop = - tsi_peer_get_property_by_name(peer, TSI_CERTIFICATE_TYPE_PEER_PROPERTY); - if (cert_type_prop == nullptr || - strncmp(cert_type_prop->value.data, TSI_ALTS_CERTIFICATE_TYPE, - cert_type_prop->value.length) != 0) { - gpr_log(GPR_ERROR, "Invalid or missing certificate type property."); - return GRPC_SECURITY_ERROR; - } - /* Validate RPC protocol versions. */ - const tsi_peer_property* rpc_versions_prop = - tsi_peer_get_property_by_name(peer, TSI_ALTS_RPC_VERSIONS); - if (rpc_versions_prop == nullptr) { - gpr_log(GPR_ERROR, "Missing rpc protocol versions property."); - return GRPC_SECURITY_ERROR; - } - grpc_gcp_rpc_protocol_versions local_versions, peer_versions; - alts_set_rpc_protocol_versions(&local_versions); - grpc_slice slice = grpc_slice_from_copied_buffer( - rpc_versions_prop->value.data, rpc_versions_prop->value.length); - bool decode_result = - grpc_gcp_rpc_protocol_versions_decode(slice, &peer_versions); - grpc_slice_unref(slice); - if (!decode_result) { - gpr_log(GPR_ERROR, "Invalid peer rpc protocol versions."); - return GRPC_SECURITY_ERROR; - } - /* TODO: Pass highest common rpc protocol version to grpc caller. */ - bool check_result = grpc_gcp_rpc_protocol_versions_check( - &local_versions, &peer_versions, nullptr); - if (!check_result) { - gpr_log(GPR_ERROR, "Mismatch of local and peer rpc protocol versions."); - return GRPC_SECURITY_ERROR; - } - /* Create auth context. */ - *ctx = grpc_auth_context_create(nullptr); - grpc_auth_context_add_cstring_property( - *ctx, GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME, - GRPC_ALTS_TRANSPORT_SECURITY_TYPE); - size_t i = 0; - for (i = 0; i < peer->property_count; i++) { - const tsi_peer_property* tsi_prop = &peer->properties[i]; - /* Add service account to auth context. */ - if (strcmp(tsi_prop->name, TSI_ALTS_SERVICE_ACCOUNT_PEER_PROPERTY) == 0) { - grpc_auth_context_add_property( - *ctx, TSI_ALTS_SERVICE_ACCOUNT_PEER_PROPERTY, tsi_prop->value.data, - tsi_prop->value.length); - GPR_ASSERT(grpc_auth_context_set_peer_identity_property_name( - *ctx, TSI_ALTS_SERVICE_ACCOUNT_PEER_PROPERTY) == 1); - } - } - if (!grpc_auth_context_peer_is_authenticated(*ctx)) { - gpr_log(GPR_ERROR, "Invalid unauthenticated peer."); - GRPC_AUTH_CONTEXT_UNREF(*ctx, "test"); - *ctx = nullptr; - return GRPC_SECURITY_ERROR; - } - return GRPC_SECURITY_OK; -} - -} // namespace internal -} // namespace grpc_core - -static void alts_check_peer(grpc_security_connector* sc, tsi_peer peer, - grpc_auth_context** auth_context, - grpc_closure* on_peer_checked) { - grpc_security_status status; - status = grpc_core::internal::grpc_alts_auth_context_from_tsi_peer( - &peer, auth_context); - tsi_peer_destruct(&peer); - grpc_error* error = - status == GRPC_SECURITY_OK - ? GRPC_ERROR_NONE - : GRPC_ERROR_CREATE_FROM_STATIC_STRING( - "Could not get ALTS auth context from TSI peer"); - GRPC_CLOSURE_SCHED(on_peer_checked, error); -} - -static int alts_channel_cmp(grpc_security_connector* sc1, - grpc_security_connector* sc2) { - grpc_alts_channel_security_connector* c1 = - reinterpret_cast<grpc_alts_channel_security_connector*>(sc1); - grpc_alts_channel_security_connector* c2 = - reinterpret_cast<grpc_alts_channel_security_connector*>(sc2); - int c = grpc_channel_security_connector_cmp(&c1->base, &c2->base); - if (c != 0) return c; - return strcmp(c1->target_name, c2->target_name); -} - -static int alts_server_cmp(grpc_security_connector* sc1, - grpc_security_connector* sc2) { - grpc_alts_server_security_connector* c1 = - reinterpret_cast<grpc_alts_server_security_connector*>(sc1); - grpc_alts_server_security_connector* c2 = - reinterpret_cast<grpc_alts_server_security_connector*>(sc2); - return grpc_server_security_connector_cmp(&c1->base, &c2->base); -} - -static grpc_security_connector_vtable alts_channel_vtable = { - alts_channel_destroy, alts_check_peer, alts_channel_cmp}; - -static grpc_security_connector_vtable alts_server_vtable = { - alts_server_destroy, alts_check_peer, alts_server_cmp}; - -static bool alts_check_call_host(grpc_channel_security_connector* sc, - const char* host, - grpc_auth_context* auth_context, - grpc_closure* on_call_host_checked, - grpc_error** error) { - grpc_alts_channel_security_connector* alts_sc = - reinterpret_cast<grpc_alts_channel_security_connector*>(sc); - if (host == nullptr || alts_sc == nullptr || - strcmp(host, alts_sc->target_name) != 0) { - *error = GRPC_ERROR_CREATE_FROM_STATIC_STRING( - "ALTS call host does not match target name"); - } - return true; -} - -static void alts_cancel_check_call_host(grpc_channel_security_connector* sc, - grpc_closure* on_call_host_checked, - grpc_error* error) { - GRPC_ERROR_UNREF(error); -} - -grpc_security_status grpc_alts_channel_security_connector_create( - grpc_channel_credentials* channel_creds, - grpc_call_credentials* request_metadata_creds, const char* target_name, - grpc_channel_security_connector** sc) { - if (channel_creds == nullptr || sc == nullptr || target_name == nullptr) { - gpr_log( - GPR_ERROR, - "Invalid arguments to grpc_alts_channel_security_connector_create()"); - return GRPC_SECURITY_ERROR; - } - auto c = static_cast<grpc_alts_channel_security_connector*>( - gpr_zalloc(sizeof(grpc_alts_channel_security_connector))); - gpr_ref_init(&c->base.base.refcount, 1); - c->base.base.vtable = &alts_channel_vtable; - c->base.add_handshakers = alts_channel_add_handshakers; - c->base.channel_creds = grpc_channel_credentials_ref(channel_creds); - c->base.request_metadata_creds = - grpc_call_credentials_ref(request_metadata_creds); - c->base.check_call_host = alts_check_call_host; - c->base.cancel_check_call_host = alts_cancel_check_call_host; - grpc_alts_credentials* creds = - reinterpret_cast<grpc_alts_credentials*>(c->base.channel_creds); - alts_set_rpc_protocol_versions(&creds->options->rpc_versions); - c->target_name = gpr_strdup(target_name); - *sc = &c->base; - return GRPC_SECURITY_OK; -} - -grpc_security_status grpc_alts_server_security_connector_create( - grpc_server_credentials* server_creds, - grpc_server_security_connector** sc) { - if (server_creds == nullptr || sc == nullptr) { - gpr_log( - GPR_ERROR, - "Invalid arguments to grpc_alts_server_security_connector_create()"); - return GRPC_SECURITY_ERROR; - } - auto c = static_cast<grpc_alts_server_security_connector*>( - gpr_zalloc(sizeof(grpc_alts_server_security_connector))); - gpr_ref_init(&c->base.base.refcount, 1); - c->base.base.vtable = &alts_server_vtable; - c->base.server_creds = grpc_server_credentials_ref(server_creds); - c->base.add_handshakers = alts_server_add_handshakers; - grpc_alts_server_credentials* creds = - reinterpret_cast<grpc_alts_server_credentials*>(c->base.server_creds); - alts_set_rpc_protocol_versions(&creds->options->rpc_versions); - *sc = &c->base; - return GRPC_SECURITY_OK; -} diff --git a/src/core/lib/security/security_connector/alts_security_connector.h b/src/core/lib/security/security_connector/alts_security_connector.h deleted file mode 100644 index e7e4cffe2a..0000000000 --- a/src/core/lib/security/security_connector/alts_security_connector.h +++ /dev/null @@ -1,69 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_ALTS_SECURITY_CONNECTOR_H -#define GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_ALTS_SECURITY_CONNECTOR_H - -#include <grpc/support/port_platform.h> - -#include "src/core/lib/security/context/security_context.h" -#include "src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h" - -#define GRPC_ALTS_TRANSPORT_SECURITY_TYPE "alts" - -/** - * This method creates an ALTS channel security connector. - * - * - channel_creds: channel credential instance. - * - request_metadata_creds: credential object which will be sent with each - * request. This parameter can be nullptr. - * - target_name: the name of the endpoint that the channel is connecting to. - * - sc: address of ALTS channel security connector instance to be returned from - * the method. - * - * It returns GRPC_SECURITY_OK on success, and an error stauts code on failure. - */ -grpc_security_status grpc_alts_channel_security_connector_create( - grpc_channel_credentials* channel_creds, - grpc_call_credentials* request_metadata_creds, const char* target_name, - grpc_channel_security_connector** sc); - -/** - * This method creates an ALTS server security connector. - * - * - server_creds: server credential instance. - * - sc: address of ALTS server security connector instance to be returned from - * the method. - * - * It returns GRPC_SECURITY_OK on success, and an error status code on failure. - */ -grpc_security_status grpc_alts_server_security_connector_create( - grpc_server_credentials* server_creds, grpc_server_security_connector** sc); - -namespace grpc_core { -namespace internal { - -/* Exposed only for testing. */ -grpc_security_status grpc_alts_auth_context_from_tsi_peer( - const tsi_peer* peer, grpc_auth_context** ctx); - -} // namespace internal -} // namespace grpc_core - -#endif /* GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_ALTS_SECURITY_CONNECTOR_H \ - */ diff --git a/src/core/plugin_registry/grpc_plugin_registry.cc b/src/core/plugin_registry/grpc_plugin_registry.cc index 6f11e6bb5b..ccf5f79a8e 100644 --- a/src/core/plugin_registry/grpc_plugin_registry.cc +++ b/src/core/plugin_registry/grpc_plugin_registry.cc @@ -24,12 +24,12 @@ void grpc_http_filters_init(void); void grpc_http_filters_shutdown(void); void grpc_chttp2_plugin_init(void); void grpc_chttp2_plugin_shutdown(void); +void grpc_tsi_alts_init(void); +void grpc_tsi_alts_shutdown(void); void grpc_deadline_filter_init(void); void grpc_deadline_filter_shutdown(void); void grpc_client_channel_init(void); void grpc_client_channel_shutdown(void); -void grpc_tsi_alts_init(void); -void grpc_tsi_alts_shutdown(void); void grpc_inproc_plugin_init(void); void grpc_inproc_plugin_shutdown(void); void grpc_resolver_fake_init(void); @@ -60,12 +60,12 @@ void grpc_register_built_in_plugins(void) { grpc_http_filters_shutdown); grpc_register_plugin(grpc_chttp2_plugin_init, grpc_chttp2_plugin_shutdown); + grpc_register_plugin(grpc_tsi_alts_init, + grpc_tsi_alts_shutdown); grpc_register_plugin(grpc_deadline_filter_init, grpc_deadline_filter_shutdown); grpc_register_plugin(grpc_client_channel_init, grpc_client_channel_shutdown); - grpc_register_plugin(grpc_tsi_alts_init, - grpc_tsi_alts_shutdown); grpc_register_plugin(grpc_inproc_plugin_init, grpc_inproc_plugin_shutdown); grpc_register_plugin(grpc_resolver_fake_init, diff --git a/src/core/tsi/alts/crypt/aes_gcm.cc b/src/core/tsi/alts/crypt/aes_gcm.cc deleted file mode 100644 index 02b1ac4492..0000000000 --- a/src/core/tsi/alts/crypt/aes_gcm.cc +++ /dev/null @@ -1,687 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <grpc/support/port_platform.h> - -#include "src/core/tsi/alts/crypt/gsec.h" - -#include <openssl/bio.h> -#include <openssl/buffer.h> -#include <openssl/err.h> -#include <openssl/evp.h> -#include <openssl/hmac.h> -#include <string.h> - -#include <grpc/support/alloc.h> - -constexpr size_t kKdfKeyLen = 32; -constexpr size_t kKdfCounterLen = 6; -constexpr size_t kKdfCounterOffset = 2; -constexpr size_t kRekeyAeadKeyLen = kAes128GcmKeyLength; - -/* Struct for additional data required if rekeying is enabled. */ -struct gsec_aes_gcm_aead_rekey_data { - uint8_t kdf_counter[kKdfCounterLen]; - uint8_t nonce_mask[kAesGcmNonceLength]; -}; - -/* Main struct for AES_GCM crypter interface. */ -struct gsec_aes_gcm_aead_crypter { - gsec_aead_crypter crypter; - size_t key_length; - size_t nonce_length; - size_t tag_length; - uint8_t* key; - gsec_aes_gcm_aead_rekey_data* rekey_data; - EVP_CIPHER_CTX* ctx; -}; - -static char* aes_gcm_get_openssl_errors() { - BIO* bio = BIO_new(BIO_s_mem()); - ERR_print_errors(bio); - BUF_MEM* mem = nullptr; - char* error_msg = nullptr; - BIO_get_mem_ptr(bio, &mem); - if (mem != nullptr) { - error_msg = static_cast<char*>(gpr_malloc(mem->length + 1)); - memcpy(error_msg, mem->data, mem->length); - error_msg[mem->length] = '\0'; - } - BIO_free_all(bio); - return error_msg; -} - -static void aes_gcm_format_errors(const char* error_msg, char** error_details) { - if (error_details == nullptr) { - return; - } - unsigned long error = ERR_get_error(); - if (error == 0 && error_msg != nullptr) { - *error_details = static_cast<char*>(gpr_malloc(strlen(error_msg) + 1)); - memcpy(*error_details, error_msg, strlen(error_msg) + 1); - return; - } - char* openssl_errors = aes_gcm_get_openssl_errors(); - if (openssl_errors != nullptr && error_msg != nullptr) { - size_t len = strlen(error_msg) + strlen(openssl_errors) + 2; /* ", " */ - *error_details = static_cast<char*>(gpr_malloc(len + 1)); - snprintf(*error_details, len + 1, "%s, %s", error_msg, openssl_errors); - gpr_free(openssl_errors); - } -} - -static grpc_status_code gsec_aes_gcm_aead_crypter_max_ciphertext_and_tag_length( - const gsec_aead_crypter* crypter, size_t plaintext_length, - size_t* max_ciphertext_and_tag_length, char** error_details) { - if (max_ciphertext_and_tag_length == nullptr) { - aes_gcm_format_errors("max_ciphertext_and_tag_length is nullptr.", - error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - gsec_aes_gcm_aead_crypter* aes_gcm_crypter = - reinterpret_cast<gsec_aes_gcm_aead_crypter*>( - const_cast<gsec_aead_crypter*>(crypter)); - *max_ciphertext_and_tag_length = - plaintext_length + aes_gcm_crypter->tag_length; - return GRPC_STATUS_OK; -} - -static grpc_status_code gsec_aes_gcm_aead_crypter_max_plaintext_length( - const gsec_aead_crypter* crypter, size_t ciphertext_and_tag_length, - size_t* max_plaintext_length, char** error_details) { - if (max_plaintext_length == nullptr) { - aes_gcm_format_errors("max_plaintext_length is nullptr.", error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - gsec_aes_gcm_aead_crypter* aes_gcm_crypter = - reinterpret_cast<gsec_aes_gcm_aead_crypter*>( - const_cast<gsec_aead_crypter*>(crypter)); - if (ciphertext_and_tag_length < aes_gcm_crypter->tag_length) { - *max_plaintext_length = 0; - aes_gcm_format_errors( - "ciphertext_and_tag_length is smaller than tag_length.", error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - *max_plaintext_length = - ciphertext_and_tag_length - aes_gcm_crypter->tag_length; - return GRPC_STATUS_OK; -} - -static grpc_status_code gsec_aes_gcm_aead_crypter_nonce_length( - const gsec_aead_crypter* crypter, size_t* nonce_length, - char** error_details) { - if (nonce_length == nullptr) { - aes_gcm_format_errors("nonce_length is nullptr.", error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - gsec_aes_gcm_aead_crypter* aes_gcm_crypter = - reinterpret_cast<gsec_aes_gcm_aead_crypter*>( - const_cast<gsec_aead_crypter*>(crypter)); - *nonce_length = aes_gcm_crypter->nonce_length; - return GRPC_STATUS_OK; -} - -static grpc_status_code gsec_aes_gcm_aead_crypter_key_length( - const gsec_aead_crypter* crypter, size_t* key_length, - char** error_details) { - if (key_length == nullptr) { - aes_gcm_format_errors("key_length is nullptr.", error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - gsec_aes_gcm_aead_crypter* aes_gcm_crypter = - reinterpret_cast<gsec_aes_gcm_aead_crypter*>( - const_cast<gsec_aead_crypter*>(crypter)); - *key_length = aes_gcm_crypter->key_length; - return GRPC_STATUS_OK; -} - -static grpc_status_code gsec_aes_gcm_aead_crypter_tag_length( - const gsec_aead_crypter* crypter, size_t* tag_length, - char** error_details) { - if (tag_length == nullptr) { - aes_gcm_format_errors("tag_length is nullptr.", error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - gsec_aes_gcm_aead_crypter* aes_gcm_crypter = - reinterpret_cast<gsec_aes_gcm_aead_crypter*>( - const_cast<gsec_aead_crypter*>(crypter)); - *tag_length = aes_gcm_crypter->tag_length; - return GRPC_STATUS_OK; -} - -static void aes_gcm_mask_nonce(uint8_t* dst, const uint8_t* nonce, - const uint8_t* mask) { - uint64_t mask1; - uint32_t mask2; - memcpy(&mask1, mask, sizeof(mask1)); - memcpy(&mask2, mask + sizeof(mask1), sizeof(mask2)); - uint64_t nonce1; - uint32_t nonce2; - memcpy(&nonce1, nonce, sizeof(nonce1)); - memcpy(&nonce2, nonce + sizeof(nonce1), sizeof(nonce2)); - nonce1 ^= mask1; - nonce2 ^= mask2; - memcpy(dst, &nonce1, sizeof(nonce1)); - memcpy(dst + sizeof(nonce1), &nonce2, sizeof(nonce2)); -} - -static grpc_status_code aes_gcm_derive_aead_key(uint8_t* dst, - const uint8_t* kdf_key, - const uint8_t* kdf_counter) { - unsigned char buf[EVP_MAX_MD_SIZE]; - unsigned char ctr = 1; -#if OPENSSL_VERSION_NUMBER < 0x10100000L - HMAC_CTX hmac; - HMAC_CTX_init(&hmac); - if (!HMAC_Init_ex(&hmac, kdf_key, kKdfKeyLen, EVP_sha256(), nullptr) || - !HMAC_Update(&hmac, kdf_counter, kKdfCounterLen) || - !HMAC_Update(&hmac, &ctr, 1) || !HMAC_Final(&hmac, buf, nullptr)) { - HMAC_CTX_cleanup(&hmac); - return GRPC_STATUS_INTERNAL; - } - HMAC_CTX_cleanup(&hmac); -#else - HMAC_CTX* hmac = HMAC_CTX_new(); - if (hmac == nullptr) { - return GRPC_STATUS_INTERNAL; - } - if (!HMAC_Init_ex(hmac, kdf_key, kKdfKeyLen, EVP_sha256(), nullptr) || - !HMAC_Update(hmac, kdf_counter, kKdfCounterLen) || - !HMAC_Update(hmac, &ctr, 1) || !HMAC_Final(hmac, buf, nullptr)) { - HMAC_CTX_free(hmac); - return GRPC_STATUS_INTERNAL; - } - HMAC_CTX_free(hmac); -#endif - memcpy(dst, buf, kRekeyAeadKeyLen); - return GRPC_STATUS_OK; -} - -static grpc_status_code aes_gcm_rekey_if_required( - gsec_aes_gcm_aead_crypter* aes_gcm_crypter, const uint8_t* nonce, - char** error_details) { - // If rekey_data is nullptr, then rekeying is not supported and not required. - // If bytes 2-7 of kdf_counter differ from the (per message) nonce, then the - // encryption key is recomputed from a new kdf_counter to ensure that we don't - // encrypt more than 2^16 messages per encryption key (in each direction). - if (aes_gcm_crypter->rekey_data == nullptr || - memcmp(aes_gcm_crypter->rekey_data->kdf_counter, - nonce + kKdfCounterOffset, kKdfCounterLen) == 0) { - return GRPC_STATUS_OK; - } - memcpy(aes_gcm_crypter->rekey_data->kdf_counter, nonce + kKdfCounterOffset, - kKdfCounterLen); - uint8_t aead_key[kRekeyAeadKeyLen]; - if (aes_gcm_derive_aead_key(aead_key, aes_gcm_crypter->key, - aes_gcm_crypter->rekey_data->kdf_counter) != - GRPC_STATUS_OK) { - aes_gcm_format_errors("Rekeying failed in key derivation.", error_details); - return GRPC_STATUS_INTERNAL; - } - if (!EVP_DecryptInit_ex(aes_gcm_crypter->ctx, nullptr, nullptr, aead_key, - nullptr)) { - aes_gcm_format_errors("Rekeying failed in context update.", error_details); - return GRPC_STATUS_INTERNAL; - } - return GRPC_STATUS_OK; -} - -static grpc_status_code gsec_aes_gcm_aead_crypter_encrypt_iovec( - gsec_aead_crypter* crypter, const uint8_t* nonce, size_t nonce_length, - const struct iovec* aad_vec, size_t aad_vec_length, - const struct iovec* plaintext_vec, size_t plaintext_vec_length, - struct iovec ciphertext_vec, size_t* ciphertext_bytes_written, - char** error_details) { - gsec_aes_gcm_aead_crypter* aes_gcm_crypter = - reinterpret_cast<gsec_aes_gcm_aead_crypter*>(crypter); - // Input checks - if (nonce == nullptr) { - aes_gcm_format_errors("Nonce buffer is nullptr.", error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - if (kAesGcmNonceLength != nonce_length) { - aes_gcm_format_errors("Nonce buffer has the wrong length.", error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - if (aad_vec_length > 0 && aad_vec == nullptr) { - aes_gcm_format_errors("Non-zero aad_vec_length but aad_vec is nullptr.", - error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - if (plaintext_vec_length > 0 && plaintext_vec == nullptr) { - aes_gcm_format_errors( - "Non-zero plaintext_vec_length but plaintext_vec is nullptr.", - error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - if (ciphertext_bytes_written == nullptr) { - aes_gcm_format_errors("bytes_written is nullptr.", error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - *ciphertext_bytes_written = 0; - // rekey if required - if (aes_gcm_rekey_if_required(aes_gcm_crypter, nonce, error_details) != - GRPC_STATUS_OK) { - return GRPC_STATUS_INTERNAL; - } - // mask nonce if required - const uint8_t* nonce_aead = nonce; - uint8_t nonce_masked[kAesGcmNonceLength]; - if (aes_gcm_crypter->rekey_data != nullptr) { - aes_gcm_mask_nonce(nonce_masked, aes_gcm_crypter->rekey_data->nonce_mask, - nonce); - nonce_aead = nonce_masked; - } - // init openssl context - if (!EVP_EncryptInit_ex(aes_gcm_crypter->ctx, nullptr, nullptr, nullptr, - nonce_aead)) { - aes_gcm_format_errors("Initializing nonce failed", error_details); - return GRPC_STATUS_INTERNAL; - } - // process aad - size_t i; - for (i = 0; i < aad_vec_length; i++) { - const uint8_t* aad = static_cast<uint8_t*>(aad_vec[i].iov_base); - size_t aad_length = aad_vec[i].iov_len; - if (aad_length == 0) { - continue; - } - size_t aad_bytes_read = 0; - if (aad == nullptr) { - aes_gcm_format_errors("aad is nullptr.", error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - if (!EVP_EncryptUpdate(aes_gcm_crypter->ctx, nullptr, - reinterpret_cast<int*>(&aad_bytes_read), aad, - static_cast<int>(aad_length)) || - aad_bytes_read != aad_length) { - aes_gcm_format_errors("Setting authenticated associated data failed", - error_details); - return GRPC_STATUS_INTERNAL; - } - } - uint8_t* ciphertext = static_cast<uint8_t*>(ciphertext_vec.iov_base); - size_t ciphertext_length = ciphertext_vec.iov_len; - if (ciphertext == nullptr) { - aes_gcm_format_errors("ciphertext is nullptr.", error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - // process plaintext - for (i = 0; i < plaintext_vec_length; i++) { - const uint8_t* plaintext = static_cast<uint8_t*>(plaintext_vec[i].iov_base); - size_t plaintext_length = plaintext_vec[i].iov_len; - if (plaintext == nullptr) { - if (plaintext_length == 0) { - continue; - } - aes_gcm_format_errors("plaintext is nullptr.", error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - if (ciphertext_length < plaintext_length) { - aes_gcm_format_errors( - "ciphertext is not large enough to hold the result.", error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - int bytes_written = 0; - int bytes_to_write = static_cast<int>(plaintext_length); - if (!EVP_EncryptUpdate(aes_gcm_crypter->ctx, ciphertext, &bytes_written, - plaintext, bytes_to_write)) { - aes_gcm_format_errors("Encrypting plaintext failed.", error_details); - return GRPC_STATUS_INTERNAL; - } - if (bytes_written > bytes_to_write) { - aes_gcm_format_errors("More bytes written than expected.", error_details); - return GRPC_STATUS_INTERNAL; - } - ciphertext += bytes_written; - ciphertext_length -= bytes_written; - } - int bytes_written_temp = 0; - if (!EVP_EncryptFinal_ex(aes_gcm_crypter->ctx, nullptr, - &bytes_written_temp)) { - aes_gcm_format_errors("Finalizing encryption failed.", error_details); - return GRPC_STATUS_INTERNAL; - } - if (bytes_written_temp != 0) { - aes_gcm_format_errors("Openssl wrote some unexpected bytes.", - error_details); - return GRPC_STATUS_INTERNAL; - } - if (ciphertext_length < kAesGcmTagLength) { - aes_gcm_format_errors("ciphertext is too small to hold a tag.", - error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - - if (!EVP_CIPHER_CTX_ctrl(aes_gcm_crypter->ctx, EVP_CTRL_GCM_GET_TAG, - kAesGcmTagLength, ciphertext)) { - aes_gcm_format_errors("Writing tag failed.", error_details); - return GRPC_STATUS_INTERNAL; - } - ciphertext += kAesGcmTagLength; - ciphertext_length -= kAesGcmTagLength; - *ciphertext_bytes_written = ciphertext_vec.iov_len - ciphertext_length; - return GRPC_STATUS_OK; -} - -static grpc_status_code gsec_aes_gcm_aead_crypter_decrypt_iovec( - gsec_aead_crypter* crypter, const uint8_t* nonce, size_t nonce_length, - const struct iovec* aad_vec, size_t aad_vec_length, - const struct iovec* ciphertext_vec, size_t ciphertext_vec_length, - struct iovec plaintext_vec, size_t* plaintext_bytes_written, - char** error_details) { - gsec_aes_gcm_aead_crypter* aes_gcm_crypter = - reinterpret_cast<gsec_aes_gcm_aead_crypter*>( - const_cast<gsec_aead_crypter*>(crypter)); - if (nonce == nullptr) { - aes_gcm_format_errors("Nonce buffer is nullptr.", error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - if (kAesGcmNonceLength != nonce_length) { - aes_gcm_format_errors("Nonce buffer has the wrong length.", error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - if (aad_vec_length > 0 && aad_vec == nullptr) { - aes_gcm_format_errors("Non-zero aad_vec_length but aad_vec is nullptr.", - error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - if (ciphertext_vec_length > 0 && ciphertext_vec == nullptr) { - aes_gcm_format_errors( - "Non-zero plaintext_vec_length but plaintext_vec is nullptr.", - error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - // Compute the total length so we can ensure we don't pass the tag into - // EVP_decrypt. - size_t total_ciphertext_length = 0; - size_t i; - for (i = 0; i < ciphertext_vec_length; i++) { - total_ciphertext_length += ciphertext_vec[i].iov_len; - } - if (total_ciphertext_length < kAesGcmTagLength) { - aes_gcm_format_errors("ciphertext is too small to hold a tag.", - error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - if (plaintext_bytes_written == nullptr) { - aes_gcm_format_errors("bytes_written is nullptr.", error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - *plaintext_bytes_written = 0; - // rekey if required - if (aes_gcm_rekey_if_required(aes_gcm_crypter, nonce, error_details) != - GRPC_STATUS_OK) { - aes_gcm_format_errors("Rekeying failed.", error_details); - return GRPC_STATUS_INTERNAL; - } - // mask nonce if required - const uint8_t* nonce_aead = nonce; - uint8_t nonce_masked[kAesGcmNonceLength]; - if (aes_gcm_crypter->rekey_data != nullptr) { - aes_gcm_mask_nonce(nonce_masked, aes_gcm_crypter->rekey_data->nonce_mask, - nonce); - nonce_aead = nonce_masked; - } - // init openssl context - if (!EVP_DecryptInit_ex(aes_gcm_crypter->ctx, nullptr, nullptr, nullptr, - nonce_aead)) { - aes_gcm_format_errors("Initializing nonce failed.", error_details); - return GRPC_STATUS_INTERNAL; - } - // process aad - for (i = 0; i < aad_vec_length; i++) { - const uint8_t* aad = static_cast<uint8_t*>(aad_vec[i].iov_base); - size_t aad_length = aad_vec[i].iov_len; - if (aad_length == 0) { - continue; - } - size_t aad_bytes_read = 0; - if (aad == nullptr) { - aes_gcm_format_errors("aad is nullptr.", error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - if (!EVP_DecryptUpdate(aes_gcm_crypter->ctx, nullptr, - reinterpret_cast<int*>(&aad_bytes_read), aad, - static_cast<int>(aad_length)) || - aad_bytes_read != aad_length) { - aes_gcm_format_errors("Setting authenticated associated data failed.", - error_details); - return GRPC_STATUS_INTERNAL; - } - } - // process ciphertext - uint8_t* plaintext = static_cast<uint8_t*>(plaintext_vec.iov_base); - size_t plaintext_length = plaintext_vec.iov_len; - if (plaintext_length > 0 && plaintext == nullptr) { - aes_gcm_format_errors( - "plaintext is nullptr, but plaintext_length is positive.", - error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - const uint8_t* ciphertext = nullptr; - size_t ciphertext_length = 0; - for (i = 0; - i < ciphertext_vec_length && total_ciphertext_length > kAesGcmTagLength; - i++) { - ciphertext = static_cast<uint8_t*>(ciphertext_vec[i].iov_base); - ciphertext_length = ciphertext_vec[i].iov_len; - if (ciphertext == nullptr) { - if (ciphertext_length == 0) { - continue; - } - aes_gcm_format_errors("ciphertext is nullptr.", error_details); - memset(plaintext_vec.iov_base, 0x00, plaintext_vec.iov_len); - return GRPC_STATUS_INVALID_ARGUMENT; - } - size_t bytes_written = 0; - size_t bytes_to_write = ciphertext_length; - // Don't include the tag - if (bytes_to_write > total_ciphertext_length - kAesGcmTagLength) { - bytes_to_write = total_ciphertext_length - kAesGcmTagLength; - } - if (plaintext_length < bytes_to_write) { - aes_gcm_format_errors( - "Not enough plaintext buffer to hold encrypted ciphertext.", - error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - if (!EVP_DecryptUpdate(aes_gcm_crypter->ctx, plaintext, - reinterpret_cast<int*>(&bytes_written), ciphertext, - static_cast<int>(bytes_to_write))) { - aes_gcm_format_errors("Decrypting ciphertext failed.", error_details); - memset(plaintext_vec.iov_base, 0x00, plaintext_vec.iov_len); - return GRPC_STATUS_INTERNAL; - } - if (bytes_written > ciphertext_length) { - aes_gcm_format_errors("More bytes written than expected.", error_details); - memset(plaintext_vec.iov_base, 0x00, plaintext_vec.iov_len); - return GRPC_STATUS_INTERNAL; - } - ciphertext += bytes_written; - ciphertext_length -= bytes_written; - total_ciphertext_length -= bytes_written; - plaintext += bytes_written; - plaintext_length -= bytes_written; - } - if (total_ciphertext_length > kAesGcmTagLength) { - aes_gcm_format_errors( - "Not enough plaintext buffer to hold encrypted ciphertext.", - error_details); - memset(plaintext_vec.iov_base, 0x00, plaintext_vec.iov_len); - return GRPC_STATUS_INVALID_ARGUMENT; - } - uint8_t tag[kAesGcmTagLength]; - uint8_t* tag_tmp = tag; - if (ciphertext_length > 0) { - memcpy(tag_tmp, ciphertext, ciphertext_length); - tag_tmp += ciphertext_length; - total_ciphertext_length -= ciphertext_length; - } - for (; i < ciphertext_vec_length; i++) { - ciphertext = static_cast<uint8_t*>(ciphertext_vec[i].iov_base); - ciphertext_length = ciphertext_vec[i].iov_len; - if (ciphertext == nullptr) { - if (ciphertext_length == 0) { - continue; - } - aes_gcm_format_errors("ciphertext is nullptr.", error_details); - memset(plaintext_vec.iov_base, 0x00, plaintext_vec.iov_len); - return GRPC_STATUS_INVALID_ARGUMENT; - } - memcpy(tag_tmp, ciphertext, ciphertext_length); - tag_tmp += ciphertext_length; - total_ciphertext_length -= ciphertext_length; - } - if (!EVP_CIPHER_CTX_ctrl(aes_gcm_crypter->ctx, EVP_CTRL_GCM_SET_TAG, - kAesGcmTagLength, reinterpret_cast<void*>(tag))) { - aes_gcm_format_errors("Setting tag failed.", error_details); - memset(plaintext_vec.iov_base, 0x00, plaintext_vec.iov_len); - return GRPC_STATUS_INTERNAL; - } - int bytes_written_temp = 0; - if (!EVP_DecryptFinal_ex(aes_gcm_crypter->ctx, nullptr, - &bytes_written_temp)) { - aes_gcm_format_errors("Checking tag failed.", error_details); - memset(plaintext_vec.iov_base, 0x00, plaintext_vec.iov_len); - return GRPC_STATUS_FAILED_PRECONDITION; - } - if (bytes_written_temp != 0) { - aes_gcm_format_errors("Openssl wrote some unexpected bytes.", - error_details); - memset(plaintext_vec.iov_base, 0x00, plaintext_vec.iov_len); - return GRPC_STATUS_INTERNAL; - } - *plaintext_bytes_written = plaintext_vec.iov_len - plaintext_length; - return GRPC_STATUS_OK; -} - -static void gsec_aes_gcm_aead_crypter_destroy(gsec_aead_crypter* crypter) { - gsec_aes_gcm_aead_crypter* aes_gcm_crypter = - reinterpret_cast<gsec_aes_gcm_aead_crypter*>( - const_cast<gsec_aead_crypter*>(crypter)); - gpr_free(aes_gcm_crypter->key); - gpr_free(aes_gcm_crypter->rekey_data); - EVP_CIPHER_CTX_free(aes_gcm_crypter->ctx); -} - -static const gsec_aead_crypter_vtable vtable = { - gsec_aes_gcm_aead_crypter_encrypt_iovec, - gsec_aes_gcm_aead_crypter_decrypt_iovec, - gsec_aes_gcm_aead_crypter_max_ciphertext_and_tag_length, - gsec_aes_gcm_aead_crypter_max_plaintext_length, - gsec_aes_gcm_aead_crypter_nonce_length, - gsec_aes_gcm_aead_crypter_key_length, - gsec_aes_gcm_aead_crypter_tag_length, - gsec_aes_gcm_aead_crypter_destroy}; - -static grpc_status_code aes_gcm_new_evp_cipher_ctx( - gsec_aes_gcm_aead_crypter* aes_gcm_crypter, char** error_details) { - const EVP_CIPHER* cipher = nullptr; - bool is_rekey = aes_gcm_crypter->rekey_data != nullptr; - switch (is_rekey ? kRekeyAeadKeyLen : aes_gcm_crypter->key_length) { - case kAes128GcmKeyLength: - cipher = EVP_aes_128_gcm(); - break; - case kAes256GcmKeyLength: - cipher = EVP_aes_256_gcm(); - break; - } - const uint8_t* aead_key = aes_gcm_crypter->key; - uint8_t aead_key_rekey[kRekeyAeadKeyLen]; - if (is_rekey) { - if (aes_gcm_derive_aead_key(aead_key_rekey, aes_gcm_crypter->key, - aes_gcm_crypter->rekey_data->kdf_counter) != - GRPC_STATUS_OK) { - aes_gcm_format_errors("Deriving key failed.", error_details); - return GRPC_STATUS_INTERNAL; - } - aead_key = aead_key_rekey; - } - if (!EVP_DecryptInit_ex(aes_gcm_crypter->ctx, cipher, nullptr, aead_key, - nullptr)) { - aes_gcm_format_errors("Setting key failed.", error_details); - return GRPC_STATUS_INTERNAL; - } - if (!EVP_CIPHER_CTX_ctrl(aes_gcm_crypter->ctx, EVP_CTRL_GCM_SET_IVLEN, - static_cast<int>(aes_gcm_crypter->nonce_length), - nullptr)) { - aes_gcm_format_errors("Setting nonce length failed.", error_details); - return GRPC_STATUS_INTERNAL; - } - return GRPC_STATUS_OK; -} - -grpc_status_code gsec_aes_gcm_aead_crypter_create(const uint8_t* key, - size_t key_length, - size_t nonce_length, - size_t tag_length, bool rekey, - gsec_aead_crypter** crypter, - char** error_details) { - if (key == nullptr) { - aes_gcm_format_errors("key is nullptr.", error_details); - return GRPC_STATUS_FAILED_PRECONDITION; - } - if (crypter == nullptr) { - aes_gcm_format_errors("crypter is nullptr.", error_details); - return GRPC_STATUS_FAILED_PRECONDITION; - } - *crypter = nullptr; - if ((rekey && key_length != kAes128GcmRekeyKeyLength) || - (!rekey && key_length != kAes128GcmKeyLength && - key_length != kAes256GcmKeyLength) || - (tag_length != kAesGcmTagLength) || - (nonce_length != kAesGcmNonceLength)) { - aes_gcm_format_errors( - "Invalid key and/or nonce and/or tag length are provided at AEAD " - "crypter instance construction time.", - error_details); - return GRPC_STATUS_FAILED_PRECONDITION; - } - gsec_aes_gcm_aead_crypter* aes_gcm_crypter = - static_cast<gsec_aes_gcm_aead_crypter*>( - gpr_malloc(sizeof(gsec_aes_gcm_aead_crypter))); - aes_gcm_crypter->crypter.vtable = &vtable; - aes_gcm_crypter->nonce_length = nonce_length; - aes_gcm_crypter->tag_length = tag_length; - if (rekey) { - aes_gcm_crypter->key_length = kKdfKeyLen; - aes_gcm_crypter->rekey_data = static_cast<gsec_aes_gcm_aead_rekey_data*>( - gpr_malloc(sizeof(gsec_aes_gcm_aead_rekey_data))); - memcpy(aes_gcm_crypter->rekey_data->nonce_mask, key + kKdfKeyLen, - kAesGcmNonceLength); - // Set kdf_counter to all-zero for initial key derivation. - memset(aes_gcm_crypter->rekey_data->kdf_counter, 0, kKdfCounterLen); - } else { - aes_gcm_crypter->key_length = key_length; - aes_gcm_crypter->rekey_data = nullptr; - } - aes_gcm_crypter->key = - static_cast<uint8_t*>(gpr_malloc(aes_gcm_crypter->key_length)); - memcpy(aes_gcm_crypter->key, key, aes_gcm_crypter->key_length); - aes_gcm_crypter->ctx = EVP_CIPHER_CTX_new(); - grpc_status_code status = - aes_gcm_new_evp_cipher_ctx(aes_gcm_crypter, error_details); - if (status != GRPC_STATUS_OK) { - gsec_aes_gcm_aead_crypter_destroy(&aes_gcm_crypter->crypter); - gpr_free(aes_gcm_crypter); - return status; - } - *crypter = &aes_gcm_crypter->crypter; - return GRPC_STATUS_OK; -} diff --git a/src/core/tsi/alts/crypt/gsec.cc b/src/core/tsi/alts/crypt/gsec.cc deleted file mode 100644 index 6236591a97..0000000000 --- a/src/core/tsi/alts/crypt/gsec.cc +++ /dev/null @@ -1,189 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <grpc/support/port_platform.h> - -#include "src/core/tsi/alts/crypt/gsec.h" - -#include <stdio.h> -#include <string.h> - -#include <grpc/support/alloc.h> - -static const char vtable_error_msg[] = - "crypter or crypter->vtable has not been initialized properly"; - -static void maybe_copy_error_msg(const char* src, char** dst) { - if (dst != nullptr && src != nullptr) { - *dst = static_cast<char*>(gpr_malloc(strlen(src) + 1)); - memcpy(*dst, src, strlen(src) + 1); - } -} - -grpc_status_code gsec_aead_crypter_encrypt( - gsec_aead_crypter* crypter, const uint8_t* nonce, size_t nonce_length, - const uint8_t* aad, size_t aad_length, const uint8_t* plaintext, - size_t plaintext_length, uint8_t* ciphertext_and_tag, - size_t ciphertext_and_tag_length, size_t* bytes_written, - char** error_details) { - if (crypter != nullptr && crypter->vtable != nullptr && - crypter->vtable->encrypt_iovec != nullptr) { - struct iovec aad_vec = {(void*)aad, aad_length}; - struct iovec plaintext_vec = {(void*)plaintext, plaintext_length}; - struct iovec ciphertext_vec = {ciphertext_and_tag, - ciphertext_and_tag_length}; - return crypter->vtable->encrypt_iovec( - crypter, nonce, nonce_length, &aad_vec, 1, &plaintext_vec, 1, - ciphertext_vec, bytes_written, error_details); - } - /* An error occurred. */ - maybe_copy_error_msg(vtable_error_msg, error_details); - return GRPC_STATUS_INVALID_ARGUMENT; -} - -grpc_status_code gsec_aead_crypter_encrypt_iovec( - gsec_aead_crypter* crypter, const uint8_t* nonce, size_t nonce_length, - const struct iovec* aad_vec, size_t aad_vec_length, - const struct iovec* plaintext_vec, size_t plaintext_vec_length, - struct iovec ciphertext_vec, size_t* ciphertext_bytes_written, - char** error_details) { - if (crypter != nullptr && crypter->vtable != nullptr && - crypter->vtable->encrypt_iovec != nullptr) { - return crypter->vtable->encrypt_iovec( - crypter, nonce, nonce_length, aad_vec, aad_vec_length, plaintext_vec, - plaintext_vec_length, ciphertext_vec, ciphertext_bytes_written, - error_details); - } - /* An error occurred. */ - maybe_copy_error_msg(vtable_error_msg, error_details); - return GRPC_STATUS_INVALID_ARGUMENT; -} - -grpc_status_code gsec_aead_crypter_decrypt( - gsec_aead_crypter* crypter, const uint8_t* nonce, size_t nonce_length, - const uint8_t* aad, size_t aad_length, const uint8_t* ciphertext_and_tag, - size_t ciphertext_and_tag_length, uint8_t* plaintext, - size_t plaintext_length, size_t* bytes_written, char** error_details) { - if (crypter != nullptr && crypter->vtable != nullptr && - crypter->vtable->decrypt_iovec != nullptr) { - struct iovec aad_vec = {(void*)aad, aad_length}; - struct iovec ciphertext_vec = {(void*)ciphertext_and_tag, - ciphertext_and_tag_length}; - struct iovec plaintext_vec = {plaintext, plaintext_length}; - return crypter->vtable->decrypt_iovec( - crypter, nonce, nonce_length, &aad_vec, 1, &ciphertext_vec, 1, - plaintext_vec, bytes_written, error_details); - } - /* An error occurred. */ - maybe_copy_error_msg(vtable_error_msg, error_details); - return GRPC_STATUS_INVALID_ARGUMENT; -} - -grpc_status_code gsec_aead_crypter_decrypt_iovec( - gsec_aead_crypter* crypter, const uint8_t* nonce, size_t nonce_length, - const struct iovec* aad_vec, size_t aad_vec_length, - const struct iovec* ciphertext_vec, size_t ciphertext_vec_length, - struct iovec plaintext_vec, size_t* plaintext_bytes_written, - char** error_details) { - if (crypter != nullptr && crypter->vtable != nullptr && - crypter->vtable->encrypt_iovec != nullptr) { - return crypter->vtable->decrypt_iovec( - crypter, nonce, nonce_length, aad_vec, aad_vec_length, ciphertext_vec, - ciphertext_vec_length, plaintext_vec, plaintext_bytes_written, - error_details); - } - /* An error occurred. */ - maybe_copy_error_msg(vtable_error_msg, error_details); - return GRPC_STATUS_INVALID_ARGUMENT; -} - -grpc_status_code gsec_aead_crypter_max_ciphertext_and_tag_length( - const gsec_aead_crypter* crypter, size_t plaintext_length, - size_t* max_ciphertext_and_tag_length_to_return, char** error_details) { - if (crypter != nullptr && crypter->vtable != nullptr && - crypter->vtable->max_ciphertext_and_tag_length != nullptr) { - return crypter->vtable->max_ciphertext_and_tag_length( - crypter, plaintext_length, max_ciphertext_and_tag_length_to_return, - error_details); - } - /* An error occurred. */ - maybe_copy_error_msg(vtable_error_msg, error_details); - return GRPC_STATUS_INVALID_ARGUMENT; -} - -grpc_status_code gsec_aead_crypter_max_plaintext_length( - const gsec_aead_crypter* crypter, size_t ciphertext_and_tag_length, - size_t* max_plaintext_length_to_return, char** error_details) { - if (crypter != nullptr && crypter->vtable != nullptr && - crypter->vtable->max_plaintext_length != nullptr) { - return crypter->vtable->max_plaintext_length( - crypter, ciphertext_and_tag_length, max_plaintext_length_to_return, - error_details); - } - /* An error occurred. */ - maybe_copy_error_msg(vtable_error_msg, error_details); - return GRPC_STATUS_INVALID_ARGUMENT; -} - -grpc_status_code gsec_aead_crypter_nonce_length( - const gsec_aead_crypter* crypter, size_t* nonce_length_to_return, - char** error_details) { - if (crypter != nullptr && crypter->vtable != nullptr && - crypter->vtable->nonce_length != nullptr) { - return crypter->vtable->nonce_length(crypter, nonce_length_to_return, - error_details); - } - /* An error occurred. */ - maybe_copy_error_msg(vtable_error_msg, error_details); - return GRPC_STATUS_INVALID_ARGUMENT; -} - -grpc_status_code gsec_aead_crypter_key_length(const gsec_aead_crypter* crypter, - size_t* key_length_to_return, - char** error_details) { - if (crypter != nullptr && crypter->vtable != nullptr && - crypter->vtable->key_length != nullptr) { - return crypter->vtable->key_length(crypter, key_length_to_return, - error_details); - } - /* An error occurred */ - maybe_copy_error_msg(vtable_error_msg, error_details); - return GRPC_STATUS_INVALID_ARGUMENT; -} - -grpc_status_code gsec_aead_crypter_tag_length(const gsec_aead_crypter* crypter, - size_t* tag_length_to_return, - char** error_details) { - if (crypter != nullptr && crypter->vtable != nullptr && - crypter->vtable->tag_length != nullptr) { - return crypter->vtable->tag_length(crypter, tag_length_to_return, - error_details); - } - /* An error occurred. */ - maybe_copy_error_msg(vtable_error_msg, error_details); - return GRPC_STATUS_INVALID_ARGUMENT; -} - -void gsec_aead_crypter_destroy(gsec_aead_crypter* crypter) { - if (crypter != nullptr) { - if (crypter->vtable != nullptr && crypter->vtable->destruct != nullptr) { - crypter->vtable->destruct(crypter); - } - gpr_free(crypter); - } -} diff --git a/src/core/tsi/alts/crypt/gsec.h b/src/core/tsi/alts/crypt/gsec.h deleted file mode 100644 index 4d65caa944..0000000000 --- a/src/core/tsi/alts/crypt/gsec.h +++ /dev/null @@ -1,454 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef GRPC_CORE_TSI_ALTS_CRYPT_GSEC_H -#define GRPC_CORE_TSI_ALTS_CRYPT_GSEC_H - -#include <grpc/support/port_platform.h> - -#include <assert.h> -#include <stdint.h> -#include <stdlib.h> - -#include <grpc/grpc.h> - -struct iovec { - void* iov_base; - size_t iov_len; -}; - -/** - * A gsec interface for AEAD encryption schemes. The API is thread-compatible. - * Each implementation of this interface should specify supported values for - * key, nonce, and tag lengths. - */ - -/* Key, nonce, and tag length in bytes */ -const size_t kAesGcmNonceLength = 12; -const size_t kAesGcmTagLength = 16; -const size_t kAes128GcmKeyLength = 16; -const size_t kAes256GcmKeyLength = 32; - -// The first 32 bytes are used as a KDF key and the remaining 12 bytes are used -// to mask the nonce. -const size_t kAes128GcmRekeyKeyLength = 44; - -typedef struct gsec_aead_crypter gsec_aead_crypter; - -/** - * The gsec_aead_crypter is an API for different AEAD implementations such as - * AES_GCM. It encapsulates all AEAD-related operations in the format of - * V-table that stores pointers to functions implementing those operations. - * It also provides helper functions to wrap each of those function pointers. - * - * A typical usage of this object would be: - * - *------------------------------------------------------------------------------ - * // Declare a gsec_aead_crypter object, and create and assign an instance - * // of specific AEAD implementation e.g., AES_GCM to it. We assume both - * // key and nonce contain cryptographically secure random bytes, and the key - * // can be derived from an upper-layer application. - * gsec_aead_crypter* crypter; - * char* error_in_creation; - * // User can populate the message with any 100 bytes data. - * uint8_t* message = gpr_malloc(100); - * grpc_status_code creation_status = gsec_aes_gcm_aead_crypter_create(key, - * kAes128GcmKeyLength, - * kAesGcmNonceLength, - * kAesGcmTagLength, - * &crypter, - * false, - * 0 - * &error_in_creation); - * - * if (creation_status == GRPC_STATUS_OK) { - * // Allocate a correct amount of memory to hold a ciphertext. - * size_t clength = 0; - * gsec_aead_crypter_max_ciphertext_and_tag_length(crypter, 100, &clength, - * nullptr); - * uint8_t* ciphertext = gpr_malloc(clength); - * - * // Perform encryption - * size_t num_encrypted_bytes = 0; - * char* error_in_encryption = nullptr; - * grpc_status_code status = gsec_aead_crypter_encrypt(crypter, nonce, - * kAesGcmNonceLength, - * nullptr, 0, message, - * 100, ciphertext, - * clength, - * &num_encrypted_bytes, - * &error_in_encryption); - * if (status == GRPC_STATUS_OK) { - * // Allocate a correct amount of memory to hold a plaintext. - * size_t plength = 0; - * gsec_aead_crypter_max_plaintext_length(crypter, num_encrypted_bytes, - * &plength, nullptr); - * uint8_t* plaintext = gpr_malloc(plength); - * - * // Perform decryption. - * size_t num_decrypted_bytes = 0; - * char* error_in_decryption = nullptr; - * status = gsec_aead_crypter_decrypt(crypter, nonce, - * kAesGcmNonceLength, nullptr, 0, - * ciphertext, num_encrypted_bytes, - * plaintext, plength, - * &num_decrypted_bytes, - * &error_in_decryption); - * if (status != GRPC_STATUS_OK) { - * fprintf(stderr, "AEAD decrypt operation failed with error code:" - * "%d, message: %s\n", status, error_in_decryption); - * } - * ... - * gpr_free(plaintext); - * gpr_free(error_in_decryption); - * } else { - * fprintf(stderr, "AEAD encrypt operation failed with error code:" - * "%d, message: %s\n", status, error_in_encryption); - * } - * ... - * gpr_free(ciphertext); - * gpr_free(error_in_encryption); - * } else { - * fprintf(stderr, "Creation of AEAD crypter instance failed with error code:" - * "%d, message: %s\n", creation_status, error_in_creation); - * } - * - * // Destruct AEAD crypter instance. - * if (creation_status == GRPC_STATUS_OK) { - * gsec_aead_crypter_destroy(crypter); - * } - * gpr_free(error_in_creation); - * gpr_free(message); - * ----------------------------------------------------------------------------- - */ - -/* V-table for gsec AEAD operations */ -typedef struct gsec_aead_crypter_vtable { - grpc_status_code (*encrypt_iovec)( - gsec_aead_crypter* crypter, const uint8_t* nonce, size_t nonce_length, - const struct iovec* aad_vec, size_t aad_vec_length, - const struct iovec* plaintext_vec, size_t plaintext_vec_length, - struct iovec ciphertext_vec, size_t* ciphertext_bytes_written, - char** error_details); - grpc_status_code (*decrypt_iovec)( - gsec_aead_crypter* crypter, const uint8_t* nonce, size_t nonce_length, - const struct iovec* aad_vec, size_t aad_vec_length, - const struct iovec* ciphertext_vec, size_t ciphertext_vec_length, - struct iovec plaintext_vec, size_t* plaintext_bytes_written, - char** error_details); - grpc_status_code (*max_ciphertext_and_tag_length)( - const gsec_aead_crypter* crypter, size_t plaintext_length, - size_t* max_ciphertext_and_tag_length_to_return, char** error_details); - grpc_status_code (*max_plaintext_length)( - const gsec_aead_crypter* crypter, size_t ciphertext_and_tag_length, - size_t* max_plaintext_length_to_return, char** error_details); - grpc_status_code (*nonce_length)(const gsec_aead_crypter* crypter, - size_t* nonce_length_to_return, - char** error_details); - grpc_status_code (*key_length)(const gsec_aead_crypter* crypter, - size_t* key_length_to_return, - char** error_details); - grpc_status_code (*tag_length)(const gsec_aead_crypter* crypter, - size_t* tag_length_to_return, - char** error_details); - void (*destruct)(gsec_aead_crypter* crypter); -} gsec_aead_crypter_vtable; - -/* Main struct for gsec interface */ -struct gsec_aead_crypter { - const struct gsec_aead_crypter_vtable* vtable; -}; - -/** - * This method performs an AEAD encrypt operation. - * - * - crypter: AEAD crypter instance. - * - nonce: buffer containing a nonce with its size equal to nonce_length. - * - nonce_length: size of nonce buffer, and must be equal to the value returned - * from method gsec_aead_crypter_nonce_length. - * - aad: buffer containing data that needs to be authenticated but not - * encrypted with its size equal to aad_length. - * - aad_length: size of aad buffer, which should be zero if the buffer is - * nullptr. - * - plaintext: buffer containing data that needs to be both encrypted and - * authenticated with its size equal to plaintext_length. - * - plaintext_length: size of plaintext buffer, which should be zero if - * plaintext is nullptr. - * - ciphertext_and_tag: buffer that will contain ciphertext and tags the method - * produced. The buffer should not overlap the plaintext buffer, and pointers - * to those buffers should not be equal. Also if the ciphertext+tag buffer is - * nullptr, the plaintext_length should be zero. - * - ciphertext_and_tag_length: size of ciphertext+tag buffer, which should be - * at least as long as the one returned from method - * gsec_aead_crypter_max_ciphertext_and_tag_length. - * - bytes_written: the actual number of bytes written to the ciphertext+tag - * buffer. If bytes_written is nullptr, the plaintext_length should be zero. - * - error_details: a buffer containing an error message if the method does not - * function correctly. It is legal to pass nullptr into error_details, and - * otherwise, the parameter should be freed with gpr_free. - * - * On the success of encryption, the method returns GRPC_STATUS_OK. Otherwise, - * it returns an error status code along with its details specified in - * error_details (if error_details is not nullptr). - * - */ -grpc_status_code gsec_aead_crypter_encrypt( - gsec_aead_crypter* crypter, const uint8_t* nonce, size_t nonce_length, - const uint8_t* aad, size_t aad_length, const uint8_t* plaintext, - size_t plaintext_length, uint8_t* ciphertext_and_tag, - size_t ciphertext_and_tag_length, size_t* bytes_written, - char** error_details); - -/** - * This method performs an AEAD encrypt operation. - * - * - crypter: AEAD crypter instance. - * - nonce: buffer containing a nonce with its size equal to nonce_length. - * - nonce_length: size of nonce buffer, and must be equal to the value returned - * from method gsec_aead_crypter_nonce_length. - * - aad_vec: an iovec array containing data that needs to be authenticated but - * not encrypted. - * - aad_vec_length: the array length of aad_vec. - * - plaintext_vec: an iovec array containing data that needs to be both - * encrypted and authenticated. - * - plaintext_vec_length: the array length of plaintext_vec. - * - ciphertext_vec: an iovec containing a ciphertext buffer. The buffer should - * not overlap the plaintext buffer. - * - ciphertext_bytes_written: the actual number of bytes written to - * ciphertext_vec. - * - error_details: a buffer containing an error message if the method does not - * function correctly. It is legal to pass nullptr into error_details, and - * otherwise, the parameter should be freed with gpr_free. - * - * On the success of encryption, the method returns GRPC_STATUS_OK. Otherwise, - * it returns an error status code along with its details specified in - * error_details (if error_details is not nullptr). - * - */ -grpc_status_code gsec_aead_crypter_encrypt_iovec( - gsec_aead_crypter* crypter, const uint8_t* nonce, size_t nonce_length, - const struct iovec* aad_vec, size_t aad_vec_length, - const struct iovec* plaintext_vec, size_t plaintext_vec_length, - struct iovec ciphertext_vec, size_t* ciphertext_bytes_written, - char** error_details); - -/** - * This method performs an AEAD decrypt operation. - * - * - crypter: AEAD crypter instance. - * - nonce: buffer containing a nonce with its size equal to nonce_length. - * - nonce_length: size of nonce buffer, and must be equal to the value returned - * from method gsec_aead_crypter_nonce_length. - * - aad: buffer containing data that needs to be authenticated only. - * - aad_length: size of aad buffer, which should be zero if the buffer is - * nullptr. - * - ciphertext_and_tag: buffer containing ciphertext and tag. - * - ciphertext_and_tag_length: length of ciphertext and tag. It should be zero - * if any of plaintext, ciphertext_and_tag, or bytes_written is nullptr. Also, - * ciphertext_and_tag_length should be at least as large as the tag length set - * at AEAD crypter instance construction time. - * - plaintext: buffer containing decrypted and authenticated data the method - * produced. The buffer should not overlap with the ciphertext+tag buffer, and - * pointers to those buffers should not be equal. - * - plaintext_length: size of plaintext buffer, which should be at least as - * long as the one returned from gsec_aead_crypter_max_plaintext_length - * method. - * - bytes_written: the actual number of bytes written to the plaintext - * buffer. - * - error_details: a buffer containing an error message if the method does not - * function correctly. It is legal to pass nullptr into error_details, and - * otherwise, the parameter should be freed with gpr_free. - * - * On the success of decryption, the method returns GRPC_STATUS_OK. Otherwise, - * it returns an error status code along with its details specified in - * error_details (if error_details is not nullptr). - */ -grpc_status_code gsec_aead_crypter_decrypt( - gsec_aead_crypter* crypter, const uint8_t* nonce, size_t nonce_length, - const uint8_t* aad, size_t aad_length, const uint8_t* ciphertext_and_tag, - size_t ciphertext_and_tag_length, uint8_t* plaintext, - size_t plaintext_length, size_t* bytes_written, char** error_details); - -/** - * This method performs an AEAD decrypt operation. - * - * - crypter: AEAD crypter instance. - * - nonce: buffer containing a nonce with its size equal to nonce_length. - * - nonce_length: size of nonce buffer, and must be equal to the value returned - * from method gsec_aead_crypter_nonce_length. - * - aad_vec: an iovec array containing data that needs to be authenticated but - * not encrypted. - * - aad_vec_length: the array length of aad_vec. - * - ciphertext_vec: an iovec array containing the ciphertext and tag. - * - ciphertext_vec_length: the array length of ciphertext_vec. - * - plaintext_vec: an iovec containing a plaintext buffer. The buffer should - * not overlap the ciphertext buffer. - * - plaintext_bytes_written: the actual number of bytes written to - * plaintext_vec. - * - error_details: a buffer containing an error message if the method does not - * function correctly. It is legal to pass nullptr into error_details, and - * otherwise, the parameter should be freed with gpr_free. - * - * On the success of decryption, the method returns GRPC_STATUS_OK. Otherwise, - * it returns an error status code along with its details specified in - * error_details (if error_details is not nullptr). - */ -grpc_status_code gsec_aead_crypter_decrypt_iovec( - gsec_aead_crypter* crypter, const uint8_t* nonce, size_t nonce_length, - const struct iovec* aad_vec, size_t aad_vec_length, - const struct iovec* ciphertext_vec, size_t ciphertext_vec_length, - struct iovec plaintext_vec, size_t* plaintext_bytes_written, - char** error_details); - -/** - * This method computes the size of ciphertext+tag buffer that must be passed to - * gsec_aead_crypter_encrypt function to ensure correct encryption of a - * plaintext. The actual size of ciphertext+tag written to the buffer could be - * smaller. - * - * - crypter: AEAD crypter instance. - * - plaintext_length: length of plaintext. - * - max_ciphertext_and_tag_length_to_return: the size of ciphertext+tag buffer - * the method returns. - * - error_details: a buffer containing an error message if the method does not - * function correctly. It is legal to pass nullptr into error_details, and - * otherwise, the parameter should be freed with gpr_free. - * - * On the success of execution, the method returns GRPC_STATUS_OK. Otherwise, - * it returns an error status code along with its details specified in - * error_details (if error_details is not nullptr). - */ -grpc_status_code gsec_aead_crypter_max_ciphertext_and_tag_length( - const gsec_aead_crypter* crypter, size_t plaintext_length, - size_t* max_ciphertext_and_tag_length_to_return, char** error_details); - -/** - * This method computes the size of plaintext buffer that must be passed to - * gsec_aead_crypter_decrypt function to ensure correct decryption of a - * ciphertext. The actual size of plaintext written to the buffer could be - * smaller. - * - * - crypter: AEAD crypter instance. - * - ciphertext_and_tag_length: length of ciphertext and tag. - * - max_plaintext_length_to_return: the size of plaintext buffer the method - * returns. - * - error_details: a buffer containing an error message if the method does not - * function correctly. It is legal to pass nullptr into error_details, and - * otherwise, the parameter should be freed with gpr_free. - * - * On the success of execution, the method returns GRPC_STATUS_OK. Otherwise, - * it returns an error status code along with its details specified in - * error_details (if error_details is not nullptr). - */ -grpc_status_code gsec_aead_crypter_max_plaintext_length( - const gsec_aead_crypter* crypter, size_t ciphertext_and_tag_length, - size_t* max_plaintext_length_to_return, char** error_details); - -/** - * This method returns a valid size of nonce array used at the construction of - * AEAD crypter instance. It is also the size that should be passed to encrypt - * and decrypt methods executed on the instance. - * - * - crypter: AEAD crypter instance. - * - nonce_length_to_return: the length of nonce array the method returns. - * - error_details: a buffer containing an error message if the method does not - * function correctly. It is legal to pass nullptr into error_details, and - * otherwise, the parameter should be freed with gpr_free. - * - * On the success of execution, the method returns GRPC_STATUS_OK. Otherwise, - * it returns an error status code along with its details specified in - * error_details (if error_details is not nullptr). - */ -grpc_status_code gsec_aead_crypter_nonce_length( - const gsec_aead_crypter* crypter, size_t* nonce_length_to_return, - char** error_details); - -/** - * This method returns a valid size of key array used at the construction of - * AEAD crypter instance. It is also the size that should be passed to encrypt - * and decrypt methods executed on the instance. - * - * - crypter: AEAD crypter instance. - * - key_length_to_return: the length of key array the method returns. - * - error_details: a buffer containing an error message if the method does not - * function correctly. It is legal to pass nullptr into error_details, and - * otherwise, the parameter should be freed with gpr_free. - * - * On the success of execution, the method returns GRPC_STATUS_OK. Otherwise, - * it returns an error status code along with its details specified in - * error_details (if error_details is not nullptr). - */ -grpc_status_code gsec_aead_crypter_key_length(const gsec_aead_crypter* crypter, - size_t* key_length_to_return, - char** error_details); -/** - * This method returns a valid size of tag array used at the construction of - * AEAD crypter instance. It is also the size that should be passed to encrypt - * and decrypt methods executed on the instance. - * - * - crypter: AEAD crypter instance. - * - tag_length_to_return: the length of tag array the method returns. - * - error_details: a buffer containing an error message if the method does not - * function correctly. It is legal to pass nullptr into error_details, and - * otherwise, the parameter should be freed with gpr_free. - * - * On the success of execution, the method returns GRPC_STATUS_OK. Otherwise, - * it returns an error status code along with its details specified in - * error_details (if error_details is not nullptr). - */ -grpc_status_code gsec_aead_crypter_tag_length(const gsec_aead_crypter* crypter, - size_t* tag_length_to_return, - char** error_details); - -/** - * This method destroys an AEAD crypter instance by de-allocating all of its - * occupied memory. - * - * - crypter: AEAD crypter instance that needs to be destroyed. - */ -void gsec_aead_crypter_destroy(gsec_aead_crypter* crypter); - -/** - * This method creates an AEAD crypter instance of AES-GCM encryption scheme - * which supports 16 and 32 bytes long keys, 12 and 16 bytes long nonces, and - * 16 bytes long tags. It should be noted that once the lengths of key, nonce, - * and tag are determined at construction time, they cannot be modified later. - * - * - key: buffer containing a key which is binded with AEAD crypter instance. - * - key_length: length of a key in bytes, which should be 44 if rekeying is - * enabled and 16 or 32 otherwise. - * - nonce_length: length of a nonce in bytes, which should be either 12 or 16. - * - tag_length: length of a tag in bytes, which should be always 16. - * - rekey: enable nonce-based rekeying and nonce-masking. - * - crypter: address of AES_GCM crypter instance returned from the method. - * - error_details: a buffer containing an error message if the method does not - * function correctly. It is legal to pass nullptr into error_details, and - * otherwise, the parameter should be freed with gpr_free. - * - * On success of instance creation, it stores the address of instance at - * crypter. Otherwise, it returns an error status code together with its details - * specified in error_details. - */ -grpc_status_code gsec_aes_gcm_aead_crypter_create(const uint8_t* key, - size_t key_length, - size_t nonce_length, - size_t tag_length, bool rekey, - gsec_aead_crypter** crypter, - char** error_details); - -#endif /* GRPC_CORE_TSI_ALTS_CRYPT_GSEC_H */ diff --git a/src/core/tsi/alts/frame_protector/alts_counter.cc b/src/core/tsi/alts/frame_protector/alts_counter.cc deleted file mode 100644 index de163e3e08..0000000000 --- a/src/core/tsi/alts/frame_protector/alts_counter.cc +++ /dev/null @@ -1,118 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <grpc/support/port_platform.h> - -#include "src/core/tsi/alts/frame_protector/alts_counter.h" - -#include <string.h> - -#include <grpc/support/alloc.h> - -static void maybe_copy_error_msg(const char* src, char** dst) { - if (dst != nullptr && src != nullptr) { - *dst = static_cast<char*>(gpr_malloc(strlen(src) + 1)); - memcpy(*dst, src, strlen(src) + 1); - } -} - -grpc_status_code alts_counter_create(bool is_client, size_t counter_size, - size_t overflow_size, - alts_counter** crypter_counter, - char** error_details) { - /* Perform input sanity check. */ - if (counter_size == 0) { - const char error_msg[] = "counter_size is invalid."; - maybe_copy_error_msg(error_msg, error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - if (overflow_size == 0 || overflow_size >= counter_size) { - const char error_msg[] = "overflow_size is invalid."; - maybe_copy_error_msg(error_msg, error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - if (crypter_counter == nullptr) { - const char error_msg[] = "crypter_counter is nullptr."; - maybe_copy_error_msg(error_msg, error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - *crypter_counter = - static_cast<alts_counter*>(gpr_malloc(sizeof(**crypter_counter))); - (*crypter_counter)->size = counter_size; - (*crypter_counter)->overflow_size = overflow_size; - (*crypter_counter)->counter = - static_cast<unsigned char*>(gpr_zalloc(counter_size)); - if (is_client) { - ((*crypter_counter)->counter)[counter_size - 1] = 0x80; - } - return GRPC_STATUS_OK; -} - -grpc_status_code alts_counter_increment(alts_counter* crypter_counter, - bool* is_overflow, - char** error_details) { - /* Perform input sanity check. */ - if (crypter_counter == nullptr) { - const char error_msg[] = "crypter_counter is nullptr."; - maybe_copy_error_msg(error_msg, error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - if (is_overflow == nullptr) { - const char error_msg[] = "is_overflow is nullptr."; - maybe_copy_error_msg(error_msg, error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - /* Increment the internal counter. */ - size_t i = 0; - for (; i < crypter_counter->overflow_size; i++) { - (crypter_counter->counter)[i]++; - if ((crypter_counter->counter)[i] != 0x00) { - break; - } - } - /** - * If the lower overflow_size bytes are all zero, the counter has overflowed. - */ - if (i == crypter_counter->overflow_size) { - *is_overflow = true; - return GRPC_STATUS_FAILED_PRECONDITION; - } - *is_overflow = false; - return GRPC_STATUS_OK; -} - -size_t alts_counter_get_size(alts_counter* crypter_counter) { - if (crypter_counter == nullptr) { - return 0; - } - return crypter_counter->size; -} - -unsigned char* alts_counter_get_counter(alts_counter* crypter_counter) { - if (crypter_counter == nullptr) { - return nullptr; - } - return crypter_counter->counter; -} - -void alts_counter_destroy(alts_counter* crypter_counter) { - if (crypter_counter != nullptr) { - gpr_free(crypter_counter->counter); - gpr_free(crypter_counter); - } -} diff --git a/src/core/tsi/alts/frame_protector/alts_counter.h b/src/core/tsi/alts/frame_protector/alts_counter.h deleted file mode 100644 index d705638fa8..0000000000 --- a/src/core/tsi/alts/frame_protector/alts_counter.h +++ /dev/null @@ -1,98 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef GRPC_CORE_TSI_ALTS_FRAME_PROTECTOR_ALTS_COUNTER_H -#define GRPC_CORE_TSI_ALTS_FRAME_PROTECTOR_ALTS_COUNTER_H - -#include <grpc/support/port_platform.h> - -#include <stdbool.h> -#include <stdlib.h> - -#include <grpc/grpc.h> - -/* Main struct for a crypter counter managed within seal/unseal operations. */ -typedef struct alts_counter { - size_t size; - size_t overflow_size; - unsigned char* counter; -} alts_counter; - -/** - * This method creates and initializes an alts_counter instance. - * - * - is_client: a flag indicating if the alts_counter instance will be used - * at client (is_client = true) or server (is_client = false) side. - * - counter_size: size of buffer holding the counter value. - * - overflow_size: overflow size in bytes. The counter instance can be used - * to produce at most 2^(overflow_size*8) frames. - * - crypter_counter: an alts_counter instance to be returned from the method. - * - error_details: a buffer containing an error message if the method does not - * function correctly. It is legal to pass nullptr into error_details and - * otherwise, the parameter should be freed with gpr_free. - * - * On success, the method returns GRPC_STATUS_OK. Otherwise, - * it returns an error status code along with its details specified in - * error_details (if error_details is not nullptr). - */ -grpc_status_code alts_counter_create(bool is_client, size_t counter_size, - size_t overflow_size, - alts_counter** crypter_counter, - char** error_details); - -/** - * This method increments the internal counter. - * - * - crypter_counter: an alts_counter instance. - * - is_overflow: after incrementing the internal counter, if an overflow - * occurs, is_overflow is set to true, and no further calls to - * alts_counter_increment() should be made. Otherwise, is_overflow is set to - * false. - * - error_details: a buffer containing an error message if the method does not - * function correctly. It is legal to pass nullptr into error_details and - * otherwise, the parameter should be freed with gpr_free. - * - * On success, the method returns GRPC_STATUS_OK. Otherwise, - * it returns an error status code along with its details specified in - * error_details (if error_details is not nullptr). - */ -grpc_status_code alts_counter_increment(alts_counter* crypter_counter, - bool* is_overflow, - char** error_details); - -/** - * This method returns the size of counter buffer. - * - * - crypter_counter: an alts_counter instance. - */ -size_t alts_counter_get_size(alts_counter* crypter_counter); - -/** - * This method returns the counter buffer. - * - * - crypter_counter: an alts_counter instance. - */ -unsigned char* alts_counter_get_counter(alts_counter* crypter_counter); - -/** - * This method de-allocates all memory allocated to an alts_coutner instance. - * - crypter_counter: an alts_counter instance. - */ -void alts_counter_destroy(alts_counter* crypter_counter); - -#endif /* GRPC_CORE_TSI_ALTS_FRAME_PROTECTOR_ALTS_COUNTER_H */ diff --git a/src/core/tsi/alts/frame_protector/alts_crypter.cc b/src/core/tsi/alts/frame_protector/alts_crypter.cc deleted file mode 100644 index 56f0512186..0000000000 --- a/src/core/tsi/alts/frame_protector/alts_crypter.cc +++ /dev/null @@ -1,66 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <grpc/support/port_platform.h> - -#include "src/core/tsi/alts/frame_protector/alts_crypter.h" - -#include <string.h> - -#include <grpc/support/alloc.h> - -static void maybe_copy_error_msg(const char* src, char** dst) { - if (dst != nullptr && src != nullptr) { - *dst = static_cast<char*>(gpr_malloc(strlen(src) + 1)); - memcpy(*dst, src, strlen(src) + 1); - } -} - -grpc_status_code alts_crypter_process_in_place( - alts_crypter* crypter, unsigned char* data, size_t data_allocated_size, - size_t data_size, size_t* output_size, char** error_details) { - if (crypter != nullptr && crypter->vtable != nullptr && - crypter->vtable->process_in_place != nullptr) { - return crypter->vtable->process_in_place(crypter, data, data_allocated_size, - data_size, output_size, - error_details); - } - /* An error occurred. */ - const char error_msg[] = - "crypter or crypter->vtable has not been initialized properly."; - maybe_copy_error_msg(error_msg, error_details); - return GRPC_STATUS_INVALID_ARGUMENT; -} - -size_t alts_crypter_num_overhead_bytes(const alts_crypter* crypter) { - if (crypter != nullptr && crypter->vtable != nullptr && - crypter->vtable->num_overhead_bytes != nullptr) { - return crypter->vtable->num_overhead_bytes(crypter); - } - /* An error occurred. */ - return 0; -} - -void alts_crypter_destroy(alts_crypter* crypter) { - if (crypter != nullptr) { - if (crypter->vtable != nullptr && crypter->vtable->destruct != nullptr) { - crypter->vtable->destruct(crypter); - } - gpr_free(crypter); - } -} diff --git a/src/core/tsi/alts/frame_protector/alts_crypter.h b/src/core/tsi/alts/frame_protector/alts_crypter.h deleted file mode 100644 index 3140778f4f..0000000000 --- a/src/core/tsi/alts/frame_protector/alts_crypter.h +++ /dev/null @@ -1,255 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef GRPC_CORE_TSI_ALTS_FRAME_PROTECTOR_ALTS_CRYPTER_H -#define GRPC_CORE_TSI_ALTS_FRAME_PROTECTOR_ALTS_CRYPTER_H - -#include <grpc/support/port_platform.h> - -#include <stdbool.h> -#include <string.h> - -#include <grpc/grpc.h> - -#include "src/core/tsi/alts/crypt/gsec.h" - -/** - * An alts_crypter interface for an ALTS record protocol providing - * seal/unseal functionality. The interface is thread-compatible. - */ - -typedef struct alts_crypter alts_crypter; - -/** - * A typical usage of the interface would be - *------------------------------------------------------------------------------ - * // Perform a seal operation. We assume the gsec_aead_crypter instance - - * // client_aead_crypter is created beforehand with a 16-byte key and 12-byte - * // nonce length. - * - * alts_crypter* client = nullptr; - * char* client_error_in_creation = nullptr; - * unsigned char* data = nullptr; - * grpc_status_code client_status = - * alts_seal_crypter_create(client_aead_crypter, 1, 5, &client, - * &client_error_in_creation); - * if (client_status == GRPC_STATUS_OK) { - * size_t data_size = 100; - * size_t num_overhead_bytes = alts_crypter_num_overhead_bytes(client); - * size_t data_allocated_size = data_size + num_overhead_bytes; - * data = gpr_malloc(data_allocated_size); - * char* client_error_in_seal = nullptr; - * // Client performs a seal operation. - * client_status = alts_crypter_process_in_place(client, data, - * data_allocated_size, - * &data_size, - * &client_error_in_seal); - * if (client_status != GRPC_STATUS_OK) { - * fprintf(stderr, "seal operation failed with error code:" - * "%d, message: %s\n", client_status, - * client_error_in_seal); - * } - * gpr_free(client_error_in_seal); - * } else { - * fprintf(stderr, "alts_crypter instance creation failed with error" - * "code: %d, message: %s\n", client_status, - * client_error_in_creation); - * } - * - * ... - * - * gpr_free(client_error_in_creation); - * alts_crypter_destroy(client); - * - * ... - * - * // Perform an unseal operation. We assume the gsec_aead_crypter instance - - * // server_aead_crypter is created beforehand with a 16-byte key and 12-byte - * // nonce length. The key used in the creation of gsec_aead_crypter instances - * // at server and client sides should be identical. - * - * alts_crypter* server = nullptr; - * char* server_error_in_creation = nullptr; - * grpc_status_code server_status = - * alts_unseal_crypter_create(server_aead_crypter, 0, 5, &server, - * &server_error_in_creation); - * if (server_status == GRPC_STATUS_OK) { - * size_t num_overhead_bytes = alts_crypter_num_overhead_bytes(server); - * size_t data_size = 100 + num_overhead_bytes; - * size_t data_allocated_size = data_size; - * char* server_error_in_unseal = nullptr; - * // Server performs an unseal operation. - * server_status = alts_crypter_process_in_place(server, data, - * data_allocated_size, - * &data_size, - * &server_error_in_unseal); - * if (server_status != GRPC_STATUS_OK) { - * fprintf(stderr, "unseal operation failed with error code:" - * "%d, message: %s\n", server_status, - * server_error_in_unseal); - * } - * gpr_free(server_error_in_unseal); - * } else { - * fprintf(stderr, "alts_crypter instance creation failed with error" - * "code: %d, message: %s\n", server_status, - * server_error_in_creation); - * } - * - * ... - * - * gpr_free(data); - * gpr_free(server_error_in_creation); - * alts_crypter_destroy(server); - * - * ... - *------------------------------------------------------------------------------ - */ - -/* V-table for alts_crypter operations */ -typedef struct alts_crypter_vtable { - size_t (*num_overhead_bytes)(const alts_crypter* crypter); - grpc_status_code (*process_in_place)(alts_crypter* crypter, - unsigned char* data, - size_t data_allocated_size, - size_t data_size, size_t* output_size, - char** error_details); - void (*destruct)(alts_crypter* crypter); -} alts_crypter_vtable; - -/* Main struct for alts_crypter interface */ -struct alts_crypter { - const alts_crypter_vtable* vtable; -}; - -/** - * This method gets the number of overhead bytes needed for sealing data that - * is the difference in size between the protected and raw data. The counter - * value used in a seal or unseal operation is locally maintained (not sent or - * received from the other peer) and therefore, will not be counted as part of - * overhead bytes. - * - * - crypter: an alts_crypter instance. - * - * On success, the method returns the number of overhead bytes. Otherwise, it - * returns zero. - * - */ -size_t alts_crypter_num_overhead_bytes(const alts_crypter* crypter); - -/** - * This method performs either a seal or an unseal operation depending on the - * alts_crypter instance - crypter passed to the method. If the crypter is - * an instance implementing a seal operation, the method will perform a seal - * operation. That is, it seals raw data and stores the result in-place, and the - * memory allocated for data must be at least data_length + - * alts_crypter_num_overhead_bytes(). If the crypter is an instance - * implementing an unseal operation, the method will perform an unseal - * operation. That is, it unseals protected data and stores the result in-place. - * The size of unsealed data will be data_length - - * alts_crypter_num_overhead_bytes(). Integrity tag will be verified during - * the unseal operation, and if verification fails, the data will be wiped. - * The counters used in both seal and unseal operations are managed internally. - * - * - crypter: an alts_crypter instance. - * - data: if the method performs a seal operation, the data represents raw data - * that needs to be sealed. It also plays the role of buffer to hold the - * protected data as a result of seal. If the method performs an unseal - * operation, the data represents protected data that needs to be unsealed. It - * also plays the role of buffer to hold raw data as a result of unseal. - * - data_allocated_size: the size of data buffer. The parameter is used to - * check whether the result of either seal or unseal can be safely written to - * the data buffer. - * - data_size: if the method performs a seal operation, data_size - * represents the size of raw data that needs to be sealed, and if the method - * performs an unseal operation, data_size represents the size of protected - * data that needs to be unsealed. - * - output_size: size of data written to the data buffer after a seal or an - * unseal operation. - * - error_details: a buffer containing an error message if the method does not - * function correctly. It is legal to pass nullptr into error_details and - * otherwise, the parameter should be freed with gpr_free. - * - * On success, the method returns GRPC_STATUS_OK. Otherwise, - * it returns an error status code along with its details specified in - * error_details (if error_details is not nullptr). - */ -grpc_status_code alts_crypter_process_in_place( - alts_crypter* crypter, unsigned char* data, size_t data_allocated_size, - size_t data_size, size_t* output_size, char** error_details); - -/** - * This method creates an alts_crypter instance to be used to perform a seal - * operation, given a gsec_aead_crypter instance and a flag indicating if the - * created instance will be used at the client or server side. It takes - * ownership of gsec_aead_crypter instance. - * - * - gc: a gsec_aead_crypter instance used to perform AEAD encryption. - * - is_client: a flag indicating if the alts_crypter instance will be - * used at the client (is_client = true) or server (is_client = - * false) side. - * - overflow_size: overflow size of counter in bytes. - * - crypter: an alts_crypter instance to be returned from the method. - * - error_details: a buffer containing an error message if the method does - * not function correctly. It is legal to pass nullptr into error_details, and - * otherwise, the parameter should be freed with gpr_free. - * - * On success of creation, the method returns GRPC_STATUS_OK. - * Otherwise, it returns an error status code along with its details specified - * in error_details (if error_details is not nullptr). - */ -grpc_status_code alts_seal_crypter_create(gsec_aead_crypter* gc, bool is_client, - size_t overflow_size, - alts_crypter** crypter, - char** error_details); - -/** - * This method creates an alts_crypter instance used to perform an unseal - * operation, given a gsec_aead_crypter instance and a flag indicating if the - * created instance will be used at the client or server side. It takes - * ownership of gsec_aead_crypter instance. - * - * - gc: a gsec_aead_crypter instance used to perform AEAD decryption. - * - is_client: a flag indicating if the alts_crypter instance will be - * used at the client (is_client = true) or server (is_client = - * false) side. - * - overflow_size: overflow size of counter in bytes. - * - crypter: an alts_crypter instance to be returned from the method. - * - error_details: a buffer containing an error message if the method does - * not function correctly. It is legal to pass nullptr into error_details, and - * otherwise, the parameter should be freed with gpr_free. - * - * On success of creation, the method returns GRPC_STATUS_OK. - * Otherwise, it returns an error status code along with its details specified - * in error_details (if error_details is not nullptr). - */ -grpc_status_code alts_unseal_crypter_create(gsec_aead_crypter* gc, - bool is_client, - size_t overflow_size, - alts_crypter** crypter, - char** error_details); - -/** - * This method destroys an alts_crypter instance by de-allocating all of its - * occupied memory. A gsec_aead_crypter instance passed in at alts_crypter - * instance creation time will be destroyed in this method. - * - * - crypter: an alts_crypter instance. - */ -void alts_crypter_destroy(alts_crypter* crypter); - -#endif /* GRPC_CORE_TSI_ALTS_FRAME_PROTECTOR_ALTS_CRYPTER_H */ diff --git a/src/core/tsi/alts/frame_protector/alts_frame_protector.cc b/src/core/tsi/alts/frame_protector/alts_frame_protector.cc deleted file mode 100644 index bfa0b7a720..0000000000 --- a/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +++ /dev/null @@ -1,407 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <grpc/support/port_platform.h> - -#include "src/core/tsi/alts/frame_protector/alts_frame_protector.h" - -#include <stdio.h> -#include <stdlib.h> - -#include <grpc/support/alloc.h> -#include <grpc/support/log.h> - -#include "src/core/lib/gpr/useful.h" -#include "src/core/tsi/alts/crypt/gsec.h" -#include "src/core/tsi/alts/frame_protector/alts_crypter.h" -#include "src/core/tsi/alts/frame_protector/frame_handler.h" -#include "src/core/tsi/transport_security.h" - -constexpr size_t kMinFrameLength = 1024; -constexpr size_t kDefaultFrameLength = 16 * 1024; -constexpr size_t kMaxFrameLength = 1024 * 1024; - -// Limit k on number of frames such that at most 2^(8 * k) frames can be sent. -constexpr size_t kAltsRecordProtocolRekeyFrameLimit = 8; -constexpr size_t kAltsRecordProtocolFrameLimit = 5; - -/* Main struct for alts_frame_protector. */ -struct alts_frame_protector { - tsi_frame_protector base; - alts_crypter* seal_crypter; - alts_crypter* unseal_crypter; - alts_frame_writer* writer; - alts_frame_reader* reader; - unsigned char* in_place_protect_buffer; - unsigned char* in_place_unprotect_buffer; - size_t in_place_protect_bytes_buffered; - size_t in_place_unprotect_bytes_processed; - size_t max_protected_frame_size; - size_t max_unprotected_frame_size; - size_t overhead_length; - size_t counter_overflow; -}; - -static tsi_result seal(alts_frame_protector* impl) { - char* error_details = nullptr; - size_t output_size = 0; - grpc_status_code status = alts_crypter_process_in_place( - impl->seal_crypter, impl->in_place_protect_buffer, - impl->max_protected_frame_size, impl->in_place_protect_bytes_buffered, - &output_size, &error_details); - impl->in_place_protect_bytes_buffered = output_size; - if (status != GRPC_STATUS_OK) { - gpr_log(GPR_ERROR, "%s", error_details); - gpr_free(error_details); - return TSI_INTERNAL_ERROR; - } - return TSI_OK; -} - -static size_t max_encrypted_payload_bytes(alts_frame_protector* impl) { - return impl->max_protected_frame_size - kFrameHeaderSize; -} - -static tsi_result alts_protect_flush(tsi_frame_protector* self, - unsigned char* protected_output_frames, - size_t* protected_output_frames_size, - size_t* still_pending_size) { - if (self == nullptr || protected_output_frames == nullptr || - protected_output_frames_size == nullptr || - still_pending_size == nullptr) { - gpr_log(GPR_ERROR, "Invalid nullptr arguments to alts_protect_flush()."); - return TSI_INVALID_ARGUMENT; - } - alts_frame_protector* impl = reinterpret_cast<alts_frame_protector*>(self); - /** - * If there's nothing to flush (i.e., in_place_protect_buffer is empty), - * we're done. - */ - if (impl->in_place_protect_bytes_buffered == 0) { - *protected_output_frames_size = 0; - *still_pending_size = 0; - return TSI_OK; - } - /** - * If a new frame can start being processed, we encrypt the payload and reset - * the frame writer to point to in_place_protect_buffer that holds the newly - * sealed frame. - */ - if (alts_is_frame_writer_done(impl->writer)) { - tsi_result result = seal(impl); - if (result != TSI_OK) { - return result; - } - if (!alts_reset_frame_writer(impl->writer, impl->in_place_protect_buffer, - impl->in_place_protect_bytes_buffered)) { - gpr_log(GPR_ERROR, "Couldn't reset frame writer."); - return TSI_INTERNAL_ERROR; - } - } - /** - * Write the sealed frame as much as possible to protected_output_frames. It's - * possible a frame will not be written out completely by a single flush - * (i.e., still_pending_size != 0), in which case the flush should be called - * iteratively until a complete frame has been written out. - */ - size_t written_frame_bytes = *protected_output_frames_size; - if (!alts_write_frame_bytes(impl->writer, protected_output_frames, - &written_frame_bytes)) { - gpr_log(GPR_ERROR, "Couldn't write frame bytes."); - return TSI_INTERNAL_ERROR; - } - *protected_output_frames_size = written_frame_bytes; - *still_pending_size = alts_get_num_writer_bytes_remaining(impl->writer); - /** - * If the current frame has been finished processing (i.e., sealed and written - * out completely), we empty in_place_protect_buffer. - */ - if (alts_is_frame_writer_done(impl->writer)) { - impl->in_place_protect_bytes_buffered = 0; - } - return TSI_OK; -} - -static tsi_result alts_protect(tsi_frame_protector* self, - const unsigned char* unprotected_bytes, - size_t* unprotected_bytes_size, - unsigned char* protected_output_frames, - size_t* protected_output_frames_size) { - if (self == nullptr || unprotected_bytes == nullptr || - unprotected_bytes_size == nullptr || protected_output_frames == nullptr || - protected_output_frames_size == nullptr) { - gpr_log(GPR_ERROR, "Invalid nullptr arguments to alts_protect()."); - return TSI_INVALID_ARGUMENT; - } - alts_frame_protector* impl = reinterpret_cast<alts_frame_protector*>(self); - - /** - * If more payload can be buffered, we buffer it as much as possible to - * in_place_protect_buffer. - */ - if (impl->in_place_protect_bytes_buffered + impl->overhead_length < - max_encrypted_payload_bytes(impl)) { - size_t bytes_to_buffer = GPR_MIN(*unprotected_bytes_size, - max_encrypted_payload_bytes(impl) - - impl->in_place_protect_bytes_buffered - - impl->overhead_length); - *unprotected_bytes_size = bytes_to_buffer; - if (bytes_to_buffer > 0) { - memcpy( - impl->in_place_protect_buffer + impl->in_place_protect_bytes_buffered, - unprotected_bytes, bytes_to_buffer); - impl->in_place_protect_bytes_buffered += bytes_to_buffer; - } - } else { - *unprotected_bytes_size = 0; - } - /** - * If a full frame has been buffered, we output it. If the first condition - * holds, then there exists an unencrypted full frame. If the second - * condition holds, then there exists a full frame that has already been - * encrypted. - */ - if (max_encrypted_payload_bytes(impl) == - impl->in_place_protect_bytes_buffered + impl->overhead_length || - max_encrypted_payload_bytes(impl) == - impl->in_place_protect_bytes_buffered) { - size_t still_pending_size = 0; - return alts_protect_flush(self, protected_output_frames, - protected_output_frames_size, - &still_pending_size); - } else { - *protected_output_frames_size = 0; - return TSI_OK; - } -} - -static tsi_result unseal(alts_frame_protector* impl) { - char* error_details = nullptr; - size_t output_size = 0; - grpc_status_code status = alts_crypter_process_in_place( - impl->unseal_crypter, impl->in_place_unprotect_buffer, - impl->max_unprotected_frame_size, - alts_get_output_bytes_read(impl->reader), &output_size, &error_details); - if (status != GRPC_STATUS_OK) { - gpr_log(GPR_ERROR, "%s", error_details); - gpr_free(error_details); - return TSI_DATA_CORRUPTED; - } - return TSI_OK; -} - -static void ensure_buffer_size(alts_frame_protector* impl) { - if (!alts_has_read_frame_length(impl->reader)) { - return; - } - size_t buffer_space_remaining = impl->max_unprotected_frame_size - - alts_get_output_bytes_read(impl->reader); - /** - * Check if we need to resize in_place_unprotect_buffer in order to hold - * remaining bytes of a full frame. - */ - if (buffer_space_remaining < alts_get_reader_bytes_remaining(impl->reader)) { - size_t buffer_len = alts_get_output_bytes_read(impl->reader) + - alts_get_reader_bytes_remaining(impl->reader); - unsigned char* buffer = static_cast<unsigned char*>(gpr_malloc(buffer_len)); - memcpy(buffer, impl->in_place_unprotect_buffer, - alts_get_output_bytes_read(impl->reader)); - impl->max_unprotected_frame_size = buffer_len; - gpr_free(impl->in_place_unprotect_buffer); - impl->in_place_unprotect_buffer = buffer; - alts_reset_reader_output_buffer( - impl->reader, buffer + alts_get_output_bytes_read(impl->reader)); - } -} - -static tsi_result alts_unprotect(tsi_frame_protector* self, - const unsigned char* protected_frames_bytes, - size_t* protected_frames_bytes_size, - unsigned char* unprotected_bytes, - size_t* unprotected_bytes_size) { - if (self == nullptr || protected_frames_bytes == nullptr || - protected_frames_bytes_size == nullptr || unprotected_bytes == nullptr || - unprotected_bytes_size == nullptr) { - gpr_log(GPR_ERROR, "Invalid nullptr arguments to alts_unprotect()."); - return TSI_INVALID_ARGUMENT; - } - alts_frame_protector* impl = reinterpret_cast<alts_frame_protector*>(self); - /** - * If a new frame can start being processed, we reset the frame reader to - * point to in_place_unprotect_buffer that will be used to hold deframed - * result. - */ - if (alts_is_frame_reader_done(impl->reader) && - ((alts_get_output_buffer(impl->reader) == nullptr) || - (alts_get_output_bytes_read(impl->reader) == - impl->in_place_unprotect_bytes_processed + impl->overhead_length))) { - if (!alts_reset_frame_reader(impl->reader, - impl->in_place_unprotect_buffer)) { - gpr_log(GPR_ERROR, "Couldn't reset frame reader."); - return TSI_INTERNAL_ERROR; - } - impl->in_place_unprotect_bytes_processed = 0; - } - /** - * If a full frame has not yet been read, we read more bytes from - * protected_frames_bytes until a full frame has been read. We also need to - * make sure in_place_unprotect_buffer is large enough to hold a complete - * frame. - */ - if (!alts_is_frame_reader_done(impl->reader)) { - ensure_buffer_size(impl); - *protected_frames_bytes_size = - GPR_MIN(impl->max_unprotected_frame_size - - alts_get_output_bytes_read(impl->reader), - *protected_frames_bytes_size); - size_t read_frames_bytes_size = *protected_frames_bytes_size; - if (!alts_read_frame_bytes(impl->reader, protected_frames_bytes, - &read_frames_bytes_size)) { - gpr_log(GPR_ERROR, "Failed to process frame."); - return TSI_INTERNAL_ERROR; - } - *protected_frames_bytes_size = read_frames_bytes_size; - } else { - *protected_frames_bytes_size = 0; - } - /** - * If a full frame has been read, we unseal it, and write out the - * deframed result to unprotected_bytes. - */ - if (alts_is_frame_reader_done(impl->reader)) { - if (impl->in_place_unprotect_bytes_processed == 0) { - tsi_result result = unseal(impl); - if (result != TSI_OK) { - return result; - } - } - size_t bytes_to_write = GPR_MIN( - *unprotected_bytes_size, alts_get_output_bytes_read(impl->reader) - - impl->in_place_unprotect_bytes_processed - - impl->overhead_length); - if (bytes_to_write > 0) { - memcpy(unprotected_bytes, - impl->in_place_unprotect_buffer + - impl->in_place_unprotect_bytes_processed, - bytes_to_write); - } - *unprotected_bytes_size = bytes_to_write; - impl->in_place_unprotect_bytes_processed += bytes_to_write; - return TSI_OK; - } else { - *unprotected_bytes_size = 0; - return TSI_OK; - } -} - -static void alts_destroy(tsi_frame_protector* self) { - alts_frame_protector* impl = reinterpret_cast<alts_frame_protector*>(self); - if (impl != nullptr) { - alts_crypter_destroy(impl->seal_crypter); - alts_crypter_destroy(impl->unseal_crypter); - gpr_free(impl->in_place_protect_buffer); - gpr_free(impl->in_place_unprotect_buffer); - alts_destroy_frame_writer(impl->writer); - alts_destroy_frame_reader(impl->reader); - gpr_free(impl); - } -} - -static const tsi_frame_protector_vtable alts_frame_protector_vtable = { - alts_protect, alts_protect_flush, alts_unprotect, alts_destroy}; - -static grpc_status_code create_alts_crypters(const uint8_t* key, - size_t key_size, bool is_client, - bool is_rekey, - alts_frame_protector* impl, - char** error_details) { - grpc_status_code status; - gsec_aead_crypter* aead_crypter_seal = nullptr; - gsec_aead_crypter* aead_crypter_unseal = nullptr; - status = gsec_aes_gcm_aead_crypter_create(key, key_size, kAesGcmNonceLength, - kAesGcmTagLength, is_rekey, - &aead_crypter_seal, error_details); - if (status != GRPC_STATUS_OK) { - return status; - } - status = gsec_aes_gcm_aead_crypter_create( - key, key_size, kAesGcmNonceLength, kAesGcmTagLength, is_rekey, - &aead_crypter_unseal, error_details); - if (status != GRPC_STATUS_OK) { - return status; - } - size_t overflow_size = is_rekey ? kAltsRecordProtocolRekeyFrameLimit - : kAltsRecordProtocolFrameLimit; - status = alts_seal_crypter_create(aead_crypter_seal, is_client, overflow_size, - &impl->seal_crypter, error_details); - if (status != GRPC_STATUS_OK) { - return status; - } - status = - alts_unseal_crypter_create(aead_crypter_unseal, is_client, overflow_size, - &impl->unseal_crypter, error_details); - return status; -} - -tsi_result alts_create_frame_protector(const uint8_t* key, size_t key_size, - bool is_client, bool is_rekey, - size_t* max_protected_frame_size, - tsi_frame_protector** self) { - if (key == nullptr || self == nullptr) { - gpr_log(GPR_ERROR, - "Invalid nullptr arguments to alts_create_frame_protector()."); - return TSI_INTERNAL_ERROR; - } - char* error_details = nullptr; - alts_frame_protector* impl = - static_cast<alts_frame_protector*>(gpr_zalloc(sizeof(*impl))); - grpc_status_code status = create_alts_crypters( - key, key_size, is_client, is_rekey, impl, &error_details); - if (status != GRPC_STATUS_OK) { - gpr_log(GPR_ERROR, "Failed to create ALTS crypters, %s.", error_details); - gpr_free(error_details); - return TSI_INTERNAL_ERROR; - } - /** - * Set maximum frame size to be used by a frame protector. If it is nullptr, a - * default frame size will be used. Otherwise, the provided frame size will be - * adjusted (if not falling into a valid frame range) and used. - */ - size_t max_protected_frame_size_to_set = kDefaultFrameLength; - if (max_protected_frame_size != nullptr) { - *max_protected_frame_size = - GPR_MIN(*max_protected_frame_size, kMaxFrameLength); - *max_protected_frame_size = - GPR_MAX(*max_protected_frame_size, kMinFrameLength); - max_protected_frame_size_to_set = *max_protected_frame_size; - } - impl->max_protected_frame_size = max_protected_frame_size_to_set; - impl->max_unprotected_frame_size = max_protected_frame_size_to_set; - impl->in_place_protect_bytes_buffered = 0; - impl->in_place_unprotect_bytes_processed = 0; - impl->in_place_protect_buffer = static_cast<unsigned char*>( - gpr_malloc(sizeof(unsigned char) * max_protected_frame_size_to_set)); - impl->in_place_unprotect_buffer = static_cast<unsigned char*>( - gpr_malloc(sizeof(unsigned char) * max_protected_frame_size_to_set)); - impl->overhead_length = alts_crypter_num_overhead_bytes(impl->seal_crypter); - impl->writer = alts_create_frame_writer(); - impl->reader = alts_create_frame_reader(); - impl->base.vtable = &alts_frame_protector_vtable; - *self = &impl->base; - return TSI_OK; -} diff --git a/src/core/tsi/alts/frame_protector/alts_frame_protector.h b/src/core/tsi/alts/frame_protector/alts_frame_protector.h deleted file mode 100644 index 321bffaed8..0000000000 --- a/src/core/tsi/alts/frame_protector/alts_frame_protector.h +++ /dev/null @@ -1,55 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef GRPC_CORE_TSI_ALTS_FRAME_PROTECTOR_ALTS_FRAME_PROTECTOR_H -#define GRPC_CORE_TSI_ALTS_FRAME_PROTECTOR_ALTS_FRAME_PROTECTOR_H - -#include <grpc/support/port_platform.h> - -#include <stdbool.h> - -#include "src/core/tsi/transport_security_interface.h" - -typedef struct alts_frame_protector alts_frame_protector; - -/** - * TODO: Add a parameter to the interface to support the use of - * different record protocols within a frame protector. - * - * This method creates a frame protector. - * - * - key: a symmetric key used to seal/unseal frames. - * - key_size: the size of symmetric key. - * - is_client: a flag indicating if the frame protector will be used at client - * (is_client = true) or server (is_client = false) side. - * - is_rekey: a flag indicating if the frame protector will use an AEAD with - * rekeying. - * - max_protected_frame_size: an in/out parameter indicating max frame size - * to be used by the frame protector. If it is nullptr, the default frame - * size will be used. Otherwise, the provided frame size will be adjusted (if - * not falling into a valid frame range) and used. - * - self: a pointer to the frame protector returned from the method. - * - * This method returns TSI_OK on success and TSI_INTERNAL_ERROR otherwise. - */ -tsi_result alts_create_frame_protector(const uint8_t* key, size_t key_size, - bool is_client, bool is_rekey, - size_t* max_protected_frame_size, - tsi_frame_protector** self); - -#endif /* GRPC_CORE_TSI_ALTS_FRAME_PROTECTOR_ALTS_FRAME_PROTECTOR_H */ diff --git a/src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc b/src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc deleted file mode 100644 index 0574ed5012..0000000000 --- a/src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc +++ /dev/null @@ -1,114 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <grpc/support/port_platform.h> - -#include "src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h" - -#include <grpc/support/alloc.h> - -static void maybe_copy_error_msg(const char* src, char** dst) { - if (dst != nullptr && src != nullptr) { - *dst = static_cast<char*>(gpr_malloc(strlen(src) + 1)); - memcpy(*dst, src, strlen(src) + 1); - } -} - -grpc_status_code input_sanity_check( - const alts_record_protocol_crypter* rp_crypter, const unsigned char* data, - size_t* output_size, char** error_details) { - if (rp_crypter == nullptr) { - maybe_copy_error_msg("alts_crypter instance is nullptr.", error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } else if (data == nullptr) { - maybe_copy_error_msg("data is nullptr.", error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } else if (output_size == nullptr) { - maybe_copy_error_msg("output_size is nullptr.", error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - return GRPC_STATUS_OK; -} - -grpc_status_code increment_counter(alts_record_protocol_crypter* rp_crypter, - char** error_details) { - bool is_overflow = false; - grpc_status_code status = - alts_counter_increment(rp_crypter->ctr, &is_overflow, error_details); - if (status != GRPC_STATUS_OK) { - return status; - } - if (is_overflow) { - const char error_msg[] = - "crypter counter is wrapped. The connection" - "should be closed and the key should be deleted."; - maybe_copy_error_msg(error_msg, error_details); - return GRPC_STATUS_INTERNAL; - } - return GRPC_STATUS_OK; -} - -size_t alts_record_protocol_crypter_num_overhead_bytes(const alts_crypter* c) { - if (c != nullptr) { - size_t num_overhead_bytes = 0; - char* error_details = nullptr; - const alts_record_protocol_crypter* rp_crypter = - reinterpret_cast<const alts_record_protocol_crypter*>(c); - grpc_status_code status = gsec_aead_crypter_tag_length( - rp_crypter->crypter, &num_overhead_bytes, &error_details); - if (status == GRPC_STATUS_OK) { - return num_overhead_bytes; - } - } - return 0; -} - -void alts_record_protocol_crypter_destruct(alts_crypter* c) { - if (c != nullptr) { - alts_record_protocol_crypter* rp_crypter = - reinterpret_cast<alts_record_protocol_crypter*>(c); - alts_counter_destroy(rp_crypter->ctr); - gsec_aead_crypter_destroy(rp_crypter->crypter); - } -} - -alts_record_protocol_crypter* alts_crypter_create_common( - gsec_aead_crypter* crypter, bool is_client, size_t overflow_size, - char** error_details) { - if (crypter != nullptr) { - auto* rp_crypter = static_cast<alts_record_protocol_crypter*>( - gpr_malloc(sizeof(alts_record_protocol_crypter))); - size_t counter_size = 0; - grpc_status_code status = - gsec_aead_crypter_nonce_length(crypter, &counter_size, error_details); - if (status != GRPC_STATUS_OK) { - return nullptr; - } - /* Create a counter. */ - status = alts_counter_create(is_client, counter_size, overflow_size, - &rp_crypter->ctr, error_details); - if (status != GRPC_STATUS_OK) { - return nullptr; - } - rp_crypter->crypter = crypter; - return rp_crypter; - } - const char error_msg[] = "crypter is nullptr."; - maybe_copy_error_msg(error_msg, error_details); - return nullptr; -} diff --git a/src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h b/src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h deleted file mode 100644 index 682a8f7e7a..0000000000 --- a/src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h +++ /dev/null @@ -1,114 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef GRPC_CORE_TSI_ALTS_FRAME_PROTECTOR_ALTS_RECORD_PROTOCOL_CRYPTER_COMMON_H -#define GRPC_CORE_TSI_ALTS_FRAME_PROTECTOR_ALTS_RECORD_PROTOCOL_CRYPTER_COMMON_H - -#include <grpc/support/port_platform.h> - -#include <grpc/grpc.h> - -#include "src/core/tsi/alts/frame_protector/alts_counter.h" -#include "src/core/tsi/alts/frame_protector/alts_crypter.h" - -/** - * This file contains common implementation that will be used in both seal and - * unseal operations. - */ - -/** - * Main struct for alts_record_protocol_crypter that will be used in both - * seal and unseal operations. - */ -typedef struct alts_record_protocol_crypter { - alts_crypter base; - gsec_aead_crypter* crypter; - alts_counter* ctr; -} alts_record_protocol_crypter; - -/** - * This method performs input sanity checks on a subset of inputs to - * alts_crypter_process_in_place() for both seal and unseal operations. - * - * - rp_crypter: an alts_record_protocol_crypter instance. - * - data: it represents raw data that needs to be sealed in a seal operation or - * protected data that needs to be unsealed in an unseal operation. - * - output_size: size of data written to the data buffer after a seal or - * unseal operation. - * - error_details: a buffer containing an error message if any of checked - * inputs is nullptr. It is legal to pass nullptr into error_details and - * otherwise, the parameter should be freed with gpr_free. - * - * On success, the method returns GRPC_STATUS_OK. Otherwise, - * it returns an error status code along with its details specified in - * error_details (if error_details is not nullptr). - */ -grpc_status_code input_sanity_check( - const alts_record_protocol_crypter* rp_crypter, const unsigned char* data, - size_t* output_size, char** error_details); - -/** - * This method increments the counter within an alts_record_protocol_crypter - * instance. - * - * - rp_crypter: an alts_record_protocol_crypter instance. - * - error_details: a buffer containing an error message if the method does not - * function correctly or the counter is wrapped. It is legal to pass nullptr - * into error_details and otherwise, the parameter should be freed with - * gpr_free. - * - * On success, the method returns GRPC_STATUS_OK. Otherwise, - * it returns an error status code along with its details specified in - * error_details (if error_details is not nullptr). - */ -grpc_status_code increment_counter(alts_record_protocol_crypter* rp_crypter, - char** error_details); - -/** - * This method creates an alts_crypter instance, and populates the fields - * that are common to both seal and unseal operations. - * - * - crypter: a gsec_aead_crypter instance used to perform AEAD decryption. The - * function does not take ownership of crypter. - * - is_client: a flag indicating if the alts_crypter instance will be - * used at the client (is_client = true) or server (is_client = - * false) side. - * - overflow_size: overflow size of counter in bytes. - * - error_details: a buffer containing an error message if the method does - * not function correctly. It is legal to pass nullptr into error_details, and - * otherwise, the parameter should be freed with gpr_free. - * - * On success of creation, the method returns alts_record_protocol_crypter - * instance. Otherwise, it returns nullptr with its details specified in - * error_details (if error_details is not nullptr). - * - */ -alts_record_protocol_crypter* alts_crypter_create_common( - gsec_aead_crypter* crypter, bool is_client, size_t overflow_size, - char** error_details); - -/** - * For the following two methods, please refer to the corresponding API in - * alts_crypter.h for detailed specifications. - */ -size_t alts_record_protocol_crypter_num_overhead_bytes(const alts_crypter* c); - -void alts_record_protocol_crypter_destruct(alts_crypter* c); - -#endif /* GRPC_CORE_TSI_ALTS_FRAME_PROTECTOR_ALTS_RECORD_PROTOCOL_CRYPTER_COMMON_H \ - */ diff --git a/src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc b/src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc deleted file mode 100644 index f407831613..0000000000 --- a/src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc +++ /dev/null @@ -1,105 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <grpc/support/port_platform.h> - -#include <grpc/support/alloc.h> - -#include "src/core/tsi/alts/frame_protector/alts_counter.h" -#include "src/core/tsi/alts/frame_protector/alts_crypter.h" -#include "src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h" - -static void maybe_copy_error_msg(const char* src, char** dst) { - if (dst != nullptr && src != nullptr) { - *dst = static_cast<char*>(gpr_malloc(strlen(src) + 1)); - memcpy(*dst, src, strlen(src) + 1); - } -} - -/* Perform input santity check for a seal operation. */ -static grpc_status_code seal_check(alts_crypter* c, const unsigned char* data, - size_t data_allocated_size, size_t data_size, - size_t* output_size, char** error_details) { - /* Do common input sanity check. */ - grpc_status_code status = input_sanity_check( - reinterpret_cast<const alts_record_protocol_crypter*>(c), data, - output_size, error_details); - if (status != GRPC_STATUS_OK) return status; - /* Do seal-specific check. */ - size_t num_overhead_bytes = - alts_crypter_num_overhead_bytes(reinterpret_cast<const alts_crypter*>(c)); - if (data_size == 0) { - const char error_msg[] = "data_size is zero."; - maybe_copy_error_msg(error_msg, error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - if (data_size + num_overhead_bytes > data_allocated_size) { - const char error_msg[] = - "data_allocated_size is smaller than sum of data_size and " - "num_overhead_bytes."; - maybe_copy_error_msg(error_msg, error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - return GRPC_STATUS_OK; -} - -static grpc_status_code alts_seal_crypter_process_in_place( - alts_crypter* c, unsigned char* data, size_t data_allocated_size, - size_t data_size, size_t* output_size, char** error_details) { - grpc_status_code status = seal_check(c, data, data_allocated_size, data_size, - output_size, error_details); - if (status != GRPC_STATUS_OK) { - return status; - } - /* Do AEAD encryption. */ - alts_record_protocol_crypter* rp_crypter = - reinterpret_cast<alts_record_protocol_crypter*>(c); - status = gsec_aead_crypter_encrypt( - rp_crypter->crypter, alts_counter_get_counter(rp_crypter->ctr), - alts_counter_get_size(rp_crypter->ctr), nullptr /* aad */, - 0 /* aad_length */, data, data_size, data, data_allocated_size, - output_size, error_details); - if (status != GRPC_STATUS_OK) { - return status; - } - /* Increment the crypter counter. */ - return increment_counter(rp_crypter, error_details); -} - -static const alts_crypter_vtable vtable = { - alts_record_protocol_crypter_num_overhead_bytes, - alts_seal_crypter_process_in_place, alts_record_protocol_crypter_destruct}; - -grpc_status_code alts_seal_crypter_create(gsec_aead_crypter* gc, bool is_client, - size_t overflow_size, - alts_crypter** crypter, - char** error_details) { - if (crypter == nullptr) { - const char error_msg[] = "crypter is nullptr."; - maybe_copy_error_msg(error_msg, error_details); - return GRPC_STATUS_FAILED_PRECONDITION; - } - alts_record_protocol_crypter* rp_crypter = - alts_crypter_create_common(gc, !is_client, overflow_size, error_details); - if (rp_crypter == nullptr) { - return GRPC_STATUS_FAILED_PRECONDITION; - } - rp_crypter->base.vtable = &vtable; - *crypter = &rp_crypter->base; - return GRPC_STATUS_OK; -} diff --git a/src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc b/src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc deleted file mode 100644 index 51bea24f1f..0000000000 --- a/src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc +++ /dev/null @@ -1,103 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <grpc/support/port_platform.h> - -#include <grpc/support/alloc.h> - -#include "src/core/tsi/alts/frame_protector/alts_counter.h" -#include "src/core/tsi/alts/frame_protector/alts_crypter.h" -#include "src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h" - -static void maybe_copy_error_msg(const char* src, char** dst) { - if (dst != nullptr && src != nullptr) { - *dst = static_cast<char*>(gpr_malloc(strlen(src) + 1)); - memcpy(*dst, src, strlen(src) + 1); - } -} - -/* Perform input santity check. */ -static grpc_status_code unseal_check(alts_crypter* c, const unsigned char* data, - size_t data_allocated_size, - size_t data_size, size_t* output_size, - char** error_details) { - /* Do common input sanity check. */ - grpc_status_code status = input_sanity_check( - reinterpret_cast<const alts_record_protocol_crypter*>(c), data, - output_size, error_details); - if (status != GRPC_STATUS_OK) { - return status; - } - /* Do unseal-specific input check. */ - size_t num_overhead_bytes = - alts_crypter_num_overhead_bytes(reinterpret_cast<const alts_crypter*>(c)); - if (num_overhead_bytes > data_size) { - const char error_msg[] = "data_size is smaller than num_overhead_bytes."; - maybe_copy_error_msg(error_msg, error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - return GRPC_STATUS_OK; -} - -static grpc_status_code alts_unseal_crypter_process_in_place( - alts_crypter* c, unsigned char* data, size_t data_allocated_size, - size_t data_size, size_t* output_size, char** error_details) { - grpc_status_code status = unseal_check(c, data, data_allocated_size, - data_size, output_size, error_details); - if (status != GRPC_STATUS_OK) { - return status; - } - /* Do AEAD decryption. */ - alts_record_protocol_crypter* rp_crypter = - reinterpret_cast<alts_record_protocol_crypter*>(c); - status = gsec_aead_crypter_decrypt( - rp_crypter->crypter, alts_counter_get_counter(rp_crypter->ctr), - alts_counter_get_size(rp_crypter->ctr), nullptr /* aad */, - 0 /* aad_length */, data, data_size, data, data_allocated_size, - output_size, error_details); - if (status != GRPC_STATUS_OK) { - return status; - } - /* Increment the crypter counter. */ - return increment_counter(rp_crypter, error_details); -} - -static const alts_crypter_vtable vtable = { - alts_record_protocol_crypter_num_overhead_bytes, - alts_unseal_crypter_process_in_place, - alts_record_protocol_crypter_destruct}; - -grpc_status_code alts_unseal_crypter_create(gsec_aead_crypter* gc, - bool is_client, - size_t overflow_size, - alts_crypter** crypter, - char** error_details) { - if (crypter == nullptr) { - const char error_msg[] = "crypter is nullptr."; - maybe_copy_error_msg(error_msg, error_details); - return GRPC_STATUS_FAILED_PRECONDITION; - } - alts_record_protocol_crypter* rp_crypter = - alts_crypter_create_common(gc, is_client, overflow_size, error_details); - if (rp_crypter == nullptr) { - return GRPC_STATUS_FAILED_PRECONDITION; - } - rp_crypter->base.vtable = &vtable; - *crypter = &rp_crypter->base; - return GRPC_STATUS_OK; -} diff --git a/src/core/tsi/alts/frame_protector/frame_handler.cc b/src/core/tsi/alts/frame_protector/frame_handler.cc deleted file mode 100644 index d3fda63b3d..0000000000 --- a/src/core/tsi/alts/frame_protector/frame_handler.cc +++ /dev/null @@ -1,218 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <grpc/support/port_platform.h> - -#include "src/core/tsi/alts/frame_protector/frame_handler.h" - -#include <limits.h> -#include <stdint.h> -#include <string.h> - -#include <grpc/support/alloc.h> -#include <grpc/support/log.h> - -#include "src/core/lib/gpr/useful.h" - -/* Use little endian to interpret a string of bytes as uint32_t. */ -static uint32_t load_32_le(const unsigned char* buffer) { - return (((uint32_t)buffer[3]) << 24) | (((uint32_t)buffer[2]) << 16) | - (((uint32_t)buffer[1]) << 8) | ((uint32_t)buffer[0]); -} - -/* Store uint32_t as a string of little endian bytes. */ -static void store_32_le(uint32_t value, unsigned char* buffer) { - buffer[3] = (unsigned char)(value >> 24) & 0xFF; - buffer[2] = (unsigned char)(value >> 16) & 0xFF; - buffer[1] = (unsigned char)(value >> 8) & 0xFF; - buffer[0] = (unsigned char)(value)&0xFF; -} - -/* Frame writer implementation. */ -alts_frame_writer* alts_create_frame_writer() { - alts_frame_writer* writer = - static_cast<alts_frame_writer*>(gpr_zalloc(sizeof(*writer))); - return writer; -} - -bool alts_reset_frame_writer(alts_frame_writer* writer, - const unsigned char* buffer, size_t length) { - if (buffer == nullptr) return false; - size_t max_input_size = SIZE_MAX - kFrameLengthFieldSize; - if (length > max_input_size) { - gpr_log(GPR_ERROR, "length must be at most %zu", max_input_size); - return false; - } - writer->input_buffer = buffer; - writer->input_size = length; - writer->input_bytes_written = 0; - writer->header_bytes_written = 0; - store_32_le( - static_cast<uint32_t>(writer->input_size + kFrameMessageTypeFieldSize), - writer->header_buffer); - store_32_le(kFrameMessageType, writer->header_buffer + kFrameLengthFieldSize); - return true; -} - -bool alts_write_frame_bytes(alts_frame_writer* writer, unsigned char* output, - size_t* bytes_size) { - if (bytes_size == nullptr || output == nullptr) return false; - if (alts_is_frame_writer_done(writer)) { - *bytes_size = 0; - return true; - } - size_t bytes_written = 0; - /* Write some header bytes, if needed. */ - if (writer->header_bytes_written != sizeof(writer->header_buffer)) { - size_t bytes_to_write = - GPR_MIN(*bytes_size, - sizeof(writer->header_buffer) - writer->header_bytes_written); - memcpy(output, writer->header_buffer + writer->header_bytes_written, - bytes_to_write); - bytes_written += bytes_to_write; - *bytes_size -= bytes_to_write; - writer->header_bytes_written += bytes_to_write; - output += bytes_to_write; - if (writer->header_bytes_written != sizeof(writer->header_buffer)) { - *bytes_size = bytes_written; - return true; - } - } - /* Write some non-header bytes. */ - size_t bytes_to_write = - GPR_MIN(writer->input_size - writer->input_bytes_written, *bytes_size); - memcpy(output, writer->input_buffer, bytes_to_write); - writer->input_buffer += bytes_to_write; - bytes_written += bytes_to_write; - writer->input_bytes_written += bytes_to_write; - *bytes_size = bytes_written; - return true; -} - -bool alts_is_frame_writer_done(alts_frame_writer* writer) { - return writer->input_buffer == nullptr || - writer->input_size == writer->input_bytes_written; -} - -size_t alts_get_num_writer_bytes_remaining(alts_frame_writer* writer) { - return (sizeof(writer->header_buffer) - writer->header_bytes_written) + - (writer->input_size - writer->input_bytes_written); -} - -void alts_destroy_frame_writer(alts_frame_writer* writer) { gpr_free(writer); } - -/* Frame reader implementation. */ -alts_frame_reader* alts_create_frame_reader() { - alts_frame_reader* reader = - static_cast<alts_frame_reader*>(gpr_zalloc(sizeof(*reader))); - return reader; -} - -bool alts_is_frame_reader_done(alts_frame_reader* reader) { - return reader->output_buffer == nullptr || - (reader->header_bytes_read == sizeof(reader->header_buffer) && - reader->bytes_remaining == 0); -} - -bool alts_has_read_frame_length(alts_frame_reader* reader) { - return sizeof(reader->header_buffer) == reader->header_bytes_read; -} - -size_t alts_get_reader_bytes_remaining(alts_frame_reader* reader) { - return alts_has_read_frame_length(reader) ? reader->bytes_remaining : 0; -} - -void alts_reset_reader_output_buffer(alts_frame_reader* reader, - unsigned char* buffer) { - reader->output_buffer = buffer; -} - -bool alts_reset_frame_reader(alts_frame_reader* reader, unsigned char* buffer) { - if (buffer == nullptr) return false; - reader->output_buffer = buffer; - reader->bytes_remaining = 0; - reader->header_bytes_read = 0; - reader->output_bytes_read = 0; - return true; -} - -bool alts_read_frame_bytes(alts_frame_reader* reader, - const unsigned char* bytes, size_t* bytes_size) { - if (bytes_size == nullptr) return false; - if (bytes == nullptr) { - *bytes_size = 0; - return false; - } - if (alts_is_frame_reader_done(reader)) { - *bytes_size = 0; - return true; - } - size_t bytes_processed = 0; - /* Process the header, if needed. */ - if (reader->header_bytes_read != sizeof(reader->header_buffer)) { - size_t bytes_to_write = GPR_MIN( - *bytes_size, sizeof(reader->header_buffer) - reader->header_bytes_read); - memcpy(reader->header_buffer + reader->header_bytes_read, bytes, - bytes_to_write); - reader->header_bytes_read += bytes_to_write; - bytes_processed += bytes_to_write; - bytes += bytes_to_write; - *bytes_size -= bytes_to_write; - if (reader->header_bytes_read != sizeof(reader->header_buffer)) { - *bytes_size = bytes_processed; - return true; - } - size_t frame_length = load_32_le(reader->header_buffer); - if (frame_length < kFrameMessageTypeFieldSize || - frame_length > kFrameMaxSize) { - gpr_log(GPR_ERROR, - "Bad frame length (should be at least %zu, and at most %zu)", - kFrameMessageTypeFieldSize, kFrameMaxSize); - *bytes_size = 0; - return false; - } - size_t message_type = - load_32_le(reader->header_buffer + kFrameLengthFieldSize); - if (message_type != kFrameMessageType) { - gpr_log(GPR_ERROR, "Unsupported message type %zu (should be %zu)", - message_type, kFrameMessageType); - *bytes_size = 0; - return false; - } - reader->bytes_remaining = frame_length - kFrameMessageTypeFieldSize; - } - /* Process the non-header bytes. */ - size_t bytes_to_write = GPR_MIN(*bytes_size, reader->bytes_remaining); - memcpy(reader->output_buffer, bytes, bytes_to_write); - reader->output_buffer += bytes_to_write; - bytes_processed += bytes_to_write; - reader->bytes_remaining -= bytes_to_write; - reader->output_bytes_read += bytes_to_write; - *bytes_size = bytes_processed; - return true; -} - -size_t alts_get_output_bytes_read(alts_frame_reader* reader) { - return reader->output_bytes_read; -} - -unsigned char* alts_get_output_buffer(alts_frame_reader* reader) { - return reader->output_buffer; -} - -void alts_destroy_frame_reader(alts_frame_reader* reader) { gpr_free(reader); } diff --git a/src/core/tsi/alts/frame_protector/frame_handler.h b/src/core/tsi/alts/frame_protector/frame_handler.h deleted file mode 100644 index a703ff40d3..0000000000 --- a/src/core/tsi/alts/frame_protector/frame_handler.h +++ /dev/null @@ -1,236 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef GRPC_CORE_TSI_ALTS_FRAME_PROTECTOR_FRAME_HANDLER_H -#define GRPC_CORE_TSI_ALTS_FRAME_PROTECTOR_FRAME_HANDLER_H - -#include <grpc/support/port_platform.h> - -#include <stdbool.h> -#include <stdlib.h> - -const size_t kFrameMessageType = 0x06; -const size_t kFrameLengthFieldSize = 4; -const size_t kFrameMessageTypeFieldSize = 4; -const size_t kFrameMaxSize = 1024 * 1024; -const size_t kFrameHeaderSize = - kFrameLengthFieldSize + kFrameMessageTypeFieldSize; - -/** - * Implementation of frame reader and frame writer. All APIs in the - * header are thread-compatible. - */ - -/** - * Main struct for a frame writer. It reads frames from an input buffer, and - * writes the contents as raw bytes. It does not own the input buffer. - */ -typedef struct alts_frame_writer { - const unsigned char* input_buffer; - unsigned char header_buffer[kFrameHeaderSize]; - size_t input_bytes_written; - size_t header_bytes_written; - size_t input_size; -} alts_frame_writer; - -/** - * Main struct for a frame reader. It reads raw bytes and puts the framed - * result into an output buffer. It does not own the output buffer. - */ -typedef struct alts_frame_reader { - unsigned char* output_buffer; - unsigned char header_buffer[kFrameHeaderSize]; - size_t header_bytes_read; - size_t output_bytes_read; - size_t bytes_remaining; -} alts_frame_reader; - -/** - * This method creates a frame writer instance and initializes its internal - * states. - */ -alts_frame_writer* alts_create_frame_writer(); - -/** - * This method resets internal states of a frame writer and prepares to write - * a single frame. It does not take ownership of payload_buffer. - * The payload_buffer must outlive the writer. - * - * - writer: a frame writer instance. - * - buffer: a buffer storing full payload data to be framed. - * - length: size of payload data. - * - * The method returns true on success and false otherwise. - */ -bool alts_reset_frame_writer(alts_frame_writer* writer, - const unsigned char* buffer, size_t length); - -/** - * This method writes up to bytes_size bytes of a frame to output. - * - * - writer: a frame writer instance. - * - output: an output buffer used to store the frame. - * - bytes_size: an in/out parameter that stores the size of output buffer - * before the call, and gets written the number of frame bytes written to the - * buffer. - * - * The method returns true on success and false otherwise. - */ -bool alts_write_frame_bytes(alts_frame_writer* writer, unsigned char* output, - size_t* bytes_size); - -/** - * This method checks if a reset can be called to write a new frame. It returns - * true if it's the first time to frame a payload, or the current frame has - * been finished processing. It returns false if it's not ready yet to start a - * new frame (e.g., more payload data needs to be accumulated to process the - * current frame). - * - * if (alts_is_frame_writer_done(writer)) { - * // a new frame can be written, call reset. - * alts_reset_frame_writer(writer, payload_buffer, payload_size); - * } else { - * // accumulate more payload data until a full frame can be written. - * } - * - * - writer: a frame writer instance. - */ -bool alts_is_frame_writer_done(alts_frame_writer* writer); - -/** - * This method returns the number of bytes left to write before a complete frame - * is formed. - * - * - writer: a frame writer instance. - */ -size_t alts_get_num_writer_bytes_remaining(alts_frame_writer* writer); - -/** - * This method destroys a frame writer instance. - * - * - writer: a frame writer instance. - */ -void alts_destroy_frame_writer(alts_frame_writer* writer); - -/** - * This method creates a frame reader instance and initializes its internal - * states. - */ -alts_frame_reader* alts_create_frame_reader(); - -/** - * This method resets internal states of a frame reader (including setting its - * output_buffer with buffer), and prepares to write processed bytes to - * an output_buffer. It does not take ownership of buffer. The buffer must - * outlive reader. - * - * - reader: a frame reader instance. - * - buffer: an output buffer used to store deframed results. - * - * The method returns true on success and false otherwise. - */ -bool alts_reset_frame_reader(alts_frame_reader* reader, unsigned char* buffer); - -/** - * This method processes up to the number of bytes given in bytes_size. It may - * choose not to process all the bytes, if, for instance, more bytes are - * given to the method than required to complete the current frame. - * - * - reader: a frame reader instance. - * - bytes: a buffer that stores data to be processed. - * - bytes_size: an in/out parameter that stores the size of bytes before the - * call and gets written the number of bytes processed. - * - * The method returns true on success and false otherwise. - */ -bool alts_read_frame_bytes(alts_frame_reader* reader, - const unsigned char* bytes, size_t* bytes_size); - -/** - * This method checks if a frame length has been read. - * - * - reader: a frame reader instance. - * - * The method returns true if a frame length has been read and false otherwise. - */ -bool alts_has_read_frame_length(alts_frame_reader* reader); - -/** - * This method returns the number of bytes the frame reader intends to write. - * It may only be called if alts_has_read_frame_length() returns true. - * - * - reader: a frame reader instance. - */ -size_t alts_get_reader_bytes_remaining(alts_frame_reader* reader); - -/** - * This method resets output_buffer but does not otherwise modify other internal - * states of a frame reader instance. After being set, the new output_buffer - * will hold the deframed payload held by the original output_buffer. It does - * not take ownership of buffer. The buffer must outlive the reader. - * To distinguish between two reset methods on a frame reader, - * - * if (alts_fh_is_frame_reader_done(reader)) { - * // if buffer contains a full payload to be deframed, call reset. - * alts_reset_frame_reader(reader, buffer); - * } - * - * // if remaining buffer space is not enough to hold a full payload - * if (buffer_space_remaining < alts_get_reader_bytes_remaining(reader)) { - * // allocate enough space for a new buffer, copy back data processed so far, - * // and call reset. - * alts_reset_reader_output_buffer(reader, new_buffer). - * } - * - * - reader: a frame reader instance. - * - buffer: a buffer used to set reader's output_buffer. - */ -void alts_reset_reader_output_buffer(alts_frame_reader* reader, - unsigned char* buffer); - -/** - * This method checks if reset can be called to start processing a new frame. - * If true and reset was previously called, a full frame has been processed and - * the content of the frame is available in output_buffer. - - * - reader: a frame reader instance. - */ -bool alts_is_frame_reader_done(alts_frame_reader* reader); - -/** - * This method returns output_bytes_read of a frame reader instance. - * - * - reader: a frame reader instance. - */ -size_t alts_get_output_bytes_read(alts_frame_reader* reader); - -/** - * This method returns output_buffer of a frame reader instance. - * - * - reader: a frame reader instance. - */ -unsigned char* alts_get_output_buffer(alts_frame_reader* reader); - -/** - * This method destroys a frame reader instance. - * - * - reader: a frame reader instance. - */ -void alts_destroy_frame_reader(alts_frame_reader* reader); - -#endif /* GRPC_CORE_TSI_ALTS_FRAME_PROTECTOR_FRAME_HANDLER_H */ diff --git a/src/core/tsi/alts/handshaker/alts_handshaker_client.cc b/src/core/tsi/alts/handshaker/alts_handshaker_client.cc deleted file mode 100644 index 40f30e41ca..0000000000 --- a/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +++ /dev/null @@ -1,316 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <grpc/support/port_platform.h> - -#include "src/core/tsi/alts/handshaker/alts_handshaker_client.h" - -#include <grpc/byte_buffer.h> -#include <grpc/support/alloc.h> -#include <grpc/support/log.h> - -#include "src/core/tsi/alts/handshaker/alts_handshaker_service_api.h" - -const int kHandshakerClientOpNum = 4; - -typedef struct alts_grpc_handshaker_client { - alts_handshaker_client base; - grpc_call* call; - alts_grpc_caller grpc_caller; -} alts_grpc_handshaker_client; - -static grpc_call_error grpc_start_batch(grpc_call* call, const grpc_op* ops, - size_t nops, void* tag) { - return grpc_call_start_batch(call, ops, nops, tag, nullptr); -} - -/** - * Populate grpc operation data with the fields of ALTS TSI event and make a - * grpc call. - */ -static tsi_result make_grpc_call(alts_handshaker_client* client, - alts_tsi_event* event, bool is_start) { - GPR_ASSERT(client != nullptr && event != nullptr); - alts_grpc_handshaker_client* grpc_client = - reinterpret_cast<alts_grpc_handshaker_client*>(client); - grpc_op ops[kHandshakerClientOpNum]; - memset(ops, 0, sizeof(ops)); - grpc_op* op = ops; - if (is_start) { - op->op = GRPC_OP_SEND_INITIAL_METADATA; - op->data.send_initial_metadata.count = 0; - op++; - GPR_ASSERT(op - ops <= kHandshakerClientOpNum); - op->op = GRPC_OP_RECV_INITIAL_METADATA; - op->data.recv_initial_metadata.recv_initial_metadata = - &event->initial_metadata; - op++; - GPR_ASSERT(op - ops <= kHandshakerClientOpNum); - } - op->op = GRPC_OP_SEND_MESSAGE; - op->data.send_message.send_message = event->send_buffer; - op++; - GPR_ASSERT(op - ops <= kHandshakerClientOpNum); - op->op = GRPC_OP_RECV_MESSAGE; - op->data.recv_message.recv_message = &event->recv_buffer; - op++; - GPR_ASSERT(op - ops <= kHandshakerClientOpNum); - GPR_ASSERT(grpc_client->grpc_caller != nullptr); - if (grpc_client->grpc_caller(grpc_client->call, ops, - static_cast<size_t>(op - ops), - (void*)event) != GRPC_CALL_OK) { - gpr_log(GPR_ERROR, "Start batch operation failed"); - return TSI_INTERNAL_ERROR; - } - return TSI_OK; -} - -/* Create and populate a client_start handshaker request, then serialize it. */ -static grpc_byte_buffer* get_serialized_start_client(alts_tsi_event* event) { - bool ok = true; - grpc_gcp_handshaker_req* req = - grpc_gcp_handshaker_req_create(CLIENT_START_REQ); - ok &= grpc_gcp_handshaker_req_set_handshake_protocol( - req, grpc_gcp_HandshakeProtocol_ALTS); - ok &= grpc_gcp_handshaker_req_add_application_protocol( - req, ALTS_APPLICATION_PROTOCOL); - ok &= grpc_gcp_handshaker_req_add_record_protocol(req, ALTS_RECORD_PROTOCOL); - grpc_gcp_rpc_protocol_versions* versions = &event->options->rpc_versions; - ok &= grpc_gcp_handshaker_req_set_rpc_versions( - req, versions->max_rpc_version.major, versions->max_rpc_version.minor, - versions->min_rpc_version.major, versions->min_rpc_version.minor); - char* target_name = grpc_slice_to_c_string(event->target_name); - ok &= grpc_gcp_handshaker_req_set_target_name(req, target_name); - target_service_account* ptr = - (reinterpret_cast<grpc_alts_credentials_client_options*>(event->options)) - ->target_account_list_head; - while (ptr != nullptr) { - grpc_gcp_handshaker_req_add_target_identity_service_account(req, ptr->data); - ptr = ptr->next; - } - grpc_slice slice; - ok &= grpc_gcp_handshaker_req_encode(req, &slice); - grpc_byte_buffer* buffer = nullptr; - if (ok) { - buffer = grpc_raw_byte_buffer_create(&slice, 1 /* number of slices */); - } - grpc_slice_unref(slice); - gpr_free(target_name); - grpc_gcp_handshaker_req_destroy(req); - return buffer; -} - -static tsi_result handshaker_client_start_client(alts_handshaker_client* client, - alts_tsi_event* event) { - if (client == nullptr || event == nullptr) { - gpr_log(GPR_ERROR, - "Invalid arguments to alts_grpc_handshaker_client_start_client()"); - return TSI_INVALID_ARGUMENT; - } - grpc_byte_buffer* buffer = get_serialized_start_client(event); - if (buffer == nullptr) { - gpr_log(GPR_ERROR, "get_serialized_start_client() failed"); - return TSI_INTERNAL_ERROR; - } - event->send_buffer = buffer; - tsi_result result = make_grpc_call(client, event, true /* is_start */); - if (result != TSI_OK) { - gpr_log(GPR_ERROR, "make_grpc_call() failed"); - } - return result; -} - -/* Create and populate a start_server handshaker request, then serialize it. */ -static grpc_byte_buffer* get_serialized_start_server( - alts_tsi_event* event, grpc_slice* bytes_received) { - GPR_ASSERT(bytes_received != nullptr); - grpc_gcp_handshaker_req* req = - grpc_gcp_handshaker_req_create(SERVER_START_REQ); - bool ok = grpc_gcp_handshaker_req_add_application_protocol( - req, ALTS_APPLICATION_PROTOCOL); - ok &= grpc_gcp_handshaker_req_param_add_record_protocol( - req, grpc_gcp_HandshakeProtocol_ALTS, ALTS_RECORD_PROTOCOL); - ok &= grpc_gcp_handshaker_req_set_in_bytes( - req, reinterpret_cast<const char*> GRPC_SLICE_START_PTR(*bytes_received), - GRPC_SLICE_LENGTH(*bytes_received)); - grpc_gcp_rpc_protocol_versions* versions = &event->options->rpc_versions; - ok &= grpc_gcp_handshaker_req_set_rpc_versions( - req, versions->max_rpc_version.major, versions->max_rpc_version.minor, - versions->min_rpc_version.major, versions->min_rpc_version.minor); - grpc_slice req_slice; - ok &= grpc_gcp_handshaker_req_encode(req, &req_slice); - grpc_byte_buffer* buffer = nullptr; - if (ok) { - buffer = grpc_raw_byte_buffer_create(&req_slice, 1 /* number of slices */); - } - grpc_slice_unref(req_slice); - grpc_gcp_handshaker_req_destroy(req); - return buffer; -} - -static tsi_result handshaker_client_start_server(alts_handshaker_client* client, - alts_tsi_event* event, - grpc_slice* bytes_received) { - if (client == nullptr || event == nullptr || bytes_received == nullptr) { - gpr_log(GPR_ERROR, - "Invalid arguments to alts_grpc_handshaker_client_start_server()"); - return TSI_INVALID_ARGUMENT; - } - grpc_byte_buffer* buffer = get_serialized_start_server(event, bytes_received); - if (buffer == nullptr) { - gpr_log(GPR_ERROR, "get_serialized_start_server() failed"); - return TSI_INTERNAL_ERROR; - } - event->send_buffer = buffer; - tsi_result result = make_grpc_call(client, event, true /* is_start */); - if (result != TSI_OK) { - gpr_log(GPR_ERROR, "make_grpc_call() failed"); - } - return result; -} - -/* Create and populate a next handshaker request, then serialize it. */ -static grpc_byte_buffer* get_serialized_next(grpc_slice* bytes_received) { - GPR_ASSERT(bytes_received != nullptr); - grpc_gcp_handshaker_req* req = grpc_gcp_handshaker_req_create(NEXT_REQ); - bool ok = grpc_gcp_handshaker_req_set_in_bytes( - req, reinterpret_cast<const char*> GRPC_SLICE_START_PTR(*bytes_received), - GRPC_SLICE_LENGTH(*bytes_received)); - grpc_slice req_slice; - ok &= grpc_gcp_handshaker_req_encode(req, &req_slice); - grpc_byte_buffer* buffer = nullptr; - if (ok) { - buffer = grpc_raw_byte_buffer_create(&req_slice, 1 /* number of slices */); - } - grpc_slice_unref(req_slice); - grpc_gcp_handshaker_req_destroy(req); - return buffer; -} - -static tsi_result handshaker_client_next(alts_handshaker_client* client, - alts_tsi_event* event, - grpc_slice* bytes_received) { - if (client == nullptr || event == nullptr || bytes_received == nullptr) { - gpr_log(GPR_ERROR, - "Invalid arguments to alts_grpc_handshaker_client_next()"); - return TSI_INVALID_ARGUMENT; - } - grpc_byte_buffer* buffer = get_serialized_next(bytes_received); - if (buffer == nullptr) { - gpr_log(GPR_ERROR, "get_serialized_next() failed"); - return TSI_INTERNAL_ERROR; - } - event->send_buffer = buffer; - tsi_result result = make_grpc_call(client, event, false /* is_start */); - if (result != TSI_OK) { - gpr_log(GPR_ERROR, "make_grpc_call() failed"); - } - return result; -} - -static void handshaker_client_destruct(alts_handshaker_client* client) { - if (client == nullptr) { - return; - } - alts_grpc_handshaker_client* grpc_client = - reinterpret_cast<alts_grpc_handshaker_client*>(client); - grpc_call_unref(grpc_client->call); -} - -static const alts_handshaker_client_vtable vtable = { - handshaker_client_start_client, handshaker_client_start_server, - handshaker_client_next, handshaker_client_destruct}; - -alts_handshaker_client* alts_grpc_handshaker_client_create( - grpc_channel* channel, grpc_completion_queue* queue, - const char* handshaker_service_url) { - if (channel == nullptr || queue == nullptr || - handshaker_service_url == nullptr) { - gpr_log(GPR_ERROR, "Invalid arguments to alts_handshaker_client_create()"); - return nullptr; - } - alts_grpc_handshaker_client* client = - static_cast<alts_grpc_handshaker_client*>(gpr_zalloc(sizeof(*client))); - client->grpc_caller = grpc_start_batch; - grpc_slice slice = grpc_slice_from_copied_string(handshaker_service_url); - client->call = grpc_channel_create_call( - channel, nullptr, GRPC_PROPAGATE_DEFAULTS, queue, - grpc_slice_from_static_string(ALTS_SERVICE_METHOD), &slice, - gpr_inf_future(GPR_CLOCK_REALTIME), nullptr); - client->base.vtable = &vtable; - grpc_slice_unref(slice); - return &client->base; -} - -namespace grpc_core { -namespace internal { - -void alts_handshaker_client_set_grpc_caller_for_testing( - alts_handshaker_client* client, alts_grpc_caller caller) { - GPR_ASSERT(client != nullptr && caller != nullptr); - alts_grpc_handshaker_client* grpc_client = - reinterpret_cast<alts_grpc_handshaker_client*>(client); - grpc_client->grpc_caller = caller; -} - -} // namespace internal -} // namespace grpc_core - -tsi_result alts_handshaker_client_start_client(alts_handshaker_client* client, - alts_tsi_event* event) { - if (client != nullptr && client->vtable != nullptr && - client->vtable->client_start != nullptr) { - return client->vtable->client_start(client, event); - } - gpr_log(GPR_ERROR, - "client or client->vtable has not been initialized properly"); - return TSI_INVALID_ARGUMENT; -} - -tsi_result alts_handshaker_client_start_server(alts_handshaker_client* client, - alts_tsi_event* event, - grpc_slice* bytes_received) { - if (client != nullptr && client->vtable != nullptr && - client->vtable->server_start != nullptr) { - return client->vtable->server_start(client, event, bytes_received); - } - gpr_log(GPR_ERROR, - "client or client->vtable has not been initialized properly"); - return TSI_INVALID_ARGUMENT; -} - -tsi_result alts_handshaker_client_next(alts_handshaker_client* client, - alts_tsi_event* event, - grpc_slice* bytes_received) { - if (client != nullptr && client->vtable != nullptr && - client->vtable->next != nullptr) { - return client->vtable->next(client, event, bytes_received); - } - gpr_log(GPR_ERROR, - "client or client->vtable has not been initialized properly"); - return TSI_INVALID_ARGUMENT; -} - -void alts_handshaker_client_destroy(alts_handshaker_client* client) { - if (client != nullptr) { - if (client->vtable != nullptr && client->vtable->destruct != nullptr) { - client->vtable->destruct(client); - } - gpr_free(client); - } -} diff --git a/src/core/tsi/alts/handshaker/alts_handshaker_client.h b/src/core/tsi/alts/handshaker/alts_handshaker_client.h deleted file mode 100644 index fb2d2cf68e..0000000000 --- a/src/core/tsi/alts/handshaker/alts_handshaker_client.h +++ /dev/null @@ -1,137 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef GRPC_CORE_TSI_ALTS_HANDSHAKER_ALTS_HANDSHAKER_CLIENT_H -#define GRPC_CORE_TSI_ALTS_HANDSHAKER_ALTS_HANDSHAKER_CLIENT_H - -#include <grpc/support/port_platform.h> - -#include <grpc/grpc.h> - -#include "src/core/tsi/alts/handshaker/alts_tsi_event.h" - -#define ALTS_SERVICE_METHOD "/grpc.gcp.HandshakerService/DoHandshake" -#define ALTS_APPLICATION_PROTOCOL "grpc" -#define ALTS_RECORD_PROTOCOL "ALTSRP_GCM_AES128_REKEY" - -const size_t kAltsAes128GcmRekeyKeyLength = 44; - -/** - * A ALTS handshaker client interface. It is used to communicate with - * ALTS handshaker service by scheduling a handshaker request that could be one - * of client_start, server_start, and next handshaker requests. All APIs in the - * header are thread-compatible. - */ -typedef struct alts_handshaker_client alts_handshaker_client; - -/* A function that makes the grpc call to the handshaker service. */ -typedef grpc_call_error (*alts_grpc_caller)(grpc_call* call, const grpc_op* ops, - size_t nops, void* tag); - -/* V-table for ALTS handshaker client operations. */ -typedef struct alts_handshaker_client_vtable { - tsi_result (*client_start)(alts_handshaker_client* client, - alts_tsi_event* event); - tsi_result (*server_start)(alts_handshaker_client* client, - alts_tsi_event* event, grpc_slice* bytes_received); - tsi_result (*next)(alts_handshaker_client* client, alts_tsi_event* event, - grpc_slice* bytes_received); - void (*destruct)(alts_handshaker_client* client); -} alts_handshaker_client_vtable; - -struct alts_handshaker_client { - const alts_handshaker_client_vtable* vtable; -}; - -/** - * This method schedules a client_start handshaker request to ALTS handshaker - * service. - * - * - client: ALTS handshaker client instance. - * - event: ALTS TSI event instance. - * - * It returns TSI_OK on success and an error status code on failure. - */ -tsi_result alts_handshaker_client_start_client(alts_handshaker_client* client, - alts_tsi_event* event); - -/** - * This method schedules a server_start handshaker request to ALTS handshaker - * service. - * - * - client: ALTS handshaker client instance. - * - event: ALTS TSI event instance. - * - bytes_received: bytes in out_frames returned from the peer's handshaker - * response. - * - * It returns TSI_OK on success and an error status code on failure. - */ -tsi_result alts_handshaker_client_start_server(alts_handshaker_client* client, - alts_tsi_event* event, - grpc_slice* bytes_received); - -/** - * This method schedules a next handshaker request to ALTS handshaker service. - * - * - client: ALTS handshaker client instance. - * - event: ALTS TSI event instance. - * - bytes_received: bytes in out_frames returned from the peer's handshaker - * response. - * - * It returns TSI_OK on success and an error status code on failure. - */ -tsi_result alts_handshaker_client_next(alts_handshaker_client* client, - alts_tsi_event* event, - grpc_slice* bytes_received); - -/** - * This method destroys a ALTS handshaker client. - * - * - client: a ALTS handshaker client instance. - */ -void alts_handshaker_client_destroy(alts_handshaker_client* client); - -/** - * This method creates a ALTS handshaker client. - * - * - channel: grpc channel to ALTS handshaker service. - * - queue: grpc completion queue. - * - handshaker_service_url: address of ALTS handshaker service in the format of - * "host:port". - * - * It returns the created ALTS handshaker client on success, and NULL on - * failure. - */ -alts_handshaker_client* alts_grpc_handshaker_client_create( - grpc_channel* channel, grpc_completion_queue* queue, - const char* handshaker_service_url); - -namespace grpc_core { -namespace internal { - -/** - * Unsafe, use for testing only. It allows the caller to change the way that - * GRPC calls are made to the handshaker service. - */ -void alts_handshaker_client_set_grpc_caller_for_testing( - alts_handshaker_client* client, alts_grpc_caller caller); - -} // namespace internal -} // namespace grpc_core - -#endif /* GRPC_CORE_TSI_ALTS_HANDSHAKER_ALTS_HANDSHAKER_CLIENT_H */ diff --git a/src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc b/src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc deleted file mode 100644 index 256e414ae4..0000000000 --- a/src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc +++ /dev/null @@ -1,520 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <grpc/support/port_platform.h> - -#include "src/core/tsi/alts/handshaker/alts_handshaker_service_api.h" - -#include <stdio.h> -#include <stdlib.h> - -#include "src/core/tsi/alts/handshaker/transport_security_common_api.h" - -/* HandshakerReq */ -grpc_gcp_handshaker_req* grpc_gcp_handshaker_req_create( - grpc_gcp_handshaker_req_type type) { - grpc_gcp_handshaker_req* req = - static_cast<grpc_gcp_handshaker_req*>(gpr_zalloc(sizeof(*req))); - switch (type) { - case CLIENT_START_REQ: - req->has_client_start = true; - break; - case SERVER_START_REQ: - req->has_server_start = true; - break; - case NEXT_REQ: - req->has_next = true; - break; - } - return req; -} - -void grpc_gcp_handshaker_req_destroy(grpc_gcp_handshaker_req* req) { - if (req == nullptr) { - return; - } - if (req->has_client_start) { - /* Destroy client_start request. */ - destroy_repeated_field_list_identity( - static_cast<repeated_field*>(req->client_start.target_identities.arg)); - destroy_repeated_field_list_string(static_cast<repeated_field*>( - req->client_start.application_protocols.arg)); - destroy_repeated_field_list_string( - static_cast<repeated_field*>(req->client_start.record_protocols.arg)); - if (req->client_start.has_local_identity) { - destroy_slice(static_cast<grpc_slice*>( - req->client_start.local_identity.hostname.arg)); - destroy_slice(static_cast<grpc_slice*>( - req->client_start.local_identity.service_account.arg)); - } - if (req->client_start.has_local_endpoint) { - destroy_slice(static_cast<grpc_slice*>( - req->client_start.local_endpoint.ip_address.arg)); - } - if (req->client_start.has_remote_endpoint) { - destroy_slice(static_cast<grpc_slice*>( - req->client_start.remote_endpoint.ip_address.arg)); - } - destroy_slice(static_cast<grpc_slice*>(req->client_start.target_name.arg)); - } else if (req->has_server_start) { - /* Destroy server_start request. */ - size_t i = 0; - for (i = 0; i < req->server_start.handshake_parameters_count; i++) { - destroy_repeated_field_list_identity( - static_cast<repeated_field*>(req->server_start.handshake_parameters[i] - .value.local_identities.arg)); - destroy_repeated_field_list_string( - static_cast<repeated_field*>(req->server_start.handshake_parameters[i] - .value.record_protocols.arg)); - } - destroy_repeated_field_list_string(static_cast<repeated_field*>( - req->server_start.application_protocols.arg)); - if (req->server_start.has_local_endpoint) { - destroy_slice(static_cast<grpc_slice*>( - req->server_start.local_endpoint.ip_address.arg)); - } - if (req->server_start.has_remote_endpoint) { - destroy_slice(static_cast<grpc_slice*>( - req->server_start.remote_endpoint.ip_address.arg)); - } - destroy_slice(static_cast<grpc_slice*>(req->server_start.in_bytes.arg)); - } else { - /* Destroy next request. */ - destroy_slice(static_cast<grpc_slice*>(req->next.in_bytes.arg)); - } - gpr_free(req); -} - -bool grpc_gcp_handshaker_req_set_handshake_protocol( - grpc_gcp_handshaker_req* req, - grpc_gcp_handshake_protocol handshake_protocol) { - if (req == nullptr || !req->has_client_start) { - gpr_log(GPR_ERROR, - "Invalid arguments to " - "grpc_gcp_handshaker_req_set_handshake_protocol()."); - return false; - } - req->client_start.has_handshake_security_protocol = true; - req->client_start.handshake_security_protocol = handshake_protocol; - return true; -} - -bool grpc_gcp_handshaker_req_set_target_name(grpc_gcp_handshaker_req* req, - const char* target_name) { - if (req == nullptr || target_name == nullptr || !req->has_client_start) { - gpr_log(GPR_ERROR, - "Invalid arguments to " - "grpc_gcp_handshaker_req_set_target_name()."); - return false; - } - grpc_slice* slice = create_slice(target_name, strlen(target_name)); - req->client_start.target_name.arg = slice; - req->client_start.target_name.funcs.encode = encode_string_or_bytes_cb; - return true; -} - -bool grpc_gcp_handshaker_req_add_application_protocol( - grpc_gcp_handshaker_req* req, const char* application_protocol) { - if (req == nullptr || application_protocol == nullptr || req->has_next) { - gpr_log(GPR_ERROR, - "Invalid arguments to " - "grpc_gcp_handshaker_req_add_application_protocol()."); - return false; - } - grpc_slice* slice = - create_slice(application_protocol, strlen(application_protocol)); - if (req->has_client_start) { - add_repeated_field(reinterpret_cast<repeated_field**>( - &req->client_start.application_protocols.arg), - slice); - req->client_start.application_protocols.funcs.encode = - encode_repeated_string_cb; - } else { - add_repeated_field(reinterpret_cast<repeated_field**>( - &req->server_start.application_protocols.arg), - slice); - req->server_start.application_protocols.funcs.encode = - encode_repeated_string_cb; - } - return true; -} - -bool grpc_gcp_handshaker_req_add_record_protocol(grpc_gcp_handshaker_req* req, - const char* record_protocol) { - if (req == nullptr || record_protocol == nullptr || !req->has_client_start) { - gpr_log(GPR_ERROR, - "Invalid arguments to " - "grpc_gcp_handshaker_req_add_record_protocol()."); - return false; - } - grpc_slice* slice = create_slice(record_protocol, strlen(record_protocol)); - add_repeated_field(reinterpret_cast<repeated_field**>( - &req->client_start.record_protocols.arg), - slice); - req->client_start.record_protocols.funcs.encode = encode_repeated_string_cb; - return true; -} - -static void set_identity_hostname(grpc_gcp_identity* identity, - const char* hostname) { - grpc_slice* slice = create_slice(hostname, strlen(hostname)); - identity->hostname.arg = slice; - identity->hostname.funcs.encode = encode_string_or_bytes_cb; -} - -static void set_identity_service_account(grpc_gcp_identity* identity, - const char* service_account) { - grpc_slice* slice = create_slice(service_account, strlen(service_account)); - identity->service_account.arg = slice; - identity->service_account.funcs.encode = encode_string_or_bytes_cb; -} - -bool grpc_gcp_handshaker_req_add_target_identity_hostname( - grpc_gcp_handshaker_req* req, const char* hostname) { - if (req == nullptr || hostname == nullptr || !req->has_client_start) { - gpr_log(GPR_ERROR, - "Invalid nullptr arguments to " - "grpc_gcp_handshaker_req_add_target_identity_hostname()."); - return false; - } - grpc_gcp_identity* target_identity = - static_cast<grpc_gcp_identity*>(gpr_zalloc(sizeof(*target_identity))); - set_identity_hostname(target_identity, hostname); - req->client_start.target_identities.funcs.encode = - encode_repeated_identity_cb; - add_repeated_field(reinterpret_cast<repeated_field**>( - &req->client_start.target_identities.arg), - target_identity); - return true; -} - -bool grpc_gcp_handshaker_req_add_target_identity_service_account( - grpc_gcp_handshaker_req* req, const char* service_account) { - if (req == nullptr || service_account == nullptr || !req->has_client_start) { - gpr_log(GPR_ERROR, - "Invalid nullptr arguments to " - "grpc_gcp_handshaker_req_add_target_identity_service_account()."); - return false; - } - grpc_gcp_identity* target_identity = - static_cast<grpc_gcp_identity*>(gpr_zalloc(sizeof(*target_identity))); - set_identity_service_account(target_identity, service_account); - req->client_start.target_identities.funcs.encode = - encode_repeated_identity_cb; - add_repeated_field(reinterpret_cast<repeated_field**>( - &req->client_start.target_identities.arg), - target_identity); - return true; -} - -bool grpc_gcp_handshaker_req_set_local_identity_hostname( - grpc_gcp_handshaker_req* req, const char* hostname) { - if (req == nullptr || hostname == nullptr || !req->has_client_start) { - gpr_log(GPR_ERROR, - "Invalid nullptr arguments to " - "grpc_gcp_handshaker_req_set_local_identity_hostname()."); - return false; - } - req->client_start.has_local_identity = true; - set_identity_hostname(&req->client_start.local_identity, hostname); - return true; -} - -bool grpc_gcp_handshaker_req_set_local_identity_service_account( - grpc_gcp_handshaker_req* req, const char* service_account) { - if (req == nullptr || service_account == nullptr || !req->has_client_start) { - gpr_log(GPR_ERROR, - "Invalid nullptr arguments to " - "grpc_gcp_handshaker_req_set_local_identity_service_account()."); - return false; - } - req->client_start.has_local_identity = true; - set_identity_service_account(&req->client_start.local_identity, - service_account); - return true; -} - -static void set_endpoint(grpc_gcp_endpoint* endpoint, const char* ip_address, - size_t port, grpc_gcp_network_protocol protocol) { - grpc_slice* slice = create_slice(ip_address, strlen(ip_address)); - endpoint->ip_address.arg = slice; - endpoint->ip_address.funcs.encode = encode_string_or_bytes_cb; - endpoint->has_port = true; - endpoint->port = static_cast<int32_t>(port); - endpoint->has_protocol = true; - endpoint->protocol = protocol; -} - -bool grpc_gcp_handshaker_req_set_rpc_versions(grpc_gcp_handshaker_req* req, - uint32_t max_major, - uint32_t max_minor, - uint32_t min_major, - uint32_t min_minor) { - if (req == nullptr || req->has_next) { - gpr_log(GPR_ERROR, - "Invalid arguments to " - "grpc_gcp_handshaker_req_set_rpc_versions()."); - return false; - } - if (req->has_client_start) { - req->client_start.has_rpc_versions = true; - grpc_gcp_rpc_protocol_versions_set_max(&req->client_start.rpc_versions, - max_major, max_minor); - grpc_gcp_rpc_protocol_versions_set_min(&req->client_start.rpc_versions, - min_major, min_minor); - } else { - req->server_start.has_rpc_versions = true; - grpc_gcp_rpc_protocol_versions_set_max(&req->server_start.rpc_versions, - max_major, max_minor); - grpc_gcp_rpc_protocol_versions_set_min(&req->server_start.rpc_versions, - min_major, min_minor); - } - return true; -} - -bool grpc_gcp_handshaker_req_set_local_endpoint( - grpc_gcp_handshaker_req* req, const char* ip_address, size_t port, - grpc_gcp_network_protocol protocol) { - if (req == nullptr || ip_address == nullptr || port > 65535 || - req->has_next) { - gpr_log(GPR_ERROR, - "Invalid arguments to " - "grpc_gcp_handshaker_req_set_local_endpoint()."); - return false; - } - if (req->has_client_start) { - req->client_start.has_local_endpoint = true; - set_endpoint(&req->client_start.local_endpoint, ip_address, port, protocol); - } else { - req->server_start.has_local_endpoint = true; - set_endpoint(&req->server_start.local_endpoint, ip_address, port, protocol); - } - return true; -} - -bool grpc_gcp_handshaker_req_set_remote_endpoint( - grpc_gcp_handshaker_req* req, const char* ip_address, size_t port, - grpc_gcp_network_protocol protocol) { - if (req == nullptr || ip_address == nullptr || port > 65535 || - req->has_next) { - gpr_log(GPR_ERROR, - "Invalid arguments to " - "grpc_gcp_handshaker_req_set_remote_endpoint()."); - return false; - } - if (req->has_client_start) { - req->client_start.has_remote_endpoint = true; - set_endpoint(&req->client_start.remote_endpoint, ip_address, port, - protocol); - } else { - req->server_start.has_remote_endpoint = true; - set_endpoint(&req->server_start.remote_endpoint, ip_address, port, - protocol); - } - return true; -} - -bool grpc_gcp_handshaker_req_set_in_bytes(grpc_gcp_handshaker_req* req, - const char* in_bytes, size_t size) { - if (req == nullptr || in_bytes == nullptr || req->has_client_start) { - gpr_log(GPR_ERROR, - "Invalid arguments to " - "grpc_gcp_handshaker_req_set_in_bytes()."); - return false; - } - grpc_slice* slice = create_slice(in_bytes, size); - if (req->has_next) { - req->next.in_bytes.arg = slice; - req->next.in_bytes.funcs.encode = &encode_string_or_bytes_cb; - } else { - req->server_start.in_bytes.arg = slice; - req->server_start.in_bytes.funcs.encode = &encode_string_or_bytes_cb; - } - return true; -} - -static grpc_gcp_server_handshake_parameters* server_start_find_param( - grpc_gcp_handshaker_req* req, int32_t key) { - size_t i = 0; - for (i = 0; i < req->server_start.handshake_parameters_count; i++) { - if (req->server_start.handshake_parameters[i].key == key) { - return &req->server_start.handshake_parameters[i].value; - } - } - req->server_start - .handshake_parameters[req->server_start.handshake_parameters_count] - .has_key = true; - req->server_start - .handshake_parameters[req->server_start.handshake_parameters_count] - .has_value = true; - req->server_start - .handshake_parameters[req->server_start.handshake_parameters_count++] - .key = key; - return &req->server_start - .handshake_parameters - [req->server_start.handshake_parameters_count - 1] - .value; -} - -bool grpc_gcp_handshaker_req_param_add_record_protocol( - grpc_gcp_handshaker_req* req, grpc_gcp_handshake_protocol key, - const char* record_protocol) { - if (req == nullptr || record_protocol == nullptr || !req->has_server_start) { - gpr_log(GPR_ERROR, - "Invalid arguments to " - "grpc_gcp_handshaker_req_param_add_record_protocol()."); - return false; - } - grpc_gcp_server_handshake_parameters* param = - server_start_find_param(req, key); - grpc_slice* slice = create_slice(record_protocol, strlen(record_protocol)); - add_repeated_field( - reinterpret_cast<repeated_field**>(¶m->record_protocols.arg), slice); - param->record_protocols.funcs.encode = &encode_repeated_string_cb; - return true; -} - -bool grpc_gcp_handshaker_req_param_add_local_identity_hostname( - grpc_gcp_handshaker_req* req, grpc_gcp_handshake_protocol key, - const char* hostname) { - if (req == nullptr || hostname == nullptr || !req->has_server_start) { - gpr_log(GPR_ERROR, - "Invalid arguments to " - "grpc_gcp_handshaker_req_param_add_local_identity_hostname()."); - return false; - } - grpc_gcp_server_handshake_parameters* param = - server_start_find_param(req, key); - grpc_gcp_identity* local_identity = - static_cast<grpc_gcp_identity*>(gpr_zalloc(sizeof(*local_identity))); - set_identity_hostname(local_identity, hostname); - add_repeated_field( - reinterpret_cast<repeated_field**>(¶m->local_identities.arg), - local_identity); - param->local_identities.funcs.encode = &encode_repeated_identity_cb; - return true; -} - -bool grpc_gcp_handshaker_req_param_add_local_identity_service_account( - grpc_gcp_handshaker_req* req, grpc_gcp_handshake_protocol key, - const char* service_account) { - if (req == nullptr || service_account == nullptr || !req->has_server_start) { - gpr_log( - GPR_ERROR, - "Invalid arguments to " - "grpc_gcp_handshaker_req_param_add_local_identity_service_account()."); - return false; - } - grpc_gcp_server_handshake_parameters* param = - server_start_find_param(req, key); - grpc_gcp_identity* local_identity = - static_cast<grpc_gcp_identity*>(gpr_zalloc(sizeof(*local_identity))); - set_identity_service_account(local_identity, service_account); - add_repeated_field( - reinterpret_cast<repeated_field**>(¶m->local_identities.arg), - local_identity); - param->local_identities.funcs.encode = &encode_repeated_identity_cb; - return true; -} - -bool grpc_gcp_handshaker_req_encode(grpc_gcp_handshaker_req* req, - grpc_slice* slice) { - if (req == nullptr || slice == nullptr) { - gpr_log(GPR_ERROR, - "Invalid nullptr arguments to grpc_gcp_handshaker_req_encode()."); - return false; - } - pb_ostream_t size_stream; - memset(&size_stream, 0, sizeof(pb_ostream_t)); - if (!pb_encode(&size_stream, grpc_gcp_HandshakerReq_fields, req)) { - gpr_log(GPR_ERROR, "nanopb error: %s", PB_GET_ERROR(&size_stream)); - return false; - } - size_t encoded_length = size_stream.bytes_written; - *slice = grpc_slice_malloc(encoded_length); - pb_ostream_t output_stream = - pb_ostream_from_buffer(GRPC_SLICE_START_PTR(*slice), encoded_length); - if (!pb_encode(&output_stream, grpc_gcp_HandshakerReq_fields, req) != 0) { - gpr_log(GPR_ERROR, "nanopb error: %s", PB_GET_ERROR(&output_stream)); - return false; - } - return true; -} - -/* HandshakerResp. */ -grpc_gcp_handshaker_resp* grpc_gcp_handshaker_resp_create(void) { - grpc_gcp_handshaker_resp* resp = - static_cast<grpc_gcp_handshaker_resp*>(gpr_zalloc(sizeof(*resp))); - return resp; -} - -void grpc_gcp_handshaker_resp_destroy(grpc_gcp_handshaker_resp* resp) { - if (resp != nullptr) { - destroy_slice(static_cast<grpc_slice*>(resp->out_frames.arg)); - if (resp->has_status) { - destroy_slice(static_cast<grpc_slice*>(resp->status.details.arg)); - } - if (resp->has_result) { - destroy_slice( - static_cast<grpc_slice*>(resp->result.application_protocol.arg)); - destroy_slice(static_cast<grpc_slice*>(resp->result.record_protocol.arg)); - destroy_slice(static_cast<grpc_slice*>(resp->result.key_data.arg)); - if (resp->result.has_local_identity) { - destroy_slice( - static_cast<grpc_slice*>(resp->result.local_identity.hostname.arg)); - destroy_slice(static_cast<grpc_slice*>( - resp->result.local_identity.service_account.arg)); - } - if (resp->result.has_peer_identity) { - destroy_slice( - static_cast<grpc_slice*>(resp->result.peer_identity.hostname.arg)); - destroy_slice(static_cast<grpc_slice*>( - resp->result.peer_identity.service_account.arg)); - } - } - gpr_free(resp); - } -} - -bool grpc_gcp_handshaker_resp_decode(grpc_slice encoded_handshaker_resp, - grpc_gcp_handshaker_resp* resp) { - if (resp == nullptr) { - gpr_log(GPR_ERROR, - "Invalid nullptr argument to grpc_gcp_handshaker_resp_decode()."); - return false; - } - pb_istream_t stream = - pb_istream_from_buffer(GRPC_SLICE_START_PTR(encoded_handshaker_resp), - GRPC_SLICE_LENGTH(encoded_handshaker_resp)); - resp->out_frames.funcs.decode = decode_string_or_bytes_cb; - resp->status.details.funcs.decode = decode_string_or_bytes_cb; - resp->result.application_protocol.funcs.decode = decode_string_or_bytes_cb; - resp->result.record_protocol.funcs.decode = decode_string_or_bytes_cb; - resp->result.key_data.funcs.decode = decode_string_or_bytes_cb; - resp->result.peer_identity.hostname.funcs.decode = decode_string_or_bytes_cb; - resp->result.peer_identity.service_account.funcs.decode = - decode_string_or_bytes_cb; - resp->result.local_identity.hostname.funcs.decode = decode_string_or_bytes_cb; - resp->result.local_identity.service_account.funcs.decode = - decode_string_or_bytes_cb; - if (!pb_decode(&stream, grpc_gcp_HandshakerResp_fields, resp)) { - gpr_log(GPR_ERROR, "nanopb error: %s", PB_GET_ERROR(&stream)); - return false; - } - return true; -} diff --git a/src/core/tsi/alts/handshaker/alts_handshaker_service_api.h b/src/core/tsi/alts/handshaker/alts_handshaker_service_api.h deleted file mode 100644 index 5df56a86fa..0000000000 --- a/src/core/tsi/alts/handshaker/alts_handshaker_service_api.h +++ /dev/null @@ -1,323 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef GRPC_CORE_TSI_ALTS_HANDSHAKER_ALTS_HANDSHAKER_SERVICE_API_H -#define GRPC_CORE_TSI_ALTS_HANDSHAKER_ALTS_HANDSHAKER_SERVICE_API_H - -#include <grpc/support/port_platform.h> - -#include "src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h" - -/** - * An implementation of nanopb thin wrapper used to set/get and - * serialize/de-serialize of ALTS handshake requests and responses. - * - * All APIs in the header are thread-compatible. A typical usage of this API at - * the client side is as follows: - * - * ----------------------------------------------------------------------------- - * // Create, populate, and serialize an ALTS client_start handshake request to - * // send to the server. - * grpc_gcp_handshaker_req* req = - * grpc_gcp_handshaker_req_create(CLIENT_START_REQ); - * grpc_gcp_handshaker_req_set_handshake_protocol( - req, grpc_gcp_HandshakeProtocol_ALTS); - * grpc_gcp_handshaker_req_add_application_protocol(req, "grpc"); - * grpc_gcp_handshaker_req_add_record_protocol(req, "ALTSRP_GCM_AES128"); - * grpc_slice client_slice; - * if (!grpc_gcp_handshaker_req_encode(req, &client_slice)) { - * fprintf(stderr, "ALTS handshake request encoding failed."; - * } - * - * // De-serialize a data stream received from the server, and store the result - * // at ALTS handshake response. - * grpc_gcp_handshaker_resp* resp = grpc_gcp_handshaker_resp_create(); - * if (!grpc_gcp_handshaker_resp_decode(server_slice, resp)) { - * fprintf(stderr, "ALTS handshake response decoding failed."); - * } - * // To access a variable-length datatype field (i.e., pb_callback_t), - * // access its "arg" subfield (if it has been set). - * if (resp->out_frames.arg != nullptr) { - * grpc_slice* slice = resp->out_frames.arg; - * } - * // To access a fixed-length datatype field (i.e., not pb_calback_t), - * // access the field directly (if it has been set). - * if (resp->has_status && resp->status->has_code) { - * uint32_t code = resp->status->code; - * } - *------------------------------------------------------------------------------ - */ - -/** - * This method creates an ALTS handshake request. - * - * - type: an enum type value that can be either CLIENT_START_REQ, - * SERVER_START_REQ, or NEXT_REQ to indicate the created instance will be - * client_start, server_start, and next handshake request message - * respectively. - * - * The method returns a pointer to the created instance. - */ -grpc_gcp_handshaker_req* grpc_gcp_handshaker_req_create( - grpc_gcp_handshaker_req_type type); - -/** - * This method sets the value for handshake_security_protocol field of ALTS - * client_start handshake request. - * - * - req: an ALTS handshake request. - * - handshake_protocol: a enum type value representing the handshake security - * protocol. - * - * The method returns true on success and false otherwise. - */ -bool grpc_gcp_handshaker_req_set_handshake_protocol( - grpc_gcp_handshaker_req* req, - grpc_gcp_handshake_protocol handshake_protocol); - -/** - * This method sets the value for target_name field of ALTS client_start - * handshake request. - * - * - req: an ALTS handshake request. - * - target_name: a target name to be set. - * - * The method returns true on success and false otherwise. - */ -bool grpc_gcp_handshaker_req_set_target_name(grpc_gcp_handshaker_req* req, - const char* target_name); - -/** - * This method adds an application protocol supported by the server (or - * client) to ALTS server_start (or client_start) handshake request. - * - * - req: an ALTS handshake request. - * - application_protocol: an application protocol (e.g., grpc) to be added. - * - * The method returns true on success and false otherwise. - */ -bool grpc_gcp_handshaker_req_add_application_protocol( - grpc_gcp_handshaker_req* req, const char* application_protocol); - -/** - * This method adds a record protocol supported by the client to ALTS - * client_start handshake request. - * - * - req: an ALTS handshake request. - * - record_protocol: a record protocol (e.g., ALTSRP_GCM_AES128) to be - * added. - * - * The method returns true on success and false otherwise. - */ -bool grpc_gcp_handshaker_req_add_record_protocol(grpc_gcp_handshaker_req* req, - const char* record_protocol); - -/** - * This method adds a target server identity represented as hostname and - * acceptable by a client to ALTS client_start handshake request. - * - * - req: an ALTS handshake request. - * - hostname: a string representation of hostname at the connection - * endpoint to be added. - * - * The method returns true on success and false otherwise. - */ -bool grpc_gcp_handshaker_req_add_target_identity_hostname( - grpc_gcp_handshaker_req* req, const char* hostname); - -/** - * This method adds a target server identity represented as service account and - * acceptable by a client to ALTS client_start handshake request. - * - * - req: an ALTS handshake request. - * - service_account: a string representation of service account at the - * connection endpoint to be added. - * - * The method returns true on success and false otherwise. - */ -bool grpc_gcp_handshaker_req_add_target_identity_service_account( - grpc_gcp_handshaker_req* req, const char* service_account); - -/** - * This method sets the hostname for local_identity field of ALTS client_start - * handshake request. - * - * - req: an ALTS handshake request. - * - hostname: a string representation of hostname. - * - * The method returns true on success and false otherwise. - */ -bool grpc_gcp_handshaker_req_set_local_identity_hostname( - grpc_gcp_handshaker_req* req, const char* hostname); - -/** - * This method sets the service account for local_identity field of ALTS - * client_start handshake request. - * - * - req: an ALTS handshake request. - * - service_account: a string representation of service account. - * - * The method returns true on success and false otherwise. - */ -bool grpc_gcp_handshaker_req_set_local_identity_service_account( - grpc_gcp_handshaker_req* req, const char* service_account); - -/** - * This method sets the value for local_endpoint field of either ALTS - * client_start or server_start handshake request. - * - * - req: an ALTS handshake request. - * - ip_address: a string representation of ip address associated with the - * local endpoint, that could be either IPv4 or IPv6. - * - port: a port number associated with the local endpoint. - * - protocol: a network protocol (e.g., TCP or UDP) associated with the - * local endpoint. - * - * The method returns true on success and false otherwise. - */ -bool grpc_gcp_handshaker_req_set_local_endpoint( - grpc_gcp_handshaker_req* req, const char* ip_address, size_t port, - grpc_gcp_network_protocol protocol); - -/** - * This method sets the value for remote_endpoint field of either ALTS - * client_start or server_start handshake request. - * - * - req: an ALTS handshake request. - * - ip_address: a string representation of ip address associated with the - * remote endpoint, that could be either IPv4 or IPv6. - * - port: a port number associated with the remote endpoint. - * - protocol: a network protocol (e.g., TCP or UDP) associated with the - * remote endpoint. - * - * The method returns true on success and false otherwise. - */ -bool grpc_gcp_handshaker_req_set_remote_endpoint( - grpc_gcp_handshaker_req* req, const char* ip_address, size_t port, - grpc_gcp_network_protocol protocol); - -/** - * This method sets the value for in_bytes field of either ALTS server_start or - * next handshake request. - * - * - req: an ALTS handshake request. - * - in_bytes: a buffer containing bytes taken from out_frames of the peer's - * ALTS handshake response. It is possible that the peer's out_frames are - * split into multiple handshake request messages. - * - size: size of in_bytes buffer. - * - * The method returns true on success and false otherwise. - */ -bool grpc_gcp_handshaker_req_set_in_bytes(grpc_gcp_handshaker_req* req, - const char* in_bytes, size_t size); - -/** - * This method adds a record protocol to handshake parameters mapped by the - * handshake protocol for ALTS server_start handshake request. - * - * - req: an ALTS handshake request. - * - key: an enum type value representing a handshake security protocol. - * - record_protocol: a record protocol to be added. - * - * The method returns true on success and false otherwise. - */ -bool grpc_gcp_handshaker_req_param_add_record_protocol( - grpc_gcp_handshaker_req* req, grpc_gcp_handshake_protocol key, - const char* record_protocol); - -/** - * This method adds a local identity represented as hostname to handshake - * parameters mapped by the handshake protocol for ALTS server_start handshake - * request. - * - * - req: an ALTS handshake request. - * - key: an enum type value representing a handshake security protocol. - * - hostname: a string representation of hostname to be added. - * - * The method returns true on success and false otherwise. - */ -bool grpc_gcp_handshaker_req_param_add_local_identity_hostname( - grpc_gcp_handshaker_req* req, grpc_gcp_handshake_protocol key, - const char* hostname); - -/** - * This method adds a local identity represented as service account to handshake - * parameters mapped by the handshake protocol for ALTS server_start handshake - * request. - * - * - req: an ALTS handshake request. - * - key: an enum type value representing a handshake security protocol. - * - service_account: a string representation of service account to be added. - * - * The method returns true on success and false otherwise. - */ -bool grpc_gcp_handshaker_req_param_add_local_identity_service_account( - grpc_gcp_handshaker_req* req, grpc_gcp_handshake_protocol key, - const char* service_account); - -/** - * This method sets the value for rpc_versions field of either ALTS - * client_start or server_start handshake request. - * - * - req: an ALTS handshake request. - * - max_major: a major version of maximum supported RPC version. - * - max_minor: a minor version of maximum supported RPC version. - * - min_major: a major version of minimum supported RPC version. - * - min_minor: a minor version of minimum supported RPC version. - * - * The method returns true on success and false otherwise. - */ -bool grpc_gcp_handshaker_req_set_rpc_versions(grpc_gcp_handshaker_req* req, - uint32_t max_major, - uint32_t max_minor, - uint32_t min_major, - uint32_t min_minor); - -/** - * This method serializes an ALTS handshake request and returns a data stream. - * - * - req: an ALTS handshake request. - * - slice: a data stream where the serialized result will be written. - * - * The method returns true on success and false otherwise. - */ -bool grpc_gcp_handshaker_req_encode(grpc_gcp_handshaker_req* req, - grpc_slice* slice); - -/* This method destroys an ALTS handshake request. */ -void grpc_gcp_handshaker_req_destroy(grpc_gcp_handshaker_req* req); - -/* This method creates an ALTS handshake response. */ -grpc_gcp_handshaker_resp* grpc_gcp_handshaker_resp_create(void); - -/** - * This method de-serializes a data stream and stores the result - * in an ALTS handshake response. - * - * - slice: a data stream containing a serialized ALTS handshake response. - * - resp: an ALTS handshake response used to hold de-serialized result. - * - * The method returns true on success and false otherwise. - */ -bool grpc_gcp_handshaker_resp_decode(grpc_slice slice, - grpc_gcp_handshaker_resp* resp); - -/* This method destroys an ALTS handshake response. */ -void grpc_gcp_handshaker_resp_destroy(grpc_gcp_handshaker_resp* resp); - -#endif /* GRPC_CORE_TSI_ALTS_HANDSHAKER_ALTS_HANDSHAKER_SERVICE_API_H */ diff --git a/src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc b/src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc deleted file mode 100644 index e0e4184686..0000000000 --- a/src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc +++ /dev/null @@ -1,143 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <grpc/support/port_platform.h> - -#include "src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h" - -void add_repeated_field(repeated_field** head, const void* data) { - repeated_field* field = - static_cast<repeated_field*>(gpr_zalloc(sizeof(*field))); - field->data = data; - if (*head == nullptr) { - *head = field; - (*head)->next = nullptr; - } else { - field->next = *head; - *head = field; - } -} - -void destroy_repeated_field_list_identity(repeated_field* head) { - repeated_field* field = head; - while (field != nullptr) { - repeated_field* next_field = field->next; - const grpc_gcp_identity* identity = - static_cast<const grpc_gcp_identity*>(field->data); - destroy_slice(static_cast<grpc_slice*>(identity->hostname.arg)); - destroy_slice(static_cast<grpc_slice*>(identity->service_account.arg)); - gpr_free((void*)identity); - gpr_free(field); - field = next_field; - } -} - -void destroy_repeated_field_list_string(repeated_field* head) { - repeated_field* field = head; - while (field != nullptr) { - repeated_field* next_field = field->next; - destroy_slice((grpc_slice*)field->data); - gpr_free(field); - field = next_field; - } -} - -grpc_slice* create_slice(const char* data, size_t size) { - grpc_slice slice = grpc_slice_from_copied_buffer(data, size); - grpc_slice* cb_slice = - static_cast<grpc_slice*>(gpr_zalloc(sizeof(*cb_slice))); - memcpy(cb_slice, &slice, sizeof(*cb_slice)); - return cb_slice; -} - -void destroy_slice(grpc_slice* slice) { - if (slice != nullptr) { - grpc_slice_unref(*slice); - gpr_free(slice); - } -} - -bool encode_string_or_bytes_cb(pb_ostream_t* stream, const pb_field_t* field, - void* const* arg) { - grpc_slice* slice = static_cast<grpc_slice*>(*arg); - if (!pb_encode_tag_for_field(stream, field)) return false; - return pb_encode_string(stream, GRPC_SLICE_START_PTR(*slice), - GRPC_SLICE_LENGTH(*slice)); -} - -bool encode_repeated_identity_cb(pb_ostream_t* stream, const pb_field_t* field, - void* const* arg) { - repeated_field* var = static_cast<repeated_field*>(*arg); - while (var != nullptr) { - if (!pb_encode_tag_for_field(stream, field)) return false; - if (!pb_encode_submessage(stream, grpc_gcp_Identity_fields, - (grpc_gcp_identity*)var->data)) - return false; - var = var->next; - } - return true; -} - -bool encode_repeated_string_cb(pb_ostream_t* stream, const pb_field_t* field, - void* const* arg) { - repeated_field* var = static_cast<repeated_field*>(*arg); - while (var != nullptr) { - if (!pb_encode_tag_for_field(stream, field)) return false; - const grpc_slice* slice = static_cast<const grpc_slice*>(var->data); - if (!pb_encode_string(stream, GRPC_SLICE_START_PTR(*slice), - GRPC_SLICE_LENGTH(*slice))) - return false; - var = var->next; - } - return true; -} - -bool decode_string_or_bytes_cb(pb_istream_t* stream, const pb_field_t* field, - void** arg) { - grpc_slice slice = grpc_slice_malloc(stream->bytes_left); - grpc_slice* cb_slice = - static_cast<grpc_slice*>(gpr_zalloc(sizeof(*cb_slice))); - memcpy(cb_slice, &slice, sizeof(*cb_slice)); - if (!pb_read(stream, GRPC_SLICE_START_PTR(*cb_slice), stream->bytes_left)) - return false; - *arg = cb_slice; - return true; -} - -bool decode_repeated_identity_cb(pb_istream_t* stream, const pb_field_t* field, - void** arg) { - grpc_gcp_identity* identity = - static_cast<grpc_gcp_identity*>(gpr_zalloc(sizeof(*identity))); - identity->hostname.funcs.decode = decode_string_or_bytes_cb; - identity->service_account.funcs.decode = decode_string_or_bytes_cb; - add_repeated_field(reinterpret_cast<repeated_field**>(arg), identity); - if (!pb_decode(stream, grpc_gcp_Identity_fields, identity)) return false; - return true; -} - -bool decode_repeated_string_cb(pb_istream_t* stream, const pb_field_t* field, - void** arg) { - grpc_slice slice = grpc_slice_malloc(stream->bytes_left); - grpc_slice* cb_slice = - static_cast<grpc_slice*>(gpr_zalloc(sizeof(*cb_slice))); - memcpy(cb_slice, &slice, sizeof(grpc_slice)); - if (!pb_read(stream, GRPC_SLICE_START_PTR(*cb_slice), stream->bytes_left)) - return false; - add_repeated_field(reinterpret_cast<repeated_field**>(arg), cb_slice); - return true; -} diff --git a/src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h b/src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h deleted file mode 100644 index 8fe8f73f8b..0000000000 --- a/src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h +++ /dev/null @@ -1,149 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef GRPC_CORE_TSI_ALTS_HANDSHAKER_ALTS_HANDSHAKER_SERVICE_API_UTIL_H -#define GRPC_CORE_TSI_ALTS_HANDSHAKER_ALTS_HANDSHAKER_SERVICE_API_UTIL_H - -#include <grpc/support/port_platform.h> - -#include "third_party/nanopb/pb_decode.h" -#include "third_party/nanopb/pb_encode.h" - -#include <grpc/slice.h> -#include <grpc/slice_buffer.h> -#include <grpc/support/alloc.h> -#include <grpc/support/log.h> - -#include "src/core/tsi/alts/handshaker/handshaker.pb.h" - -/** - * An implementation of utility functions used to serialize/ - * de-serialize ALTS handshake requests/responses. All APIs in the header - * are thread-compatible. - */ - -/* Renaming of message/field structs generated by nanopb compiler. */ -typedef grpc_gcp_HandshakeProtocol grpc_gcp_handshake_protocol; -typedef grpc_gcp_NetworkProtocol grpc_gcp_network_protocol; -typedef grpc_gcp_Identity grpc_gcp_identity; -typedef grpc_gcp_NextHandshakeMessageReq grpc_gcp_next_handshake_message_req; -typedef grpc_gcp_ServerHandshakeParameters grpc_gcp_server_handshake_parameters; -typedef grpc_gcp_Endpoint grpc_gcp_endpoint; -typedef grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry - grpc_gcp_handshake_parameters_entry; -typedef grpc_gcp_StartClientHandshakeReq grpc_gcp_start_client_handshake_req; -typedef grpc_gcp_StartServerHandshakeReq grpc_gcp_start_server_handshake_req; -typedef grpc_gcp_HandshakerReq grpc_gcp_handshaker_req; -typedef grpc_gcp_HandshakerResult grpc_gcp_handshaker_result; -typedef grpc_gcp_HandshakerStatus grpc_gcp_handshaker_status; -typedef grpc_gcp_HandshakerResp grpc_gcp_handshaker_resp; - -typedef enum { - CLIENT_START_REQ = 0, /* StartClientHandshakeReq. */ - SERVER_START_REQ = 1, /* StartServerHandshakeReq. */ - NEXT_REQ = 2, /* NextHandshakeMessageReq. */ -} grpc_gcp_handshaker_req_type; - -/** - * A struct representing a repeated field. The struct is used to organize all - * instances of a specific repeated field into a linked list, which then will - * be used at encode/decode phase. For instance at the encode phase, the encode - * function will iterate through the list, encode each field, and then output - * the result to the stream. - */ -typedef struct repeated_field_ { - struct repeated_field_* next; - const void* data; -} repeated_field; - -/** - * This method adds a repeated field to the head of repeated field list. - * - * - head: a head of repeated field list. - * - field: a repeated field to be added to the list. - */ -void add_repeated_field(repeated_field** head, const void* field); - -/** - * This method destroys a repeated field list that consists of string type - * fields. - * - * - head: a head of repeated field list. - */ -void destroy_repeated_field_list_string(repeated_field* head); - -/** - * This method destroys a repeated field list that consists of - * grpc_gcp_identity type fields. - * - * - head: a head of repeated field list. - */ -void destroy_repeated_field_list_identity(repeated_field* head); - -/** - * This method creates a grpc_slice instance by copying a data buffer. It is - * similar to grpc_slice_from_copied_buffer() except that it returns an instance - * allocated from the heap. - * - * - data: a data buffer to be copied to grpc_slice instance. - * - size: size of data buffer. - */ -grpc_slice* create_slice(const char* data, size_t size); - -/* This method destroys a grpc_slice instance. */ -void destroy_slice(grpc_slice* slice); - -/** - * The following encode/decode functions will be assigned to encode/decode - * function pointers of pb_callback_t struct (defined in - * //third_party/nanopb/pb.h), that represent a repeated field with a dynamic - * length (e.g., a string type or repeated field). - */ - -/* This method is an encode callback function for a string or byte array. */ -bool encode_string_or_bytes_cb(pb_ostream_t* stream, const pb_field_t* field, - void* const* arg); - -/** - * This method is an encode callback function for a repeated grpc_gcp_identity - * field. - */ -bool encode_repeated_identity_cb(pb_ostream_t* stream, const pb_field_t* field, - void* const* arg); - -/* This method is an encode callback function for a repeated string field. */ -bool encode_repeated_string_cb(pb_ostream_t* stream, const pb_field_t* field, - void* const* arg); - -/** - * This method is a decode callback function for a string or byte array field. - */ -bool decode_string_or_bytes_cb(pb_istream_t* stream, const pb_field_t* field, - void** arg); -/** - * This method is a decode callback function for a repeated grpc_gcp_identity - * field. - */ -bool decode_repeated_identity_cb(pb_istream_t* stream, const pb_field_t* field, - void** arg); - -/* This method is a decode callback function for a repeated string field. */ -bool decode_repeated_string_cb(pb_istream_t* stream, const pb_field_t* field, - void** arg); - -#endif /* GRPC_CORE_TSI_ALTS_HANDSHAKER_ALTS_HANDSHAKER_SERVICE_API_UTIL_H */ diff --git a/src/core/tsi/alts/handshaker/alts_tsi_event.cc b/src/core/tsi/alts/handshaker/alts_tsi_event.cc deleted file mode 100644 index ec0bf12b95..0000000000 --- a/src/core/tsi/alts/handshaker/alts_tsi_event.cc +++ /dev/null @@ -1,73 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <grpc/support/port_platform.h> - -#include "src/core/tsi/alts/handshaker/alts_tsi_event.h" - -#include <grpc/grpc.h> -#include <grpc/support/alloc.h> -#include <grpc/support/log.h> - -tsi_result alts_tsi_event_create(alts_tsi_handshaker* handshaker, - tsi_handshaker_on_next_done_cb cb, - void* user_data, - grpc_alts_credentials_options* options, - grpc_slice target_name, - alts_tsi_event** event) { - if (event == nullptr || handshaker == nullptr || cb == nullptr) { - gpr_log(GPR_ERROR, "Invalid arguments to alts_tsi_event_create()"); - return TSI_INVALID_ARGUMENT; - } - alts_tsi_event* e = static_cast<alts_tsi_event*>(gpr_zalloc(sizeof(*e))); - e->handshaker = handshaker; - e->cb = cb; - e->user_data = user_data; - e->options = grpc_alts_credentials_options_copy(options); - e->target_name = grpc_slice_copy(target_name); - grpc_metadata_array_init(&e->initial_metadata); - grpc_metadata_array_init(&e->trailing_metadata); - *event = e; - return TSI_OK; -} - -void alts_tsi_event_dispatch_to_handshaker(alts_tsi_event* event, bool is_ok) { - if (event == nullptr) { - gpr_log( - GPR_ERROR, - "ALTS TSI event is nullptr in alts_tsi_event_dispatch_to_handshaker()"); - return; - } - alts_tsi_handshaker_handle_response(event->handshaker, event->recv_buffer, - event->status, &event->details, event->cb, - event->user_data, is_ok); -} - -void alts_tsi_event_destroy(alts_tsi_event* event) { - if (event == nullptr) { - return; - } - grpc_byte_buffer_destroy(event->send_buffer); - grpc_byte_buffer_destroy(event->recv_buffer); - grpc_metadata_array_destroy(&event->initial_metadata); - grpc_metadata_array_destroy(&event->trailing_metadata); - grpc_slice_unref(event->details); - grpc_slice_unref(event->target_name); - grpc_alts_credentials_options_destroy(event->options); - gpr_free(event); -} diff --git a/src/core/tsi/alts/handshaker/alts_tsi_event.h b/src/core/tsi/alts/handshaker/alts_tsi_event.h deleted file mode 100644 index 043e75d4a9..0000000000 --- a/src/core/tsi/alts/handshaker/alts_tsi_event.h +++ /dev/null @@ -1,93 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef GRPC_CORE_TSI_ALTS_HANDSHAKER_ALTS_TSI_EVENT_H -#define GRPC_CORE_TSI_ALTS_HANDSHAKER_ALTS_TSI_EVENT_H - -#include <grpc/support/port_platform.h> - -#include <grpc/byte_buffer.h> -#include <grpc/byte_buffer_reader.h> - -#include "src/core/tsi/alts/handshaker/alts_tsi_handshaker.h" -#include "src/core/tsi/transport_security_interface.h" - -/** - * A ALTS TSI event interface. In asynchronous implementation of - * tsi_handshaker_next(), the function will exit after scheduling a handshaker - * request to ALTS handshaker service without waiting for response to return. - * The event is used to link the scheduled handshaker request with the - * corresponding response so that enough context information can be inferred - * from it to handle the response. All APIs in the header are thread-compatible. - */ - -/** - * Main struct for ALTS TSI event. It retains ownership on send_buffer and - * recv_buffer, but not on handshaker. - */ -typedef struct alts_tsi_event { - alts_tsi_handshaker* handshaker; - grpc_byte_buffer* send_buffer; - grpc_byte_buffer* recv_buffer; - grpc_status_code status; - grpc_slice details; - grpc_metadata_array initial_metadata; - grpc_metadata_array trailing_metadata; - tsi_handshaker_on_next_done_cb cb; - void* user_data; - grpc_alts_credentials_options* options; - grpc_slice target_name; -} alts_tsi_event; - -/** - * This method creates a ALTS TSI event. - * - * - handshaker: ALTS TSI handshaker instance associated with the event to be - * created. The created event does not own the handshaker instance. - * - cb: callback function to be called when handling data received from ALTS - * handshaker service. - * - user_data: argument to callback function. - * - options: ALTS credentials options. - * - target_name: name of endpoint used for secure naming check. - * - event: address of ALTS TSI event instance to be returned from the method. - * - * It returns TSI_OK on success and an error status code on failure. - */ -tsi_result alts_tsi_event_create(alts_tsi_handshaker* handshaker, - tsi_handshaker_on_next_done_cb cb, - void* user_data, - grpc_alts_credentials_options* options, - grpc_slice target_name, - alts_tsi_event** event); - -/** - * This method dispatches a ALTS TSI event received from the handshaker service, - * and a boolean flag indicating if the event is valid to read to ALTS TSI - * handshaker to process. It is called by TSI thread. - * - * - event: ALTS TSI event instance. - * - is_ok: a boolean value indicating if the event is valid to read. - */ -void alts_tsi_event_dispatch_to_handshaker(alts_tsi_event* event, bool is_ok); - -/** - * This method destroys the ALTS TSI event. - */ -void alts_tsi_event_destroy(alts_tsi_event* event); - -#endif /* GRPC_CORE_TSI_ALTS_HANDSHAKER_ALTS_TSI_EVENT_H */ diff --git a/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc b/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc deleted file mode 100644 index 529f2103c7..0000000000 --- a/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +++ /dev/null @@ -1,483 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <grpc/support/port_platform.h> - -#include "src/core/tsi/alts/handshaker/alts_tsi_handshaker.h" - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> - -#include <grpc/support/alloc.h> -#include <grpc/support/log.h> -#include <grpc/support/sync.h> -#include <grpc/support/thd_id.h> - -#include "src/core/lib/gpr/host_port.h" -#include "src/core/lib/gprpp/thd.h" -#include "src/core/tsi/alts/frame_protector/alts_frame_protector.h" -#include "src/core/tsi/alts/handshaker/alts_handshaker_client.h" -#include "src/core/tsi/alts/handshaker/alts_tsi_utils.h" -#include "src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h" -#include "src/core/tsi/alts_transport_security.h" - -#define TSI_ALTS_INITIAL_BUFFER_SIZE 256 - -static alts_shared_resource* kSharedResource = alts_get_shared_resource(); - -/* Main struct for ALTS TSI handshaker. */ -typedef struct alts_tsi_handshaker { - tsi_handshaker base; - alts_handshaker_client* client; - grpc_slice recv_bytes; - grpc_slice target_name; - unsigned char* buffer; - size_t buffer_size; - bool is_client; - bool has_sent_start_message; - grpc_alts_credentials_options* options; -} alts_tsi_handshaker; - -/* Main struct for ALTS TSI handshaker result. */ -typedef struct alts_tsi_handshaker_result { - tsi_handshaker_result base; - char* peer_identity; - char* key_data; - unsigned char* unused_bytes; - size_t unused_bytes_size; - grpc_slice rpc_versions; - bool is_client; -} alts_tsi_handshaker_result; - -static tsi_result handshaker_result_extract_peer( - const tsi_handshaker_result* self, tsi_peer* peer) { - if (self == nullptr || peer == nullptr) { - gpr_log(GPR_ERROR, "Invalid argument to handshaker_result_extract_peer()"); - return TSI_INVALID_ARGUMENT; - } - alts_tsi_handshaker_result* result = - reinterpret_cast<alts_tsi_handshaker_result*>( - const_cast<tsi_handshaker_result*>(self)); - GPR_ASSERT(kTsiAltsNumOfPeerProperties == 3); - tsi_result ok = tsi_construct_peer(kTsiAltsNumOfPeerProperties, peer); - int index = 0; - if (ok != TSI_OK) { - gpr_log(GPR_ERROR, "Failed to construct tsi peer"); - return ok; - } - GPR_ASSERT(&peer->properties[index] != nullptr); - ok = tsi_construct_string_peer_property_from_cstring( - TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_ALTS_CERTIFICATE_TYPE, - &peer->properties[index]); - if (ok != TSI_OK) { - tsi_peer_destruct(peer); - gpr_log(GPR_ERROR, "Failed to set tsi peer property"); - return ok; - } - index++; - GPR_ASSERT(&peer->properties[index] != nullptr); - ok = tsi_construct_string_peer_property_from_cstring( - TSI_ALTS_SERVICE_ACCOUNT_PEER_PROPERTY, result->peer_identity, - &peer->properties[index]); - if (ok != TSI_OK) { - tsi_peer_destruct(peer); - gpr_log(GPR_ERROR, "Failed to set tsi peer property"); - } - index++; - GPR_ASSERT(&peer->properties[index] != nullptr); - ok = tsi_construct_string_peer_property( - TSI_ALTS_RPC_VERSIONS, - reinterpret_cast<char*>(GRPC_SLICE_START_PTR(result->rpc_versions)), - GRPC_SLICE_LENGTH(result->rpc_versions), &peer->properties[2]); - if (ok != TSI_OK) { - tsi_peer_destruct(peer); - gpr_log(GPR_ERROR, "Failed to set tsi peer property"); - } - GPR_ASSERT(++index == kTsiAltsNumOfPeerProperties); - return ok; -} - -static tsi_result handshaker_result_create_zero_copy_grpc_protector( - const tsi_handshaker_result* self, size_t* max_output_protected_frame_size, - tsi_zero_copy_grpc_protector** protector) { - if (self == nullptr || protector == nullptr) { - gpr_log(GPR_ERROR, - "Invalid arguments to create_zero_copy_grpc_protector()"); - return TSI_INVALID_ARGUMENT; - } - alts_tsi_handshaker_result* result = - reinterpret_cast<alts_tsi_handshaker_result*>( - const_cast<tsi_handshaker_result*>(self)); - tsi_result ok = alts_zero_copy_grpc_protector_create( - reinterpret_cast<const uint8_t*>(result->key_data), - kAltsAes128GcmRekeyKeyLength, /*is_rekey=*/true, result->is_client, - /*is_integrity_only=*/false, max_output_protected_frame_size, protector); - if (ok != TSI_OK) { - gpr_log(GPR_ERROR, "Failed to create zero-copy grpc protector"); - } - return ok; -} - -static tsi_result handshaker_result_create_frame_protector( - const tsi_handshaker_result* self, size_t* max_output_protected_frame_size, - tsi_frame_protector** protector) { - if (self == nullptr || protector == nullptr) { - gpr_log(GPR_ERROR, - "Invalid arguments to handshaker_result_create_frame_protector()"); - return TSI_INVALID_ARGUMENT; - } - alts_tsi_handshaker_result* result = - reinterpret_cast<alts_tsi_handshaker_result*>( - const_cast<tsi_handshaker_result*>(self)); - tsi_result ok = alts_create_frame_protector( - reinterpret_cast<const uint8_t*>(result->key_data), - kAltsAes128GcmRekeyKeyLength, result->is_client, /*is_rekey=*/true, - max_output_protected_frame_size, protector); - if (ok != TSI_OK) { - gpr_log(GPR_ERROR, "Failed to create frame protector"); - } - return ok; -} - -static tsi_result handshaker_result_get_unused_bytes( - const tsi_handshaker_result* self, const unsigned char** bytes, - size_t* bytes_size) { - if (self == nullptr || bytes == nullptr || bytes_size == nullptr) { - gpr_log(GPR_ERROR, - "Invalid arguments to handshaker_result_get_unused_bytes()"); - return TSI_INVALID_ARGUMENT; - } - alts_tsi_handshaker_result* result = - reinterpret_cast<alts_tsi_handshaker_result*>( - const_cast<tsi_handshaker_result*>(self)); - *bytes = result->unused_bytes; - *bytes_size = result->unused_bytes_size; - return TSI_OK; -} - -static void handshaker_result_destroy(tsi_handshaker_result* self) { - if (self == nullptr) { - return; - } - alts_tsi_handshaker_result* result = - reinterpret_cast<alts_tsi_handshaker_result*>( - const_cast<tsi_handshaker_result*>(self)); - gpr_free(result->peer_identity); - gpr_free(result->key_data); - gpr_free(result->unused_bytes); - grpc_slice_unref(result->rpc_versions); - gpr_free(result); -} - -static const tsi_handshaker_result_vtable result_vtable = { - handshaker_result_extract_peer, - handshaker_result_create_zero_copy_grpc_protector, - handshaker_result_create_frame_protector, - handshaker_result_get_unused_bytes, handshaker_result_destroy}; - -static tsi_result create_handshaker_result(grpc_gcp_handshaker_resp* resp, - bool is_client, - tsi_handshaker_result** self) { - if (self == nullptr || resp == nullptr) { - gpr_log(GPR_ERROR, "Invalid arguments to create_handshaker_result()"); - return TSI_INVALID_ARGUMENT; - } - grpc_slice* key = static_cast<grpc_slice*>(resp->result.key_data.arg); - GPR_ASSERT(key != nullptr); - grpc_slice* identity = - static_cast<grpc_slice*>(resp->result.peer_identity.service_account.arg); - if (identity == nullptr) { - gpr_log(GPR_ERROR, "Invalid service account"); - return TSI_FAILED_PRECONDITION; - } - if (GRPC_SLICE_LENGTH(*key) < kAltsAes128GcmRekeyKeyLength) { - gpr_log(GPR_ERROR, "Bad key length"); - return TSI_FAILED_PRECONDITION; - } - alts_tsi_handshaker_result* result = - static_cast<alts_tsi_handshaker_result*>(gpr_zalloc(sizeof(*result))); - result->key_data = - static_cast<char*>(gpr_zalloc(kAltsAes128GcmRekeyKeyLength)); - memcpy(result->key_data, GRPC_SLICE_START_PTR(*key), - kAltsAes128GcmRekeyKeyLength); - result->peer_identity = grpc_slice_to_c_string(*identity); - if (!resp->result.has_peer_rpc_versions) { - gpr_log(GPR_ERROR, "Peer does not set RPC protocol versions."); - return TSI_FAILED_PRECONDITION; - } - if (!grpc_gcp_rpc_protocol_versions_encode(&resp->result.peer_rpc_versions, - &result->rpc_versions)) { - gpr_log(GPR_ERROR, "Failed to serialize peer's RPC protocol versions."); - return TSI_FAILED_PRECONDITION; - } - result->is_client = is_client; - result->base.vtable = &result_vtable; - *self = &result->base; - return TSI_OK; -} - -static tsi_result handshaker_next( - tsi_handshaker* self, const unsigned char* received_bytes, - size_t received_bytes_size, const unsigned char** bytes_to_send, - size_t* bytes_to_send_size, tsi_handshaker_result** result, - tsi_handshaker_on_next_done_cb cb, void* user_data) { - if (self == nullptr || cb == nullptr) { - gpr_log(GPR_ERROR, "Invalid arguments to handshaker_next()"); - return TSI_INVALID_ARGUMENT; - } - alts_tsi_handshaker* handshaker = - reinterpret_cast<alts_tsi_handshaker*>(self); - tsi_result ok = TSI_OK; - alts_tsi_event* event = nullptr; - ok = alts_tsi_event_create(handshaker, cb, user_data, handshaker->options, - handshaker->target_name, &event); - if (ok != TSI_OK) { - gpr_log(GPR_ERROR, "Failed to create ALTS TSI event"); - return ok; - } - grpc_slice slice = (received_bytes == nullptr || received_bytes_size == 0) - ? grpc_empty_slice() - : grpc_slice_from_copied_buffer( - reinterpret_cast<const char*>(received_bytes), - received_bytes_size); - if (!handshaker->has_sent_start_message) { - ok = handshaker->is_client - ? alts_handshaker_client_start_client(handshaker->client, event) - : alts_handshaker_client_start_server(handshaker->client, event, - &slice); - handshaker->has_sent_start_message = true; - } else { - if (!GRPC_SLICE_IS_EMPTY(handshaker->recv_bytes)) { - grpc_slice_unref(handshaker->recv_bytes); - } - handshaker->recv_bytes = grpc_slice_ref(slice); - ok = alts_handshaker_client_next(handshaker->client, event, &slice); - } - grpc_slice_unref(slice); - if (ok != TSI_OK) { - gpr_log(GPR_ERROR, "Failed to schedule ALTS handshaker requests"); - return ok; - } - return TSI_ASYNC; -} - -static void handshaker_destroy(tsi_handshaker* self) { - if (self == nullptr) { - return; - } - alts_tsi_handshaker* handshaker = - reinterpret_cast<alts_tsi_handshaker*>(self); - alts_handshaker_client_destroy(handshaker->client); - grpc_slice_unref(handshaker->recv_bytes); - grpc_slice_unref(handshaker->target_name); - grpc_alts_credentials_options_destroy(handshaker->options); - gpr_free(handshaker->buffer); - gpr_free(handshaker); -} - -static const tsi_handshaker_vtable handshaker_vtable = { - nullptr, nullptr, nullptr, nullptr, nullptr, handshaker_destroy, - handshaker_next}; - -static void thread_worker(void* arg) { - while (true) { - grpc_event event = grpc_completion_queue_next( - kSharedResource->cq, gpr_inf_future(GPR_CLOCK_REALTIME), nullptr); - GPR_ASSERT(event.type != GRPC_QUEUE_TIMEOUT); - if (event.type == GRPC_QUEUE_SHUTDOWN) { - /* signal alts_tsi_shutdown() to destroy completion queue. */ - grpc_tsi_alts_signal_for_cq_destroy(); - break; - } - /* event.type == GRPC_OP_COMPLETE. */ - alts_tsi_event* alts_event = static_cast<alts_tsi_event*>(event.tag); - alts_tsi_event_dispatch_to_handshaker(alts_event, event.success); - alts_tsi_event_destroy(alts_event); - } -} - -static void init_shared_resources(const char* handshaker_service_url) { - GPR_ASSERT(handshaker_service_url != nullptr); - gpr_mu_lock(&kSharedResource->mu); - if (kSharedResource->channel == nullptr) { - gpr_cv_init(&kSharedResource->cv); - kSharedResource->channel = - grpc_insecure_channel_create(handshaker_service_url, nullptr, nullptr); - kSharedResource->cq = grpc_completion_queue_create_for_next(nullptr); - kSharedResource->thread = - grpc_core::Thread("alts_tsi_handshaker", &thread_worker, nullptr); - kSharedResource->thread.Start(); - } - gpr_mu_unlock(&kSharedResource->mu); -} - -tsi_result alts_tsi_handshaker_create( - const grpc_alts_credentials_options* options, const char* target_name, - const char* handshaker_service_url, bool is_client, tsi_handshaker** self) { - if (handshaker_service_url == nullptr || self == nullptr || - options == nullptr || (is_client && target_name == nullptr)) { - gpr_log(GPR_ERROR, "Invalid arguments to alts_tsi_handshaker_create()"); - return TSI_INVALID_ARGUMENT; - } - init_shared_resources(handshaker_service_url); - alts_handshaker_client* client = alts_grpc_handshaker_client_create( - kSharedResource->channel, kSharedResource->cq, handshaker_service_url); - if (client == nullptr) { - gpr_log(GPR_ERROR, "Failed to create ALTS handshaker client"); - return TSI_FAILED_PRECONDITION; - } - alts_tsi_handshaker* handshaker = - static_cast<alts_tsi_handshaker*>(gpr_zalloc(sizeof(*handshaker))); - handshaker->client = client; - handshaker->buffer_size = TSI_ALTS_INITIAL_BUFFER_SIZE; - handshaker->buffer = - static_cast<unsigned char*>(gpr_zalloc(handshaker->buffer_size)); - handshaker->is_client = is_client; - handshaker->has_sent_start_message = false; - handshaker->target_name = target_name == nullptr - ? grpc_empty_slice() - : grpc_slice_from_static_string(target_name); - handshaker->options = grpc_alts_credentials_options_copy(options); - handshaker->base.vtable = &handshaker_vtable; - *self = &handshaker->base; - return TSI_OK; -} - -static bool is_handshake_finished_properly(grpc_gcp_handshaker_resp* resp) { - GPR_ASSERT(resp != nullptr); - if (resp->has_result) { - return true; - } - return false; -} - -static void set_unused_bytes(tsi_handshaker_result* self, - grpc_slice* recv_bytes, size_t bytes_consumed) { - GPR_ASSERT(recv_bytes != nullptr && self != nullptr); - if (GRPC_SLICE_LENGTH(*recv_bytes) == bytes_consumed) { - return; - } - alts_tsi_handshaker_result* result = - reinterpret_cast<alts_tsi_handshaker_result*>(self); - result->unused_bytes_size = GRPC_SLICE_LENGTH(*recv_bytes) - bytes_consumed; - result->unused_bytes = - static_cast<unsigned char*>(gpr_zalloc(result->unused_bytes_size)); - memcpy(result->unused_bytes, - GRPC_SLICE_START_PTR(*recv_bytes) + bytes_consumed, - result->unused_bytes_size); -} - -void alts_tsi_handshaker_handle_response(alts_tsi_handshaker* handshaker, - grpc_byte_buffer* recv_buffer, - grpc_status_code status, - grpc_slice* details, - tsi_handshaker_on_next_done_cb cb, - void* user_data, bool is_ok) { - /* Invalid input check. */ - if (cb == nullptr) { - gpr_log(GPR_ERROR, - "cb is nullptr in alts_tsi_handshaker_handle_response()"); - return; - } - if (handshaker == nullptr || recv_buffer == nullptr) { - gpr_log(GPR_ERROR, - "Invalid arguments to alts_tsi_handshaker_handle_response()"); - cb(TSI_INTERNAL_ERROR, user_data, nullptr, 0, nullptr); - return; - } - /* Failed grpc call check. */ - if (!is_ok || status != GRPC_STATUS_OK) { - gpr_log(GPR_ERROR, "grpc call made to handshaker service failed"); - if (details != nullptr) { - char* error_details = grpc_slice_to_c_string(*details); - gpr_log(GPR_ERROR, "error details:%s", error_details); - gpr_free(error_details); - } - cb(TSI_INTERNAL_ERROR, user_data, nullptr, 0, nullptr); - return; - } - grpc_gcp_handshaker_resp* resp = - alts_tsi_utils_deserialize_response(recv_buffer); - /* Invalid handshaker response check. */ - if (resp == nullptr) { - gpr_log(GPR_ERROR, "alts_tsi_utils_deserialize_response() failed"); - cb(TSI_DATA_CORRUPTED, user_data, nullptr, 0, nullptr); - return; - } - grpc_slice* slice = static_cast<grpc_slice*>(resp->out_frames.arg); - unsigned char* bytes_to_send = nullptr; - size_t bytes_to_send_size = 0; - if (slice != nullptr) { - bytes_to_send_size = GRPC_SLICE_LENGTH(*slice); - while (bytes_to_send_size > handshaker->buffer_size) { - handshaker->buffer_size *= 2; - handshaker->buffer = static_cast<unsigned char*>( - gpr_realloc(handshaker->buffer, handshaker->buffer_size)); - } - memcpy(handshaker->buffer, GRPC_SLICE_START_PTR(*slice), - bytes_to_send_size); - bytes_to_send = handshaker->buffer; - } - tsi_handshaker_result* result = nullptr; - if (is_handshake_finished_properly(resp)) { - create_handshaker_result(resp, handshaker->is_client, &result); - set_unused_bytes(result, &handshaker->recv_bytes, resp->bytes_consumed); - } - grpc_status_code code = static_cast<grpc_status_code>(resp->status.code); - grpc_gcp_handshaker_resp_destroy(resp); - cb(alts_tsi_utils_convert_to_tsi_result(code), user_data, bytes_to_send, - bytes_to_send_size, result); -} - -namespace grpc_core { -namespace internal { - -bool alts_tsi_handshaker_get_has_sent_start_message_for_testing( - alts_tsi_handshaker* handshaker) { - GPR_ASSERT(handshaker != nullptr); - return handshaker->has_sent_start_message; -} - -bool alts_tsi_handshaker_get_is_client_for_testing( - alts_tsi_handshaker* handshaker) { - GPR_ASSERT(handshaker != nullptr); - return handshaker->is_client; -} - -void alts_tsi_handshaker_set_recv_bytes_for_testing( - alts_tsi_handshaker* handshaker, grpc_slice* slice) { - GPR_ASSERT(handshaker != nullptr && slice != nullptr); - handshaker->recv_bytes = grpc_slice_ref(*slice); -} - -grpc_slice alts_tsi_handshaker_get_recv_bytes_for_testing( - alts_tsi_handshaker* handshaker) { - GPR_ASSERT(handshaker != nullptr); - return handshaker->recv_bytes; -} - -void alts_tsi_handshaker_set_client_for_testing( - alts_tsi_handshaker* handshaker, alts_handshaker_client* client) { - GPR_ASSERT(handshaker != nullptr && client != nullptr); - alts_handshaker_client_destroy(handshaker->client); - handshaker->client = client; -} - -} // namespace internal -} // namespace grpc_core diff --git a/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h b/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h deleted file mode 100644 index 227b30ce53..0000000000 --- a/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +++ /dev/null @@ -1,83 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef GRPC_CORE_TSI_ALTS_HANDSHAKER_ALTS_TSI_HANDSHAKER_H -#define GRPC_CORE_TSI_ALTS_HANDSHAKER_ALTS_TSI_HANDSHAKER_H - -#include <grpc/support/port_platform.h> - -#include <grpc/grpc.h> - -#include "src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h" -#include "src/core/tsi/alts_transport_security.h" -#include "src/core/tsi/transport_security.h" -#include "src/core/tsi/transport_security_interface.h" - -#define TSI_ALTS_SERVICE_ACCOUNT_PEER_PROPERTY "service_accont" -#define TSI_ALTS_CERTIFICATE_TYPE "ALTS" -#define TSI_ALTS_RPC_VERSIONS "rpc_versions" - -const size_t kTsiAltsNumOfPeerProperties = 3; - -/** - * Main struct for ALTS TSI handshaker. All APIs in the header are - * thread-comptabile. - */ -typedef struct alts_tsi_handshaker alts_tsi_handshaker; - -/** - * This method creates a ALTS TSI handshaker instance. - * - * - options: ALTS credentials options containing information passed from TSI - * caller (e.g., rpc protocol versions). - * - target_name: the name of the endpoint that the channel is connecting to, - * and will be used for secure naming check. - * - handshaker_service_url: address of ALTS handshaker service in the format of - * "host:port". - * - is_client: boolean value indicating if the handshaker is used at the client - * (is_client = true) or server (is_client = false) side. - * - self: address of ALTS TSI handshaker instance to be returned from the - * method. - * - * It returns TSI_OK on success and an error status code on failure. - */ -tsi_result alts_tsi_handshaker_create( - const grpc_alts_credentials_options* options, const char* target_name, - const char* handshaker_service_url, bool is_client, tsi_handshaker** self); - -/** - * This method handles handshaker response returned from ALTS handshaker - * service. - * - * - handshaker: ALTS TSI handshaker instance. - * - recv_buffer: buffer holding data received from the handshaker service. - * - status: status of the grpc call made to the handshaker service. - * - details: error details of the grpc call made to the handshaker service. - * - cb: callback function of ALTS TSI event. - * - user_data: argument of callback function. - * - is_ok: a boolean value indicating if the handshaker response is ok to read. - * - */ -void alts_tsi_handshaker_handle_response(alts_tsi_handshaker* handshaker, - grpc_byte_buffer* recv_buffer, - grpc_status_code status, - grpc_slice* details, - tsi_handshaker_on_next_done_cb cb, - void* user_data, bool is_ok); - -#endif /* GRPC_CORE_TSI_ALTS_HANDSHAKER_ALTS_TSI_HANDSHAKER_H */ diff --git a/src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h b/src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h deleted file mode 100644 index 9b7b9bb6b1..0000000000 --- a/src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h +++ /dev/null @@ -1,52 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef GRPC_CORE_TSI_ALTS_HANDSHAKER_ALTS_TSI_HANDSHAKER_PRIVATE_H -#define GRPC_CORE_TSI_ALTS_HANDSHAKER_ALTS_TSI_HANDSHAKER_PRIVATE_H - -#include <grpc/support/port_platform.h> - -#include "src/core/tsi/alts/handshaker/alts_handshaker_client.h" - -namespace grpc_core { -namespace internal { - -/** - * Unsafe, use for testing only. It allows the caller to change the way the - * ALTS TSI handshaker schedules handshaker requests. - */ -void alts_tsi_handshaker_set_client_for_testing(alts_tsi_handshaker* handshaker, - alts_handshaker_client* client); - -/* For testing only. */ -bool alts_tsi_handshaker_get_has_sent_start_message_for_testing( - alts_tsi_handshaker* handshaker); - -bool alts_tsi_handshaker_get_is_client_for_testing( - alts_tsi_handshaker* handshaker); - -void alts_tsi_handshaker_set_recv_bytes_for_testing( - alts_tsi_handshaker* handshaker, grpc_slice* slice); - -grpc_slice alts_tsi_handshaker_get_recv_bytes_for_testing( - alts_tsi_handshaker* handshaker); - -} // namespace internal -} // namespace grpc_core - -#endif /* GRPC_CORE_TSI_ALTS_HANDSHAKER_ALTS_TSI_HANDSHAKER_PRIVATE_H */ diff --git a/src/core/tsi/alts/handshaker/alts_tsi_utils.cc b/src/core/tsi/alts/handshaker/alts_tsi_utils.cc deleted file mode 100644 index d9b5e6c945..0000000000 --- a/src/core/tsi/alts/handshaker/alts_tsi_utils.cc +++ /dev/null @@ -1,58 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <grpc/support/port_platform.h> - -#include "src/core/tsi/alts/handshaker/alts_tsi_utils.h" - -#include <grpc/byte_buffer_reader.h> - -tsi_result alts_tsi_utils_convert_to_tsi_result(grpc_status_code code) { - switch (code) { - case GRPC_STATUS_OK: - return TSI_OK; - case GRPC_STATUS_UNKNOWN: - return TSI_UNKNOWN_ERROR; - case GRPC_STATUS_INVALID_ARGUMENT: - return TSI_INVALID_ARGUMENT; - case GRPC_STATUS_NOT_FOUND: - return TSI_NOT_FOUND; - case GRPC_STATUS_INTERNAL: - return TSI_INTERNAL_ERROR; - default: - return TSI_UNKNOWN_ERROR; - } -} - -grpc_gcp_handshaker_resp* alts_tsi_utils_deserialize_response( - grpc_byte_buffer* resp_buffer) { - GPR_ASSERT(resp_buffer != nullptr); - grpc_byte_buffer_reader bbr; - grpc_byte_buffer_reader_init(&bbr, resp_buffer); - grpc_slice slice = grpc_byte_buffer_reader_readall(&bbr); - grpc_gcp_handshaker_resp* resp = grpc_gcp_handshaker_resp_create(); - bool ok = grpc_gcp_handshaker_resp_decode(slice, resp); - grpc_slice_unref(slice); - grpc_byte_buffer_reader_destroy(&bbr); - if (!ok) { - grpc_gcp_handshaker_resp_destroy(resp); - gpr_log(GPR_ERROR, "grpc_gcp_handshaker_resp_decode() failed"); - return nullptr; - } - return resp; -} diff --git a/src/core/tsi/alts/handshaker/alts_tsi_utils.h b/src/core/tsi/alts/handshaker/alts_tsi_utils.h deleted file mode 100644 index 9ef649de2b..0000000000 --- a/src/core/tsi/alts/handshaker/alts_tsi_utils.h +++ /dev/null @@ -1,52 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef GRPC_CORE_TSI_ALTS_HANDSHAKER_ALTS_TSI_UTILS_H -#define GRPC_CORE_TSI_ALTS_HANDSHAKER_ALTS_TSI_UTILS_H - -#include <grpc/support/port_platform.h> - -#include <grpc/byte_buffer.h> -#include <grpc/grpc.h> - -#include "src/core/tsi/alts/handshaker/alts_handshaker_service_api.h" -#include "src/core/tsi/transport_security_interface.h" - -/** - * This method converts grpc_status_code code to the corresponding tsi_result - * code. - * - * - code: grpc_status_code code. - * - * It returns the converted tsi_result code. - */ -tsi_result alts_tsi_utils_convert_to_tsi_result(grpc_status_code code); - -/** - * This method deserializes a handshaker response returned from ALTS handshaker - * service. - * - * - bytes_received: data returned from ALTS handshaker service. - * - * It returns a deserialized handshaker response on success and nullptr on - * failure. - */ -grpc_gcp_handshaker_resp* alts_tsi_utils_deserialize_response( - grpc_byte_buffer* resp_buffer); - -#endif /* GRPC_CORE_TSI_ALTS_HANDSHAKER_ALTS_TSI_UTILS_H */ diff --git a/src/core/tsi/alts/handshaker/altscontext.pb.c b/src/core/tsi/alts/handshaker/altscontext.pb.c deleted file mode 100644 index 81a82f5992..0000000000 --- a/src/core/tsi/alts/handshaker/altscontext.pb.c +++ /dev/null @@ -1,48 +0,0 @@ -/* Automatically generated nanopb constant definitions */ -/* Generated by nanopb-0.3.7-dev */ - -#include "src/core/tsi/alts/handshaker/altscontext.pb.h" - -/* @@protoc_insertion_point(includes) */ -#if PB_PROTO_HEADER_VERSION != 30 -#error Regenerate this file with the current version of nanopb generator. -#endif - - - -const pb_field_t grpc_gcp_AltsContext_fields[7] = { - PB_FIELD( 1, STRING , OPTIONAL, CALLBACK, FIRST, grpc_gcp_AltsContext, application_protocol, application_protocol, 0), - PB_FIELD( 2, STRING , OPTIONAL, CALLBACK, OTHER, grpc_gcp_AltsContext, record_protocol, application_protocol, 0), - PB_FIELD( 3, UENUM , OPTIONAL, STATIC , OTHER, grpc_gcp_AltsContext, security_level, record_protocol, 0), - PB_FIELD( 4, STRING , OPTIONAL, CALLBACK, OTHER, grpc_gcp_AltsContext, peer_service_account, security_level, 0), - PB_FIELD( 5, STRING , OPTIONAL, CALLBACK, OTHER, grpc_gcp_AltsContext, local_service_account, peer_service_account, 0), - PB_FIELD( 6, MESSAGE , OPTIONAL, STATIC , OTHER, grpc_gcp_AltsContext, peer_rpc_versions, local_service_account, &grpc_gcp_RpcProtocolVersions_fields), - PB_LAST_FIELD -}; - - -/* Check that field information fits in pb_field_t */ -#if !defined(PB_FIELD_32BIT) -/* If you get an error here, it means that you need to define PB_FIELD_32BIT - * compile-time option. You can do that in pb.h or on compiler command line. - * - * The reason you need to do this is that some of your messages contain tag - * numbers or field sizes that are larger than what can fit in 8 or 16 bit - * field descriptors. - */ -PB_STATIC_ASSERT((pb_membersize(grpc_gcp_AltsContext, peer_rpc_versions) < 65536), YOU_MUST_DEFINE_PB_FIELD_32BIT_FOR_MESSAGES_grpc_gcp_AltsContext) -#endif - -#if !defined(PB_FIELD_16BIT) && !defined(PB_FIELD_32BIT) -/* If you get an error here, it means that you need to define PB_FIELD_16BIT - * compile-time option. You can do that in pb.h or on compiler command line. - * - * The reason you need to do this is that some of your messages contain tag - * numbers or field sizes that are larger than what can fit in the default - * 8 bit descriptors. - */ -PB_STATIC_ASSERT((pb_membersize(grpc_gcp_AltsContext, peer_rpc_versions) < 256), YOU_MUST_DEFINE_PB_FIELD_16BIT_FOR_MESSAGES_grpc_gcp_AltsContext) -#endif - - -/* @@protoc_insertion_point(eof) */ diff --git a/src/core/tsi/alts/handshaker/altscontext.pb.h b/src/core/tsi/alts/handshaker/altscontext.pb.h deleted file mode 100644 index 3e72d7f678..0000000000 --- a/src/core/tsi/alts/handshaker/altscontext.pb.h +++ /dev/null @@ -1,64 +0,0 @@ -/* Automatically generated nanopb header */ -/* Generated by nanopb-0.3.7-dev */ - -#ifndef PB_GRPC_GCP_ALTSCONTEXT_PB_H_INCLUDED -#define PB_GRPC_GCP_ALTSCONTEXT_PB_H_INCLUDED -#include "third_party/nanopb/pb.h" -#include "src/core/tsi/alts/handshaker/transport_security_common.pb.h" - -/* @@protoc_insertion_point(includes) */ -#if PB_PROTO_HEADER_VERSION != 30 -#error Regenerate this file with the current version of nanopb generator. -#endif - -#ifdef __cplusplus -extern "C" { -#endif - -/* Struct definitions */ -typedef struct _grpc_gcp_AltsContext { - pb_callback_t application_protocol; - pb_callback_t record_protocol; - bool has_security_level; - grpc_gcp_SecurityLevel security_level; - pb_callback_t peer_service_account; - pb_callback_t local_service_account; - bool has_peer_rpc_versions; - grpc_gcp_RpcProtocolVersions peer_rpc_versions; -/* @@protoc_insertion_point(struct:grpc_gcp_AltsContext) */ -} grpc_gcp_AltsContext; - -/* Default values for struct fields */ - -/* Initializer values for message structs */ -#define grpc_gcp_AltsContext_init_default {{{NULL}, NULL}, {{NULL}, NULL}, false, (grpc_gcp_SecurityLevel)0, {{NULL}, NULL}, {{NULL}, NULL}, false, grpc_gcp_RpcProtocolVersions_init_default} -#define grpc_gcp_AltsContext_init_zero {{{NULL}, NULL}, {{NULL}, NULL}, false, (grpc_gcp_SecurityLevel)0, {{NULL}, NULL}, {{NULL}, NULL}, false, grpc_gcp_RpcProtocolVersions_init_zero} - -/* Field tags (for use in manual encoding/decoding) */ -#define grpc_gcp_AltsContext_application_protocol_tag 1 -#define grpc_gcp_AltsContext_record_protocol_tag 2 -#define grpc_gcp_AltsContext_security_level_tag 3 -#define grpc_gcp_AltsContext_peer_service_account_tag 4 -#define grpc_gcp_AltsContext_local_service_account_tag 5 -#define grpc_gcp_AltsContext_peer_rpc_versions_tag 6 - -/* Struct field encoding specification for nanopb */ -extern const pb_field_t grpc_gcp_AltsContext_fields[7]; - -/* Maximum encoded size of messages (where known) */ -/* grpc_gcp_AltsContext_size depends on runtime parameters */ - -/* Message IDs (where set with "msgid" option) */ -#ifdef PB_MSGID - -#define ALTSCONTEXT_MESSAGES \ - - -#endif - -#ifdef __cplusplus -} /* extern "C" */ -#endif -/* @@protoc_insertion_point(eof) */ - -#endif diff --git a/src/core/tsi/alts/handshaker/handshaker.pb.c b/src/core/tsi/alts/handshaker/handshaker.pb.c deleted file mode 100644 index bd992dfa4a..0000000000 --- a/src/core/tsi/alts/handshaker/handshaker.pb.c +++ /dev/null @@ -1,123 +0,0 @@ -/* Automatically generated nanopb constant definitions */ -/* Generated by nanopb-0.3.7-dev */ - -#include "src/core/tsi/alts/handshaker/handshaker.pb.h" - -/* @@protoc_insertion_point(includes) */ -#if PB_PROTO_HEADER_VERSION != 30 -#error Regenerate this file with the current version of nanopb generator. -#endif - - - -const pb_field_t grpc_gcp_Endpoint_fields[4] = { - PB_FIELD( 1, STRING , OPTIONAL, CALLBACK, FIRST, grpc_gcp_Endpoint, ip_address, ip_address, 0), - PB_FIELD( 2, INT32 , OPTIONAL, STATIC , OTHER, grpc_gcp_Endpoint, port, ip_address, 0), - PB_FIELD( 3, UENUM , OPTIONAL, STATIC , OTHER, grpc_gcp_Endpoint, protocol, port, 0), - PB_LAST_FIELD -}; - -const pb_field_t grpc_gcp_Identity_fields[3] = { - PB_FIELD( 1, STRING , OPTIONAL, CALLBACK, FIRST, grpc_gcp_Identity, service_account, service_account, 0), - PB_FIELD( 2, STRING , OPTIONAL, CALLBACK, OTHER, grpc_gcp_Identity, hostname, service_account, 0), - PB_LAST_FIELD -}; - -const pb_field_t grpc_gcp_StartClientHandshakeReq_fields[10] = { - PB_FIELD( 1, UENUM , OPTIONAL, STATIC , FIRST, grpc_gcp_StartClientHandshakeReq, handshake_security_protocol, handshake_security_protocol, 0), - PB_FIELD( 2, STRING , REPEATED, CALLBACK, OTHER, grpc_gcp_StartClientHandshakeReq, application_protocols, handshake_security_protocol, 0), - PB_FIELD( 3, STRING , REPEATED, CALLBACK, OTHER, grpc_gcp_StartClientHandshakeReq, record_protocols, application_protocols, 0), - PB_FIELD( 4, MESSAGE , REPEATED, CALLBACK, OTHER, grpc_gcp_StartClientHandshakeReq, target_identities, record_protocols, &grpc_gcp_Identity_fields), - PB_FIELD( 5, MESSAGE , OPTIONAL, STATIC , OTHER, grpc_gcp_StartClientHandshakeReq, local_identity, target_identities, &grpc_gcp_Identity_fields), - PB_FIELD( 6, MESSAGE , OPTIONAL, STATIC , OTHER, grpc_gcp_StartClientHandshakeReq, local_endpoint, local_identity, &grpc_gcp_Endpoint_fields), - PB_FIELD( 7, MESSAGE , OPTIONAL, STATIC , OTHER, grpc_gcp_StartClientHandshakeReq, remote_endpoint, local_endpoint, &grpc_gcp_Endpoint_fields), - PB_FIELD( 8, STRING , OPTIONAL, CALLBACK, OTHER, grpc_gcp_StartClientHandshakeReq, target_name, remote_endpoint, 0), - PB_FIELD( 9, MESSAGE , OPTIONAL, STATIC , OTHER, grpc_gcp_StartClientHandshakeReq, rpc_versions, target_name, &grpc_gcp_RpcProtocolVersions_fields), - PB_LAST_FIELD -}; - -const pb_field_t grpc_gcp_ServerHandshakeParameters_fields[3] = { - PB_FIELD( 1, STRING , REPEATED, CALLBACK, FIRST, grpc_gcp_ServerHandshakeParameters, record_protocols, record_protocols, 0), - PB_FIELD( 2, MESSAGE , REPEATED, CALLBACK, OTHER, grpc_gcp_ServerHandshakeParameters, local_identities, record_protocols, &grpc_gcp_Identity_fields), - PB_LAST_FIELD -}; - -const pb_field_t grpc_gcp_StartServerHandshakeReq_fields[7] = { - PB_FIELD( 1, STRING , REPEATED, CALLBACK, FIRST, grpc_gcp_StartServerHandshakeReq, application_protocols, application_protocols, 0), - PB_FIELD( 2, MESSAGE , REPEATED, STATIC , OTHER, grpc_gcp_StartServerHandshakeReq, handshake_parameters, application_protocols, &grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry_fields), - PB_FIELD( 3, BYTES , OPTIONAL, CALLBACK, OTHER, grpc_gcp_StartServerHandshakeReq, in_bytes, handshake_parameters, 0), - PB_FIELD( 4, MESSAGE , OPTIONAL, STATIC , OTHER, grpc_gcp_StartServerHandshakeReq, local_endpoint, in_bytes, &grpc_gcp_Endpoint_fields), - PB_FIELD( 5, MESSAGE , OPTIONAL, STATIC , OTHER, grpc_gcp_StartServerHandshakeReq, remote_endpoint, local_endpoint, &grpc_gcp_Endpoint_fields), - PB_FIELD( 6, MESSAGE , OPTIONAL, STATIC , OTHER, grpc_gcp_StartServerHandshakeReq, rpc_versions, remote_endpoint, &grpc_gcp_RpcProtocolVersions_fields), - PB_LAST_FIELD -}; - -const pb_field_t grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry_fields[3] = { - PB_FIELD( 1, INT32 , OPTIONAL, STATIC , FIRST, grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry, key, key, 0), - PB_FIELD( 2, MESSAGE , OPTIONAL, STATIC , OTHER, grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry, value, key, &grpc_gcp_ServerHandshakeParameters_fields), - PB_LAST_FIELD -}; - -const pb_field_t grpc_gcp_NextHandshakeMessageReq_fields[2] = { - PB_FIELD( 1, BYTES , OPTIONAL, CALLBACK, FIRST, grpc_gcp_NextHandshakeMessageReq, in_bytes, in_bytes, 0), - PB_LAST_FIELD -}; - -const pb_field_t grpc_gcp_HandshakerReq_fields[4] = { - PB_FIELD( 1, MESSAGE , OPTIONAL, STATIC , FIRST, grpc_gcp_HandshakerReq, client_start, client_start, &grpc_gcp_StartClientHandshakeReq_fields), - PB_FIELD( 2, MESSAGE , OPTIONAL, STATIC , OTHER, grpc_gcp_HandshakerReq, server_start, client_start, &grpc_gcp_StartServerHandshakeReq_fields), - PB_FIELD( 3, MESSAGE , OPTIONAL, STATIC , OTHER, grpc_gcp_HandshakerReq, next, server_start, &grpc_gcp_NextHandshakeMessageReq_fields), - PB_LAST_FIELD -}; - -const pb_field_t grpc_gcp_HandshakerResult_fields[8] = { - PB_FIELD( 1, STRING , OPTIONAL, CALLBACK, FIRST, grpc_gcp_HandshakerResult, application_protocol, application_protocol, 0), - PB_FIELD( 2, STRING , OPTIONAL, CALLBACK, OTHER, grpc_gcp_HandshakerResult, record_protocol, application_protocol, 0), - PB_FIELD( 3, BYTES , OPTIONAL, CALLBACK, OTHER, grpc_gcp_HandshakerResult, key_data, record_protocol, 0), - PB_FIELD( 4, MESSAGE , OPTIONAL, STATIC , OTHER, grpc_gcp_HandshakerResult, peer_identity, key_data, &grpc_gcp_Identity_fields), - PB_FIELD( 5, MESSAGE , OPTIONAL, STATIC , OTHER, grpc_gcp_HandshakerResult, local_identity, peer_identity, &grpc_gcp_Identity_fields), - PB_FIELD( 6, BOOL , OPTIONAL, STATIC , OTHER, grpc_gcp_HandshakerResult, keep_channel_open, local_identity, 0), - PB_FIELD( 7, MESSAGE , OPTIONAL, STATIC , OTHER, grpc_gcp_HandshakerResult, peer_rpc_versions, keep_channel_open, &grpc_gcp_RpcProtocolVersions_fields), - PB_LAST_FIELD -}; - -const pb_field_t grpc_gcp_HandshakerStatus_fields[3] = { - PB_FIELD( 1, UINT32 , OPTIONAL, STATIC , FIRST, grpc_gcp_HandshakerStatus, code, code, 0), - PB_FIELD( 2, STRING , OPTIONAL, CALLBACK, OTHER, grpc_gcp_HandshakerStatus, details, code, 0), - PB_LAST_FIELD -}; - -const pb_field_t grpc_gcp_HandshakerResp_fields[5] = { - PB_FIELD( 1, BYTES , OPTIONAL, CALLBACK, FIRST, grpc_gcp_HandshakerResp, out_frames, out_frames, 0), - PB_FIELD( 2, UINT32 , OPTIONAL, STATIC , OTHER, grpc_gcp_HandshakerResp, bytes_consumed, out_frames, 0), - PB_FIELD( 3, MESSAGE , OPTIONAL, STATIC , OTHER, grpc_gcp_HandshakerResp, result, bytes_consumed, &grpc_gcp_HandshakerResult_fields), - PB_FIELD( 4, MESSAGE , OPTIONAL, STATIC , OTHER, grpc_gcp_HandshakerResp, status, result, &grpc_gcp_HandshakerStatus_fields), - PB_LAST_FIELD -}; - - -/* Check that field information fits in pb_field_t */ -#if !defined(PB_FIELD_32BIT) -/* If you get an error here, it means that you need to define PB_FIELD_32BIT - * compile-time option. You can do that in pb.h or on compiler command line. - * - * The reason you need to do this is that some of your messages contain tag - * numbers or field sizes that are larger than what can fit in 8 or 16 bit - * field descriptors. - */ -PB_STATIC_ASSERT((pb_membersize(grpc_gcp_StartClientHandshakeReq, target_identities) < 65536 && pb_membersize(grpc_gcp_StartClientHandshakeReq, local_identity) < 65536 && pb_membersize(grpc_gcp_StartClientHandshakeReq, local_endpoint) < 65536 && pb_membersize(grpc_gcp_StartClientHandshakeReq, remote_endpoint) < 65536 && pb_membersize(grpc_gcp_StartClientHandshakeReq, rpc_versions) < 65536 && pb_membersize(grpc_gcp_ServerHandshakeParameters, local_identities) < 65536 && pb_membersize(grpc_gcp_StartServerHandshakeReq, handshake_parameters[0]) < 65536 && pb_membersize(grpc_gcp_StartServerHandshakeReq, local_endpoint) < 65536 && pb_membersize(grpc_gcp_StartServerHandshakeReq, remote_endpoint) < 65536 && pb_membersize(grpc_gcp_StartServerHandshakeReq, rpc_versions) < 65536 && pb_membersize(grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry, value) < 65536 && pb_membersize(grpc_gcp_HandshakerReq, client_start) < 65536 && pb_membersize(grpc_gcp_HandshakerReq, server_start) < 65536 && pb_membersize(grpc_gcp_HandshakerReq, next) < 65536 && pb_membersize(grpc_gcp_HandshakerResult, peer_identity) < 65536 && pb_membersize(grpc_gcp_HandshakerResult, local_identity) < 65536 && pb_membersize(grpc_gcp_HandshakerResult, peer_rpc_versions) < 65536 && pb_membersize(grpc_gcp_HandshakerResp, result) < 65536 && pb_membersize(grpc_gcp_HandshakerResp, status) < 65536), YOU_MUST_DEFINE_PB_FIELD_32BIT_FOR_MESSAGES_grpc_gcp_Endpoint_grpc_gcp_Identity_grpc_gcp_StartClientHandshakeReq_grpc_gcp_ServerHandshakeParameters_grpc_gcp_StartServerHandshakeReq_grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry_grpc_gcp_NextHandshakeMessageReq_grpc_gcp_HandshakerReq_grpc_gcp_HandshakerResult_grpc_gcp_HandshakerStatus_grpc_gcp_HandshakerResp) -#endif - -#if !defined(PB_FIELD_16BIT) && !defined(PB_FIELD_32BIT) -/* If you get an error here, it means that you need to define PB_FIELD_16BIT - * compile-time option. You can do that in pb.h or on compiler command line. - * - * The reason you need to do this is that some of your messages contain tag - * numbers or field sizes that are larger than what can fit in the default - * 8 bit descriptors. - */ -PB_STATIC_ASSERT((pb_membersize(grpc_gcp_StartClientHandshakeReq, target_identities) < 256 && pb_membersize(grpc_gcp_StartClientHandshakeReq, local_identity) < 256 && pb_membersize(grpc_gcp_StartClientHandshakeReq, local_endpoint) < 256 && pb_membersize(grpc_gcp_StartClientHandshakeReq, remote_endpoint) < 256 && pb_membersize(grpc_gcp_StartClientHandshakeReq, rpc_versions) < 256 && pb_membersize(grpc_gcp_ServerHandshakeParameters, local_identities) < 256 && pb_membersize(grpc_gcp_StartServerHandshakeReq, handshake_parameters[0]) < 256 && pb_membersize(grpc_gcp_StartServerHandshakeReq, local_endpoint) < 256 && pb_membersize(grpc_gcp_StartServerHandshakeReq, remote_endpoint) < 256 && pb_membersize(grpc_gcp_StartServerHandshakeReq, rpc_versions) < 256 && pb_membersize(grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry, value) < 256 && pb_membersize(grpc_gcp_HandshakerReq, client_start) < 256 && pb_membersize(grpc_gcp_HandshakerReq, server_start) < 256 && pb_membersize(grpc_gcp_HandshakerReq, next) < 256 && pb_membersize(grpc_gcp_HandshakerResult, peer_identity) < 256 && pb_membersize(grpc_gcp_HandshakerResult, local_identity) < 256 && pb_membersize(grpc_gcp_HandshakerResult, peer_rpc_versions) < 256 && pb_membersize(grpc_gcp_HandshakerResp, result) < 256 && pb_membersize(grpc_gcp_HandshakerResp, status) < 256), YOU_MUST_DEFINE_PB_FIELD_16BIT_FOR_MESSAGES_grpc_gcp_Endpoint_grpc_gcp_Identity_grpc_gcp_StartClientHandshakeReq_grpc_gcp_ServerHandshakeParameters_grpc_gcp_StartServerHandshakeReq_grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry_grpc_gcp_NextHandshakeMessageReq_grpc_gcp_HandshakerReq_grpc_gcp_HandshakerResult_grpc_gcp_HandshakerStatus_grpc_gcp_HandshakerResp) -#endif - - -/* @@protoc_insertion_point(eof) */ diff --git a/src/core/tsi/alts/handshaker/handshaker.pb.h b/src/core/tsi/alts/handshaker/handshaker.pb.h deleted file mode 100644 index 0805a144de..0000000000 --- a/src/core/tsi/alts/handshaker/handshaker.pb.h +++ /dev/null @@ -1,255 +0,0 @@ -/* Automatically generated nanopb header */ -/* Generated by nanopb-0.3.7-dev */ - -#ifndef PB_GRPC_GCP_HANDSHAKER_PB_H_INCLUDED -#define PB_GRPC_GCP_HANDSHAKER_PB_H_INCLUDED -#include "third_party/nanopb/pb.h" -#include "src/core/tsi/alts/handshaker/transport_security_common.pb.h" - -/* @@protoc_insertion_point(includes) */ -#if PB_PROTO_HEADER_VERSION != 30 -#error Regenerate this file with the current version of nanopb generator. -#endif - -#ifdef __cplusplus -extern "C" { -#endif - -/* Enum definitions */ -typedef enum _grpc_gcp_HandshakeProtocol { - grpc_gcp_HandshakeProtocol_HANDSHAKE_PROTOCOL_UNSPECIFIED = 0, - grpc_gcp_HandshakeProtocol_TLS = 1, - grpc_gcp_HandshakeProtocol_ALTS = 2 -} grpc_gcp_HandshakeProtocol; -#define _grpc_gcp_HandshakeProtocol_MIN grpc_gcp_HandshakeProtocol_HANDSHAKE_PROTOCOL_UNSPECIFIED -#define _grpc_gcp_HandshakeProtocol_MAX grpc_gcp_HandshakeProtocol_ALTS -#define _grpc_gcp_HandshakeProtocol_ARRAYSIZE ((grpc_gcp_HandshakeProtocol)(grpc_gcp_HandshakeProtocol_ALTS+1)) - -typedef enum _grpc_gcp_NetworkProtocol { - grpc_gcp_NetworkProtocol_NETWORK_PROTOCOL_UNSPECIFIED = 0, - grpc_gcp_NetworkProtocol_TCP = 1, - grpc_gcp_NetworkProtocol_UDP = 2 -} grpc_gcp_NetworkProtocol; -#define _grpc_gcp_NetworkProtocol_MIN grpc_gcp_NetworkProtocol_NETWORK_PROTOCOL_UNSPECIFIED -#define _grpc_gcp_NetworkProtocol_MAX grpc_gcp_NetworkProtocol_UDP -#define _grpc_gcp_NetworkProtocol_ARRAYSIZE ((grpc_gcp_NetworkProtocol)(grpc_gcp_NetworkProtocol_UDP+1)) - -/* Struct definitions */ -typedef struct _grpc_gcp_Identity { - pb_callback_t service_account; - pb_callback_t hostname; -/* @@protoc_insertion_point(struct:grpc_gcp_Identity) */ -} grpc_gcp_Identity; - -typedef struct _grpc_gcp_NextHandshakeMessageReq { - pb_callback_t in_bytes; -/* @@protoc_insertion_point(struct:grpc_gcp_NextHandshakeMessageReq) */ -} grpc_gcp_NextHandshakeMessageReq; - -typedef struct _grpc_gcp_ServerHandshakeParameters { - pb_callback_t record_protocols; - pb_callback_t local_identities; -/* @@protoc_insertion_point(struct:grpc_gcp_ServerHandshakeParameters) */ -} grpc_gcp_ServerHandshakeParameters; - -typedef struct _grpc_gcp_Endpoint { - pb_callback_t ip_address; - bool has_port; - int32_t port; - bool has_protocol; - grpc_gcp_NetworkProtocol protocol; -/* @@protoc_insertion_point(struct:grpc_gcp_Endpoint) */ -} grpc_gcp_Endpoint; - -typedef struct _grpc_gcp_HandshakerResult { - pb_callback_t application_protocol; - pb_callback_t record_protocol; - pb_callback_t key_data; - bool has_peer_identity; - grpc_gcp_Identity peer_identity; - bool has_local_identity; - grpc_gcp_Identity local_identity; - bool has_keep_channel_open; - bool keep_channel_open; - bool has_peer_rpc_versions; - grpc_gcp_RpcProtocolVersions peer_rpc_versions; -/* @@protoc_insertion_point(struct:grpc_gcp_HandshakerResult) */ -} grpc_gcp_HandshakerResult; - -typedef struct _grpc_gcp_HandshakerStatus { - bool has_code; - uint32_t code; - pb_callback_t details; -/* @@protoc_insertion_point(struct:grpc_gcp_HandshakerStatus) */ -} grpc_gcp_HandshakerStatus; - -typedef struct _grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry { - bool has_key; - int32_t key; - bool has_value; - grpc_gcp_ServerHandshakeParameters value; -/* @@protoc_insertion_point(struct:grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry) */ -} grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry; - -typedef struct _grpc_gcp_HandshakerResp { - pb_callback_t out_frames; - bool has_bytes_consumed; - uint32_t bytes_consumed; - bool has_result; - grpc_gcp_HandshakerResult result; - bool has_status; - grpc_gcp_HandshakerStatus status; -/* @@protoc_insertion_point(struct:grpc_gcp_HandshakerResp) */ -} grpc_gcp_HandshakerResp; - -typedef struct _grpc_gcp_StartClientHandshakeReq { - bool has_handshake_security_protocol; - grpc_gcp_HandshakeProtocol handshake_security_protocol; - pb_callback_t application_protocols; - pb_callback_t record_protocols; - pb_callback_t target_identities; - bool has_local_identity; - grpc_gcp_Identity local_identity; - bool has_local_endpoint; - grpc_gcp_Endpoint local_endpoint; - bool has_remote_endpoint; - grpc_gcp_Endpoint remote_endpoint; - pb_callback_t target_name; - bool has_rpc_versions; - grpc_gcp_RpcProtocolVersions rpc_versions; -/* @@protoc_insertion_point(struct:grpc_gcp_StartClientHandshakeReq) */ -} grpc_gcp_StartClientHandshakeReq; - -typedef struct _grpc_gcp_StartServerHandshakeReq { - pb_callback_t application_protocols; - pb_size_t handshake_parameters_count; - grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry handshake_parameters[3]; - pb_callback_t in_bytes; - bool has_local_endpoint; - grpc_gcp_Endpoint local_endpoint; - bool has_remote_endpoint; - grpc_gcp_Endpoint remote_endpoint; - bool has_rpc_versions; - grpc_gcp_RpcProtocolVersions rpc_versions; -/* @@protoc_insertion_point(struct:grpc_gcp_StartServerHandshakeReq) */ -} grpc_gcp_StartServerHandshakeReq; - -typedef struct _grpc_gcp_HandshakerReq { - bool has_client_start; - grpc_gcp_StartClientHandshakeReq client_start; - bool has_server_start; - grpc_gcp_StartServerHandshakeReq server_start; - bool has_next; - grpc_gcp_NextHandshakeMessageReq next; -/* @@protoc_insertion_point(struct:grpc_gcp_HandshakerReq) */ -} grpc_gcp_HandshakerReq; - -/* Default values for struct fields */ - -/* Initializer values for message structs */ -#define grpc_gcp_Endpoint_init_default {{{NULL}, NULL}, false, 0, false, (grpc_gcp_NetworkProtocol)0} -#define grpc_gcp_Identity_init_default {{{NULL}, NULL}, {{NULL}, NULL}} -#define grpc_gcp_StartClientHandshakeReq_init_default {false, (grpc_gcp_HandshakeProtocol)0, {{NULL}, NULL}, {{NULL}, NULL}, {{NULL}, NULL}, false, grpc_gcp_Identity_init_default, false, grpc_gcp_Endpoint_init_default, false, grpc_gcp_Endpoint_init_default, {{NULL}, NULL}, false, grpc_gcp_RpcProtocolVersions_init_default} -#define grpc_gcp_ServerHandshakeParameters_init_default {{{NULL}, NULL}, {{NULL}, NULL}} -#define grpc_gcp_StartServerHandshakeReq_init_default {{{NULL}, NULL}, 0, {grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry_init_default, grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry_init_default, grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry_init_default}, {{NULL}, NULL}, false, grpc_gcp_Endpoint_init_default, false, grpc_gcp_Endpoint_init_default, false, grpc_gcp_RpcProtocolVersions_init_default} -#define grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry_init_default {false, 0, false, grpc_gcp_ServerHandshakeParameters_init_default} -#define grpc_gcp_NextHandshakeMessageReq_init_default {{{NULL}, NULL}} -#define grpc_gcp_HandshakerReq_init_default {false, grpc_gcp_StartClientHandshakeReq_init_default, false, grpc_gcp_StartServerHandshakeReq_init_default, false, grpc_gcp_NextHandshakeMessageReq_init_default} -#define grpc_gcp_HandshakerResult_init_default {{{NULL}, NULL}, {{NULL}, NULL}, {{NULL}, NULL}, false, grpc_gcp_Identity_init_default, false, grpc_gcp_Identity_init_default, false, 0, false, grpc_gcp_RpcProtocolVersions_init_default} -#define grpc_gcp_HandshakerStatus_init_default {false, 0, {{NULL}, NULL}} -#define grpc_gcp_HandshakerResp_init_default {{{NULL}, NULL}, false, 0, false, grpc_gcp_HandshakerResult_init_default, false, grpc_gcp_HandshakerStatus_init_default} -#define grpc_gcp_Endpoint_init_zero {{{NULL}, NULL}, false, 0, false, (grpc_gcp_NetworkProtocol)0} -#define grpc_gcp_Identity_init_zero {{{NULL}, NULL}, {{NULL}, NULL}} -#define grpc_gcp_StartClientHandshakeReq_init_zero {false, (grpc_gcp_HandshakeProtocol)0, {{NULL}, NULL}, {{NULL}, NULL}, {{NULL}, NULL}, false, grpc_gcp_Identity_init_zero, false, grpc_gcp_Endpoint_init_zero, false, grpc_gcp_Endpoint_init_zero, {{NULL}, NULL}, false, grpc_gcp_RpcProtocolVersions_init_zero} -#define grpc_gcp_ServerHandshakeParameters_init_zero {{{NULL}, NULL}, {{NULL}, NULL}} -#define grpc_gcp_StartServerHandshakeReq_init_zero {{{NULL}, NULL}, 0, {grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry_init_zero, grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry_init_zero, grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry_init_zero}, {{NULL}, NULL}, false, grpc_gcp_Endpoint_init_zero, false, grpc_gcp_Endpoint_init_zero, false, grpc_gcp_RpcProtocolVersions_init_zero} -#define grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry_init_zero {false, 0, false, grpc_gcp_ServerHandshakeParameters_init_zero} -#define grpc_gcp_NextHandshakeMessageReq_init_zero {{{NULL}, NULL}} -#define grpc_gcp_HandshakerReq_init_zero {false, grpc_gcp_StartClientHandshakeReq_init_zero, false, grpc_gcp_StartServerHandshakeReq_init_zero, false, grpc_gcp_NextHandshakeMessageReq_init_zero} -#define grpc_gcp_HandshakerResult_init_zero {{{NULL}, NULL}, {{NULL}, NULL}, {{NULL}, NULL}, false, grpc_gcp_Identity_init_zero, false, grpc_gcp_Identity_init_zero, false, 0, false, grpc_gcp_RpcProtocolVersions_init_zero} -#define grpc_gcp_HandshakerStatus_init_zero {false, 0, {{NULL}, NULL}} -#define grpc_gcp_HandshakerResp_init_zero {{{NULL}, NULL}, false, 0, false, grpc_gcp_HandshakerResult_init_zero, false, grpc_gcp_HandshakerStatus_init_zero} - -/* Field tags (for use in manual encoding/decoding) */ -#define grpc_gcp_Identity_service_account_tag 1 -#define grpc_gcp_Identity_hostname_tag 2 -#define grpc_gcp_NextHandshakeMessageReq_in_bytes_tag 1 -#define grpc_gcp_ServerHandshakeParameters_record_protocols_tag 1 -#define grpc_gcp_ServerHandshakeParameters_local_identities_tag 2 -#define grpc_gcp_Endpoint_ip_address_tag 1 -#define grpc_gcp_Endpoint_port_tag 2 -#define grpc_gcp_Endpoint_protocol_tag 3 -#define grpc_gcp_HandshakerResult_application_protocol_tag 1 -#define grpc_gcp_HandshakerResult_record_protocol_tag 2 -#define grpc_gcp_HandshakerResult_key_data_tag 3 -#define grpc_gcp_HandshakerResult_peer_identity_tag 4 -#define grpc_gcp_HandshakerResult_local_identity_tag 5 -#define grpc_gcp_HandshakerResult_keep_channel_open_tag 6 -#define grpc_gcp_HandshakerResult_peer_rpc_versions_tag 7 -#define grpc_gcp_HandshakerStatus_code_tag 1 -#define grpc_gcp_HandshakerStatus_details_tag 2 -#define grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry_key_tag 1 -#define grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry_value_tag 2 -#define grpc_gcp_HandshakerResp_out_frames_tag 1 -#define grpc_gcp_HandshakerResp_bytes_consumed_tag 2 -#define grpc_gcp_HandshakerResp_result_tag 3 -#define grpc_gcp_HandshakerResp_status_tag 4 -#define grpc_gcp_StartClientHandshakeReq_handshake_security_protocol_tag 1 -#define grpc_gcp_StartClientHandshakeReq_application_protocols_tag 2 -#define grpc_gcp_StartClientHandshakeReq_record_protocols_tag 3 -#define grpc_gcp_StartClientHandshakeReq_target_identities_tag 4 -#define grpc_gcp_StartClientHandshakeReq_local_identity_tag 5 -#define grpc_gcp_StartClientHandshakeReq_local_endpoint_tag 6 -#define grpc_gcp_StartClientHandshakeReq_remote_endpoint_tag 7 -#define grpc_gcp_StartClientHandshakeReq_target_name_tag 8 -#define grpc_gcp_StartClientHandshakeReq_rpc_versions_tag 9 -#define grpc_gcp_StartServerHandshakeReq_application_protocols_tag 1 -#define grpc_gcp_StartServerHandshakeReq_handshake_parameters_tag 2 -#define grpc_gcp_StartServerHandshakeReq_in_bytes_tag 3 -#define grpc_gcp_StartServerHandshakeReq_local_endpoint_tag 4 -#define grpc_gcp_StartServerHandshakeReq_remote_endpoint_tag 5 -#define grpc_gcp_StartServerHandshakeReq_rpc_versions_tag 6 -#define grpc_gcp_HandshakerReq_client_start_tag 1 -#define grpc_gcp_HandshakerReq_server_start_tag 2 -#define grpc_gcp_HandshakerReq_next_tag 3 - -/* Struct field encoding specification for nanopb */ -extern const pb_field_t grpc_gcp_Endpoint_fields[4]; -extern const pb_field_t grpc_gcp_Identity_fields[3]; -extern const pb_field_t grpc_gcp_StartClientHandshakeReq_fields[10]; -extern const pb_field_t grpc_gcp_ServerHandshakeParameters_fields[3]; -extern const pb_field_t grpc_gcp_StartServerHandshakeReq_fields[7]; -extern const pb_field_t grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry_fields[3]; -extern const pb_field_t grpc_gcp_NextHandshakeMessageReq_fields[2]; -extern const pb_field_t grpc_gcp_HandshakerReq_fields[4]; -extern const pb_field_t grpc_gcp_HandshakerResult_fields[8]; -extern const pb_field_t grpc_gcp_HandshakerStatus_fields[3]; -extern const pb_field_t grpc_gcp_HandshakerResp_fields[5]; - -/* Maximum encoded size of messages (where known) */ -/* grpc_gcp_Endpoint_size depends on runtime parameters */ -/* grpc_gcp_Identity_size depends on runtime parameters */ -/* grpc_gcp_StartClientHandshakeReq_size depends on runtime parameters */ -/* grpc_gcp_ServerHandshakeParameters_size depends on runtime parameters */ -/* grpc_gcp_StartServerHandshakeReq_size depends on runtime parameters */ -#define grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry_size (17 + grpc_gcp_ServerHandshakeParameters_size) -/* grpc_gcp_NextHandshakeMessageReq_size depends on runtime parameters */ -#define grpc_gcp_HandshakerReq_size (18 + grpc_gcp_StartClientHandshakeReq_size + grpc_gcp_StartServerHandshakeReq_size + grpc_gcp_NextHandshakeMessageReq_size) -/* grpc_gcp_HandshakerResult_size depends on runtime parameters */ -/* grpc_gcp_HandshakerStatus_size depends on runtime parameters */ -/* grpc_gcp_HandshakerResp_size depends on runtime parameters */ - -/* Message IDs (where set with "msgid" option) */ -#ifdef PB_MSGID - -#define HANDSHAKER_MESSAGES \ - - -#endif - -#ifdef __cplusplus -} /* extern "C" */ -#endif -/* @@protoc_insertion_point(eof) */ - -#endif diff --git a/src/core/tsi/alts/handshaker/proto/altscontext.proto b/src/core/tsi/alts/handshaker/proto/altscontext.proto deleted file mode 100644 index d195b37e08..0000000000 --- a/src/core/tsi/alts/handshaker/proto/altscontext.proto +++ /dev/null @@ -1,41 +0,0 @@ -// Copyright 2018 gRPC authors. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -import "transport_security_common.proto"; - -package grpc.gcp; - -option java_package = "io.grpc.alts"; - -message AltsContext { - // The application protocol negotiated for this connection. - string application_protocol = 1; - - // The record protocol negotiated for this connection. - string record_protocol = 2; - - // The security level of the created secure channel. - SecurityLevel security_level = 3; - - // The peer service account. - string peer_service_account = 4; - - // The local service account. - string local_service_account = 5; - - // The RPC protocol versions supported by the peer. - RpcProtocolVersions peer_rpc_versions = 6; -} diff --git a/src/core/tsi/alts/handshaker/proto/handshaker.options b/src/core/tsi/alts/handshaker/proto/handshaker.options deleted file mode 100644 index 702ba3802a..0000000000 --- a/src/core/tsi/alts/handshaker/proto/handshaker.options +++ /dev/null @@ -1,2 +0,0 @@ -handshaker.proto no_unions:true -grpc.gcp.StartServerHandshakeReq.handshake_parameters max_count:3 diff --git a/src/core/tsi/alts/handshaker/proto/handshaker.proto b/src/core/tsi/alts/handshaker/proto/handshaker.proto deleted file mode 100644 index 46b8b09eb0..0000000000 --- a/src/core/tsi/alts/handshaker/proto/handshaker.proto +++ /dev/null @@ -1,220 +0,0 @@ -// Copyright 2018 gRPC authors. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -import "transport_security_common.proto"; - -package grpc.gcp; - -option java_package = "io.grpc.alts"; - -enum HandshakeProtocol { - // Default value. - HANDSHAKE_PROTOCOL_UNSPECIFIED = 0; - - // TLS handshake protocol. - TLS = 1; - - // Application Layer Transport Security handshake protocol. - ALTS = 2; -} - -enum NetworkProtocol { - NETWORK_PROTOCOL_UNSPECIFIED = 0; - TCP = 1; - UDP = 2; -} - -message Endpoint { - // IP address. It should contain an IPv4 or IPv6 string literal, e.g. - // "192.168.0.1" or "2001:db8::1". - string ip_address = 1; - - // Port number. - int32 port = 2; - - // Network protocol (e.g., TCP, UDP) associated with this endpoint. - NetworkProtocol protocol = 3; -} - -message Identity { - oneof identity_oneof { - // Service account of a connection endpoint. - string service_account = 1; - - // Hostname of a connection endpoint. - string hostname = 2; - } -} - -message StartClientHandshakeReq { - // Handshake security protocol requested by the client. - HandshakeProtocol handshake_security_protocol = 1; - - // The application protocols supported by the client, e.g., "h2" (for http2), - // "grpc". - repeated string application_protocols = 2; - - // The record protocols supported by the client, e.g., - // "ALTSRP_GCM_AES128". - repeated string record_protocols = 3; - - // (Optional) Describes which server identities are acceptable by the client. - // If target identities are provided and none of them matches the peer - // identity of the server, handshake will fail. - repeated Identity target_identities = 4; - - // (Optional) Application may specify a local identity. Otherwise, the - // handshaker chooses a default local identity. - Identity local_identity = 5; - - // (Optional) Local endpoint information of the connection to the server, - // such as local IP address, port number, and network protocol. - Endpoint local_endpoint = 6; - - // (Optional) Endpoint information of the remote server, such as IP address, - // port number, and network protocool. - Endpoint remote_endpoint = 7; - - // (Optional) If target name is provided, a secure naming check is performed - // to verify that the peer authenticated identity is indeed authorized to run - // the target name. - string target_name = 8; - - // (Optional) RPC protocol versions supported by the client. - RpcProtocolVersions rpc_versions = 9; -} - -message ServerHandshakeParameters { - // The record protocols supported by the server, e.g., - // "ALTSRP_GCM_AES128". - repeated string record_protocols = 1; - - // (Optional) A list of local identities supported by the server, if - // specified. Otherwise, the handshaker chooses a default local identity. - repeated Identity local_identities = 2; -} - -message StartServerHandshakeReq { - // The application protocols supported by the server, e.g., "h2" (for http2), - // "grpc". - repeated string application_protocols = 1; - - // Handshake parameters (record protocols and local identities supported by - // the server) mapped by the handshake protocol. Each handshake security - // protocol (e.g., TLS or ALTS) has its own set of record protocols and local - // identities. Since protobuf does not support enum as key to the map, the key - // to handshake_parameters is the integer value of HandshakeProtocol enum. - map<int32, ServerHandshakeParameters> handshake_parameters = 2; - - // Bytes in out_frames returned from the peer's HandshakerResp. It is possible - // that the peer's out_frames are split into multiple HandshakReq messages. - bytes in_bytes = 3; - - // (Optional) Local endpoint information of the connection to the client, - // such as local IP address, port number, and network protocol. - Endpoint local_endpoint = 4; - - // (Optional) Endpoint information of the remote client, such as IP address, - // port number, and network protocool. - Endpoint remote_endpoint = 5; - - // (Optional) RPC protocol versions supported by the server. - RpcProtocolVersions rpc_versions = 6; -} - -message NextHandshakeMessageReq { - // Bytes in out_frames returned from the peer's HandshakerResp. It is possible - // that the peer's out_frames are split into multiple NextHandshakerMessageReq - // messages. - bytes in_bytes = 1; -} - -message HandshakerReq { - oneof req_oneof { - // The start client handshake request message. - StartClientHandshakeReq client_start = 1; - - // The start server handshake request message. - StartServerHandshakeReq server_start = 2; - - // The next handshake request message. - NextHandshakeMessageReq next = 3; - } -} - -message HandshakerResult { - // The application protocol negotiated for this connection. - string application_protocol = 1; - - // The record protocol negotiated for this connection. - string record_protocol = 2; - - // Cryptographic key data. The key data may be more than the key length - // required for the record protocol, thus the client of the handshaker - // service needs to truncate the key data into the right key length. - bytes key_data = 3; - - // The authenticated identity of the peer. - Identity peer_identity = 4; - - // The local identity used in the handshake. - Identity local_identity = 5; - - // Indicate whether the handshaker service client should keep the channel - // between the handshaker service open, e.g., in order to handle - // post-handshake messages in the future. - bool keep_channel_open = 6; - - // The RPC protocol versions supported by the peer. - RpcProtocolVersions peer_rpc_versions = 7; -} - -message HandshakerStatus { - // The status code. This could be the gRPC status code. - uint32 code = 1; - - // The status details. - string details = 2; -} - -message HandshakerResp { - // Frames to be given to the peer for the NextHandshakeMessageReq. May be - // empty if no out_frames have to be sent to the peer or if in_bytes in the - // HandshakerReq are incomplete. All the non-empty out frames must be sent to - // the peer even if the handshaker status is not OK as these frames may - // contain the alert frames. - bytes out_frames = 1; - - // Number of bytes in the in_bytes consumed by the handshaker. It is possible - // that part of in_bytes in HandshakerReq was unrelated to the handshake - // process. - uint32 bytes_consumed = 2; - - // This is set iff the handshake was successful. out_frames may still be set - // to frames that needs to be forwarded to the peer. - HandshakerResult result = 3; - - // Status of the handshaker. - HandshakerStatus status = 4; -} - -service HandshakerService { - // Accepts a stream of handshaker request, returning a stream of handshaker - // response. - rpc DoHandshake(stream HandshakerReq) - returns (stream HandshakerResp) { - } -} diff --git a/src/core/tsi/alts/handshaker/proto/transport_security_common.proto b/src/core/tsi/alts/handshaker/proto/transport_security_common.proto deleted file mode 100644 index 41983ab9f9..0000000000 --- a/src/core/tsi/alts/handshaker/proto/transport_security_common.proto +++ /dev/null @@ -1,40 +0,0 @@ -// Copyright 2018 gRPC authors. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package grpc.gcp; - -option java_package = "io.grpc.alts"; - -// The security level of the created channel. The list is sorted in increasing -// level of security. This order must always be maintained. -enum SecurityLevel { - SECURITY_NONE = 0; - INTEGRITY_ONLY = 1; - INTEGRITY_AND_PRIVACY = 2; -} - -// Max and min supported RPC protocol versions. -message RpcProtocolVersions { - // RPC version contains a major version and a minor version. - message Version { - uint32 major = 1; - uint32 minor = 2; - } - // Maximum supported RPC version. - Version max_rpc_version = 1; - // Minimum supported RPC version. - Version min_rpc_version = 2; -} diff --git a/src/core/tsi/alts/handshaker/transport_security_common.pb.c b/src/core/tsi/alts/handshaker/transport_security_common.pb.c deleted file mode 100644 index 6063c7625e..0000000000 --- a/src/core/tsi/alts/handshaker/transport_security_common.pb.c +++ /dev/null @@ -1,50 +0,0 @@ -/* Automatically generated nanopb constant definitions */ -/* Generated by nanopb-0.3.7-dev */ - -#include "src/core/tsi/alts/handshaker/transport_security_common.pb.h" - -/* @@protoc_insertion_point(includes) */ -#if PB_PROTO_HEADER_VERSION != 30 -#error Regenerate this file with the current version of nanopb generator. -#endif - - - -const pb_field_t grpc_gcp_RpcProtocolVersions_fields[3] = { - PB_FIELD( 1, MESSAGE , OPTIONAL, STATIC , FIRST, grpc_gcp_RpcProtocolVersions, max_rpc_version, max_rpc_version, &grpc_gcp_RpcProtocolVersions_Version_fields), - PB_FIELD( 2, MESSAGE , OPTIONAL, STATIC , OTHER, grpc_gcp_RpcProtocolVersions, min_rpc_version, max_rpc_version, &grpc_gcp_RpcProtocolVersions_Version_fields), - PB_LAST_FIELD -}; - -const pb_field_t grpc_gcp_RpcProtocolVersions_Version_fields[3] = { - PB_FIELD( 1, UINT32 , OPTIONAL, STATIC , FIRST, grpc_gcp_RpcProtocolVersions_Version, major, major, 0), - PB_FIELD( 2, UINT32 , OPTIONAL, STATIC , OTHER, grpc_gcp_RpcProtocolVersions_Version, minor, major, 0), - PB_LAST_FIELD -}; - - -/* Check that field information fits in pb_field_t */ -#if !defined(PB_FIELD_32BIT) -/* If you get an error here, it means that you need to define PB_FIELD_32BIT - * compile-time option. You can do that in pb.h or on compiler command line. - * - * The reason you need to do this is that some of your messages contain tag - * numbers or field sizes that are larger than what can fit in 8 or 16 bit - * field descriptors. - */ -PB_STATIC_ASSERT((pb_membersize(grpc_gcp_RpcProtocolVersions, max_rpc_version) < 65536 && pb_membersize(grpc_gcp_RpcProtocolVersions, min_rpc_version) < 65536), YOU_MUST_DEFINE_PB_FIELD_32BIT_FOR_MESSAGES_grpc_gcp_RpcProtocolVersions_grpc_gcp_RpcProtocolVersions_Version) -#endif - -#if !defined(PB_FIELD_16BIT) && !defined(PB_FIELD_32BIT) -/* If you get an error here, it means that you need to define PB_FIELD_16BIT - * compile-time option. You can do that in pb.h or on compiler command line. - * - * The reason you need to do this is that some of your messages contain tag - * numbers or field sizes that are larger than what can fit in the default - * 8 bit descriptors. - */ -PB_STATIC_ASSERT((pb_membersize(grpc_gcp_RpcProtocolVersions, max_rpc_version) < 256 && pb_membersize(grpc_gcp_RpcProtocolVersions, min_rpc_version) < 256), YOU_MUST_DEFINE_PB_FIELD_16BIT_FOR_MESSAGES_grpc_gcp_RpcProtocolVersions_grpc_gcp_RpcProtocolVersions_Version) -#endif - - -/* @@protoc_insertion_point(eof) */ diff --git a/src/core/tsi/alts/handshaker/transport_security_common.pb.h b/src/core/tsi/alts/handshaker/transport_security_common.pb.h deleted file mode 100644 index 49096dffa3..0000000000 --- a/src/core/tsi/alts/handshaker/transport_security_common.pb.h +++ /dev/null @@ -1,78 +0,0 @@ -/* Automatically generated nanopb header */ -/* Generated by nanopb-0.3.7-dev */ - -#ifndef PB_GRPC_GCP_TRANSPORT_SECURITY_COMMON_PB_H_INCLUDED -#define PB_GRPC_GCP_TRANSPORT_SECURITY_COMMON_PB_H_INCLUDED -#include "third_party/nanopb/pb.h" -/* @@protoc_insertion_point(includes) */ -#if PB_PROTO_HEADER_VERSION != 30 -#error Regenerate this file with the current version of nanopb generator. -#endif - -#ifdef __cplusplus -extern "C" { -#endif - -/* Enum definitions */ -typedef enum _grpc_gcp_SecurityLevel { - grpc_gcp_SecurityLevel_SECURITY_NONE = 0, - grpc_gcp_SecurityLevel_INTEGRITY_ONLY = 1, - grpc_gcp_SecurityLevel_INTEGRITY_AND_PRIVACY = 2 -} grpc_gcp_SecurityLevel; -#define _grpc_gcp_SecurityLevel_MIN grpc_gcp_SecurityLevel_SECURITY_NONE -#define _grpc_gcp_SecurityLevel_MAX grpc_gcp_SecurityLevel_INTEGRITY_AND_PRIVACY -#define _grpc_gcp_SecurityLevel_ARRAYSIZE ((grpc_gcp_SecurityLevel)(grpc_gcp_SecurityLevel_INTEGRITY_AND_PRIVACY+1)) - -/* Struct definitions */ -typedef struct _grpc_gcp_RpcProtocolVersions_Version { - bool has_major; - uint32_t major; - bool has_minor; - uint32_t minor; -/* @@protoc_insertion_point(struct:grpc_gcp_RpcProtocolVersions_Version) */ -} grpc_gcp_RpcProtocolVersions_Version; - -typedef struct _grpc_gcp_RpcProtocolVersions { - bool has_max_rpc_version; - grpc_gcp_RpcProtocolVersions_Version max_rpc_version; - bool has_min_rpc_version; - grpc_gcp_RpcProtocolVersions_Version min_rpc_version; -/* @@protoc_insertion_point(struct:grpc_gcp_RpcProtocolVersions) */ -} grpc_gcp_RpcProtocolVersions; - -/* Default values for struct fields */ - -/* Initializer values for message structs */ -#define grpc_gcp_RpcProtocolVersions_init_default {false, grpc_gcp_RpcProtocolVersions_Version_init_default, false, grpc_gcp_RpcProtocolVersions_Version_init_default} -#define grpc_gcp_RpcProtocolVersions_Version_init_default {false, 0, false, 0} -#define grpc_gcp_RpcProtocolVersions_init_zero {false, grpc_gcp_RpcProtocolVersions_Version_init_zero, false, grpc_gcp_RpcProtocolVersions_Version_init_zero} -#define grpc_gcp_RpcProtocolVersions_Version_init_zero {false, 0, false, 0} - -/* Field tags (for use in manual encoding/decoding) */ -#define grpc_gcp_RpcProtocolVersions_Version_major_tag 1 -#define grpc_gcp_RpcProtocolVersions_Version_minor_tag 2 -#define grpc_gcp_RpcProtocolVersions_max_rpc_version_tag 1 -#define grpc_gcp_RpcProtocolVersions_min_rpc_version_tag 2 - -/* Struct field encoding specification for nanopb */ -extern const pb_field_t grpc_gcp_RpcProtocolVersions_fields[3]; -extern const pb_field_t grpc_gcp_RpcProtocolVersions_Version_fields[3]; - -/* Maximum encoded size of messages (where known) */ -#define grpc_gcp_RpcProtocolVersions_size 28 -#define grpc_gcp_RpcProtocolVersions_Version_size 12 - -/* Message IDs (where set with "msgid" option) */ -#ifdef PB_MSGID - -#define TRANSPORT_SECURITY_COMMON_MESSAGES \ - - -#endif - -#ifdef __cplusplus -} /* extern "C" */ -#endif -/* @@protoc_insertion_point(eof) */ - -#endif diff --git a/src/core/tsi/alts/handshaker/transport_security_common_api.cc b/src/core/tsi/alts/handshaker/transport_security_common_api.cc deleted file mode 100644 index 8a7edb53d4..0000000000 --- a/src/core/tsi/alts/handshaker/transport_security_common_api.cc +++ /dev/null @@ -1,196 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <grpc/support/port_platform.h> - -#include "src/core/tsi/alts/handshaker/transport_security_common_api.h" - -bool grpc_gcp_rpc_protocol_versions_set_max( - grpc_gcp_rpc_protocol_versions* versions, uint32_t max_major, - uint32_t max_minor) { - if (versions == nullptr) { - gpr_log(GPR_ERROR, - "versions is nullptr in " - "grpc_gcp_rpc_protocol_versions_set_max()."); - return false; - } - versions->has_max_rpc_version = true; - versions->max_rpc_version.has_major = true; - versions->max_rpc_version.has_minor = true; - versions->max_rpc_version.major = max_major; - versions->max_rpc_version.minor = max_minor; - return true; -} - -bool grpc_gcp_rpc_protocol_versions_set_min( - grpc_gcp_rpc_protocol_versions* versions, uint32_t min_major, - uint32_t min_minor) { - if (versions == nullptr) { - gpr_log(GPR_ERROR, - "versions is nullptr in " - "grpc_gcp_rpc_protocol_versions_set_min()."); - return false; - } - versions->has_min_rpc_version = true; - versions->min_rpc_version.has_major = true; - versions->min_rpc_version.has_minor = true; - versions->min_rpc_version.major = min_major; - versions->min_rpc_version.minor = min_minor; - return true; -} - -size_t grpc_gcp_rpc_protocol_versions_encode_length( - const grpc_gcp_rpc_protocol_versions* versions) { - if (versions == nullptr) { - gpr_log(GPR_ERROR, - "Invalid nullptr arguments to " - "grpc_gcp_rpc_protocol_versions_encode_length()."); - return 0; - } - pb_ostream_t size_stream; - memset(&size_stream, 0, sizeof(pb_ostream_t)); - if (!pb_encode(&size_stream, grpc_gcp_RpcProtocolVersions_fields, versions)) { - gpr_log(GPR_ERROR, "nanopb error: %s", PB_GET_ERROR(&size_stream)); - return 0; - } - return size_stream.bytes_written; -} - -bool grpc_gcp_rpc_protocol_versions_encode_to_raw_bytes( - const grpc_gcp_rpc_protocol_versions* versions, uint8_t* bytes, - size_t bytes_length) { - if (versions == nullptr || bytes == nullptr || bytes_length == 0) { - gpr_log(GPR_ERROR, - "Invalid nullptr arguments to " - "grpc_gcp_rpc_protocol_versions_encode_to_raw_bytes()."); - return false; - } - pb_ostream_t output_stream = pb_ostream_from_buffer(bytes, bytes_length); - if (!pb_encode(&output_stream, grpc_gcp_RpcProtocolVersions_fields, - versions)) { - gpr_log(GPR_ERROR, "nanopb error: %s", PB_GET_ERROR(&output_stream)); - return false; - } - return true; -} - -bool grpc_gcp_rpc_protocol_versions_encode( - const grpc_gcp_rpc_protocol_versions* versions, grpc_slice* slice) { - if (versions == nullptr || slice == nullptr) { - gpr_log(GPR_ERROR, - "Invalid nullptr arguments to " - "grpc_gcp_rpc_protocol_versions_encode()."); - return false; - } - size_t encoded_length = - grpc_gcp_rpc_protocol_versions_encode_length(versions); - if (encoded_length == 0) return false; - *slice = grpc_slice_malloc(encoded_length); - return grpc_gcp_rpc_protocol_versions_encode_to_raw_bytes( - versions, GRPC_SLICE_START_PTR(*slice), encoded_length); -} - -bool grpc_gcp_rpc_protocol_versions_decode( - grpc_slice slice, grpc_gcp_rpc_protocol_versions* versions) { - if (versions == nullptr) { - gpr_log(GPR_ERROR, - "version is nullptr in " - "grpc_gcp_rpc_protocol_versions_decode()."); - return false; - } - pb_istream_t stream = pb_istream_from_buffer(GRPC_SLICE_START_PTR(slice), - GRPC_SLICE_LENGTH(slice)); - if (!pb_decode(&stream, grpc_gcp_RpcProtocolVersions_fields, versions)) { - gpr_log(GPR_ERROR, "nanopb error: %s", PB_GET_ERROR(&stream)); - return false; - } - return true; -} - -bool grpc_gcp_rpc_protocol_versions_copy( - const grpc_gcp_rpc_protocol_versions* src, - grpc_gcp_rpc_protocol_versions* dst) { - if ((src == nullptr && dst != nullptr) || - (src != nullptr && dst == nullptr)) { - gpr_log(GPR_ERROR, - "Invalid arguments to " - "grpc_gcp_rpc_protocol_versions_copy()."); - return false; - } - if (src == nullptr) { - return true; - } - grpc_gcp_rpc_protocol_versions_set_max(dst, src->max_rpc_version.major, - src->max_rpc_version.minor); - grpc_gcp_rpc_protocol_versions_set_min(dst, src->min_rpc_version.major, - src->min_rpc_version.minor); - return true; -} - -namespace grpc_core { -namespace internal { - -int grpc_gcp_rpc_protocol_version_compare( - const grpc_gcp_rpc_protocol_versions_version* v1, - const grpc_gcp_rpc_protocol_versions_version* v2) { - if ((v1->major > v2->major) || - (v1->major == v2->major && v1->minor > v2->minor)) { - return 1; - } - if ((v1->major < v2->major) || - (v1->major == v2->major && v1->minor < v2->minor)) { - return -1; - } - return 0; -} - -} // namespace internal -} // namespace grpc_core - -bool grpc_gcp_rpc_protocol_versions_check( - const grpc_gcp_rpc_protocol_versions* local_versions, - const grpc_gcp_rpc_protocol_versions* peer_versions, - grpc_gcp_rpc_protocol_versions_version* highest_common_version) { - if (local_versions == nullptr || peer_versions == nullptr) { - gpr_log(GPR_ERROR, - "Invalid arguments to " - "grpc_gcp_rpc_protocol_versions_check()."); - return false; - } - /* max_common_version is MIN(local.max, peer.max) */ - const grpc_gcp_rpc_protocol_versions_version* max_common_version = - grpc_core::internal::grpc_gcp_rpc_protocol_version_compare( - &local_versions->max_rpc_version, &peer_versions->max_rpc_version) > 0 - ? &peer_versions->max_rpc_version - : &local_versions->max_rpc_version; - /* min_common_version is MAX(local.min, peer.min) */ - const grpc_gcp_rpc_protocol_versions_version* min_common_version = - grpc_core::internal::grpc_gcp_rpc_protocol_version_compare( - &local_versions->min_rpc_version, &peer_versions->min_rpc_version) > 0 - ? &local_versions->min_rpc_version - : &peer_versions->min_rpc_version; - bool result = grpc_core::internal::grpc_gcp_rpc_protocol_version_compare( - max_common_version, min_common_version) >= 0 - ? true - : false; - if (result && highest_common_version != nullptr) { - memcpy(highest_common_version, max_common_version, - sizeof(grpc_gcp_rpc_protocol_versions_version)); - } - return result; -} diff --git a/src/core/tsi/alts/handshaker/transport_security_common_api.h b/src/core/tsi/alts/handshaker/transport_security_common_api.h deleted file mode 100644 index 68228cb3b5..0000000000 --- a/src/core/tsi/alts/handshaker/transport_security_common_api.h +++ /dev/null @@ -1,163 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef GRPC_CORE_TSI_ALTS_HANDSHAKER_TRANSPORT_SECURITY_COMMON_API_H -#define GRPC_CORE_TSI_ALTS_HANDSHAKER_TRANSPORT_SECURITY_COMMON_API_H - -#include <grpc/support/port_platform.h> - -#include "third_party/nanopb/pb_decode.h" -#include "third_party/nanopb/pb_encode.h" - -#include <grpc/slice.h> -#include <grpc/slice_buffer.h> -#include <grpc/support/alloc.h> -#include <grpc/support/log.h> - -#include "src/core/tsi/alts/handshaker/transport_security_common.pb.h" - -typedef grpc_gcp_RpcProtocolVersions grpc_gcp_rpc_protocol_versions; - -typedef grpc_gcp_RpcProtocolVersions_Version - grpc_gcp_rpc_protocol_versions_version; - -/** - * This method sets the value for max_rpc_versions field of rpc protocol - * versions. - * - * - versions: an rpc protocol version instance. - * - max_major: a major version of maximum supported RPC version. - * - max_minor: a minor version of maximum supported RPC version. - * - * The method returns true on success and false otherwise. - */ -bool grpc_gcp_rpc_protocol_versions_set_max( - grpc_gcp_rpc_protocol_versions* versions, uint32_t max_major, - uint32_t max_minor); - -/** - * This method sets the value for min_rpc_versions field of rpc protocol - * versions. - * - * - versions: an rpc protocol version instance. - * - min_major: a major version of minimum supported RPC version. - * - min_minor: a minor version of minimum supported RPC version. - * - * The method returns true on success and false otherwise. - */ -bool grpc_gcp_rpc_protocol_versions_set_min( - grpc_gcp_rpc_protocol_versions* versions, uint32_t min_major, - uint32_t min_minor); - -/** - * This method computes serialized byte length of rpc protocol versions. - * - * - versions: an rpc protocol versions instance. - * - * The method returns serialized byte length. It returns 0 on failure. - */ -size_t grpc_gcp_rpc_protocol_versions_encode_length( - const grpc_gcp_rpc_protocol_versions* versions); - -/** - * This method serializes rpc protocol versions and writes the result to - * the memory buffer provided by the caller. Caller is responsible for - * allocating sufficient memory to store the serialized data. - * - * - versions: an rpc protocol versions instance. - * - bytes: bytes buffer where the result will be written to. - * - bytes_length: length of the bytes buffer. - * - * The method returns true on success and false otherwise. - */ -bool grpc_gcp_rpc_protocol_versions_encode_to_raw_bytes( - const grpc_gcp_rpc_protocol_versions* versions, uint8_t* bytes, - size_t bytes_length); - -/** - * This method serializes an rpc protocol version and returns serialized rpc - * versions in grpc slice. - * - * - versions: an rpc protocol versions instance. - * - slice: grpc slice where the serialized result will be written. - * - * The method returns true on success and false otherwise. - */ -bool grpc_gcp_rpc_protocol_versions_encode( - const grpc_gcp_rpc_protocol_versions* versions, grpc_slice* slice); - -/** - * This method de-serializes input in grpc slice form and stores the result - * in rpc protocol versions. - * - * - slice: a data stream containing a serialized rpc protocol version. - * - versions: an rpc protocol version instance used to hold de-serialized - * result. - * - * The method returns true on success and false otherwise. - */ -bool grpc_gcp_rpc_protocol_versions_decode( - grpc_slice slice, grpc_gcp_rpc_protocol_versions* versions); - -/** - * This method performs a deep copy operation on rpc protocol versions - * instance. - * - * - src: rpc protocol versions instance that needs to be copied. - * - dst: rpc protocol versions instance that stores the copied result. - * - * The method returns true on success and false otherwise. - */ -bool grpc_gcp_rpc_protocol_versions_copy( - const grpc_gcp_rpc_protocol_versions* src, - grpc_gcp_rpc_protocol_versions* dst); - -/** - * This method performs a version check between local and peer rpc protocol - * versions. - * - * - local_versions: local rpc protocol versions instance. - * - peer_versions: peer rpc protocol versions instance. - * - highest_common_version: an output parameter that will store the highest - * common rpc protocol version both parties agreed on. - * - * The method returns true if the check passes which means both parties agreed - * on a common rpc protocol to use, and false otherwise. - */ -bool grpc_gcp_rpc_protocol_versions_check( - const grpc_gcp_rpc_protocol_versions* local_versions, - const grpc_gcp_rpc_protocol_versions* peer_versions, - grpc_gcp_rpc_protocol_versions_version* highest_common_version); - -namespace grpc_core { -namespace internal { - -/** - * Exposed for testing only. - * The method returns 0 if v1 = v2, - * returns 1 if v1 > v2, - * returns -1 if v1 < v2. - */ -int grpc_gcp_rpc_protocol_version_compare( - const grpc_gcp_rpc_protocol_versions_version* v1, - const grpc_gcp_rpc_protocol_versions_version* v2); - -} // namespace internal -} // namespace grpc_core - -#endif /* GRPC_CORE_TSI_ALTS_HANDSHAKER_TRANSPORT_SECURITY_COMMON_API_H */ diff --git a/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc b/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc deleted file mode 100644 index 7ba03eb7f0..0000000000 --- a/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc +++ /dev/null @@ -1,180 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <grpc/support/port_platform.h> - -#include "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h" - -#include <grpc/support/alloc.h> -#include <grpc/support/log.h> - -#include "src/core/lib/slice/slice_internal.h" -#include "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h" -#include "src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h" - -/* Main struct for alts_grpc_integrity_only_record_protocol. */ -typedef struct alts_grpc_integrity_only_record_protocol { - alts_grpc_record_protocol base; - grpc_slice_buffer data_sb; - unsigned char* tag_buf; -} alts_grpc_integrity_only_record_protocol; - -/* --- alts_grpc_record_protocol methods implementation. --- */ - -static tsi_result alts_grpc_integrity_only_protect( - alts_grpc_record_protocol* rp, grpc_slice_buffer* unprotected_slices, - grpc_slice_buffer* protected_slices) { - /* Input sanity check. */ - if (rp == nullptr || unprotected_slices == nullptr || - protected_slices == nullptr) { - gpr_log(GPR_ERROR, - "Invalid nullptr arguments to alts_grpc_record_protocol protect."); - return TSI_INVALID_ARGUMENT; - } - /* Allocates memory for header and tag slices. */ - grpc_slice header_slice = GRPC_SLICE_MALLOC(rp->header_length); - grpc_slice tag_slice = GRPC_SLICE_MALLOC(rp->tag_length); - /* Calls alts_iovec_record_protocol protect. */ - char* error_details = nullptr; - iovec_t header_iovec = {GRPC_SLICE_START_PTR(header_slice), - GRPC_SLICE_LENGTH(header_slice)}; - iovec_t tag_iovec = {GRPC_SLICE_START_PTR(tag_slice), - GRPC_SLICE_LENGTH(tag_slice)}; - alts_grpc_record_protocol_convert_slice_buffer_to_iovec(rp, - unprotected_slices); - grpc_status_code status = alts_iovec_record_protocol_integrity_only_protect( - rp->iovec_rp, rp->iovec_buf, unprotected_slices->count, header_iovec, - tag_iovec, &error_details); - if (status != GRPC_STATUS_OK) { - gpr_log(GPR_ERROR, "Failed to protect, %s", error_details); - gpr_free(error_details); - return TSI_INTERNAL_ERROR; - } - /* Appends result to protected_slices. */ - grpc_slice_buffer_add(protected_slices, header_slice); - grpc_slice_buffer_move_into(unprotected_slices, protected_slices); - grpc_slice_buffer_add(protected_slices, tag_slice); - return TSI_OK; -} - -static tsi_result alts_grpc_integrity_only_unprotect( - alts_grpc_record_protocol* rp, grpc_slice_buffer* protected_slices, - grpc_slice_buffer* unprotected_slices) { - /* Input sanity check. */ - if (rp == nullptr || protected_slices == nullptr || - unprotected_slices == nullptr) { - gpr_log( - GPR_ERROR, - "Invalid nullptr arguments to alts_grpc_record_protocol unprotect."); - return TSI_INVALID_ARGUMENT; - } - if (protected_slices->length < rp->header_length + rp->tag_length) { - gpr_log(GPR_ERROR, "Protected slices do not have sufficient data."); - return TSI_INVALID_ARGUMENT; - } - /* In this method, rp points to alts_grpc_record_protocol struct - * and integrity_only_record_protocol points to - * alts_grpc_integrity_only_record_protocol struct. */ - alts_grpc_integrity_only_record_protocol* integrity_only_record_protocol = - reinterpret_cast<alts_grpc_integrity_only_record_protocol*>(rp); - /* Strips frame header from protected slices. */ - grpc_slice_buffer_reset_and_unref_internal(&rp->header_sb); - grpc_slice_buffer_move_first(protected_slices, rp->header_length, - &rp->header_sb); - GPR_ASSERT(rp->header_sb.length == rp->header_length); - iovec_t header_iovec = alts_grpc_record_protocol_get_header_iovec(rp); - /* Moves protected slices data to data_sb and leaves the remaining tag. */ - grpc_slice_buffer_reset_and_unref_internal( - &integrity_only_record_protocol->data_sb); - grpc_slice_buffer_move_first(protected_slices, - protected_slices->length - rp->tag_length, - &integrity_only_record_protocol->data_sb); - GPR_ASSERT(protected_slices->length == rp->tag_length); - iovec_t tag_iovec = {nullptr, rp->tag_length}; - if (protected_slices->count == 1) { - tag_iovec.iov_base = GRPC_SLICE_START_PTR(protected_slices->slices[0]); - } else { - /* Frame tag is in multiple slices, copies the tag bytes from slice - * buffer to a single flat buffer. */ - alts_grpc_record_protocol_copy_slice_buffer( - protected_slices, integrity_only_record_protocol->tag_buf); - tag_iovec.iov_base = integrity_only_record_protocol->tag_buf; - } - /* Calls alts_iovec_record_protocol unprotect. */ - char* error_details = nullptr; - alts_grpc_record_protocol_convert_slice_buffer_to_iovec( - rp, &integrity_only_record_protocol->data_sb); - grpc_status_code status = alts_iovec_record_protocol_integrity_only_unprotect( - rp->iovec_rp, rp->iovec_buf, - integrity_only_record_protocol->data_sb.count, header_iovec, tag_iovec, - &error_details); - if (status != GRPC_STATUS_OK) { - gpr_log(GPR_ERROR, "Failed to unprotect, %s", error_details); - gpr_free(error_details); - return TSI_INTERNAL_ERROR; - } - grpc_slice_buffer_reset_and_unref_internal(&rp->header_sb); - grpc_slice_buffer_reset_and_unref_internal(protected_slices); - grpc_slice_buffer_move_into(&integrity_only_record_protocol->data_sb, - unprotected_slices); - return TSI_OK; -} - -static void alts_grpc_integrity_only_destruct(alts_grpc_record_protocol* rp) { - if (rp == nullptr) { - return; - } - alts_grpc_integrity_only_record_protocol* integrity_only_rp = - reinterpret_cast<alts_grpc_integrity_only_record_protocol*>(rp); - grpc_slice_buffer_destroy_internal(&integrity_only_rp->data_sb); - gpr_free(integrity_only_rp->tag_buf); -} - -static const alts_grpc_record_protocol_vtable - alts_grpc_integrity_only_record_protocol_vtable = { - alts_grpc_integrity_only_protect, alts_grpc_integrity_only_unprotect, - alts_grpc_integrity_only_destruct}; - -tsi_result alts_grpc_integrity_only_record_protocol_create( - gsec_aead_crypter* crypter, size_t overflow_size, bool is_client, - bool is_protect, alts_grpc_record_protocol** rp) { - if (crypter == nullptr || rp == nullptr) { - gpr_log(GPR_ERROR, - "Invalid nullptr arguments to alts_grpc_record_protocol create."); - return TSI_INVALID_ARGUMENT; - } - alts_grpc_integrity_only_record_protocol* impl = - static_cast<alts_grpc_integrity_only_record_protocol*>( - gpr_zalloc(sizeof(alts_grpc_integrity_only_record_protocol))); - /* Calls alts_grpc_record_protocol init. */ - tsi_result result = alts_grpc_record_protocol_init( - &impl->base, crypter, overflow_size, is_client, - /*is_integrity_only=*/true, is_protect); - if (result != TSI_OK) { - gpr_free(impl); - return result; - } - /* Initializes slice buffer for data_sb. */ - grpc_slice_buffer_init(&impl->data_sb); - /* Allocates tag buffer. */ - impl->tag_buf = - static_cast<unsigned char*>(gpr_malloc(impl->base.tag_length)); - impl->base.vtable = &alts_grpc_integrity_only_record_protocol_vtable; - *rp = &impl->base; - return TSI_OK; -} diff --git a/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h b/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h deleted file mode 100644 index 8d68b27e07..0000000000 --- a/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h +++ /dev/null @@ -1,52 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef GRPC_CORE_TSI_ALTS_ZERO_COPY_FRAME_PROTECTOR_ALTS_GRPC_INTEGRITY_ONLY_RECORD_PROTOCOL_H -#define GRPC_CORE_TSI_ALTS_ZERO_COPY_FRAME_PROTECTOR_ALTS_GRPC_INTEGRITY_ONLY_RECORD_PROTOCOL_H - -#include <grpc/support/port_platform.h> - -#include <stdbool.h> - -#include "src/core/tsi/alts/crypt/gsec.h" -#include "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h" - -/** - * This method creates an integrity-only alts_grpc_record_protocol instance, - * given a gsec_aead_crypter instance and a flag indicating if the created - * instance will be used at the client or server side. The ownership of - * gsec_aead_crypter instance is transferred to this new object. - * - * - crypter: a gsec_aead_crypter instance used to perform AEAD decryption. - * - overflow_size: overflow size of counter in bytes. - * - is_client: a flag indicating if the alts_grpc_record_protocol instance will - * be used at the client or server side. - * - is_protect: a flag indicating if the alts_grpc_record_protocol instance - * will be used for protect or unprotect. - * - rp: an alts_grpc_record_protocol instance to be returned from - * the method. - * - * This method returns TSI_OK in case of success or a specific error code in - * case of failure. - */ -tsi_result alts_grpc_integrity_only_record_protocol_create( - gsec_aead_crypter* crypter, size_t overflow_size, bool is_client, - bool is_protect, alts_grpc_record_protocol** rp); - -#endif /* GRPC_CORE_TSI_ALTS_ZERO_COPY_FRAME_PROTECTOR_ALTS_GRPC_INTEGRITY_ONLY_RECORD_PROTOCOL_H \ - */ diff --git a/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc b/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc deleted file mode 100644 index d4fd88d1e2..0000000000 --- a/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc +++ /dev/null @@ -1,144 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <grpc/support/port_platform.h> - -#include "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h" - -#include <grpc/support/alloc.h> -#include <grpc/support/log.h> - -#include "src/core/lib/slice/slice_internal.h" -#include "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h" -#include "src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h" - -/* Privacy-integrity alts_grpc_record_protocol object uses the same struct - * defined in alts_grpc_record_protocol_common.h. */ - -/* --- alts_grpc_record_protocol methods implementation. --- */ - -static tsi_result alts_grpc_privacy_integrity_protect( - alts_grpc_record_protocol* rp, grpc_slice_buffer* unprotected_slices, - grpc_slice_buffer* protected_slices) { - /* Input sanity check. */ - if (rp == nullptr || unprotected_slices == nullptr || - protected_slices == nullptr) { - gpr_log(GPR_ERROR, - "Invalid nullptr arguments to alts_grpc_record_protocol protect."); - return TSI_INVALID_ARGUMENT; - } - /* Allocates memory for output frame. In privacy-integrity protect, the - * protected frame is stored in a newly allocated buffer. */ - size_t protected_frame_size = - unprotected_slices->length + rp->header_length + - alts_iovec_record_protocol_get_tag_length(rp->iovec_rp); - grpc_slice protected_slice = GRPC_SLICE_MALLOC(protected_frame_size); - iovec_t protected_iovec = {GRPC_SLICE_START_PTR(protected_slice), - GRPC_SLICE_LENGTH(protected_slice)}; - /* Calls alts_iovec_record_protocol protect. */ - char* error_details = nullptr; - alts_grpc_record_protocol_convert_slice_buffer_to_iovec(rp, - unprotected_slices); - grpc_status_code status = - alts_iovec_record_protocol_privacy_integrity_protect( - rp->iovec_rp, rp->iovec_buf, unprotected_slices->count, - protected_iovec, &error_details); - if (status != GRPC_STATUS_OK) { - gpr_log(GPR_ERROR, "Failed to protect, %s", error_details); - gpr_free(error_details); - grpc_slice_unref(protected_slice); - return TSI_INTERNAL_ERROR; - } - grpc_slice_buffer_add(protected_slices, protected_slice); - grpc_slice_buffer_reset_and_unref_internal(unprotected_slices); - return TSI_OK; -} - -static tsi_result alts_grpc_privacy_integrity_unprotect( - alts_grpc_record_protocol* rp, grpc_slice_buffer* protected_slices, - grpc_slice_buffer* unprotected_slices) { - /* Input sanity check. */ - if (rp == nullptr || protected_slices == nullptr || - unprotected_slices == nullptr) { - gpr_log( - GPR_ERROR, - "Invalid nullptr arguments to alts_grpc_record_protocol unprotect."); - return TSI_INVALID_ARGUMENT; - } - /* Allocates memory for output frame. In privacy-integrity unprotect, the - * unprotected data are stored in a newly allocated buffer. */ - if (protected_slices->length < rp->header_length + rp->tag_length) { - gpr_log(GPR_ERROR, "Protected slices do not have sufficient data."); - return TSI_INVALID_ARGUMENT; - } - size_t unprotected_frame_size = - protected_slices->length - rp->header_length - rp->tag_length; - grpc_slice unprotected_slice = GRPC_SLICE_MALLOC(unprotected_frame_size); - iovec_t unprotected_iovec = {GRPC_SLICE_START_PTR(unprotected_slice), - GRPC_SLICE_LENGTH(unprotected_slice)}; - /* Strips frame header from protected slices. */ - grpc_slice_buffer_reset_and_unref_internal(&rp->header_sb); - grpc_slice_buffer_move_first(protected_slices, rp->header_length, - &rp->header_sb); - iovec_t header_iovec = alts_grpc_record_protocol_get_header_iovec(rp); - /* Calls alts_iovec_record_protocol unprotect. */ - char* error_details = nullptr; - alts_grpc_record_protocol_convert_slice_buffer_to_iovec(rp, protected_slices); - grpc_status_code status = - alts_iovec_record_protocol_privacy_integrity_unprotect( - rp->iovec_rp, header_iovec, rp->iovec_buf, protected_slices->count, - unprotected_iovec, &error_details); - if (status != GRPC_STATUS_OK) { - gpr_log(GPR_ERROR, "Failed to unprotect, %s", error_details); - gpr_free(error_details); - grpc_slice_unref(unprotected_slice); - return TSI_INTERNAL_ERROR; - } - grpc_slice_buffer_reset_and_unref_internal(&rp->header_sb); - grpc_slice_buffer_reset_and_unref_internal(protected_slices); - grpc_slice_buffer_add(unprotected_slices, unprotected_slice); - return TSI_OK; -} - -static const alts_grpc_record_protocol_vtable - alts_grpc_privacy_integrity_record_protocol_vtable = { - alts_grpc_privacy_integrity_protect, - alts_grpc_privacy_integrity_unprotect, nullptr}; - -tsi_result alts_grpc_privacy_integrity_record_protocol_create( - gsec_aead_crypter* crypter, size_t overflow_size, bool is_client, - bool is_protect, alts_grpc_record_protocol** rp) { - if (crypter == nullptr || rp == nullptr) { - gpr_log(GPR_ERROR, - "Invalid nullptr arguments to alts_grpc_record_protocol create."); - return TSI_INVALID_ARGUMENT; - } - auto* impl = static_cast<alts_grpc_record_protocol*>( - gpr_zalloc(sizeof(alts_grpc_record_protocol))); - /* Calls alts_grpc_record_protocol init. */ - tsi_result result = - alts_grpc_record_protocol_init(impl, crypter, overflow_size, is_client, - /*is_integrity_only=*/false, is_protect); - if (result != TSI_OK) { - gpr_free(impl); - return result; - } - impl->vtable = &alts_grpc_privacy_integrity_record_protocol_vtable; - *rp = impl; - return TSI_OK; -} diff --git a/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h b/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h deleted file mode 100644 index 1e34aef2d8..0000000000 --- a/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h +++ /dev/null @@ -1,49 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef GRPC_CORE_TSI_ALTS_ZERO_COPY_FRAME_PROTECTOR_ALTS_GRPC_PRIVACY_INTEGRITY_RECORD_PROTOCOL_H -#define GRPC_CORE_TSI_ALTS_ZERO_COPY_FRAME_PROTECTOR_ALTS_GRPC_PRIVACY_INTEGRITY_RECORD_PROTOCOL_H - -#include <grpc/support/port_platform.h> - -#include <stdbool.h> - -#include "src/core/tsi/alts/crypt/gsec.h" -#include "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h" - -/** - * This method creates a privacy-integrity alts_grpc_record_protocol instance, - * given a gsec_aead_crypter instance and a flag indicating if the created - * instance will be used at the client or server side. The ownership of - * gsec_aead_crypter instance is transferred to this new object. - * - * - crypter: a gsec_aead_crypter instance used to perform AEAD decryption. - * - is_client: a flag indicating if the alts_grpc_record_protocol instance will - * be used at the client or server side. - * - rp: an alts_grpc_record_protocol instance to be returned from - * the method. - * - * This method returns TSI_OK in case of success or a specific error code in - * case of failure. - */ -tsi_result alts_grpc_privacy_integrity_record_protocol_create( - gsec_aead_crypter* crypter, size_t overflow_size, bool is_client, - bool is_protect, alts_grpc_record_protocol** rp); - -#endif /* GRPC_CORE_TSI_ALTS_ZERO_COPY_FRAME_PROTECTOR_ALTS_GRPC_PRIVACY_INTEGRITY_RECORD_PROTOCOL_H \ - */ diff --git a/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h b/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h deleted file mode 100644 index d1e433dac4..0000000000 --- a/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h +++ /dev/null @@ -1,91 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef GRPC_CORE_TSI_ALTS_ZERO_COPY_FRAME_PROTECTOR_ALTS_GRPC_RECORD_PROTOCOL_H -#define GRPC_CORE_TSI_ALTS_ZERO_COPY_FRAME_PROTECTOR_ALTS_GRPC_RECORD_PROTOCOL_H - -#include <grpc/support/port_platform.h> - -#include <grpc/slice_buffer.h> - -#include "src/core/tsi/transport_security_interface.h" - -/** - * This alts_grpc_record_protocol object protects and unprotects a single frame - * stored in grpc slice buffer with zero or minimized memory copy. - * Implementations of this object must be thread compatible. - */ -typedef struct alts_grpc_record_protocol alts_grpc_record_protocol; - -/** - * This methods performs protect operation on unprotected data and appends the - * protected frame to protected_slices. The caller needs to ensure the length - * of unprotected data plus the frame overhead is less than or equal to the - * maximum frame length. The input unprotected data slice buffer will be - * cleared, although the actual unprotected data bytes are not modified. - * - * - self: an alts_grpc_record_protocol instance. - * - unprotected_slices: the unprotected data to be protected. - * - protected_slices: slice buffer where the protected frame is appended. - * - * This method returns TSI_OK in case of success or a specific error code in - * case of failure. - */ -tsi_result alts_grpc_record_protocol_protect( - alts_grpc_record_protocol* self, grpc_slice_buffer* unprotected_slices, - grpc_slice_buffer* protected_slices); - -/** - * This methods performs unprotect operation on a full frame of protected data - * and appends unprotected data to unprotected_slices. It is the caller's - * responsibility to prepare a full frame of data before calling this method. - * The input protected frame slice buffer will be cleared, although the actual - * protected data bytes are not modified. - * - * - self: an alts_grpc_record_protocol instance. - * - protected_slices: a full frame of protected data in grpc slices. - * - unprotected_slices: slice buffer where unprotected data is appended. - * - * This method returns TSI_OK in case of success or a specific error code in - * case of failure. - */ -tsi_result alts_grpc_record_protocol_unprotect( - alts_grpc_record_protocol* self, grpc_slice_buffer* protected_slices, - grpc_slice_buffer* unprotected_slices); - -/** - * This method returns maximum allowed unprotected data size, given maximum - * protected frame size. - * - * - self: an alts_grpc_record_protocol instance. - * - max_protected_frame_size: maximum protected frame size. - * - * On success, the method returns the maximum allowed unprotected data size. - * Otherwise, it returns zero. - */ -size_t alts_grpc_record_protocol_max_unprotected_data_size( - const alts_grpc_record_protocol* self, size_t max_protected_frame_size); - -/** - * This method destroys an alts_grpc_record_protocol instance by de-allocating - * all of its occupied memory. - */ -void alts_grpc_record_protocol_destroy(alts_grpc_record_protocol* self); - -#endif /* GRPC_CORE_TSI_ALTS_ZERO_COPY_FRAME_PROTECTOR_ALTS_GRPC_RECORD_PROTOCOL_H \ - */ diff --git a/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc b/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc deleted file mode 100644 index ff91aea350..0000000000 --- a/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc +++ /dev/null @@ -1,173 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <grpc/support/port_platform.h> - -#include "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h" - -#include <string.h> - -#include <grpc/support/alloc.h> -#include <grpc/support/log.h> - -#include "src/core/lib/gpr/useful.h" -#include "src/core/lib/slice/slice_internal.h" - -const size_t kInitialIovecBufferSize = 8; - -/* Makes sure iovec_buf in alts_grpc_record_protocol is large enough. */ -static void ensure_iovec_buf_size(alts_grpc_record_protocol* rp, - const grpc_slice_buffer* sb) { - GPR_ASSERT(rp != nullptr && sb != nullptr); - if (sb->count <= rp->iovec_buf_length) { - return; - } - /* At least double the iovec buffer size. */ - rp->iovec_buf_length = GPR_MAX(sb->count, 2 * rp->iovec_buf_length); - rp->iovec_buf = static_cast<iovec_t*>( - gpr_realloc(rp->iovec_buf, rp->iovec_buf_length * sizeof(iovec_t))); -} - -/* --- Implementation of methods defined in tsi_grpc_record_protocol_common.h. - * --- */ - -void alts_grpc_record_protocol_convert_slice_buffer_to_iovec( - alts_grpc_record_protocol* rp, const grpc_slice_buffer* sb) { - GPR_ASSERT(rp != nullptr && sb != nullptr); - ensure_iovec_buf_size(rp, sb); - for (size_t i = 0; i < sb->count; i++) { - rp->iovec_buf[i].iov_base = GRPC_SLICE_START_PTR(sb->slices[i]); - rp->iovec_buf[i].iov_len = GRPC_SLICE_LENGTH(sb->slices[i]); - } -} - -void alts_grpc_record_protocol_copy_slice_buffer(const grpc_slice_buffer* src, - unsigned char* dst) { - GPR_ASSERT(src != nullptr && dst != nullptr); - for (size_t i = 0; i < src->count; i++) { - size_t slice_length = GRPC_SLICE_LENGTH(src->slices[i]); - memcpy(dst, GRPC_SLICE_START_PTR(src->slices[i]), slice_length); - dst += slice_length; - } -} - -iovec_t alts_grpc_record_protocol_get_header_iovec( - alts_grpc_record_protocol* rp) { - iovec_t header_iovec = {nullptr, 0}; - if (rp == nullptr) { - return header_iovec; - } - header_iovec.iov_len = rp->header_length; - if (rp->header_sb.count == 1) { - header_iovec.iov_base = GRPC_SLICE_START_PTR(rp->header_sb.slices[0]); - } else { - /* Frame header is in multiple slices, copies the header bytes from slice - * buffer to a single flat buffer. */ - alts_grpc_record_protocol_copy_slice_buffer(&rp->header_sb, rp->header_buf); - header_iovec.iov_base = rp->header_buf; - } - return header_iovec; -} - -tsi_result alts_grpc_record_protocol_init(alts_grpc_record_protocol* rp, - gsec_aead_crypter* crypter, - size_t overflow_size, bool is_client, - bool is_integrity_only, - bool is_protect) { - if (rp == nullptr || crypter == nullptr) { - gpr_log(GPR_ERROR, - "Invalid nullptr arguments to alts_grpc_record_protocol init."); - return TSI_INVALID_ARGUMENT; - } - /* Creates alts_iovec_record_protocol. */ - char* error_details = nullptr; - grpc_status_code status = alts_iovec_record_protocol_create( - crypter, overflow_size, is_client, is_integrity_only, is_protect, - &rp->iovec_rp, &error_details); - if (status != GRPC_STATUS_OK) { - gpr_log(GPR_ERROR, "Failed to create alts_iovec_record_protocol, %s.", - error_details); - gpr_free(error_details); - return TSI_INTERNAL_ERROR; - } - /* Allocates header slice buffer. */ - grpc_slice_buffer_init(&rp->header_sb); - /* Allocates header buffer. */ - rp->header_length = alts_iovec_record_protocol_get_header_length(); - rp->header_buf = static_cast<unsigned char*>(gpr_malloc(rp->header_length)); - rp->tag_length = alts_iovec_record_protocol_get_tag_length(rp->iovec_rp); - /* Allocates iovec buffer. */ - rp->iovec_buf_length = kInitialIovecBufferSize; - rp->iovec_buf = - static_cast<iovec_t*>(gpr_malloc(rp->iovec_buf_length * sizeof(iovec_t))); - return TSI_OK; -} - -/* --- Implementation of methods defined in tsi_grpc_record_protocol.h. --- */ -tsi_result alts_grpc_record_protocol_protect( - alts_grpc_record_protocol* self, grpc_slice_buffer* unprotected_slices, - grpc_slice_buffer* protected_slices) { - if (grpc_core::ExecCtx::Get() == nullptr || self == nullptr || - self->vtable == nullptr || unprotected_slices == nullptr || - protected_slices == nullptr) { - return TSI_INVALID_ARGUMENT; - } - if (self->vtable->protect == nullptr) { - return TSI_UNIMPLEMENTED; - } - return self->vtable->protect(self, unprotected_slices, protected_slices); -} - -tsi_result alts_grpc_record_protocol_unprotect( - alts_grpc_record_protocol* self, grpc_slice_buffer* protected_slices, - grpc_slice_buffer* unprotected_slices) { - if (grpc_core::ExecCtx::Get() == nullptr || self == nullptr || - self->vtable == nullptr || protected_slices == nullptr || - unprotected_slices == nullptr) { - return TSI_INVALID_ARGUMENT; - } - if (self->vtable->unprotect == nullptr) { - return TSI_UNIMPLEMENTED; - } - return self->vtable->unprotect(self, protected_slices, unprotected_slices); -} - -void alts_grpc_record_protocol_destroy(alts_grpc_record_protocol* self) { - if (self == nullptr) { - return; - } - if (self->vtable->destruct != nullptr) { - self->vtable->destruct(self); - } - alts_iovec_record_protocol_destroy(self->iovec_rp); - grpc_slice_buffer_destroy_internal(&self->header_sb); - gpr_free(self->header_buf); - gpr_free(self->iovec_buf); - gpr_free(self); -} - -/* Integrity-only and privacy-integrity share the same implementation. No need - * to call vtable. */ -size_t alts_grpc_record_protocol_max_unprotected_data_size( - const alts_grpc_record_protocol* self, size_t max_protected_frame_size) { - if (self == nullptr) { - return 0; - } - return alts_iovec_record_protocol_max_unprotected_data_size( - self->iovec_rp, max_protected_frame_size); -} diff --git a/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h b/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h deleted file mode 100644 index 43b8a4a2b8..0000000000 --- a/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h +++ /dev/null @@ -1,100 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef GRPC_CORE_TSI_ALTS_ZERO_COPY_FRAME_PROTECTOR_ALTS_GRPC_RECORD_PROTOCOL_COMMON_H -#define GRPC_CORE_TSI_ALTS_ZERO_COPY_FRAME_PROTECTOR_ALTS_GRPC_RECORD_PROTOCOL_COMMON_H - -/** - * this file contains alts_grpc_record_protocol internals and internal-only - * helper functions. The public functions of alts_grpc_record_protocol are - * defined in the alts_grpc_record_protocol.h. - */ - -#include <grpc/support/port_platform.h> - -#include "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h" -#include "src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h" - -/* V-table for alts_grpc_record_protocol implementations. */ -typedef struct { - tsi_result (*protect)(alts_grpc_record_protocol* self, - grpc_slice_buffer* unprotected_slices, - grpc_slice_buffer* protected_slices); - tsi_result (*unprotect)(alts_grpc_record_protocol* self, - grpc_slice_buffer* protected_slices, - grpc_slice_buffer* unprotected_slices); - void (*destruct)(alts_grpc_record_protocol* self); -} alts_grpc_record_protocol_vtable; - -/* Main struct for alts_grpc_record_protocol implementation, shared by both - * integrity-only record protocol and privacy-integrity record protocol. - * Integrity-only record protocol has additional data elements. - * Privacy-integrity record protocol uses this struct directly. */ -struct alts_grpc_record_protocol { - const alts_grpc_record_protocol_vtable* vtable; - alts_iovec_record_protocol* iovec_rp; - grpc_slice_buffer header_sb; - unsigned char* header_buf; - size_t header_length; - size_t tag_length; - iovec_t* iovec_buf; - size_t iovec_buf_length; -}; - -/** - * Converts the slices of input sb into iovec_t's and puts the result into - * rp->iovec_buf. Note that the actual data are not copied, only - * pointers and lengths are copied. - */ -void alts_grpc_record_protocol_convert_slice_buffer_to_iovec( - alts_grpc_record_protocol* rp, const grpc_slice_buffer* sb); - -/** - * Copies bytes from slice buffer to destination buffer. Caller is responsible - * for allocating enough memory of destination buffer. This method is used for - * copying frame header and tag in case they are stored in multiple slices. - */ -void alts_grpc_record_protocol_copy_slice_buffer(const grpc_slice_buffer* src, - unsigned char* dst); - -/** - * This method returns an iovec object pointing to the frame header stored in - * rp->header_sb. If the frame header is stored in multiple slices, - * this method will copy the bytes in rp->header_sb to - * rp->header_buf, and return an iovec object pointing to - * rp->header_buf. - */ -iovec_t alts_grpc_record_protocol_get_header_iovec( - alts_grpc_record_protocol* rp); - -/** - * Initializes an alts_grpc_record_protocol object, given a gsec_aead_crypter - * instance, the overflow size of the counter in bytes, a flag indicating if the - * object is used for client or server side, a flag indicating if it is used for - * integrity-only or privacy-integrity mode, and a flag indicating if it is for - * protect or unprotect. The ownership of gsec_aead_crypter object is - * transferred to the alts_grpc_record_protocol object. - */ -tsi_result alts_grpc_record_protocol_init(alts_grpc_record_protocol* rp, - gsec_aead_crypter* crypter, - size_t overflow_size, bool is_client, - bool is_integrity_only, - bool is_protect); - -#endif /* GRPC_CORE_TSI_ALTS_ZERO_COPY_FRAME_PROTECTOR_ALTS_GRPC_RECORD_PROTOCOL_COMMON_H \ - */ diff --git a/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc b/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc deleted file mode 100644 index 6a548e50dd..0000000000 --- a/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc +++ /dev/null @@ -1,476 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <grpc/support/port_platform.h> - -#include "src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h" - -#include <stdlib.h> -#include <string.h> - -#include <grpc/support/alloc.h> -#include <grpc/support/log.h> - -#include "src/core/tsi/alts/frame_protector/alts_counter.h" - -struct alts_iovec_record_protocol { - alts_counter* ctr; - gsec_aead_crypter* crypter; - size_t tag_length; - bool is_integrity_only; - bool is_protect; -}; - -/* Copies error message to destination. */ -static void maybe_copy_error_msg(const char* src, char** dst) { - if (dst != nullptr && src != nullptr) { - *dst = static_cast<char*>(gpr_malloc(strlen(src) + 1)); - memcpy(*dst, src, strlen(src) + 1); - } -} - -/* Appends error message to destination. */ -static void maybe_append_error_msg(const char* appendix, char** dst) { - if (dst != nullptr && appendix != nullptr) { - int dst_len = static_cast<int>(strlen(*dst)); - *dst = static_cast<char*>(realloc(*dst, dst_len + strlen(appendix) + 1)); - assert(*dst != nullptr); - memcpy(*dst + dst_len, appendix, strlen(appendix) + 1); - } -} - -/* Use little endian to interpret a string of bytes as uint32_t. */ -static uint32_t load_32_le(const unsigned char* buffer) { - return (((uint32_t)buffer[3]) << 24) | (((uint32_t)buffer[2]) << 16) | - (((uint32_t)buffer[1]) << 8) | ((uint32_t)buffer[0]); -} - -/* Store uint32_t as a string of little endian bytes. */ -static void store_32_le(uint32_t value, unsigned char* buffer) { - buffer[3] = (unsigned char)(value >> 24) & 0xFF; - buffer[2] = (unsigned char)(value >> 16) & 0xFF; - buffer[1] = (unsigned char)(value >> 8) & 0xFF; - buffer[0] = (unsigned char)(value)&0xFF; -} - -/* Ensures header and tag iovec have sufficient length. */ -static grpc_status_code ensure_header_and_tag_length( - const alts_iovec_record_protocol* rp, iovec_t header, iovec_t tag, - char** error_details) { - if (rp == nullptr) { - return GRPC_STATUS_FAILED_PRECONDITION; - } - if (header.iov_base == nullptr) { - maybe_copy_error_msg("Header is nullptr.", error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - if (header.iov_len != alts_iovec_record_protocol_get_header_length()) { - maybe_copy_error_msg("Header length is incorrect.", error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - if (tag.iov_base == nullptr) { - maybe_copy_error_msg("Tag is nullptr.", error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - if (tag.iov_len != rp->tag_length) { - maybe_copy_error_msg("Tag length is incorrect.", error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - return GRPC_STATUS_OK; -} - -/* Increments crypter counter and checks overflow. */ -static grpc_status_code increment_counter(alts_counter* counter, - char** error_details) { - if (counter == nullptr) { - return GRPC_STATUS_FAILED_PRECONDITION; - } - bool is_overflow = false; - grpc_status_code status = - alts_counter_increment(counter, &is_overflow, error_details); - if (status != GRPC_STATUS_OK) { - return status; - } - if (is_overflow) { - maybe_copy_error_msg("Crypter counter is overflowed.", error_details); - return GRPC_STATUS_INTERNAL; - } - return GRPC_STATUS_OK; -} - -/* Given an array of iovec, computes the total length of buffer. */ -static size_t get_total_length(const iovec_t* vec, size_t vec_length) { - size_t total_length = 0; - for (size_t i = 0; i < vec_length; ++i) { - total_length += vec[i].iov_len; - } - return total_length; -} - -/* Writes frame header given data and tag length. */ -static grpc_status_code write_frame_header(size_t data_length, - unsigned char* header, - char** error_details) { - if (header == nullptr) { - maybe_copy_error_msg("Header is nullptr.", error_details); - return GRPC_STATUS_FAILED_PRECONDITION; - } - size_t frame_length = kZeroCopyFrameMessageTypeFieldSize + data_length; - store_32_le(static_cast<uint32_t>(frame_length), header); - store_32_le(kZeroCopyFrameMessageType, - header + kZeroCopyFrameLengthFieldSize); - return GRPC_STATUS_OK; -} - -/* Verifies frame header given protected data length. */ -static grpc_status_code verify_frame_header(size_t data_length, - unsigned char* header, - char** error_details) { - if (header == nullptr) { - maybe_copy_error_msg("Header is nullptr.", error_details); - return GRPC_STATUS_FAILED_PRECONDITION; - } - size_t frame_length = load_32_le(header); - if (frame_length != kZeroCopyFrameMessageTypeFieldSize + data_length) { - maybe_copy_error_msg("Bad frame length.", error_details); - return GRPC_STATUS_INTERNAL; - } - size_t message_type = load_32_le(header + kZeroCopyFrameLengthFieldSize); - if (message_type != kZeroCopyFrameMessageType) { - maybe_copy_error_msg("Unsupported message type.", error_details); - return GRPC_STATUS_INTERNAL; - } - return GRPC_STATUS_OK; -} - -/* --- alts_iovec_record_protocol methods implementation. --- */ - -size_t alts_iovec_record_protocol_get_header_length() { - return kZeroCopyFrameHeaderSize; -} - -size_t alts_iovec_record_protocol_get_tag_length( - const alts_iovec_record_protocol* rp) { - if (rp != nullptr) { - return rp->tag_length; - } - return 0; -} - -size_t alts_iovec_record_protocol_max_unprotected_data_size( - const alts_iovec_record_protocol* rp, size_t max_protected_frame_size) { - if (rp == nullptr) { - return 0; - } - size_t overhead_bytes_size = - kZeroCopyFrameMessageTypeFieldSize + rp->tag_length; - if (max_protected_frame_size <= overhead_bytes_size) return 0; - return max_protected_frame_size - overhead_bytes_size; -} - -grpc_status_code alts_iovec_record_protocol_integrity_only_protect( - alts_iovec_record_protocol* rp, const iovec_t* unprotected_vec, - size_t unprotected_vec_length, iovec_t header, iovec_t tag, - char** error_details) { - /* Input sanity checks. */ - if (rp == nullptr) { - maybe_copy_error_msg("Input iovec_record_protocol is nullptr.", - error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - if (!rp->is_integrity_only) { - maybe_copy_error_msg( - "Integrity-only operations are not allowed for this object.", - error_details); - return GRPC_STATUS_FAILED_PRECONDITION; - } - if (!rp->is_protect) { - maybe_copy_error_msg("Protect operations are not allowed for this object.", - error_details); - return GRPC_STATUS_FAILED_PRECONDITION; - } - grpc_status_code status = - ensure_header_and_tag_length(rp, header, tag, error_details); - if (status != GRPC_STATUS_OK) { - return status; - } - /* Unprotected data should not be zero length. */ - size_t data_length = - get_total_length(unprotected_vec, unprotected_vec_length); - /* Sets frame header. */ - status = write_frame_header(data_length + rp->tag_length, - static_cast<unsigned char*>(header.iov_base), - error_details); - if (status != GRPC_STATUS_OK) { - return status; - } - /* Computes frame tag by calling AEAD crypter. */ - size_t bytes_written = 0; - status = gsec_aead_crypter_encrypt_iovec( - rp->crypter, alts_counter_get_counter(rp->ctr), - alts_counter_get_size(rp->ctr), unprotected_vec, unprotected_vec_length, - /* plaintext_vec = */ nullptr, /* plaintext_vec_length = */ 0, tag, - &bytes_written, error_details); - if (status != GRPC_STATUS_OK) { - return status; - } - if (bytes_written != rp->tag_length) { - maybe_copy_error_msg("Bytes written expects to be the same as tag length.", - error_details); - return GRPC_STATUS_INTERNAL; - } - /* Increments the crypter counter. */ - return increment_counter(rp->ctr, error_details); -} - -grpc_status_code alts_iovec_record_protocol_integrity_only_unprotect( - alts_iovec_record_protocol* rp, const iovec_t* protected_vec, - size_t protected_vec_length, iovec_t header, iovec_t tag, - char** error_details) { - /* Input sanity checks. */ - if (rp == nullptr) { - maybe_copy_error_msg("Input iovec_record_protocol is nullptr.", - error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - if (!rp->is_integrity_only) { - maybe_copy_error_msg( - "Integrity-only operations are not allowed for this object.", - error_details); - return GRPC_STATUS_FAILED_PRECONDITION; - } - if (rp->is_protect) { - maybe_copy_error_msg( - "Unprotect operations are not allowed for this object.", error_details); - return GRPC_STATUS_FAILED_PRECONDITION; - } - grpc_status_code status = - ensure_header_and_tag_length(rp, header, tag, error_details); - if (status != GRPC_STATUS_OK) return status; - /* Protected data should not be zero length. */ - size_t data_length = get_total_length(protected_vec, protected_vec_length); - /* Verifies frame header. */ - status = verify_frame_header(data_length + rp->tag_length, - static_cast<unsigned char*>(header.iov_base), - error_details); - if (status != GRPC_STATUS_OK) { - return status; - } - /* Verifies frame tag by calling AEAD crypter. */ - iovec_t plaintext = {nullptr, 0}; - size_t bytes_written = 0; - status = gsec_aead_crypter_decrypt_iovec( - rp->crypter, alts_counter_get_counter(rp->ctr), - alts_counter_get_size(rp->ctr), protected_vec, protected_vec_length, &tag, - 1, plaintext, &bytes_written, error_details); - if (status != GRPC_STATUS_OK || bytes_written != 0) { - maybe_append_error_msg(" Frame tag verification failed.", error_details); - return GRPC_STATUS_INTERNAL; - } - /* Increments the crypter counter. */ - return increment_counter(rp->ctr, error_details); -} - -grpc_status_code alts_iovec_record_protocol_privacy_integrity_protect( - alts_iovec_record_protocol* rp, const iovec_t* unprotected_vec, - size_t unprotected_vec_length, iovec_t protected_frame, - char** error_details) { - /* Input sanity checks. */ - if (rp == nullptr) { - maybe_copy_error_msg("Input iovec_record_protocol is nullptr.", - error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - if (rp->is_integrity_only) { - maybe_copy_error_msg( - "Privacy-integrity operations are not allowed for this object.", - error_details); - return GRPC_STATUS_FAILED_PRECONDITION; - } - if (!rp->is_protect) { - maybe_copy_error_msg("Protect operations are not allowed for this object.", - error_details); - return GRPC_STATUS_FAILED_PRECONDITION; - } - /* Unprotected data should not be zero length. */ - size_t data_length = - get_total_length(unprotected_vec, unprotected_vec_length); - /* Ensures protected frame iovec has sufficient size. */ - if (protected_frame.iov_base == nullptr) { - maybe_copy_error_msg("Protected frame is nullptr.", error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - if (protected_frame.iov_len != - alts_iovec_record_protocol_get_header_length() + data_length + - rp->tag_length) { - maybe_copy_error_msg("Protected frame size is incorrect.", error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - /* Writer frame header. */ - grpc_status_code status = write_frame_header( - data_length + rp->tag_length, - static_cast<unsigned char*>(protected_frame.iov_base), error_details); - if (status != GRPC_STATUS_OK) { - return status; - } - /* Encrypt unprotected data by calling AEAD crypter. */ - unsigned char* ciphertext_buffer = - static_cast<unsigned char*>(protected_frame.iov_base) + - alts_iovec_record_protocol_get_header_length(); - iovec_t ciphertext = {ciphertext_buffer, data_length + rp->tag_length}; - size_t bytes_written = 0; - status = gsec_aead_crypter_encrypt_iovec( - rp->crypter, alts_counter_get_counter(rp->ctr), - alts_counter_get_size(rp->ctr), /* aad_vec = */ nullptr, - /* aad_vec_length = */ 0, unprotected_vec, unprotected_vec_length, - ciphertext, &bytes_written, error_details); - if (status != GRPC_STATUS_OK) { - return status; - } - if (bytes_written != data_length + rp->tag_length) { - maybe_copy_error_msg( - "Bytes written expects to be data length plus tag length.", - error_details); - return GRPC_STATUS_INTERNAL; - } - /* Increments the crypter counter. */ - return increment_counter(rp->ctr, error_details); -} - -grpc_status_code alts_iovec_record_protocol_privacy_integrity_unprotect( - alts_iovec_record_protocol* rp, iovec_t header, - const iovec_t* protected_vec, size_t protected_vec_length, - iovec_t unprotected_data, char** error_details) { - /* Input sanity checks. */ - if (rp == nullptr) { - maybe_copy_error_msg("Input iovec_record_protocol is nullptr.", - error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - if (rp->is_integrity_only) { - maybe_copy_error_msg( - "Privacy-integrity operations are not allowed for this object.", - error_details); - return GRPC_STATUS_FAILED_PRECONDITION; - } - if (rp->is_protect) { - maybe_copy_error_msg( - "Unprotect operations are not allowed for this object.", error_details); - return GRPC_STATUS_FAILED_PRECONDITION; - } - /* Protected data size should be no less than tag size. */ - size_t protected_data_length = - get_total_length(protected_vec, protected_vec_length); - if (protected_data_length < rp->tag_length) { - maybe_copy_error_msg( - "Protected data length should be more than the tag length.", - error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - /* Ensures header has sufficient size. */ - if (header.iov_base == nullptr) { - maybe_copy_error_msg("Header is nullptr.", error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - if (header.iov_len != alts_iovec_record_protocol_get_header_length()) { - maybe_copy_error_msg("Header length is incorrect.", error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - /* Ensures unprotected data iovec has sufficient size. */ - if (unprotected_data.iov_len != protected_data_length - rp->tag_length) { - maybe_copy_error_msg("Unprotected data size is incorrect.", error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - /* Verify frame header. */ - grpc_status_code status = verify_frame_header( - protected_data_length, static_cast<unsigned char*>(header.iov_base), - error_details); - if (status != GRPC_STATUS_OK) { - return status; - } - /* Decrypt protected data by calling AEAD crypter. */ - size_t bytes_written = 0; - status = gsec_aead_crypter_decrypt_iovec( - rp->crypter, alts_counter_get_counter(rp->ctr), - alts_counter_get_size(rp->ctr), /* aad_vec = */ nullptr, - /* aad_vec_length = */ 0, protected_vec, protected_vec_length, - unprotected_data, &bytes_written, error_details); - if (status != GRPC_STATUS_OK) { - maybe_append_error_msg(" Frame decryption failed.", error_details); - return GRPC_STATUS_INTERNAL; - } - if (bytes_written != protected_data_length - rp->tag_length) { - maybe_copy_error_msg( - "Bytes written expects to be protected data length minus tag length.", - error_details); - return GRPC_STATUS_INTERNAL; - } - /* Increments the crypter counter. */ - return increment_counter(rp->ctr, error_details); -} - -grpc_status_code alts_iovec_record_protocol_create( - gsec_aead_crypter* crypter, size_t overflow_size, bool is_client, - bool is_integrity_only, bool is_protect, alts_iovec_record_protocol** rp, - char** error_details) { - if (crypter == nullptr || rp == nullptr) { - maybe_copy_error_msg( - "Invalid nullptr arguments to alts_iovec_record_protocol create.", - error_details); - return GRPC_STATUS_INVALID_ARGUMENT; - } - alts_iovec_record_protocol* impl = static_cast<alts_iovec_record_protocol*>( - gpr_zalloc(sizeof(alts_iovec_record_protocol))); - /* Gets counter length. */ - size_t counter_length = 0; - grpc_status_code status = - gsec_aead_crypter_nonce_length(crypter, &counter_length, error_details); - if (status != GRPC_STATUS_OK) { - goto cleanup; - } - /* Creates counters. */ - status = - alts_counter_create(is_protect ? !is_client : is_client, counter_length, - overflow_size, &impl->ctr, error_details); - if (status != GRPC_STATUS_OK) { - goto cleanup; - } - /* Gets tag length. */ - status = - gsec_aead_crypter_tag_length(crypter, &impl->tag_length, error_details); - if (status != GRPC_STATUS_OK) { - goto cleanup; - } - impl->crypter = crypter; - impl->is_integrity_only = is_integrity_only; - impl->is_protect = is_protect; - *rp = impl; - return GRPC_STATUS_OK; -cleanup: - alts_counter_destroy(impl->ctr); - gpr_free(impl); - return GRPC_STATUS_FAILED_PRECONDITION; -} - -void alts_iovec_record_protocol_destroy(alts_iovec_record_protocol* rp) { - if (rp != nullptr) { - alts_counter_destroy(rp->ctr); - gsec_aead_crypter_destroy(rp->crypter); - gpr_free(rp); - } -} diff --git a/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h b/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h deleted file mode 100644 index 0b7d1bf5bf..0000000000 --- a/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h +++ /dev/null @@ -1,199 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef GRPC_CORE_TSI_ALTS_ZERO_COPY_FRAME_PROTECTOR_ALTS_IOVEC_RECORD_PROTOCOL_H -#define GRPC_CORE_TSI_ALTS_ZERO_COPY_FRAME_PROTECTOR_ALTS_IOVEC_RECORD_PROTOCOL_H - -#include <grpc/support/port_platform.h> - -#include <stdbool.h> - -#include "src/core/tsi/alts/crypt/gsec.h" - -constexpr size_t kZeroCopyFrameMessageType = 0x06; -constexpr size_t kZeroCopyFrameLengthFieldSize = 4; -constexpr size_t kZeroCopyFrameMessageTypeFieldSize = 4; -constexpr size_t kZeroCopyFrameHeaderSize = - kZeroCopyFrameLengthFieldSize + kZeroCopyFrameMessageTypeFieldSize; - -// Limit k on number of frames such that at most 2^(8 * k) frames can be sent. -constexpr size_t kAltsRecordProtocolRekeyFrameLimit = 8; -constexpr size_t kAltsRecordProtocolFrameLimit = 5; - -/* An implementation of alts record protocol. The API is thread-compatible. */ - -typedef struct iovec iovec_t; - -typedef struct alts_iovec_record_protocol alts_iovec_record_protocol; - -/** - * This method gets the length of record protocol frame header. - */ -size_t alts_iovec_record_protocol_get_header_length(); - -/** - * This method gets the length of record protocol frame tag. - * - * - rp: an alts_iovec_record_protocol instance. - * - * On success, the method returns the length of record protocol frame tag. - * Otherwise, it returns zero. - */ -size_t alts_iovec_record_protocol_get_tag_length( - const alts_iovec_record_protocol* rp); - -/** - * This method returns maximum allowed unprotected data size, given maximum - * protected frame size. - * - * - rp: an alts_iovec_record_protocol instance. - * - max_protected_frame_size: maximum protected frame size. - * - * On success, the method returns the maximum allowed unprotected data size. - * Otherwise, it returns zero. - */ -size_t alts_iovec_record_protocol_max_unprotected_data_size( - const alts_iovec_record_protocol* rp, size_t max_protected_frame_size); - -/** - * This method performs integrity-only protect operation on a - * alts_iovec_record_protocol instance, i.e., compute frame header and tag. The - * caller needs to allocate the memory for header and tag prior to calling this - * method. - * - * - rp: an alts_iovec_record_protocol instance. - * - unprotected_vec: an iovec array containing unprotected data. - * - unprotected_vec_length: the array length of unprotected_vec. - * - header: an iovec containing the output frame header. - * - tag: an iovec containing the output frame tag. - * - error_details: a buffer containing an error message if the method does not - * function correctly. It is OK to pass nullptr into error_details. - * - * On success, the method returns GRPC_STATUS_OK. Otherwise, it returns an - * error status code along with its details specified in error_details (if - * error_details is not nullptr). - */ -grpc_status_code alts_iovec_record_protocol_integrity_only_protect( - alts_iovec_record_protocol* rp, const iovec_t* unprotected_vec, - size_t unprotected_vec_length, iovec_t header, iovec_t tag, - char** error_details); - -/** - * This method performs integrity-only unprotect operation on a - * alts_iovec_record_protocol instance, i.e., verify frame header and tag. - * - * - rp: an alts_iovec_record_protocol instance. - * - protected_vec: an iovec array containing protected data. - * - protected_vec_length: the array length of protected_vec. - * - header: an iovec containing the frame header. - * - tag: an iovec containing the frame tag. - * - error_details: a buffer containing an error message if the method does not - * function correctly. It is OK to pass nullptr into error_details. - * - * On success, the method returns GRPC_STATUS_OK. Otherwise, it returns an - * error status code along with its details specified in error_details (if - * error_details is not nullptr). - */ -grpc_status_code alts_iovec_record_protocol_integrity_only_unprotect( - alts_iovec_record_protocol* rp, const iovec_t* protected_vec, - size_t protected_vec_length, iovec_t header, iovec_t tag, - char** error_details); - -/** - * This method performs privacy-integrity protect operation on a - * alts_iovec_record_protocol instance, i.e., compute a protected frame. The - * caller needs to allocate the memory for the protected frame prior to calling - * this method. - * - * - rp: an alts_iovec_record_protocol instance. - * - unprotected_vec: an iovec array containing unprotected data. - * - unprotected_vec_length: the array length of unprotected_vec. - * - protected_frame: an iovec containing the output protected frame. - * - error_details: a buffer containing an error message if the method does not - * function correctly. It is OK to pass nullptr into error_details. - * - * On success, the method returns GRPC_STATUS_OK. Otherwise, it returns an - * error status code along with its details specified in error_details (if - * error_details is not nullptr). - */ -grpc_status_code alts_iovec_record_protocol_privacy_integrity_protect( - alts_iovec_record_protocol* rp, const iovec_t* unprotected_vec, - size_t unprotected_vec_length, iovec_t protected_frame, - char** error_details); - -/** - * This method performs privacy-integrity unprotect operation on a - * alts_iovec_record_protocol instance given a full protected frame, i.e., - * compute the unprotected data. The caller needs to allocated the memory for - * the unprotected data prior to calling this method. - * - * - rp: an alts_iovec_record_protocol instance. - * - header: an iovec containing the frame header. - * - protected_vec: an iovec array containing protected data including the tag. - * - protected_vec_length: the array length of protected_vec. - * - unprotected_data: an iovec containing the output unprotected data. - * - error_details: a buffer containing an error message if the method does not - * function correctly. It is OK to pass nullptr into error_details. - * - * On success, the method returns GRPC_STATUS_OK. Otherwise, it returns an - * error status code along with its details specified in error_details (if - * error_details is not nullptr). - */ -grpc_status_code alts_iovec_record_protocol_privacy_integrity_unprotect( - alts_iovec_record_protocol* rp, iovec_t header, - const iovec_t* protected_vec, size_t protected_vec_length, - iovec_t unprotected_data, char** error_details); - -/** - * This method creates an alts_iovec_record_protocol instance, given a - * gsec_aead_crypter instance, a flag indicating if the created instance will be - * used at the client or server side, and a flag indicating if the created - * instance will be used for integrity-only mode or privacy-integrity mode. The - * ownership of gsec_aead_crypter instance is transferred to this new object. - * - * - crypter: a gsec_aead_crypter instance used to perform AEAD decryption. - * - overflow_size: overflow size of counter in bytes. - * - is_client: a flag indicating if the alts_iovec_record_protocol instance - * will be used at the client or server side. - * - is_integrity_only: a flag indicating if the alts_iovec_record_protocol - * instance will be used for integrity-only or privacy-integrity mode. - * - is_protect: a flag indicating if the alts_grpc_record_protocol instance - * will be used for protect or unprotect. - * - rp: an alts_iovec_record_protocol instance to be returned from - * the method. - * - error_details: a buffer containing an error message if the method does not - * function correctly. It is OK to pass nullptr into error_details. - * - * On success, the method returns GRPC_STATUS_OK. Otherwise, it returns an - * error status code along with its details specified in error_details (if - * error_details is not nullptr). - */ -grpc_status_code alts_iovec_record_protocol_create( - gsec_aead_crypter* crypter, size_t overflow_size, bool is_client, - bool is_integrity_only, bool is_protect, alts_iovec_record_protocol** rp, - char** error_details); - -/** - * This method destroys an alts_iovec_record_protocol instance by de-allocating - * all of its occupied memory. A gsec_aead_crypter instance passed in at - * gsec_alts_crypter instance creation time will be destroyed in this method. - */ -void alts_iovec_record_protocol_destroy(alts_iovec_record_protocol* rp); - -#endif /* GRPC_CORE_TSI_ALTS_ZERO_COPY_FRAME_PROTECTOR_ALTS_IOVEC_RECORD_PROTOCOL_H \ - */ diff --git a/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc b/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc deleted file mode 100644 index 8c764961b3..0000000000 --- a/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +++ /dev/null @@ -1,295 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <grpc/support/port_platform.h> - -#include "src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h" - -#include <string.h> - -#include <grpc/support/alloc.h> -#include <grpc/support/log.h> - -#include "src/core/lib/gpr/useful.h" -#include "src/core/lib/slice/slice_internal.h" -#include "src/core/tsi/alts/crypt/gsec.h" -#include "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h" -#include "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h" -#include "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h" -#include "src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h" -#include "src/core/tsi/transport_security_grpc.h" - -constexpr size_t kMinFrameLength = 1024; -constexpr size_t kDefaultFrameLength = 16 * 1024; -constexpr size_t kMaxFrameLength = 1024 * 1024; - -/** - * Main struct for alts_zero_copy_grpc_protector. - * We choose to have two alts_grpc_record_protocol objects and two sets of slice - * buffers: one for protect and the other for unprotect, so that protect and - * unprotect can be executed in parallel. Implementations of this object must be - * thread compatible. - */ -typedef struct alts_zero_copy_grpc_protector { - tsi_zero_copy_grpc_protector base; - alts_grpc_record_protocol* record_protocol; - alts_grpc_record_protocol* unrecord_protocol; - size_t max_protected_frame_size; - size_t max_unprotected_data_size; - grpc_slice_buffer unprotected_staging_sb; - grpc_slice_buffer protected_sb; - grpc_slice_buffer protected_staging_sb; - uint32_t parsed_frame_size; -} alts_zero_copy_grpc_protector; - -/** - * Given a slice buffer, parses the first 4 bytes little-endian unsigned frame - * size and returns the total frame size including the frame field. Caller - * needs to make sure the input slice buffer has at least 4 bytes. Returns true - * on success and false on failure. - */ -static bool read_frame_size(const grpc_slice_buffer* sb, - uint32_t* total_frame_size) { - if (sb == nullptr || sb->length < kZeroCopyFrameLengthFieldSize) { - return false; - } - uint8_t frame_size_buffer[kZeroCopyFrameLengthFieldSize]; - uint8_t* buf = frame_size_buffer; - /* Copies the first 4 bytes to a temporary buffer. */ - size_t remaining = kZeroCopyFrameLengthFieldSize; - for (size_t i = 0; i < sb->count; i++) { - size_t slice_length = GRPC_SLICE_LENGTH(sb->slices[i]); - if (remaining <= slice_length) { - memcpy(buf, GRPC_SLICE_START_PTR(sb->slices[i]), remaining); - remaining = 0; - break; - } else { - memcpy(buf, GRPC_SLICE_START_PTR(sb->slices[i]), slice_length); - buf += slice_length; - remaining -= slice_length; - } - } - GPR_ASSERT(remaining == 0); - /* Gets little-endian frame size. */ - uint32_t frame_size = (((uint32_t)frame_size_buffer[3]) << 24) | - (((uint32_t)frame_size_buffer[2]) << 16) | - (((uint32_t)frame_size_buffer[1]) << 8) | - ((uint32_t)frame_size_buffer[0]); - if (frame_size > kMaxFrameLength) { - gpr_log(GPR_ERROR, "Frame size is larger than maximum frame size"); - return false; - } - /* Returns frame size including frame length field. */ - *total_frame_size = - static_cast<uint32_t>(frame_size + kZeroCopyFrameLengthFieldSize); - return true; -} - -/** - * Creates an alts_grpc_record_protocol object, given key, key size, and flags - * to indicate whether the record_protocol object uses the rekeying AEAD, - * whether the object is for client or server, whether the object is for - * integrity-only or privacy-integrity mode, and whether the object is is used - * for protect or unprotect. - */ -static tsi_result create_alts_grpc_record_protocol( - const uint8_t* key, size_t key_size, bool is_rekey, bool is_client, - bool is_integrity_only, bool is_protect, - alts_grpc_record_protocol** record_protocol) { - if (key == nullptr || record_protocol == nullptr) { - return TSI_INVALID_ARGUMENT; - } - grpc_status_code status; - gsec_aead_crypter* crypter = nullptr; - char* error_details = nullptr; - status = gsec_aes_gcm_aead_crypter_create(key, key_size, kAesGcmNonceLength, - kAesGcmTagLength, is_rekey, - &crypter, &error_details); - if (status != GRPC_STATUS_OK) { - gpr_log(GPR_ERROR, "Failed to create AEAD crypter, %s", error_details); - gpr_free(error_details); - return TSI_INTERNAL_ERROR; - } - size_t overflow_limit = is_rekey ? kAltsRecordProtocolRekeyFrameLimit - : kAltsRecordProtocolFrameLimit; - /* Creates alts_grpc_record_protocol with AEAD crypter ownership transferred. - */ - tsi_result result = - is_integrity_only - ? alts_grpc_integrity_only_record_protocol_create( - crypter, overflow_limit, is_client, is_protect, record_protocol) - : alts_grpc_privacy_integrity_record_protocol_create( - crypter, overflow_limit, is_client, is_protect, - record_protocol); - if (result != TSI_OK) { - gsec_aead_crypter_destroy(crypter); - return result; - } - return TSI_OK; -} - -/* --- tsi_zero_copy_grpc_protector methods implementation. --- */ - -static tsi_result alts_zero_copy_grpc_protector_protect( - tsi_zero_copy_grpc_protector* self, grpc_slice_buffer* unprotected_slices, - grpc_slice_buffer* protected_slices) { - if (self == nullptr || unprotected_slices == nullptr || - protected_slices == nullptr) { - gpr_log(GPR_ERROR, "Invalid nullptr arguments to zero-copy grpc protect."); - return TSI_INVALID_ARGUMENT; - } - alts_zero_copy_grpc_protector* protector = - reinterpret_cast<alts_zero_copy_grpc_protector*>(self); - /* Calls alts_grpc_record_protocol protect repeatly. */ - while (unprotected_slices->length > protector->max_unprotected_data_size) { - grpc_slice_buffer_move_first(unprotected_slices, - protector->max_unprotected_data_size, - &protector->unprotected_staging_sb); - tsi_result status = alts_grpc_record_protocol_protect( - protector->record_protocol, &protector->unprotected_staging_sb, - protected_slices); - if (status != TSI_OK) { - return status; - } - } - return alts_grpc_record_protocol_protect( - protector->record_protocol, unprotected_slices, protected_slices); -} - -static tsi_result alts_zero_copy_grpc_protector_unprotect( - tsi_zero_copy_grpc_protector* self, grpc_slice_buffer* protected_slices, - grpc_slice_buffer* unprotected_slices) { - if (self == nullptr || unprotected_slices == nullptr || - protected_slices == nullptr) { - gpr_log(GPR_ERROR, - "Invalid nullptr arguments to zero-copy grpc unprotect."); - return TSI_INVALID_ARGUMENT; - } - alts_zero_copy_grpc_protector* protector = - reinterpret_cast<alts_zero_copy_grpc_protector*>(self); - grpc_slice_buffer_move_into(protected_slices, &protector->protected_sb); - /* Keep unprotecting each frame if possible. */ - while (protector->protected_sb.length >= kZeroCopyFrameLengthFieldSize) { - if (protector->parsed_frame_size == 0) { - /* We have not parsed frame size yet. Parses frame size. */ - if (!read_frame_size(&protector->protected_sb, - &protector->parsed_frame_size)) { - grpc_slice_buffer_reset_and_unref_internal(&protector->protected_sb); - return TSI_DATA_CORRUPTED; - } - } - if (protector->protected_sb.length < protector->parsed_frame_size) break; - /* At this point, protected_sb contains at least one frame of data. */ - tsi_result status; - if (protector->protected_sb.length == protector->parsed_frame_size) { - status = alts_grpc_record_protocol_unprotect(protector->unrecord_protocol, - &protector->protected_sb, - unprotected_slices); - } else { - grpc_slice_buffer_move_first(&protector->protected_sb, - protector->parsed_frame_size, - &protector->protected_staging_sb); - status = alts_grpc_record_protocol_unprotect( - protector->unrecord_protocol, &protector->protected_staging_sb, - unprotected_slices); - } - protector->parsed_frame_size = 0; - if (status != TSI_OK) { - grpc_slice_buffer_reset_and_unref_internal(&protector->protected_sb); - return status; - } - } - return TSI_OK; -} - -static void alts_zero_copy_grpc_protector_destroy( - tsi_zero_copy_grpc_protector* self) { - if (self == nullptr) { - return; - } - alts_zero_copy_grpc_protector* protector = - reinterpret_cast<alts_zero_copy_grpc_protector*>(self); - alts_grpc_record_protocol_destroy(protector->record_protocol); - alts_grpc_record_protocol_destroy(protector->unrecord_protocol); - grpc_slice_buffer_destroy_internal(&protector->unprotected_staging_sb); - grpc_slice_buffer_destroy_internal(&protector->protected_sb); - grpc_slice_buffer_destroy_internal(&protector->protected_staging_sb); - gpr_free(protector); -} - -static const tsi_zero_copy_grpc_protector_vtable - alts_zero_copy_grpc_protector_vtable = { - alts_zero_copy_grpc_protector_protect, - alts_zero_copy_grpc_protector_unprotect, - alts_zero_copy_grpc_protector_destroy}; - -tsi_result alts_zero_copy_grpc_protector_create( - const uint8_t* key, size_t key_size, bool is_rekey, bool is_client, - bool is_integrity_only, size_t* max_protected_frame_size, - tsi_zero_copy_grpc_protector** protector) { - if (grpc_core::ExecCtx::Get() == nullptr || key == nullptr || - protector == nullptr) { - gpr_log( - GPR_ERROR, - "Invalid nullptr arguments to alts_zero_copy_grpc_protector create."); - return TSI_INVALID_ARGUMENT; - } - /* Creates alts_zero_copy_protector. */ - alts_zero_copy_grpc_protector* impl = - static_cast<alts_zero_copy_grpc_protector*>( - gpr_zalloc(sizeof(alts_zero_copy_grpc_protector))); - /* Creates alts_grpc_record_protocol objects. */ - tsi_result status = create_alts_grpc_record_protocol( - key, key_size, is_rekey, is_client, is_integrity_only, - /*is_protect=*/true, &impl->record_protocol); - if (status == TSI_OK) { - status = create_alts_grpc_record_protocol( - key, key_size, is_rekey, is_client, is_integrity_only, - /*is_protect=*/false, &impl->unrecord_protocol); - if (status == TSI_OK) { - /* Sets maximum frame size. */ - size_t max_protected_frame_size_to_set = kDefaultFrameLength; - if (max_protected_frame_size != nullptr) { - *max_protected_frame_size = - GPR_MIN(*max_protected_frame_size, kMaxFrameLength); - *max_protected_frame_size = - GPR_MAX(*max_protected_frame_size, kMinFrameLength); - max_protected_frame_size_to_set = *max_protected_frame_size; - } - impl->max_protected_frame_size = max_protected_frame_size_to_set; - impl->max_unprotected_data_size = - alts_grpc_record_protocol_max_unprotected_data_size( - impl->record_protocol, max_protected_frame_size_to_set); - GPR_ASSERT(impl->max_unprotected_data_size > 0); - /* Allocates internal slice buffers. */ - grpc_slice_buffer_init(&impl->unprotected_staging_sb); - grpc_slice_buffer_init(&impl->protected_sb); - grpc_slice_buffer_init(&impl->protected_staging_sb); - impl->parsed_frame_size = 0; - impl->base.vtable = &alts_zero_copy_grpc_protector_vtable; - *protector = &impl->base; - return TSI_OK; - } - } - - /* Cleanup if create failed. */ - alts_grpc_record_protocol_destroy(impl->record_protocol); - alts_grpc_record_protocol_destroy(impl->unrecord_protocol); - gpr_free(impl); - return TSI_INTERNAL_ERROR; -} diff --git a/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h b/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h deleted file mode 100644 index 71e953cfc1..0000000000 --- a/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h +++ /dev/null @@ -1,52 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef GRPC_CORE_TSI_ALTS_ZERO_COPY_FRAME_PROTECTOR_ALTS_ZERO_COPY_GRPC_PROTECTOR_H -#define GRPC_CORE_TSI_ALTS_ZERO_COPY_FRAME_PROTECTOR_ALTS_ZERO_COPY_GRPC_PROTECTOR_H - -#include <grpc/support/port_platform.h> - -#include <stdbool.h> - -#include "src/core/tsi/transport_security_grpc.h" - -/** - * This method creates an ALTS zero-copy grpc protector. - * - * - key: a symmetric key used to seal/unseal frames. - * - key_size: the size of symmetric key. - * - is_rekey: use rekeying AEAD crypter. - * - is_client: a flag indicating if the protector will be used at client or - * server side. - * - is_integrity_only: a flag indicating if the protector instance will be - * used for integrity-only or privacy-integrity mode. - * - max_protected_frame_size: an in/out parameter indicating max frame size - * to be used by the protector. If it is nullptr, the default frame size will - * be used. Otherwise, the provided frame size will be adjusted (if not - * falling into a valid frame range) and used. - * - protector: a pointer to the zero-copy protector returned from the method. - * - * This method returns TSI_OK on success or a specific error code otherwise. - */ -tsi_result alts_zero_copy_grpc_protector_create( - const uint8_t* key, size_t key_size, bool is_rekey, bool is_client, - bool is_integrity_only, size_t* max_protected_frame_size, - tsi_zero_copy_grpc_protector** protector); - -#endif /* GRPC_CORE_TSI_ALTS_ZERO_COPY_FRAME_PROTECTOR_ALTS_ZERO_COPY_GRPC_PROTECTOR_H \ - */ diff --git a/src/python/grpcio/grpc_core_dependencies.py b/src/python/grpcio/grpc_core_dependencies.py index dd3a8f963f..75156793f1 100644 --- a/src/python/grpcio/grpc_core_dependencies.py +++ b/src/python/grpcio/grpc_core_dependencies.py @@ -220,7 +220,6 @@ CORE_SOURCE_FILES = [ 'src/core/ext/filters/http/server/http_server_filter.cc', 'src/core/lib/http/httpcli_security_connector.cc', 'src/core/lib/security/context/security_context.cc', - 'src/core/lib/security/credentials/alts/alts_credentials.cc', 'src/core/lib/security/credentials/composite/composite_credentials.cc', 'src/core/lib/security/credentials/credentials.cc', 'src/core/lib/security/credentials/credentials_metadata.cc', @@ -234,7 +233,6 @@ CORE_SOURCE_FILES = [ 'src/core/lib/security/credentials/oauth2/oauth2_credentials.cc', 'src/core/lib/security/credentials/plugin/plugin_credentials.cc', 'src/core/lib/security/credentials/ssl/ssl_credentials.cc', - 'src/core/lib/security/security_connector/alts_security_connector.cc', 'src/core/lib/security/security_connector/security_connector.cc', 'src/core/lib/security/transport/client_auth_filter.cc', 'src/core/lib/security/transport/secure_endpoint.cc', @@ -244,45 +242,14 @@ CORE_SOURCE_FILES = [ 'src/core/lib/security/transport/tsi_error.cc', 'src/core/lib/security/util/json_util.cc', 'src/core/lib/surface/init_secure.cc', - 'src/core/tsi/alts/crypt/aes_gcm.cc', - 'src/core/tsi/alts/crypt/gsec.cc', - 'src/core/tsi/alts/frame_protector/alts_counter.cc', - 'src/core/tsi/alts/frame_protector/alts_crypter.cc', - 'src/core/tsi/alts/frame_protector/alts_frame_protector.cc', - 'src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc', - 'src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc', - 'src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc', - 'src/core/tsi/alts/frame_protector/frame_handler.cc', - 'src/core/tsi/alts/handshaker/alts_handshaker_client.cc', - 'src/core/tsi/alts/handshaker/alts_tsi_event.cc', - 'src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc', - 'src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc', - 'src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc', - 'src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc', - 'src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc', - 'src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc', - 'src/core/lib/security/credentials/alts/check_gcp_environment.cc', - 'src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc', - 'src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc', - 'src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc', - 'src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc', - 'src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc', - 'src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc', - 'src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc', - 'src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc', - 'src/core/tsi/alts/handshaker/alts_tsi_utils.cc', - 'src/core/tsi/alts/handshaker/transport_security_common_api.cc', - 'src/core/tsi/alts/handshaker/altscontext.pb.c', - 'src/core/tsi/alts/handshaker/handshaker.pb.c', - 'src/core/tsi/alts/handshaker/transport_security_common.pb.c', - 'third_party/nanopb/pb_common.c', - 'third_party/nanopb/pb_decode.c', - 'third_party/nanopb/pb_encode.c', + 'src/core/tsi/alts_transport_security.cc', + 'src/core/tsi/fake_transport_security.cc', + 'src/core/tsi/ssl_transport_security.cc', + 'src/core/tsi/transport_security_grpc.cc', 'src/core/tsi/transport_security.cc', 'src/core/tsi/transport_security_adapter.cc', - 'src/core/ext/transport/chttp2/client/insecure/channel_create.cc', - 'src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc', - 'src/core/ext/transport/chttp2/client/chttp2_connector.cc', + 'src/core/ext/transport/chttp2/server/chttp2_server.cc', + 'src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc', 'src/core/ext/filters/client_channel/backup_poller.cc', 'src/core/ext/filters/client_channel/channel_connectivity.cc', 'src/core/ext/filters/client_channel/client_channel.cc', @@ -306,14 +273,11 @@ CORE_SOURCE_FILES = [ 'src/core/ext/filters/client_channel/subchannel_index.cc', 'src/core/ext/filters/client_channel/uri_parser.cc', 'src/core/ext/filters/deadline/deadline_filter.cc', - 'src/core/tsi/alts_transport_security.cc', - 'src/core/tsi/fake_transport_security.cc', - 'src/core/tsi/ssl_transport_security.cc', - 'src/core/tsi/transport_security_grpc.cc', - 'src/core/ext/transport/chttp2/server/chttp2_server.cc', - 'src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc', + 'src/core/ext/transport/chttp2/client/chttp2_connector.cc', 'src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc', 'src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc', + 'src/core/ext/transport/chttp2/client/insecure/channel_create.cc', + 'src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc', 'src/core/ext/transport/inproc/inproc_plugin.cc', 'src/core/ext/transport/inproc/inproc_transport.cc', 'src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc', @@ -322,6 +286,9 @@ CORE_SOURCE_FILES = [ 'src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc', 'src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc', 'src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c', + 'third_party/nanopb/pb_common.c', + 'third_party/nanopb/pb_decode.c', + 'third_party/nanopb/pb_encode.c', 'src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc', 'src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc', 'src/core/ext/filters/client_channel/lb_policy/subchannel_list.cc', diff --git a/templates/CMakeLists.txt.template b/templates/CMakeLists.txt.template index ef4d7d710c..0f088436d1 100644 --- a/templates/CMakeLists.txt.template +++ b/templates/CMakeLists.txt.template @@ -138,8 +138,6 @@ ## Some libraries are shared even with BUILD_SHARED_LIBRARIES=OFF set(CMAKE_POSITION_INDEPENDENT_CODE TRUE) - - add_definitions(-DPB_FIELD_16BIT) if (MSVC) include(cmake/msvc_static_runtime.cmake) diff --git a/templates/Makefile.template b/templates/Makefile.template index 196d12f678..390847b4f2 100644 --- a/templates/Makefile.template +++ b/templates/Makefile.template @@ -221,8 +221,6 @@ % endif % endfor - DEFINES += PB_FIELD_16BIT - CPPFLAGS += $(CPPFLAGS_$(CONFIG)) CFLAGS += $(CFLAGS_$(CONFIG)) CXXFLAGS += $(CXXFLAGS_$(CONFIG)) diff --git a/templates/gRPC-Core.podspec.template b/templates/gRPC-Core.podspec.template index 3e80d602e1..c28b78dbdf 100644 --- a/templates/gRPC-Core.podspec.template +++ b/templates/gRPC-Core.podspec.template @@ -144,7 +144,7 @@ } s.default_subspecs = 'Interface', 'Implementation' - s.compiler_flags = '-DGRPC_ARES=0', '-DPB_FIELD_16BIT' + s.compiler_flags = '-DGRPC_ARES=0' s.libraries = 'c++' # Like many other C libraries, gRPC-Core has its public headers under `include/<libname>/` and its diff --git a/templates/grpc.gyp.template b/templates/grpc.gyp.template index 2ea0d06ebd..3363082a83 100644 --- a/templates/grpc.gyp.template +++ b/templates/grpc.gyp.template @@ -60,11 +60,11 @@ % endfor 'cflags_c': [ '-Werror', - '-std=c99', + '-std=c99' ], 'cflags_cc': [ '-Werror', - '-std=c++11', + '-std=c++11' ], 'include_dirs': [ '.', @@ -127,7 +127,7 @@ % endfor '-stdlib=libc++', '-std=c++11', - '-Wno-error=deprecated-declarations', + '-Wno-error=deprecated-declarations' ], % endif }, diff --git a/test/core/security/BUILD b/test/core/security/BUILD index 68de2d169f..9776e6d5fd 100644 --- a/test/core/security/BUILD +++ b/test/core/security/BUILD @@ -161,39 +161,3 @@ grpc_cc_binary( "//test/core/util:grpc_test_util", ], ) - -grpc_cc_test( - name = "check_gcp_environment_linux_test", - srcs = ["check_gcp_environment_linux_test.cc"], - language = "C++", - deps = [ - "//:grpc", - ], -) - -grpc_cc_test( - name = "check_gcp_environment_windows_test", - srcs = ["check_gcp_environment_windows_test.cc"], - language = "C++", - deps = [ - "//:grpc", - ], -) - -grpc_cc_test( - name = "grpc_alts_credentials_options_test", - srcs = ["grpc_alts_credentials_options_test.cc"], - language = "C++", - deps = [ - "//:grpc", - ], -) - -grpc_cc_test( - name = "alts_security_connector_test", - srcs = ["alts_security_connector_test.cc"], - language = "C++", - deps = [ - "//:grpc", - ], -) diff --git a/test/core/security/alts_security_connector_test.cc b/test/core/security/alts_security_connector_test.cc deleted file mode 100644 index 103a493526..0000000000 --- a/test/core/security/alts_security_connector_test.cc +++ /dev/null @@ -1,166 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> - -#include <grpc/grpc.h> -#include <grpc/support/alloc.h> -#include <grpc/support/log.h> - -#include "src/core/lib/security/security_connector/alts_security_connector.h" -#include "src/core/lib/transport/transport.h" -#include "src/core/tsi/alts/handshaker/alts_tsi_handshaker.h" -#include "src/core/tsi/transport_security.h" - -using grpc_core::internal::grpc_alts_auth_context_from_tsi_peer; - -/* This file contains unit tests of grpc_alts_auth_context_from_tsi_peer(). */ -static void test_invalid_input_failure() { - tsi_peer peer; - grpc_auth_context* ctx; - GPR_ASSERT(grpc_alts_auth_context_from_tsi_peer(nullptr, &ctx) == - GRPC_SECURITY_ERROR); - GPR_ASSERT(grpc_alts_auth_context_from_tsi_peer(&peer, nullptr) == - GRPC_SECURITY_ERROR); -} - -static void test_empty_certificate_type_failure() { - tsi_peer peer; - grpc_auth_context* ctx = nullptr; - GPR_ASSERT(tsi_construct_peer(0, &peer) == TSI_OK); - GPR_ASSERT(grpc_alts_auth_context_from_tsi_peer(&peer, &ctx) == - GRPC_SECURITY_ERROR); - GPR_ASSERT(ctx == nullptr); - tsi_peer_destruct(&peer); -} - -static void test_empty_peer_property_failure() { - tsi_peer peer; - grpc_auth_context* ctx; - GPR_ASSERT(tsi_construct_peer(1, &peer) == TSI_OK); - GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( - TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_ALTS_CERTIFICATE_TYPE, - &peer.properties[0]) == TSI_OK); - GPR_ASSERT(grpc_alts_auth_context_from_tsi_peer(&peer, &ctx) == - GRPC_SECURITY_ERROR); - GPR_ASSERT(ctx == nullptr); - tsi_peer_destruct(&peer); -} - -static void test_missing_rpc_protocol_versions_property_failure() { - tsi_peer peer; - grpc_auth_context* ctx; - GPR_ASSERT(tsi_construct_peer(kTsiAltsNumOfPeerProperties, &peer) == TSI_OK); - GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( - TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_ALTS_CERTIFICATE_TYPE, - &peer.properties[0]) == TSI_OK); - GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( - TSI_ALTS_SERVICE_ACCOUNT_PEER_PROPERTY, "alice", - &peer.properties[1]) == TSI_OK); - GPR_ASSERT(grpc_alts_auth_context_from_tsi_peer(&peer, &ctx) == - GRPC_SECURITY_ERROR); - GPR_ASSERT(ctx == nullptr); - tsi_peer_destruct(&peer); -} - -static void test_unknown_peer_property_failure() { - tsi_peer peer; - grpc_auth_context* ctx; - GPR_ASSERT(tsi_construct_peer(kTsiAltsNumOfPeerProperties, &peer) == TSI_OK); - GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( - TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_ALTS_CERTIFICATE_TYPE, - &peer.properties[0]) == TSI_OK); - GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( - "unknown", "alice", &peer.properties[1]) == TSI_OK); - GPR_ASSERT(grpc_alts_auth_context_from_tsi_peer(&peer, &ctx) == - GRPC_SECURITY_ERROR); - GPR_ASSERT(ctx == nullptr); - tsi_peer_destruct(&peer); -} - -static bool test_identity(const grpc_auth_context* ctx, - const char* expected_property_name, - const char* expected_identity) { - grpc_auth_property_iterator it; - const grpc_auth_property* prop; - GPR_ASSERT(grpc_auth_context_peer_is_authenticated(ctx)); - it = grpc_auth_context_peer_identity(ctx); - prop = grpc_auth_property_iterator_next(&it); - GPR_ASSERT(prop != nullptr); - if (strcmp(prop->name, expected_property_name) != 0) { - gpr_log(GPR_ERROR, "Expected peer identity property name %s and got %s.", - expected_property_name, prop->name); - return false; - } - if (strncmp(prop->value, expected_identity, prop->value_length) != 0) { - gpr_log(GPR_ERROR, "Expected peer identity %s and got got %s.", - expected_identity, prop->value); - return false; - } - return true; -} - -static void test_alts_peer_to_auth_context_success() { - tsi_peer peer; - grpc_auth_context* ctx; - GPR_ASSERT(tsi_construct_peer(kTsiAltsNumOfPeerProperties, &peer) == TSI_OK); - GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( - TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_ALTS_CERTIFICATE_TYPE, - &peer.properties[0]) == TSI_OK); - GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( - TSI_ALTS_SERVICE_ACCOUNT_PEER_PROPERTY, "alice", - &peer.properties[1]) == TSI_OK); - grpc_gcp_rpc_protocol_versions peer_versions; - grpc_gcp_rpc_protocol_versions_set_max(&peer_versions, - GRPC_PROTOCOL_VERSION_MAX_MAJOR, - GRPC_PROTOCOL_VERSION_MAX_MINOR); - grpc_gcp_rpc_protocol_versions_set_min(&peer_versions, - GRPC_PROTOCOL_VERSION_MIN_MAJOR, - GRPC_PROTOCOL_VERSION_MIN_MINOR); - grpc_slice serialized_peer_versions; - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_encode(&peer_versions, - &serialized_peer_versions)); - - GPR_ASSERT(tsi_construct_string_peer_property( - TSI_ALTS_RPC_VERSIONS, - reinterpret_cast<char*>( - GRPC_SLICE_START_PTR(serialized_peer_versions)), - GRPC_SLICE_LENGTH(serialized_peer_versions), - &peer.properties[2]) == TSI_OK); - GPR_ASSERT(grpc_alts_auth_context_from_tsi_peer(&peer, &ctx) == - GRPC_SECURITY_OK); - GPR_ASSERT( - test_identity(ctx, TSI_ALTS_SERVICE_ACCOUNT_PEER_PROPERTY, "alice")); - GRPC_AUTH_CONTEXT_UNREF(ctx, "test"); - grpc_slice_unref(serialized_peer_versions); - tsi_peer_destruct(&peer); -} - -int main(int argc, char** argv) { - /* Test. */ - test_invalid_input_failure(); - test_empty_certificate_type_failure(); - test_empty_peer_property_failure(); - test_unknown_peer_property_failure(); - test_missing_rpc_protocol_versions_property_failure(); - test_alts_peer_to_auth_context_success(); - - return 0; -} diff --git a/test/core/security/check_gcp_environment_linux_test.cc b/test/core/security/check_gcp_environment_linux_test.cc deleted file mode 100644 index 6c436a3945..0000000000 --- a/test/core/security/check_gcp_environment_linux_test.cc +++ /dev/null @@ -1,83 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include "src/core/lib/security/credentials/alts/check_gcp_environment.h" - -#if GPR_LINUX - -#include <stdio.h> -#include <string.h> - -#include <grpc/support/alloc.h> -#include <grpc/support/log.h> - -#include "src/core/lib/gpr/tmpfile.h" - -static bool check_bios_data_linux_test(const char* data) { - /* Create a file with contents data. */ - char* filename = nullptr; - FILE* fp = gpr_tmpfile("check_gcp_environment_test", &filename); - GPR_ASSERT(filename != nullptr); - GPR_ASSERT(fp != nullptr); - GPR_ASSERT(fwrite(data, 1, strlen(data), fp) == strlen(data)); - fclose(fp); - bool result = grpc_core::internal::check_bios_data( - reinterpret_cast<const char*>(filename)); - /* Cleanup. */ - remove(filename); - gpr_free(filename); - return result; -} - -static void test_gcp_environment_check_success() { - /* Exact match. */ - GPR_ASSERT(check_bios_data_linux_test("Google")); - GPR_ASSERT(check_bios_data_linux_test("Google Compute Engine")); - /* With leading and trailing whitespaces. */ - GPR_ASSERT(check_bios_data_linux_test(" Google ")); - GPR_ASSERT(check_bios_data_linux_test("Google ")); - GPR_ASSERT(check_bios_data_linux_test(" Google")); - GPR_ASSERT(check_bios_data_linux_test(" Google Compute Engine ")); - GPR_ASSERT(check_bios_data_linux_test("Google Compute Engine ")); - GPR_ASSERT(check_bios_data_linux_test(" Google Compute Engine")); - /* With leading and trailing \t and \n. */ - GPR_ASSERT(check_bios_data_linux_test("\t\tGoogle Compute Engine\t")); - GPR_ASSERT(check_bios_data_linux_test("Google Compute Engine\n")); - GPR_ASSERT(check_bios_data_linux_test("\n\n\tGoogle Compute Engine \n\t\t")); -} - -static void test_gcp_environment_check_failure() { - GPR_ASSERT(!check_bios_data_linux_test("non_existing-file")); - GPR_ASSERT(!check_bios_data_linux_test("Google-Chrome")); - GPR_ASSERT(!check_bios_data_linux_test("Amazon")); - GPR_ASSERT(!check_bios_data_linux_test("Google-Chrome\t\t")); - GPR_ASSERT(!check_bios_data_linux_test("Amazon")); -} - -int main(int argc, char** argv) { - /* Tests. */ - test_gcp_environment_check_success(); - test_gcp_environment_check_failure(); - return 0; -} - -#else // GPR_LINUX - -int main(int argc, char** argv) { return 0; } - -#endif // GPR_LINUX diff --git a/test/core/security/check_gcp_environment_windows_test.cc b/test/core/security/check_gcp_environment_windows_test.cc deleted file mode 100644 index 46179b747d..0000000000 --- a/test/core/security/check_gcp_environment_windows_test.cc +++ /dev/null @@ -1,71 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include "src/core/lib/security/credentials/alts/check_gcp_environment.h" - -#ifdef GPR_WINDOWS - -#include <stdio.h> -#include <string.h> - -#include <grpc/support/alloc.h> -#include <grpc/support/log.h> -#include "src/core/lib/gpr/tmpfile.h" - -static bool check_bios_data_windows_test(const char* data) { - /* Create a file with contents data. */ - char* filename = nullptr; - FILE* fp = gpr_tmpfile("check_gcp_environment_test", &filename); - GPR_ASSERT(filename != nullptr); - GPR_ASSERT(fp != nullptr); - GPR_ASSERT(fwrite(data, 1, strlen(data), fp) == strlen(data)); - fclose(fp); - bool result = grpc_core::internal::check_bios_data( - reinterpret_cast<const char*>(filename)); - /* Cleanup. */ - remove(filename); - gpr_free(filename); - return result; -} - -static void test_gcp_environment_check_success() { - GPR_ASSERT(check_bios_data_windows_test("Google")); - GPR_ASSERT(check_bios_data_windows_test("Google\n")); - GPR_ASSERT(check_bios_data_windows_test("Google\r")); - GPR_ASSERT(check_bios_data_windows_test("Google\r\n")); - GPR_ASSERT(check_bios_data_windows_test(" Google \r\n")); - GPR_ASSERT(check_bios_data_windows_test(" \t\t Google\r\n")); - GPR_ASSERT(check_bios_data_windows_test(" \t\t Google\t\t \r\n")); -} - -static void test_gcp_environment_check_failure() { - GPR_ASSERT(!check_bios_data_windows_test("\t\tAmazon\n")); - GPR_ASSERT(!check_bios_data_windows_test(" Amazon\r\n")); -} - -int main(int argc, char** argv) { - /* Tests. */ - test_gcp_environment_check_success(); - test_gcp_environment_check_failure(); - return 0; -} -#else // GPR_WINDOWS - -int main(int argc, char** argv) { return 0; } - -#endif // GPR_WINDOWS diff --git a/test/core/security/grpc_alts_credentials_options_test.cc b/test/core/security/grpc_alts_credentials_options_test.cc deleted file mode 100644 index 1217065507..0000000000 --- a/test/core/security/grpc_alts_credentials_options_test.cc +++ /dev/null @@ -1,118 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> - -#include <grpc/grpc.h> -#include <grpc/support/log.h> - -#include "src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h" - -#define ALTS_CLIENT_OPTIONS_TEST_TARGET_SERVICE_ACCOUNT_1 "abc@google.com" -#define ALTS_CLIENT_OPTIONS_TEST_TARGET_SERVICE_ACCOUNT_2 "def@google.com" - -const size_t kTargetServiceAccountNum = 2; - -static void test_add_target_service_account_failure() { - /* Initialization. */ - grpc_alts_credentials_options* options = - grpc_alts_credentials_client_options_create(); - auto client_options = - reinterpret_cast<grpc_alts_credentials_client_options*>(options); - - /* Test. */ - GPR_ASSERT(!grpc_alts_credentials_client_options_add_target_service_account( - client_options, nullptr)); - GPR_ASSERT(!grpc_alts_credentials_client_options_add_target_service_account( - nullptr, ALTS_CLIENT_OPTIONS_TEST_TARGET_SERVICE_ACCOUNT_1)); - - /* Cleanup. */ - grpc_alts_credentials_options_destroy(options); -} - -static void test_copy_client_options_failure() { - /* Initialization. */ - grpc_alts_credentials_options* options = - grpc_alts_credentials_client_options_create(); - - /* Test. */ - GPR_ASSERT(grpc_alts_credentials_options_copy(nullptr) == nullptr); - - /* Cleanup. */ - grpc_alts_credentials_options_destroy(options); -} - -static size_t get_target_service_account_num( - grpc_alts_credentials_client_options* options) { - size_t num = 0; - target_service_account* node = options->target_account_list_head; - while (node != nullptr) { - num++; - node = node->next; - } - return num; -} - -static void test_client_options_api_success() { - /* Initialization. */ - grpc_alts_credentials_options* options = - grpc_alts_credentials_client_options_create(); - auto client_options = - reinterpret_cast<grpc_alts_credentials_client_options*>(options); - - /* Set client options fields. */ - grpc_alts_credentials_client_options_add_target_service_account( - client_options, ALTS_CLIENT_OPTIONS_TEST_TARGET_SERVICE_ACCOUNT_1); - grpc_alts_credentials_client_options_add_target_service_account( - client_options, ALTS_CLIENT_OPTIONS_TEST_TARGET_SERVICE_ACCOUNT_2); - - /* Validate client option fields. */ - GPR_ASSERT(get_target_service_account_num(client_options) == - kTargetServiceAccountNum); - GPR_ASSERT(strcmp(client_options->target_account_list_head->data, - ALTS_CLIENT_OPTIONS_TEST_TARGET_SERVICE_ACCOUNT_2) == 0); - GPR_ASSERT(strcmp(client_options->target_account_list_head->next->data, - ALTS_CLIENT_OPTIONS_TEST_TARGET_SERVICE_ACCOUNT_1) == 0); - - /* Perform a copy operation and validate its correctness. */ - grpc_alts_credentials_options* new_options = - grpc_alts_credentials_options_copy(options); - auto new_client_options = - reinterpret_cast<grpc_alts_credentials_client_options*>(new_options); - - GPR_ASSERT(get_target_service_account_num(new_client_options) == - kTargetServiceAccountNum); - GPR_ASSERT(strcmp(new_client_options->target_account_list_head->data, - ALTS_CLIENT_OPTIONS_TEST_TARGET_SERVICE_ACCOUNT_2) == 0); - GPR_ASSERT(strcmp(new_client_options->target_account_list_head->next->data, - ALTS_CLIENT_OPTIONS_TEST_TARGET_SERVICE_ACCOUNT_1) == 0); - - /* Cleanup.*/ - grpc_alts_credentials_options_destroy(options); - grpc_alts_credentials_options_destroy(new_options); -} - -int main(int argc, char** argv) { - /* Test. */ - test_add_target_service_account_failure(); - test_copy_client_options_failure(); - test_client_options_api_success(); - return 0; -} diff --git a/test/core/tsi/BUILD b/test/core/tsi/BUILD index 8ac3e7687c..e28c0b5f84 100644 --- a/test/core/tsi/BUILD +++ b/test/core/tsi/BUILD @@ -16,7 +16,7 @@ load("//bazel:grpc_build_system.bzl", "grpc_cc_library", "grpc_cc_test", "grpc_c licenses(["notice"]) # Apache v2 -grpc_package(name = "test/core/tsi", visibility = "public") +grpc_package(name = "test/core/tsi") grpc_cc_library( name = "transport_security_test_lib", diff --git a/test/core/tsi/alts/crypt/BUILD b/test/core/tsi/alts/crypt/BUILD deleted file mode 100644 index 0057d7f6e6..0000000000 --- a/test/core/tsi/alts/crypt/BUILD +++ /dev/null @@ -1,38 +0,0 @@ -# Copyright 2018 gRPC authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -load("//bazel:grpc_build_system.bzl", "grpc_cc_library", "grpc_cc_test", "grpc_package") - -licenses(["notice"]) # Apache v2 - -grpc_package(name = "crypt", visibility = "public") - -grpc_cc_library( - name = "alts_crypt_test_util", - srcs = ["gsec_test_util.cc"], - hdrs = ["gsec_test_util.h"], - deps = [ - "//:grpc", - ], -) - -grpc_cc_test( - name = "alts_crypt_test", - srcs = ["aes_gcm_test.cc"], - language = "C++", - deps = [ - ":alts_crypt_test_util", - "//:grpc", - ], -) diff --git a/test/core/tsi/alts/crypt/aes_gcm_test.cc b/test/core/tsi/alts/crypt/aes_gcm_test.cc deleted file mode 100644 index 576dd8f27b..0000000000 --- a/test/core/tsi/alts/crypt/aes_gcm_test.cc +++ /dev/null @@ -1,2105 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include "src/core/tsi/alts/crypt/gsec.h" -#include "test/core/tsi/alts/crypt/gsec_test_util.h" - -#include <grpc/support/alloc.h> -#include <grpc/support/log.h> - -const size_t kTestMinTagLengthForCorruption = 8; -const size_t kTestNumCrypters = 3; -const size_t kTestMaxSlices = 5; -const size_t kTestMaxLength = 1024; -const size_t kTestNumEncryptions = 100; - -/* Struct for pre-generated test vector */ -typedef struct gsec_aead_test_vector { - uint8_t* nonce; - uint8_t* aad; - uint8_t* key; - uint8_t* plaintext; - uint8_t* ciphertext_and_tag; - size_t nonce_length; - size_t aad_length; - size_t key_length; - size_t plaintext_length; - size_t ciphertext_and_tag_length; -} gsec_aead_test_vector; - -static void gsec_randomly_slice(uint8_t* input, size_t input_length, - struct iovec** output, size_t* output_length) { - if (input_length == 0) { - *output = nullptr; - *output_length = 0; - return; - } - *output_length = gsec_test_bias_random_uint32(kTestMaxSlices) + 1; - *output = - static_cast<struct iovec*>(malloc(*output_length * sizeof(**output))); - size_t i; - for (i = 0; i < *output_length - 1; i++) { - size_t slice_length = - gsec_test_bias_random_uint32(static_cast<uint32_t>(input_length)); - struct iovec slice = {input, slice_length}; - (*output)[i] = slice; - input += slice_length; - input_length -= slice_length; - } - struct iovec slice = {input, input_length}; - (*output)[*output_length - 1] = slice; -} - -static void gsec_assert_ok(grpc_status_code status, const char* error_detail) { - char empty_string[] = ""; - if (error_detail == nullptr) { - error_detail = empty_string; - } - if (status != GRPC_STATUS_OK) { - fprintf(stderr, "Status is not ok: %s\n", error_detail); - } - GPR_ASSERT(status == GRPC_STATUS_OK); -} - -static void gsec_test_random_encrypt_decrypt(gsec_aead_crypter* crypter, - size_t aad_length, - size_t message_length) { - GPR_ASSERT(crypter != nullptr); - size_t nonce_length, tag_length; - uint8_t *nonce, *aad, *message; - gsec_aead_crypter_nonce_length(crypter, &nonce_length, nullptr); - gsec_aead_crypter_tag_length(crypter, &tag_length, nullptr); - - gsec_test_random_array(&nonce, nonce_length); - gsec_test_random_array(&aad, aad_length); - gsec_test_random_array(&message, message_length); - - /* Test encryption */ - size_t ciphertext_and_tag_length, ciphertext_bytes_written = 0; - gsec_aead_crypter_max_ciphertext_and_tag_length( - crypter, message_length, &ciphertext_and_tag_length, nullptr); - - uint8_t* ciphertext_and_tag = - static_cast<uint8_t*>(gpr_malloc(ciphertext_and_tag_length)); - - char* error_buffer = nullptr; - gsec_assert_ok( - gsec_aead_crypter_encrypt(crypter, nonce, nonce_length, aad, aad_length, - message, message_length, ciphertext_and_tag, - ciphertext_and_tag_length, - &ciphertext_bytes_written, &error_buffer), - error_buffer); - GPR_ASSERT(message_length + tag_length == ciphertext_and_tag_length); - GPR_ASSERT(ciphertext_bytes_written == ciphertext_and_tag_length); - - /* Test decryption */ - size_t plaintext_length, plaintext_bytes_written = 0; - gsec_aead_crypter_max_plaintext_length(crypter, ciphertext_bytes_written, - &plaintext_length, nullptr); - uint8_t* plaintext = static_cast<uint8_t*>(gpr_malloc(plaintext_length)); - grpc_status_code status = gsec_aead_crypter_decrypt( - crypter, nonce, nonce_length, aad, aad_length, ciphertext_and_tag, - ciphertext_bytes_written, plaintext, plaintext_length, - &plaintext_bytes_written, nullptr); - - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(message_length == plaintext_bytes_written); - GPR_ASSERT(memcmp(message, plaintext, message_length) == 0); - - /** - * The returned plaintext will be zeroed if there was an authentication error. - */ - uint8_t* zero_message = static_cast<uint8_t*>(gpr_zalloc(plaintext_length)); - if (tag_length >= kTestMinTagLengthForCorruption) { - char* error_message; - /* Corrupt nonce */ - if (nonce_length > 0) { - plaintext_bytes_written = 0; - uint8_t* corrupt_nonce; - gsec_test_copy_and_alter_random_byte(nonce, &corrupt_nonce, nonce_length); - status = gsec_aead_crypter_decrypt( - crypter, corrupt_nonce, nonce_length, aad, aad_length, - ciphertext_and_tag, ciphertext_bytes_written, plaintext, - plaintext_length, &plaintext_bytes_written, &error_message); - - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_FAILED_PRECONDITION, "Checking tag failed.", - error_message)); - GPR_ASSERT(plaintext_bytes_written == 0); - GPR_ASSERT(memcmp(zero_message, plaintext, plaintext_length) == 0); - gpr_free(corrupt_nonce); - gpr_free(error_message); - } - - /* Corrupt ciphertext_and_tag */ - plaintext_bytes_written = 0; - uint8_t* corrupt_ciphertext_and_tag; - gsec_test_copy_and_alter_random_byte(ciphertext_and_tag, - &corrupt_ciphertext_and_tag, - ciphertext_and_tag_length); - status = gsec_aead_crypter_decrypt( - crypter, nonce, nonce_length, aad, aad_length, - corrupt_ciphertext_and_tag, ciphertext_bytes_written, plaintext, - plaintext_length, &plaintext_bytes_written, &error_message); - - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_FAILED_PRECONDITION, error_message, - "Checking tag failed")); - GPR_ASSERT(plaintext_bytes_written == 0); - GPR_ASSERT(memcmp(zero_message, plaintext, plaintext_length) == 0); - gpr_free(error_message); - gpr_free(corrupt_ciphertext_and_tag); - - /* Corrupt start of ciphertext_and_tag */ - plaintext_bytes_written = 0; - gsec_test_copy(ciphertext_and_tag, &corrupt_ciphertext_and_tag, - ciphertext_and_tag_length); - (*corrupt_ciphertext_and_tag)++; - status = gsec_aead_crypter_decrypt( - crypter, nonce, nonce_length, aad, aad_length, - corrupt_ciphertext_and_tag, ciphertext_bytes_written, plaintext, - plaintext_length, &plaintext_bytes_written, &error_message); - GPR_ASSERT(plaintext_bytes_written == 0); - GPR_ASSERT(memcmp(zero_message, plaintext, plaintext_length) == 0); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_FAILED_PRECONDITION, error_message, - "Checking tag failed")); - gpr_free(error_message); - gpr_free(corrupt_ciphertext_and_tag); - - /* Corrupt end of ciphertext_and_tag */ - plaintext_bytes_written = 0; - gsec_test_copy(ciphertext_and_tag, &corrupt_ciphertext_and_tag, - ciphertext_and_tag_length); - (*(corrupt_ciphertext_and_tag + ciphertext_and_tag_length - 1))++; - - status = gsec_aead_crypter_decrypt( - crypter, nonce, nonce_length, aad, aad_length, - corrupt_ciphertext_and_tag, ciphertext_bytes_written, plaintext, - plaintext_length, &plaintext_bytes_written, &error_message); - - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_FAILED_PRECONDITION, error_message, - "Checking tag failed")); - GPR_ASSERT(plaintext_bytes_written == 0); - GPR_ASSERT(memcmp(zero_message, plaintext, plaintext_length) == 0); - gpr_free(error_message); - gpr_free(corrupt_ciphertext_and_tag); - } - - gpr_free(zero_message); - gpr_free(nonce); - gpr_free(aad); - gpr_free(message); - gpr_free(plaintext); - gpr_free(ciphertext_and_tag); -} - -static void gsec_test_encrypt_decrypt(gsec_aead_crypter* crypter) { - GPR_ASSERT(crypter != nullptr); - size_t aad_length, message_length; - aad_length = gsec_test_bias_random_uint32(kTestMaxLength); - message_length = gsec_test_bias_random_uint32(kTestMaxLength); - gsec_test_random_encrypt_decrypt(crypter, aad_length, message_length); - gsec_test_random_encrypt_decrypt(crypter, 0, message_length); - gsec_test_random_encrypt_decrypt(crypter, aad_length, 0); -} - -static void gsec_test_multiple_random_encrypt_decrypt( - gsec_aead_crypter* crypter, size_t* aad_lengths, size_t* message_lengths, - size_t count) { - GPR_ASSERT(crypter != nullptr); - size_t nonce_length, tag_length; - uint8_t **nonces, **aads, **messages; - nonces = static_cast<uint8_t**>(gpr_malloc(sizeof(uint8_t*) * count)); - aads = static_cast<uint8_t**>(gpr_malloc(sizeof(uint8_t*) * count)); - messages = static_cast<uint8_t**>(gpr_malloc(sizeof(uint8_t*) * count)); - - gsec_aead_crypter_nonce_length(crypter, &nonce_length, nullptr); - gsec_aead_crypter_tag_length(crypter, &tag_length, nullptr); - - size_t ind; - for (ind = 0; ind < count; ind++) { - size_t aad_length = (aad_lengths == nullptr) ? 0 : aad_lengths[ind]; - size_t message_length = - (message_lengths == nullptr) ? 0 : message_lengths[ind]; - gsec_test_random_array(&(nonces[ind]), nonce_length); - gsec_test_random_array(&(aads[ind]), aad_length); - gsec_test_random_array(&(messages[ind]), message_length); - } - - size_t* ciphertext_and_tag_lengths = - static_cast<size_t*>(gpr_malloc(sizeof(size_t) * count)); - size_t* ciphertext_bytes_writtens = - static_cast<size_t*>(gpr_malloc(sizeof(size_t) * count)); - size_t* plaintext_lengths = - static_cast<size_t*>(gpr_malloc(sizeof(size_t) * count)); - size_t* plaintext_bytes_writtens = - static_cast<size_t*>(gpr_malloc(sizeof(size_t) * count)); - uint8_t** ciphertext_and_tags = - static_cast<uint8_t**>(gpr_malloc(sizeof(uint8_t*) * count)); - uint8_t** plaintexts = - static_cast<uint8_t**>(gpr_malloc(sizeof(uint8_t*) * count)); - - /* Do encryption */ - for (ind = 0; ind < count; ind++) { - size_t aad_length = (aad_lengths == nullptr) ? 0 : aad_lengths[ind]; - size_t message_length = - (message_lengths == nullptr) ? 0 : message_lengths[ind]; - gsec_aead_crypter_max_ciphertext_and_tag_length( - crypter, message_length, &(ciphertext_and_tag_lengths[ind]), nullptr); - ciphertext_and_tags[ind] = - static_cast<uint8_t*>(gpr_malloc(ciphertext_and_tag_lengths[ind])); - grpc_status_code status = gsec_aead_crypter_encrypt( - crypter, nonces[ind], nonce_length, aads[ind], aad_length, - messages[ind], message_length, ciphertext_and_tags[ind], - ciphertext_and_tag_lengths[ind], &(ciphertext_bytes_writtens[ind]), - nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(message_length + tag_length == ciphertext_and_tag_lengths[ind]); - GPR_ASSERT(ciphertext_bytes_writtens[ind] == - ciphertext_and_tag_lengths[ind]); - } - /* Do Decryption */ - for (ind = 0; ind < count; ind++) { - size_t aad_length = (aad_lengths == nullptr) ? 0 : aad_lengths[ind]; - size_t message_length = - (message_lengths == nullptr) ? 0 : message_lengths[ind]; - gsec_aead_crypter_max_plaintext_length(crypter, - ciphertext_bytes_writtens[ind], - &(plaintext_lengths[ind]), nullptr); - plaintexts[ind] = static_cast<uint8_t*>(gpr_malloc(plaintext_lengths[ind])); - grpc_status_code status = gsec_aead_crypter_decrypt( - crypter, nonces[ind], nonce_length, aads[ind], aad_length, - ciphertext_and_tags[ind], ciphertext_bytes_writtens[ind], - plaintexts[ind], plaintext_lengths[ind], - &(plaintext_bytes_writtens[ind]), nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(message_length == plaintext_bytes_writtens[ind]); - GPR_ASSERT(memcmp(messages[ind], plaintexts[ind], message_length) == 0); - } - - /* Slice the plaintext and encrypt with iovecs */ - for (ind = 0; ind < count; ind++) { - size_t aad_length = (aad_lengths == nullptr) ? 0 : aad_lengths[ind]; - struct iovec* aad_vecs = nullptr; - size_t aad_vecs_length = 0; - gsec_randomly_slice(aads[ind], aad_length, &aad_vecs, &aad_vecs_length); - size_t message_length = - (message_lengths == nullptr) ? 0 : message_lengths[ind]; - struct iovec* message_vecs = nullptr; - size_t message_vecs_length = 0; - gsec_randomly_slice(messages[ind], message_length, &message_vecs, - &message_vecs_length); - - size_t ciphertext_length = ciphertext_and_tag_lengths[ind]; - uint8_t* another_ciphertext = - static_cast<uint8_t*>(malloc(ciphertext_length)); - struct iovec another_ciphertext_vec = {another_ciphertext, - ciphertext_length}; - - char* error_details = nullptr; - size_t ciphertext_bytes_written = 0; - gsec_assert_ok( - gsec_aead_crypter_encrypt_iovec( - crypter, nonces[ind], nonce_length, aad_vecs, aad_vecs_length, - message_vecs, message_vecs_length, another_ciphertext_vec, - &ciphertext_bytes_written, &error_details), - error_details); - GPR_ASSERT(memcmp(ciphertext_and_tags[ind], another_ciphertext_vec.iov_base, - ciphertext_length) == 0); - free(another_ciphertext); - free(aad_vecs); - free(message_vecs); - } - - /* Slice the ciphertext and decrypt with iovecs */ - for (ind = 0; ind < count; ind++) { - size_t message_length = - (message_lengths == nullptr) ? 0 : message_lengths[ind]; - message_length = message_length + 0; - - size_t aad_length = (aad_lengths == nullptr) ? 0 : aad_lengths[ind]; - - struct iovec* aad_vecs = nullptr; - size_t aad_vecs_length = 0; - gsec_randomly_slice(aads[ind], aad_length, &aad_vecs, &aad_vecs_length); - - struct iovec* ciphertext_vecs = nullptr; - size_t ciphertext_vecs_length = 0; - gsec_randomly_slice(ciphertext_and_tags[ind], - ciphertext_bytes_writtens[ind], &ciphertext_vecs, - &ciphertext_vecs_length); - - size_t decrypted_length = plaintext_lengths[ind]; - uint8_t* decrypted = static_cast<uint8_t*>(malloc(decrypted_length)); - struct iovec decrypted_vec = {decrypted, decrypted_length}; - - char* error_details = nullptr; - gsec_assert_ok(gsec_aead_crypter_decrypt_iovec( - crypter, nonces[ind], nonce_length, aad_vecs, - aad_vecs_length, ciphertext_vecs, ciphertext_vecs_length, - decrypted_vec, &decrypted_length, &error_details), - error_details); - GPR_ASSERT(decrypted_vec.iov_len == message_length); - GPR_ASSERT(memcmp(decrypted_vec.iov_base, messages[ind], message_length) == - 0); - free(decrypted); - free(aad_vecs); - free(ciphertext_vecs); - } - - for (ind = 0; ind < count; ind++) { - gpr_free(nonces[ind]); - gpr_free(aads[ind]); - gpr_free(messages[ind]); - gpr_free(ciphertext_and_tags[ind]); - gpr_free(plaintexts[ind]); - } - gpr_free(nonces); - gpr_free(aads); - gpr_free(messages); - gpr_free(ciphertext_and_tag_lengths); - gpr_free(ciphertext_bytes_writtens); - gpr_free(plaintext_lengths); - gpr_free(plaintext_bytes_writtens); - gpr_free(ciphertext_and_tags); - gpr_free(plaintexts); -} - -static void gsec_test_multiple_encrypt_decrypt(gsec_aead_crypter* crypter) { - GPR_ASSERT(crypter != nullptr); - size_t count = kTestNumEncryptions; - size_t* aad_lengths = - static_cast<size_t*>(gpr_malloc(sizeof(size_t) * count)); - size_t* message_lengths = - static_cast<size_t*>(gpr_malloc(sizeof(size_t) * count)); - size_t ind; - for (ind = 0; ind < count; ind++) { - aad_lengths[ind] = gsec_test_bias_random_uint32(kTestMaxLength); - message_lengths[ind] = gsec_test_bias_random_uint32(kTestMaxLength); - } - gsec_test_multiple_random_encrypt_decrypt(crypter, aad_lengths, - message_lengths, count); - gsec_test_multiple_random_encrypt_decrypt(crypter, aad_lengths, nullptr, - count); - gsec_test_multiple_random_encrypt_decrypt(crypter, nullptr, message_lengths, - count); - gpr_free(aad_lengths); - gpr_free(message_lengths); -} - -static void gsec_test_encryption_failure(gsec_aead_crypter* crypter) { - GPR_ASSERT(crypter != nullptr); - size_t aad_length = kTestMaxLength; - size_t message_length = kTestMaxLength; - size_t nonce_length; - - char* error_message; - uint8_t *nonce, *aad, *message; - - gsec_aead_crypter_nonce_length(crypter, &nonce_length, nullptr); - gsec_test_random_array(&nonce, nonce_length); - gsec_test_random_array(&aad, aad_length); - gsec_test_random_array(&message, message_length); - - size_t ciphertext_and_tag_length, ciphertext_bytes_written = 0; - gsec_aead_crypter_max_ciphertext_and_tag_length( - crypter, message_length, &ciphertext_and_tag_length, nullptr); - uint8_t* ciphertext_and_tag = - static_cast<uint8_t*>(gpr_malloc(ciphertext_and_tag_length)); - - /* nullptr nonce */ - grpc_status_code status = gsec_aead_crypter_encrypt( - crypter, nullptr, nonce_length, aad, aad_length, message, message_length, - ciphertext_and_tag, ciphertext_and_tag_length, &ciphertext_bytes_written, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "Nonce buffer is nullptr.")); - gpr_free(error_message); - - /* Big nonce */ - status = gsec_aead_crypter_encrypt( - crypter, nonce, nonce_length + 1, aad, aad_length, message, - message_length, ciphertext_and_tag, ciphertext_and_tag_length, - &ciphertext_bytes_written, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "Nonce buffer has the wrong length.")); - gpr_free(error_message); - - /* Small nonce */ - status = gsec_aead_crypter_encrypt( - crypter, nonce, nonce_length - 1, aad, aad_length, message, - message_length, ciphertext_and_tag, ciphertext_and_tag_length, - &ciphertext_bytes_written, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "Nonce buffer has the wrong length.")); - gpr_free(error_message); - - /* nullptr aad */ - status = gsec_aead_crypter_encrypt( - crypter, nonce, nonce_length, nullptr, aad_length, message, - message_length, ciphertext_and_tag, ciphertext_and_tag_length, - &ciphertext_bytes_written, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, "aad is nullptr.")); - gpr_free(error_message); - - /* nullptr aad with zero length */ - gsec_assert_ok( - gsec_aead_crypter_encrypt(crypter, nonce, nonce_length, nullptr, 0, - message, message_length, ciphertext_and_tag, - ciphertext_and_tag_length, - &ciphertext_bytes_written, &error_message), - error_message); - - /* nullptr plaintext */ - status = gsec_aead_crypter_encrypt( - crypter, nonce, nonce_length, aad, aad_length, nullptr, message_length, - ciphertext_and_tag, ciphertext_and_tag_length, &ciphertext_bytes_written, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "plaintext is nullptr.")); - gpr_free(error_message); - - /* nullptr ciphertext */ - status = gsec_aead_crypter_encrypt(crypter, nonce, nonce_length, aad, - aad_length, message, message_length, - nullptr, ciphertext_and_tag_length, - &ciphertext_bytes_written, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "ciphertext is nullptr.")); - gpr_free(error_message); - - /* Short ciphertext */ - status = gsec_aead_crypter_encrypt( - crypter, nonce, nonce_length, aad, aad_length, message, message_length, - ciphertext_and_tag, ciphertext_and_tag_length - 1, - &ciphertext_bytes_written, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "ciphertext is too small to hold a tag.")); - gpr_free(error_message); - - /* nullptr ciphertext_bytes_written */ - status = gsec_aead_crypter_encrypt( - crypter, nonce, nonce_length, aad, aad_length, message, message_length, - ciphertext_and_tag, ciphertext_and_tag_length, nullptr, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "bytes_written is nullptr.")); - gpr_free(error_message); - - /* nullptr plaintext/ciphertext encrypt with zero length */ - gsec_assert_ok(gsec_aead_crypter_encrypt( - crypter, nonce, nonce_length, aad, aad_length, nullptr, 0, - ciphertext_and_tag, ciphertext_and_tag_length, - &ciphertext_bytes_written, &error_message), - error_message); - - /* Success */ - status = gsec_aead_crypter_encrypt( - crypter, nonce, nonce_length, aad, aad_length, message, message_length, - ciphertext_and_tag, ciphertext_and_tag_length, &ciphertext_bytes_written, - &error_message); - GPR_ASSERT(status == GRPC_STATUS_OK); - - gpr_free(message); - gpr_free(aad); - gpr_free(nonce); - gpr_free(ciphertext_and_tag); -} - -static void gsec_test_decryption_failure(gsec_aead_crypter* crypter) { - GPR_ASSERT(crypter != nullptr); - size_t aad_length = kTestMaxLength; - size_t message_length = kTestMaxLength; - size_t nonce_length, tag_length; - uint8_t *nonce, *aad, *message; - - gsec_aead_crypter_nonce_length(crypter, &nonce_length, nullptr); - gsec_aead_crypter_tag_length(crypter, &tag_length, nullptr); - gsec_test_random_array(&nonce, nonce_length); - gsec_test_random_array(&aad, aad_length); - gsec_test_random_array(&message, message_length); - - /* Test encryption */ - size_t ciphertext_and_tag_length, ciphertext_bytes_written = 0; - gsec_aead_crypter_max_ciphertext_and_tag_length( - crypter, message_length, &ciphertext_and_tag_length, nullptr); - uint8_t* ciphertext_and_tag = - static_cast<uint8_t*>(gpr_malloc(ciphertext_and_tag_length)); - - grpc_status_code status = gsec_aead_crypter_encrypt( - crypter, nonce, nonce_length, aad, aad_length, message, message_length, - ciphertext_and_tag, ciphertext_and_tag_length, &ciphertext_bytes_written, - nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(ciphertext_bytes_written == ciphertext_and_tag_length); - - size_t plaintext_length, plaintext_bytes_written = 0; - gsec_aead_crypter_max_plaintext_length(crypter, ciphertext_bytes_written, - &plaintext_length, nullptr); - uint8_t* plaintext = static_cast<uint8_t*>(gpr_malloc(plaintext_length)); - - char* error_message; - /* nullptr nonce */ - status = gsec_aead_crypter_decrypt( - crypter, nullptr, nonce_length, aad, aad_length, ciphertext_and_tag, - ciphertext_and_tag_length, plaintext, plaintext_length, - &plaintext_bytes_written, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "Nonce buffer is nullptr.")); - gpr_free(error_message); - - /* Big nonce */ - status = gsec_aead_crypter_decrypt( - crypter, nonce, nonce_length + 1, aad, aad_length, ciphertext_and_tag, - ciphertext_and_tag_length, plaintext, plaintext_length, - &plaintext_bytes_written, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "Nonce buffer has the wrong length.")); - gpr_free(error_message); - - /* Small nonce */ - status = gsec_aead_crypter_decrypt( - crypter, nonce, nonce_length - 1, aad, aad_length, ciphertext_and_tag, - ciphertext_and_tag_length, plaintext, plaintext_length, - &plaintext_bytes_written, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "Nonce buffer has the wrong length.")); - gpr_free(error_message); - - /* nullptr aad */ - status = gsec_aead_crypter_decrypt( - crypter, nonce, nonce_length, nullptr, aad_length, ciphertext_and_tag, - ciphertext_and_tag_length, plaintext, plaintext_length, - &plaintext_bytes_written, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, "aad is nullptr.")); - gpr_free(error_message); - - /* nullptr aad with zero length */ - status = gsec_aead_crypter_encrypt( - crypter, nonce, nonce_length, nullptr, 0, message, message_length, - ciphertext_and_tag, ciphertext_and_tag_length, &ciphertext_bytes_written, - &error_message); - GPR_ASSERT(status == GRPC_STATUS_OK); - - status = gsec_aead_crypter_decrypt( - crypter, nonce, nonce_length, nullptr, 0, ciphertext_and_tag, - ciphertext_and_tag_length, plaintext, plaintext_length, - &plaintext_bytes_written, &error_message); - GPR_ASSERT(status == GRPC_STATUS_OK); - - /* Small ciphertext */ - if (tag_length > 0) { - status = gsec_aead_crypter_decrypt( - crypter, nonce, nonce_length, aad, aad_length, ciphertext_and_tag, - tag_length - 1, plaintext, plaintext_length, &plaintext_bytes_written, - &error_message); - - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "ciphertext is too small to hold a tag.")); - gpr_free(error_message); - } - - /* nullptr ciphertext */ - status = gsec_aead_crypter_decrypt( - crypter, nonce, nonce_length, aad, aad_length, nullptr, - ciphertext_and_tag_length, plaintext, plaintext_length, - &plaintext_bytes_written, &error_message); - - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "ciphertext is nullptr.")); - gpr_free(error_message); - - /* nullptr plaintext */ - status = gsec_aead_crypter_decrypt( - crypter, nonce, nonce_length, aad, aad_length, ciphertext_and_tag, - ciphertext_and_tag_length, nullptr, plaintext_length, - &plaintext_bytes_written, &error_message); - - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "plaintext is nullptr, but plaintext_length is positive.")); - gpr_free(error_message); - - /* Short plaintext */ - status = gsec_aead_crypter_decrypt( - crypter, nonce, nonce_length, aad, aad_length, ciphertext_and_tag, - ciphertext_and_tag_length, plaintext, plaintext_length - 1, - &plaintext_bytes_written, &error_message); - - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "Not enough plaintext buffer to hold encrypted ciphertext.")); - gpr_free(error_message); - - /* nullptr plaintext_bytes_written */ - status = gsec_aead_crypter_decrypt(crypter, nonce, nonce_length, aad, - aad_length, ciphertext_and_tag, - ciphertext_and_tag_length, plaintext, - plaintext_length, nullptr, &error_message); - - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "bytes_written is nullptr.")); - gpr_free(error_message); - - gpr_free(message); - gpr_free(plaintext); - gpr_free(ciphertext_and_tag); - gpr_free(aad); - gpr_free(nonce); -} - -static void gsec_test_encrypt_decrypt_test_vector( - gsec_aead_crypter* crypter, gsec_aead_test_vector* test_vector) { - GPR_ASSERT(crypter != nullptr); - /* Test byte-based encryption interface. */ - size_t ciphertext_and_tag_length, ciphertext_bytes_written = 0; - gsec_aead_crypter_max_ciphertext_and_tag_length( - crypter, test_vector->plaintext_length, &ciphertext_and_tag_length, - nullptr); - uint8_t* ciphertext_and_tag_bytes = - static_cast<uint8_t*>(gpr_malloc(ciphertext_and_tag_length)); - grpc_status_code status = gsec_aead_crypter_encrypt( - crypter, test_vector->nonce, test_vector->nonce_length, test_vector->aad, - test_vector->aad_length, test_vector->plaintext, - test_vector->plaintext_length, ciphertext_and_tag_bytes, - ciphertext_and_tag_length, &ciphertext_bytes_written, nullptr); - - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(ciphertext_bytes_written == ciphertext_and_tag_length); - GPR_ASSERT(memcmp(test_vector->ciphertext_and_tag, ciphertext_and_tag_bytes, - ciphertext_and_tag_length) == 0); - - /* Test byte-based decryption interface */ - size_t plaintext_length, plaintext_bytes_written = 0; - gsec_aead_crypter_max_plaintext_length(crypter, ciphertext_and_tag_length, - &plaintext_length, nullptr); - uint8_t* plaintext_bytes = - static_cast<uint8_t*>(gpr_malloc(plaintext_length)); - status = gsec_aead_crypter_decrypt( - crypter, test_vector->nonce, test_vector->nonce_length, test_vector->aad, - test_vector->aad_length, test_vector->ciphertext_and_tag, - test_vector->ciphertext_and_tag_length, plaintext_bytes, plaintext_length, - &plaintext_bytes_written, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(memcmp(test_vector->plaintext, plaintext_bytes, - plaintext_bytes_written) == 0); - - gpr_free(ciphertext_and_tag_bytes); - gpr_free(plaintext_bytes); -} - -static void gsec_test_get_crypter_from_test_vector( - gsec_aead_crypter** crypter, gsec_aead_test_vector* test_vector, - bool rekey = false) { - size_t key_length = test_vector->key_length; - GPR_ASSERT(key_length == kAes128GcmKeyLength || - key_length == kAes256GcmKeyLength || - key_length == kAes128GcmRekeyKeyLength); - size_t nonce_length = test_vector->nonce_length; - GPR_ASSERT(nonce_length == kAesGcmNonceLength); - size_t plaintext_length = test_vector->plaintext_length; - size_t ciphertext_and_tag_length = test_vector->ciphertext_and_tag_length; - GPR_ASSERT(ciphertext_and_tag_length == plaintext_length + kAesGcmTagLength); - size_t tag_length = ciphertext_and_tag_length - plaintext_length; - gsec_aes_gcm_aead_crypter_create(test_vector->key, key_length, nonce_length, - tag_length, rekey, crypter, nullptr); -} - -static void gsec_test_verify_crypter_on_test_vector( - gsec_aead_test_vector* test_vector, bool rekey = false) { - gsec_aead_crypter* crypter; - gsec_test_get_crypter_from_test_vector(&crypter, test_vector, rekey); - gsec_test_encrypt_decrypt_test_vector(crypter, test_vector); - gsec_aead_crypter_destroy(crypter); -} - -static void gsec_aead_malloc_test_vector( - gsec_aead_test_vector** test_vector, const uint8_t* key, size_t key_length, - const uint8_t* nonce, size_t nonce_length, const uint8_t* aad, - size_t aad_length, const uint8_t* plaintext, size_t plaintext_length, - const uint8_t* ciphertext_and_tag, size_t ciphertext_and_tag_length) { - *test_vector = static_cast<gsec_aead_test_vector*>( - gpr_malloc(sizeof(gsec_aead_test_vector))); - (*test_vector)->key_length = key_length; - (*test_vector)->nonce_length = nonce_length; - (*test_vector)->aad_length = aad_length; - (*test_vector)->plaintext_length = plaintext_length; - (*test_vector)->ciphertext_and_tag_length = ciphertext_and_tag_length; - gsec_test_copy(key, &((*test_vector)->key), key_length); - gsec_test_copy(nonce, &((*test_vector)->nonce), nonce_length); - gsec_test_copy(aad, &((*test_vector)->aad), aad_length); - gsec_test_copy(plaintext, &((*test_vector)->plaintext), plaintext_length); - gsec_test_copy(ciphertext_and_tag, &((*test_vector)->ciphertext_and_tag), - ciphertext_and_tag_length); -} - -static void gsec_aead_free_test_vector(gsec_aead_test_vector* test_vector) { - gpr_free(test_vector->key); - gpr_free(test_vector->nonce); - gpr_free(test_vector->aad); - gpr_free(test_vector->plaintext); - gpr_free(test_vector->ciphertext_and_tag); - gpr_free(test_vector); -} - -static void gsec_test_create_random_aes_gcm_crypter(gsec_aead_crypter** crypter, - size_t key_length, - size_t nonce_length, - size_t tag_length, - bool rekey) { - uint8_t* key; - gsec_test_random_array(&key, key_length); - gsec_aes_gcm_aead_crypter_create(key, key_length, nonce_length, tag_length, - rekey, crypter, nullptr); - gpr_free(key); -} - -static void gsec_test_get_random_aes_gcm_crypters( - gsec_aead_crypter*** crypters) { - *crypters = static_cast<gsec_aead_crypter**>( - gpr_malloc(sizeof(gsec_aead_crypter*) * kTestNumCrypters)); - gsec_test_create_random_aes_gcm_crypter( - &((*crypters)[0]), kAes128GcmKeyLength, kAesGcmNonceLength, - kAesGcmTagLength, /*rekey=*/false); - gsec_test_create_random_aes_gcm_crypter( - &((*crypters)[1]), kAes256GcmKeyLength, kAesGcmNonceLength, - kAesGcmTagLength, /*rekey=*/false); - gsec_test_create_random_aes_gcm_crypter( - &((*crypters)[2]), kAes128GcmRekeyKeyLength, kAesGcmNonceLength, - kAesGcmTagLength, /*rekey=*/true); -} - -static void gsec_test_do_generic_crypter_tests() { - gsec_aead_crypter** crypters; - gsec_test_get_random_aes_gcm_crypters(&crypters); - size_t ind; - for (ind = 0; ind < kTestNumCrypters; ind++) { - gsec_test_encrypt_decrypt(crypters[ind]); - gsec_test_multiple_encrypt_decrypt(crypters[ind]); - gsec_test_encryption_failure(crypters[ind]); - gsec_test_decryption_failure(crypters[ind]); - } - for (ind = 0; ind < kTestNumCrypters; ind++) { - gsec_aead_crypter_destroy(crypters[ind]); - } - gpr_free(crypters); -} - -static void gsec_test_do_vector_tests_rekey_nist() { - // NIST vectors from: - // http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf - // - // IEEE vectors from: - // http://www.ieee802.org/1/files/public/docs2011/bn-randall-test-vectors-0511-v1.pdf - // - // Key expanded by setting expandedKey = (key||(key ^ {0x01, .., 0x01})||key ^ - // {0x02,..,0x02}))[0:44]. - - gsec_aead_test_vector vec; - - // Derived from NIST test vector 1 - uint8_t nonce_0[] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, - 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}; - uint8_t aad_0[1] = {}; - uint8_t key_0[] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, - 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, - 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, - 0x2, 0x2, 0x2, 0x2, 0x2, 0x2, 0x2, 0x2, 0x2, 0x2, 0x2}; - uint8_t plaintext_0[1] = {}; - uint8_t ciphertext_0[] = {0x85, 0xE8, 0x73, 0xE0, 0x2, 0xF6, 0xEB, 0xDC, - 0x40, 0x60, 0x95, 0x4E, 0xB8, 0x67, 0x55, 0x8}; - vec = {nonce_0, aad_0, key_0, plaintext_0, ciphertext_0, 12, 0, 44, 0, 16}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); - - // Derived from NIST test vector 2 - uint8_t nonce_1[] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, - 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}; - uint8_t aad_1[1] = {}; - uint8_t key_1[] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, - 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, - 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, - 0x2, 0x2, 0x2, 0x2, 0x2, 0x2, 0x2, 0x2, 0x2, 0x2, 0x2}; - uint8_t plaintext_1[] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, - 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}; - uint8_t ciphertext_1[] = {0x51, 0xE9, 0xA8, 0xCB, 0x23, 0xCA, 0x25, 0x12, - 0xC8, 0x25, 0x6A, 0xFF, 0xF8, 0xE7, 0x2D, 0x68, - 0x1A, 0xCA, 0x19, 0xA1, 0x14, 0x8A, 0xC1, 0x15, - 0xE8, 0x3D, 0xF4, 0x88, 0x8C, 0xC0, 0xD, 0x11}; - vec = {nonce_1, aad_1, key_1, plaintext_1, ciphertext_1, 12, 0, 44, 16, 32}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); - - // Derived from NIST test vector 3 - uint8_t nonce_2[] = {0xCA, 0xFE, 0xBA, 0xBE, 0xFA, 0xCE, - 0xDB, 0xAD, 0xDE, 0xCA, 0xF8, 0x88}; - uint8_t aad_2[1] = {}; - uint8_t key_2[] = {0xFE, 0xFF, 0xE9, 0x92, 0x86, 0x65, 0x73, 0x1C, 0x6D, - 0x6A, 0x8F, 0x94, 0x67, 0x30, 0x83, 0x8, 0xFF, 0xFE, - 0xE8, 0x93, 0x87, 0x64, 0x72, 0x1D, 0x6C, 0x6B, 0x8E, - 0x95, 0x66, 0x31, 0x82, 0x9, 0xFC, 0xFD, 0xEB, 0x90, - 0x84, 0x67, 0x71, 0x1E, 0x6F, 0x68, 0x8D, 0x96}; - uint8_t plaintext_2[] = { - 0xD9, 0x31, 0x32, 0x25, 0xF8, 0x84, 0x6, 0xE5, 0xA5, 0x59, 0x9, - 0xC5, 0xAF, 0xF5, 0x26, 0x9A, 0x86, 0xA7, 0xA9, 0x53, 0x15, 0x34, - 0xF7, 0xDA, 0x2E, 0x4C, 0x30, 0x3D, 0x8A, 0x31, 0x8A, 0x72, 0x1C, - 0x3C, 0xC, 0x95, 0x95, 0x68, 0x9, 0x53, 0x2F, 0xCF, 0xE, 0x24, - 0x49, 0xA6, 0xB5, 0x25, 0xB1, 0x6A, 0xED, 0xF5, 0xAA, 0xD, 0xE6, - 0x57, 0xBA, 0x63, 0x7B, 0x39, 0x1A, 0xAF, 0xD2, 0x55}; - uint8_t ciphertext_2[] = { - 0x10, 0x18, 0xED, 0x5A, 0x14, 0x2, 0xA8, 0x65, 0x16, 0xD6, 0x57, 0x6D, - 0x70, 0xB2, 0xFF, 0xCC, 0xCA, 0x26, 0x1B, 0x94, 0xDF, 0x88, 0xB5, 0x8F, - 0x53, 0xB6, 0x4D, 0xFB, 0xA4, 0x35, 0xD1, 0x8B, 0x2F, 0x6E, 0x3B, 0x78, - 0x69, 0xF9, 0x35, 0x3D, 0x4A, 0xC8, 0xCF, 0x9, 0xAF, 0xB1, 0x66, 0x3D, - 0xAA, 0x7B, 0x40, 0x17, 0xE6, 0xFC, 0x2C, 0x17, 0x7C, 0xC, 0x8, 0x7C, - 0xD, 0xF1, 0x16, 0x21, 0x29, 0x95, 0x22, 0x13, 0xCE, 0xE1, 0xBC, 0x6E, - 0x9C, 0x84, 0x95, 0xDD, 0x70, 0x5E, 0x1F, 0x3D}; - vec = {nonce_2, aad_2, key_2, plaintext_2, ciphertext_2, 12, 0, 44, 64, 80}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); - - // Derived from NIST test vector 4 - uint8_t nonce_3[] = {0xCA, 0xFE, 0xBA, 0xBE, 0xFA, 0xCE, - 0xDB, 0xAD, 0xDE, 0xCA, 0xF8, 0x88}; - uint8_t aad_3[] = {0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE, - 0xEF, 0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, - 0xBE, 0xEF, 0xAB, 0xAD, 0xDA, 0xD2}; - uint8_t key_3[] = {0xFE, 0xFF, 0xE9, 0x92, 0x86, 0x65, 0x73, 0x1C, 0x6D, - 0x6A, 0x8F, 0x94, 0x67, 0x30, 0x83, 0x8, 0xFF, 0xFE, - 0xE8, 0x93, 0x87, 0x64, 0x72, 0x1D, 0x6C, 0x6B, 0x8E, - 0x95, 0x66, 0x31, 0x82, 0x9, 0xFC, 0xFD, 0xEB, 0x90, - 0x84, 0x67, 0x71, 0x1E, 0x6F, 0x68, 0x8D, 0x96}; - uint8_t plaintext_3[] = { - 0xD9, 0x31, 0x32, 0x25, 0xF8, 0x84, 0x6, 0xE5, 0xA5, 0x59, 0x9, 0xC5, - 0xAF, 0xF5, 0x26, 0x9A, 0x86, 0xA7, 0xA9, 0x53, 0x15, 0x34, 0xF7, 0xDA, - 0x2E, 0x4C, 0x30, 0x3D, 0x8A, 0x31, 0x8A, 0x72, 0x1C, 0x3C, 0xC, 0x95, - 0x95, 0x68, 0x9, 0x53, 0x2F, 0xCF, 0xE, 0x24, 0x49, 0xA6, 0xB5, 0x25, - 0xB1, 0x6A, 0xED, 0xF5, 0xAA, 0xD, 0xE6, 0x57, 0xBA, 0x63, 0x7B, 0x39}; - uint8_t ciphertext_3[] = { - 0x10, 0x18, 0xED, 0x5A, 0x14, 0x2, 0xA8, 0x65, 0x16, 0xD6, 0x57, - 0x6D, 0x70, 0xB2, 0xFF, 0xCC, 0xCA, 0x26, 0x1B, 0x94, 0xDF, 0x88, - 0xB5, 0x8F, 0x53, 0xB6, 0x4D, 0xFB, 0xA4, 0x35, 0xD1, 0x8B, 0x2F, - 0x6E, 0x3B, 0x78, 0x69, 0xF9, 0x35, 0x3D, 0x4A, 0xC8, 0xCF, 0x9, - 0xAF, 0xB1, 0x66, 0x3D, 0xAA, 0x7B, 0x40, 0x17, 0xE6, 0xFC, 0x2C, - 0x17, 0x7C, 0xC, 0x8, 0x7C, 0x47, 0x64, 0x56, 0x5D, 0x7, 0x7E, - 0x91, 0x24, 0x0, 0x1D, 0xDB, 0x27, 0xFC, 0x8, 0x48, 0xC5}; - vec = {nonce_3, aad_3, key_3, plaintext_3, ciphertext_3, 12, 20, 44, 60, 76}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); - - // Derived from adapted NIST test vector 4 for KDF counter boundary (flip - // nonce bit 15) - uint8_t nonce_4[] = {0xCA, 0x7E, 0xBA, 0xBE, 0xFA, 0xCE, - 0xDB, 0xAD, 0xDE, 0xCA, 0xF8, 0x88}; - uint8_t aad_4[] = {0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE, - 0xEF, 0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, - 0xBE, 0xEF, 0xAB, 0xAD, 0xDA, 0xD2}; - uint8_t key_4[] = {0xFE, 0xFF, 0xE9, 0x92, 0x86, 0x65, 0x73, 0x1C, 0x6D, - 0x6A, 0x8F, 0x94, 0x67, 0x30, 0x83, 0x8, 0xFF, 0xFE, - 0xE8, 0x93, 0x87, 0x64, 0x72, 0x1D, 0x6C, 0x6B, 0x8E, - 0x95, 0x66, 0x31, 0x82, 0x9, 0xFC, 0xFD, 0xEB, 0x90, - 0x84, 0x67, 0x71, 0x1E, 0x6F, 0x68, 0x8D, 0x96}; - uint8_t plaintext_4[] = { - 0xD9, 0x31, 0x32, 0x25, 0xF8, 0x84, 0x6, 0xE5, 0xA5, 0x59, 0x9, 0xC5, - 0xAF, 0xF5, 0x26, 0x9A, 0x86, 0xA7, 0xA9, 0x53, 0x15, 0x34, 0xF7, 0xDA, - 0x2E, 0x4C, 0x30, 0x3D, 0x8A, 0x31, 0x8A, 0x72, 0x1C, 0x3C, 0xC, 0x95, - 0x95, 0x68, 0x9, 0x53, 0x2F, 0xCF, 0xE, 0x24, 0x49, 0xA6, 0xB5, 0x25, - 0xB1, 0x6A, 0xED, 0xF5, 0xAA, 0xD, 0xE6, 0x57, 0xBA, 0x63, 0x7B, 0x39}; - uint8_t ciphertext_4[] = { - 0xE6, 0x50, 0xD3, 0xC0, 0xFB, 0x87, 0x93, 0x27, 0xF2, 0xD0, 0x32, - 0x87, 0xFA, 0x93, 0xCD, 0x7, 0x34, 0x2B, 0x13, 0x62, 0x15, 0xAD, - 0xBC, 0xA0, 0xC, 0x3B, 0xD5, 0x9, 0x9E, 0xC4, 0x18, 0x32, 0xB1, - 0xD1, 0x8E, 0x4, 0x23, 0xED, 0x26, 0xBB, 0x12, 0xC6, 0xCD, 0x9, - 0xDE, 0xBB, 0x29, 0x23, 0xA, 0x94, 0xC0, 0xCE, 0xE1, 0x59, 0x3, - 0x65, 0x6F, 0x85, 0xED, 0xB6, 0xFC, 0x50, 0x9B, 0x1B, 0x28, 0x21, - 0x63, 0x82, 0x17, 0x2E, 0xCB, 0xCC, 0x31, 0xE1, 0xE9, 0xB1}; - vec = {nonce_4, aad_4, key_4, plaintext_4, ciphertext_4, 12, 20, 44, 60, 76}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); - - // Derived from adapted NIST test vector 4 for KDF counter boundary (flip - // nonce bit 16) - uint8_t nonce_5[] = {0xCA, 0xFE, 0xBB, 0xBE, 0xFA, 0xCE, - 0xDB, 0xAD, 0xDE, 0xCA, 0xF8, 0x88}; - uint8_t aad_5[] = {0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE, - 0xEF, 0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, - 0xBE, 0xEF, 0xAB, 0xAD, 0xDA, 0xD2}; - uint8_t key_5[] = {0xFE, 0xFF, 0xE9, 0x92, 0x86, 0x65, 0x73, 0x1C, 0x6D, - 0x6A, 0x8F, 0x94, 0x67, 0x30, 0x83, 0x8, 0xFF, 0xFE, - 0xE8, 0x93, 0x87, 0x64, 0x72, 0x1D, 0x6C, 0x6B, 0x8E, - 0x95, 0x66, 0x31, 0x82, 0x9, 0xFC, 0xFD, 0xEB, 0x90, - 0x84, 0x67, 0x71, 0x1E, 0x6F, 0x68, 0x8D, 0x96}; - uint8_t plaintext_5[] = { - 0xD9, 0x31, 0x32, 0x25, 0xF8, 0x84, 0x6, 0xE5, 0xA5, 0x59, 0x9, 0xC5, - 0xAF, 0xF5, 0x26, 0x9A, 0x86, 0xA7, 0xA9, 0x53, 0x15, 0x34, 0xF7, 0xDA, - 0x2E, 0x4C, 0x30, 0x3D, 0x8A, 0x31, 0x8A, 0x72, 0x1C, 0x3C, 0xC, 0x95, - 0x95, 0x68, 0x9, 0x53, 0x2F, 0xCF, 0xE, 0x24, 0x49, 0xA6, 0xB5, 0x25, - 0xB1, 0x6A, 0xED, 0xF5, 0xAA, 0xD, 0xE6, 0x57, 0xBA, 0x63, 0x7B, 0x39}; - uint8_t ciphertext_5[] = { - 0xC0, 0x12, 0x1E, 0x6C, 0x95, 0x4D, 0x7, 0x67, 0xF9, 0x66, 0x30, - 0xC3, 0x34, 0x50, 0x99, 0x97, 0x91, 0xB2, 0xDA, 0x2A, 0xD0, 0x5C, - 0x41, 0x90, 0x16, 0x9C, 0xCA, 0xD9, 0xAC, 0x86, 0xFF, 0x1C, 0x72, - 0x1E, 0x3D, 0x82, 0xF2, 0xAD, 0x22, 0xAB, 0x46, 0x3B, 0xAB, 0x4A, - 0x7, 0x54, 0xB7, 0xDD, 0x68, 0xCA, 0x4D, 0xE7, 0xEA, 0x25, 0x31, - 0xB6, 0x25, 0xED, 0xA0, 0x1F, 0x89, 0x31, 0x2B, 0x2A, 0xB9, 0x57, - 0xD5, 0xC7, 0xF8, 0x56, 0x8D, 0xD9, 0x5F, 0xCD, 0xCD, 0x1F}; - vec = {nonce_5, aad_5, key_5, plaintext_5, ciphertext_5, 12, 20, 44, 60, 76}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); - - // Derived from adapted NIST test vector 4 for KDF counter boundary (flip - // nonce bit 63) - uint8_t nonce_6[] = {0xCA, 0xFE, 0xBA, 0xBE, 0xFA, 0xCE, - 0xDB, 0x2D, 0xDE, 0xCA, 0xF8, 0x88}; - uint8_t aad_6[] = {0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE, - 0xEF, 0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, - 0xBE, 0xEF, 0xAB, 0xAD, 0xDA, 0xD2}; - uint8_t key_6[] = {0xFE, 0xFF, 0xE9, 0x92, 0x86, 0x65, 0x73, 0x1C, 0x6D, - 0x6A, 0x8F, 0x94, 0x67, 0x30, 0x83, 0x8, 0xFF, 0xFE, - 0xE8, 0x93, 0x87, 0x64, 0x72, 0x1D, 0x6C, 0x6B, 0x8E, - 0x95, 0x66, 0x31, 0x82, 0x9, 0xFC, 0xFD, 0xEB, 0x90, - 0x84, 0x67, 0x71, 0x1E, 0x6F, 0x68, 0x8D, 0x96}; - uint8_t plaintext_6[] = { - 0xD9, 0x31, 0x32, 0x25, 0xF8, 0x84, 0x6, 0xE5, 0xA5, 0x59, 0x9, 0xC5, - 0xAF, 0xF5, 0x26, 0x9A, 0x86, 0xA7, 0xA9, 0x53, 0x15, 0x34, 0xF7, 0xDA, - 0x2E, 0x4C, 0x30, 0x3D, 0x8A, 0x31, 0x8A, 0x72, 0x1C, 0x3C, 0xC, 0x95, - 0x95, 0x68, 0x9, 0x53, 0x2F, 0xCF, 0xE, 0x24, 0x49, 0xA6, 0xB5, 0x25, - 0xB1, 0x6A, 0xED, 0xF5, 0xAA, 0xD, 0xE6, 0x57, 0xBA, 0x63, 0x7B, 0x39}; - uint8_t ciphertext_6[] = { - 0x8A, 0xF3, 0x7E, 0xA5, 0x68, 0x4A, 0x4D, 0x81, 0xD4, 0xFD, 0x81, - 0x72, 0x61, 0xFD, 0x97, 0x43, 0x9, 0x9E, 0x7E, 0x6A, 0x2, 0x5E, - 0xAA, 0xCF, 0x8E, 0x54, 0xB1, 0x24, 0xFB, 0x57, 0x43, 0x14, 0x9E, - 0x5, 0xCB, 0x89, 0xF4, 0xA4, 0x94, 0x67, 0xFE, 0x2E, 0x5E, 0x59, - 0x65, 0xF2, 0x9A, 0x19, 0xF9, 0x94, 0x16, 0xB0, 0x1, 0x6B, 0x54, - 0x58, 0x5D, 0x12, 0x55, 0x37, 0x83, 0xBA, 0x59, 0xE9, 0xF7, 0x82, - 0xE8, 0x2E, 0x9, 0x7C, 0x33, 0x6B, 0xF7, 0x98, 0x9F, 0x8}; - vec = {nonce_6, aad_6, key_6, plaintext_6, ciphertext_6, 12, 20, 44, 60, 76}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); - - // Derived from adapted NIST test vector 4 for KDF counter boundary (flip - // nonce bit 64) - uint8_t nonce_7[] = {0xCA, 0xFE, 0xBA, 0xBE, 0xFA, 0xCE, - 0xDB, 0xAD, 0xDF, 0xCA, 0xF8, 0x88}; - uint8_t aad_7[] = {0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE, - 0xEF, 0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, - 0xBE, 0xEF, 0xAB, 0xAD, 0xDA, 0xD2}; - uint8_t key_7[] = {0xFE, 0xFF, 0xE9, 0x92, 0x86, 0x65, 0x73, 0x1C, 0x6D, - 0x6A, 0x8F, 0x94, 0x67, 0x30, 0x83, 0x8, 0xFF, 0xFE, - 0xE8, 0x93, 0x87, 0x64, 0x72, 0x1D, 0x6C, 0x6B, 0x8E, - 0x95, 0x66, 0x31, 0x82, 0x9, 0xFC, 0xFD, 0xEB, 0x90, - 0x84, 0x67, 0x71, 0x1E, 0x6F, 0x68, 0x8D, 0x96}; - uint8_t plaintext_7[] = { - 0xD9, 0x31, 0x32, 0x25, 0xF8, 0x84, 0x6, 0xE5, 0xA5, 0x59, 0x9, 0xC5, - 0xAF, 0xF5, 0x26, 0x9A, 0x86, 0xA7, 0xA9, 0x53, 0x15, 0x34, 0xF7, 0xDA, - 0x2E, 0x4C, 0x30, 0x3D, 0x8A, 0x31, 0x8A, 0x72, 0x1C, 0x3C, 0xC, 0x95, - 0x95, 0x68, 0x9, 0x53, 0x2F, 0xCF, 0xE, 0x24, 0x49, 0xA6, 0xB5, 0x25, - 0xB1, 0x6A, 0xED, 0xF5, 0xAA, 0xD, 0xE6, 0x57, 0xBA, 0x63, 0x7B, 0x39}; - uint8_t ciphertext_7[] = { - 0xFB, 0xD5, 0x28, 0x44, 0x8D, 0x3, 0x46, 0xBF, 0xA8, 0x78, 0x63, - 0x48, 0x64, 0xD4, 0x7, 0xA3, 0x5A, 0x3, 0x9D, 0xE9, 0xDB, 0x2F, - 0x1F, 0xEB, 0x8E, 0x96, 0x5B, 0x3A, 0xE9, 0x35, 0x6C, 0xE6, 0x28, - 0x94, 0x41, 0xD7, 0x7F, 0x8F, 0xD, 0xF2, 0x94, 0x89, 0x1F, 0x37, - 0xEA, 0x43, 0x8B, 0x22, 0x3E, 0x3B, 0xF2, 0xBD, 0xC5, 0x3D, 0x4C, - 0x5A, 0x74, 0xFB, 0x68, 0xB, 0xB3, 0x12, 0xA8, 0xDE, 0xC6, 0xF7, - 0x25, 0x2C, 0xBC, 0xD7, 0xF5, 0x79, 0x97, 0x50, 0xAD, 0x78}; - vec = {nonce_7, aad_7, key_7, plaintext_7, ciphertext_7, 12, 20, 44, 60, 76}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); -} - -static void gsec_test_do_vector_tests_rekey_ieee() { - // IEEE vectors from: - // http://www.ieee802.org/1/files/public/docs2011/bn-randall-test-vectors-0511-v1.pdf - // - // Key expanded by setting expandedKey = (key||(key ^ {0x01, .., 0x01})||key ^ - // {0x02,..,0x02}))[0:44]. - - gsec_aead_test_vector vec; - - // Derived from IEEE 2.1.1 54-byte auth - uint8_t nonce_8[] = {0x12, 0x15, 0x35, 0x24, 0xC0, 0x89, - 0x5E, 0x81, 0xB2, 0xC2, 0x84, 0x65}; - uint8_t aad_8[] = {0xD6, 0x9, 0xB1, 0xF0, 0x56, 0x63, 0x7A, 0xD, 0x46, 0xDF, - 0x99, 0x8D, 0x88, 0xE5, 0x22, 0x2A, 0xB2, 0xC2, 0x84, 0x65, - 0x12, 0x15, 0x35, 0x24, 0xC0, 0x89, 0x5E, 0x81, 0x8, 0x0, - 0xF, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, - 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, - 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, - 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x0, 0x1}; - uint8_t key_8[] = {0xAD, 0x7A, 0x2B, 0xD0, 0x3E, 0xAC, 0x83, 0x5A, 0x6F, - 0x62, 0xF, 0xDC, 0xB5, 0x6, 0xB3, 0x45, 0xAC, 0x7B, - 0x2A, 0xD1, 0x3F, 0xAD, 0x82, 0x5B, 0x6E, 0x63, 0xE, - 0xDD, 0xB4, 0x7, 0xB2, 0x44, 0xAF, 0x78, 0x29, 0xD2, - 0x3C, 0xAE, 0x81, 0x58, 0x6D, 0x60, 0xD, 0xDE}; - uint8_t plaintext_8[1] = {}; - uint8_t ciphertext_8[] = {0x3E, 0xA0, 0xB5, 0x84, 0xF3, 0xC8, 0x5E, 0x93, - 0xF9, 0x32, 0xE, 0xA5, 0x91, 0x69, 0x9E, 0xFB}; - vec = {nonce_8, aad_8, key_8, plaintext_8, ciphertext_8, 12, 70, 44, 0, 16}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); - - // Derived from IEEE 2.1.2 54-byte auth - uint8_t nonce_9[] = {0x12, 0x15, 0x35, 0x24, 0xC0, 0x89, - 0x5E, 0x81, 0xB2, 0xC2, 0x84, 0x65}; - uint8_t aad_9[] = {0xD6, 0x9, 0xB1, 0xF0, 0x56, 0x63, 0x7A, 0xD, 0x46, 0xDF, - 0x99, 0x8D, 0x88, 0xE5, 0x22, 0x2A, 0xB2, 0xC2, 0x84, 0x65, - 0x12, 0x15, 0x35, 0x24, 0xC0, 0x89, 0x5E, 0x81, 0x8, 0x0, - 0xF, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, - 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, - 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, - 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x0, 0x1}; - uint8_t key_9[] = {0xE3, 0xC0, 0x8A, 0x8F, 0x6, 0xC6, 0xE3, 0xAD, 0x95, - 0xA7, 0x5, 0x57, 0xB2, 0x3F, 0x75, 0x48, 0x3C, 0xE3, - 0x30, 0x21, 0xA9, 0xC7, 0x2B, 0x70, 0x25, 0x66, 0x62, - 0x4, 0xC6, 0x9C, 0xB, 0x72, 0xE1, 0xC2, 0x88, 0x8D, - 0x4, 0xC4, 0xE1, 0xAF, 0x97, 0xA5, 0x7, 0x55}; - uint8_t plaintext_9[1] = {}; - uint8_t ciphertext_9[] = {0x29, 0x4E, 0x2, 0x8B, 0xF1, 0xFE, 0x6F, 0x14, - 0xC4, 0xE8, 0xF7, 0x30, 0x5C, 0x93, 0x3E, 0xB5}; - vec = {nonce_9, aad_9, key_9, plaintext_9, ciphertext_9, 12, 70, 44, 0, 16}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); - - // Derived from IEEE 2.2.1 60-byte crypt - uint8_t nonce_10[] = {0x12, 0x15, 0x35, 0x24, 0xC0, 0x89, - 0x5E, 0x81, 0xB2, 0xC2, 0x84, 0x65}; - uint8_t aad_10[] = {0xD6, 0x9, 0xB1, 0xF0, 0x56, 0x63, 0x7A, - 0xD, 0x46, 0xDF, 0x99, 0x8D, 0x88, 0xE5, - 0x2E, 0x0, 0xB2, 0xC2, 0x84, 0x65, 0x12, - 0x15, 0x35, 0x24, 0xC0, 0x89, 0x5E, 0x81}; - uint8_t key_10[] = {0xAD, 0x7A, 0x2B, 0xD0, 0x3E, 0xAC, 0x83, 0x5A, 0x6F, - 0x62, 0xF, 0xDC, 0xB5, 0x6, 0xB3, 0x45, 0xAC, 0x7B, - 0x2A, 0xD1, 0x3F, 0xAD, 0x82, 0x5B, 0x6E, 0x63, 0xE, - 0xDD, 0xB4, 0x7, 0xB2, 0x44, 0xAF, 0x78, 0x29, 0xD2, - 0x3C, 0xAE, 0x81, 0x58, 0x6D, 0x60, 0xD, 0xDE}; - uint8_t plaintext_10[] = { - 0x8, 0x0, 0xF, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, - 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, - 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, - 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x0, 0x2}; - uint8_t ciphertext_10[] = { - 0xDB, 0x3D, 0x25, 0x71, 0x9C, 0x6B, 0xA, 0x3C, 0xA6, 0x14, 0x5C, - 0x15, 0x9D, 0x5C, 0x6E, 0xD9, 0xAF, 0xF9, 0xC6, 0xE0, 0xB7, 0x9F, - 0x17, 0x1, 0x9E, 0xA9, 0x23, 0xB8, 0x66, 0x5D, 0xDF, 0x52, 0x13, - 0x7A, 0xD6, 0x11, 0xF0, 0xD1, 0xBF, 0x41, 0x7A, 0x7C, 0xA8, 0x5E, - 0x45, 0xAF, 0xE1, 0x6, 0xFF, 0x9C, 0x75, 0x69, 0xD3, 0x35, 0xD0, - 0x86, 0xAE, 0x6C, 0x3, 0xF0, 0x9, 0x87, 0xCC, 0xD6}; - vec = {nonce_10, aad_10, key_10, plaintext_10, ciphertext_10, - 12, 28, 44, 48, 64}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); - - // Derived from IEEE 2.2.2 60-byte crypt - uint8_t nonce_11[] = {0x12, 0x15, 0x35, 0x24, 0xC0, 0x89, - 0x5E, 0x81, 0xB2, 0xC2, 0x84, 0x65}; - uint8_t aad_11[] = {0xD6, 0x9, 0xB1, 0xF0, 0x56, 0x63, 0x7A, - 0xD, 0x46, 0xDF, 0x99, 0x8D, 0x88, 0xE5, - 0x2E, 0x0, 0xB2, 0xC2, 0x84, 0x65, 0x12, - 0x15, 0x35, 0x24, 0xC0, 0x89, 0x5E, 0x81}; - uint8_t key_11[] = {0xE3, 0xC0, 0x8A, 0x8F, 0x6, 0xC6, 0xE3, 0xAD, 0x95, - 0xA7, 0x5, 0x57, 0xB2, 0x3F, 0x75, 0x48, 0x3C, 0xE3, - 0x30, 0x21, 0xA9, 0xC7, 0x2B, 0x70, 0x25, 0x66, 0x62, - 0x4, 0xC6, 0x9C, 0xB, 0x72, 0xE1, 0xC2, 0x88, 0x8D, - 0x4, 0xC4, 0xE1, 0xAF, 0x97, 0xA5, 0x7, 0x55}; - uint8_t plaintext_11[] = { - 0x8, 0x0, 0xF, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, - 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, - 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, - 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x0, 0x2}; - uint8_t ciphertext_11[] = { - 0x16, 0x41, 0xF2, 0x8E, 0xC1, 0x3A, 0xFC, 0xC8, 0xF7, 0x90, 0x33, - 0x89, 0x78, 0x72, 0x1, 0x5, 0x16, 0x44, 0x91, 0x49, 0x33, 0xE9, - 0x20, 0x2B, 0xB9, 0xD0, 0x6A, 0xA0, 0x20, 0xC2, 0xA6, 0x7E, 0xF5, - 0x1D, 0xFE, 0x7B, 0xC0, 0xA, 0x85, 0x6C, 0x55, 0xB8, 0xF8, 0x13, - 0x3E, 0x77, 0xF6, 0x59, 0x13, 0x25, 0x2, 0xBA, 0xD6, 0x3F, 0x57, - 0x13, 0xD5, 0x7D, 0xC, 0x11, 0xE0, 0xF8, 0x71, 0xED}; - vec = {nonce_11, aad_11, key_11, plaintext_11, ciphertext_11, - 12, 28, 44, 48, 64}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); - - // Derived from IEEE 2.3.1 60-byte auth - uint8_t nonce_12[] = {0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, - 0x0, 0x1, 0x76, 0xD4, 0x57, 0xED}; - uint8_t aad_12[] = { - 0xE2, 0x1, 0x6, 0xD7, 0xCD, 0xD, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, - 0x88, 0xE5, 0x40, 0x0, 0x76, 0xD4, 0x57, 0xED, 0x8, 0x0, 0xF, 0x10, - 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, - 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, - 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, - 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x0, 0x3}; - uint8_t key_12[] = {0x7, 0x1B, 0x11, 0x3B, 0xC, 0xA7, 0x43, 0xFE, 0xCC, - 0xCF, 0x3D, 0x5, 0x1F, 0x73, 0x73, 0x82, 0x6, 0x1A, - 0x10, 0x3A, 0xD, 0xA6, 0x42, 0xFF, 0xCD, 0xCE, 0x3C, - 0x4, 0x1E, 0x72, 0x72, 0x83, 0x5, 0x19, 0x13, 0x39, - 0xE, 0xA5, 0x41, 0xFC, 0xCE, 0xCD, 0x3F, 0x7}; - uint8_t plaintext_12[1] = {}; - uint8_t ciphertext_12[] = {0x58, 0x83, 0x7A, 0x10, 0x56, 0x2B, 0xF, 0x1F, - 0x8E, 0xDB, 0xE5, 0x8C, 0xA5, 0x58, 0x11, 0xD3}; - vec = {nonce_12, aad_12, key_12, plaintext_12, ciphertext_12, 12, 68, - 44, 0, 16}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); - - // Derived from IEEE 2.3.2 60-byte auth - uint8_t nonce_13[] = {0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, - 0x0, 0x1, 0x76, 0xD4, 0x57, 0xED}; - uint8_t aad_13[] = { - 0xE2, 0x1, 0x6, 0xD7, 0xCD, 0xD, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, - 0x88, 0xE5, 0x40, 0x0, 0x76, 0xD4, 0x57, 0xED, 0x8, 0x0, 0xF, 0x10, - 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, - 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, - 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, - 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x0, 0x3}; - uint8_t key_13[] = {0x69, 0x1D, 0x3E, 0xE9, 0x9, 0xD7, 0xF5, 0x41, 0x67, - 0xFD, 0x1C, 0xA0, 0xB5, 0xD7, 0x69, 0x8, 0x1F, 0x2B, - 0xDE, 0x1A, 0xEE, 0x65, 0x5F, 0xDB, 0xAB, 0x80, 0xBD, - 0x52, 0x95, 0xAE, 0x6B, 0xE7, 0x6B, 0x1F, 0x3C, 0xEB, - 0xB, 0xD5, 0xF7, 0x43, 0x65, 0xFF, 0x1E, 0xA2}; - uint8_t plaintext_13[1] = {}; - uint8_t ciphertext_13[] = {0xC2, 0x72, 0x2F, 0xF6, 0xCA, 0x29, 0xA2, 0x57, - 0x71, 0x8A, 0x52, 0x9D, 0x1F, 0xC, 0x6A, 0x3B}; - vec = {nonce_13, aad_13, key_13, plaintext_13, ciphertext_13, 12, 68, - 44, 0, 16}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); - - // Derived from IEEE 2.4.1 54-byte crypt - uint8_t nonce_14[] = {0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, - 0x0, 0x1, 0x76, 0xD4, 0x57, 0xED}; - uint8_t aad_14[] = {0xE2, 0x1, 0x6, 0xD7, 0xCD, 0xD, 0xF0, - 0x76, 0x1E, 0x8D, 0xCD, 0x3D, 0x88, 0xE5, - 0x4C, 0x2A, 0x76, 0xD4, 0x57, 0xED}; - uint8_t key_14[] = {0x7, 0x1B, 0x11, 0x3B, 0xC, 0xA7, 0x43, 0xFE, 0xCC, - 0xCF, 0x3D, 0x5, 0x1F, 0x73, 0x73, 0x82, 0x6, 0x1A, - 0x10, 0x3A, 0xD, 0xA6, 0x42, 0xFF, 0xCD, 0xCE, 0x3C, - 0x4, 0x1E, 0x72, 0x72, 0x83, 0x5, 0x19, 0x13, 0x39, - 0xE, 0xA5, 0x41, 0xFC, 0xCE, 0xCD, 0x3F, 0x7}; - uint8_t plaintext_14[] = { - 0x8, 0x0, 0xF, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, - 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, - 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x0, 0x4}; - uint8_t ciphertext_14[] = { - 0xFD, 0x96, 0xB7, 0x15, 0xB9, 0x3A, 0x13, 0x34, 0x6A, 0xF5, 0x1E, 0x8A, - 0xCD, 0xF7, 0x92, 0xCD, 0xC7, 0xB2, 0x68, 0x6F, 0x85, 0x74, 0xC7, 0xE, - 0x6B, 0xC, 0xBF, 0x16, 0x29, 0x1D, 0xED, 0x42, 0x7A, 0xD7, 0x3F, 0xEC, - 0x48, 0xCD, 0x29, 0x8E, 0x5, 0x28, 0xA1, 0xF4, 0xC6, 0x44, 0xA9, 0x49, - 0xFC, 0x31, 0xDC, 0x92, 0x79, 0x70, 0x6D, 0xDB, 0xA3, 0x3F}; - vec = {nonce_14, aad_14, key_14, plaintext_14, ciphertext_14, - 12, 20, 44, 42, 58}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); - - // Derived from IEEE 2.4.2 54-byte crypt - uint8_t nonce_15[] = {0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, - 0x0, 0x1, 0x76, 0xD4, 0x57, 0xED}; - uint8_t aad_15[] = {0xE2, 0x1, 0x6, 0xD7, 0xCD, 0xD, 0xF0, - 0x76, 0x1E, 0x8D, 0xCD, 0x3D, 0x88, 0xE5, - 0x4C, 0x2A, 0x76, 0xD4, 0x57, 0xED}; - uint8_t key_15[] = {0x69, 0x1D, 0x3E, 0xE9, 0x9, 0xD7, 0xF5, 0x41, 0x67, - 0xFD, 0x1C, 0xA0, 0xB5, 0xD7, 0x69, 0x8, 0x1F, 0x2B, - 0xDE, 0x1A, 0xEE, 0x65, 0x5F, 0xDB, 0xAB, 0x80, 0xBD, - 0x52, 0x95, 0xAE, 0x6B, 0xE7, 0x6B, 0x1F, 0x3C, 0xEB, - 0xB, 0xD5, 0xF7, 0x43, 0x65, 0xFF, 0x1E, 0xA2}; - uint8_t plaintext_15[] = { - 0x8, 0x0, 0xF, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, - 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, - 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x0, 0x4}; - uint8_t ciphertext_15[] = { - 0xB6, 0x8F, 0x63, 0x0, 0xC2, 0xE9, 0xAE, 0x83, 0x3B, 0xDC, 0x7, 0xE, - 0x24, 0x2, 0x1A, 0x34, 0x77, 0x11, 0x8E, 0x78, 0xCC, 0xF8, 0x4E, 0x11, - 0xA4, 0x85, 0xD8, 0x61, 0x47, 0x6C, 0x30, 0xF, 0x17, 0x53, 0x53, 0xD5, - 0xCD, 0xF9, 0x20, 0x8, 0xA4, 0xF8, 0x78, 0xE6, 0xCC, 0x35, 0x77, 0x76, - 0x80, 0x85, 0xC5, 0xA, 0xE, 0x98, 0xFD, 0xA6, 0xCB, 0xB8}; - vec = {nonce_15, aad_15, key_15, plaintext_15, ciphertext_15, - 12, 20, 44, 42, 58}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); - - // Derived from IEEE 2.5.1 65-byte auth - uint8_t nonce_16[] = {0x7C, 0xFD, 0xE9, 0xF9, 0xE3, 0x37, - 0x24, 0xC6, 0x89, 0x32, 0xD6, 0x12}; - uint8_t aad_16[] = { - 0x84, 0xC5, 0xD5, 0x13, 0xD2, 0xAA, 0xF6, 0xE5, 0xBB, 0xD2, 0x72, 0x77, - 0x88, 0xE5, 0x23, 0x0, 0x89, 0x32, 0xD6, 0x12, 0x7C, 0xFD, 0xE9, 0xF9, - 0xE3, 0x37, 0x24, 0xC6, 0x8, 0x0, 0xF, 0x10, 0x11, 0x12, 0x13, 0x14, - 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, - 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, - 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, - 0x39, 0x3A, 0x3B, 0x3C, 0x3D, 0x3E, 0x3F, 0x0, 0x5}; - uint8_t key_16[] = {0x1, 0x3F, 0xE0, 0xB, 0x5F, 0x11, 0xBE, 0x7F, 0x86, - 0x6D, 0xC, 0xBB, 0xC5, 0x5A, 0x7A, 0x90, 0x0, 0x3E, - 0xE1, 0xA, 0x5E, 0x10, 0xBF, 0x7E, 0x87, 0x6C, 0xD, - 0xBA, 0xC4, 0x5B, 0x7B, 0x91, 0x3, 0x3D, 0xE2, 0x9, - 0x5D, 0x13, 0xBC, 0x7D, 0x84, 0x6F, 0xE, 0xB9}; - uint8_t plaintext_16[1] = {}; - uint8_t ciphertext_16[] = {0xCC, 0xA2, 0xE, 0xEC, 0xDA, 0x62, 0x83, 0xF0, - 0x9B, 0xB3, 0x54, 0x3D, 0xD9, 0x9E, 0xDB, 0x9B}; - vec = {nonce_16, aad_16, key_16, plaintext_16, ciphertext_16, 12, 81, - 44, 0, 16}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); - - // Derived from IEEE 2.5.2 65-byte auth - uint8_t nonce_17[] = {0x7C, 0xFD, 0xE9, 0xF9, 0xE3, 0x37, - 0x24, 0xC6, 0x89, 0x32, 0xD6, 0x12}; - uint8_t aad_17[] = { - 0x84, 0xC5, 0xD5, 0x13, 0xD2, 0xAA, 0xF6, 0xE5, 0xBB, 0xD2, 0x72, 0x77, - 0x88, 0xE5, 0x23, 0x0, 0x89, 0x32, 0xD6, 0x12, 0x7C, 0xFD, 0xE9, 0xF9, - 0xE3, 0x37, 0x24, 0xC6, 0x8, 0x0, 0xF, 0x10, 0x11, 0x12, 0x13, 0x14, - 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, - 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, - 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, - 0x39, 0x3A, 0x3B, 0x3C, 0x3D, 0x3E, 0x3F, 0x0, 0x5}; - uint8_t key_17[] = {0x83, 0xC0, 0x93, 0xB5, 0x8D, 0xE7, 0xFF, 0xE1, 0xC0, - 0xDA, 0x92, 0x6A, 0xC4, 0x3F, 0xB3, 0x60, 0x9A, 0xC1, - 0xC8, 0xF, 0xEE, 0x1B, 0x62, 0x44, 0x97, 0xEF, 0x94, - 0x2E, 0x2F, 0x79, 0xA8, 0x23, 0x81, 0xC2, 0x91, 0xB7, - 0x8F, 0xE5, 0xFD, 0xE3, 0xC2, 0xD8, 0x90, 0x68}; - uint8_t plaintext_17[1] = {}; - uint8_t ciphertext_17[] = {0xB2, 0x32, 0xCC, 0x1D, 0xA5, 0x11, 0x7B, 0xF1, - 0x50, 0x3, 0x73, 0x4F, 0xA5, 0x99, 0xD2, 0x71}; - vec = {nonce_17, aad_17, key_17, plaintext_17, ciphertext_17, 12, 81, - 44, 0, 16}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); - - // Derived from IEEE 2.6.1 61-byte crypt - uint8_t nonce_18[] = {0x7C, 0xFD, 0xE9, 0xF9, 0xE3, 0x37, - 0x24, 0xC6, 0x89, 0x32, 0xD6, 0x12}; - uint8_t aad_18[] = {0x84, 0xC5, 0xD5, 0x13, 0xD2, 0xAA, 0xF6, - 0xE5, 0xBB, 0xD2, 0x72, 0x77, 0x88, 0xE5, - 0x2F, 0x0, 0x89, 0x32, 0xD6, 0x12, 0x7C, - 0xFD, 0xE9, 0xF9, 0xE3, 0x37, 0x24, 0xC6}; - uint8_t key_18[] = {0x1, 0x3F, 0xE0, 0xB, 0x5F, 0x11, 0xBE, 0x7F, 0x86, - 0x6D, 0xC, 0xBB, 0xC5, 0x5A, 0x7A, 0x90, 0x0, 0x3E, - 0xE1, 0xA, 0x5E, 0x10, 0xBF, 0x7E, 0x87, 0x6C, 0xD, - 0xBA, 0xC4, 0x5B, 0x7B, 0x91, 0x3, 0x3D, 0xE2, 0x9, - 0x5D, 0x13, 0xBC, 0x7D, 0x84, 0x6F, 0xE, 0xB9}; - uint8_t plaintext_18[] = { - 0x8, 0x0, 0xF, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, - 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, - 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, - 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, - 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x0, 0x6}; - uint8_t ciphertext_18[] = { - 0xFF, 0x19, 0x10, 0xD3, 0x5A, 0xD7, 0xE5, 0x65, 0x78, 0x90, 0xC7, - 0xC5, 0x60, 0x14, 0x6F, 0xD0, 0x38, 0x70, 0x7F, 0x20, 0x4B, 0x66, - 0xED, 0xBC, 0x3D, 0x16, 0x1F, 0x8A, 0xCE, 0x24, 0x4B, 0x98, 0x59, - 0x21, 0x2, 0x3C, 0x43, 0x6E, 0x3A, 0x1C, 0x35, 0x32, 0xEC, 0xD5, - 0xD0, 0x9A, 0x5, 0x6D, 0x70, 0xBE, 0x58, 0x3F, 0xD, 0x10, 0x82, - 0x9D, 0x93, 0x87, 0xD0, 0x7D, 0x33, 0xD8, 0x72, 0xE4, 0x90}; - vec = {nonce_18, aad_18, key_18, plaintext_18, ciphertext_18, - 12, 28, 44, 49, 65}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); - - // Derived from IEEE 2.6.2 61-byte crypt - uint8_t nonce_19[] = {0x7C, 0xFD, 0xE9, 0xF9, 0xE3, 0x37, - 0x24, 0xC6, 0x89, 0x32, 0xD6, 0x12}; - uint8_t aad_19[] = {0x84, 0xC5, 0xD5, 0x13, 0xD2, 0xAA, 0xF6, - 0xE5, 0xBB, 0xD2, 0x72, 0x77, 0x88, 0xE5, - 0x2F, 0x0, 0x89, 0x32, 0xD6, 0x12, 0x7C, - 0xFD, 0xE9, 0xF9, 0xE3, 0x37, 0x24, 0xC6}; - uint8_t key_19[] = {0x83, 0xC0, 0x93, 0xB5, 0x8D, 0xE7, 0xFF, 0xE1, 0xC0, - 0xDA, 0x92, 0x6A, 0xC4, 0x3F, 0xB3, 0x60, 0x9A, 0xC1, - 0xC8, 0xF, 0xEE, 0x1B, 0x62, 0x44, 0x97, 0xEF, 0x94, - 0x2E, 0x2F, 0x79, 0xA8, 0x23, 0x81, 0xC2, 0x91, 0xB7, - 0x8F, 0xE5, 0xFD, 0xE3, 0xC2, 0xD8, 0x90, 0x68}; - uint8_t plaintext_19[] = { - 0x8, 0x0, 0xF, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, - 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, - 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, - 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, - 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x0, 0x6}; - uint8_t ciphertext_19[] = { - 0xD, 0xB4, 0xCF, 0x95, 0x6B, 0x5F, 0x97, 0xEC, 0xA4, 0xEA, 0xB8, - 0x2A, 0x69, 0x55, 0x30, 0x7F, 0x9A, 0xE0, 0x2A, 0x32, 0xDD, 0x7D, - 0x93, 0xF8, 0x3D, 0x66, 0xAD, 0x4, 0xE1, 0xCF, 0xDC, 0x51, 0x82, - 0xAD, 0x12, 0xAB, 0xDE, 0xA5, 0xBB, 0xB6, 0x19, 0xA1, 0xBD, 0x5F, - 0xB9, 0xA5, 0x73, 0x59, 0xF, 0xBA, 0x90, 0x8E, 0x9C, 0x7A, 0x46, - 0xC1, 0xF7, 0xBA, 0x9, 0x5, 0xD1, 0xB5, 0x5F, 0xFD, 0xA4}; - vec = {nonce_19, aad_19, key_19, plaintext_19, ciphertext_19, - 12, 28, 44, 49, 65}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); - - // Derived from IEEE 2.7.1 79-byte crypt - uint8_t nonce_20[] = {0x7A, 0xE8, 0xE2, 0xCA, 0x4E, 0xC5, - 0x0, 0x1, 0x2E, 0x58, 0x49, 0x5C}; - uint8_t aad_20[] = { - 0x68, 0xF2, 0xE7, 0x76, 0x96, 0xCE, 0x7A, 0xE8, 0xE2, 0xCA, 0x4E, - 0xC5, 0x88, 0xE5, 0x41, 0x0, 0x2E, 0x58, 0x49, 0x5C, 0x8, 0x0, - 0xF, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, - 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, - 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, - 0x3B, 0x3C, 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, - 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C, 0x4D, 0x0, 0x7}; - uint8_t key_20[] = {0x88, 0xEE, 0x8, 0x7F, 0xD9, 0x5D, 0xA9, 0xFB, 0xF6, - 0x72, 0x5A, 0xA9, 0xD7, 0x57, 0xB0, 0xCD, 0x89, 0xEF, - 0x9, 0x7E, 0xD8, 0x5C, 0xA8, 0xFA, 0xF7, 0x73, 0x5B, - 0xA8, 0xD6, 0x56, 0xB1, 0xCC, 0x8A, 0xEC, 0xA, 0x7D, - 0xDB, 0x5F, 0xAB, 0xF9, 0xF4, 0x70, 0x58, 0xAB}; - uint8_t plaintext_20[1] = {}; - uint8_t ciphertext_20[] = {0x81, 0x3F, 0xE, 0x63, 0xF, 0x96, 0xFB, 0x2D, - 0x3, 0xF, 0x58, 0xD8, 0x3F, 0x5C, 0xDF, 0xD0}; - vec = {nonce_20, aad_20, key_20, plaintext_20, ciphertext_20, 12, 87, - 44, 0, 16}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); - - // Derived from IEEE 2.7.2 79-byte crypt - uint8_t nonce_21[] = {0x7A, 0xE8, 0xE2, 0xCA, 0x4E, 0xC5, - 0x0, 0x1, 0x2E, 0x58, 0x49, 0x5C}; - uint8_t aad_21[] = { - 0x68, 0xF2, 0xE7, 0x76, 0x96, 0xCE, 0x7A, 0xE8, 0xE2, 0xCA, 0x4E, - 0xC5, 0x88, 0xE5, 0x41, 0x0, 0x2E, 0x58, 0x49, 0x5C, 0x8, 0x0, - 0xF, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, - 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, - 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, - 0x3B, 0x3C, 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, - 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C, 0x4D, 0x0, 0x7}; - uint8_t key_21[] = {0x4C, 0x97, 0x3D, 0xBC, 0x73, 0x64, 0x62, 0x16, 0x74, - 0xF8, 0xB5, 0xB8, 0x9E, 0x5C, 0x15, 0x51, 0x1F, 0xCE, - 0xD9, 0x21, 0x64, 0x90, 0xFB, 0x1C, 0x1A, 0x2C, 0xAA, - 0xF, 0xFE, 0x4, 0x7, 0xE5, 0x4E, 0x95, 0x3F, 0xBE, - 0x71, 0x66, 0x60, 0x14, 0x76, 0xFA, 0xB7, 0xBA}; - uint8_t plaintext_21[1] = {}; - uint8_t ciphertext_21[] = {0x77, 0xE5, 0xA4, 0x4C, 0x21, 0xEB, 0x7, 0x18, - 0x8A, 0xAC, 0xBD, 0x74, 0xD1, 0x98, 0xE, 0x97}; - vec = {nonce_21, aad_21, key_21, plaintext_21, ciphertext_21, 12, 87, - 44, 0, 16}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); - - // Derived from IEEE 2.8.1 61-byte crypt - uint8_t nonce_22[] = {0x7A, 0xE8, 0xE2, 0xCA, 0x4E, 0xC5, - 0x0, 0x1, 0x2E, 0x58, 0x49, 0x5C}; - uint8_t aad_22[] = {0x68, 0xF2, 0xE7, 0x76, 0x96, 0xCE, 0x7A, - 0xE8, 0xE2, 0xCA, 0x4E, 0xC5, 0x88, 0xE5, - 0x4D, 0x0, 0x2E, 0x58, 0x49, 0x5C}; - uint8_t key_22[] = {0x88, 0xEE, 0x8, 0x7F, 0xD9, 0x5D, 0xA9, 0xFB, 0xF6, - 0x72, 0x5A, 0xA9, 0xD7, 0x57, 0xB0, 0xCD, 0x89, 0xEF, - 0x9, 0x7E, 0xD8, 0x5C, 0xA8, 0xFA, 0xF7, 0x73, 0x5B, - 0xA8, 0xD6, 0x56, 0xB1, 0xCC, 0x8A, 0xEC, 0xA, 0x7D, - 0xDB, 0x5F, 0xAB, 0xF9, 0xF4, 0x70, 0x58, 0xAB}; - uint8_t plaintext_22[] = { - 0x8, 0x0, 0xF, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, - 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, - 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, - 0x39, 0x3A, 0x3B, 0x3C, 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, - 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x0, 0x8}; - uint8_t ciphertext_22[] = { - 0x95, 0x8E, 0xC3, 0xF6, 0xD6, 0xA, 0xFE, 0xDA, 0x99, 0xEF, 0xD8, 0x88, - 0xF1, 0x75, 0xE5, 0xFC, 0xD4, 0xC8, 0x7B, 0x9B, 0xCC, 0x5C, 0x2F, 0x54, - 0x26, 0x25, 0x3A, 0x8B, 0x50, 0x62, 0x96, 0xC8, 0xC4, 0x33, 0x9, 0xAB, - 0x2A, 0xDB, 0x59, 0x39, 0x46, 0x25, 0x41, 0xD9, 0x5E, 0x80, 0x81, 0x1E, - 0x4, 0xE7, 0x6, 0xB1, 0x49, 0x8F, 0x2C, 0x40, 0x7C, 0x7F, 0xB2, 0x34, - 0xF8, 0xCC, 0x1, 0xA6, 0x47, 0x55, 0xE, 0xE6, 0xB5, 0x57, 0xB3, 0x5A, - 0x7E, 0x39, 0x45, 0x38, 0x18, 0x21, 0xF4}; - vec = {nonce_22, aad_22, key_22, plaintext_22, ciphertext_22, - 12, 20, 44, 63, 79}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); - - // Derived from IEEE 2.8.2 61-byte crypt - uint8_t nonce_23[] = {0x7A, 0xE8, 0xE2, 0xCA, 0x4E, 0xC5, - 0x0, 0x1, 0x2E, 0x58, 0x49, 0x5C}; - uint8_t aad_23[] = {0x68, 0xF2, 0xE7, 0x76, 0x96, 0xCE, 0x7A, - 0xE8, 0xE2, 0xCA, 0x4E, 0xC5, 0x88, 0xE5, - 0x4D, 0x0, 0x2E, 0x58, 0x49, 0x5C}; - uint8_t key_23[] = {0x4C, 0x97, 0x3D, 0xBC, 0x73, 0x64, 0x62, 0x16, 0x74, - 0xF8, 0xB5, 0xB8, 0x9E, 0x5C, 0x15, 0x51, 0x1F, 0xCE, - 0xD9, 0x21, 0x64, 0x90, 0xFB, 0x1C, 0x1A, 0x2C, 0xAA, - 0xF, 0xFE, 0x4, 0x7, 0xE5, 0x4E, 0x95, 0x3F, 0xBE, - 0x71, 0x66, 0x60, 0x14, 0x76, 0xFA, 0xB7, 0xBA}; - uint8_t plaintext_23[] = { - 0x8, 0x0, 0xF, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, - 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, - 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, - 0x39, 0x3A, 0x3B, 0x3C, 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, - 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x0, 0x8}; - uint8_t ciphertext_23[] = { - 0xB4, 0x4D, 0x7, 0x20, 0x11, 0xCD, 0x36, 0xD2, 0x72, 0xA9, 0xB7, 0xA9, - 0x8D, 0xB9, 0xAA, 0x90, 0xCB, 0xC5, 0xC6, 0x7B, 0x93, 0xDD, 0xCE, 0x67, - 0xC8, 0x54, 0x50, 0x32, 0x14, 0xE2, 0xE8, 0x96, 0xEC, 0x7E, 0x9D, 0xB6, - 0x49, 0xED, 0x4B, 0xCF, 0x6F, 0x85, 0xA, 0xAC, 0x2, 0x23, 0xD0, 0xCF, - 0x92, 0xC8, 0x3D, 0xB8, 0x7, 0x95, 0xC3, 0xA1, 0x7E, 0xCC, 0x12, 0x48, - 0xBB, 0x0, 0x59, 0x17, 0x12, 0xB1, 0xAE, 0x71, 0xE2, 0x68, 0x16, 0x41, - 0x96, 0x25, 0x21, 0x62, 0x81, 0xB, 0x0}; - vec = {nonce_23, aad_23, key_23, plaintext_23, ciphertext_23, - 12, 20, 44, 63, 79}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); -} - -static void gsec_test_do_vector_tests_nist() { - /** - * From: - * http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/ - * gcm-revised-spec.pdf - */ - - /* Test vector 1 */ - gsec_aead_test_vector* test_vector_1; - const uint8_t test_vector_1_key[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00}; - const uint8_t test_vector_1_nonce[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; - const uint8_t test_vector_1_aad[1] = {}; - const uint8_t test_vector_1_plaintext[1] = {}; - const uint8_t test_vector_1_ciphertext_and_tag[] = { - 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61, - 0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a}; - gsec_aead_malloc_test_vector( - &test_vector_1, test_vector_1_key, - sizeof(test_vector_1_key) / sizeof(uint8_t), test_vector_1_nonce, - sizeof(test_vector_1_nonce) / sizeof(uint8_t), test_vector_1_aad, 0, - test_vector_1_plaintext, 0, test_vector_1_ciphertext_and_tag, - sizeof(test_vector_1_ciphertext_and_tag) / sizeof(uint8_t)); - gsec_test_verify_crypter_on_test_vector(test_vector_1); - gsec_aead_free_test_vector(test_vector_1); - - /* Test vector 2 */ - gsec_aead_test_vector* test_vector_2; - const uint8_t test_vector_2_key[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00}; - const uint8_t test_vector_2_nonce[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; - const uint8_t test_vector_2_aad[1] = {}; - const uint8_t test_vector_2_plaintext[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00}; - const uint8_t test_vector_2_ciphertext_and_tag[] = { - 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92, 0xf3, 0x28, 0xc2, - 0xb9, 0x71, 0xb2, 0xfe, 0x78, 0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, - 0x13, 0xbd, 0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf}; - gsec_aead_malloc_test_vector( - &test_vector_2, test_vector_2_key, - sizeof(test_vector_2_key) / sizeof(uint8_t), test_vector_2_nonce, - sizeof(test_vector_2_nonce) / sizeof(uint8_t), test_vector_2_aad, 0, - test_vector_2_plaintext, - sizeof(test_vector_2_plaintext) / sizeof(uint8_t), - test_vector_2_ciphertext_and_tag, - sizeof(test_vector_2_ciphertext_and_tag) / sizeof(uint8_t)); - gsec_test_verify_crypter_on_test_vector(test_vector_2); - gsec_aead_free_test_vector(test_vector_2); - - /* Test vector 3 */ - gsec_aead_test_vector* test_vector_3; - const uint8_t test_vector_3_key[] = {0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, - 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94, - 0x67, 0x30, 0x83, 0x08}; - const uint8_t test_vector_3_nonce[] = {0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, - 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88}; - const uint8_t test_vector_3_aad[1] = {}; - const uint8_t test_vector_3_plaintext[] = { - 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, - 0xc5, 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, - 0xf7, 0xda, 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, - 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, - 0x49, 0xa6, 0xb5, 0x25, 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, - 0x57, 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55}; - const uint8_t test_vector_3_ciphertext_and_tag[] = { - 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24, 0x4b, 0x72, 0x21, 0xb7, - 0x84, 0xd0, 0xd4, 0x9c, 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0, - 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e, 0x21, 0xd5, 0x14, 0xb2, - 0x54, 0x66, 0x93, 0x1c, 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05, - 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97, 0x3d, 0x58, 0xe0, 0x91, - 0x47, 0x3f, 0x59, 0x85, 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6, - 0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4}; - gsec_aead_malloc_test_vector( - &test_vector_3, test_vector_3_key, - sizeof(test_vector_3_key) / sizeof(uint8_t), test_vector_3_nonce, - sizeof(test_vector_3_nonce) / sizeof(uint8_t), test_vector_3_aad, 0, - test_vector_3_plaintext, - sizeof(test_vector_3_plaintext) / sizeof(uint8_t), - test_vector_3_ciphertext_and_tag, - sizeof(test_vector_3_ciphertext_and_tag) / sizeof(uint8_t)); - gsec_test_verify_crypter_on_test_vector(test_vector_3); - gsec_aead_free_test_vector(test_vector_3); - - /* Test vector 4 */ - gsec_aead_test_vector* test_vector_4; - const uint8_t test_vector_4_key[] = {0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, - 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94, - 0x67, 0x30, 0x83, 0x08}; - const uint8_t test_vector_4_nonce[] = {0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, - 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88}; - const uint8_t test_vector_4_aad[] = {0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, - 0xef, 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, - 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2}; - const uint8_t test_vector_4_plaintext[] = { - 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5, - 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, - 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95, - 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, - 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39}; - const uint8_t test_vector_4_ciphertext_and_tag[] = { - 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24, 0x4b, 0x72, 0x21, - 0xb7, 0x84, 0xd0, 0xd4, 0x9c, 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, - 0xa4, 0xe0, 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e, 0x21, - 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c, 0x7d, 0x8f, 0x6a, 0x5a, - 0xac, 0x84, 0xaa, 0x05, 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, - 0x97, 0x3d, 0x58, 0xe0, 0x91, 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, - 0xa5, 0xdb, 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47}; - gsec_aead_malloc_test_vector( - &test_vector_4, test_vector_4_key, - sizeof(test_vector_4_key) / sizeof(uint8_t), test_vector_4_nonce, - sizeof(test_vector_4_nonce) / sizeof(uint8_t), test_vector_4_aad, - sizeof(test_vector_4_aad) / sizeof(uint8_t), test_vector_4_plaintext, - sizeof(test_vector_4_plaintext) / sizeof(uint8_t), - test_vector_4_ciphertext_and_tag, - sizeof(test_vector_4_ciphertext_and_tag) / sizeof(uint8_t)); - gsec_test_verify_crypter_on_test_vector(test_vector_4); - gsec_aead_free_test_vector(test_vector_4); -} - -static void gsec_test_do_vector_tests_ieee() { - /** - * From: - * http://www.ieee802.org/1/files/public/docs2011/ - * bn-randall-test-vectors-0511-v1.pdf - */ - - /* 2.1.1 54-byte auth */ - gsec_aead_test_vector* test_vector_5; - const uint8_t test_vector_5_key[] = {0xad, 0x7a, 0x2b, 0xd0, 0x3e, 0xac, - 0x83, 0x5a, 0x6f, 0x62, 0x0f, 0xdc, - 0xb5, 0x06, 0xb3, 0x45}; - const uint8_t test_vector_5_nonce[] = {0x12, 0x15, 0x35, 0x24, 0xc0, 0x89, - 0x5e, 0x81, 0xb2, 0xc2, 0x84, 0x65}; - const uint8_t test_vector_5_aad[] = { - 0xd6, 0x09, 0xb1, 0xf0, 0x56, 0x63, 0x7a, 0x0d, 0x46, 0xdf, 0x99, 0x8d, - 0x88, 0xe5, 0x22, 0x2a, 0xb2, 0xc2, 0x84, 0x65, 0x12, 0x15, 0x35, 0x24, - 0xc0, 0x89, 0x5e, 0x81, 0x08, 0x00, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, - 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, - 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, - 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x00, 0x01}; - const uint8_t test_vector_5_plaintext[1] = {}; - const uint8_t test_vector_5_ciphertext_and_tag[] = { - 0xf0, 0x94, 0x78, 0xa9, 0xb0, 0x90, 0x07, 0xd0, - 0x6f, 0x46, 0xe9, 0xb6, 0xa1, 0xda, 0x25, 0xdd}; - gsec_aead_malloc_test_vector( - &test_vector_5, test_vector_5_key, - sizeof(test_vector_5_key) / sizeof(uint8_t), test_vector_5_nonce, - sizeof(test_vector_5_nonce) / sizeof(uint8_t), test_vector_5_aad, - sizeof(test_vector_5_aad) / sizeof(uint8_t), test_vector_5_plaintext, 0, - test_vector_5_ciphertext_and_tag, - sizeof(test_vector_5_ciphertext_and_tag) / sizeof(uint8_t)); - gsec_test_verify_crypter_on_test_vector(test_vector_5); - gsec_aead_free_test_vector(test_vector_5); - - /* 2.1.2 54-byte auth */ - gsec_aead_test_vector* test_vector_6; - const uint8_t test_vector_6_key[] = { - 0xe3, 0xc0, 0x8a, 0x8f, 0x06, 0xc6, 0xe3, 0xad, 0x95, 0xa7, 0x05, - 0x57, 0xb2, 0x3f, 0x75, 0x48, 0x3c, 0xe3, 0x30, 0x21, 0xa9, 0xc7, - 0x2b, 0x70, 0x25, 0x66, 0x62, 0x04, 0xc6, 0x9c, 0x0b, 0x72}; - - const uint8_t test_vector_6_nonce[] = {0x12, 0x15, 0x35, 0x24, 0xc0, 0x89, - 0x5e, 0x81, 0xb2, 0xc2, 0x84, 0x65}; - const uint8_t test_vector_6_aad[] = { - 0xd6, 0x09, 0xb1, 0xf0, 0x56, 0x63, 0x7a, 0x0d, 0x46, 0xdf, 0x99, 0x8d, - 0x88, 0xe5, 0x22, 0x2a, 0xb2, 0xc2, 0x84, 0x65, 0x12, 0x15, 0x35, 0x24, - 0xc0, 0x89, 0x5e, 0x81, 0x08, 0x00, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, - 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, - 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, - 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x00, 0x01}; - const uint8_t test_vector_6_plaintext[1] = {}; - const uint8_t test_vector_6_ciphertext_and_tag[] = { - 0x2f, 0x0b, 0xc5, 0xaf, 0x40, 0x9e, 0x06, 0xd6, - 0x09, 0xea, 0x8b, 0x7d, 0x0f, 0xa5, 0xea, 0x50}; - gsec_aead_malloc_test_vector( - &test_vector_6, test_vector_6_key, - sizeof(test_vector_6_key) / sizeof(uint8_t), test_vector_6_nonce, - sizeof(test_vector_6_nonce) / sizeof(uint8_t), test_vector_6_aad, - sizeof(test_vector_6_aad) / sizeof(uint8_t), test_vector_6_plaintext, 0, - test_vector_6_ciphertext_and_tag, - sizeof(test_vector_6_ciphertext_and_tag) / sizeof(uint8_t)); - gsec_test_verify_crypter_on_test_vector(test_vector_6); - gsec_aead_free_test_vector(test_vector_6); - - /* 2.2.1 60-byte crypt */ - gsec_aead_test_vector* test_vector_7; - const uint8_t test_vector_7_key[] = {0xad, 0x7a, 0x2b, 0xd0, 0x3e, 0xac, - 0x83, 0x5a, 0x6f, 0x62, 0x0f, 0xdc, - 0xb5, 0x06, 0xb3, 0x45}; - - const uint8_t test_vector_7_nonce[] = {0x12, 0x15, 0x35, 0x24, 0xc0, 0x89, - 0x5e, 0x81, 0xb2, 0xc2, 0x84, 0x65}; - const uint8_t test_vector_7_aad[] = { - 0xd6, 0x09, 0xb1, 0xf0, 0x56, 0x63, 0x7a, 0x0d, 0x46, 0xdf, - 0x99, 0x8d, 0x88, 0xe5, 0x2e, 0x00, 0xb2, 0xc2, 0x84, 0x65, - 0x12, 0x15, 0x35, 0x24, 0xc0, 0x89, 0x5e, 0x81}; - const uint8_t test_vector_7_plaintext[] = { - 0x08, 0x00, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, - 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, - 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, - 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x00, 0x02}; - const uint8_t test_vector_7_ciphertext_and_tag[] = { - 0x70, 0x1a, 0xfa, 0x1c, 0xc0, 0x39, 0xc0, 0xd7, 0x65, 0x12, 0x8a, - 0x66, 0x5d, 0xab, 0x69, 0x24, 0x38, 0x99, 0xbf, 0x73, 0x18, 0xcc, - 0xdc, 0x81, 0xc9, 0x93, 0x1d, 0xa1, 0x7f, 0xbe, 0x8e, 0xdd, 0x7d, - 0x17, 0xcb, 0x8b, 0x4c, 0x26, 0xfc, 0x81, 0xe3, 0x28, 0x4f, 0x2b, - 0x7f, 0xba, 0x71, 0x3d, 0x4f, 0x8d, 0x55, 0xe7, 0xd3, 0xf0, 0x6f, - 0xd5, 0xa1, 0x3c, 0x0c, 0x29, 0xb9, 0xd5, 0xb8, 0x80}; - gsec_aead_malloc_test_vector( - &test_vector_7, test_vector_7_key, - sizeof(test_vector_7_key) / sizeof(uint8_t), test_vector_7_nonce, - sizeof(test_vector_7_nonce) / sizeof(uint8_t), test_vector_7_aad, - sizeof(test_vector_7_aad) / sizeof(uint8_t), test_vector_7_plaintext, - sizeof(test_vector_7_plaintext) / sizeof(uint8_t), - test_vector_7_ciphertext_and_tag, - sizeof(test_vector_7_ciphertext_and_tag) / sizeof(uint8_t)); - gsec_test_verify_crypter_on_test_vector(test_vector_7); - gsec_aead_free_test_vector(test_vector_7); - - /* 2.2.2 60-byte crypt */ - gsec_aead_test_vector* test_vector_8; - const uint8_t test_vector_8_key[] = { - 0xe3, 0xc0, 0x8a, 0x8f, 0x06, 0xc6, 0xe3, 0xad, 0x95, 0xa7, 0x05, - 0x57, 0xb2, 0x3f, 0x75, 0x48, 0x3c, 0xe3, 0x30, 0x21, 0xa9, 0xc7, - 0x2b, 0x70, 0x25, 0x66, 0x62, 0x04, 0xc6, 0x9c, 0x0b, 0x72}; - const uint8_t test_vector_8_nonce[] = {0x12, 0x15, 0x35, 0x24, 0xc0, 0x89, - 0x5e, 0x81, 0xb2, 0xc2, 0x84, 0x65}; - const uint8_t test_vector_8_aad[] = { - 0xd6, 0x09, 0xb1, 0xf0, 0x56, 0x63, 0x7a, 0x0d, 0x46, 0xdf, - 0x99, 0x8d, 0x88, 0xe5, 0x2e, 0x00, 0xb2, 0xc2, 0x84, 0x65, - 0x12, 0x15, 0x35, 0x24, 0xc0, 0x89, 0x5e, 0x81}; - const uint8_t test_vector_8_plaintext[] = { - 0x08, 0x00, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, - 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, - 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, - 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x00, 0x02}; - const uint8_t test_vector_8_ciphertext_and_tag[] = { - 0xe2, 0x00, 0x6e, 0xb4, 0x2f, 0x52, 0x77, 0x02, 0x2d, 0x9b, 0x19, - 0x92, 0x5b, 0xc4, 0x19, 0xd7, 0xa5, 0x92, 0x66, 0x6c, 0x92, 0x5f, - 0xe2, 0xef, 0x71, 0x8e, 0xb4, 0xe3, 0x08, 0xef, 0xea, 0xa7, 0xc5, - 0x27, 0x3b, 0x39, 0x41, 0x18, 0x86, 0x0a, 0x5b, 0xe2, 0xa9, 0x7f, - 0x56, 0xab, 0x78, 0x36, 0x5c, 0xa5, 0x97, 0xcd, 0xbb, 0x3e, 0xdb, - 0x8d, 0x1a, 0x11, 0x51, 0xea, 0x0a, 0xf7, 0xb4, 0x36}; - gsec_aead_malloc_test_vector( - &test_vector_8, test_vector_8_key, - sizeof(test_vector_8_key) / sizeof(uint8_t), test_vector_8_nonce, - sizeof(test_vector_8_nonce) / sizeof(uint8_t), test_vector_8_aad, - sizeof(test_vector_8_aad) / sizeof(uint8_t), test_vector_8_plaintext, - sizeof(test_vector_8_plaintext) / sizeof(uint8_t), - test_vector_8_ciphertext_and_tag, - sizeof(test_vector_8_ciphertext_and_tag) / sizeof(uint8_t)); - gsec_test_verify_crypter_on_test_vector(test_vector_8); - gsec_aead_free_test_vector(test_vector_8); - - /* 2.3.1 60-byte auth */ - gsec_aead_test_vector* test_vector_9; - const uint8_t test_vector_9_key[] = {0x07, 0x1b, 0x11, 0x3b, 0x0c, 0xa7, - 0x43, 0xfe, 0xcc, 0xcf, 0x3d, 0x05, - 0x1f, 0x73, 0x73, 0x82}; - const uint8_t test_vector_9_nonce[] = {0xf0, 0x76, 0x1e, 0x8d, 0xcd, 0x3d, - 0x00, 0x01, 0x76, 0xd4, 0x57, 0xed}; - const uint8_t test_vector_9_aad[] = { - 0xe2, 0x01, 0x06, 0xd7, 0xcd, 0x0d, 0xf0, 0x76, 0x1e, 0x8d, 0xcd, 0x3d, - 0x88, 0xe5, 0x40, 0x00, 0x76, 0xd4, 0x57, 0xed, 0x08, 0x00, 0x0f, 0x10, - 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, - 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, - 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, - 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x00, 0x03}; - const uint8_t test_vector_9_plaintext[1] = {}; - const uint8_t test_vector_9_ciphertext_and_tag[] = { - 0x0c, 0x01, 0x7b, 0xc7, 0x3b, 0x22, 0x7d, 0xfc, - 0xc9, 0xba, 0xfa, 0x1c, 0x41, 0xac, 0xc3, 0x53}; - gsec_aead_malloc_test_vector( - &test_vector_9, test_vector_9_key, - sizeof(test_vector_9_key) / sizeof(uint8_t), test_vector_9_nonce, - sizeof(test_vector_9_nonce) / sizeof(uint8_t), test_vector_9_aad, - sizeof(test_vector_9_aad) / sizeof(uint8_t), test_vector_9_plaintext, 0, - test_vector_9_ciphertext_and_tag, - sizeof(test_vector_9_ciphertext_and_tag) / sizeof(uint8_t)); - gsec_test_verify_crypter_on_test_vector(test_vector_9); - gsec_aead_free_test_vector(test_vector_9); - - /* 2.3.2 60-byte auth */ - gsec_aead_test_vector* test_vector_10; - const uint8_t test_vector_10_key[] = { - 0x69, 0x1d, 0x3e, 0xe9, 0x09, 0xd7, 0xf5, 0x41, 0x67, 0xfd, 0x1c, - 0xa0, 0xb5, 0xd7, 0x69, 0x08, 0x1f, 0x2b, 0xde, 0x1a, 0xee, 0x65, - 0x5f, 0xdb, 0xab, 0x80, 0xbd, 0x52, 0x95, 0xae, 0x6b, 0xe7}; - const uint8_t test_vector_10_nonce[] = {0xf0, 0x76, 0x1e, 0x8d, 0xcd, 0x3d, - 0x00, 0x01, 0x76, 0xd4, 0x57, 0xed}; - const uint8_t test_vector_10_aad[] = { - 0xe2, 0x01, 0x06, 0xd7, 0xcd, 0x0d, 0xf0, 0x76, 0x1e, 0x8d, 0xcd, 0x3d, - 0x88, 0xe5, 0x40, 0x00, 0x76, 0xd4, 0x57, 0xed, 0x08, 0x00, 0x0f, 0x10, - 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, - 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, - 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, - 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x00, 0x03}; - const uint8_t test_vector_10_plaintext[1] = {}; - const uint8_t test_vector_10_ciphertext_and_tag[] = { - 0x35, 0x21, 0x7c, 0x77, 0x4b, 0xbc, 0x31, 0xb6, - 0x31, 0x66, 0xbc, 0xf9, 0xd4, 0xab, 0xed, 0x07}; - gsec_aead_malloc_test_vector( - &test_vector_10, test_vector_10_key, - sizeof(test_vector_10_key) / sizeof(uint8_t), test_vector_10_nonce, - sizeof(test_vector_10_nonce) / sizeof(uint8_t), test_vector_10_aad, - sizeof(test_vector_10_aad) / sizeof(uint8_t), test_vector_10_plaintext, 0, - test_vector_10_ciphertext_and_tag, - sizeof(test_vector_10_ciphertext_and_tag) / sizeof(uint8_t)); - gsec_test_verify_crypter_on_test_vector(test_vector_10); - gsec_aead_free_test_vector(test_vector_10); - - /* 2.4.1 54-byte crypt */ - gsec_aead_test_vector* test_vector_11; - const uint8_t test_vector_11_key[] = {0x07, 0x1b, 0x11, 0x3b, 0x0c, 0xa7, - 0x43, 0xfe, 0xcc, 0xcf, 0x3d, 0x05, - 0x1f, 0x73, 0x73, 0x82}; - const uint8_t test_vector_11_nonce[] = {0xf0, 0x76, 0x1e, 0x8d, 0xcd, 0x3d, - 0x00, 0x01, 0x76, 0xd4, 0x57, 0xed}; - const uint8_t test_vector_11_aad[] = { - 0xe2, 0x01, 0x06, 0xd7, 0xcd, 0x0d, 0xf0, 0x76, 0x1e, 0x8d, - 0xcd, 0x3d, 0x88, 0xe5, 0x4c, 0x2a, 0x76, 0xd4, 0x57, 0xed}; - const uint8_t test_vector_11_plaintext[] = { - 0x08, 0x00, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, - 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, - 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x00, 0x04}; - const uint8_t test_vector_11_ciphertext_and_tag[] = { - 0x13, 0xb4, 0xc7, 0x2b, 0x38, 0x9d, 0xc5, 0x01, 0x8e, 0x72, 0xa1, 0x71, - 0xdd, 0x85, 0xa5, 0xd3, 0x75, 0x22, 0x74, 0xd3, 0xa0, 0x19, 0xfb, 0xca, - 0xed, 0x09, 0xa4, 0x25, 0xcd, 0x9b, 0x2e, 0x1c, 0x9b, 0x72, 0xee, 0xe7, - 0xc9, 0xde, 0x7d, 0x52, 0xb3, 0xf3, 0xd6, 0xa5, 0x28, 0x4f, 0x4a, 0x6d, - 0x3f, 0xe2, 0x2a, 0x5d, 0x6c, 0x2b, 0x96, 0x04, 0x94, 0xc3}; - gsec_aead_malloc_test_vector( - &test_vector_11, test_vector_11_key, - sizeof(test_vector_11_key) / sizeof(uint8_t), test_vector_11_nonce, - sizeof(test_vector_11_nonce) / sizeof(uint8_t), test_vector_11_aad, - sizeof(test_vector_11_aad) / sizeof(uint8_t), test_vector_11_plaintext, - sizeof(test_vector_11_plaintext) / sizeof(uint8_t), - test_vector_11_ciphertext_and_tag, - sizeof(test_vector_11_ciphertext_and_tag) / sizeof(uint8_t)); - gsec_test_verify_crypter_on_test_vector(test_vector_11); - gsec_aead_free_test_vector(test_vector_11); - - /* 2.4.2 54-byte crypt */ - gsec_aead_test_vector* test_vector_12; - const uint8_t test_vector_12_key[] = { - 0x69, 0x1d, 0x3e, 0xe9, 0x09, 0xd7, 0xf5, 0x41, 0x67, 0xfd, 0x1c, - 0xa0, 0xb5, 0xd7, 0x69, 0x08, 0x1f, 0x2b, 0xde, 0x1a, 0xee, 0x65, - 0x5f, 0xdb, 0xab, 0x80, 0xbd, 0x52, 0x95, 0xae, 0x6b, 0xe7}; - const uint8_t test_vector_12_nonce[] = {0xf0, 0x76, 0x1e, 0x8d, 0xcd, 0x3d, - 0x00, 0x01, 0x76, 0xd4, 0x57, 0xed}; - const uint8_t test_vector_12_aad[] = { - 0xe2, 0x01, 0x06, 0xd7, 0xcd, 0x0d, 0xf0, 0x76, 0x1e, 0x8d, - 0xcd, 0x3d, 0x88, 0xe5, 0x4c, 0x2a, 0x76, 0xd4, 0x57, 0xed}; - const uint8_t test_vector_12_plaintext[] = { - 0x08, 0x00, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, - 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, - 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x00, 0x04}; - const uint8_t test_vector_12_ciphertext_and_tag[] = { - 0xc1, 0x62, 0x3f, 0x55, 0x73, 0x0c, 0x93, 0x53, 0x30, 0x97, 0xad, 0xda, - 0xd2, 0x56, 0x64, 0x96, 0x61, 0x25, 0x35, 0x2b, 0x43, 0xad, 0xac, 0xbd, - 0x61, 0xc5, 0xef, 0x3a, 0xc9, 0x0b, 0x5b, 0xee, 0x92, 0x9c, 0xe4, 0x63, - 0x0e, 0xa7, 0x9f, 0x6c, 0xe5, 0x19, 0x12, 0xaf, 0x39, 0xc2, 0xd1, 0xfd, - 0xc2, 0x05, 0x1f, 0x8b, 0x7b, 0x3c, 0x9d, 0x39, 0x7e, 0xf2}; - gsec_aead_malloc_test_vector( - &test_vector_12, test_vector_12_key, - sizeof(test_vector_12_key) / sizeof(uint8_t), test_vector_12_nonce, - sizeof(test_vector_12_nonce) / sizeof(uint8_t), test_vector_12_aad, - sizeof(test_vector_12_aad) / sizeof(uint8_t), test_vector_12_plaintext, - sizeof(test_vector_12_plaintext) / sizeof(uint8_t), - test_vector_12_ciphertext_and_tag, - sizeof(test_vector_12_ciphertext_and_tag) / sizeof(uint8_t)); - gsec_test_verify_crypter_on_test_vector(test_vector_12); - gsec_aead_free_test_vector(test_vector_12); - - /* 2.5.1 65-byte auth */ - gsec_aead_test_vector* test_vector_13; - const uint8_t test_vector_13_key[] = {0x01, 0x3f, 0xe0, 0x0b, 0x5f, 0x11, - 0xbe, 0x7f, 0x86, 0x6d, 0x0c, 0xbb, - 0xc5, 0x5a, 0x7a, 0x90}; - const uint8_t test_vector_13_nonce[] = {0x7c, 0xfd, 0xe9, 0xf9, 0xe3, 0x37, - 0x24, 0xc6, 0x89, 0x32, 0xd6, 0x12}; - const uint8_t test_vector_13_aad[] = { - 0x84, 0xc5, 0xd5, 0x13, 0xd2, 0xaa, 0xf6, 0xe5, 0xbb, 0xd2, 0x72, 0x77, - 0x88, 0xe5, 0x23, 0x00, 0x89, 0x32, 0xd6, 0x12, 0x7c, 0xfd, 0xe9, 0xf9, - 0xe3, 0x37, 0x24, 0xc6, 0x08, 0x00, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, - 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, - 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, - 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, - 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x00, 0x05}; - const uint8_t test_vector_13_plaintext[1] = {}; - const uint8_t test_vector_13_ciphertext_and_tag[] = { - 0x21, 0x78, 0x67, 0xe5, 0x0c, 0x2d, 0xad, 0x74, - 0xc2, 0x8c, 0x3b, 0x50, 0xab, 0xdf, 0x69, 0x5a}; - gsec_aead_malloc_test_vector( - &test_vector_13, test_vector_13_key, - sizeof(test_vector_13_key) / sizeof(uint8_t), test_vector_13_nonce, - sizeof(test_vector_13_nonce) / sizeof(uint8_t), test_vector_13_aad, - sizeof(test_vector_13_aad) / sizeof(uint8_t), test_vector_13_plaintext, 0, - test_vector_13_ciphertext_and_tag, - sizeof(test_vector_13_ciphertext_and_tag) / sizeof(uint8_t)); - gsec_test_verify_crypter_on_test_vector(test_vector_13); - gsec_aead_free_test_vector(test_vector_13); - - /* 2.5.2 65-byte auth */ - gsec_aead_test_vector* test_vector_14; - const uint8_t test_vector_14_key[] = { - 0x83, 0xc0, 0x93, 0xb5, 0x8d, 0xe7, 0xff, 0xe1, 0xc0, 0xda, 0x92, - 0x6a, 0xc4, 0x3f, 0xb3, 0x60, 0x9a, 0xc1, 0xc8, 0x0f, 0xee, 0x1b, - 0x62, 0x44, 0x97, 0xef, 0x94, 0x2e, 0x2f, 0x79, 0xa8, 0x23}; - const uint8_t test_vector_14_nonce[] = {0x7c, 0xfd, 0xe9, 0xf9, 0xe3, 0x37, - 0x24, 0xc6, 0x89, 0x32, 0xd6, 0x12}; - const uint8_t test_vector_14_aad[] = { - 0x84, 0xc5, 0xd5, 0x13, 0xd2, 0xaa, 0xf6, 0xe5, 0xbb, 0xd2, 0x72, 0x77, - 0x88, 0xe5, 0x23, 0x00, 0x89, 0x32, 0xd6, 0x12, 0x7c, 0xfd, 0xe9, 0xf9, - 0xe3, 0x37, 0x24, 0xc6, 0x08, 0x00, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, - 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, - 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, - 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, - 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x00, 0x05}; - const uint8_t test_vector_14_plaintext[1] = {}; - const uint8_t test_vector_14_ciphertext_and_tag[] = { - 0x6e, 0xe1, 0x60, 0xe8, 0xfa, 0xec, 0xa4, 0xb3, - 0x6c, 0x86, 0xb2, 0x34, 0x92, 0x0c, 0xa9, 0x75}; - gsec_aead_malloc_test_vector( - &test_vector_14, test_vector_14_key, - sizeof(test_vector_14_key) / sizeof(uint8_t), test_vector_14_nonce, - sizeof(test_vector_14_nonce) / sizeof(uint8_t), test_vector_14_aad, - sizeof(test_vector_14_aad) / sizeof(uint8_t), test_vector_14_plaintext, 0, - test_vector_14_ciphertext_and_tag, - sizeof(test_vector_14_ciphertext_and_tag) / sizeof(uint8_t)); - gsec_test_verify_crypter_on_test_vector(test_vector_14); - gsec_aead_free_test_vector(test_vector_14); - - /* 2.6.1 61-byte crypt */ - gsec_aead_test_vector* test_vector_15; - const uint8_t test_vector_15_key[] = {0x01, 0x3f, 0xe0, 0x0b, 0x5f, 0x11, - 0xbe, 0x7f, 0x86, 0x6d, 0x0c, 0xbb, - 0xc5, 0x5a, 0x7a, 0x90}; - const uint8_t test_vector_15_nonce[] = {0x7c, 0xfd, 0xe9, 0xf9, 0xe3, 0x37, - 0x24, 0xc6, 0x89, 0x32, 0xd6, 0x12}; - const uint8_t test_vector_15_aad[] = { - 0x84, 0xc5, 0xd5, 0x13, 0xd2, 0xaa, 0xf6, 0xe5, 0xbb, 0xd2, - 0x72, 0x77, 0x88, 0xe5, 0x2f, 0x00, 0x89, 0x32, 0xd6, 0x12, - 0x7c, 0xfd, 0xe9, 0xf9, 0xe3, 0x37, 0x24, 0xc6}; - const uint8_t test_vector_15_plaintext[] = { - 0x08, 0x00, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, - 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, - 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, - 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, - 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x00, 0x06}; - const uint8_t test_vector_15_ciphertext_and_tag[] = { - 0x3a, 0x4d, 0xe6, 0xfa, 0x32, 0x19, 0x10, 0x14, 0xdb, 0xb3, 0x03, - 0xd9, 0x2e, 0xe3, 0xa9, 0xe8, 0xa1, 0xb5, 0x99, 0xc1, 0x4d, 0x22, - 0xfb, 0x08, 0x00, 0x96, 0xe1, 0x38, 0x11, 0x81, 0x6a, 0x3c, 0x9c, - 0x9b, 0xcf, 0x7c, 0x1b, 0x9b, 0x96, 0xda, 0x80, 0x92, 0x04, 0xe2, - 0x9d, 0x0e, 0x2a, 0x76, 0x42, 0xbf, 0xd3, 0x10, 0xa4, 0x83, 0x7c, - 0x81, 0x6c, 0xcf, 0xa5, 0xac, 0x23, 0xab, 0x00, 0x39, 0x88}; - gsec_aead_malloc_test_vector( - &test_vector_15, test_vector_15_key, - sizeof(test_vector_15_key) / sizeof(uint8_t), test_vector_15_nonce, - sizeof(test_vector_15_nonce) / sizeof(uint8_t), test_vector_15_aad, - sizeof(test_vector_15_aad) / sizeof(uint8_t), test_vector_15_plaintext, - sizeof(test_vector_15_plaintext) / sizeof(uint8_t), - test_vector_15_ciphertext_and_tag, - sizeof(test_vector_15_ciphertext_and_tag) / sizeof(uint8_t)); - gsec_test_verify_crypter_on_test_vector(test_vector_15); - gsec_aead_free_test_vector(test_vector_15); - - /* 2.6.2 61-byte crypt */ - gsec_aead_test_vector* test_vector_16; - const uint8_t test_vector_16_key[] = { - 0x83, 0xc0, 0x93, 0xb5, 0x8d, 0xe7, 0xff, 0xe1, 0xc0, 0xda, 0x92, - 0x6a, 0xc4, 0x3f, 0xb3, 0x60, 0x9a, 0xc1, 0xc8, 0x0f, 0xee, 0x1b, - 0x62, 0x44, 0x97, 0xef, 0x94, 0x2e, 0x2f, 0x79, 0xa8, 0x23}; - const uint8_t test_vector_16_nonce[] = {0x7c, 0xfd, 0xe9, 0xf9, 0xe3, 0x37, - 0x24, 0xc6, 0x89, 0x32, 0xd6, 0x12}; - const uint8_t test_vector_16_aad[] = { - 0x84, 0xc5, 0xd5, 0x13, 0xd2, 0xaa, 0xf6, 0xe5, 0xbb, 0xd2, - 0x72, 0x77, 0x88, 0xe5, 0x2f, 0x00, 0x89, 0x32, 0xd6, 0x12, - 0x7c, 0xfd, 0xe9, 0xf9, 0xe3, 0x37, 0x24, 0xc6}; - const uint8_t test_vector_16_plaintext[] = { - 0x08, 0x00, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, - 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, - 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, - 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, - 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x00, 0x06}; - const uint8_t test_vector_16_ciphertext_and_tag[] = { - 0x11, 0x02, 0x22, 0xff, 0x80, 0x50, 0xcb, 0xec, 0xe6, 0x6a, 0x81, - 0x3a, 0xd0, 0x9a, 0x73, 0xed, 0x7a, 0x9a, 0x08, 0x9c, 0x10, 0x6b, - 0x95, 0x93, 0x89, 0x16, 0x8e, 0xd6, 0xe8, 0x69, 0x8e, 0xa9, 0x02, - 0xeb, 0x12, 0x77, 0xdb, 0xec, 0x2e, 0x68, 0xe4, 0x73, 0x15, 0x5a, - 0x15, 0xa7, 0xda, 0xee, 0xd4, 0xa1, 0x0f, 0x4e, 0x05, 0x13, 0x9c, - 0x23, 0xdf, 0x00, 0xb3, 0xaa, 0xdc, 0x71, 0xf0, 0x59, 0x6a}; - gsec_aead_malloc_test_vector( - &test_vector_16, test_vector_16_key, - sizeof(test_vector_16_key) / sizeof(uint8_t), test_vector_16_nonce, - sizeof(test_vector_16_nonce) / sizeof(uint8_t), test_vector_16_aad, - sizeof(test_vector_16_aad) / sizeof(uint8_t), test_vector_16_plaintext, - sizeof(test_vector_16_plaintext) / sizeof(uint8_t), - test_vector_16_ciphertext_and_tag, - sizeof(test_vector_16_ciphertext_and_tag) / sizeof(uint8_t)); - gsec_test_verify_crypter_on_test_vector(test_vector_16); - gsec_aead_free_test_vector(test_vector_16); - - /* 2.7.1 79-byte crypt */ - gsec_aead_test_vector* test_vector_17; - const uint8_t test_vector_17_key[] = {0x88, 0xee, 0x08, 0x7f, 0xd9, 0x5d, - 0xa9, 0xfb, 0xf6, 0x72, 0x5a, 0xa9, - 0xd7, 0x57, 0xb0, 0xcd}; - const uint8_t test_vector_17_nonce[] = {0x7a, 0xe8, 0xe2, 0xca, 0x4e, 0xc5, - 0x00, 0x01, 0x2e, 0x58, 0x49, 0x5c}; - const uint8_t test_vector_17_aad[] = { - 0x68, 0xf2, 0xe7, 0x76, 0x96, 0xce, 0x7a, 0xe8, 0xe2, 0xca, 0x4e, - 0xc5, 0x88, 0xe5, 0x41, 0x00, 0x2e, 0x58, 0x49, 0x5c, 0x08, 0x00, - 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, - 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, - 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, - 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, - 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x00, 0x07}; - const uint8_t test_vector_17_plaintext[1] = {}; - const uint8_t test_vector_17_ciphertext_and_tag[] = { - 0x07, 0x92, 0x2b, 0x8e, 0xbc, 0xf1, 0x0b, 0xb2, - 0x29, 0x75, 0x88, 0xca, 0x4c, 0x61, 0x45, 0x23}; - gsec_aead_malloc_test_vector( - &test_vector_17, test_vector_17_key, - sizeof(test_vector_17_key) / sizeof(uint8_t), test_vector_17_nonce, - sizeof(test_vector_17_nonce) / sizeof(uint8_t), test_vector_17_aad, - sizeof(test_vector_17_aad) / sizeof(uint8_t), test_vector_17_plaintext, 0, - test_vector_17_ciphertext_and_tag, - sizeof(test_vector_17_ciphertext_and_tag) / sizeof(uint8_t)); - gsec_test_verify_crypter_on_test_vector(test_vector_17); - gsec_aead_free_test_vector(test_vector_17); - - /* 2.7.2 79-byte crypt */ - gsec_aead_test_vector* test_vector_18; - const uint8_t test_vector_18_key[] = { - 0x4c, 0x97, 0x3d, 0xbc, 0x73, 0x64, 0x62, 0x16, 0x74, 0xf8, 0xb5, - 0xb8, 0x9e, 0x5c, 0x15, 0x51, 0x1f, 0xce, 0xd9, 0x21, 0x64, 0x90, - 0xfb, 0x1c, 0x1a, 0x2c, 0xaa, 0x0f, 0xfe, 0x04, 0x07, 0xe5}; - const uint8_t test_vector_18_nonce[] = {0x7a, 0xe8, 0xe2, 0xca, 0x4e, 0xc5, - 0x00, 0x01, 0x2e, 0x58, 0x49, 0x5c}; - const uint8_t test_vector_18_aad[] = { - 0x68, 0xf2, 0xe7, 0x76, 0x96, 0xce, 0x7a, 0xe8, 0xe2, 0xca, 0x4e, - 0xc5, 0x88, 0xe5, 0x41, 0x00, 0x2e, 0x58, 0x49, 0x5c, 0x08, 0x00, - 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, - 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, - 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, - 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, - 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x00, 0x07}; - const uint8_t test_vector_18_plaintext[1] = {}; - const uint8_t test_vector_18_ciphertext_and_tag[] = { - 0x00, 0xbd, 0xa1, 0xb7, 0xe8, 0x76, 0x08, 0xbc, - 0xbf, 0x47, 0x0f, 0x12, 0x15, 0x7f, 0x4c, 0x07}; - gsec_aead_malloc_test_vector( - &test_vector_18, test_vector_18_key, - sizeof(test_vector_18_key) / sizeof(uint8_t), test_vector_18_nonce, - sizeof(test_vector_18_nonce) / sizeof(uint8_t), test_vector_18_aad, - sizeof(test_vector_18_aad) / sizeof(uint8_t), test_vector_18_plaintext, 0, - test_vector_18_ciphertext_and_tag, - sizeof(test_vector_18_ciphertext_and_tag) / sizeof(uint8_t)); - gsec_test_verify_crypter_on_test_vector(test_vector_18); - gsec_aead_free_test_vector(test_vector_18); - - /* 2.8.1 61-byte crypt */ - gsec_aead_test_vector* test_vector_19; - const uint8_t test_vector_19_key[] = {0x88, 0xee, 0x08, 0x7f, 0xd9, 0x5d, - 0xa9, 0xfb, 0xf6, 0x72, 0x5a, 0xa9, - 0xd7, 0x57, 0xb0, 0xcd}; - const uint8_t test_vector_19_nonce[] = {0x7a, 0xe8, 0xe2, 0xca, 0x4e, 0xc5, - 0x00, 0x01, 0x2e, 0x58, 0x49, 0x5c}; - const uint8_t test_vector_19_aad[] = { - 0x68, 0xf2, 0xe7, 0x76, 0x96, 0xce, 0x7a, 0xe8, 0xe2, 0xca, - 0x4e, 0xc5, 0x88, 0xe5, 0x4d, 0x00, 0x2e, 0x58, 0x49, 0x5c}; - const uint8_t test_vector_19_plaintext[] = { - 0x08, 0x00, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, - 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, - 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, - 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, - 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x00, 0x08}; - const uint8_t test_vector_19_ciphertext_and_tag[] = { - 0xc3, 0x1f, 0x53, 0xd9, 0x9e, 0x56, 0x87, 0xf7, 0x36, 0x51, 0x19, 0xb8, - 0x32, 0xd2, 0xaa, 0xe7, 0x07, 0x41, 0xd5, 0x93, 0xf1, 0xf9, 0xe2, 0xab, - 0x34, 0x55, 0x77, 0x9b, 0x07, 0x8e, 0xb8, 0xfe, 0xac, 0xdf, 0xec, 0x1f, - 0x8e, 0x3e, 0x52, 0x77, 0xf8, 0x18, 0x0b, 0x43, 0x36, 0x1f, 0x65, 0x12, - 0xad, 0xb1, 0x6d, 0x2e, 0x38, 0x54, 0x8a, 0x2c, 0x71, 0x9d, 0xba, 0x72, - 0x28, 0xd8, 0x40, 0x88, 0xf8, 0x75, 0x7a, 0xdb, 0x8a, 0xa7, 0x88, 0xd8, - 0xf6, 0x5a, 0xd6, 0x68, 0xbe, 0x70, 0xe7}; - gsec_aead_malloc_test_vector( - &test_vector_19, test_vector_19_key, - sizeof(test_vector_19_key) / sizeof(uint8_t), test_vector_19_nonce, - sizeof(test_vector_19_nonce) / sizeof(uint8_t), test_vector_19_aad, - sizeof(test_vector_19_aad) / sizeof(uint8_t), test_vector_19_plaintext, - sizeof(test_vector_19_plaintext) / sizeof(uint8_t), - test_vector_19_ciphertext_and_tag, - sizeof(test_vector_19_ciphertext_and_tag) / sizeof(uint8_t)); - gsec_test_verify_crypter_on_test_vector(test_vector_19); - gsec_aead_free_test_vector(test_vector_19); - - /* 2.8.2 61-byte crypt */ - gsec_aead_test_vector* test_vector_20; - const uint8_t test_vector_20_key[] = { - 0x4c, 0x97, 0x3d, 0xbc, 0x73, 0x64, 0x62, 0x16, 0x74, 0xf8, 0xb5, - 0xb8, 0x9e, 0x5c, 0x15, 0x51, 0x1f, 0xce, 0xd9, 0x21, 0x64, 0x90, - 0xfb, 0x1c, 0x1a, 0x2c, 0xaa, 0x0f, 0xfe, 0x04, 0x07, 0xe5}; - const uint8_t test_vector_20_nonce[] = {0x7a, 0xe8, 0xe2, 0xca, 0x4e, 0xc5, - 0x00, 0x01, 0x2e, 0x58, 0x49, 0x5c}; - const uint8_t test_vector_20_aad[] = { - 0x68, 0xf2, 0xe7, 0x76, 0x96, 0xce, 0x7a, 0xe8, 0xe2, 0xca, - 0x4e, 0xc5, 0x88, 0xe5, 0x4d, 0x00, 0x2e, 0x58, 0x49, 0x5c}; - const uint8_t test_vector_20_plaintext[] = { - 0x08, 0x00, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, - 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, - 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, - 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, - 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x00, 0x08}; - const uint8_t test_vector_20_ciphertext_and_tag[] = { - 0xba, 0x8a, 0xe3, 0x1b, 0xc5, 0x06, 0x48, 0x6d, 0x68, 0x73, 0xe4, 0xfc, - 0xe4, 0x60, 0xe7, 0xdc, 0x57, 0x59, 0x1f, 0xf0, 0x06, 0x11, 0xf3, 0x1c, - 0x38, 0x34, 0xfe, 0x1c, 0x04, 0xad, 0x80, 0xb6, 0x68, 0x03, 0xaf, 0xcf, - 0x5b, 0x27, 0xe6, 0x33, 0x3f, 0xa6, 0x7c, 0x99, 0xda, 0x47, 0xc2, 0xf0, - 0xce, 0xd6, 0x8d, 0x53, 0x1b, 0xd7, 0x41, 0xa9, 0x43, 0xcf, 0xf7, 0xa6, - 0x71, 0x3b, 0xd0, 0x26, 0x11, 0xcd, 0x7d, 0xaa, 0x01, 0xd6, 0x1c, 0x5c, - 0x88, 0x6d, 0xc1, 0xa8, 0x17, 0x01, 0x07}; - gsec_aead_malloc_test_vector( - &test_vector_20, test_vector_20_key, - sizeof(test_vector_20_key) / sizeof(uint8_t), test_vector_20_nonce, - sizeof(test_vector_20_nonce) / sizeof(uint8_t), test_vector_20_aad, - sizeof(test_vector_20_aad) / sizeof(uint8_t), test_vector_20_plaintext, - sizeof(test_vector_20_plaintext) / sizeof(uint8_t), - test_vector_20_ciphertext_and_tag, - sizeof(test_vector_20_ciphertext_and_tag) / sizeof(uint8_t)); - gsec_test_verify_crypter_on_test_vector(test_vector_20); - gsec_aead_free_test_vector(test_vector_20); -} - -int main(int argc, char** argv) { - grpc_init(); - gsec_test_do_generic_crypter_tests(); - gsec_test_do_vector_tests_nist(); - gsec_test_do_vector_tests_ieee(); - gsec_test_do_vector_tests_rekey_nist(); - gsec_test_do_vector_tests_rekey_ieee(); - grpc_shutdown(); - return 0; -} diff --git a/test/core/tsi/alts/crypt/gsec_test_util.cc b/test/core/tsi/alts/crypt/gsec_test_util.cc deleted file mode 100644 index 992c91e6bc..0000000000 --- a/test/core/tsi/alts/crypt/gsec_test_util.cc +++ /dev/null @@ -1,87 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include "test/core/tsi/alts/crypt/gsec_test_util.h" - -#include <grpc/support/alloc.h> - -void gsec_test_random_bytes(uint8_t* bytes, size_t length) { - if (!RAND_bytes(bytes, static_cast<int>(length))) { - fprintf(stderr, - "Random bytes generation failed in gsec_test_random_bytes()."); - abort(); - } -} - -void gsec_test_random_array(uint8_t** bytes, size_t length) { - if (bytes != nullptr) { - *bytes = static_cast<uint8_t*>(gpr_malloc(length)); - gsec_test_random_bytes(*bytes, length); - } else { - fprintf(stderr, "bytes buffer is nullptr in gsec_test_random_array()."); - abort(); - } -} - -uint32_t gsec_test_bias_random_uint32(uint32_t max_length) { - uint32_t value; - gsec_test_random_bytes((uint8_t*)(&value), sizeof(value)); - return value % max_length; -} - -void gsec_test_copy(const uint8_t* src, uint8_t** des, size_t source_len) { - if (src != nullptr && des != nullptr) { - *des = static_cast<uint8_t*>(gpr_malloc(source_len)); - memcpy(*des, src, source_len); - } else { - fprintf(stderr, "Either src or des buffer is nullptr in gsec_test_copy()."); - abort(); - } -} - -void gsec_test_copy_and_alter_random_byte(const uint8_t* src, uint8_t** des, - size_t source_len) { - if (src != nullptr && des != nullptr) { - *des = static_cast<uint8_t*>(gpr_malloc(source_len)); - memcpy(*des, src, source_len); - uint32_t offset; - offset = gsec_test_bias_random_uint32(static_cast<uint32_t>(source_len)); - (*(*des + offset))++; - } else { - fprintf(stderr, - "Either src or des is nullptr in " - "gsec_test_copy_and_alter_random_byte()."); - abort(); - } -} - -int gsec_test_expect_compare_code_and_substr(grpc_status_code status1, - grpc_status_code status2, - const char* msg1, - const char* msg2) { - int failure = 1; - if (status1 != status2) { - fprintf(stderr, "Status %d does not equal %d.\n", status1, status2); - failure = 0; - } - if (strstr(msg1, msg2) == nullptr) { - fprintf(stderr, "Status message <%s> does not contain <%s>.\n", msg1, msg2); - failure = 0; - } - return failure; -} diff --git a/test/core/tsi/alts/crypt/gsec_test_util.h b/test/core/tsi/alts/crypt/gsec_test_util.h deleted file mode 100644 index 206ae2fda8..0000000000 --- a/test/core/tsi/alts/crypt/gsec_test_util.h +++ /dev/null @@ -1,91 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef GRPC_TEST_CORE_TSI_ALTS_CRYPT_GSEC_TEST_UTIL_H_ -#define GRPC_TEST_CORE_TSI_ALTS_CRYPT_GSEC_TEST_UTIL_H_ - -#include <stdint.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> - -#include <openssl/rand.h> - -#include <grpc/grpc.h> - -/** - * This method returns random bytes of certain length. - * - * - bytes: buffer to hold random bytes. - * - length: length of buffer to be populated. - */ -void gsec_test_random_bytes(uint8_t* bytes, size_t length); - -/** - * This method returns an array of random bytes. - * - * - bytes: array to hold random bytes. - * - length: length of array to be populated. - */ -void gsec_test_random_array(uint8_t** bytes, size_t length); - -/** - * This method returns a uint32 that's not quite uniformly random, but good - * enough for tests. - * - * - max_length: a max value the returned random number can choose. - */ -uint32_t gsec_test_bias_random_uint32(uint32_t max_length); - -/** - * This method copies data from a source to a destination buffer. - * - * - src: a source buffer. - * - des: a destination buffer. - * - length: the length of source buffer to be copied from its beginning. - */ -void gsec_test_copy(const uint8_t* src, uint8_t** des, size_t length); - -/** - * This method copies data from a source to a destination buffer, and flips one - * byte in the destination buffer randomly. - * - * - src: a source buffer. - * - des: a destination buffer. - * - length: the length of source buffer to be copied from its beginning. - */ -void gsec_test_copy_and_alter_random_byte(const uint8_t* src, uint8_t** des, - size_t source_len); - -/** - * This method compares two grpc_status_code values, and verifies if one string - * is a substring of the other. - * - * - status1: the first grpc_status_code to be compared. - * - status2: the second grpc_status_code to be compared. - * - msg1: a string to be scanned. - * - msg2: a small string to be searched within msg1. - * - * If both checks succeed, the method returns 1 and otherwise, it returns 0. - */ -int gsec_test_expect_compare_code_and_substr(grpc_status_code status1, - grpc_status_code status2, - const char* msg1, - const char* msg2); - -#endif // GRPC_TEST_CORE_TSI_ALTS_CRYPT_GSEC_TEST_UTIL_H_ */ diff --git a/test/core/tsi/alts/frame_protector/BUILD b/test/core/tsi/alts/frame_protector/BUILD deleted file mode 100644 index 8bbc8c6e5e..0000000000 --- a/test/core/tsi/alts/frame_protector/BUILD +++ /dev/null @@ -1,60 +0,0 @@ -# Copyright 2018 gRPC authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -load("//bazel:grpc_build_system.bzl", "grpc_cc_library", "grpc_cc_test", "grpc_package") - -licenses(["notice"]) # Apache v2 - -grpc_package(name = "frame_protector") - -grpc_cc_test( - name = "alts_counter_test", - srcs = ["alts_counter_test.cc"], - language = "C++", - deps = [ - "//:grpc", - "//test/core/tsi/alts/crypt:alts_crypt_test_util", - ], -) - -grpc_cc_test( - name = "alts_crypter_test", - srcs = ["alts_crypter_test.cc"], - language = "C++", - deps = [ - "//:grpc", - "//test/core/tsi/alts/crypt:alts_crypt_test_util", - ], -) - -grpc_cc_test( - name = "alts_frame_protector_test", - srcs = ["alts_frame_protector_test.cc"], - language = "C++", - deps = [ - "//:grpc", - "//test/core/tsi/alts/crypt:alts_crypt_test_util", - "//test/core/tsi:transport_security_test_lib", - ], -) - -grpc_cc_test( - name = "frame_handler_test", - srcs = ["frame_handler_test.cc"], - language = "C++", - deps = [ - "//:grpc", - "//test/core/tsi/alts/crypt:alts_crypt_test_util", - ], -) diff --git a/test/core/tsi/alts/frame_protector/alts_counter_test.cc b/test/core/tsi/alts/frame_protector/alts_counter_test.cc deleted file mode 100644 index 49ff82108b..0000000000 --- a/test/core/tsi/alts/frame_protector/alts_counter_test.cc +++ /dev/null @@ -1,180 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <grpc/support/alloc.h> -#include <grpc/support/log.h> - -#include "src/core/tsi/alts/frame_protector/alts_counter.h" -#include "test/core/tsi/alts/crypt/gsec_test_util.h" - -const size_t kSmallCounterSize = 4; -const size_t kSmallOverflowSize = 1; -const size_t kGcmCounterSize = 12; -const size_t kGcmOverflowSize = 5; - -static bool do_bytes_represent_client(alts_counter* ctr, unsigned char* counter, - size_t size) { - return (ctr->counter[size - 1] & 0x80) == 0x80; -} - -static void alts_counter_test_input_sanity_check(size_t counter_size, - size_t overflow_size) { - alts_counter* ctr = nullptr; - char* error_details = nullptr; - - /* Input sanity check on alts_counter_create(). */ - /* Invalid counter size. */ - grpc_status_code status = - alts_counter_create(true, 0, overflow_size, &ctr, &error_details); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_details, - "counter_size is invalid.")); - gpr_free(error_details); - - /* Invalid overflow size. */ - status = alts_counter_create(true, counter_size, 0, &ctr, &error_details); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_details, - "overflow_size is invalid.")); - gpr_free(error_details); - - /* alts_counter is nullptr. */ - status = alts_counter_create(true, counter_size, overflow_size, nullptr, - &error_details); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_details, - "crypter_counter is nullptr.")); - gpr_free(error_details); - - status = alts_counter_create(true, counter_size, overflow_size, &ctr, - &error_details); - GPR_ASSERT(status == GRPC_STATUS_OK); - - /* Input sanity check on alts_counter_increment(). */ - /* crypter_counter is nullptr. */ - bool is_overflow = false; - status = alts_counter_increment(nullptr, &is_overflow, &error_details); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_details, - "crypter_counter is nullptr.")); - gpr_free(error_details); - /* is_overflow is nullptr. */ - status = alts_counter_increment(ctr, nullptr, &error_details); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_details, - "is_overflow is nullptr.")); - gpr_free(error_details); - alts_counter_destroy(ctr); -} - -static void alts_counter_test_overflow_full_range(bool is_client, - size_t counter_size, - size_t overflow_size) { - alts_counter* ctr = nullptr; - char* error_details = nullptr; - grpc_status_code status = alts_counter_create( - is_client, counter_size, overflow_size, &ctr, &error_details); - GPR_ASSERT(status == GRPC_STATUS_OK); - unsigned char* expected = - static_cast<unsigned char*>(gpr_zalloc(counter_size)); - if (is_client) { - expected[counter_size - 1] = 0x80; - } - /* Do a single iteration to ensure the counter is initialized as expected. */ - GPR_ASSERT(do_bytes_represent_client(ctr, alts_counter_get_counter(ctr), - counter_size) == is_client); - GPR_ASSERT(memcmp(alts_counter_get_counter(ctr), expected, counter_size) == - 0); - bool is_overflow = false; - GPR_ASSERT(alts_counter_increment(ctr, &is_overflow, &error_details) == - GRPC_STATUS_OK); - GPR_ASSERT(!is_overflow); - /** - * The counter can return 2^{overflow_size * 8} counters. The - * high-order bit is fixed to the client/server. The last call will yield a - * useable counter, but overflow the counter object. - */ - int iterations = 1 << (overflow_size * 8); - int ind = 1; - for (ind = 1; ind < iterations - 1; ind++) { - GPR_ASSERT(do_bytes_represent_client(ctr, alts_counter_get_counter(ctr), - counter_size) == is_client); - GPR_ASSERT(alts_counter_increment(ctr, &is_overflow, &error_details) == - GRPC_STATUS_OK); - GPR_ASSERT(!is_overflow); - } - GPR_ASSERT(do_bytes_represent_client(ctr, alts_counter_get_counter(ctr), - counter_size) == is_client); - GPR_ASSERT(alts_counter_increment(ctr, &is_overflow, &error_details) == - GRPC_STATUS_FAILED_PRECONDITION); - GPR_ASSERT(is_overflow); - gpr_free(expected); - alts_counter_destroy(ctr); -} - -/* Set the counter manually and make sure it overflows as expected. */ -static void alts_counter_test_overflow_single_increment(bool is_client, - size_t counter_size, - size_t overflow_size) { - alts_counter* ctr = nullptr; - char* error_details = nullptr; - grpc_status_code status = alts_counter_create( - is_client, counter_size, overflow_size, &ctr, &error_details); - GPR_ASSERT(status == GRPC_STATUS_OK); - unsigned char* expected = - static_cast<unsigned char*>(gpr_zalloc(counter_size)); - memset(expected, 0xFF, overflow_size); - expected[0] = 0xFE; - - if (is_client) { - expected[counter_size - 1] = 0x80; - } - memcpy(ctr->counter, expected, counter_size); - GPR_ASSERT(do_bytes_represent_client(ctr, alts_counter_get_counter(ctr), - counter_size) == is_client); - GPR_ASSERT(memcmp(expected, alts_counter_get_counter(ctr), counter_size) == - 0); - bool is_overflow = false; - GPR_ASSERT(alts_counter_increment(ctr, &is_overflow, &error_details) == - GRPC_STATUS_OK); - GPR_ASSERT(!is_overflow); - GPR_ASSERT(do_bytes_represent_client(ctr, alts_counter_get_counter(ctr), - counter_size) == is_client); - expected[0] = static_cast<unsigned char>(expected[0] + 1); - GPR_ASSERT(memcmp(expected, alts_counter_get_counter(ctr), counter_size) == - 0); - GPR_ASSERT(alts_counter_increment(ctr, &is_overflow, &error_details) == - GRPC_STATUS_FAILED_PRECONDITION); - GPR_ASSERT(is_overflow); - gpr_free(expected); - alts_counter_destroy(ctr); -} - -int main(int argc, char** argv) { - alts_counter_test_input_sanity_check(kGcmCounterSize, kGcmOverflowSize); - alts_counter_test_overflow_full_range(true, kSmallCounterSize, - kSmallOverflowSize); - alts_counter_test_overflow_full_range(false, kSmallCounterSize, - kSmallOverflowSize); - alts_counter_test_overflow_single_increment(true, kGcmCounterSize, - kGcmOverflowSize); - alts_counter_test_overflow_single_increment(false, kGcmCounterSize, - kGcmOverflowSize); - - return 0; -} diff --git a/test/core/tsi/alts/frame_protector/alts_crypter_test.cc b/test/core/tsi/alts/frame_protector/alts_crypter_test.cc deleted file mode 100644 index 0ad616bcd6..0000000000 --- a/test/core/tsi/alts/frame_protector/alts_crypter_test.cc +++ /dev/null @@ -1,493 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> - -#include <grpc/support/alloc.h> -#include <grpc/support/log.h> - -#include "src/core/tsi/alts/frame_protector/alts_crypter.h" -#include "test/core/tsi/alts/crypt/gsec_test_util.h" - -static void alts_crypter_test_random_seal_unseal(alts_crypter* server_seal, - alts_crypter* server_unseal, - alts_crypter* client_seal, - alts_crypter* client_unseal) { - size_t data_size = gsec_test_bias_random_uint32(1024) + 1; - size_t num_overhead_bytes = alts_crypter_num_overhead_bytes(server_seal); - size_t protected_data_size = data_size + num_overhead_bytes; - uint8_t* data_buffer = static_cast<uint8_t*>(gpr_malloc(protected_data_size)); - gsec_test_random_bytes(data_buffer, data_size); - uint8_t* duplicate_buffer = nullptr; - gsec_test_copy(data_buffer, &duplicate_buffer, data_size); - - /* Client seal and server unseal */ - size_t size = data_size; - grpc_status_code status = alts_crypter_process_in_place( - client_seal, data_buffer, protected_data_size, size, &size, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(size == protected_data_size); - status = alts_crypter_process_in_place( - server_unseal, data_buffer, protected_data_size, size, &size, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(memcmp(data_buffer, duplicate_buffer, data_size) == 0); - GPR_ASSERT(size == data_size); - /* Server seal and client unseal */ - status = alts_crypter_process_in_place( - server_seal, data_buffer, protected_data_size, size, &size, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(size == protected_data_size); - status = alts_crypter_process_in_place( - client_unseal, data_buffer, protected_data_size, size, &size, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(memcmp(data_buffer, duplicate_buffer, data_size) == 0); - GPR_ASSERT(size == data_size); - gpr_free(data_buffer); - gpr_free(duplicate_buffer); -} - -static void alts_crypter_test_multiple_random_seal_unseal( - alts_crypter* server_seal, alts_crypter* server_unseal, - alts_crypter* client_seal, alts_crypter* client_unseal) { - size_t data_size = gsec_test_bias_random_uint32(1024) + 1; - size_t num_overhead_bytes = alts_crypter_num_overhead_bytes(server_seal); - size_t protected_data_size = data_size + num_overhead_bytes; - - uint8_t* data_buffer1 = - static_cast<uint8_t*>(gpr_malloc(protected_data_size)); - uint8_t* data_buffer2 = - static_cast<uint8_t*>(gpr_malloc(protected_data_size)); - uint8_t* duplicate_buffer1 = nullptr; - uint8_t* duplicate_buffer2 = nullptr; - gsec_test_random_bytes(data_buffer1, data_size); - gsec_test_random_bytes(data_buffer2, data_size); - gsec_test_copy(data_buffer1, &duplicate_buffer1, data_size); - gsec_test_copy(data_buffer2, &duplicate_buffer2, data_size); - - /* Client seal and server unseal */ - size_t size1 = data_size, size2 = data_size; - grpc_status_code status = alts_crypter_process_in_place( - client_seal, data_buffer1, protected_data_size, size1, &size1, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(size1 == protected_data_size); - status = alts_crypter_process_in_place( - client_seal, data_buffer2, protected_data_size, size2, &size2, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(size2 == protected_data_size); - status = alts_crypter_process_in_place( - server_unseal, data_buffer1, protected_data_size, size1, &size1, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(memcmp(data_buffer1, duplicate_buffer1, data_size) == 0); - GPR_ASSERT(size1 == data_size); - status = alts_crypter_process_in_place( - server_unseal, data_buffer2, protected_data_size, size2, &size2, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(memcmp(data_buffer2, duplicate_buffer2, data_size) == 0); - GPR_ASSERT(size2 == data_size); - - /* Server seal and client unseal */ - status = alts_crypter_process_in_place( - server_seal, data_buffer1, protected_data_size, size1, &size1, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(size1 == protected_data_size); - status = alts_crypter_process_in_place( - server_seal, data_buffer2, protected_data_size, size2, &size2, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(size2 == protected_data_size); - status = alts_crypter_process_in_place( - client_unseal, data_buffer1, protected_data_size, size1, &size1, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(memcmp(data_buffer1, duplicate_buffer1, data_size) == 0); - GPR_ASSERT(size1 == data_size); - status = alts_crypter_process_in_place( - client_unseal, data_buffer2, protected_data_size, size2, &size2, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(memcmp(data_buffer2, duplicate_buffer2, data_size) == 0); - GPR_ASSERT(size2 == data_size); - - gpr_free(data_buffer1); - gpr_free(data_buffer2); - gpr_free(duplicate_buffer1); - gpr_free(duplicate_buffer2); -} - -static void alts_crypter_test_corrupted_unseal(alts_crypter* server_seal, - alts_crypter* server_unseal, - alts_crypter* client_seal, - alts_crypter* client_unseal) { - size_t data_size = gsec_test_bias_random_uint32(1024) + 1; - size_t num_overhead_bytes = alts_crypter_num_overhead_bytes(server_seal); - size_t protected_data_size = data_size + num_overhead_bytes; - auto* data_buffer = static_cast<uint8_t*>(gpr_malloc(protected_data_size)); - auto* zero_buffer = static_cast<uint8_t*>(gpr_zalloc(data_size)); - - /* Corrupt a random byte in protected data. */ - size_t size = data_size; - gsec_test_random_bytes(data_buffer, data_size); - grpc_status_code status = alts_crypter_process_in_place( - client_seal, data_buffer, protected_data_size, size, &size, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(size == protected_data_size); - uint8_t* corrupted_data_buffer; - char* error_message = nullptr; - gsec_test_copy_and_alter_random_byte(data_buffer, &corrupted_data_buffer, - protected_data_size); - status = alts_crypter_process_in_place(server_unseal, corrupted_data_buffer, - protected_data_size, size, &size, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_FAILED_PRECONDITION, error_message, - "Checking tag failed")); - GPR_ASSERT(memcmp(corrupted_data_buffer, zero_buffer, data_size) == 0); - gpr_free(corrupted_data_buffer); - gpr_free(error_message); - - /* Corrupt the beginning of protected data. */ - size = data_size; - gsec_test_random_bytes(data_buffer, data_size); - status = alts_crypter_process_in_place( - client_seal, data_buffer, protected_data_size, size, &size, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(size == protected_data_size); - gsec_test_copy(data_buffer, &corrupted_data_buffer, protected_data_size); - (*corrupted_data_buffer)++; - status = alts_crypter_process_in_place(server_unseal, corrupted_data_buffer, - protected_data_size, size, &size, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_FAILED_PRECONDITION, error_message, - "Checking tag failed")); - GPR_ASSERT(memcmp(corrupted_data_buffer, zero_buffer, data_size) == 0); - gpr_free(corrupted_data_buffer); - gpr_free(error_message); - - /* Corrupt the end of protected data. */ - size = data_size; - gsec_test_random_bytes(data_buffer, data_size); - status = alts_crypter_process_in_place( - client_seal, data_buffer, protected_data_size, size, &size, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(size == protected_data_size); - gsec_test_copy(data_buffer, &corrupted_data_buffer, protected_data_size); - (*(corrupted_data_buffer + protected_data_size - 1))++; - status = alts_crypter_process_in_place(server_unseal, corrupted_data_buffer, - protected_data_size, size, &size, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_FAILED_PRECONDITION, error_message, - "Checking tag failed")); - GPR_ASSERT(memcmp(corrupted_data_buffer, zero_buffer, data_size) == 0); - gpr_free(corrupted_data_buffer); - gpr_free(error_message); - - gpr_free(data_buffer); - gpr_free(zero_buffer); -} - -static void alts_crypter_test_unsync_seal_unseal(alts_crypter* server_seal, - alts_crypter* server_unseal, - alts_crypter* client_seal, - alts_crypter* client_unseal) { - size_t data_size = gsec_test_bias_random_uint32(1024) + 1; - size_t num_overhead_bytes = alts_crypter_num_overhead_bytes(server_seal); - size_t protected_data_size = data_size + num_overhead_bytes; - auto* data_buffer = static_cast<uint8_t*>(gpr_malloc(protected_data_size)); - auto* zero_buffer = static_cast<uint8_t*>(gpr_zalloc(data_size)); - - /* Perform two seals at client, one unseal at server. */ - size_t size = data_size; - gsec_test_random_bytes(data_buffer, data_size); - grpc_status_code status = alts_crypter_process_in_place( - client_seal, data_buffer, protected_data_size, size, &size, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(size == protected_data_size); - - size = data_size; - gsec_test_random_bytes(data_buffer, data_size); - status = alts_crypter_process_in_place( - client_seal, data_buffer, protected_data_size, size, &size, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(size == protected_data_size); - - char* error_message = nullptr; - status = alts_crypter_process_in_place(server_unseal, data_buffer, - protected_data_size, size, &size, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_FAILED_PRECONDITION, error_message, - "Checking tag failed")); - GPR_ASSERT(memcmp(data_buffer, zero_buffer, data_size) == 0); - gpr_free(error_message); - - /* Perform two seals at server, one unseal at client. */ - size = data_size; - gsec_test_random_bytes(data_buffer, data_size); - status = alts_crypter_process_in_place( - server_seal, data_buffer, protected_data_size, size, &size, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(size == protected_data_size); - - size = data_size; - gsec_test_random_bytes(data_buffer, data_size); - status = alts_crypter_process_in_place( - server_seal, data_buffer, protected_data_size, size, &size, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(size == protected_data_size); - - status = alts_crypter_process_in_place(client_unseal, data_buffer, - protected_data_size, size, &size, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_FAILED_PRECONDITION, error_message, - "Checking tag failed")); - GPR_ASSERT(memcmp(data_buffer, zero_buffer, data_size) == 0); - gpr_free(error_message); - gpr_free(data_buffer); - gpr_free(zero_buffer); -} - -static void alts_crypter_test_input_sanity_check(alts_crypter* crypter_seal, - alts_crypter* crypter_unseal) { - size_t data_size = gsec_test_bias_random_uint32(1024) + 1; - size_t num_overhead_bytes = alts_crypter_num_overhead_bytes(crypter_seal); - size_t protected_data_size = data_size + num_overhead_bytes; - auto* data_buffer = static_cast<uint8_t*>(gpr_malloc(protected_data_size)); - gsec_test_random_bytes(data_buffer, data_size); - char* error_message = nullptr; - size_t size = data_size; - - /* Crypter is nullptr. */ - grpc_status_code status = alts_crypter_process_in_place( - nullptr, data_buffer, protected_data_size, size, &size, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "crypter or crypter->vtable has not been initialized properly.")); - gpr_free(error_message); - - /* Seal data is nullptr. */ - size = data_size; - status = alts_crypter_process_in_place( - crypter_seal, nullptr, protected_data_size, size, &size, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, "data is nullptr.")); - gpr_free(error_message); - - /* Seal data size is 0. */ - size = 0; - status = alts_crypter_process_in_place(crypter_seal, data_buffer, - protected_data_size, size, &size, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "data_size is zero.")); - gpr_free(error_message); - - /* Seal data buffer has a size smaller than the required. */ - size = data_size; - status = alts_crypter_process_in_place(crypter_seal, data_buffer, - protected_data_size - 1, size, &size, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "data_allocated_size is smaller than sum of data_size and " - "num_overhead_bytes.")); - gpr_free(error_message); - - /* Unseal data is nullptr. */ - size = data_size; - status = alts_crypter_process_in_place(crypter_unseal, nullptr, - protected_data_size, size, &size, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, "data is nullptr.")); - gpr_free(error_message); - - /* Unseal data size is 0. */ - size = 0; - status = alts_crypter_process_in_place(crypter_unseal, data_buffer, - protected_data_size, size, &size, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "data_size is smaller than num_overhead_bytes.")); - gpr_free(error_message); - - /* Unseal data size is smaller than number of overhead bytes. */ - size = num_overhead_bytes - 1; - status = alts_crypter_process_in_place(crypter_unseal, data_buffer, - protected_data_size, size, &size, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "data_size is smaller than num_overhead_bytes.")); - gpr_free(error_message); - gpr_free(data_buffer); -} - -static void create_random_alts_seal_crypter( - alts_crypter** server_seal, alts_crypter** server_unseal, - alts_crypter** client_seal, alts_crypter** client_unseal, - gsec_aead_crypter** server_crypter_seal, - gsec_aead_crypter** server_crypter_unseal, - gsec_aead_crypter** client_crypter_seal, - gsec_aead_crypter** client_crypter_unseal, bool rekey) { - size_t key_length = rekey ? kAes128GcmRekeyKeyLength : kAes128GcmKeyLength; - uint8_t* key; - gsec_test_random_array(&key, key_length); - gsec_aes_gcm_aead_crypter_create(key, key_length, kAesGcmNonceLength, - kAesGcmTagLength, rekey, server_crypter_seal, - nullptr); - gsec_aes_gcm_aead_crypter_create(key, key_length, kAesGcmNonceLength, - kAesGcmTagLength, rekey, - server_crypter_unseal, nullptr); - gsec_aes_gcm_aead_crypter_create(key, key_length, kAesGcmNonceLength, - kAesGcmTagLength, rekey, client_crypter_seal, - nullptr); - gsec_aes_gcm_aead_crypter_create(key, key_length, kAesGcmNonceLength, - kAesGcmTagLength, rekey, - client_crypter_unseal, nullptr); - - size_t overflow_size = rekey ? 8 : 5; - alts_seal_crypter_create(*client_crypter_seal, /*is_client=*/true, - overflow_size, client_seal, nullptr); - alts_unseal_crypter_create(*client_crypter_unseal, /*is_client=*/true, - overflow_size, client_unseal, nullptr); - alts_seal_crypter_create(*server_crypter_seal, /*is_client=*/false, - overflow_size, server_seal, nullptr); - alts_unseal_crypter_create(*server_crypter_unseal, /*is_client=*/false, - overflow_size, server_unseal, nullptr); - gpr_free(key); -} - -static void destroy_random_alts_seal_crypter(alts_crypter* server_seal, - alts_crypter* server_unseal, - alts_crypter* client_seal, - alts_crypter* client_unseal) { - alts_crypter_destroy(server_seal); - alts_crypter_destroy(server_unseal); - alts_crypter_destroy(client_seal); - alts_crypter_destroy(client_unseal); -} - -static void alts_crypter_do_generic_tests() { - alts_crypter *server_seal = nullptr, *server_unseal = nullptr, - *client_seal = nullptr, *client_unseal = nullptr; - gsec_aead_crypter *server_crypter_seal = nullptr, - *server_crypter_unseal = nullptr, - *client_crypter_seal = nullptr, - *client_crypter_unseal = nullptr; - /* Random seal and unseal tests */ - create_random_alts_seal_crypter(&server_seal, &server_unseal, &client_seal, - &client_unseal, &server_crypter_seal, - &server_crypter_unseal, &client_crypter_seal, - &client_crypter_unseal, /*rekey=*/false); - alts_crypter_test_random_seal_unseal(server_seal, server_unseal, client_seal, - client_unseal); - destroy_random_alts_seal_crypter(server_seal, server_unseal, client_seal, - client_unseal); - - create_random_alts_seal_crypter(&server_seal, &server_unseal, &client_seal, - &client_unseal, &server_crypter_seal, - &server_crypter_unseal, &client_crypter_seal, - &client_crypter_unseal, /*rekey=*/true); - alts_crypter_test_random_seal_unseal(server_seal, server_unseal, client_seal, - client_unseal); - destroy_random_alts_seal_crypter(server_seal, server_unseal, client_seal, - client_unseal); - - /* Multiple random seal and unseal tests */ - create_random_alts_seal_crypter(&server_seal, &server_unseal, &client_seal, - &client_unseal, &server_crypter_seal, - &server_crypter_unseal, &client_crypter_seal, - &client_crypter_unseal, /*rekey=*/false); - alts_crypter_test_multiple_random_seal_unseal(server_seal, server_unseal, - client_seal, client_unseal); - destroy_random_alts_seal_crypter(server_seal, server_unseal, client_seal, - client_unseal); - - create_random_alts_seal_crypter(&server_seal, &server_unseal, &client_seal, - &client_unseal, &server_crypter_seal, - &server_crypter_unseal, &client_crypter_seal, - &client_crypter_unseal, /*rekey=*/true); - alts_crypter_test_multiple_random_seal_unseal(server_seal, server_unseal, - client_seal, client_unseal); - destroy_random_alts_seal_crypter(server_seal, server_unseal, client_seal, - client_unseal); - - /* Corrupted unseal tests */ - create_random_alts_seal_crypter(&server_seal, &server_unseal, &client_seal, - &client_unseal, &server_crypter_seal, - &server_crypter_unseal, &client_crypter_seal, - &client_crypter_unseal, /*rekey=*/false); - alts_crypter_test_corrupted_unseal(server_seal, server_unseal, client_seal, - client_unseal); - destroy_random_alts_seal_crypter(server_seal, server_unseal, client_seal, - client_unseal); - - create_random_alts_seal_crypter(&server_seal, &server_unseal, &client_seal, - &client_unseal, &server_crypter_seal, - &server_crypter_unseal, &client_crypter_seal, - &client_crypter_unseal, /*rekey=*/true); - alts_crypter_test_corrupted_unseal(server_seal, server_unseal, client_seal, - client_unseal); - destroy_random_alts_seal_crypter(server_seal, server_unseal, client_seal, - client_unseal); - - /* Unsync seal and unseal tests */ - create_random_alts_seal_crypter(&server_seal, &server_unseal, &client_seal, - &client_unseal, &server_crypter_seal, - &server_crypter_unseal, &client_crypter_seal, - &client_crypter_unseal, /*rekey=*/false); - alts_crypter_test_unsync_seal_unseal(server_seal, server_unseal, client_seal, - client_unseal); - destroy_random_alts_seal_crypter(server_seal, server_unseal, client_seal, - client_unseal); - - create_random_alts_seal_crypter(&server_seal, &server_unseal, &client_seal, - &client_unseal, &server_crypter_seal, - &server_crypter_unseal, &client_crypter_seal, - &client_crypter_unseal, /*rekey=*/true); - alts_crypter_test_unsync_seal_unseal(server_seal, server_unseal, client_seal, - client_unseal); - destroy_random_alts_seal_crypter(server_seal, server_unseal, client_seal, - client_unseal); - - /* Input sanity check tests */ - create_random_alts_seal_crypter(&server_seal, &server_unseal, &client_seal, - &client_unseal, &server_crypter_seal, - &server_crypter_unseal, &client_crypter_seal, - &client_crypter_unseal, /*rekey=*/false); - alts_crypter_test_input_sanity_check(server_seal, server_unseal); - destroy_random_alts_seal_crypter(server_seal, server_unseal, client_seal, - client_unseal); - - create_random_alts_seal_crypter(&server_seal, &server_unseal, &client_seal, - &client_unseal, &server_crypter_seal, - &server_crypter_unseal, &client_crypter_seal, - &client_crypter_unseal, /*rekey=*/true); - alts_crypter_test_input_sanity_check(server_seal, server_unseal); - destroy_random_alts_seal_crypter(server_seal, server_unseal, client_seal, - client_unseal); -} - -int main(int argc, char** argv) { - alts_crypter_do_generic_tests(); - return 0; -} diff --git a/test/core/tsi/alts/frame_protector/alts_frame_protector_test.cc b/test/core/tsi/alts/frame_protector/alts_frame_protector_test.cc deleted file mode 100644 index 2bd4958763..0000000000 --- a/test/core/tsi/alts/frame_protector/alts_frame_protector_test.cc +++ /dev/null @@ -1,394 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <grpc/support/alloc.h> -#include <grpc/support/log.h> - -#include <stdbool.h> - -#include "src/core/tsi/alts/crypt/gsec.h" -#include "src/core/tsi/alts/frame_protector/alts_frame_protector.h" -#include "src/core/tsi/transport_security_interface.h" -#include "test/core/tsi/alts/crypt/gsec_test_util.h" -#include "test/core/tsi/transport_security_test_lib.h" - -const size_t kChannelSize = 32768; - -static void alts_test_do_round_trip_check_frames( - tsi_test_frame_protector_fixture* fixture, const uint8_t* key, - const size_t key_size, bool rekey, const uint8_t* client_message, - const size_t client_message_size, const uint8_t* client_expected_frames, - const size_t client_frame_size, const uint8_t* server_message, - const size_t server_message_size, const uint8_t* server_expected_frames, - const size_t server_frame_size) { - GPR_ASSERT(fixture != nullptr); - GPR_ASSERT(fixture->config != nullptr); - tsi_frame_protector* client_frame_protector = nullptr; - tsi_frame_protector* server_frame_protector = nullptr; - tsi_test_frame_protector_config* config = fixture->config; - tsi_test_channel* channel = fixture->channel; - /* Create a client frame protector. */ - size_t client_max_output_protected_frame_size = - config->client_max_output_protected_frame_size; - GPR_ASSERT( - alts_create_frame_protector(key, key_size, /*is_client=*/true, rekey, - client_max_output_protected_frame_size == 0 - ? nullptr - : &client_max_output_protected_frame_size, - &client_frame_protector) == TSI_OK); - /* Create a server frame protector. */ - size_t server_max_output_protected_frame_size = - config->server_max_output_protected_frame_size; - GPR_ASSERT( - alts_create_frame_protector(key, key_size, /*is_client=*/false, rekey, - server_max_output_protected_frame_size == 0 - ? nullptr - : &server_max_output_protected_frame_size, - &server_frame_protector) == TSI_OK); - tsi_test_frame_protector_fixture_init(fixture, client_frame_protector, - server_frame_protector); - /* Client sends a message to server. */ - uint8_t* saved_client_message = config->client_message; - config->client_message = const_cast<uint8_t*>(client_message); - config->client_message_size = client_message_size; - tsi_test_frame_protector_send_message_to_peer(config, channel, - client_frame_protector, - /*is_client=*/true); - /* Verify if the generated frame is the same as the expected. */ - GPR_ASSERT(channel->bytes_written_to_server_channel == client_frame_size); - GPR_ASSERT(memcmp(client_expected_frames, channel->server_channel, - client_frame_size) == 0); - unsigned char* server_received_message = - static_cast<unsigned char*>(gpr_malloc(kChannelSize)); - size_t server_received_message_size = 0; - tsi_test_frame_protector_receive_message_from_peer( - config, channel, server_frame_protector, server_received_message, - &server_received_message_size, /*is_client=*/false); - GPR_ASSERT(config->client_message_size == server_received_message_size); - GPR_ASSERT(memcmp(config->client_message, server_received_message, - server_received_message_size) == 0); - /* Server sends a message to client. */ - uint8_t* saved_server_message = config->server_message; - config->server_message = const_cast<uint8_t*>(server_message); - config->server_message_size = server_message_size; - tsi_test_frame_protector_send_message_to_peer(config, channel, - server_frame_protector, - /*is_client=*/false); - /* Verify if the generated frame is the same as the expected. */ - GPR_ASSERT(channel->bytes_written_to_client_channel == server_frame_size); - GPR_ASSERT(memcmp(server_expected_frames, channel->client_channel, - server_frame_size) == 0); - unsigned char* client_received_message = - static_cast<unsigned char*>(gpr_malloc(kChannelSize)); - size_t client_received_message_size = 0; - tsi_test_frame_protector_receive_message_from_peer( - config, channel, client_frame_protector, client_received_message, - &client_received_message_size, - /*is_client=*/true); - GPR_ASSERT(config->server_message_size == client_received_message_size); - GPR_ASSERT(memcmp(config->server_message, client_received_message, - client_received_message_size) == 0); - config->client_message = saved_client_message; - config->server_message = saved_server_message; - /* Destroy server and client frame protectors. */ - gpr_free(server_received_message); - gpr_free(client_received_message); -} - -static void alts_test_do_round_trip_vector_tests() { - const uint8_t key[] = {0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, - 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08}; - const char small_message[] = {'C', 'h', 'a', 'p', 'i', ' ', - 'C', 'h', 'a', 'p', 'o'}; - const uint8_t large_message[] = { - 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5, - 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, - 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95, - 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, - 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39, - 0x1a, 0xaf, 0xd2, 0x55, 0xd6, 0x09, 0xb1, 0xf0, 0x56, 0x63, 0x7a, 0x0d, - 0x46, 0xdf, 0x99, 0x8d, 0x88, 0xe5, 0x22, 0x2a, 0xb2, 0xc2, 0x84, 0x65, - 0x12, 0x15, 0x35, 0x24, 0xc0, 0x89, 0x5e, 0x81, 0x08, 0x06, 0x0f, 0x10, - 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, - 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, - 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30}; - const size_t small_message_size = sizeof(small_message) / sizeof(uint8_t); - const size_t large_message_size = sizeof(large_message) / sizeof(uint8_t); - /* Test small client message and large server message. */ - const uint8_t client_expected_frame1[] = { - 0x1f, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x09, 0xd8, 0xd5, 0x92, - 0x4d, 0x50, 0x32, 0xb7, 0x1f, 0xb8, 0xf2, 0xbb, 0x43, 0xc7, 0xe2, 0x94, - 0x3d, 0x3e, 0x9a, 0x78, 0x76, 0xaa, 0x0a, 0x6b, 0xfa, 0x98, 0x3a}; - const uint8_t server_expected_frame1[] = { - 0x94, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0xa9, 0x4b, 0xf8, 0xc8, - 0xe7, 0x8f, 0x1a, 0x26, 0x37, 0x44, 0xa2, 0x5c, 0x55, 0x94, 0x30, 0x4e, - 0x3e, 0x16, 0xe7, 0x9e, 0x96, 0xe8, 0x1b, 0xc0, 0xdd, 0x52, 0x30, 0x06, - 0xc2, 0x72, 0x9a, 0xa1, 0x0b, 0xdb, 0xdc, 0x19, 0x8c, 0x93, 0x5e, 0x84, - 0x1f, 0x4b, 0x97, 0x26, 0xf0, 0x73, 0x85, 0x59, 0x00, 0x95, 0xc1, 0xc5, - 0x22, 0x2f, 0x70, 0x85, 0x68, 0x2c, 0x4f, 0xfe, 0x30, 0x26, 0x91, 0xde, - 0x62, 0x55, 0x1d, 0x35, 0x01, 0x96, 0x1c, 0xe7, 0xa2, 0x8b, 0x14, 0x8a, - 0x5e, 0x1b, 0x4a, 0x3b, 0x4f, 0x65, 0x0f, 0xca, 0x79, 0x10, 0xb4, 0xdd, - 0xf7, 0xa4, 0x8b, 0x64, 0x2f, 0x00, 0x39, 0x60, 0x03, 0xfc, 0xe1, 0x8b, - 0x5c, 0x19, 0xba, 0xcc, 0x46, 0xba, 0x88, 0xdd, 0x40, 0x42, 0x27, 0x4f, - 0xe4, 0x1a, 0x6a, 0x31, 0x6c, 0x1c, 0xb0, 0xb6, 0x5c, 0x3e, 0xca, 0x84, - 0x9b, 0x5f, 0x04, 0x84, 0x11, 0xa9, 0xf8, 0x39, 0xe7, 0xe7, 0xc5, 0xc4, - 0x33, 0x9f, 0x63, 0x21, 0x9a, 0x7c, 0x9c, 0x64}; - const size_t client_frame_size1 = - sizeof(client_expected_frame1) / sizeof(uint8_t); - const size_t server_frame_size1 = - sizeof(server_expected_frame1) / sizeof(uint8_t); - tsi_test_frame_protector_fixture* fixture = - tsi_test_frame_protector_fixture_create(); - alts_test_do_round_trip_check_frames( - fixture, key, kAes128GcmKeyLength, /*rekey=*/false, - reinterpret_cast<const uint8_t*>(small_message), small_message_size, - client_expected_frame1, client_frame_size1, large_message, - large_message_size, server_expected_frame1, server_frame_size1); - tsi_test_frame_protector_fixture_destroy(fixture); - /** - * Test large client message, small server message, and small - * message_buffer_allocated_size. - */ - const uint8_t client_expected_frame2[] = { - 0x94, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x93, 0x81, 0x86, 0xc7, - 0xdc, 0xf4, 0x77, 0x3a, 0xdb, 0x91, 0x94, 0x61, 0xba, 0xed, 0xd5, 0x37, - 0x47, 0x53, 0x0c, 0xe1, 0xbf, 0x59, 0x23, 0x20, 0xde, 0x8b, 0x25, 0x13, - 0x72, 0xe7, 0x8a, 0x4f, 0x32, 0x61, 0xc6, 0xda, 0xc3, 0xe9, 0xff, 0x31, - 0x33, 0x53, 0x4a, 0xf8, 0xc9, 0x98, 0xe4, 0x19, 0x71, 0x9c, 0x5e, 0x72, - 0xc7, 0x35, 0x97, 0x78, 0x30, 0xf2, 0xc4, 0xd1, 0x53, 0xd5, 0x6e, 0x8f, - 0x4f, 0xd9, 0x28, 0x5a, 0xfd, 0x22, 0x57, 0x7f, 0x95, 0xb4, 0x8a, 0x5e, - 0x7c, 0x47, 0xa8, 0xcf, 0x64, 0x3d, 0x83, 0xa5, 0xcf, 0xc3, 0xfe, 0x54, - 0xc2, 0x6a, 0x40, 0xc4, 0xfb, 0x8e, 0x07, 0x77, 0x70, 0x8f, 0x99, 0x94, - 0xb1, 0xd5, 0xa7, 0xf9, 0x0d, 0xc7, 0x11, 0xc5, 0x6f, 0x4a, 0x4f, 0x56, - 0xd5, 0xe2, 0x9c, 0xbb, 0x95, 0x7a, 0xd0, 0x9f, 0x30, 0x54, 0xca, 0x6d, - 0x5c, 0x8e, 0x83, 0xa0, 0x04, 0x5e, 0xd0, 0x22, 0x8c, 0x2a, 0x7f, 0xdb, - 0xfe, 0xb3, 0x2e, 0xae, 0x22, 0xe6, 0xf4, 0xb7}; - const uint8_t server_expected_frame2[] = { - 0x1f, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x33, 0x12, 0xab, 0x9d, - 0x76, 0x2b, 0x5f, 0xab, 0xf3, 0x6d, 0xc4, 0xaa, 0xe5, 0x1e, 0x63, 0xc1, - 0x7b, 0x7b, 0x10, 0xd5, 0x63, 0x0f, 0x29, 0xad, 0x17, 0x33, 0x73}; - const size_t client_frame_size2 = - sizeof(client_expected_frame2) / sizeof(uint8_t); - const size_t server_frame_size2 = - sizeof(server_expected_frame2) / sizeof(uint8_t); - fixture = tsi_test_frame_protector_fixture_create(); - alts_test_do_round_trip_check_frames( - fixture, key, kAes128GcmKeyLength, /*rekey=*/false, large_message, - large_message_size, client_expected_frame2, client_frame_size2, - reinterpret_cast<const uint8_t*>(small_message), small_message_size, - server_expected_frame2, server_frame_size2); - tsi_test_frame_protector_fixture_destroy(fixture); - /** - * Test large client message, small server message, and small - * protected_buffer_size. - */ - const uint8_t client_expected_frame3[] = { - 0x94, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x93, 0x81, 0x86, 0xc7, - 0xdc, 0xf4, 0x77, 0x3a, 0xdb, 0x91, 0x94, 0x61, 0xba, 0xed, 0xd5, 0x37, - 0x47, 0x53, 0x0c, 0xe1, 0xbf, 0x59, 0x23, 0x20, 0xde, 0x8b, 0x25, 0x13, - 0x72, 0xe7, 0x8a, 0x4f, 0x32, 0x61, 0xc6, 0xda, 0xc3, 0xe9, 0xff, 0x31, - 0x33, 0x53, 0x4a, 0xf8, 0xc9, 0x98, 0xe4, 0x19, 0x71, 0x9c, 0x5e, 0x72, - 0xc7, 0x35, 0x97, 0x78, 0x30, 0xf2, 0xc4, 0xd1, 0x53, 0xd5, 0x6e, 0x8f, - 0x4f, 0xd9, 0x28, 0x5a, 0xfd, 0x22, 0x57, 0x7f, 0x95, 0xb4, 0x8a, 0x5e, - 0x7c, 0x47, 0xa8, 0xcf, 0x64, 0x3d, 0x83, 0xa5, 0xcf, 0xc3, 0xfe, 0x54, - 0xc2, 0x6a, 0x40, 0xc4, 0xfb, 0x8e, 0x07, 0x77, 0x70, 0x8f, 0x99, 0x94, - 0xb1, 0xd5, 0xa7, 0xf9, 0x0d, 0xc7, 0x11, 0xc5, 0x6f, 0x4a, 0x4f, 0x56, - 0xd5, 0xe2, 0x9c, 0xbb, 0x95, 0x7a, 0xd0, 0x9f, 0x30, 0x54, 0xca, 0x6d, - 0x5c, 0x8e, 0x83, 0xa0, 0x04, 0x5e, 0xd0, 0x22, 0x8c, 0x2a, 0x7f, 0xdb, - 0xfe, 0xb3, 0x2e, 0xae, 0x22, 0xe6, 0xf4, 0xb7}; - const uint8_t server_expected_frame3[] = { - 0x1f, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x33, 0x12, 0xab, 0x9d, - 0x76, 0x2b, 0x5f, 0xab, 0xf3, 0x6d, 0xc4, 0xaa, 0xe5, 0x1e, 0x63, 0xc1, - 0x7b, 0x7b, 0x10, 0xd5, 0x63, 0x0f, 0x29, 0xad, 0x17, 0x33, 0x73}; - const size_t client_frame_size3 = - sizeof(client_expected_frame3) / sizeof(uint8_t); - const size_t server_frame_size3 = - sizeof(server_expected_frame3) / sizeof(uint8_t); - fixture = tsi_test_frame_protector_fixture_create(); - alts_test_do_round_trip_check_frames( - fixture, key, kAes128GcmKeyLength, /*rekey=*/false, large_message, - large_message_size, client_expected_frame3, client_frame_size3, - reinterpret_cast<const uint8_t*>(small_message), small_message_size, - server_expected_frame3, server_frame_size3); - tsi_test_frame_protector_fixture_destroy(fixture); - /** - * Test large client message, small server message, and small - * read_buffer_allocated_size. - */ - const uint8_t client_expected_frame4[] = { - 0x94, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x93, 0x81, 0x86, 0xc7, - 0xdc, 0xf4, 0x77, 0x3a, 0xdb, 0x91, 0x94, 0x61, 0xba, 0xed, 0xd5, 0x37, - 0x47, 0x53, 0x0c, 0xe1, 0xbf, 0x59, 0x23, 0x20, 0xde, 0x8b, 0x25, 0x13, - 0x72, 0xe7, 0x8a, 0x4f, 0x32, 0x61, 0xc6, 0xda, 0xc3, 0xe9, 0xff, 0x31, - 0x33, 0x53, 0x4a, 0xf8, 0xc9, 0x98, 0xe4, 0x19, 0x71, 0x9c, 0x5e, 0x72, - 0xc7, 0x35, 0x97, 0x78, 0x30, 0xf2, 0xc4, 0xd1, 0x53, 0xd5, 0x6e, 0x8f, - 0x4f, 0xd9, 0x28, 0x5a, 0xfd, 0x22, 0x57, 0x7f, 0x95, 0xb4, 0x8a, 0x5e, - 0x7c, 0x47, 0xa8, 0xcf, 0x64, 0x3d, 0x83, 0xa5, 0xcf, 0xc3, 0xfe, 0x54, - 0xc2, 0x6a, 0x40, 0xc4, 0xfb, 0x8e, 0x07, 0x77, 0x70, 0x8f, 0x99, 0x94, - 0xb1, 0xd5, 0xa7, 0xf9, 0x0d, 0xc7, 0x11, 0xc5, 0x6f, 0x4a, 0x4f, 0x56, - 0xd5, 0xe2, 0x9c, 0xbb, 0x95, 0x7a, 0xd0, 0x9f, 0x30, 0x54, 0xca, 0x6d, - 0x5c, 0x8e, 0x83, 0xa0, 0x04, 0x5e, 0xd0, 0x22, 0x8c, 0x2a, 0x7f, 0xdb, - 0xfe, 0xb3, 0x2e, 0xae, 0x22, 0xe6, 0xf4, 0xb7}; - const uint8_t server_expected_frame4[] = { - 0x1f, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x33, 0x12, 0xab, 0x9d, - 0x76, 0x2b, 0x5f, 0xab, 0xf3, 0x6d, 0xc4, 0xaa, 0xe5, 0x1e, 0x63, 0xc1, - 0x7b, 0x7b, 0x10, 0xd5, 0x63, 0x0f, 0x29, 0xad, 0x17, 0x33, 0x73}; - const size_t client_frame_size4 = - sizeof(client_expected_frame4) / sizeof(uint8_t); - const size_t server_frame_size4 = - sizeof(server_expected_frame4) / sizeof(uint8_t); - fixture = tsi_test_frame_protector_fixture_create(); - alts_test_do_round_trip_check_frames( - fixture, key, kAes128GcmKeyLength, /*rekey=*/false, large_message, - large_message_size, client_expected_frame4, client_frame_size4, - reinterpret_cast<const uint8_t*>(small_message), small_message_size, - server_expected_frame4, server_frame_size4); - tsi_test_frame_protector_fixture_destroy(fixture); - /** - * Test large client message, small server message, and small - * client_max_output_protected_frame_size. - */ - const uint8_t client_expected_frame5[] = { - 0x94, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x93, 0x81, 0x86, 0xc7, - 0xdc, 0xf4, 0x77, 0x3a, 0xdb, 0x91, 0x94, 0x61, 0xba, 0xed, 0xd5, 0x37, - 0x47, 0x53, 0x0c, 0xe1, 0xbf, 0x59, 0x23, 0x20, 0xde, 0x8b, 0x25, 0x13, - 0x72, 0xe7, 0x8a, 0x4f, 0x32, 0x61, 0xc6, 0xda, 0xc3, 0xe9, 0xff, 0x31, - 0x33, 0x53, 0x4a, 0xf8, 0xc9, 0x98, 0xe4, 0x19, 0x71, 0x9c, 0x5e, 0x72, - 0xc7, 0x35, 0x97, 0x78, 0x30, 0xf2, 0xc4, 0xd1, 0x53, 0xd5, 0x6e, 0x8f, - 0x4f, 0xd9, 0x28, 0x5a, 0xfd, 0x22, 0x57, 0x7f, 0x95, 0xb4, 0x8a, 0x5e, - 0x7c, 0x47, 0xa8, 0xcf, 0x64, 0x3d, 0x83, 0xa5, 0xcf, 0xc3, 0xfe, 0x54, - 0xc2, 0x6a, 0x40, 0xc4, 0xfb, 0x8e, 0x07, 0x77, 0x70, 0x8f, 0x99, 0x94, - 0xb1, 0xd5, 0xa7, 0xf9, 0x0d, 0xc7, 0x11, 0xc5, 0x6f, 0x4a, 0x4f, 0x56, - 0xd5, 0xe2, 0x9c, 0xbb, 0x95, 0x7a, 0xd0, 0x9f, 0x30, 0x54, 0xca, 0x6d, - 0x5c, 0x8e, 0x83, 0xa0, 0x04, 0x5e, 0xd0, 0x22, 0x8c, 0x2a, 0x7f, 0xdb, - 0xfe, 0xb3, 0x2e, 0xae, 0x22, 0xe6, 0xf4, 0xb7}; - const uint8_t server_expected_frame5[] = { - 0x1f, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x33, 0x12, 0xab, 0x9d, - 0x76, 0x2b, 0x5f, 0xab, 0xf3, 0x6d, 0xc4, 0xaa, 0xe5, 0x1e, 0x63, 0xc1, - 0x7b, 0x7b, 0x10, 0xd5, 0x63, 0x0f, 0x29, 0xad, 0x17, 0x33, 0x73}; - const size_t client_frame_size5 = - sizeof(client_expected_frame5) / sizeof(uint8_t); - const size_t server_frame_size5 = - sizeof(server_expected_frame5) / sizeof(uint8_t); - fixture = tsi_test_frame_protector_fixture_create(); - alts_test_do_round_trip_check_frames( - fixture, key, kAes128GcmKeyLength, /*rekey=*/false, large_message, - large_message_size, client_expected_frame5, client_frame_size5, - reinterpret_cast<const uint8_t*>(small_message), small_message_size, - server_expected_frame5, server_frame_size5); - tsi_test_frame_protector_fixture_destroy(fixture); - /** - * Test small client message, large server message, and small - * server_max_output_protected_frame_size. - */ - const uint8_t client_expected_frame6[] = { - 0x1f, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x09, 0xd8, 0xd5, 0x92, - 0x4d, 0x50, 0x32, 0xb7, 0x1f, 0xb8, 0xf2, 0xbb, 0x43, 0xc7, 0xe2, 0x94, - 0x3d, 0x3e, 0x9a, 0x78, 0x76, 0xaa, 0x0a, 0x6b, 0xfa, 0x98, 0x3a}; - const uint8_t server_expected_frame6[] = { - 0x94, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0xa9, 0x4b, 0xf8, 0xc8, - 0xe7, 0x8f, 0x1a, 0x26, 0x37, 0x44, 0xa2, 0x5c, 0x55, 0x94, 0x30, 0x4e, - 0x3e, 0x16, 0xe7, 0x9e, 0x96, 0xe8, 0x1b, 0xc0, 0xdd, 0x52, 0x30, 0x06, - 0xc2, 0x72, 0x9a, 0xa1, 0x0b, 0xdb, 0xdc, 0x19, 0x8c, 0x93, 0x5e, 0x84, - 0x1f, 0x4b, 0x97, 0x26, 0xf0, 0x73, 0x85, 0x59, 0x00, 0x95, 0xc1, 0xc5, - 0x22, 0x2f, 0x70, 0x85, 0x68, 0x2c, 0x4f, 0xfe, 0x30, 0x26, 0x91, 0xde, - 0x62, 0x55, 0x1d, 0x35, 0x01, 0x96, 0x1c, 0xe7, 0xa2, 0x8b, 0x14, 0x8a, - 0x5e, 0x1b, 0x4a, 0x3b, 0x4f, 0x65, 0x0f, 0xca, 0x79, 0x10, 0xb4, 0xdd, - 0xf7, 0xa4, 0x8b, 0x64, 0x2f, 0x00, 0x39, 0x60, 0x03, 0xfc, 0xe1, 0x8b, - 0x5c, 0x19, 0xba, 0xcc, 0x46, 0xba, 0x88, 0xdd, 0x40, 0x42, 0x27, 0x4f, - 0xe4, 0x1a, 0x6a, 0x31, 0x6c, 0x1c, 0xb0, 0xb6, 0x5c, 0x3e, 0xca, 0x84, - 0x9b, 0x5f, 0x04, 0x84, 0x11, 0xa9, 0xf8, 0x39, 0xe7, 0xe7, 0xc5, 0xc4, - 0x33, 0x9f, 0x63, 0x21, 0x9a, 0x7c, 0x9c, 0x64}; - const size_t client_frame_size6 = - sizeof(client_expected_frame6) / sizeof(uint8_t); - const size_t server_frame_size6 = - sizeof(server_expected_frame6) / sizeof(uint8_t); - fixture = tsi_test_frame_protector_fixture_create(); - alts_test_do_round_trip_check_frames( - fixture, key, kAes128GcmKeyLength, /*rekey=*/false, - reinterpret_cast<const uint8_t*>(small_message), small_message_size, - client_expected_frame6, client_frame_size6, large_message, - large_message_size, server_expected_frame6, server_frame_size6); - tsi_test_frame_protector_fixture_destroy(fixture); -} - -static void alts_test_do_round_trip(tsi_test_frame_protector_fixture* fixture, - bool rekey) { - GPR_ASSERT(fixture != nullptr); - GPR_ASSERT(fixture->config != nullptr); - tsi_frame_protector* client_frame_protector = nullptr; - tsi_frame_protector* server_frame_protector = nullptr; - tsi_test_frame_protector_config* config = fixture->config; - /* Create a key to be used by both client and server. */ - uint8_t* key = nullptr; - size_t key_length = rekey ? kAes128GcmRekeyKeyLength : kAes128GcmKeyLength; - gsec_test_random_array(&key, key_length); - /* Create a client frame protector. */ - size_t client_max_output_protected_frame_size = - config->client_max_output_protected_frame_size; - GPR_ASSERT( - alts_create_frame_protector(key, key_length, /*is_client=*/true, rekey, - client_max_output_protected_frame_size == 0 - ? nullptr - : &client_max_output_protected_frame_size, - &client_frame_protector) == TSI_OK); - /* Create a server frame protector. */ - size_t server_max_output_protected_frame_size = - config->server_max_output_protected_frame_size; - GPR_ASSERT( - alts_create_frame_protector(key, key_length, /*is_client=*/false, rekey, - server_max_output_protected_frame_size == 0 - ? nullptr - : &server_max_output_protected_frame_size, - &server_frame_protector) == TSI_OK); - tsi_test_frame_protector_fixture_init(fixture, client_frame_protector, - server_frame_protector); - tsi_test_frame_protector_do_round_trip_no_handshake(fixture); - gpr_free(key); -} - -/* Run all combinations of different arguments of test config. */ -static void alts_test_do_round_trip_all(bool rekey) { - unsigned int* bit_array = static_cast<unsigned int*>( - gpr_malloc(sizeof(unsigned int) * TSI_TEST_NUM_OF_ARGUMENTS)); - unsigned int mask = 1U << (TSI_TEST_NUM_OF_ARGUMENTS - 1); - unsigned int val = 0, ind = 0; - for (val = 0; val < TSI_TEST_NUM_OF_COMBINATIONS; val++) { - unsigned int v = val; - for (ind = 0; ind < TSI_TEST_NUM_OF_ARGUMENTS; ind++) { - bit_array[ind] = (v & mask) ? 1 : 0; - v <<= 1; - } - tsi_test_frame_protector_fixture* fixture = - tsi_test_frame_protector_fixture_create(); - tsi_test_frame_protector_config_destroy(fixture->config); - fixture->config = tsi_test_frame_protector_config_create( - bit_array[0], bit_array[1], bit_array[2], bit_array[3], bit_array[4], - bit_array[5], bit_array[6]); - alts_test_do_round_trip(fixture, rekey); - tsi_test_frame_protector_fixture_destroy(fixture); - } - gpr_free(bit_array); -} - -int main(int argc, char** argv) { - alts_test_do_round_trip_vector_tests(); - alts_test_do_round_trip_all(/*rekey=*/false); - alts_test_do_round_trip_all(/*rekey=*/true); - return 0; -} diff --git a/test/core/tsi/alts/frame_protector/frame_handler_test.cc b/test/core/tsi/alts/frame_protector/frame_handler_test.cc deleted file mode 100644 index 6434ea1d31..0000000000 --- a/test/core/tsi/alts/frame_protector/frame_handler_test.cc +++ /dev/null @@ -1,244 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <stdint.h> -#include <stdio.h> -#include <string.h> - -#include <grpc/support/alloc.h> -#include <grpc/support/log.h> - -#include "src/core/lib/gpr/useful.h" -#include "src/core/tsi/alts/frame_protector/frame_handler.h" -#include "test/core/tsi/alts/crypt/gsec_test_util.h" - -const size_t kFrameHandlerTestBufferSize = 1024; - -typedef struct frame_handler { - alts_frame_writer* writer; - alts_frame_reader* reader; - unsigned char* buffer; - size_t buffer_size; -} frame_handler; - -static size_t frame_length(size_t payload_length) { - return payload_length + kFrameHeaderSize; -} - -static frame_handler* create_frame_handler() { - frame_handler* handler = - static_cast<frame_handler*>(gpr_malloc(sizeof(frame_handler))); - handler->writer = alts_create_frame_writer(); - handler->reader = alts_create_frame_reader(); - handler->buffer = nullptr; - handler->buffer_size = 0; - return handler; -} - -static void destroy_frame_handler(frame_handler* handler) { - if (handler != nullptr) { - alts_destroy_frame_reader(handler->reader); - alts_destroy_frame_writer(handler->writer); - if (handler->buffer != nullptr) gpr_free(handler->buffer); - gpr_free(handler); - } -} - -static void frame(frame_handler* handler, unsigned char* payload, - size_t payload_length, size_t write_length) { - handler->buffer_size = frame_length(payload_length); - handler->buffer = - static_cast<unsigned char*>(gpr_malloc(handler->buffer_size)); - GPR_ASSERT(alts_reset_frame_writer(handler->writer, payload, payload_length)); - size_t offset = 0; - while (offset < handler->buffer_size && - !alts_is_frame_writer_done(handler->writer)) { - size_t bytes_written = GPR_MIN(write_length, handler->buffer_size - offset); - GPR_ASSERT(alts_write_frame_bytes(handler->writer, handler->buffer + offset, - &bytes_written)); - offset += bytes_written; - } - GPR_ASSERT(alts_is_frame_writer_done(handler->writer)); - GPR_ASSERT(handler->buffer_size == offset); -} - -static size_t deframe(frame_handler* handler, unsigned char* bytes, - size_t read_length) { - GPR_ASSERT(alts_reset_frame_reader(handler->reader, bytes)); - size_t offset = 0; - while (offset < handler->buffer_size && - !alts_is_frame_reader_done(handler->reader)) { - size_t bytes_read = GPR_MIN(read_length, handler->buffer_size - offset); - GPR_ASSERT(alts_read_frame_bytes(handler->reader, handler->buffer + offset, - &bytes_read)); - offset += bytes_read; - } - GPR_ASSERT(alts_is_frame_reader_done(handler->reader)); - GPR_ASSERT(handler->buffer_size == offset); - return offset - handler->reader->header_bytes_read; -} - -static void frame_n_deframe(frame_handler* handler, unsigned char* payload, - size_t payload_length, size_t write_length, - size_t read_length) { - frame(handler, payload, payload_length, write_length); - unsigned char* bytes = - static_cast<unsigned char*>(gpr_malloc(kFrameHandlerTestBufferSize)); - size_t deframed_payload_length = deframe(handler, bytes, read_length); - GPR_ASSERT(payload_length == deframed_payload_length); - GPR_ASSERT(memcmp(payload, bytes, payload_length) == 0); - gpr_free(bytes); -} - -static void frame_handler_test_frame_deframe() { - unsigned char payload[] = "hello world"; - size_t payload_length = strlen((char*)payload) + 1; - frame_handler* handler = create_frame_handler(); - frame_n_deframe(handler, payload, payload_length, - frame_length(payload_length), frame_length(payload_length)); - destroy_frame_handler(handler); -} - -static void frame_handler_test_small_buffer() { - unsigned char payload[] = "hello world"; - size_t payload_length = strlen(reinterpret_cast<char*>(payload)) + 1; - frame_handler* handler = create_frame_handler(); - frame_n_deframe(handler, payload, payload_length, 1, 1); - destroy_frame_handler(handler); -} - -static void frame_handler_test_null_input_stream() { - frame_handler* handler = create_frame_handler(); - GPR_ASSERT(!alts_reset_frame_writer(handler->writer, nullptr, 0)); - destroy_frame_handler(handler); -} - -static void frame_handler_test_bad_input_length() { - unsigned char payload[] = "hello world"; - frame_handler* handler = create_frame_handler(); - GPR_ASSERT(!alts_reset_frame_writer(handler->writer, payload, SIZE_MAX)); - destroy_frame_handler(handler); -} - -static void frame_handler_test_null_writer_byte_length() { - unsigned char payload[] = "hello world"; - size_t payload_length = strlen(reinterpret_cast<char*>(payload)) + 1; - frame_handler* handler = create_frame_handler(); - GPR_ASSERT(alts_reset_frame_writer(handler->writer, payload, payload_length)); - GPR_ASSERT( - !alts_write_frame_bytes(handler->writer, handler->buffer, nullptr)); - destroy_frame_handler(handler); -} - -static void frame_handler_test_null_writer_bytes() { - unsigned char payload[] = "hello world"; - size_t payload_length = strlen(reinterpret_cast<char*>(payload)) + 1; - frame_handler* handler = create_frame_handler(); - GPR_ASSERT(alts_reset_frame_writer(handler->writer, payload, payload_length)); - GPR_ASSERT( - !alts_write_frame_bytes(handler->writer, nullptr, &payload_length)); - destroy_frame_handler(handler); -} - -static void frame_handler_test_bad_frame_length() { - unsigned char payload[] = "hello world"; - size_t payload_length = strlen(reinterpret_cast<char*>(payload)) + 1; - frame_handler* handler = create_frame_handler(); - frame(handler, payload, payload_length, payload_length); - memset(handler->buffer, 0x00, kFrameLengthFieldSize); - unsigned char* bytes = - static_cast<unsigned char*>(gpr_malloc(kFrameHandlerTestBufferSize)); - GPR_ASSERT(alts_reset_frame_reader(handler->reader, bytes)); - size_t bytes_read = handler->buffer_size; - GPR_ASSERT( - !alts_read_frame_bytes(handler->reader, handler->buffer, &bytes_read)); - GPR_ASSERT(alts_is_frame_reader_done(handler->reader)); - GPR_ASSERT(bytes_read == 0); - gpr_free(bytes); - destroy_frame_handler(handler); -} - -static void frame_handler_test_unsupported_message_type() { - unsigned char payload[] = "hello world"; - size_t payload_length = strlen(reinterpret_cast<char*>(payload)) + 1; - frame_handler* handler = create_frame_handler(); - frame(handler, payload, payload_length, payload_length); - memset(handler->buffer + kFrameLengthFieldSize, 0x00, - kFrameMessageTypeFieldSize); - unsigned char* bytes = - static_cast<unsigned char*>(gpr_malloc(kFrameHandlerTestBufferSize)); - GPR_ASSERT(alts_reset_frame_reader(handler->reader, bytes)); - size_t bytes_read = handler->buffer_size; - GPR_ASSERT( - !alts_read_frame_bytes(handler->reader, handler->buffer, &bytes_read)); - GPR_ASSERT(alts_is_frame_reader_done(handler->reader)); - GPR_ASSERT(bytes_read == 0); - gpr_free(bytes); - destroy_frame_handler(handler); -} - -static void frame_handler_test_null_output_stream() { - unsigned char payload[] = "hello world"; - size_t payload_length = strlen(reinterpret_cast<char*>(payload)) + 1; - frame_handler* handler = create_frame_handler(); - frame(handler, payload, payload_length, payload_length); - GPR_ASSERT(!alts_reset_frame_reader(handler->reader, nullptr)); - destroy_frame_handler(handler); -} - -static void frame_handler_test_null_reader_byte_length() { - unsigned char payload[] = "hello world"; - size_t payload_length = strlen(reinterpret_cast<char*>(payload)) + 1; - frame_handler* handler = create_frame_handler(); - frame(handler, payload, payload_length, payload_length); - unsigned char* bytes = - static_cast<unsigned char*>(gpr_malloc(kFrameHandlerTestBufferSize)); - GPR_ASSERT(alts_reset_frame_reader(handler->reader, bytes)); - GPR_ASSERT(!alts_read_frame_bytes(handler->reader, handler->buffer, nullptr)); - gpr_free(bytes); - destroy_frame_handler(handler); -} - -static void frame_handler_test_null_reader_bytes() { - unsigned char payload[] = "hello world"; - size_t payload_length = strlen(reinterpret_cast<char*>(payload)) + 1; - frame_handler* handler = create_frame_handler(); - frame(handler, payload, payload_length, payload_length); - unsigned char* bytes = - static_cast<unsigned char*>(gpr_malloc(kFrameHandlerTestBufferSize)); - GPR_ASSERT(alts_reset_frame_reader(handler->reader, bytes)); - size_t bytes_read = handler->buffer_size; - GPR_ASSERT(!alts_read_frame_bytes(handler->reader, nullptr, &bytes_read)); - gpr_free(bytes); - destroy_frame_handler(handler); -} - -int main(int argc, char** argv) { - frame_handler_test_frame_deframe(); - frame_handler_test_small_buffer(); - frame_handler_test_null_input_stream(); - frame_handler_test_bad_input_length(); - frame_handler_test_null_writer_byte_length(); - frame_handler_test_null_writer_bytes(); - frame_handler_test_bad_frame_length(); - frame_handler_test_unsupported_message_type(); - frame_handler_test_null_output_stream(); - frame_handler_test_null_reader_byte_length(); - frame_handler_test_null_reader_bytes(); - return 0; -} diff --git a/test/core/tsi/alts/handshaker/BUILD b/test/core/tsi/alts/handshaker/BUILD deleted file mode 100644 index db39732c43..0000000000 --- a/test/core/tsi/alts/handshaker/BUILD +++ /dev/null @@ -1,78 +0,0 @@ -# Copyright 2018 gRPC authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -load("//bazel:grpc_build_system.bzl", "grpc_cc_library", "grpc_cc_test", "grpc_package") - -licenses(["notice"]) # Apache v2 - -grpc_package(name = "handshaker") - -grpc_cc_library( - name = "alts_handshaker_service_api_test_lib", - srcs = ["alts_handshaker_service_api_test_lib.cc"], - hdrs = ["alts_handshaker_service_api_test_lib.h"], - deps = [ - "//:grpc", - ], -) - -grpc_cc_test( - name = "alts_handshaker_client_test", - srcs = ["alts_handshaker_client_test.cc"], - language = "C++", - deps = [ - ":alts_handshaker_service_api_test_lib", - "//:grpc", - ], -) - -grpc_cc_test( - name = "alts_handshaker_service_api_test", - srcs = ["alts_handshaker_service_api_test.cc"], - language = "C++", - deps = [ - ":alts_handshaker_service_api_test_lib", - "//:grpc", - ], -) - -grpc_cc_test( - name = "alts_tsi_handshaker_test", - srcs = ["alts_tsi_handshaker_test.cc"], - language = "C++", - deps = [ - ":alts_handshaker_service_api_test_lib", - "//:grpc", - ], -) - -grpc_cc_test( - name = "alts_tsi_utils_test", - srcs = ["alts_tsi_utils_test.cc"], - language = "C++", - deps = [ - ":alts_handshaker_service_api_test_lib", - "//:grpc", - ], -) - -grpc_cc_test( - name = "transport_security_common_api_test", - srcs = ["transport_security_common_api_test.cc"], - language = "C++", - deps = [ - "//:grpc", - ], -) - diff --git a/test/core/tsi/alts/handshaker/alts_handshaker_client_test.cc b/test/core/tsi/alts/handshaker/alts_handshaker_client_test.cc deleted file mode 100644 index 7072be6e3a..0000000000 --- a/test/core/tsi/alts/handshaker/alts_handshaker_client_test.cc +++ /dev/null @@ -1,412 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <grpc/grpc.h> - -#include "src/core/tsi/alts/handshaker/alts_handshaker_client.h" -#include "src/core/tsi/alts/handshaker/alts_tsi_event.h" -#include "src/core/tsi/alts/handshaker/alts_tsi_handshaker.h" -#include "src/core/tsi/transport_security.h" -#include "src/core/tsi/transport_security_interface.h" -#include "test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.h" - -#define ALTS_HANDSHAKER_CLIENT_TEST_OUT_FRAME "Hello Google" -#define ALTS_HANDSHAKER_CLIENT_TEST_HANDSHAKER_SERVICE_URL "lame" -#define ALTS_HANDSHAKER_CLIENT_TEST_TARGET_NAME "bigtable.google.api.com" -#define ALTS_HANDSHAKER_CLIENT_TEST_TARGET_SERVICE_ACCOUNT1 "A@google.com" -#define ALTS_HANDSHAKER_CLIENT_TEST_TARGET_SERVICE_ACCOUNT2 "B@google.com" - -const size_t kHandshakerClientOpNum = 4; -const size_t kMaxRpcVersionMajor = 3; -const size_t kMaxRpcVersionMinor = 2; -const size_t kMinRpcVersionMajor = 2; -const size_t kMinRpcVersionMinor = 1; - -using grpc_core::internal::alts_handshaker_client_set_grpc_caller_for_testing; - -typedef struct alts_handshaker_client_test_config { - grpc_channel* channel; - grpc_completion_queue* cq; - alts_handshaker_client* client; - grpc_slice out_frame; -} alts_handshaker_client_test_config; - -static alts_tsi_event* alts_tsi_event_create_for_testing(bool is_client) { - alts_tsi_event* e = static_cast<alts_tsi_event*>(gpr_zalloc(sizeof(*e))); - grpc_metadata_array_init(&e->initial_metadata); - grpc_metadata_array_init(&e->trailing_metadata); - e->options = is_client ? grpc_alts_credentials_client_options_create() - : grpc_alts_credentials_server_options_create(); - if (is_client) { - grpc_alts_credentials_client_options_add_target_service_account( - reinterpret_cast<grpc_alts_credentials_client_options*>(e->options), - ALTS_HANDSHAKER_CLIENT_TEST_TARGET_SERVICE_ACCOUNT1); - grpc_alts_credentials_client_options_add_target_service_account( - reinterpret_cast<grpc_alts_credentials_client_options*>(e->options), - ALTS_HANDSHAKER_CLIENT_TEST_TARGET_SERVICE_ACCOUNT2); - } - grpc_gcp_rpc_protocol_versions* versions = &e->options->rpc_versions; - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_max( - versions, kMaxRpcVersionMajor, kMaxRpcVersionMinor)); - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_min( - versions, kMinRpcVersionMajor, kMinRpcVersionMinor)); - e->target_name = - grpc_slice_from_static_string(ALTS_HANDSHAKER_CLIENT_TEST_TARGET_NAME); - return e; -} - -static void validate_rpc_protocol_versions( - grpc_gcp_rpc_protocol_versions* versions) { - GPR_ASSERT(versions != nullptr); - GPR_ASSERT(versions->max_rpc_version.major == kMaxRpcVersionMajor); - GPR_ASSERT(versions->max_rpc_version.minor == kMaxRpcVersionMinor); - GPR_ASSERT(versions->min_rpc_version.major == kMinRpcVersionMajor); - GPR_ASSERT(versions->min_rpc_version.minor == kMinRpcVersionMinor); -} - -static void validate_target_identities( - const repeated_field* target_identity_head) { - grpc_gcp_identity* target_identity1 = static_cast<grpc_gcp_identity*>( - const_cast<void*>(target_identity_head->next->data)); - grpc_gcp_identity* target_identity2 = static_cast<grpc_gcp_identity*>( - const_cast<void*>(target_identity_head->data)); - grpc_slice* service_account1 = - static_cast<grpc_slice*>(target_identity1->service_account.arg); - grpc_slice* service_account2 = - static_cast<grpc_slice*>(target_identity2->service_account.arg); - GPR_ASSERT(memcmp(GRPC_SLICE_START_PTR(*service_account1), - ALTS_HANDSHAKER_CLIENT_TEST_TARGET_SERVICE_ACCOUNT1, - GRPC_SLICE_LENGTH(*service_account1)) == 0); - GPR_ASSERT(strlen(ALTS_HANDSHAKER_CLIENT_TEST_TARGET_SERVICE_ACCOUNT1) == - GRPC_SLICE_LENGTH(*service_account1)); - GPR_ASSERT(memcmp(GRPC_SLICE_START_PTR(*service_account2), - ALTS_HANDSHAKER_CLIENT_TEST_TARGET_SERVICE_ACCOUNT2, - GRPC_SLICE_LENGTH(*service_account2)) == 0); - GPR_ASSERT(strlen(ALTS_HANDSHAKER_CLIENT_TEST_TARGET_SERVICE_ACCOUNT2) == - GRPC_SLICE_LENGTH(*service_account2)); -} - -/** - * Validate if grpc operation data is correctly populated with the fields of - * ALTS TSI event. - */ -static bool validate_op(alts_tsi_event* event, const grpc_op* op, size_t nops, - bool is_start) { - GPR_ASSERT(event != nullptr && op != nullptr && nops != 0); - bool ok = true; - grpc_op* start_op = const_cast<grpc_op*>(op); - if (is_start) { - ok &= (op->op == GRPC_OP_SEND_INITIAL_METADATA); - ok &= (op->data.send_initial_metadata.count == 0); - op++; - GPR_ASSERT((size_t)(op - start_op) <= kHandshakerClientOpNum); - - ok &= (op->op == GRPC_OP_RECV_INITIAL_METADATA); - ok &= (op->data.recv_initial_metadata.recv_initial_metadata == - &event->initial_metadata); - op++; - GPR_ASSERT((size_t)(op - start_op) <= kHandshakerClientOpNum); - } - ok &= (op->op == GRPC_OP_SEND_MESSAGE); - ok &= (op->data.send_message.send_message == event->send_buffer); - op++; - GPR_ASSERT((size_t)(op - start_op) <= kHandshakerClientOpNum); - - ok &= (op->op == GRPC_OP_RECV_MESSAGE); - ok &= (op->data.recv_message.recv_message == &event->recv_buffer); - op++; - GPR_ASSERT((size_t)(op - start_op) <= kHandshakerClientOpNum); - - return ok; -} - -static grpc_gcp_handshaker_req* deserialize_handshaker_req( - grpc_gcp_handshaker_req_type type, grpc_byte_buffer* buffer) { - GPR_ASSERT(buffer != nullptr); - grpc_gcp_handshaker_req* req = grpc_gcp_handshaker_decoded_req_create(type); - grpc_byte_buffer_reader bbr; - GPR_ASSERT(grpc_byte_buffer_reader_init(&bbr, buffer)); - grpc_slice slice = grpc_byte_buffer_reader_readall(&bbr); - GPR_ASSERT(grpc_gcp_handshaker_req_decode(slice, req)); - grpc_slice_unref(slice); - grpc_byte_buffer_reader_destroy(&bbr); - return req; -} - -/** - * A mock grpc_caller used to check if client_start, server_start, and next - * operations correctly handle invalid arguments. It should not be called. - */ -static grpc_call_error check_must_not_be_called(grpc_call* call, - const grpc_op* ops, size_t nops, - void* tag) { - GPR_ASSERT(0); -} - -/** - * A mock grpc_caller used to check correct execution of client_start operation. - * It checks if the client_start handshaker request is populated with correct - * handshake_security_protocol, application_protocol, and record_protocol, and - * op is correctly populated. - */ -static grpc_call_error check_client_start_success(grpc_call* call, - const grpc_op* op, - size_t nops, void* tag) { - alts_tsi_event* event = static_cast<alts_tsi_event*>(tag); - grpc_gcp_handshaker_req* req = - deserialize_handshaker_req(CLIENT_START_REQ, event->send_buffer); - GPR_ASSERT(req->client_start.handshake_security_protocol == - grpc_gcp_HandshakeProtocol_ALTS); - const void* data = (static_cast<repeated_field*>( - req->client_start.application_protocols.arg)) - ->data; - GPR_ASSERT(data != nullptr); - grpc_slice* application_protocol = (grpc_slice*)data; - data = (static_cast<repeated_field*>(req->client_start.record_protocols.arg)) - ->data; - grpc_slice* record_protocol = (grpc_slice*)data; - GPR_ASSERT(memcmp(GRPC_SLICE_START_PTR(*application_protocol), - ALTS_APPLICATION_PROTOCOL, - GRPC_SLICE_LENGTH(*application_protocol)) == 0); - GPR_ASSERT(memcmp(GRPC_SLICE_START_PTR(*record_protocol), - ALTS_RECORD_PROTOCOL, - GRPC_SLICE_LENGTH(*record_protocol)) == 0); - validate_rpc_protocol_versions(&req->client_start.rpc_versions); - validate_target_identities( - static_cast<repeated_field*>(req->client_start.target_identities.arg)); - grpc_slice* target_name = - static_cast<grpc_slice*>(req->client_start.target_name.arg); - GPR_ASSERT(memcmp(GRPC_SLICE_START_PTR(*target_name), - ALTS_HANDSHAKER_CLIENT_TEST_TARGET_NAME, - GRPC_SLICE_LENGTH(*target_name)) == 0); - GPR_ASSERT(GRPC_SLICE_LENGTH(*target_name) == - strlen(ALTS_HANDSHAKER_CLIENT_TEST_TARGET_NAME)); - GPR_ASSERT(validate_op(event, op, nops, true /* is_start */)); - grpc_gcp_handshaker_req_destroy(req); - return GRPC_CALL_OK; -} - -/** - * A mock grpc_caller used to check correct execution of server_start operation. - * It checks if the server_start handshaker request is populated with correct - * handshake_security_protocol, application_protocol, and record_protocol, and - * op is correctly populated. - */ -static grpc_call_error check_server_start_success(grpc_call* call, - const grpc_op* op, - size_t nops, void* tag) { - alts_tsi_event* event = static_cast<alts_tsi_event*>(tag); - grpc_gcp_handshaker_req* req = - deserialize_handshaker_req(SERVER_START_REQ, event->send_buffer); - const void* data = (static_cast<repeated_field*>( - req->server_start.application_protocols.arg)) - ->data; - GPR_ASSERT(data != nullptr); - grpc_slice* application_protocol = (grpc_slice*)data; - GPR_ASSERT(memcmp(GRPC_SLICE_START_PTR(*application_protocol), - ALTS_APPLICATION_PROTOCOL, - GRPC_SLICE_LENGTH(*application_protocol)) == 0); - GPR_ASSERT(req->server_start.handshake_parameters_count == 1); - GPR_ASSERT(req->server_start.handshake_parameters[0].key == - grpc_gcp_HandshakeProtocol_ALTS); - data = (static_cast<repeated_field*>(req->server_start.handshake_parameters[0] - .value.record_protocols.arg)) - ->data; - GPR_ASSERT(data != nullptr); - grpc_slice* record_protocol = (grpc_slice*)data; - GPR_ASSERT(memcmp(GRPC_SLICE_START_PTR(*record_protocol), - ALTS_RECORD_PROTOCOL, - GRPC_SLICE_LENGTH(*record_protocol)) == 0); - validate_rpc_protocol_versions(&req->server_start.rpc_versions); - GPR_ASSERT(validate_op(event, op, nops, true /* is_start */)); - grpc_gcp_handshaker_req_destroy(req); - return GRPC_CALL_OK; -} - -/** - * A mock grpc_caller used to check correct execution of next operation. It - * checks if the next handshaker request is populated with correct information, - * and op is correctly populated. - */ -static grpc_call_error check_next_success(grpc_call* call, const grpc_op* op, - size_t nops, void* tag) { - alts_tsi_event* event = static_cast<alts_tsi_event*>(tag); - grpc_gcp_handshaker_req* req = - deserialize_handshaker_req(NEXT_REQ, event->send_buffer); - grpc_slice* in_bytes = static_cast<grpc_slice*>(req->next.in_bytes.arg); - GPR_ASSERT(in_bytes != nullptr); - GPR_ASSERT(memcmp(GRPC_SLICE_START_PTR(*in_bytes), - ALTS_HANDSHAKER_CLIENT_TEST_OUT_FRAME, - GRPC_SLICE_LENGTH(*in_bytes)) == 0); - GPR_ASSERT(validate_op(event, op, nops, false /* is_start */)); - grpc_gcp_handshaker_req_destroy(req); - return GRPC_CALL_OK; -} -/** - * A mock grpc_caller used to check if client_start, server_start, and next - * operations correctly handle the situation when the grpc call made to the - * handshaker service fails. - */ -static grpc_call_error check_grpc_call_failure(grpc_call* call, - const grpc_op* op, size_t nops, - void* tag) { - return GRPC_CALL_ERROR; -} - -static alts_handshaker_client_test_config* create_config() { - alts_handshaker_client_test_config* config = - static_cast<alts_handshaker_client_test_config*>( - gpr_zalloc(sizeof(*config))); - config->channel = grpc_insecure_channel_create( - ALTS_HANDSHAKER_CLIENT_TEST_HANDSHAKER_SERVICE_URL, nullptr, nullptr); - config->cq = grpc_completion_queue_create_for_next(nullptr); - config->client = alts_grpc_handshaker_client_create( - config->channel, config->cq, - ALTS_HANDSHAKER_CLIENT_TEST_HANDSHAKER_SERVICE_URL); - GPR_ASSERT(config->client != nullptr); - config->out_frame = - grpc_slice_from_static_string(ALTS_HANDSHAKER_CLIENT_TEST_OUT_FRAME); - return config; -} - -static void destroy_config(alts_handshaker_client_test_config* config) { - if (config == nullptr) { - return; - } - grpc_completion_queue_destroy(config->cq); - grpc_channel_destroy(config->channel); - alts_handshaker_client_destroy(config->client); - grpc_slice_unref(config->out_frame); - gpr_free(config); -} - -static void schedule_request_invalid_arg_test() { - /* Initialization. */ - alts_handshaker_client_test_config* config = create_config(); - alts_tsi_event* event = nullptr; - - /* Tests. */ - alts_handshaker_client_set_grpc_caller_for_testing(config->client, - check_must_not_be_called); - event = alts_tsi_event_create_for_testing(true /* is_client */); - /* Check client_start. */ - GPR_ASSERT(alts_handshaker_client_start_client(nullptr, event) == - TSI_INVALID_ARGUMENT); - GPR_ASSERT(alts_handshaker_client_start_client(config->client, nullptr) == - TSI_INVALID_ARGUMENT); - - /* Check server_start. */ - GPR_ASSERT(alts_handshaker_client_start_server( - config->client, event, nullptr) == TSI_INVALID_ARGUMENT); - GPR_ASSERT(alts_handshaker_client_start_server(config->client, nullptr, - &config->out_frame) == - TSI_INVALID_ARGUMENT); - GPR_ASSERT(alts_handshaker_client_start_server( - nullptr, event, &config->out_frame) == TSI_INVALID_ARGUMENT); - - /* Check next. */ - GPR_ASSERT(alts_handshaker_client_next(config->client, event, nullptr) == - TSI_INVALID_ARGUMENT); - GPR_ASSERT(alts_handshaker_client_next(config->client, nullptr, - &config->out_frame) == - TSI_INVALID_ARGUMENT); - GPR_ASSERT(alts_handshaker_client_next(nullptr, event, &config->out_frame) == - TSI_INVALID_ARGUMENT); - - /* Cleanup. */ - alts_tsi_event_destroy(event); - destroy_config(config); -} - -static void schedule_request_success_test() { - /* Initialization. */ - alts_handshaker_client_test_config* config = create_config(); - alts_tsi_event* event = nullptr; - - /* Check client_start success. */ - alts_handshaker_client_set_grpc_caller_for_testing( - config->client, check_client_start_success); - event = alts_tsi_event_create_for_testing(true /* is_client. */); - GPR_ASSERT(alts_handshaker_client_start_client(config->client, event) == - TSI_OK); - alts_tsi_event_destroy(event); - - /* Check server_start success. */ - alts_handshaker_client_set_grpc_caller_for_testing( - config->client, check_server_start_success); - event = alts_tsi_event_create_for_testing(false /* is_client. */); - GPR_ASSERT(alts_handshaker_client_start_server(config->client, event, - &config->out_frame) == TSI_OK); - alts_tsi_event_destroy(event); - - /* Check next success. */ - alts_handshaker_client_set_grpc_caller_for_testing(config->client, - check_next_success); - event = alts_tsi_event_create_for_testing(true /* is_client. */); - GPR_ASSERT(alts_handshaker_client_next(config->client, event, - &config->out_frame) == TSI_OK); - alts_tsi_event_destroy(event); - - /* Cleanup. */ - destroy_config(config); -} - -static void schedule_request_grpc_call_failure_test() { - /* Initialization. */ - alts_handshaker_client_test_config* config = create_config(); - alts_tsi_event* event = nullptr; - - /* Check client_start failure. */ - alts_handshaker_client_set_grpc_caller_for_testing(config->client, - check_grpc_call_failure); - event = alts_tsi_event_create_for_testing(true /* is_client. */); - GPR_ASSERT(alts_handshaker_client_start_client(config->client, event) == - TSI_INTERNAL_ERROR); - alts_tsi_event_destroy(event); - - /* Check server_start failure. */ - event = alts_tsi_event_create_for_testing(false /* is_client. */); - GPR_ASSERT(alts_handshaker_client_start_server(config->client, event, - &config->out_frame) == - TSI_INTERNAL_ERROR); - alts_tsi_event_destroy(event); - - /* Check next failure. */ - event = alts_tsi_event_create_for_testing(true /* is_cleint. */); - GPR_ASSERT( - alts_handshaker_client_next(config->client, event, &config->out_frame) == - TSI_INTERNAL_ERROR); - alts_tsi_event_destroy(event); - - /* Cleanup. */ - destroy_config(config); -} - -int main(int argc, char** argv) { - /* Initialization. */ - grpc_init(); - - /* Tests. */ - schedule_request_invalid_arg_test(); - schedule_request_success_test(); - schedule_request_grpc_call_failure_test(); - - /* Cleanup. */ - grpc_shutdown(); - return 0; -} diff --git a/test/core/tsi/alts/handshaker/alts_handshaker_service_api_test.cc b/test/core/tsi/alts/handshaker/alts_handshaker_service_api_test.cc deleted file mode 100644 index 3506264f52..0000000000 --- a/test/core/tsi/alts/handshaker/alts_handshaker_service_api_test.cc +++ /dev/null @@ -1,149 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <stdbool.h> -#include <stdio.h> -#include <stdlib.h> - -#include "test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.h" - -int main(int argc, char** argv) { - const char in_bytes[] = "HELLO GOOGLE!"; - const char out_frames[] = "HELLO WORLD!"; - const char key_data[] = "THIS IS KEY DATA."; - const char details[] = "DETAILS NEED TO BE POPULATED"; - const uint32_t max_rpc_version_major = 3; - const uint32_t max_rpc_version_minor = 2; - const uint32_t min_rpc_version_major = 2; - const uint32_t min_rpc_version_minor = 1; - - /* handshaker_req_next. */ - grpc_gcp_handshaker_req* req = grpc_gcp_handshaker_req_create(NEXT_REQ); - grpc_gcp_handshaker_req* decoded_req = - grpc_gcp_handshaker_decoded_req_create(NEXT_REQ); - GPR_ASSERT( - grpc_gcp_handshaker_req_set_in_bytes(req, in_bytes, strlen(in_bytes))); - grpc_slice encoded_req; - GPR_ASSERT(grpc_gcp_handshaker_req_encode(req, &encoded_req)); - GPR_ASSERT(grpc_gcp_handshaker_req_decode(encoded_req, decoded_req)); - GPR_ASSERT(grpc_gcp_handshaker_req_equals(req, decoded_req)); - grpc_gcp_handshaker_req_destroy(req); - grpc_gcp_handshaker_req_destroy(decoded_req); - grpc_slice_unref(encoded_req); - - /* handshaker_req_client_start. */ - req = grpc_gcp_handshaker_req_create(CLIENT_START_REQ); - decoded_req = grpc_gcp_handshaker_decoded_req_create(CLIENT_START_REQ); - GPR_ASSERT(grpc_gcp_handshaker_req_set_handshake_protocol( - req, grpc_gcp_HandshakeProtocol_TLS)); - GPR_ASSERT(grpc_gcp_handshaker_req_set_local_identity_hostname( - req, "www.google.com")); - GPR_ASSERT(grpc_gcp_handshaker_req_set_local_endpoint( - req, "2001:db8::8:800:200C:417a", 9876, grpc_gcp_NetworkProtocol_TCP)); - GPR_ASSERT(grpc_gcp_handshaker_req_set_remote_endpoint( - req, "2001:db8::bac5::fed0:84a2", 1234, grpc_gcp_NetworkProtocol_TCP)); - GPR_ASSERT(grpc_gcp_handshaker_req_add_application_protocol(req, "grpc")); - GPR_ASSERT(grpc_gcp_handshaker_req_add_application_protocol(req, "http2")); - GPR_ASSERT( - grpc_gcp_handshaker_req_add_record_protocol(req, "ALTSRP_GCM_AES256")); - GPR_ASSERT( - grpc_gcp_handshaker_req_add_record_protocol(req, "ALTSRP_GCM_AES384")); - GPR_ASSERT(grpc_gcp_handshaker_req_add_target_identity_service_account( - req, "foo@google.com")); - GPR_ASSERT(grpc_gcp_handshaker_req_set_target_name( - req, "google.example.library.service")); - GPR_ASSERT(grpc_gcp_handshaker_req_set_rpc_versions( - req, max_rpc_version_major, max_rpc_version_minor, min_rpc_version_major, - min_rpc_version_minor)); - GPR_ASSERT(grpc_gcp_handshaker_req_encode(req, &encoded_req)); - GPR_ASSERT(grpc_gcp_handshaker_req_decode(encoded_req, decoded_req)); - GPR_ASSERT(grpc_gcp_handshaker_req_equals(req, decoded_req)); - grpc_gcp_handshaker_req_destroy(req); - grpc_gcp_handshaker_req_destroy(decoded_req); - grpc_slice_unref(encoded_req); - - /* handshaker_req_server_start. */ - req = grpc_gcp_handshaker_req_create(SERVER_START_REQ); - decoded_req = grpc_gcp_handshaker_decoded_req_create(SERVER_START_REQ); - GPR_ASSERT(grpc_gcp_handshaker_req_add_application_protocol(req, "grpc")); - GPR_ASSERT(grpc_gcp_handshaker_req_add_application_protocol(req, "http2")); - GPR_ASSERT(grpc_gcp_handshaker_req_set_local_endpoint( - req, "2001:db8::8:800:200C:417a", 9876, grpc_gcp_NetworkProtocol_TCP)); - GPR_ASSERT(grpc_gcp_handshaker_req_set_remote_endpoint( - req, "2001:db8::bac5::fed0:84a2", 1234, grpc_gcp_NetworkProtocol_UDP)); - GPR_ASSERT( - grpc_gcp_handshaker_req_set_in_bytes(req, in_bytes, strlen(in_bytes))); - GPR_ASSERT(grpc_gcp_handshaker_req_param_add_record_protocol( - req, grpc_gcp_HandshakeProtocol_TLS, "ALTSRP_GCM_AES128")); - GPR_ASSERT(grpc_gcp_handshaker_req_param_add_local_identity_service_account( - req, grpc_gcp_HandshakeProtocol_TLS, "foo@google.com")); - GPR_ASSERT(grpc_gcp_handshaker_req_param_add_local_identity_hostname( - req, grpc_gcp_HandshakeProtocol_TLS, "yihuaz0.mtv.corp.google.com")); - GPR_ASSERT(grpc_gcp_handshaker_req_param_add_record_protocol( - req, grpc_gcp_HandshakeProtocol_ALTS, "ALTSRP_GCM_AES128")); - GPR_ASSERT(grpc_gcp_handshaker_req_param_add_local_identity_hostname( - req, grpc_gcp_HandshakeProtocol_ALTS, "www.amazon.com")); - GPR_ASSERT(grpc_gcp_handshaker_req_set_rpc_versions( - req, max_rpc_version_major, max_rpc_version_minor, min_rpc_version_major, - min_rpc_version_minor)); - - GPR_ASSERT(grpc_gcp_handshaker_req_encode(req, &encoded_req)); - GPR_ASSERT(grpc_gcp_handshaker_req_decode(encoded_req, decoded_req)); - GPR_ASSERT(grpc_gcp_handshaker_req_equals(req, decoded_req)); - grpc_gcp_handshaker_req_destroy(req); - grpc_gcp_handshaker_req_destroy(decoded_req); - grpc_slice_unref(encoded_req); - - /* handshaker_resp. */ - grpc_gcp_handshaker_resp* resp = grpc_gcp_handshaker_resp_create(); - grpc_gcp_handshaker_resp* decoded_resp = grpc_gcp_handshaker_resp_create(); - GPR_ASSERT(grpc_gcp_handshaker_resp_set_out_frames(resp, out_frames, - strlen(out_frames))); - GPR_ASSERT(grpc_gcp_handshaker_resp_set_bytes_consumed(resp, 1024)); - GPR_ASSERT(grpc_gcp_handshaker_resp_set_application_protocol(resp, "http")); - GPR_ASSERT( - grpc_gcp_handshaker_resp_set_record_protocol(resp, "ALTSRP_GCM_AES128")); - GPR_ASSERT( - grpc_gcp_handshaker_resp_set_key_data(resp, key_data, strlen(key_data))); - GPR_ASSERT(grpc_gcp_handshaker_resp_set_local_identity_hostname( - resp, "www.faceboook.com")); - GPR_ASSERT(grpc_gcp_handshaker_resp_set_peer_identity_hostname( - resp, "www.amazon.com")); - GPR_ASSERT(grpc_gcp_handshaker_resp_set_channel_open( - resp, false /* channel_open */)); - GPR_ASSERT(grpc_gcp_handshaker_resp_set_code(resp, 1023)); - GPR_ASSERT(grpc_gcp_handshaker_resp_set_details(resp, details)); - GPR_ASSERT(grpc_gcp_handshaker_resp_set_peer_rpc_versions( - resp, max_rpc_version_major, max_rpc_version_minor, min_rpc_version_major, - min_rpc_version_minor)); - grpc_slice encoded_resp; - GPR_ASSERT(grpc_gcp_handshaker_resp_encode(resp, &encoded_resp)); - GPR_ASSERT(grpc_gcp_handshaker_resp_decode(encoded_resp, decoded_resp)); - GPR_ASSERT(grpc_gcp_handshaker_resp_equals(resp, decoded_resp)); - grpc_gcp_handshaker_resp_destroy(resp); - grpc_gcp_handshaker_resp_destroy(decoded_resp); - grpc_slice_unref(encoded_resp); - /* Test invalid arguments. */ - GPR_ASSERT(!grpc_gcp_handshaker_req_set_in_bytes(nullptr, in_bytes, - strlen(in_bytes))); - GPR_ASSERT(!grpc_gcp_handshaker_req_param_add_record_protocol( - req, grpc_gcp_HandshakeProtocol_TLS, nullptr)); - GPR_ASSERT(!grpc_gcp_handshaker_req_param_add_local_identity_service_account( - nullptr, grpc_gcp_HandshakeProtocol_TLS, nullptr)); - GPR_ASSERT(!grpc_gcp_handshaker_resp_set_record_protocol(nullptr, nullptr)); -} diff --git a/test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.cc b/test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.cc deleted file mode 100644 index ecca04defa..0000000000 --- a/test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.cc +++ /dev/null @@ -1,642 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include "test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.h" - -const size_t kHandshakeProtocolNum = 3; - -grpc_gcp_handshaker_req* grpc_gcp_handshaker_decoded_req_create( - grpc_gcp_handshaker_req_type type) { - grpc_gcp_handshaker_req* req = - static_cast<grpc_gcp_handshaker_req*>(gpr_zalloc(sizeof(*req))); - switch (type) { - case CLIENT_START_REQ: - req->has_client_start = true; - req->client_start.target_identities.funcs.decode = - decode_repeated_identity_cb; - req->client_start.application_protocols.funcs.decode = - decode_repeated_string_cb; - req->client_start.record_protocols.funcs.decode = - decode_repeated_string_cb; - req->client_start.local_identity.hostname.funcs.decode = - decode_string_or_bytes_cb; - req->client_start.local_identity.service_account.funcs.decode = - decode_string_or_bytes_cb; - req->client_start.local_endpoint.ip_address.funcs.decode = - decode_string_or_bytes_cb; - req->client_start.remote_endpoint.ip_address.funcs.decode = - decode_string_or_bytes_cb; - req->client_start.target_name.funcs.decode = decode_string_or_bytes_cb; - break; - case SERVER_START_REQ: - req->has_server_start = true; - req->server_start.application_protocols.funcs.decode = - &decode_repeated_string_cb; - for (size_t i = 0; i < kHandshakeProtocolNum; i++) { - req->server_start.handshake_parameters[i] - .value.local_identities.funcs.decode = &decode_repeated_identity_cb; - req->server_start.handshake_parameters[i] - .value.record_protocols.funcs.decode = &decode_repeated_string_cb; - } - req->server_start.in_bytes.funcs.decode = decode_string_or_bytes_cb; - req->server_start.local_endpoint.ip_address.funcs.decode = - decode_string_or_bytes_cb; - req->server_start.remote_endpoint.ip_address.funcs.decode = - decode_string_or_bytes_cb; - break; - case NEXT_REQ: - req->has_next = true; - break; - } - return req; -} - -bool grpc_gcp_handshaker_resp_set_application_protocol( - grpc_gcp_handshaker_resp* resp, const char* application_protocol) { - if (resp == nullptr || application_protocol == nullptr) { - gpr_log(GPR_ERROR, - "Invalid nullptr arguments to " - "handshaker_resp_set_application_protocol()."); - return false; - } - resp->has_result = true; - grpc_slice* slice = - create_slice(application_protocol, strlen(application_protocol)); - resp->result.application_protocol.arg = slice; - resp->result.application_protocol.funcs.encode = encode_string_or_bytes_cb; - return true; -} - -bool grpc_gcp_handshaker_resp_set_record_protocol( - grpc_gcp_handshaker_resp* resp, const char* record_protocol) { - if (resp == nullptr || record_protocol == nullptr) { - gpr_log(GPR_ERROR, - "Invalid nullptr arguments to " - "handshaker_resp_set_record_protocol()."); - return false; - } - resp->has_result = true; - grpc_slice* slice = create_slice(record_protocol, strlen(record_protocol)); - resp->result.record_protocol.arg = slice; - resp->result.record_protocol.funcs.encode = encode_string_or_bytes_cb; - return true; -} - -bool grpc_gcp_handshaker_resp_set_key_data(grpc_gcp_handshaker_resp* resp, - const char* key_data, size_t size) { - if (resp == nullptr || key_data == nullptr) { - gpr_log(GPR_ERROR, - "Invalid nullptr arguments to handshaker_resp_set_key_data()."); - return false; - } - resp->has_result = true; - grpc_slice* slice = create_slice(key_data, size); - resp->result.key_data.arg = slice; - resp->result.key_data.funcs.encode = encode_string_or_bytes_cb; - return true; -} - -static void set_identity_hostname(grpc_gcp_identity* identity, - const char* hostname) { - grpc_slice* slice = create_slice(hostname, strlen(hostname)); - identity->hostname.arg = slice; - identity->hostname.funcs.encode = encode_string_or_bytes_cb; -} - -static void set_identity_service_account(grpc_gcp_identity* identity, - const char* service_account) { - grpc_slice* slice = create_slice(service_account, strlen(service_account)); - identity->service_account.arg = slice; - identity->service_account.funcs.encode = encode_string_or_bytes_cb; -} - -bool grpc_gcp_handshaker_resp_set_local_identity_hostname( - grpc_gcp_handshaker_resp* resp, const char* hostname) { - if (resp == nullptr || hostname == nullptr) { - gpr_log(GPR_ERROR, - "Invalid nullptr arguments to " - "grpc_gcp_handshaker_resp_set_local_identity_hostname()."); - return false; - } - resp->has_result = true; - resp->result.has_local_identity = true; - set_identity_hostname(&resp->result.local_identity, hostname); - return true; -} - -bool grpc_gcp_handshaker_resp_set_local_identity_service_account( - grpc_gcp_handshaker_resp* resp, const char* service_account) { - if (resp == nullptr || service_account == nullptr) { - gpr_log(GPR_ERROR, - "Invalid nullptr arguments to " - "grpc_gcp_handshaker_resp_set_local_identity_service_account()."); - return false; - } - resp->has_result = true; - resp->result.has_local_identity = true; - set_identity_service_account(&resp->result.local_identity, service_account); - return true; -} - -bool grpc_gcp_handshaker_resp_set_peer_identity_hostname( - grpc_gcp_handshaker_resp* resp, const char* hostname) { - if (resp == nullptr || hostname == nullptr) { - gpr_log(GPR_ERROR, - "Invalid nullptr arguments to " - "grpc_gcp_handshaker_resp_set_peer_identity_hostname()."); - return false; - } - resp->has_result = true; - resp->result.has_peer_identity = true; - set_identity_hostname(&resp->result.peer_identity, hostname); - return true; -} - -bool grpc_gcp_handshaker_resp_set_peer_identity_service_account( - grpc_gcp_handshaker_resp* resp, const char* service_account) { - if (resp == nullptr || service_account == nullptr) { - gpr_log(GPR_ERROR, - "Invalid nullptr arguments to " - "grpc_gcp_handshaker_resp_set_peer_identity_service_account()."); - return false; - } - resp->has_result = true; - resp->result.has_peer_identity = true; - set_identity_service_account(&resp->result.peer_identity, service_account); - return true; -} - -bool grpc_gcp_handshaker_resp_set_channel_open(grpc_gcp_handshaker_resp* resp, - bool keep_channel_open) { - if (resp == nullptr) { - gpr_log(GPR_ERROR, - "Invalid nullptr argument to " - "grpc_gcp_handshaker_resp_set_channel_open()."); - return false; - } - resp->has_result = true; - resp->result.has_keep_channel_open = true; - resp->result.keep_channel_open = keep_channel_open; - return true; -} - -bool grpc_gcp_handshaker_resp_set_code(grpc_gcp_handshaker_resp* resp, - uint32_t code) { - if (resp == nullptr) { - gpr_log(GPR_ERROR, - "Invalid nullptr argument to grpc_gcp_handshaker_resp_set_code()."); - return false; - } - resp->has_status = true; - resp->status.has_code = true; - resp->status.code = code; - return true; -} - -bool grpc_gcp_handshaker_resp_set_details(grpc_gcp_handshaker_resp* resp, - const char* details) { - if (resp == nullptr || details == nullptr) { - gpr_log( - GPR_ERROR, - "Invalid nullptr arguments to grpc_gcp_handshaker_resp_set_details()."); - return false; - } - resp->has_status = true; - grpc_slice* slice = create_slice(details, strlen(details)); - resp->status.details.arg = slice; - resp->status.details.funcs.encode = encode_string_or_bytes_cb; - return true; -} - -bool grpc_gcp_handshaker_resp_set_out_frames(grpc_gcp_handshaker_resp* resp, - const char* out_frames, - size_t size) { - if (resp == nullptr || out_frames == nullptr) { - gpr_log(GPR_ERROR, - "Invalid nullptr arguments to " - "grpc_gcp_handshaker_resp_set_out_frames()."); - return false; - } - grpc_slice* slice = create_slice(out_frames, size); - resp->out_frames.arg = slice; - resp->out_frames.funcs.encode = encode_string_or_bytes_cb; - return true; -} - -bool grpc_gcp_handshaker_resp_set_bytes_consumed(grpc_gcp_handshaker_resp* resp, - int32_t bytes_consumed) { - if (resp == nullptr) { - gpr_log(GPR_ERROR, - "Invalid nullptr argument to " - "grpc_gcp_handshaker_resp_set_bytes_consumed()."); - return false; - } - resp->has_bytes_consumed = true; - resp->bytes_consumed = bytes_consumed; - return true; -} - -bool grpc_gcp_handshaker_resp_set_peer_rpc_versions( - grpc_gcp_handshaker_resp* resp, uint32_t max_major, uint32_t max_minor, - uint32_t min_major, uint32_t min_minor) { - if (resp == nullptr) { - gpr_log(GPR_ERROR, - "Invalid nullptr argument to " - "grpc_gcp_handshaker_resp_set_peer_rpc_versions()."); - return false; - } - resp->has_result = true; - resp->result.has_peer_rpc_versions = true; - grpc_gcp_rpc_protocol_versions* versions = &resp->result.peer_rpc_versions; - versions->has_max_rpc_version = true; - versions->has_min_rpc_version = true; - versions->max_rpc_version.has_major = true; - versions->max_rpc_version.has_minor = true; - versions->min_rpc_version.has_major = true; - versions->min_rpc_version.has_minor = true; - versions->max_rpc_version.major = max_major; - versions->max_rpc_version.minor = max_minor; - versions->min_rpc_version.major = min_major; - versions->min_rpc_version.minor = min_minor; - return true; -} - -bool grpc_gcp_handshaker_resp_encode(grpc_gcp_handshaker_resp* resp, - grpc_slice* slice) { - if (resp == nullptr || slice == nullptr) { - gpr_log(GPR_ERROR, - "Invalid nullptr arguments to grpc_gcp_handshaker_resp_encode()."); - return false; - } - pb_ostream_t size_stream; - memset(&size_stream, 0, sizeof(pb_ostream_t)); - if (!pb_encode(&size_stream, grpc_gcp_HandshakerResp_fields, resp)) { - gpr_log(GPR_ERROR, "nanopb error: %s", PB_GET_ERROR(&size_stream)); - return false; - } - size_t encoded_length = size_stream.bytes_written; - *slice = grpc_slice_malloc(encoded_length); - pb_ostream_t output_stream = - pb_ostream_from_buffer(GRPC_SLICE_START_PTR(*slice), encoded_length); - if (!pb_encode(&output_stream, grpc_gcp_HandshakerResp_fields, resp)) { - gpr_log(GPR_ERROR, "nanopb error: %s", PB_GET_ERROR(&size_stream)); - return false; - } - return true; -} - -bool grpc_gcp_handshaker_req_decode(grpc_slice slice, - grpc_gcp_handshaker_req* req) { - if (req == nullptr) { - gpr_log(GPR_ERROR, - "Invalid nullptr argument to grpc_gcp_handshaker_req_decode()."); - return false; - } - pb_istream_t stream = pb_istream_from_buffer(GRPC_SLICE_START_PTR(slice), - GRPC_SLICE_LENGTH(slice)); - req->next.in_bytes.funcs.decode = decode_string_or_bytes_cb; - if (!pb_decode(&stream, grpc_gcp_HandshakerReq_fields, req)) { - gpr_log(GPR_ERROR, "nanopb error: %s", PB_GET_ERROR(&stream)); - return false; - } - return true; -} - -/* Check equality of a pair of grpc_slice fields. */ -static bool slice_equals(grpc_slice* l_slice, grpc_slice* r_slice) { - if (l_slice == nullptr && r_slice == nullptr) { - return true; - } - if (l_slice != nullptr && r_slice != nullptr) { - return grpc_slice_eq(*l_slice, *r_slice); - } - return false; -} - -/* Check equality of a pair of grpc_gcp_identity fields. */ -static bool handshaker_identity_equals(const grpc_gcp_identity* l_id, - const grpc_gcp_identity* r_id) { - if (!((l_id->hostname.arg != nullptr) != (r_id->hostname.arg != nullptr))) { - if (l_id->hostname.arg != nullptr) { - return slice_equals(static_cast<grpc_slice*>(l_id->hostname.arg), - static_cast<grpc_slice*>(r_id->hostname.arg)); - } - } else { - return false; - } - if (!((l_id->service_account.arg != nullptr) != - (r_id->service_account.arg != nullptr))) { - if (l_id->service_account.arg != nullptr) { - return slice_equals(static_cast<grpc_slice*>(l_id->service_account.arg), - static_cast<grpc_slice*>(r_id->service_account.arg)); - } - } else { - return false; - } - return true; -} - -static bool handshaker_rpc_versions_equals( - const grpc_gcp_rpc_protocol_versions* l_version, - const grpc_gcp_rpc_protocol_versions* r_version) { - bool result = true; - result &= - (l_version->max_rpc_version.major == r_version->max_rpc_version.major); - result &= - (l_version->max_rpc_version.minor == r_version->max_rpc_version.minor); - result &= - (l_version->min_rpc_version.major == r_version->min_rpc_version.major); - result &= - (l_version->min_rpc_version.minor == r_version->min_rpc_version.minor); - return result; -} - -/* Check equality of a pair of grpc_gcp_endpoint fields. */ -static bool handshaker_endpoint_equals(const grpc_gcp_endpoint* l_end, - const grpc_gcp_endpoint* r_end) { - bool result = true; - result &= (l_end->port == r_end->port); - result &= (l_end->protocol == r_end->protocol); - if (!((l_end->ip_address.arg != nullptr) != - (r_end->ip_address.arg != nullptr))) { - if (l_end->ip_address.arg != nullptr) { - result &= slice_equals(static_cast<grpc_slice*>(l_end->ip_address.arg), - static_cast<grpc_slice*>(r_end->ip_address.arg)); - } - } else { - return false; - } - return result; -} -/** - * Check if a specific repeated field (i.e., target) is contained in a repeated - * field list (i.e., head). - */ -static bool repeated_field_list_contains_identity( - const repeated_field* head, const repeated_field* target) { - repeated_field* field = const_cast<repeated_field*>(head); - while (field != nullptr) { - if (handshaker_identity_equals( - static_cast<const grpc_gcp_identity*>(field->data), - static_cast<const grpc_gcp_identity*>(target->data))) { - return true; - } - field = field->next; - } - return false; -} - -static bool repeated_field_list_contains_string(const repeated_field* head, - const repeated_field* target) { - repeated_field* field = const_cast<repeated_field*>(head); - while (field != nullptr) { - if (slice_equals((grpc_slice*)field->data, (grpc_slice*)target->data)) { - return true; - } - field = field->next; - } - return false; -} - -/* Return a length of repeated field list. */ -static size_t repeated_field_list_get_length(const repeated_field* head) { - repeated_field* field = const_cast<repeated_field*>(head); - size_t len = 0; - while (field != nullptr) { - len++; - field = field->next; - } - return len; -} - -/** - * Check if a pair of repeated field lists contain the same set of repeated - * fields. - */ -static bool repeated_field_list_equals_identity(const repeated_field* l_head, - const repeated_field* r_head) { - if (repeated_field_list_get_length(l_head) != - repeated_field_list_get_length(r_head)) { - return false; - } - repeated_field* field = const_cast<repeated_field*>(l_head); - repeated_field* head = const_cast<repeated_field*>(r_head); - while (field != nullptr) { - if (!repeated_field_list_contains_identity(head, field)) { - return false; - } - field = field->next; - } - return true; -} - -static bool repeated_field_list_equals_string(const repeated_field* l_head, - const repeated_field* r_head) { - if (repeated_field_list_get_length(l_head) != - repeated_field_list_get_length(r_head)) { - return false; - } - repeated_field* field = const_cast<repeated_field*>(l_head); - repeated_field* head = const_cast<repeated_field*>(r_head); - while (field != nullptr) { - if (!repeated_field_list_contains_string(head, field)) { - return false; - } - field = field->next; - } - return true; -} - -/* Check equality of a pair of ALTS client_start handshake requests. */ -bool grpc_gcp_handshaker_client_start_req_equals( - grpc_gcp_start_client_handshake_req* l_req, - grpc_gcp_start_client_handshake_req* r_req) { - bool result = true; - /* Compare handshake_security_protocol. */ - result &= - l_req->handshake_security_protocol == r_req->handshake_security_protocol; - /* Compare application_protocols, record_protocols, and target_identities. */ - result &= repeated_field_list_equals_string( - static_cast<const repeated_field*>(l_req->application_protocols.arg), - static_cast<const repeated_field*>(r_req->application_protocols.arg)); - result &= repeated_field_list_equals_string( - static_cast<const repeated_field*>(l_req->record_protocols.arg), - static_cast<const repeated_field*>(r_req->record_protocols.arg)); - result &= repeated_field_list_equals_identity( - static_cast<const repeated_field*>(l_req->target_identities.arg), - static_cast<const repeated_field*>(r_req->target_identities.arg)); - if ((l_req->has_local_identity ^ r_req->has_local_identity) | - (l_req->has_local_endpoint ^ r_req->has_local_endpoint) | - ((l_req->has_remote_endpoint ^ r_req->has_remote_endpoint)) | - (l_req->has_rpc_versions ^ r_req->has_rpc_versions)) { - return false; - } - /* Compare local_identity, local_endpoint, and remote_endpoint. */ - if (l_req->has_local_identity) { - result &= handshaker_identity_equals(&l_req->local_identity, - &r_req->local_identity); - } - if (l_req->has_local_endpoint) { - result &= handshaker_endpoint_equals(&l_req->local_endpoint, - &r_req->local_endpoint); - } - if (l_req->has_remote_endpoint) { - result &= handshaker_endpoint_equals(&l_req->remote_endpoint, - &r_req->remote_endpoint); - } - if (l_req->has_rpc_versions) { - result &= handshaker_rpc_versions_equals(&l_req->rpc_versions, - &r_req->rpc_versions); - } - return result; -} - -/* Check equality of a pair of ALTS server_start handshake requests. */ -bool grpc_gcp_handshaker_server_start_req_equals( - grpc_gcp_start_server_handshake_req* l_req, - grpc_gcp_start_server_handshake_req* r_req) { - bool result = true; - /* Compare application_protocols. */ - result &= repeated_field_list_equals_string( - static_cast<const repeated_field*>(l_req->application_protocols.arg), - static_cast<const repeated_field*>(r_req->application_protocols.arg)); - /* Compare handshake_parameters. */ - size_t i = 0, j = 0; - result &= - (l_req->handshake_parameters_count == r_req->handshake_parameters_count); - for (i = 0; i < l_req->handshake_parameters_count; i++) { - bool found = false; - for (j = 0; j < r_req->handshake_parameters_count; j++) { - if (l_req->handshake_parameters[i].key == - r_req->handshake_parameters[j].key) { - found = true; - result &= repeated_field_list_equals_string( - static_cast<const repeated_field*>( - l_req->handshake_parameters[i].value.record_protocols.arg), - static_cast<const repeated_field*>( - r_req->handshake_parameters[j].value.record_protocols.arg)); - result &= repeated_field_list_equals_identity( - static_cast<const repeated_field*>( - l_req->handshake_parameters[i].value.local_identities.arg), - static_cast<const repeated_field*>( - r_req->handshake_parameters[j].value.local_identities.arg)); - } - } - if (!found) { - return false; - } - } - /* Compare in_bytes, local_endpoint, remote_endpoint. */ - result &= slice_equals(static_cast<grpc_slice*>(l_req->in_bytes.arg), - static_cast<grpc_slice*>(r_req->in_bytes.arg)); - if ((l_req->has_local_endpoint ^ r_req->has_local_endpoint) | - (l_req->has_remote_endpoint ^ r_req->has_remote_endpoint) | - (l_req->has_rpc_versions ^ r_req->has_rpc_versions)) - return false; - if (l_req->has_local_endpoint) { - result &= handshaker_endpoint_equals(&l_req->local_endpoint, - &r_req->local_endpoint); - } - if (l_req->has_remote_endpoint) { - result &= handshaker_endpoint_equals(&l_req->remote_endpoint, - &r_req->remote_endpoint); - } - if (l_req->has_rpc_versions) { - result &= handshaker_rpc_versions_equals(&l_req->rpc_versions, - &r_req->rpc_versions); - } - return result; -} - -/* Check equality of a pair of ALTS handshake requests. */ -bool grpc_gcp_handshaker_req_equals(grpc_gcp_handshaker_req* l_req, - grpc_gcp_handshaker_req* r_req) { - if (l_req->has_next && r_req->has_next) { - return slice_equals(static_cast<grpc_slice*>(l_req->next.in_bytes.arg), - static_cast<grpc_slice*>(r_req->next.in_bytes.arg)); - } else if (l_req->has_client_start && r_req->has_client_start) { - return grpc_gcp_handshaker_client_start_req_equals(&l_req->client_start, - &r_req->client_start); - } else if (l_req->has_server_start && r_req->has_server_start) { - return grpc_gcp_handshaker_server_start_req_equals(&l_req->server_start, - &r_req->server_start); - } - return false; -} - -/* Check equality of a pair of ALTS handshake results. */ -bool grpc_gcp_handshaker_resp_result_equals( - grpc_gcp_handshaker_result* l_result, - grpc_gcp_handshaker_result* r_result) { - bool result = true; - /* Compare application_protocol, record_protocol, and key_data. */ - result &= slice_equals( - static_cast<grpc_slice*>(l_result->application_protocol.arg), - static_cast<grpc_slice*>(r_result->application_protocol.arg)); - result &= - slice_equals(static_cast<grpc_slice*>(l_result->record_protocol.arg), - static_cast<grpc_slice*>(r_result->record_protocol.arg)); - result &= slice_equals(static_cast<grpc_slice*>(l_result->key_data.arg), - static_cast<grpc_slice*>(r_result->key_data.arg)); - /* Compare local_identity, peer_identity, and keep_channel_open. */ - if ((l_result->has_local_identity ^ r_result->has_local_identity) | - (l_result->has_peer_identity ^ r_result->has_peer_identity) | - (l_result->has_peer_rpc_versions ^ r_result->has_peer_rpc_versions)) { - return false; - } - if (l_result->has_local_identity) { - result &= handshaker_identity_equals(&l_result->local_identity, - &r_result->local_identity); - } - if (l_result->has_peer_identity) { - result &= handshaker_identity_equals(&l_result->peer_identity, - &r_result->peer_identity); - } - if (l_result->has_peer_rpc_versions) { - result &= handshaker_rpc_versions_equals(&l_result->peer_rpc_versions, - &r_result->peer_rpc_versions); - } - result &= (l_result->keep_channel_open == r_result->keep_channel_open); - return result; -} - -/* Check equality of a pair of ALTS handshake responses. */ -bool grpc_gcp_handshaker_resp_equals(grpc_gcp_handshaker_resp* l_resp, - grpc_gcp_handshaker_resp* r_resp) { - bool result = true; - /* Compare out_frames and bytes_consumed. */ - result &= slice_equals(static_cast<grpc_slice*>(l_resp->out_frames.arg), - static_cast<grpc_slice*>(r_resp->out_frames.arg)); - result &= (l_resp->bytes_consumed == r_resp->bytes_consumed); - /* Compare result and status. */ - if ((l_resp->has_result ^ r_resp->has_result) | - (l_resp->has_status ^ r_resp->has_status)) { - return false; - } - if (l_resp->has_result) { - result &= grpc_gcp_handshaker_resp_result_equals(&l_resp->result, - &r_resp->result); - } - if (l_resp->has_status) { - result &= (l_resp->status.code == r_resp->status.code); - result &= - slice_equals(static_cast<grpc_slice*>(l_resp->status.details.arg), - static_cast<grpc_slice*>(r_resp->status.details.arg)); - } - return result; -} diff --git a/test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.h b/test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.h deleted file mode 100644 index 2fcbb4ea99..0000000000 --- a/test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.h +++ /dev/null @@ -1,143 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef GRPC_TEST_CORE_TSI_ALTS_HANDSHAKER_ALTS_HANDSHAKER_SERVICE_API_TEST_LIB_H -#define GRPC_TEST_CORE_TSI_ALTS_HANDSHAKER_ALTS_HANDSHAKER_SERVICE_API_TEST_LIB_H - -#include "src/core/tsi/alts/handshaker/alts_handshaker_service_api.h" -#include "src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h" -#include "src/core/tsi/alts/handshaker/transport_security_common_api.h" - -/** - * The first part of this file contains function signatures for de-serializing - * ALTS handshake requests and setting/serializing ALTS handshake responses, - * which simulate the behaviour of grpc server that runs ALTS handshaker - * service. - */ - -/** - * This method creates a ALTS handshaker request that is used to hold - * de-serialized result. - */ -grpc_gcp_handshaker_req* grpc_gcp_handshaker_decoded_req_create( - grpc_gcp_handshaker_req_type type); - -/* This method de-serializes a ALTS handshaker request. */ -bool grpc_gcp_handshaker_req_decode(grpc_slice slice, - grpc_gcp_handshaker_req* req); - -/* This method serializes a ALTS handshaker response. */ -bool grpc_gcp_handshaker_resp_encode(grpc_gcp_handshaker_resp* resp, - grpc_slice* slice); - -/* This method sets application protocol of ALTS handshaker response. */ -bool grpc_gcp_handshaker_resp_set_application_protocol( - grpc_gcp_handshaker_resp* resp, const char* application_protocol); - -/* This method sets record protocol of ALTS handshaker response. */ -bool grpc_gcp_handshaker_resp_set_record_protocol( - grpc_gcp_handshaker_resp* resp, const char* record_protocol); - -/* This method sets key_data of ALTS handshaker response. */ -bool grpc_gcp_handshaker_resp_set_key_data(grpc_gcp_handshaker_resp* resp, - const char* key_data, size_t size); - -/* This method sets local identity's hostname for ALTS handshaker response. */ -bool grpc_gcp_handshaker_resp_set_local_identity_hostname( - grpc_gcp_handshaker_resp* resp, const char* hostname); - -/** - * This method sets local identity's service account for ALTS handshaker - * response. - */ -bool grpc_gcp_handshaker_resp_set_local_identity_service_account( - grpc_gcp_handshaker_resp* resp, const char* service_account); - -/* This method sets peer identity's hostname for ALTS handshaker response. */ -bool grpc_gcp_handshaker_resp_set_peer_identity_hostname( - grpc_gcp_handshaker_resp* resp, const char* hostname); - -/** - * This method sets peer identity's service account for ALTS handshaker - * response. - */ -bool grpc_gcp_handshaker_resp_set_peer_identity_service_account( - grpc_gcp_handshaker_resp* resp, const char* service_account); - -/* This method sets keep_channel_open for ALTS handshaker response. */ -bool grpc_gcp_handshaker_resp_set_channel_open(grpc_gcp_handshaker_resp* resp, - bool keep_channel_open); - -/* This method sets code for ALTS handshaker response. */ -bool grpc_gcp_handshaker_resp_set_code(grpc_gcp_handshaker_resp* resp, - uint32_t code); - -/* This method sets details for ALTS handshaker response. */ -bool grpc_gcp_handshaker_resp_set_details(grpc_gcp_handshaker_resp* resp, - const char* details); - -/* This method sets out_frames for ALTS handshaker response. */ -bool grpc_gcp_handshaker_resp_set_out_frames(grpc_gcp_handshaker_resp* resp, - const char* out_frames, - size_t size); - -/* This method sets peer_rpc_versions for ALTS handshaker response. */ -bool grpc_gcp_handshaker_resp_set_peer_rpc_versions( - grpc_gcp_handshaker_resp* resp, uint32_t max_major, uint32_t max_minor, - uint32_t min_major, uint32_t min_minor); - -/* This method sets bytes_consumed for ALTS handshaker response. */ -bool grpc_gcp_handshaker_resp_set_bytes_consumed(grpc_gcp_handshaker_resp* resp, - int32_t bytes_consumed); - -/* This method serializes ALTS handshaker response. */ -bool grpc_gcp_handshaker_resp_encode(grpc_gcp_handshaker_resp* resp, - grpc_slice* slice); - -/* This method de-serializes ALTS handshaker request. */ -bool grpc_gcp_handshaker_req_decode(grpc_slice slice, - grpc_gcp_handshaker_req* req); - -/** - * The second part contains function signatures for checking equality of a pair - * of ALTS handshake requests/responses. - */ - -/* This method checks equality of two client_start handshaker requests. */ -bool grpc_gcp_handshaker_client_start_req_equals( - grpc_gcp_start_client_handshake_req* l_req, - grpc_gcp_start_client_handshake_req* r_req); - -/* This method checks equality of two server_start handshaker requests. */ -bool grpc_gcp_handshaker_server_start_req_equals( - grpc_gcp_start_server_handshake_req* l_req, - grpc_gcp_start_server_handshake_req* r_req); - -/* This method checks equality of two ALTS handshaker requests. */ -bool grpc_gcp_handshaker_req_equals(grpc_gcp_handshaker_req* l_req, - grpc_gcp_handshaker_req* r_req); - -/* This method checks equality of two handshaker response results. */ -bool grpc_gcp_handshaker_resp_result_equals( - grpc_gcp_handshaker_result* l_result, grpc_gcp_handshaker_result* r_result); - -/* This method checks equality of two ALTS handshaker responses. */ -bool grpc_gcp_handshaker_resp_equals(grpc_gcp_handshaker_resp* l_resp, - grpc_gcp_handshaker_resp* r_resp); - -#endif // GRPC_TEST_CORE_TSI_ALTS_HANDSHAKER_ALTS_HANDSHAKER_SERVICE_API_TEST_LIB_H diff --git a/test/core/tsi/alts/handshaker/alts_tsi_handshaker_test.cc b/test/core/tsi/alts/handshaker/alts_tsi_handshaker_test.cc deleted file mode 100644 index 95724f84f4..0000000000 --- a/test/core/tsi/alts/handshaker/alts_tsi_handshaker_test.cc +++ /dev/null @@ -1,682 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <stdio.h> -#include <stdlib.h> - -#include <grpc/grpc.h> -#include <grpc/support/sync.h> - -#include "src/core/lib/gprpp/thd.h" -#include "src/core/tsi/alts/handshaker/alts_handshaker_client.h" -#include "src/core/tsi/alts/handshaker/alts_tsi_event.h" -#include "src/core/tsi/alts/handshaker/alts_tsi_handshaker.h" -#include "src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h" -#include "test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.h" - -#define ALTS_TSI_HANDSHAKER_TEST_RECV_BYTES "Hello World" -#define ALTS_TSI_HANDSHAKER_TEST_OUT_FRAME "Hello Google" -#define ALTS_TSI_HANDSHAKER_TEST_CONSUMED_BYTES "Hello " -#define ALTS_TSI_HANDSHAKER_TEST_REMAIN_BYTES "Google" -#define ALTS_TSI_HANDSHAKER_TEST_PEER_IDENTITY "chapi@service.google.com" -#define ALTS_TSI_HANDSHAKER_TEST_KEY_DATA \ - "ABCDEFGHIJKLMNOPABCDEFGHIJKLMNOPABCDEFGHIJKL" -#define ALTS_TSI_HANDSHAKER_TEST_BUFFER_SIZE 100 -#define ALTS_TSI_HANDSHAKER_TEST_SLEEP_TIME_IN_SECONDS 2 -#define ALTS_TSI_HANDSHAKER_TEST_MAX_RPC_VERSION_MAJOR 3 -#define ALTS_TSI_HANDSHAKER_TEST_MAX_RPC_VERSION_MINOR 2 -#define ALTS_TSI_HANDSHAKER_TEST_MIN_RPC_VERSION_MAJOR 2 -#define ALTS_TSI_HANDSHAKER_TEST_MIN_RPC_VERSION_MINOR 1 - -using grpc_core::internal:: - alts_tsi_handshaker_get_has_sent_start_message_for_testing; -using grpc_core::internal::alts_tsi_handshaker_get_is_client_for_testing; -using grpc_core::internal::alts_tsi_handshaker_get_recv_bytes_for_testing; -using grpc_core::internal::alts_tsi_handshaker_set_client_for_testing; -using grpc_core::internal::alts_tsi_handshaker_set_recv_bytes_for_testing; - -/* ALTS mock notification. */ -typedef struct notification { - gpr_cv cv; - gpr_mu mu; - bool notified; -} notification; - -/* ALTS mock handshaker client. */ -typedef struct alts_mock_handshaker_client { - alts_handshaker_client base; - bool used_for_success_test; -} alts_mock_handshaker_client; - -/* Type of ALTS handshaker response. */ -typedef enum { - INVALID, - FAILED, - CLIENT_START, - SERVER_START, - CLIENT_NEXT, - SERVER_NEXT, -} alts_handshaker_response_type; - -static alts_tsi_event* client_start_event; -static alts_tsi_event* client_next_event; -static alts_tsi_event* server_start_event; -static alts_tsi_event* server_next_event; -static notification caller_to_tsi_notification; -static notification tsi_to_caller_notification; - -static void notification_init(notification* n) { - gpr_mu_init(&n->mu); - gpr_cv_init(&n->cv); - n->notified = false; -} - -static void notification_destroy(notification* n) { - gpr_mu_destroy(&n->mu); - gpr_cv_destroy(&n->cv); -} - -static void signal(notification* n) { - gpr_mu_lock(&n->mu); - n->notified = true; - gpr_cv_signal(&n->cv); - gpr_mu_unlock(&n->mu); -} - -static void wait(notification* n) { - gpr_mu_lock(&n->mu); - while (!n->notified) { - gpr_cv_wait(&n->cv, &n->mu, gpr_inf_future(GPR_CLOCK_REALTIME)); - } - n->notified = false; - gpr_mu_unlock(&n->mu); -} - -/** - * This method mocks ALTS handshaker service to generate handshaker response - * for a specific request. - */ -static grpc_byte_buffer* generate_handshaker_response( - alts_handshaker_response_type type) { - grpc_gcp_handshaker_resp* resp = grpc_gcp_handshaker_resp_create(); - GPR_ASSERT(grpc_gcp_handshaker_resp_set_code(resp, 0)); - switch (type) { - case INVALID: - break; - case CLIENT_START: - case SERVER_START: - GPR_ASSERT(grpc_gcp_handshaker_resp_set_out_frames( - resp, ALTS_TSI_HANDSHAKER_TEST_OUT_FRAME, - strlen(ALTS_TSI_HANDSHAKER_TEST_OUT_FRAME))); - break; - case CLIENT_NEXT: - GPR_ASSERT(grpc_gcp_handshaker_resp_set_out_frames( - resp, ALTS_TSI_HANDSHAKER_TEST_OUT_FRAME, - strlen(ALTS_TSI_HANDSHAKER_TEST_OUT_FRAME))); - GPR_ASSERT(grpc_gcp_handshaker_resp_set_peer_identity_service_account( - resp, ALTS_TSI_HANDSHAKER_TEST_PEER_IDENTITY)); - GPR_ASSERT(grpc_gcp_handshaker_resp_set_bytes_consumed( - resp, strlen(ALTS_TSI_HANDSHAKER_TEST_CONSUMED_BYTES))); - GPR_ASSERT(grpc_gcp_handshaker_resp_set_key_data( - resp, ALTS_TSI_HANDSHAKER_TEST_KEY_DATA, - strlen(ALTS_TSI_HANDSHAKER_TEST_KEY_DATA))); - GPR_ASSERT(grpc_gcp_handshaker_resp_set_peer_rpc_versions( - resp, ALTS_TSI_HANDSHAKER_TEST_MAX_RPC_VERSION_MAJOR, - ALTS_TSI_HANDSHAKER_TEST_MAX_RPC_VERSION_MINOR, - ALTS_TSI_HANDSHAKER_TEST_MIN_RPC_VERSION_MAJOR, - ALTS_TSI_HANDSHAKER_TEST_MIN_RPC_VERSION_MINOR)); - break; - case SERVER_NEXT: - GPR_ASSERT(grpc_gcp_handshaker_resp_set_peer_identity_service_account( - resp, ALTS_TSI_HANDSHAKER_TEST_PEER_IDENTITY)); - GPR_ASSERT(grpc_gcp_handshaker_resp_set_bytes_consumed( - resp, strlen(ALTS_TSI_HANDSHAKER_TEST_OUT_FRAME))); - GPR_ASSERT(grpc_gcp_handshaker_resp_set_key_data( - resp, ALTS_TSI_HANDSHAKER_TEST_KEY_DATA, - strlen(ALTS_TSI_HANDSHAKER_TEST_KEY_DATA))); - GPR_ASSERT(grpc_gcp_handshaker_resp_set_peer_rpc_versions( - resp, ALTS_TSI_HANDSHAKER_TEST_MAX_RPC_VERSION_MAJOR, - ALTS_TSI_HANDSHAKER_TEST_MAX_RPC_VERSION_MINOR, - ALTS_TSI_HANDSHAKER_TEST_MIN_RPC_VERSION_MAJOR, - ALTS_TSI_HANDSHAKER_TEST_MIN_RPC_VERSION_MINOR)); - break; - case FAILED: - GPR_ASSERT( - grpc_gcp_handshaker_resp_set_code(resp, 3 /* INVALID ARGUMENT */)); - break; - } - grpc_slice slice; - GPR_ASSERT(grpc_gcp_handshaker_resp_encode(resp, &slice)); - if (type == INVALID) { - grpc_slice bad_slice = - grpc_slice_split_head(&slice, GRPC_SLICE_LENGTH(slice) - 1); - grpc_slice_unref(slice); - slice = grpc_slice_ref(bad_slice); - grpc_slice_unref(bad_slice); - } - grpc_byte_buffer* buffer = - grpc_raw_byte_buffer_create(&slice, 1 /* number of slices */); - grpc_slice_unref(slice); - grpc_gcp_handshaker_resp_destroy(resp); - return buffer; -} - -static void check_must_not_be_called(tsi_result status, void* user_data, - const unsigned char* bytes_to_send, - size_t bytes_to_send_size, - tsi_handshaker_result* result) { - GPR_ASSERT(0); -} - -static void on_client_start_success_cb(tsi_result status, void* user_data, - const unsigned char* bytes_to_send, - size_t bytes_to_send_size, - tsi_handshaker_result* result) { - GPR_ASSERT(status == TSI_OK); - GPR_ASSERT(user_data == nullptr); - GPR_ASSERT(bytes_to_send_size == strlen(ALTS_TSI_HANDSHAKER_TEST_OUT_FRAME)); - GPR_ASSERT(memcmp(bytes_to_send, ALTS_TSI_HANDSHAKER_TEST_OUT_FRAME, - bytes_to_send_size) == 0); - GPR_ASSERT(result == nullptr); - /* Validate peer identity. */ - tsi_peer peer; - GPR_ASSERT(tsi_handshaker_result_extract_peer(result, &peer) == - TSI_INVALID_ARGUMENT); - /* Validate frame protector. */ - tsi_frame_protector* protector = nullptr; - GPR_ASSERT(tsi_handshaker_result_create_frame_protector( - result, nullptr, &protector) == TSI_INVALID_ARGUMENT); - /* Validate unused bytes. */ - const unsigned char* unused_bytes = nullptr; - size_t unused_bytes_size = 0; - GPR_ASSERT(tsi_handshaker_result_get_unused_bytes(result, &unused_bytes, - &unused_bytes_size) == - TSI_INVALID_ARGUMENT); - signal(&tsi_to_caller_notification); -} - -static void on_server_start_success_cb(tsi_result status, void* user_data, - const unsigned char* bytes_to_send, - size_t bytes_to_send_size, - tsi_handshaker_result* result) { - GPR_ASSERT(status == TSI_OK); - GPR_ASSERT(user_data == nullptr); - GPR_ASSERT(bytes_to_send_size == strlen(ALTS_TSI_HANDSHAKER_TEST_OUT_FRAME)); - GPR_ASSERT(memcmp(bytes_to_send, ALTS_TSI_HANDSHAKER_TEST_OUT_FRAME, - bytes_to_send_size) == 0); - GPR_ASSERT(result == nullptr); - /* Validate peer identity. */ - tsi_peer peer; - GPR_ASSERT(tsi_handshaker_result_extract_peer(result, &peer) == - TSI_INVALID_ARGUMENT); - /* Validate frame protector. */ - tsi_frame_protector* protector = nullptr; - GPR_ASSERT(tsi_handshaker_result_create_frame_protector( - result, nullptr, &protector) == TSI_INVALID_ARGUMENT); - /* Validate unused bytes. */ - const unsigned char* unused_bytes = nullptr; - size_t unused_bytes_size = 0; - GPR_ASSERT(tsi_handshaker_result_get_unused_bytes(result, &unused_bytes, - &unused_bytes_size) == - TSI_INVALID_ARGUMENT); - signal(&tsi_to_caller_notification); -} - -static void on_client_next_success_cb(tsi_result status, void* user_data, - const unsigned char* bytes_to_send, - size_t bytes_to_send_size, - tsi_handshaker_result* result) { - GPR_ASSERT(status == TSI_OK); - GPR_ASSERT(user_data == nullptr); - GPR_ASSERT(bytes_to_send_size == strlen(ALTS_TSI_HANDSHAKER_TEST_OUT_FRAME)); - GPR_ASSERT(memcmp(bytes_to_send, ALTS_TSI_HANDSHAKER_TEST_OUT_FRAME, - bytes_to_send_size) == 0); - GPR_ASSERT(result != nullptr); - /* Validate peer identity. */ - tsi_peer peer; - GPR_ASSERT(tsi_handshaker_result_extract_peer(result, &peer) == TSI_OK); - GPR_ASSERT(peer.property_count == kTsiAltsNumOfPeerProperties); - GPR_ASSERT(memcmp(TSI_ALTS_CERTIFICATE_TYPE, peer.properties[0].value.data, - peer.properties[0].value.length) == 0); - GPR_ASSERT(memcmp(ALTS_TSI_HANDSHAKER_TEST_PEER_IDENTITY, - peer.properties[1].value.data, - peer.properties[1].value.length) == 0); - tsi_peer_destruct(&peer); - /* Validate unused bytes. */ - const unsigned char* bytes = nullptr; - size_t bytes_size = 0; - GPR_ASSERT(tsi_handshaker_result_get_unused_bytes(result, &bytes, - &bytes_size) == TSI_OK); - GPR_ASSERT(bytes_size == strlen(ALTS_TSI_HANDSHAKER_TEST_REMAIN_BYTES)); - GPR_ASSERT(memcmp(bytes, ALTS_TSI_HANDSHAKER_TEST_REMAIN_BYTES, bytes_size) == - 0); - /* Validate frame protector. */ - tsi_frame_protector* protector = nullptr; - GPR_ASSERT(tsi_handshaker_result_create_frame_protector( - result, nullptr, &protector) == TSI_OK); - GPR_ASSERT(protector != nullptr); - tsi_frame_protector_destroy(protector); - tsi_handshaker_result_destroy(result); - signal(&tsi_to_caller_notification); -} - -static void on_server_next_success_cb(tsi_result status, void* user_data, - const unsigned char* bytes_to_send, - size_t bytes_to_send_size, - tsi_handshaker_result* result) { - GPR_ASSERT(status == TSI_OK); - GPR_ASSERT(user_data == nullptr); - GPR_ASSERT(bytes_to_send_size == 0); - GPR_ASSERT(bytes_to_send == nullptr); - GPR_ASSERT(result != nullptr); - /* Validate peer identity. */ - tsi_peer peer; - GPR_ASSERT(tsi_handshaker_result_extract_peer(result, &peer) == TSI_OK); - GPR_ASSERT(peer.property_count == kTsiAltsNumOfPeerProperties); - GPR_ASSERT(memcmp(TSI_ALTS_CERTIFICATE_TYPE, peer.properties[0].value.data, - peer.properties[0].value.length) == 0); - GPR_ASSERT(memcmp(ALTS_TSI_HANDSHAKER_TEST_PEER_IDENTITY, - peer.properties[1].value.data, - peer.properties[1].value.length) == 0); - tsi_peer_destruct(&peer); - /* Validate unused bytes. */ - const unsigned char* bytes = nullptr; - size_t bytes_size = 0; - GPR_ASSERT(tsi_handshaker_result_get_unused_bytes(result, &bytes, - &bytes_size) == TSI_OK); - GPR_ASSERT(bytes_size == 0); - GPR_ASSERT(bytes == nullptr); - /* Validate frame protector. */ - tsi_frame_protector* protector = nullptr; - GPR_ASSERT(tsi_handshaker_result_create_frame_protector( - result, nullptr, &protector) == TSI_OK); - GPR_ASSERT(protector != nullptr); - tsi_frame_protector_destroy(protector); - tsi_handshaker_result_destroy(result); - signal(&tsi_to_caller_notification); -} - -static tsi_result mock_client_start(alts_handshaker_client* self, - alts_tsi_event* event) { - alts_mock_handshaker_client* client = - reinterpret_cast<alts_mock_handshaker_client*>(self); - if (!client->used_for_success_test) { - alts_tsi_event_destroy(event); - return TSI_INTERNAL_ERROR; - } - GPR_ASSERT(event->cb == on_client_start_success_cb); - GPR_ASSERT(event->user_data == nullptr); - GPR_ASSERT(!alts_tsi_handshaker_get_has_sent_start_message_for_testing( - event->handshaker)); - /* Populate handshaker response for client_start request. */ - event->recv_buffer = generate_handshaker_response(CLIENT_START); - client_start_event = event; - signal(&caller_to_tsi_notification); - return TSI_OK; -} - -static tsi_result mock_server_start(alts_handshaker_client* self, - alts_tsi_event* event, - grpc_slice* bytes_received) { - alts_mock_handshaker_client* client = - reinterpret_cast<alts_mock_handshaker_client*>(self); - if (!client->used_for_success_test) { - alts_tsi_event_destroy(event); - return TSI_INTERNAL_ERROR; - } - GPR_ASSERT(event->cb == on_server_start_success_cb); - GPR_ASSERT(event->user_data == nullptr); - grpc_slice slice = grpc_empty_slice(); - GPR_ASSERT(grpc_slice_cmp(*bytes_received, slice) == 0); - GPR_ASSERT(!alts_tsi_handshaker_get_has_sent_start_message_for_testing( - event->handshaker)); - /* Populate handshaker response for server_start request. */ - event->recv_buffer = generate_handshaker_response(SERVER_START); - server_start_event = event; - grpc_slice_unref(slice); - signal(&caller_to_tsi_notification); - return TSI_OK; -} - -static tsi_result mock_next(alts_handshaker_client* self, alts_tsi_event* event, - grpc_slice* bytes_received) { - alts_mock_handshaker_client* client = - reinterpret_cast<alts_mock_handshaker_client*>(self); - if (!client->used_for_success_test) { - alts_tsi_event_destroy(event); - return TSI_INTERNAL_ERROR; - } - bool is_client = - alts_tsi_handshaker_get_is_client_for_testing(event->handshaker); - if (is_client) { - GPR_ASSERT(event->cb == on_client_next_success_cb); - } else { - GPR_ASSERT(event->cb == on_server_next_success_cb); - } - GPR_ASSERT(event->user_data == nullptr); - GPR_ASSERT(bytes_received != nullptr); - GPR_ASSERT(memcmp(GRPC_SLICE_START_PTR(*bytes_received), - ALTS_TSI_HANDSHAKER_TEST_RECV_BYTES, - GRPC_SLICE_LENGTH(*bytes_received)) == 0); - GPR_ASSERT(grpc_slice_cmp(alts_tsi_handshaker_get_recv_bytes_for_testing( - event->handshaker), - *bytes_received) == 0); - GPR_ASSERT(alts_tsi_handshaker_get_has_sent_start_message_for_testing( - event->handshaker)); - /* Populate handshaker response for next request. */ - grpc_slice out_frame = - grpc_slice_from_static_string(ALTS_TSI_HANDSHAKER_TEST_OUT_FRAME); - if (is_client) { - event->recv_buffer = generate_handshaker_response(CLIENT_NEXT); - } else { - event->recv_buffer = generate_handshaker_response(SERVER_NEXT); - } - alts_tsi_handshaker_set_recv_bytes_for_testing(event->handshaker, &out_frame); - if (is_client) { - client_next_event = event; - } else { - server_next_event = event; - } - signal(&caller_to_tsi_notification); - grpc_slice_unref(out_frame); - return TSI_OK; -} - -static void mock_destruct(alts_handshaker_client* client) {} - -static const alts_handshaker_client_vtable vtable = { - mock_client_start, mock_server_start, mock_next, mock_destruct}; - -static alts_handshaker_client* alts_mock_handshaker_client_create( - bool used_for_success_test) { - alts_mock_handshaker_client* client = - static_cast<alts_mock_handshaker_client*>(gpr_zalloc(sizeof(*client))); - client->base.vtable = &vtable; - client->used_for_success_test = used_for_success_test; - return &client->base; -} - -static tsi_handshaker* create_test_handshaker(bool used_for_success_test, - bool is_client) { - tsi_handshaker* handshaker = nullptr; - alts_handshaker_client* client = - alts_mock_handshaker_client_create(used_for_success_test); - grpc_alts_credentials_options* options = - grpc_alts_credentials_client_options_create(); - alts_tsi_handshaker_create(options, "target_name", "lame", is_client, - &handshaker); - alts_tsi_handshaker* alts_handshaker = - reinterpret_cast<alts_tsi_handshaker*>(handshaker); - alts_tsi_handshaker_set_client_for_testing(alts_handshaker, client); - grpc_alts_credentials_options_destroy(options); - return handshaker; -} - -static void check_handshaker_next_invalid_input() { - /* Initialization. */ - tsi_handshaker* handshaker = create_test_handshaker(true, true); - /* Check nullptr handshaker. */ - GPR_ASSERT(tsi_handshaker_next(nullptr, nullptr, 0, nullptr, nullptr, nullptr, - check_must_not_be_called, - nullptr) == TSI_INVALID_ARGUMENT); - /* Check nullptr callback. */ - GPR_ASSERT(tsi_handshaker_next(handshaker, nullptr, 0, nullptr, nullptr, - nullptr, nullptr, - nullptr) == TSI_INVALID_ARGUMENT); - /* Cleanup. */ - tsi_handshaker_destroy(handshaker); -} - -static void check_handshaker_next_success() { - /** - * Create handshakers for which internal mock client is going to do - * correctness check. - */ - tsi_handshaker* client_handshaker = create_test_handshaker( - true /* used_for_success_test */, true /* is_client */); - tsi_handshaker* server_handshaker = create_test_handshaker( - true /* used_for_success_test */, false /* is_client */); - /* Client start. */ - GPR_ASSERT(tsi_handshaker_next(client_handshaker, nullptr, 0, nullptr, - nullptr, nullptr, on_client_start_success_cb, - nullptr) == TSI_ASYNC); - wait(&tsi_to_caller_notification); - /* Client next. */ - GPR_ASSERT(tsi_handshaker_next( - client_handshaker, - (const unsigned char*)ALTS_TSI_HANDSHAKER_TEST_RECV_BYTES, - strlen(ALTS_TSI_HANDSHAKER_TEST_RECV_BYTES), nullptr, nullptr, - nullptr, on_client_next_success_cb, nullptr) == TSI_ASYNC); - wait(&tsi_to_caller_notification); - /* Server start. */ - GPR_ASSERT(tsi_handshaker_next(server_handshaker, nullptr, 0, nullptr, - nullptr, nullptr, on_server_start_success_cb, - nullptr) == TSI_ASYNC); - wait(&tsi_to_caller_notification); - /* Server next. */ - GPR_ASSERT(tsi_handshaker_next( - server_handshaker, - (const unsigned char*)ALTS_TSI_HANDSHAKER_TEST_RECV_BYTES, - strlen(ALTS_TSI_HANDSHAKER_TEST_RECV_BYTES), nullptr, nullptr, - nullptr, on_server_next_success_cb, nullptr) == TSI_ASYNC); - wait(&tsi_to_caller_notification); - /* Cleanup. */ - tsi_handshaker_destroy(server_handshaker); - tsi_handshaker_destroy(client_handshaker); -} - -static void check_handshaker_next_failure() { - /** - * Create handshakers for which internal mock client is always going to fail. - */ - tsi_handshaker* client_handshaker = create_test_handshaker( - false /* used_for_success_test */, true /* is_client */); - tsi_handshaker* server_handshaker = create_test_handshaker( - false /* used_for_success_test */, false /* is_client */); - /* Client start. */ - GPR_ASSERT(tsi_handshaker_next(client_handshaker, nullptr, 0, nullptr, - nullptr, nullptr, check_must_not_be_called, - nullptr) == TSI_INTERNAL_ERROR); - /* Server start. */ - GPR_ASSERT(tsi_handshaker_next(server_handshaker, nullptr, 0, nullptr, - nullptr, nullptr, check_must_not_be_called, - nullptr) == TSI_INTERNAL_ERROR); - /* Server next. */ - GPR_ASSERT(tsi_handshaker_next( - server_handshaker, - (const unsigned char*)ALTS_TSI_HANDSHAKER_TEST_RECV_BYTES, - strlen(ALTS_TSI_HANDSHAKER_TEST_RECV_BYTES), nullptr, nullptr, - nullptr, check_must_not_be_called, - nullptr) == TSI_INTERNAL_ERROR); - /* Client next. */ - GPR_ASSERT(tsi_handshaker_next( - client_handshaker, - (const unsigned char*)ALTS_TSI_HANDSHAKER_TEST_RECV_BYTES, - strlen(ALTS_TSI_HANDSHAKER_TEST_RECV_BYTES), nullptr, nullptr, - nullptr, check_must_not_be_called, - nullptr) == TSI_INTERNAL_ERROR); - /* Cleanup. */ - tsi_handshaker_destroy(server_handshaker); - tsi_handshaker_destroy(client_handshaker); -} - -static void on_invalid_input_cb(tsi_result status, void* user_data, - const unsigned char* bytes_to_send, - size_t bytes_to_send_size, - tsi_handshaker_result* result) { - GPR_ASSERT(status == TSI_INTERNAL_ERROR); - GPR_ASSERT(user_data == nullptr); - GPR_ASSERT(bytes_to_send == nullptr); - GPR_ASSERT(bytes_to_send_size == 0); - GPR_ASSERT(result == nullptr); -} - -static void on_failed_grpc_call_cb(tsi_result status, void* user_data, - const unsigned char* bytes_to_send, - size_t bytes_to_send_size, - tsi_handshaker_result* result) { - GPR_ASSERT(status == TSI_INTERNAL_ERROR); - GPR_ASSERT(user_data == nullptr); - GPR_ASSERT(bytes_to_send == nullptr); - GPR_ASSERT(bytes_to_send_size == 0); - GPR_ASSERT(result == nullptr); -} - -static void check_handle_response_invalid_input() { - /** - * Create a handshaker at the client side, for which internal mock client is - * always going to fail. - */ - tsi_handshaker* handshaker = create_test_handshaker( - false /* used_for_success_test */, true /* is_client */); - alts_tsi_handshaker* alts_handshaker = - reinterpret_cast<alts_tsi_handshaker*>(handshaker); - grpc_byte_buffer recv_buffer; - /* Check nullptr handshaker. */ - alts_tsi_handshaker_handle_response(nullptr, &recv_buffer, GRPC_STATUS_OK, - nullptr, on_invalid_input_cb, nullptr, - true); - /* Check nullptr recv_bytes. */ - alts_tsi_handshaker_handle_response(alts_handshaker, nullptr, GRPC_STATUS_OK, - nullptr, on_invalid_input_cb, nullptr, - true); - /* Check failed grpc call made to handshaker service. */ - alts_tsi_handshaker_handle_response(alts_handshaker, &recv_buffer, - GRPC_STATUS_UNKNOWN, nullptr, - on_failed_grpc_call_cb, nullptr, true); - - alts_tsi_handshaker_handle_response(alts_handshaker, &recv_buffer, - GRPC_STATUS_OK, nullptr, - on_failed_grpc_call_cb, nullptr, false); - - /* Cleanup. */ - tsi_handshaker_destroy(handshaker); -} - -static void on_invalid_resp_cb(tsi_result status, void* user_data, - const unsigned char* bytes_to_send, - size_t bytes_to_send_size, - tsi_handshaker_result* result) { - GPR_ASSERT(status == TSI_DATA_CORRUPTED); - GPR_ASSERT(user_data == nullptr); - GPR_ASSERT(bytes_to_send == nullptr); - GPR_ASSERT(bytes_to_send_size == 0); - GPR_ASSERT(result == nullptr); -} - -static void check_handle_response_invalid_resp() { - /** - * Create a handshaker at the client side, for which internal mock client is - * always going to fail. - */ - tsi_handshaker* handshaker = create_test_handshaker( - false /* used_for_success_test */, true /* is_client */); - alts_tsi_handshaker* alts_handshaker = - reinterpret_cast<alts_tsi_handshaker*>(handshaker); - /* Tests. */ - grpc_byte_buffer* recv_buffer = generate_handshaker_response(INVALID); - alts_tsi_handshaker_handle_response(alts_handshaker, recv_buffer, - GRPC_STATUS_OK, nullptr, - on_invalid_resp_cb, nullptr, true); - /* Cleanup. */ - grpc_byte_buffer_destroy(recv_buffer); - tsi_handshaker_destroy(handshaker); -} - -static void check_handle_response_success(void* unused) { - /* Client start. */ - wait(&caller_to_tsi_notification); - alts_tsi_event_dispatch_to_handshaker(client_start_event, true /* is_ok */); - alts_tsi_event_destroy(client_start_event); - /* Client next. */ - wait(&caller_to_tsi_notification); - alts_tsi_event_dispatch_to_handshaker(client_next_event, true /* is_ok */); - alts_tsi_event_destroy(client_next_event); - /* Server start. */ - wait(&caller_to_tsi_notification); - alts_tsi_event_dispatch_to_handshaker(server_start_event, true /* is_ok */); - alts_tsi_event_destroy(server_start_event); - /* Server next. */ - wait(&caller_to_tsi_notification); - alts_tsi_event_dispatch_to_handshaker(server_next_event, true /* is_ok */); - alts_tsi_event_destroy(server_next_event); -} - -static void on_failed_resp_cb(tsi_result status, void* user_data, - const unsigned char* bytes_to_send, - size_t bytes_to_send_size, - tsi_handshaker_result* result) { - GPR_ASSERT(status == TSI_INVALID_ARGUMENT); - GPR_ASSERT(user_data == nullptr); - GPR_ASSERT(bytes_to_send == nullptr); - GPR_ASSERT(bytes_to_send_size == 0); - GPR_ASSERT(result == nullptr); -} - -static void check_handle_response_failure() { - /** - * Create a handshaker at the client side, for which internal mock client is - * always going to fail. - */ - tsi_handshaker* handshaker = create_test_handshaker( - false /* used_for_success_test */, true /* is_client */); - alts_tsi_handshaker* alts_handshaker = - reinterpret_cast<alts_tsi_handshaker*>(handshaker); - /* Tests. */ - grpc_byte_buffer* recv_buffer = generate_handshaker_response(FAILED); - alts_tsi_handshaker_handle_response(alts_handshaker, recv_buffer, - GRPC_STATUS_OK, nullptr, - on_failed_resp_cb, nullptr, true); - grpc_byte_buffer_destroy(recv_buffer); - /* Cleanup. */ - tsi_handshaker_destroy(handshaker); -} - -void check_handshaker_success() { - /* Initialization. */ - notification_init(&caller_to_tsi_notification); - notification_init(&tsi_to_caller_notification); - client_start_event = nullptr; - client_next_event = nullptr; - server_start_event = nullptr; - server_next_event = nullptr; - /* Tests. */ - grpc_core::Thread thd("alts_tsi_handshaker_test", - &check_handle_response_success, nullptr); - thd.Start(); - check_handshaker_next_success(); - thd.Join(); - /* Cleanup. */ - notification_destroy(&caller_to_tsi_notification); - notification_destroy(&tsi_to_caller_notification); -} - -int main(int argc, char** argv) { - /* Initialization. */ - grpc_init(); - /* Tests. */ - check_handshaker_success(); - check_handshaker_next_invalid_input(); - check_handshaker_next_failure(); - check_handle_response_invalid_input(); - check_handle_response_invalid_resp(); - check_handle_response_failure(); - /* Cleanup. */ - grpc_shutdown(); - return 0; -} diff --git a/test/core/tsi/alts/handshaker/alts_tsi_utils_test.cc b/test/core/tsi/alts/handshaker/alts_tsi_utils_test.cc deleted file mode 100644 index 98c5d23641..0000000000 --- a/test/core/tsi/alts/handshaker/alts_tsi_utils_test.cc +++ /dev/null @@ -1,73 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include "src/core/tsi/alts/handshaker/alts_tsi_utils.h" -#include "test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.h" - -#define ALTS_TSI_UTILS_TEST_OUT_FRAME "Hello Google" - -static void convert_to_tsi_result_test() { - GPR_ASSERT(alts_tsi_utils_convert_to_tsi_result(GRPC_STATUS_OK) == TSI_OK); - GPR_ASSERT(alts_tsi_utils_convert_to_tsi_result(GRPC_STATUS_UNKNOWN) == - TSI_UNKNOWN_ERROR); - GPR_ASSERT(alts_tsi_utils_convert_to_tsi_result( - GRPC_STATUS_INVALID_ARGUMENT) == TSI_INVALID_ARGUMENT); - GPR_ASSERT(alts_tsi_utils_convert_to_tsi_result(GRPC_STATUS_OUT_OF_RANGE) == - TSI_UNKNOWN_ERROR); - GPR_ASSERT(alts_tsi_utils_convert_to_tsi_result(GRPC_STATUS_INTERNAL) == - TSI_INTERNAL_ERROR); - GPR_ASSERT(alts_tsi_utils_convert_to_tsi_result(GRPC_STATUS_NOT_FOUND) == - TSI_NOT_FOUND); -} - -static void deserialize_response_test() { - grpc_gcp_handshaker_resp* resp = grpc_gcp_handshaker_resp_create(); - GPR_ASSERT(grpc_gcp_handshaker_resp_set_out_frames( - resp, ALTS_TSI_UTILS_TEST_OUT_FRAME, - strlen(ALTS_TSI_UTILS_TEST_OUT_FRAME))); - grpc_slice slice; - GPR_ASSERT(grpc_gcp_handshaker_resp_encode(resp, &slice)); - - /* Valid serialization. */ - grpc_byte_buffer* buffer = - grpc_raw_byte_buffer_create(&slice, 1 /* number of slices */); - grpc_gcp_handshaker_resp* decoded_resp = - alts_tsi_utils_deserialize_response(buffer); - GPR_ASSERT(grpc_gcp_handshaker_resp_equals(resp, decoded_resp)); - grpc_byte_buffer_destroy(buffer); - - /* Invalid serializaiton. */ - grpc_slice bad_slice = - grpc_slice_split_head(&slice, GRPC_SLICE_LENGTH(slice) - 1); - buffer = grpc_raw_byte_buffer_create(&bad_slice, 1 /* number of slices */); - GPR_ASSERT(alts_tsi_utils_deserialize_response(buffer) == nullptr); - - /* Clean up. */ - grpc_slice_unref(slice); - grpc_slice_unref(bad_slice); - grpc_byte_buffer_destroy(buffer); - grpc_gcp_handshaker_resp_destroy(resp); - grpc_gcp_handshaker_resp_destroy(decoded_resp); -} - -int main(int argc, char** argv) { - /* Tests. */ - deserialize_response_test(); - convert_to_tsi_result_test(); - return 0; -} diff --git a/test/core/tsi/alts/handshaker/transport_security_common_api_test.cc b/test/core/tsi/alts/handshaker/transport_security_common_api_test.cc deleted file mode 100644 index 6ff1357c27..0000000000 --- a/test/core/tsi/alts/handshaker/transport_security_common_api_test.cc +++ /dev/null @@ -1,196 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <stdbool.h> -#include <stdio.h> -#include <stdlib.h> - -#include "src/core/tsi/alts/handshaker/transport_security_common_api.h" - -const size_t kMaxRpcVersionMajor = 3; -const size_t kMaxRpcVersionMinor = 2; -const size_t kMinRpcVersionMajor = 2; -const size_t kMinRpcVersionMinor = 1; - -static bool grpc_gcp_rpc_protocol_versions_equal( - grpc_gcp_rpc_protocol_versions* l_versions, - grpc_gcp_rpc_protocol_versions* r_versions) { - GPR_ASSERT(l_versions != nullptr && r_versions != nullptr); - if ((l_versions->has_max_rpc_version ^ r_versions->has_max_rpc_version) | - (l_versions->has_min_rpc_version ^ r_versions->has_min_rpc_version)) { - return false; - } - if (l_versions->has_max_rpc_version) { - if ((l_versions->max_rpc_version.major != - r_versions->max_rpc_version.major) || - (l_versions->max_rpc_version.minor != - r_versions->max_rpc_version.minor)) { - return false; - } - } - if (l_versions->has_min_rpc_version) { - if ((l_versions->min_rpc_version.major != - r_versions->min_rpc_version.major) || - (l_versions->min_rpc_version.minor != - r_versions->min_rpc_version.minor)) { - return false; - } - } - return true; -} - -static void test_success() { - grpc_gcp_rpc_protocol_versions version; - grpc_gcp_rpc_protocol_versions decoded_version; - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_max( - &version, kMaxRpcVersionMajor, kMaxRpcVersionMinor)); - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_min( - &version, kMinRpcVersionMajor, kMinRpcVersionMinor)); - /* Serializes to raw bytes. */ - size_t encoded_length = - grpc_gcp_rpc_protocol_versions_encode_length(&version); - uint8_t* encoded_bytes = static_cast<uint8_t*>(gpr_malloc(encoded_length)); - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_encode_to_raw_bytes( - &version, encoded_bytes, encoded_length)); - grpc_slice encoded_slice; - /* Serializes to grpc slice. */ - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_encode(&version, &encoded_slice)); - /* Checks serialized raw bytes and serialized grpc slice have same content. */ - GPR_ASSERT(encoded_length == GRPC_SLICE_LENGTH(encoded_slice)); - GPR_ASSERT(memcmp(encoded_bytes, GRPC_SLICE_START_PTR(encoded_slice), - encoded_length) == 0); - /* Deserializes and compares with the original version. */ - GPR_ASSERT( - grpc_gcp_rpc_protocol_versions_decode(encoded_slice, &decoded_version)); - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_equal(&version, &decoded_version)); - grpc_slice_unref(encoded_slice); - gpr_free(encoded_bytes); -} - -static void test_failure() { - grpc_gcp_rpc_protocol_versions version, decoded_version; - grpc_slice encoded_slice; - /* Test for invalid arguments. */ - GPR_ASSERT(!grpc_gcp_rpc_protocol_versions_set_max( - nullptr, kMaxRpcVersionMajor, kMaxRpcVersionMinor)); - GPR_ASSERT(!grpc_gcp_rpc_protocol_versions_set_min( - nullptr, kMinRpcVersionMajor, kMinRpcVersionMinor)); - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_encode_length(nullptr) == 0); - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_max( - &version, kMaxRpcVersionMajor, kMaxRpcVersionMinor)); - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_min( - &version, kMinRpcVersionMajor, kMinRpcVersionMinor)); - size_t encoded_length = - grpc_gcp_rpc_protocol_versions_encode_length(&version); - uint8_t* encoded_bytes = static_cast<uint8_t*>(gpr_malloc(encoded_length)); - GPR_ASSERT(!grpc_gcp_rpc_protocol_versions_encode_to_raw_bytes( - nullptr, encoded_bytes, encoded_length)); - GPR_ASSERT(!grpc_gcp_rpc_protocol_versions_encode_to_raw_bytes( - &version, nullptr, encoded_length)); - GPR_ASSERT(!grpc_gcp_rpc_protocol_versions_encode_to_raw_bytes( - &version, encoded_bytes, 0)); - GPR_ASSERT(!grpc_gcp_rpc_protocol_versions_encode(nullptr, &encoded_slice)); - GPR_ASSERT(!grpc_gcp_rpc_protocol_versions_encode(&version, nullptr)); - GPR_ASSERT(!grpc_gcp_rpc_protocol_versions_decode(encoded_slice, nullptr)); - /* Test for nanopb decode. */ - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_encode(&version, &encoded_slice)); - grpc_slice bad_slice = grpc_slice_split_head( - &encoded_slice, GRPC_SLICE_LENGTH(encoded_slice) - 1); - grpc_slice_unref(encoded_slice); - GPR_ASSERT( - !grpc_gcp_rpc_protocol_versions_decode(bad_slice, &decoded_version)); - grpc_slice_unref(bad_slice); - gpr_free(encoded_bytes); -} - -static void test_copy() { - grpc_gcp_rpc_protocol_versions src; - grpc_gcp_rpc_protocol_versions des; - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_max(&src, kMaxRpcVersionMajor, - kMaxRpcVersionMinor)); - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_min(&src, kMinRpcVersionMajor, - kMinRpcVersionMinor)); - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_copy(&src, &des)); - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_equal(&src, &des)); -} - -static void test_check_success() { - grpc_gcp_rpc_protocol_versions v1; - grpc_gcp_rpc_protocol_versions v2; - grpc_gcp_rpc_protocol_versions_version highest_common_version; - /* test equality. */ - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_max(&v1, kMaxRpcVersionMajor, - kMaxRpcVersionMinor)); - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_min(&v1, kMaxRpcVersionMajor, - kMaxRpcVersionMinor)); - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_max(&v2, kMaxRpcVersionMajor, - kMaxRpcVersionMinor)); - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_min(&v2, kMaxRpcVersionMajor, - kMaxRpcVersionMinor)); - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_check( - (const grpc_gcp_rpc_protocol_versions*)&v1, - (const grpc_gcp_rpc_protocol_versions*)&v2, - &highest_common_version) == 1); - GPR_ASSERT(grpc_core::internal::grpc_gcp_rpc_protocol_version_compare( - &highest_common_version, &v1.max_rpc_version) == 0); - - /* test inequality. */ - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_max(&v1, kMaxRpcVersionMajor, - kMaxRpcVersionMinor)); - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_min(&v1, kMinRpcVersionMinor, - kMinRpcVersionMinor)); - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_max(&v2, kMaxRpcVersionMajor, - kMinRpcVersionMinor)); - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_min(&v2, kMinRpcVersionMajor, - kMaxRpcVersionMinor)); - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_check( - (const grpc_gcp_rpc_protocol_versions*)&v1, - (const grpc_gcp_rpc_protocol_versions*)&v2, - &highest_common_version) == 1); - GPR_ASSERT(grpc_core::internal::grpc_gcp_rpc_protocol_version_compare( - &highest_common_version, &v2.max_rpc_version) == 0); -} - -static void test_check_failure() { - grpc_gcp_rpc_protocol_versions v1; - grpc_gcp_rpc_protocol_versions v2; - grpc_gcp_rpc_protocol_versions_version highest_common_version; - - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_max(&v1, kMinRpcVersionMajor, - kMinRpcVersionMinor)); - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_min(&v1, kMinRpcVersionMajor, - kMinRpcVersionMinor)); - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_max(&v2, kMaxRpcVersionMajor, - kMaxRpcVersionMinor)); - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_min(&v2, kMaxRpcVersionMajor, - kMaxRpcVersionMinor)); - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_check( - (const grpc_gcp_rpc_protocol_versions*)&v1, - (const grpc_gcp_rpc_protocol_versions*)&v2, - &highest_common_version) == 0); -} - -int main(int argc, char** argv) { - /* Run tests. */ - test_success(); - test_failure(); - test_copy(); - test_check_success(); - test_check_failure(); - return 0; -} diff --git a/test/core/tsi/alts/zero_copy_frame_protector/BUILD b/test/core/tsi/alts/zero_copy_frame_protector/BUILD deleted file mode 100644 index 80f4572d94..0000000000 --- a/test/core/tsi/alts/zero_copy_frame_protector/BUILD +++ /dev/null @@ -1,49 +0,0 @@ -# Copyright 2018 gRPC authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -load("//bazel:grpc_build_system.bzl", "grpc_cc_test", "grpc_package") - -licenses(["notice"]) # Apache v2 - -grpc_package(name = "zero_copy_frame_protector") - -grpc_cc_test( - name = "alts_grpc_record_protocol_test", - srcs = ["alts_grpc_record_protocol_test.cc"], - language = "C++", - deps = [ - "//:grpc", - "//test/core/tsi/alts/crypt:alts_crypt_test_util", - ], -) - -grpc_cc_test( - name = "alts_iovec_record_protocol_test", - srcs = ["alts_iovec_record_protocol_test.cc"], - language = "C++", - deps = [ - "//:grpc", - "//test/core/tsi/alts/crypt:alts_crypt_test_util", - ], -) - -grpc_cc_test( - name = "alts_zero_copy_grpc_protector_test", - srcs = ["alts_zero_copy_grpc_protector_test.cc"], - language = "C++", - deps = [ - "//:grpc", - "//test/core/tsi/alts/crypt:alts_crypt_test_util", - ], -) diff --git a/test/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_test.cc b/test/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_test.cc deleted file mode 100644 index fbbea71cb7..0000000000 --- a/test/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_test.cc +++ /dev/null @@ -1,449 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <grpc/support/alloc.h> -#include <grpc/support/log.h> - -#include "src/core/lib/slice/slice_internal.h" -#include "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h" -#include "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h" -#include "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h" -#include "src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h" -#include "test/core/tsi/alts/crypt/gsec_test_util.h" - -constexpr size_t kMaxSliceLength = 256; -constexpr size_t kMaxSlices = 10; -constexpr size_t kSealRepeatTimes = 5; -constexpr size_t kTagLength = 16; - -/* Test fixtures for each test cases. */ -struct alts_grpc_record_protocol_test_fixture { - alts_grpc_record_protocol* client_protect; - alts_grpc_record_protocol* client_unprotect; - alts_grpc_record_protocol* server_protect; - alts_grpc_record_protocol* server_unprotect; -}; - -/* Test input variables for protect/unprotect operations. */ -struct alts_grpc_record_protocol_test_var { - size_t header_length; - size_t tag_length; - grpc_slice_buffer original_sb; - grpc_slice_buffer duplicate_sb; - grpc_slice_buffer protected_sb; - grpc_slice_buffer unprotected_sb; -}; - -/* --- Test utility functions. --- */ - -static void create_random_slice_buffer(grpc_slice_buffer* sb) { - GPR_ASSERT(sb != nullptr); - size_t slice_count = gsec_test_bias_random_uint32(kMaxSlices) + 1; - for (size_t i = 0; i < slice_count; i++) { - size_t slice_length = gsec_test_bias_random_uint32(kMaxSliceLength) + 1; - grpc_slice slice = GRPC_SLICE_MALLOC(slice_length); - gsec_test_random_bytes(GRPC_SLICE_START_PTR(slice), slice_length); - grpc_slice_buffer_add(sb, slice); - } -} - -static uint8_t* pointer_to_nth_byte(grpc_slice_buffer* sb, size_t index) { - GPR_ASSERT(sb != nullptr); - GPR_ASSERT(index < sb->length); - for (size_t i = 0; i < sb->count; i++) { - if (index < GRPC_SLICE_LENGTH(sb->slices[i])) { - return GRPC_SLICE_START_PTR(sb->slices[i]) + index; - } else { - index -= GRPC_SLICE_LENGTH(sb->slices[i]); - } - } - return nullptr; -} - -/* Checks if two slice buffer contents are the same. It is not super efficient, - * but OK for testing. */ -static bool are_slice_buffers_equal(grpc_slice_buffer* first, - grpc_slice_buffer* second) { - GPR_ASSERT(first != nullptr); - GPR_ASSERT(second != nullptr); - if (first->length != second->length) { - return false; - } - for (size_t i = 0; i < first->length; i++) { - uint8_t* first_ptr = pointer_to_nth_byte(first, i); - uint8_t* second_ptr = pointer_to_nth_byte(second, i); - GPR_ASSERT(first_ptr != nullptr); - GPR_ASSERT(second_ptr != nullptr); - if ((*first_ptr) != (*second_ptr)) { - return false; - } - } - return true; -} - -static void alter_random_byte(grpc_slice_buffer* sb) { - GPR_ASSERT(sb != nullptr); - if (sb->length == 0) { - return; - } - uint32_t offset = - gsec_test_bias_random_uint32(static_cast<uint32_t>(sb->length)); - uint8_t* ptr = pointer_to_nth_byte(sb, offset); - (*ptr)++; -} - -static alts_grpc_record_protocol_test_fixture* -test_fixture_integrity_only_create(bool rekey) { - alts_grpc_record_protocol_test_fixture* fixture = - static_cast<alts_grpc_record_protocol_test_fixture*>( - gpr_zalloc(sizeof(alts_grpc_record_protocol_test_fixture))); - size_t key_length = rekey ? kAes128GcmRekeyKeyLength : kAes128GcmKeyLength; - uint8_t* key; - gsec_test_random_array(&key, key_length); - gsec_aead_crypter* crypter = nullptr; - - /* Create client record protocol for protect. */ - GPR_ASSERT(gsec_aes_gcm_aead_crypter_create( - key, key_length, kAesGcmNonceLength, kAesGcmTagLength, rekey, - &crypter, nullptr) == GRPC_STATUS_OK); - GPR_ASSERT(alts_grpc_integrity_only_record_protocol_create( - crypter, 8, /*is_client=*/true, /*is_protect=*/true, - &fixture->client_protect) == TSI_OK); - /* Create client record protocol for unprotect. */ - GPR_ASSERT(gsec_aes_gcm_aead_crypter_create( - key, key_length, kAesGcmNonceLength, kAesGcmTagLength, rekey, - &crypter, nullptr) == GRPC_STATUS_OK); - GPR_ASSERT(alts_grpc_integrity_only_record_protocol_create( - crypter, 8, /*is_client=*/true, /*is_protect=*/false, - &fixture->client_unprotect) == TSI_OK); - /* Create server record protocol for protect. */ - GPR_ASSERT(gsec_aes_gcm_aead_crypter_create( - key, key_length, kAesGcmNonceLength, kAesGcmTagLength, rekey, - &crypter, nullptr) == GRPC_STATUS_OK); - GPR_ASSERT(alts_grpc_integrity_only_record_protocol_create( - crypter, 8, /*is_client=*/false, /*is_protect=*/true, - &fixture->server_protect) == TSI_OK); - /* Create server record protocol for unprotect. */ - GPR_ASSERT(gsec_aes_gcm_aead_crypter_create( - key, key_length, kAesGcmNonceLength, kAesGcmTagLength, rekey, - &crypter, nullptr) == GRPC_STATUS_OK); - GPR_ASSERT(alts_grpc_integrity_only_record_protocol_create( - crypter, 8, /*is_client=*/false, /*is_protect=*/false, - &fixture->server_unprotect) == TSI_OK); - - gpr_free(key); - return fixture; -} - -static alts_grpc_record_protocol_test_fixture* -test_fixture_integrity_only_no_rekey_create() { - return test_fixture_integrity_only_create(false); -} - -static alts_grpc_record_protocol_test_fixture* -test_fixture_integrity_only_rekey_create() { - return test_fixture_integrity_only_create(true); -} - -static alts_grpc_record_protocol_test_fixture* -test_fixture_privacy_integrity_create(bool rekey) { - alts_grpc_record_protocol_test_fixture* fixture = - static_cast<alts_grpc_record_protocol_test_fixture*>( - gpr_zalloc(sizeof(alts_grpc_record_protocol_test_fixture))); - size_t key_length = rekey ? kAes128GcmRekeyKeyLength : kAes128GcmKeyLength; - uint8_t* key; - gsec_test_random_array(&key, key_length); - gsec_aead_crypter* crypter = nullptr; - - /* Create client record protocol for protect. */ - GPR_ASSERT(gsec_aes_gcm_aead_crypter_create( - key, key_length, kAesGcmNonceLength, kAesGcmTagLength, rekey, - &crypter, nullptr) == GRPC_STATUS_OK); - GPR_ASSERT(alts_grpc_privacy_integrity_record_protocol_create( - crypter, 8, /*is_client=*/true, /*is_protect=*/true, - &fixture->client_protect) == TSI_OK); - /* Create client record protocol for unprotect. */ - GPR_ASSERT(gsec_aes_gcm_aead_crypter_create( - key, key_length, kAesGcmNonceLength, kAesGcmTagLength, rekey, - &crypter, nullptr) == GRPC_STATUS_OK); - GPR_ASSERT(alts_grpc_privacy_integrity_record_protocol_create( - crypter, 8, /*is_client=*/true, /*is_protect=*/false, - &fixture->client_unprotect) == TSI_OK); - /* Create server record protocol for protect. */ - GPR_ASSERT(gsec_aes_gcm_aead_crypter_create( - key, key_length, kAesGcmNonceLength, kAesGcmTagLength, rekey, - &crypter, nullptr) == GRPC_STATUS_OK); - GPR_ASSERT(alts_grpc_privacy_integrity_record_protocol_create( - crypter, 8, /*is_client=*/false, /*is_protect=*/true, - &fixture->server_protect) == TSI_OK); - /* Create server record protocol for unprotect. */ - GPR_ASSERT(gsec_aes_gcm_aead_crypter_create( - key, key_length, kAesGcmNonceLength, kAesGcmTagLength, rekey, - &crypter, nullptr) == GRPC_STATUS_OK); - GPR_ASSERT(alts_grpc_privacy_integrity_record_protocol_create( - crypter, 8, /*is_client=*/false, /*is_protect=*/false, - &fixture->server_unprotect) == TSI_OK); - - gpr_free(key); - return fixture; -} - -static alts_grpc_record_protocol_test_fixture* -test_fixture_privacy_integrity_no_rekey_create() { - return test_fixture_privacy_integrity_create(false); -} - -static alts_grpc_record_protocol_test_fixture* -test_fixture_privacy_integrity_rekey_create() { - return test_fixture_privacy_integrity_create(true); -} - -static void alts_grpc_record_protocol_test_fixture_destroy( - alts_grpc_record_protocol_test_fixture* fixture) { - if (fixture == nullptr) { - return; - } - grpc_core::ExecCtx exec_ctx; - alts_grpc_record_protocol_destroy(fixture->client_protect); - alts_grpc_record_protocol_destroy(fixture->client_unprotect); - alts_grpc_record_protocol_destroy(fixture->server_protect); - alts_grpc_record_protocol_destroy(fixture->server_unprotect); - grpc_core::ExecCtx::Get()->Flush(); - gpr_free(fixture); -} - -static alts_grpc_record_protocol_test_var* -alts_grpc_record_protocol_test_var_create() { - alts_grpc_record_protocol_test_var* var = - static_cast<alts_grpc_record_protocol_test_var*>( - gpr_zalloc(sizeof(alts_grpc_record_protocol_test_var))); - var->header_length = alts_iovec_record_protocol_get_header_length(); - var->tag_length = kTagLength; - /* Initialized slice buffers. */ - grpc_slice_buffer_init(&var->original_sb); - grpc_slice_buffer_init(&var->duplicate_sb); - grpc_slice_buffer_init(&var->protected_sb); - grpc_slice_buffer_init(&var->unprotected_sb); - /* Randomly sets content of original_sb, and copies into duplicate_sb. */ - create_random_slice_buffer(&var->original_sb); - for (size_t i = 0; i < var->original_sb.count; i++) { - grpc_slice_buffer_add(&var->duplicate_sb, - grpc_slice_ref(var->original_sb.slices[i])); - } - return var; -} - -static void alts_grpc_record_protocol_test_var_destroy( - alts_grpc_record_protocol_test_var* var) { - if (var == nullptr) { - return; - } - grpc_slice_buffer_destroy_internal(&var->original_sb); - grpc_slice_buffer_destroy_internal(&var->duplicate_sb); - grpc_slice_buffer_destroy_internal(&var->protected_sb); - grpc_slice_buffer_destroy_internal(&var->unprotected_sb); - gpr_free(var); -} - -/* --- alts grpc record protocol tests. --- */ - -static void random_seal_unseal(alts_grpc_record_protocol* sender, - alts_grpc_record_protocol* receiver) { - grpc_core::ExecCtx exec_ctx; - for (size_t i = 0; i < kSealRepeatTimes; i++) { - alts_grpc_record_protocol_test_var* var = - alts_grpc_record_protocol_test_var_create(); - /* Seals and then unseals. */ - size_t data_length = var->original_sb.length; - tsi_result status = alts_grpc_record_protocol_protect( - sender, &var->original_sb, &var->protected_sb); - GPR_ASSERT(status == TSI_OK); - GPR_ASSERT(var->protected_sb.length == - data_length + var->header_length + var->tag_length); - status = alts_grpc_record_protocol_unprotect(receiver, &var->protected_sb, - &var->unprotected_sb); - GPR_ASSERT(status == TSI_OK); - GPR_ASSERT( - are_slice_buffers_equal(&var->unprotected_sb, &var->duplicate_sb)); - alts_grpc_record_protocol_test_var_destroy(var); - } - grpc_core::ExecCtx::Get()->Flush(); -} - -static void empty_seal_unseal(alts_grpc_record_protocol* sender, - alts_grpc_record_protocol* receiver) { - grpc_core::ExecCtx exec_ctx; - for (size_t i = 0; i < kSealRepeatTimes; i++) { - alts_grpc_record_protocol_test_var* var = - alts_grpc_record_protocol_test_var_create(); - /* Seals and then unseals empty payload. */ - grpc_slice_buffer_reset_and_unref_internal(&var->original_sb); - grpc_slice_buffer_reset_and_unref_internal(&var->duplicate_sb); - tsi_result status = alts_grpc_record_protocol_protect( - sender, &var->original_sb, &var->protected_sb); - GPR_ASSERT(status == TSI_OK); - GPR_ASSERT(var->protected_sb.length == - var->header_length + var->tag_length); - status = alts_grpc_record_protocol_unprotect(receiver, &var->protected_sb, - &var->unprotected_sb); - GPR_ASSERT(status == TSI_OK); - GPR_ASSERT( - are_slice_buffers_equal(&var->unprotected_sb, &var->duplicate_sb)); - alts_grpc_record_protocol_test_var_destroy(var); - } - grpc_core::ExecCtx::Get()->Flush(); -} - -static void unsync_seal_unseal(alts_grpc_record_protocol* sender, - alts_grpc_record_protocol* receiver) { - grpc_core::ExecCtx exec_ctx; - tsi_result status; - alts_grpc_record_protocol_test_var* var = - alts_grpc_record_protocol_test_var_create(); - /* Seals once. */ - status = alts_grpc_record_protocol_protect(sender, &var->original_sb, - &var->protected_sb); - GPR_ASSERT(status == TSI_OK); - grpc_slice_buffer_reset_and_unref_internal(&var->protected_sb); - /* Seals again. */ - status = alts_grpc_record_protocol_protect(sender, &var->duplicate_sb, - &var->protected_sb); - GPR_ASSERT(status == TSI_OK); - /* Unseals the second frame. */ - status = alts_grpc_record_protocol_unprotect(receiver, &var->protected_sb, - &var->unprotected_sb); - GPR_ASSERT(status == TSI_INTERNAL_ERROR); - alts_grpc_record_protocol_test_var_destroy(var); - grpc_core::ExecCtx::Get()->Flush(); -} - -static void corrupted_data(alts_grpc_record_protocol* sender, - alts_grpc_record_protocol* receiver) { - grpc_core::ExecCtx exec_ctx; - tsi_result status; - alts_grpc_record_protocol_test_var* var = - alts_grpc_record_protocol_test_var_create(); - /* Seals once. */ - status = alts_grpc_record_protocol_protect(sender, &var->original_sb, - &var->protected_sb); - GPR_ASSERT(status == TSI_OK); - /* Corrupts one byte in protected_sb and tries to unprotect. */ - alter_random_byte(&var->protected_sb); - status = alts_grpc_record_protocol_unprotect(receiver, &var->protected_sb, - &var->unprotected_sb); - GPR_ASSERT(status == TSI_INTERNAL_ERROR); - alts_grpc_record_protocol_test_var_destroy(var); - grpc_core::ExecCtx::Get()->Flush(); -} - -static void input_check(alts_grpc_record_protocol* rp) { - grpc_core::ExecCtx exec_ctx; - tsi_result status; - alts_grpc_record_protocol_test_var* var = - alts_grpc_record_protocol_test_var_create(); - /* Protects with nullptr input. */ - status = alts_grpc_record_protocol_protect(rp, nullptr, &var->protected_sb); - GPR_ASSERT(status == TSI_INVALID_ARGUMENT); - status = alts_grpc_record_protocol_protect(rp, &var->original_sb, nullptr); - GPR_ASSERT(status == TSI_INVALID_ARGUMENT); - /* Unprotects with nullptr input. */ - status = alts_grpc_record_protocol_protect(rp, &var->original_sb, - &var->protected_sb); - GPR_ASSERT(status == TSI_OK); - status = - alts_grpc_record_protocol_unprotect(rp, nullptr, &var->unprotected_sb); - GPR_ASSERT(status == TSI_INVALID_ARGUMENT); - status = alts_grpc_record_protocol_unprotect(rp, &var->protected_sb, nullptr); - GPR_ASSERT(status == TSI_INVALID_ARGUMENT); - /* Unprotects on a temporary slice buffer which length is smaller than header - * length plus tag length. */ - grpc_slice_buffer temp_sb; - grpc_slice_buffer_init(&temp_sb); - grpc_slice_buffer_move_first( - &var->protected_sb, var->header_length + var->tag_length - 1, &temp_sb); - status = - alts_grpc_record_protocol_unprotect(rp, &temp_sb, &var->unprotected_sb); - GPR_ASSERT(status == TSI_INVALID_ARGUMENT); - grpc_slice_buffer_destroy_internal(&temp_sb); - alts_grpc_record_protocol_test_var_destroy(var); - grpc_core::ExecCtx::Get()->Flush(); -} - -/* --- Test cases. --- */ - -static void alts_grpc_record_protocol_random_seal_unseal_tests( - alts_grpc_record_protocol_test_fixture* fixture) { - random_seal_unseal(fixture->client_protect, fixture->server_unprotect); - random_seal_unseal(fixture->server_protect, fixture->client_unprotect); -} - -static void alts_grpc_record_protocol_empty_seal_unseal_tests( - alts_grpc_record_protocol_test_fixture* fixture) { - empty_seal_unseal(fixture->client_protect, fixture->server_unprotect); - empty_seal_unseal(fixture->server_protect, fixture->client_unprotect); -} - -static void alts_grpc_record_protocol_unsync_seal_unseal_tests( - alts_grpc_record_protocol_test_fixture* fixture) { - unsync_seal_unseal(fixture->client_protect, fixture->server_unprotect); - unsync_seal_unseal(fixture->server_protect, fixture->client_unprotect); -} - -static void alts_grpc_record_protocol_corrupted_data_tests( - alts_grpc_record_protocol_test_fixture* fixture) { - corrupted_data(fixture->client_protect, fixture->server_unprotect); - corrupted_data(fixture->server_protect, fixture->client_unprotect); -} - -static void alts_grpc_record_protocol_input_check_tests( - alts_grpc_record_protocol_test_fixture* fixture) { - input_check(fixture->client_protect); -} - -static void alts_grpc_record_protocol_tests( - alts_grpc_record_protocol_test_fixture* (*fixture_create)()) { - auto* fixture_1 = fixture_create(); - alts_grpc_record_protocol_random_seal_unseal_tests(fixture_1); - alts_grpc_record_protocol_test_fixture_destroy(fixture_1); - - auto* fixture_2 = fixture_create(); - alts_grpc_record_protocol_empty_seal_unseal_tests(fixture_2); - alts_grpc_record_protocol_test_fixture_destroy(fixture_2); - - auto* fixture_3 = fixture_create(); - alts_grpc_record_protocol_unsync_seal_unseal_tests(fixture_3); - alts_grpc_record_protocol_test_fixture_destroy(fixture_3); - - auto* fixture_4 = fixture_create(); - alts_grpc_record_protocol_corrupted_data_tests(fixture_4); - alts_grpc_record_protocol_test_fixture_destroy(fixture_4); - - auto* fixture_5 = fixture_create(); - alts_grpc_record_protocol_input_check_tests(fixture_5); - alts_grpc_record_protocol_test_fixture_destroy(fixture_5); -} - -int main(int argc, char** argv) { - alts_grpc_record_protocol_tests(&test_fixture_integrity_only_no_rekey_create); - alts_grpc_record_protocol_tests(&test_fixture_integrity_only_rekey_create); - alts_grpc_record_protocol_tests( - &test_fixture_privacy_integrity_no_rekey_create); - alts_grpc_record_protocol_tests(&test_fixture_privacy_integrity_rekey_create); - - return 0; -} diff --git a/test/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol_test.cc b/test/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol_test.cc deleted file mode 100644 index db1934bbae..0000000000 --- a/test/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol_test.cc +++ /dev/null @@ -1,928 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <grpc/support/alloc.h> -#include <grpc/support/log.h> - -#include "src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h" -#include "test/core/tsi/alts/crypt/gsec_test_util.h" - -constexpr size_t kMaxDataSize = 1024; -constexpr size_t kMaxSlices = 10; -constexpr size_t kSealRepeatTimes = 5; -constexpr size_t kTagLength = 16; - -/* Test fixtures for each test cases. */ -struct alts_iovec_record_protocol_test_fixture { - alts_iovec_record_protocol* client_protect; - alts_iovec_record_protocol* client_unprotect; - alts_iovec_record_protocol* server_protect; - alts_iovec_record_protocol* server_unprotect; -}; - -/* Test variables for protect/unprotect operations. */ -struct alts_iovec_record_protocol_test_var { - uint8_t* header_buf; - size_t header_length; - iovec_t header_iovec; - uint8_t* tag_buf; - size_t tag_length; - iovec_t tag_iovec; - uint8_t* data_buf; - uint8_t* dup_buf; - size_t data_length; - iovec_t* data_iovec; - size_t data_iovec_length; - uint8_t* protected_buf; - iovec_t protected_iovec; - iovec_t unprotected_iovec; -}; - -/* --- Test utility functions. --- */ - -static void randomly_slice(uint8_t* input, size_t input_length, - iovec_t** output, size_t* output_length) { - if (input_length == 0) { - *output = nullptr; - *output_length = 0; - return; - } - *output_length = gsec_test_bias_random_uint32(kMaxSlices) + 1; - *output = static_cast<iovec_t*>(gpr_malloc(*output_length * sizeof(iovec_t))); - for (size_t i = 0; i < *output_length - 1; i++) { - size_t slice_length = - gsec_test_bias_random_uint32(static_cast<uint32_t>(input_length)); - iovec_t slice = {input, slice_length}; - (*output)[i] = slice; - input += slice_length; - input_length -= slice_length; - } - iovec_t slice = {input, input_length}; - (*output)[*output_length - 1] = slice; -} - -static size_t alter_random_byte(uint8_t* buf, size_t buf_length) { - GPR_ASSERT(buf != nullptr); - uint32_t offset = - gsec_test_bias_random_uint32(static_cast<uint32_t>(buf_length)); - (*(buf + offset))++; - return offset; -} - -static void revert_back_alter(uint8_t* buf, size_t offset) { - GPR_ASSERT(buf != nullptr); - (*(buf + offset))--; -} - -static alts_iovec_record_protocol_test_fixture* -alts_iovec_record_protocol_test_fixture_create(bool rekey, - bool integrity_only) { - alts_iovec_record_protocol_test_fixture* fixture = - static_cast<alts_iovec_record_protocol_test_fixture*>( - gpr_malloc(sizeof(alts_iovec_record_protocol_test_fixture))); - size_t overflow_size = 8; - size_t key_length = rekey ? kAes128GcmRekeyKeyLength : kAes128GcmKeyLength; - uint8_t* key; - gsec_test_random_array(&key, key_length); - gsec_aead_crypter* crypter = nullptr; - /* Create client record protocol for protect. */ - GPR_ASSERT(gsec_aes_gcm_aead_crypter_create( - key, key_length, kAesGcmNonceLength, kAesGcmTagLength, rekey, - &crypter, nullptr) == GRPC_STATUS_OK); - GPR_ASSERT(alts_iovec_record_protocol_create( - crypter, overflow_size, /*is_client=*/true, integrity_only, - /*is_protect=*/true, &fixture->client_protect, - nullptr) == GRPC_STATUS_OK); - /* Create client record protocol for unprotect. */ - GPR_ASSERT(gsec_aes_gcm_aead_crypter_create( - key, key_length, kAesGcmNonceLength, kAesGcmTagLength, rekey, - &crypter, nullptr) == GRPC_STATUS_OK); - GPR_ASSERT(alts_iovec_record_protocol_create( - crypter, overflow_size, /*is_client=*/true, integrity_only, - /*is_protect=*/false, &fixture->client_unprotect, - nullptr) == GRPC_STATUS_OK); - /* Create server record protocol for protect. */ - GPR_ASSERT(gsec_aes_gcm_aead_crypter_create( - key, key_length, kAesGcmNonceLength, kAesGcmTagLength, rekey, - &crypter, nullptr) == GRPC_STATUS_OK); - GPR_ASSERT(alts_iovec_record_protocol_create( - crypter, overflow_size, /*is_client=*/false, integrity_only, - /*is_protect=*/true, &fixture->server_protect, - nullptr) == GRPC_STATUS_OK); - /* Create server record protocol for unprotect. */ - GPR_ASSERT(gsec_aes_gcm_aead_crypter_create( - key, key_length, kAesGcmNonceLength, kAesGcmTagLength, rekey, - &crypter, nullptr) == GRPC_STATUS_OK); - GPR_ASSERT(alts_iovec_record_protocol_create( - crypter, overflow_size, /*is_client=*/false, integrity_only, - /*is_protect=*/false, &fixture->server_unprotect, - nullptr) == GRPC_STATUS_OK); - - gpr_free(key); - return fixture; -} - -static void alts_iovec_record_protocol_test_fixture_destroy( - alts_iovec_record_protocol_test_fixture* fixture) { - if (fixture == nullptr) { - return; - } - alts_iovec_record_protocol_destroy(fixture->client_protect); - alts_iovec_record_protocol_destroy(fixture->client_unprotect); - alts_iovec_record_protocol_destroy(fixture->server_protect); - alts_iovec_record_protocol_destroy(fixture->server_unprotect); - gpr_free(fixture); -} - -static alts_iovec_record_protocol_test_var* -alts_iovec_record_protocol_test_var_create() { - auto* var = static_cast<alts_iovec_record_protocol_test_var*>( - gpr_zalloc(sizeof(alts_iovec_record_protocol_test_var))); - /* Sets header buffer. */ - var->header_length = alts_iovec_record_protocol_get_header_length(); - var->header_buf = static_cast<uint8_t*>(gpr_malloc(var->header_length)); - var->header_iovec.iov_base = var->header_buf; - var->header_iovec.iov_len = var->header_length; - /* Sets tag buffer. */ - var->tag_length = kTagLength; - var->tag_buf = static_cast<uint8_t*>(gpr_malloc(var->tag_length)); - var->tag_iovec.iov_base = var->tag_buf; - var->tag_iovec.iov_len = var->tag_length; - /* Randomly sets data buffer and duplicates to dup_buf. */ - var->data_length = gsec_test_bias_random_uint32(kMaxDataSize) + 1; - var->data_buf = static_cast<uint8_t*>(gpr_malloc(var->data_length)); - gsec_test_random_bytes(var->data_buf, var->data_length); - gsec_test_copy(var->data_buf, &var->dup_buf, var->data_length); - var->data_iovec = nullptr; - var->data_iovec_length = 0; - randomly_slice(var->data_buf, var->data_length, &var->data_iovec, - &var->data_iovec_length); - /* Sets protected iovec. */ - size_t protected_buf_length = - var->header_length + var->data_length + var->tag_length; - var->protected_buf = static_cast<uint8_t*>(gpr_malloc(protected_buf_length)); - var->protected_iovec.iov_base = var->protected_buf; - var->protected_iovec.iov_len = protected_buf_length; - /* Unprotected iovec points to data_buf. */ - var->unprotected_iovec.iov_base = var->data_buf; - var->unprotected_iovec.iov_len = var->data_length; - return var; -} - -static void alts_iovec_record_protocol_test_var_destroy( - alts_iovec_record_protocol_test_var* var) { - if (var == nullptr) { - return; - } - gpr_free(var->header_buf); - gpr_free(var->tag_buf); - gpr_free(var->data_buf); - gpr_free(var->dup_buf); - gpr_free(var->data_iovec); - gpr_free(var->protected_buf); - gpr_free(var); -} - -/* --- Integrity-only protect/unprotect tests. --- */ - -static void integrity_only_random_seal_unseal( - alts_iovec_record_protocol* sender, alts_iovec_record_protocol* receiver) { - for (size_t i = 0; i < kSealRepeatTimes; i++) { - alts_iovec_record_protocol_test_var* var = - alts_iovec_record_protocol_test_var_create(); - /* Seals and then unseals. */ - grpc_status_code status = alts_iovec_record_protocol_integrity_only_protect( - sender, var->data_iovec, var->data_iovec_length, var->header_iovec, - var->tag_iovec, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - gpr_free(var->data_iovec); - /* Randomly slices data buffer again. */ - randomly_slice(var->data_buf, var->data_length, &var->data_iovec, - &var->data_iovec_length); - status = alts_iovec_record_protocol_integrity_only_unprotect( - receiver, var->data_iovec, var->data_iovec_length, var->header_iovec, - var->tag_iovec, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - /* Makes sure data buffer has not been modified during - * seal/unseal. */ - GPR_ASSERT(memcmp(var->data_buf, var->dup_buf, var->data_length) == 0); - alts_iovec_record_protocol_test_var_destroy(var); - } -} - -static void integrity_only_empty_seal_unseal( - alts_iovec_record_protocol* sender, alts_iovec_record_protocol* receiver) { - for (size_t i = 0; i < kSealRepeatTimes; i++) { - alts_iovec_record_protocol_test_var* var = - alts_iovec_record_protocol_test_var_create(); - /* Seals and then unseals empty payload. */ - grpc_status_code status = alts_iovec_record_protocol_integrity_only_protect( - sender, nullptr, 0, var->header_iovec, var->tag_iovec, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - status = alts_iovec_record_protocol_integrity_only_unprotect( - receiver, nullptr, 0, var->header_iovec, var->tag_iovec, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - alts_iovec_record_protocol_test_var_destroy(var); - } -} - -static void integrity_only_unsync_seal_unseal( - alts_iovec_record_protocol* sender, alts_iovec_record_protocol* receiver) { - /* Seals once. */ - alts_iovec_record_protocol_test_var* var = - alts_iovec_record_protocol_test_var_create(); - grpc_status_code status = alts_iovec_record_protocol_integrity_only_protect( - sender, var->data_iovec, var->data_iovec_length, var->header_iovec, - var->tag_iovec, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - alts_iovec_record_protocol_test_var_destroy(var); - /* Seals again. */ - var = alts_iovec_record_protocol_test_var_create(); - status = alts_iovec_record_protocol_integrity_only_protect( - sender, var->data_iovec, var->data_iovec_length, var->header_iovec, - var->tag_iovec, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - /* Unseals the second frame. */ - char* error_message = nullptr; - status = alts_iovec_record_protocol_integrity_only_unprotect( - receiver, var->data_iovec, var->data_iovec_length, var->header_iovec, - var->tag_iovec, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INTERNAL, error_message, - "Frame tag verification failed.")); - gpr_free(error_message); - alts_iovec_record_protocol_test_var_destroy(var); -} - -static void integrity_only_corrupted_data( - alts_iovec_record_protocol* sender, alts_iovec_record_protocol* receiver) { - /* Seals the data first. */ - alts_iovec_record_protocol_test_var* var = - alts_iovec_record_protocol_test_var_create(); - grpc_status_code status = alts_iovec_record_protocol_integrity_only_protect( - sender, var->data_iovec, var->data_iovec_length, var->header_iovec, - var->tag_iovec, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - /* Alter frame length field. */ - char* error_message = nullptr; - size_t offset = - alter_random_byte(var->header_buf, kZeroCopyFrameLengthFieldSize); - status = alts_iovec_record_protocol_integrity_only_unprotect( - receiver, var->data_iovec, var->data_iovec_length, var->header_iovec, - var->tag_iovec, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INTERNAL, error_message, "Bad frame length.")); - gpr_free(error_message); - revert_back_alter(var->header_buf, offset); - /* Alter message type field. */ - offset = alter_random_byte(var->header_buf + kZeroCopyFrameLengthFieldSize, - kZeroCopyFrameMessageTypeFieldSize); - status = alts_iovec_record_protocol_integrity_only_unprotect( - receiver, var->data_iovec, var->data_iovec_length, var->header_iovec, - var->tag_iovec, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INTERNAL, error_message, - "Unsupported message type.")); - gpr_free(error_message); - revert_back_alter(var->header_buf + kZeroCopyFrameLengthFieldSize, offset); - /* Alter data. */ - offset = alter_random_byte(var->data_buf, var->data_length); - status = alts_iovec_record_protocol_integrity_only_unprotect( - receiver, var->data_iovec, var->data_iovec_length, var->header_iovec, - var->tag_iovec, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INTERNAL, error_message, - "Frame tag verification failed.")); - gpr_free(error_message); - revert_back_alter(var->data_buf, offset); - /* Alter tag. */ - offset = alter_random_byte(var->tag_buf, var->tag_length); - status = alts_iovec_record_protocol_integrity_only_unprotect( - receiver, var->data_iovec, var->data_iovec_length, var->header_iovec, - var->tag_iovec, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INTERNAL, error_message, - "Frame tag verification failed.")); - gpr_free(error_message); - revert_back_alter(var->tag_buf, offset); - /* Reverted protected data should be verified correctly. */ - status = alts_iovec_record_protocol_integrity_only_unprotect( - receiver, var->data_iovec, var->data_iovec_length, var->header_iovec, - var->tag_iovec, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(memcmp(var->data_buf, var->dup_buf, var->data_length) == 0); - alts_iovec_record_protocol_test_var_destroy(var); -} - -static void integrity_only_protect_input_check(alts_iovec_record_protocol* rp) { - alts_iovec_record_protocol_test_var* var = - alts_iovec_record_protocol_test_var_create(); - char* error_message = nullptr; - /* Header buffer is nullptr. */ - iovec_t header_iovec = {nullptr, var->header_length}; - grpc_status_code status = alts_iovec_record_protocol_integrity_only_protect( - rp, var->data_iovec, var->data_iovec_length, header_iovec, var->tag_iovec, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "Header is nullptr.")); - gpr_free(error_message); - /* Header buffer length is 0. */ - header_iovec.iov_base = var->header_buf; - header_iovec.iov_len = 0; - status = alts_iovec_record_protocol_integrity_only_protect( - rp, var->data_iovec, var->data_iovec_length, header_iovec, var->tag_iovec, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "Header length is incorrect.")); - gpr_free(error_message); - /* Tag buffer is nullptr. */ - iovec_t tag_iovec = {nullptr, var->tag_length}; - status = alts_iovec_record_protocol_integrity_only_protect( - rp, var->data_iovec, var->data_iovec_length, var->header_iovec, tag_iovec, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, "Tag is nullptr.")); - gpr_free(error_message); - /* Tag buffer length is 0. */ - tag_iovec.iov_base = var->tag_buf; - tag_iovec.iov_len = 0; - status = alts_iovec_record_protocol_integrity_only_protect( - rp, var->data_iovec, var->data_iovec_length, var->header_iovec, tag_iovec, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "Tag length is incorrect.")); - gpr_free(error_message); - alts_iovec_record_protocol_test_var_destroy(var); -} - -static void integrity_only_unprotect_input_check( - alts_iovec_record_protocol* rp) { - alts_iovec_record_protocol_test_var* var = - alts_iovec_record_protocol_test_var_create(); - char* error_message = nullptr; - /* Header buffer is nullptr. */ - iovec_t header_iovec = {nullptr, var->header_length}; - grpc_status_code status = alts_iovec_record_protocol_integrity_only_unprotect( - rp, var->data_iovec, var->data_iovec_length, header_iovec, var->tag_iovec, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "Header is nullptr.")); - gpr_free(error_message); - /* Header buffer length is 0. */ - header_iovec.iov_base = var->header_buf; - header_iovec.iov_len = 0; - status = alts_iovec_record_protocol_integrity_only_unprotect( - rp, var->data_iovec, var->data_iovec_length, header_iovec, var->tag_iovec, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "Header length is incorrect.")); - gpr_free(error_message); - /* Tag buffer is nullptr. */ - iovec_t tag_iovec = {nullptr, var->tag_length}; - status = alts_iovec_record_protocol_integrity_only_unprotect( - rp, var->data_iovec, var->data_iovec_length, var->header_iovec, tag_iovec, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, "Tag is nullptr.")); - gpr_free(error_message); - /* Tag buffer length is 0. */ - tag_iovec.iov_base = var->tag_buf; - tag_iovec.iov_len = 0; - status = alts_iovec_record_protocol_integrity_only_unprotect( - rp, var->data_iovec, var->data_iovec_length, var->header_iovec, tag_iovec, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "Tag length is incorrect.")); - gpr_free(error_message); - alts_iovec_record_protocol_test_var_destroy(var); -} - -/* --- Privacy-integrity protect/unprotect tests. --- */ - -static void privacy_integrity_random_seal_unseal( - alts_iovec_record_protocol* sender, alts_iovec_record_protocol* receiver) { - for (size_t i = 0; i < kSealRepeatTimes; i++) { - alts_iovec_record_protocol_test_var* var = - alts_iovec_record_protocol_test_var_create(); - /* Seals and then unseals. */ - grpc_status_code status = - alts_iovec_record_protocol_privacy_integrity_protect( - sender, var->data_iovec, var->data_iovec_length, - var->protected_iovec, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - iovec_t header_iovec = {var->protected_buf, var->header_length}; - gpr_free(var->data_iovec); - /* Randomly slices protected buffer, excluding the header. */ - randomly_slice(var->protected_buf + var->header_length, - var->data_length + var->tag_length, &var->data_iovec, - &var->data_iovec_length); - status = alts_iovec_record_protocol_privacy_integrity_unprotect( - receiver, header_iovec, var->data_iovec, var->data_iovec_length, - var->unprotected_iovec, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - /* Makes sure unprotected data are the same as the original. */ - GPR_ASSERT(memcmp(var->data_buf, var->dup_buf, var->data_length) == 0); - alts_iovec_record_protocol_test_var_destroy(var); - } -} - -static void privacy_integrity_empty_seal_unseal( - alts_iovec_record_protocol* sender, alts_iovec_record_protocol* receiver) { - alts_iovec_record_protocol_test_var* var = - alts_iovec_record_protocol_test_var_create(); - size_t empty_payload_frame_size = var->header_length + var->tag_length; - auto* protected_buf = - static_cast<uint8_t*>(gpr_malloc(empty_payload_frame_size)); - for (size_t i = 0; i < kSealRepeatTimes; i++) { - iovec_t protected_iovec = {protected_buf, empty_payload_frame_size}; - iovec_t unprotected_iovec = {nullptr, 0}; - iovec_t data_iovec = {protected_buf + var->header_length, var->tag_length}; - /* Seals and then unseals empty payload. */ - grpc_status_code status = - alts_iovec_record_protocol_privacy_integrity_protect( - sender, nullptr, 0, protected_iovec, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - iovec_t header_iovec = {protected_buf, var->header_length}; - status = alts_iovec_record_protocol_privacy_integrity_unprotect( - receiver, header_iovec, &data_iovec, 1, unprotected_iovec, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - } - gpr_free(protected_buf); - alts_iovec_record_protocol_test_var_destroy(var); -} - -static void privacy_integrity_unsync_seal_unseal( - alts_iovec_record_protocol* sender, alts_iovec_record_protocol* receiver) { - /* Seals once. */ - alts_iovec_record_protocol_test_var* var = - alts_iovec_record_protocol_test_var_create(); - grpc_status_code status = - alts_iovec_record_protocol_privacy_integrity_protect( - sender, var->data_iovec, var->data_iovec_length, var->protected_iovec, - nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - alts_iovec_record_protocol_test_var_destroy(var); - /* Seals again. */ - var = alts_iovec_record_protocol_test_var_create(); - status = alts_iovec_record_protocol_privacy_integrity_protect( - sender, var->data_iovec, var->data_iovec_length, var->protected_iovec, - nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - /* Unseals the second frame. */ - char* error_message = nullptr; - iovec_t header_iovec = {var->protected_buf, var->header_length}; - iovec_t protected_iovec = {var->protected_buf + var->header_length, - var->data_length + var->tag_length}; - status = alts_iovec_record_protocol_privacy_integrity_unprotect( - receiver, header_iovec, &protected_iovec, 1, var->unprotected_iovec, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INTERNAL, error_message, "Frame decryption failed.")); - gpr_free(error_message); - alts_iovec_record_protocol_test_var_destroy(var); -} - -static void privacy_integrity_corrupted_data( - alts_iovec_record_protocol* sender, alts_iovec_record_protocol* receiver) { - /* Seals the data first. */ - alts_iovec_record_protocol_test_var* var = - alts_iovec_record_protocol_test_var_create(); - grpc_status_code status = - alts_iovec_record_protocol_privacy_integrity_protect( - sender, var->data_iovec, var->data_iovec_length, var->protected_iovec, - nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - char* error_message = nullptr; - uint8_t* header_buf = var->protected_buf; - size_t header_length = var->header_length; - iovec_t header_iovec = {header_buf, header_length}; - /* The following protected_buf and protected_length excludes header. */ - uint8_t* protected_buf = var->protected_buf + var->header_length; - size_t protected_length = var->data_length + var->tag_length; - iovec_t protected_iovec = {protected_buf, protected_length}; - /* Alter frame length field. */ - size_t offset = alter_random_byte(header_buf, kZeroCopyFrameLengthFieldSize); - status = alts_iovec_record_protocol_privacy_integrity_unprotect( - receiver, header_iovec, &protected_iovec, 1, var->unprotected_iovec, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INTERNAL, error_message, "Bad frame length.")); - gpr_free(error_message); - revert_back_alter(header_buf, offset); - /* Alter message type field. */ - offset = alter_random_byte(header_buf + kZeroCopyFrameLengthFieldSize, - kZeroCopyFrameMessageTypeFieldSize); - status = alts_iovec_record_protocol_privacy_integrity_unprotect( - receiver, header_iovec, &protected_iovec, 1, var->unprotected_iovec, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INTERNAL, error_message, - "Unsupported message type.")); - gpr_free(error_message); - revert_back_alter(header_buf + kZeroCopyFrameLengthFieldSize, offset); - /* Alter protected data. */ - offset = alter_random_byte(protected_buf, protected_length); - status = alts_iovec_record_protocol_privacy_integrity_unprotect( - receiver, header_iovec, &protected_iovec, 1, var->unprotected_iovec, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INTERNAL, error_message, "Frame decryption failed.")); - gpr_free(error_message); - revert_back_alter(protected_buf, offset); - /* Reverted protected data should be verified correctly. */ - status = alts_iovec_record_protocol_privacy_integrity_unprotect( - receiver, header_iovec, &protected_iovec, 1, var->unprotected_iovec, - nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(memcmp(var->data_buf, var->dup_buf, var->data_length) == 0); - alts_iovec_record_protocol_test_var_destroy(var); -} - -static void privacy_integrity_protect_input_check( - alts_iovec_record_protocol* rp) { - alts_iovec_record_protocol_test_var* var = - alts_iovec_record_protocol_test_var_create(); - char* error_message = nullptr; - /* Protected output buffer is nullptr. */ - iovec_t protected_iovec = {nullptr, var->protected_iovec.iov_len}; - grpc_status_code status = - alts_iovec_record_protocol_privacy_integrity_protect( - rp, var->data_iovec, var->data_iovec_length, protected_iovec, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "Protected frame is nullptr.")); - gpr_free(error_message); - /* Protected output buffer length incorrect. */ - protected_iovec.iov_base = var->protected_buf; - protected_iovec.iov_len = var->header_length + var->data_length; - status = alts_iovec_record_protocol_privacy_integrity_protect( - rp, var->data_iovec, var->data_iovec_length, protected_iovec, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "Protected frame size is incorrect.")); - gpr_free(error_message); - alts_iovec_record_protocol_test_var_destroy(var); -} - -static void privacy_integrity_unprotect_input_check( - alts_iovec_record_protocol* rp) { - alts_iovec_record_protocol_test_var* var = - alts_iovec_record_protocol_test_var_create(); - char* error_message = nullptr; - /* Header buffer is nullptr. */ - iovec_t header_iovec = {var->protected_buf, var->header_length}; - iovec_t protected_iovec = {var->protected_buf + var->header_length, - var->data_length + var->tag_length}; - header_iovec.iov_base = nullptr; - grpc_status_code status = - alts_iovec_record_protocol_privacy_integrity_unprotect( - rp, header_iovec, &protected_iovec, 1, var->unprotected_iovec, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "Header is nullptr.")); - gpr_free(error_message); - header_iovec.iov_base = var->protected_buf; - /* Header buffer length is 0. */ - header_iovec.iov_len = 0; - status = alts_iovec_record_protocol_privacy_integrity_unprotect( - rp, header_iovec, &protected_iovec, 1, var->unprotected_iovec, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "Header length is incorrect.")); - gpr_free(error_message); - header_iovec.iov_len = var->header_length; - /* Unprotected output buffer length is incorrect. */ - iovec_t unprotected_iovec = {var->data_buf, var->data_length - 1}; - status = alts_iovec_record_protocol_privacy_integrity_unprotect( - rp, header_iovec, &protected_iovec, 1, unprotected_iovec, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "Unprotected data size is incorrect.")); - gpr_free(error_message); - alts_iovec_record_protocol_test_var_destroy(var); -} - -/* --- Integrity-only and privacy-integrity mixed. --- */ - -static void record_protocol_wrong_mode( - alts_iovec_record_protocol* integrity_only_protect_rp, - alts_iovec_record_protocol* integrity_only_unprotect_rp, - alts_iovec_record_protocol* privacy_integrity_protect_rp, - alts_iovec_record_protocol* privacy_integrity_unprotect_rp) { - alts_iovec_record_protocol_test_var* var = - alts_iovec_record_protocol_test_var_create(); - grpc_status_code status; - char* error_message = nullptr; - /* Call integrity-only protect on privacy-integrity record protocol. */ - status = alts_iovec_record_protocol_integrity_only_protect( - privacy_integrity_protect_rp, var->data_iovec, var->data_iovec_length, - var->header_iovec, var->tag_iovec, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_FAILED_PRECONDITION, error_message, - "Integrity-only operations are not allowed for this object.")); - gpr_free(error_message); - /* Call integrity-only unprotect on privacy-integrity record protocol. */ - status = alts_iovec_record_protocol_integrity_only_unprotect( - privacy_integrity_unprotect_rp, var->data_iovec, var->data_iovec_length, - var->header_iovec, var->tag_iovec, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_FAILED_PRECONDITION, error_message, - "Integrity-only operations are not allowed for this object.")); - gpr_free(error_message); - /* Call privacy-integrity protect on integrity-only record protocol. */ - status = alts_iovec_record_protocol_privacy_integrity_protect( - integrity_only_protect_rp, var->data_iovec, var->data_iovec_length, - var->protected_iovec, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_FAILED_PRECONDITION, error_message, - "Privacy-integrity operations are not allowed for this object.")); - gpr_free(error_message); - /* Call privacy-integrity unprotect on integrity-only record protocol. */ - status = alts_iovec_record_protocol_privacy_integrity_unprotect( - integrity_only_unprotect_rp, var->header_iovec, var->data_iovec, - var->data_iovec_length, var->unprotected_iovec, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_FAILED_PRECONDITION, error_message, - "Privacy-integrity operations are not allowed for this object.")); - gpr_free(error_message); - alts_iovec_record_protocol_test_var_destroy(var); -} - -static void integrity_seal_privacy_unseal( - alts_iovec_record_protocol* integrity_only_sender, - alts_iovec_record_protocol* privacy_integrity_receiver) { - alts_iovec_record_protocol_test_var* var = - alts_iovec_record_protocol_test_var_create(); - grpc_status_code status; - char* error_message = nullptr; - /* Seals with integrity-only protect. */ - status = alts_iovec_record_protocol_integrity_only_protect( - integrity_only_sender, var->data_iovec, var->data_iovec_length, - var->header_iovec, var->tag_iovec, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - /* Unseal with privacy-integrity unprotect. */ - memcpy(var->protected_buf, var->data_buf, var->data_length); - memcpy(var->protected_buf + var->data_length, var->tag_buf, var->tag_length); - iovec_t protected_iovec = {var->protected_buf, - var->data_length + var->tag_length}; - status = alts_iovec_record_protocol_privacy_integrity_unprotect( - privacy_integrity_receiver, var->header_iovec, &protected_iovec, 1, - var->unprotected_iovec, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INTERNAL, error_message, "Frame decryption failed.")); - gpr_free(error_message); - alts_iovec_record_protocol_test_var_destroy(var); -} - -static void privacy_seal_integrity_unseal( - alts_iovec_record_protocol* privacy_integrity_sender, - alts_iovec_record_protocol* integrity_only_receiver) { - alts_iovec_record_protocol_test_var* var = - alts_iovec_record_protocol_test_var_create(); - grpc_status_code status; - char* error_message = nullptr; - /* Seals with privacy-integrity protect. */ - status = alts_iovec_record_protocol_privacy_integrity_protect( - privacy_integrity_sender, var->data_iovec, var->data_iovec_length, - var->protected_iovec, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - /* Unseal with integrity-only unprotect. */ - iovec_t header_iovec = {var->protected_buf, var->header_length}; - iovec_t data_iovec = {var->protected_buf + var->header_length, - var->data_length}; - iovec_t tag_iovec = { - var->protected_buf + var->header_length + var->data_length, - var->tag_length}; - status = alts_iovec_record_protocol_integrity_only_unprotect( - integrity_only_receiver, &data_iovec, 1, header_iovec, tag_iovec, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INTERNAL, error_message, - "Frame tag verification failed.")); - gpr_free(error_message); - alts_iovec_record_protocol_test_var_destroy(var); -} - -/* --- Test cases. --- */ - -static void alts_iovec_record_protocol_random_seal_unseal_tests() { - alts_iovec_record_protocol_test_fixture* fixture = - alts_iovec_record_protocol_test_fixture_create( - /*rekey=*/false, /*integrity_only=*/true); - integrity_only_random_seal_unseal(fixture->client_protect, - fixture->server_unprotect); - integrity_only_random_seal_unseal(fixture->server_protect, - fixture->client_unprotect); - alts_iovec_record_protocol_test_fixture_destroy(fixture); - - fixture = alts_iovec_record_protocol_test_fixture_create( - /*rekey=*/true, /*integrity_only=*/true); - integrity_only_random_seal_unseal(fixture->client_protect, - fixture->server_unprotect); - integrity_only_random_seal_unseal(fixture->server_protect, - fixture->client_unprotect); - alts_iovec_record_protocol_test_fixture_destroy(fixture); - - fixture = alts_iovec_record_protocol_test_fixture_create( - /*rekey=*/false, /*integrity_only=*/false); - privacy_integrity_random_seal_unseal(fixture->client_protect, - fixture->server_unprotect); - privacy_integrity_random_seal_unseal(fixture->server_protect, - fixture->client_unprotect); - alts_iovec_record_protocol_test_fixture_destroy(fixture); - - fixture = alts_iovec_record_protocol_test_fixture_create( - /*rekey=*/true, /*integrity_only=*/false); - privacy_integrity_random_seal_unseal(fixture->client_protect, - fixture->server_unprotect); - privacy_integrity_random_seal_unseal(fixture->server_protect, - fixture->client_unprotect); - alts_iovec_record_protocol_test_fixture_destroy(fixture); -} - -static void alts_iovec_record_protocol_empty_seal_unseal_tests() { - alts_iovec_record_protocol_test_fixture* fixture = - alts_iovec_record_protocol_test_fixture_create( - /*rekey=*/false, /*integrity_only=*/true); - integrity_only_empty_seal_unseal(fixture->client_protect, - fixture->server_unprotect); - integrity_only_empty_seal_unseal(fixture->server_protect, - fixture->client_unprotect); - alts_iovec_record_protocol_test_fixture_destroy(fixture); - - fixture = alts_iovec_record_protocol_test_fixture_create( - /*rekey=*/true, /*integrity_only=*/true); - integrity_only_empty_seal_unseal(fixture->client_protect, - fixture->server_unprotect); - integrity_only_empty_seal_unseal(fixture->server_protect, - fixture->client_unprotect); - alts_iovec_record_protocol_test_fixture_destroy(fixture); - - fixture = alts_iovec_record_protocol_test_fixture_create( - /*rekey=*/false, /*integrity_only=*/false); - privacy_integrity_empty_seal_unseal(fixture->client_protect, - fixture->server_unprotect); - privacy_integrity_empty_seal_unseal(fixture->server_protect, - fixture->client_unprotect); - alts_iovec_record_protocol_test_fixture_destroy(fixture); - - fixture = alts_iovec_record_protocol_test_fixture_create( - /*rekey=*/true, /*integrity_only=*/false); - privacy_integrity_empty_seal_unseal(fixture->client_protect, - fixture->server_unprotect); - privacy_integrity_empty_seal_unseal(fixture->server_protect, - fixture->client_unprotect); - alts_iovec_record_protocol_test_fixture_destroy(fixture); -} - -static void alts_iovec_record_protocol_unsync_seal_unseal_tests() { - alts_iovec_record_protocol_test_fixture* fixture = - alts_iovec_record_protocol_test_fixture_create( - /*rekey=*/false, /*integrity_only=*/true); - integrity_only_unsync_seal_unseal(fixture->client_protect, - fixture->server_unprotect); - integrity_only_unsync_seal_unseal(fixture->server_protect, - fixture->client_unprotect); - alts_iovec_record_protocol_test_fixture_destroy(fixture); - - fixture = alts_iovec_record_protocol_test_fixture_create( - /*rekey=*/true, /*integrity_only=*/true); - integrity_only_unsync_seal_unseal(fixture->client_protect, - fixture->server_unprotect); - integrity_only_unsync_seal_unseal(fixture->server_protect, - fixture->client_unprotect); - alts_iovec_record_protocol_test_fixture_destroy(fixture); - - fixture = alts_iovec_record_protocol_test_fixture_create( - /*rekey=*/false, /*integrity_only=*/false); - privacy_integrity_unsync_seal_unseal(fixture->client_protect, - fixture->server_unprotect); - privacy_integrity_unsync_seal_unseal(fixture->server_protect, - fixture->client_unprotect); - alts_iovec_record_protocol_test_fixture_destroy(fixture); - - fixture = alts_iovec_record_protocol_test_fixture_create( - /*rekey=*/true, /*integrity_only=*/false); - privacy_integrity_unsync_seal_unseal(fixture->client_protect, - fixture->server_unprotect); - privacy_integrity_unsync_seal_unseal(fixture->server_protect, - fixture->client_unprotect); - alts_iovec_record_protocol_test_fixture_destroy(fixture); -} - -static void alts_iovec_record_protocol_corrupted_data_tests() { - alts_iovec_record_protocol_test_fixture* fixture = - alts_iovec_record_protocol_test_fixture_create( - /*rekey=*/false, /*integrity_only=*/true); - integrity_only_corrupted_data(fixture->client_protect, - fixture->server_unprotect); - integrity_only_corrupted_data(fixture->server_protect, - fixture->client_unprotect); - alts_iovec_record_protocol_test_fixture_destroy(fixture); - - fixture = alts_iovec_record_protocol_test_fixture_create( - /*rekey=*/true, /*integrity_only=*/true); - integrity_only_corrupted_data(fixture->client_protect, - fixture->server_unprotect); - integrity_only_corrupted_data(fixture->server_protect, - fixture->client_unprotect); - alts_iovec_record_protocol_test_fixture_destroy(fixture); - - fixture = alts_iovec_record_protocol_test_fixture_create( - /*rekey=*/false, /*integrity_only=*/false); - privacy_integrity_corrupted_data(fixture->client_protect, - fixture->server_unprotect); - privacy_integrity_corrupted_data(fixture->server_protect, - fixture->client_unprotect); - alts_iovec_record_protocol_test_fixture_destroy(fixture); - - fixture = alts_iovec_record_protocol_test_fixture_create( - /*rekey=*/true, /*integrity_only=*/false); - privacy_integrity_corrupted_data(fixture->client_protect, - fixture->server_unprotect); - privacy_integrity_corrupted_data(fixture->server_protect, - fixture->client_unprotect); - alts_iovec_record_protocol_test_fixture_destroy(fixture); -} - -static void alts_iovec_record_protocol_input_check_tests() { - alts_iovec_record_protocol_test_fixture* fixture = - alts_iovec_record_protocol_test_fixture_create( - /*rekey=*/false, /*integrity_only=*/true); - integrity_only_protect_input_check(fixture->client_protect); - integrity_only_unprotect_input_check(fixture->client_unprotect); - alts_iovec_record_protocol_test_fixture_destroy(fixture); - - fixture = alts_iovec_record_protocol_test_fixture_create( - /*rekey=*/true, /*integrity_only=*/true); - integrity_only_protect_input_check(fixture->client_protect); - integrity_only_unprotect_input_check(fixture->client_unprotect); - alts_iovec_record_protocol_test_fixture_destroy(fixture); - - fixture = alts_iovec_record_protocol_test_fixture_create( - /*rekey=*/false, /*integrity_only=*/false); - privacy_integrity_protect_input_check(fixture->client_protect); - privacy_integrity_unprotect_input_check(fixture->client_unprotect); - alts_iovec_record_protocol_test_fixture_destroy(fixture); - - fixture = alts_iovec_record_protocol_test_fixture_create( - /*rekey=*/true, /*integrity_only=*/false); - privacy_integrity_protect_input_check(fixture->client_protect); - privacy_integrity_unprotect_input_check(fixture->client_unprotect); - alts_iovec_record_protocol_test_fixture_destroy(fixture); -} - -static void alts_iovec_record_protocol_mix_operations_tests() { - alts_iovec_record_protocol_test_fixture* fixture_1 = - alts_iovec_record_protocol_test_fixture_create( - /*rekey=*/false, /*integrity_only=*/true); - alts_iovec_record_protocol_test_fixture* fixture_2 = - alts_iovec_record_protocol_test_fixture_create( - /*rekey=*/false, /*integrity_only=*/false); - - record_protocol_wrong_mode( - fixture_1->client_protect, fixture_1->client_unprotect, - fixture_2->client_protect, fixture_2->client_unprotect); - integrity_seal_privacy_unseal(fixture_1->client_protect, - fixture_2->server_unprotect); - privacy_seal_integrity_unseal(fixture_2->client_protect, - fixture_1->server_unprotect); - - alts_iovec_record_protocol_test_fixture_destroy(fixture_1); - alts_iovec_record_protocol_test_fixture_destroy(fixture_2); -} - -int main(int argc, char** argv) { - alts_iovec_record_protocol_random_seal_unseal_tests(); - alts_iovec_record_protocol_empty_seal_unseal_tests(); - alts_iovec_record_protocol_unsync_seal_unseal_tests(); - alts_iovec_record_protocol_corrupted_data_tests(); - alts_iovec_record_protocol_input_check_tests(); - alts_iovec_record_protocol_mix_operations_tests(); - return 0; -} diff --git a/test/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector_test.cc b/test/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector_test.cc deleted file mode 100644 index 2388be95cd..0000000000 --- a/test/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector_test.cc +++ /dev/null @@ -1,289 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <grpc/slice_buffer.h> -#include <grpc/support/alloc.h> -#include <grpc/support/log.h> - -#include "src/core/lib/slice/slice_internal.h" -#include "src/core/tsi/alts/crypt/gsec.h" -#include "src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h" -#include "src/core/tsi/transport_security_grpc.h" -#include "test/core/tsi/alts/crypt/gsec_test_util.h" - -/* TODO: tests zero_copy_grpc_protector under TSI test library, which - * has more comprehensive tests. */ - -constexpr size_t kSealRepeatTimes = 50; -constexpr size_t kSmallBufferSize = 16; -constexpr size_t kLargeBufferSize = 16384; -constexpr size_t kChannelMaxSize = 2048; -constexpr size_t kChannelMinSize = 128; - -/* Test fixtures for each test cases. */ -struct alts_zero_copy_grpc_protector_test_fixture { - tsi_zero_copy_grpc_protector* client; - tsi_zero_copy_grpc_protector* server; -}; - -/* Test input variables for protect/unprotect operations. */ -struct alts_zero_copy_grpc_protector_test_var { - grpc_slice_buffer original_sb; - grpc_slice_buffer duplicate_sb; - grpc_slice_buffer staging_sb; - grpc_slice_buffer protected_sb; - grpc_slice_buffer unprotected_sb; -}; - -/* --- Test utility functions. --- */ - -static void create_random_slice_buffer(grpc_slice_buffer* sb, - grpc_slice_buffer* dup_sb, - size_t length) { - GPR_ASSERT(sb != nullptr); - GPR_ASSERT(dup_sb != nullptr); - GPR_ASSERT(length > 0); - grpc_slice slice = GRPC_SLICE_MALLOC(length); - gsec_test_random_bytes(GRPC_SLICE_START_PTR(slice), length); - grpc_slice_buffer_add(sb, grpc_slice_ref(slice)); - grpc_slice_buffer_add(dup_sb, slice); -} - -static uint8_t* pointer_to_nth_byte(grpc_slice_buffer* sb, size_t index) { - GPR_ASSERT(sb != nullptr); - GPR_ASSERT(index < sb->length); - for (size_t i = 0; i < sb->count; i++) { - if (index < GRPC_SLICE_LENGTH(sb->slices[i])) { - return GRPC_SLICE_START_PTR(sb->slices[i]) + index; - } else { - index -= GRPC_SLICE_LENGTH(sb->slices[i]); - } - } - return nullptr; -} - -/* Checks if two slice buffer contents are the same. It is not super efficient, - * but OK for testing. */ -static bool are_slice_buffers_equal(grpc_slice_buffer* first, - grpc_slice_buffer* second) { - GPR_ASSERT(first != nullptr); - GPR_ASSERT(second != nullptr); - if (first->length != second->length) { - return false; - } - for (size_t i = 0; i < first->length; i++) { - uint8_t* first_ptr = pointer_to_nth_byte(first, i); - uint8_t* second_ptr = pointer_to_nth_byte(second, i); - GPR_ASSERT(first_ptr != nullptr && second_ptr != nullptr); - if ((*first_ptr) != (*second_ptr)) { - return false; - } - } - return true; -} - -static alts_zero_copy_grpc_protector_test_fixture* -alts_zero_copy_grpc_protector_test_fixture_create(bool rekey, - bool integrity_only) { - alts_zero_copy_grpc_protector_test_fixture* fixture = - static_cast<alts_zero_copy_grpc_protector_test_fixture*>( - gpr_zalloc(sizeof(alts_zero_copy_grpc_protector_test_fixture))); - grpc_core::ExecCtx exec_ctx; - size_t key_length = rekey ? kAes128GcmRekeyKeyLength : kAes128GcmKeyLength; - uint8_t* key; - size_t max_protected_frame_size = 1024; - gsec_test_random_array(&key, key_length); - GPR_ASSERT(alts_zero_copy_grpc_protector_create( - key, key_length, rekey, /*is_client=*/true, integrity_only, - &max_protected_frame_size, &fixture->client) == TSI_OK); - GPR_ASSERT(alts_zero_copy_grpc_protector_create( - key, key_length, rekey, /*is_client=*/false, integrity_only, - &max_protected_frame_size, &fixture->server) == TSI_OK); - gpr_free(key); - grpc_core::ExecCtx::Get()->Flush(); - return fixture; -} - -static void alts_zero_copy_grpc_protector_test_fixture_destroy( - alts_zero_copy_grpc_protector_test_fixture* fixture) { - if (fixture == nullptr) { - return; - } - grpc_core::ExecCtx exec_ctx; - tsi_zero_copy_grpc_protector_destroy(fixture->client); - tsi_zero_copy_grpc_protector_destroy(fixture->server); - grpc_core::ExecCtx::Get()->Flush(); - gpr_free(fixture); -} - -static alts_zero_copy_grpc_protector_test_var* -alts_zero_copy_grpc_protector_test_var_create() { - alts_zero_copy_grpc_protector_test_var* var = - static_cast<alts_zero_copy_grpc_protector_test_var*>( - gpr_zalloc(sizeof(alts_zero_copy_grpc_protector_test_var))); - grpc_slice_buffer_init(&var->original_sb); - grpc_slice_buffer_init(&var->duplicate_sb); - grpc_slice_buffer_init(&var->staging_sb); - grpc_slice_buffer_init(&var->protected_sb); - grpc_slice_buffer_init(&var->unprotected_sb); - return var; -} - -static void alts_zero_copy_grpc_protector_test_var_destroy( - alts_zero_copy_grpc_protector_test_var* var) { - if (var == nullptr) { - return; - } - grpc_slice_buffer_destroy_internal(&var->original_sb); - grpc_slice_buffer_destroy_internal(&var->duplicate_sb); - grpc_slice_buffer_destroy_internal(&var->staging_sb); - grpc_slice_buffer_destroy_internal(&var->protected_sb); - grpc_slice_buffer_destroy_internal(&var->unprotected_sb); - gpr_free(var); -} - -/* --- ALTS zero-copy protector tests. --- */ - -static void seal_unseal_small_buffer(tsi_zero_copy_grpc_protector* sender, - tsi_zero_copy_grpc_protector* receiver) { - grpc_core::ExecCtx exec_ctx; - for (size_t i = 0; i < kSealRepeatTimes; i++) { - alts_zero_copy_grpc_protector_test_var* var = - alts_zero_copy_grpc_protector_test_var_create(); - /* Creates a random small slice buffer and calls protect(). */ - create_random_slice_buffer(&var->original_sb, &var->duplicate_sb, - kSmallBufferSize); - GPR_ASSERT(tsi_zero_copy_grpc_protector_protect( - sender, &var->original_sb, &var->protected_sb) == TSI_OK); - /* Splits protected slice buffer into two: first one is staging_sb, and - * second one is is protected_sb. */ - uint32_t staging_sb_size = - gsec_test_bias_random_uint32( - static_cast<uint32_t>(var->protected_sb.length - 1)) + - 1; - grpc_slice_buffer_move_first(&var->protected_sb, staging_sb_size, - &var->staging_sb); - /* Unprotects one by one. */ - GPR_ASSERT(tsi_zero_copy_grpc_protector_unprotect( - receiver, &var->staging_sb, &var->unprotected_sb) == TSI_OK); - GPR_ASSERT(var->unprotected_sb.length == 0); - GPR_ASSERT(tsi_zero_copy_grpc_protector_unprotect( - receiver, &var->protected_sb, &var->unprotected_sb) == - TSI_OK); - GPR_ASSERT( - are_slice_buffers_equal(&var->unprotected_sb, &var->duplicate_sb)); - alts_zero_copy_grpc_protector_test_var_destroy(var); - } - grpc_core::ExecCtx::Get()->Flush(); -} - -static void seal_unseal_large_buffer(tsi_zero_copy_grpc_protector* sender, - tsi_zero_copy_grpc_protector* receiver) { - grpc_core::ExecCtx exec_ctx; - for (size_t i = 0; i < kSealRepeatTimes; i++) { - alts_zero_copy_grpc_protector_test_var* var = - alts_zero_copy_grpc_protector_test_var_create(); - /* Creates a random large slice buffer and calls protect(). */ - create_random_slice_buffer(&var->original_sb, &var->duplicate_sb, - kLargeBufferSize); - GPR_ASSERT(tsi_zero_copy_grpc_protector_protect( - sender, &var->original_sb, &var->protected_sb) == TSI_OK); - /* Splits protected slice buffer into multiple pieces. Receiver unprotects - * each slice buffer one by one. */ - uint32_t channel_size = gsec_test_bias_random_uint32(static_cast<uint32_t>( - kChannelMaxSize + 1 - kChannelMinSize)) + - static_cast<uint32_t>(kChannelMinSize); - while (var->protected_sb.length > channel_size) { - grpc_slice_buffer_reset_and_unref_internal(&var->staging_sb); - grpc_slice_buffer_move_first(&var->protected_sb, channel_size, - &var->staging_sb); - GPR_ASSERT(tsi_zero_copy_grpc_protector_unprotect( - receiver, &var->staging_sb, &var->unprotected_sb) == - TSI_OK); - } - GPR_ASSERT(tsi_zero_copy_grpc_protector_unprotect( - receiver, &var->protected_sb, &var->unprotected_sb) == - TSI_OK); - GPR_ASSERT( - are_slice_buffers_equal(&var->unprotected_sb, &var->duplicate_sb)); - alts_zero_copy_grpc_protector_test_var_destroy(var); - } - grpc_core::ExecCtx::Get()->Flush(); -} - -/* --- Test cases. --- */ - -static void alts_zero_copy_protector_seal_unseal_small_buffer_tests() { - alts_zero_copy_grpc_protector_test_fixture* fixture = - alts_zero_copy_grpc_protector_test_fixture_create( - /*rekey=*/false, /*integrity_only=*/true); - seal_unseal_small_buffer(fixture->client, fixture->server); - seal_unseal_small_buffer(fixture->server, fixture->client); - alts_zero_copy_grpc_protector_test_fixture_destroy(fixture); - - fixture = alts_zero_copy_grpc_protector_test_fixture_create( - /*rekey=*/false, /*integrity_only=*/false); - seal_unseal_small_buffer(fixture->client, fixture->server); - seal_unseal_small_buffer(fixture->server, fixture->client); - alts_zero_copy_grpc_protector_test_fixture_destroy(fixture); - - fixture = alts_zero_copy_grpc_protector_test_fixture_create( - /*rekey=*/true, /*integrity_only=*/true); - seal_unseal_small_buffer(fixture->client, fixture->server); - seal_unseal_small_buffer(fixture->server, fixture->client); - alts_zero_copy_grpc_protector_test_fixture_destroy(fixture); - - fixture = alts_zero_copy_grpc_protector_test_fixture_create( - /*rekey=*/true, /*integrity_only=*/false); - seal_unseal_small_buffer(fixture->client, fixture->server); - seal_unseal_small_buffer(fixture->server, fixture->client); - alts_zero_copy_grpc_protector_test_fixture_destroy(fixture); -} - -static void alts_zero_copy_protector_seal_unseal_large_buffer_tests() { - alts_zero_copy_grpc_protector_test_fixture* fixture = - alts_zero_copy_grpc_protector_test_fixture_create( - /*rekey=*/false, /*integrity_only=*/true); - seal_unseal_large_buffer(fixture->client, fixture->server); - seal_unseal_large_buffer(fixture->server, fixture->client); - alts_zero_copy_grpc_protector_test_fixture_destroy(fixture); - - fixture = alts_zero_copy_grpc_protector_test_fixture_create( - /*rekey=*/false, /*integrity_only=*/false); - seal_unseal_large_buffer(fixture->client, fixture->server); - seal_unseal_large_buffer(fixture->server, fixture->client); - alts_zero_copy_grpc_protector_test_fixture_destroy(fixture); - - fixture = alts_zero_copy_grpc_protector_test_fixture_create( - /*rekey=*/true, /*integrity_only=*/true); - seal_unseal_large_buffer(fixture->client, fixture->server); - seal_unseal_large_buffer(fixture->server, fixture->client); - alts_zero_copy_grpc_protector_test_fixture_destroy(fixture); - - fixture = alts_zero_copy_grpc_protector_test_fixture_create( - /*rekey=*/true, /*integrity_only=*/false); - seal_unseal_large_buffer(fixture->client, fixture->server); - seal_unseal_large_buffer(fixture->server, fixture->client); - alts_zero_copy_grpc_protector_test_fixture_destroy(fixture); -} - -int main(int argc, char** argv) { - alts_zero_copy_protector_seal_unseal_small_buffer_tests(); - alts_zero_copy_protector_seal_unseal_large_buffer_tests(); - return 0; -} diff --git a/test/core/tsi/fake_transport_security_test.cc b/test/core/tsi/fake_transport_security_test.cc index 5e6671965d..bec81ed42f 100644 --- a/test/core/tsi/fake_transport_security_test.cc +++ b/test/core/tsi/fake_transport_security_test.cc @@ -107,7 +107,7 @@ void fake_tsi_test_do_round_trip_for_all_configs() { tsi_test_frame_protector_config_destroy(fake_fixture->base.config); fake_fixture->base.config = tsi_test_frame_protector_config_create( bit_array[0], bit_array[1], bit_array[2], bit_array[3], bit_array[4], - bit_array[5], bit_array[6]); + bit_array[5], bit_array[6], bit_array[7]); tsi_test_do_round_trip(&fake_fixture->base); tsi_test_fixture_destroy(fixture); } diff --git a/test/core/tsi/ssl_transport_security_test.cc b/test/core/tsi/ssl_transport_security_test.cc index d9eb7470d5..8f255a3d35 100644 --- a/test/core/tsi/ssl_transport_security_test.cc +++ b/test/core/tsi/ssl_transport_security_test.cc @@ -528,7 +528,7 @@ void ssl_tsi_test_do_round_trip_for_all_configs() { tsi_test_frame_protector_config_destroy(ssl_fixture->base.config); ssl_fixture->base.config = tsi_test_frame_protector_config_create( bit_array[0], bit_array[1], bit_array[2], bit_array[3], bit_array[4], - bit_array[5], bit_array[6]); + bit_array[5], bit_array[6], bit_array[7]); tsi_test_do_round_trip(&ssl_fixture->base); tsi_test_fixture_destroy(fixture); } diff --git a/test/core/tsi/transport_security_test_lib.cc b/test/core/tsi/transport_security_test_lib.cc index 26349dbfca..8ea83f7088 100644 --- a/test/core/tsi/transport_security_test_lib.cc +++ b/test/core/tsi/transport_security_test_lib.cc @@ -110,29 +110,27 @@ static void check_handshake_results(tsi_test_fixture* fixture) { fixture->vtable->check_handshaker_peers(fixture); /* Check unused bytes. */ if (fixture->test_unused_bytes) { - tsi_test_channel* channel = fixture->channel; if (fixture->server_result != nullptr && fixture->client_result != nullptr) { check_unused_bytes(fixture); } - channel->bytes_written_to_server_channel = 0; - channel->bytes_written_to_client_channel = 0; - channel->bytes_read_from_client_channel = 0; - channel->bytes_read_from_server_channel = 0; + fixture->bytes_written_to_server_channel = 0; + fixture->bytes_written_to_client_channel = 0; + fixture->bytes_read_from_client_channel = 0; + fixture->bytes_read_from_server_channel = 0; } } -static void send_bytes_to_peer(tsi_test_channel* test_channel, +static void send_bytes_to_peer(tsi_test_fixture* fixture, const unsigned char* buf, size_t buf_size, bool is_client) { - GPR_ASSERT(test_channel != nullptr); + GPR_ASSERT(fixture != nullptr); GPR_ASSERT(buf != nullptr); uint8_t* channel = - is_client ? test_channel->server_channel : test_channel->client_channel; + is_client ? fixture->server_channel : fixture->client_channel; GPR_ASSERT(channel != nullptr); - size_t* bytes_written = is_client - ? &test_channel->bytes_written_to_server_channel - : &test_channel->bytes_written_to_client_channel; + size_t* bytes_written = is_client ? &fixture->bytes_written_to_server_channel + : &fixture->bytes_written_to_client_channel; GPR_ASSERT(bytes_written != nullptr); GPR_ASSERT(*bytes_written + buf_size <= TSI_TEST_DEFAULT_CHANNEL_SIZE); /* Write data to channel. */ @@ -147,8 +145,7 @@ static void maybe_append_unused_bytes(handshaker_args* args) { if (fixture->test_unused_bytes && !args->appended_unused_bytes) { args->appended_unused_bytes = true; send_bytes_to_peer( - fixture->channel, - reinterpret_cast<const unsigned char*>(TSI_TEST_UNUSED_BYTES), + fixture, reinterpret_cast<const unsigned char*>(TSI_TEST_UNUSED_BYTES), strlen(TSI_TEST_UNUSED_BYTES), args->is_client); if (fixture->client_result != nullptr && fixture->server_result == nullptr) { @@ -157,21 +154,19 @@ static void maybe_append_unused_bytes(handshaker_args* args) { } } -static void receive_bytes_from_peer(tsi_test_channel* test_channel, +static void receive_bytes_from_peer(tsi_test_fixture* fixture, unsigned char** buf, size_t* buf_size, bool is_client) { - GPR_ASSERT(test_channel != nullptr); + GPR_ASSERT(fixture != nullptr); GPR_ASSERT(*buf != nullptr); GPR_ASSERT(buf_size != nullptr); uint8_t* channel = - is_client ? test_channel->client_channel : test_channel->server_channel; + is_client ? fixture->client_channel : fixture->server_channel; GPR_ASSERT(channel != nullptr); - size_t* bytes_read = is_client - ? &test_channel->bytes_read_from_client_channel - : &test_channel->bytes_read_from_server_channel; - size_t* bytes_written = is_client - ? &test_channel->bytes_written_to_client_channel - : &test_channel->bytes_written_to_server_channel; + size_t* bytes_read = is_client ? &fixture->bytes_read_from_client_channel + : &fixture->bytes_read_from_server_channel; + size_t* bytes_written = is_client ? &fixture->bytes_written_to_client_channel + : &fixture->bytes_written_to_server_channel; GPR_ASSERT(bytes_read != nullptr); GPR_ASSERT(bytes_written != nullptr); size_t to_read = *buf_size < *bytes_written - *bytes_read @@ -183,13 +178,14 @@ static void receive_bytes_from_peer(tsi_test_channel* test_channel, *bytes_read += to_read; } -void tsi_test_frame_protector_send_message_to_peer( - tsi_test_frame_protector_config* config, tsi_test_channel* channel, - tsi_frame_protector* protector, bool is_client) { +static void send_message_to_peer(tsi_test_fixture* fixture, + tsi_frame_protector* protector, + bool is_client) { /* Initialization. */ - GPR_ASSERT(config != nullptr); - GPR_ASSERT(channel != nullptr); + GPR_ASSERT(fixture != nullptr); + GPR_ASSERT(fixture->config != nullptr); GPR_ASSERT(protector != nullptr); + tsi_test_frame_protector_config* config = fixture->config; unsigned char* protected_buffer = static_cast<unsigned char*>(gpr_zalloc(config->protected_buffer_size)); size_t message_size = @@ -209,7 +205,7 @@ void tsi_test_frame_protector_send_message_to_peer( &protected_buffer_size_to_send); GPR_ASSERT(result == TSI_OK); /* Send protected data to peer. */ - send_bytes_to_peer(channel, protected_buffer, protected_buffer_size_to_send, + send_bytes_to_peer(fixture, protected_buffer, protected_buffer_size_to_send, is_client); message_bytes += processed_message_size; message_size -= processed_message_size; @@ -222,7 +218,7 @@ void tsi_test_frame_protector_send_message_to_peer( protector, protected_buffer, &protected_buffer_size_to_send, &still_pending_size); GPR_ASSERT(result == TSI_OK); - send_bytes_to_peer(channel, protected_buffer, + send_bytes_to_peer(fixture, protected_buffer, protected_buffer_size_to_send, is_client); } while (still_pending_size > 0 && result == TSI_OK); GPR_ASSERT(result == TSI_OK); @@ -232,16 +228,17 @@ void tsi_test_frame_protector_send_message_to_peer( gpr_free(protected_buffer); } -void tsi_test_frame_protector_receive_message_from_peer( - tsi_test_frame_protector_config* config, tsi_test_channel* channel, - tsi_frame_protector* protector, unsigned char* message, - size_t* bytes_received, bool is_client) { +static void receive_message_from_peer(tsi_test_fixture* fixture, + tsi_frame_protector* protector, + unsigned char* message, + size_t* bytes_received, bool is_client) { /* Initialization. */ - GPR_ASSERT(config != nullptr); - GPR_ASSERT(channel != nullptr); + GPR_ASSERT(fixture != nullptr); GPR_ASSERT(protector != nullptr); GPR_ASSERT(message != nullptr); GPR_ASSERT(bytes_received != nullptr); + GPR_ASSERT(fixture->config != nullptr); + tsi_test_frame_protector_config* config = fixture->config; size_t read_offset = 0; size_t message_offset = 0; size_t read_from_peer_size = 0; @@ -256,7 +253,7 @@ void tsi_test_frame_protector_receive_message_from_peer( /* Receive data from peer. */ if (read_from_peer_size == 0) { read_from_peer_size = config->read_buffer_allocated_size; - receive_bytes_from_peer(channel, &read_buffer, &read_from_peer_size, + receive_bytes_from_peer(fixture, &read_buffer, &read_from_peer_size, is_client); read_offset = 0; } @@ -317,7 +314,7 @@ grpc_error* on_handshake_next_done(tsi_result result, void* user_data, } /* Send data to peer, if needed. */ if (bytes_to_send_size > 0) { - send_bytes_to_peer(fixture->channel, bytes_to_send, bytes_to_send_size, + send_bytes_to_peer(args->fixture, bytes_to_send, bytes_to_send_size, args->is_client); args->transferred_data = true; } @@ -364,8 +361,8 @@ static void do_handshaker_next(handshaker_args* args) { /* Receive data from peer, if available. */ do { size_t buf_size = args->handshake_buffer_size; - receive_bytes_from_peer(fixture->channel, &args->handshake_buffer, - &buf_size, args->is_client); + receive_bytes_from_peer(args->fixture, &args->handshake_buffer, &buf_size, + args->is_client); if (buf_size > 0) { args->transferred_data = true; } @@ -414,50 +411,6 @@ void tsi_test_do_handshake(tsi_test_fixture* fixture) { handshaker_args_destroy(server_args); } -static void tsi_test_do_ping_pong(tsi_test_frame_protector_config* config, - tsi_test_channel* channel, - tsi_frame_protector* client_frame_protector, - tsi_frame_protector* server_frame_protector) { - GPR_ASSERT(config != nullptr); - GPR_ASSERT(channel != nullptr); - GPR_ASSERT(client_frame_protector != nullptr); - GPR_ASSERT(server_frame_protector != nullptr); - /* Client sends a message to server. */ - tsi_test_frame_protector_send_message_to_peer( - config, channel, client_frame_protector, true /* is_client */); - unsigned char* server_received_message = - static_cast<unsigned char*>(gpr_zalloc(TSI_TEST_DEFAULT_CHANNEL_SIZE)); - size_t server_received_message_size = 0; - tsi_test_frame_protector_receive_message_from_peer( - config, channel, server_frame_protector, server_received_message, - &server_received_message_size, false /* is_client */); - GPR_ASSERT(config->client_message_size == server_received_message_size); - GPR_ASSERT(memcmp(config->client_message, server_received_message, - server_received_message_size) == 0); - /* Server sends a message to client. */ - tsi_test_frame_protector_send_message_to_peer( - config, channel, server_frame_protector, false /* is_client */); - unsigned char* client_received_message = - static_cast<unsigned char*>(gpr_zalloc(TSI_TEST_DEFAULT_CHANNEL_SIZE)); - size_t client_received_message_size = 0; - tsi_test_frame_protector_receive_message_from_peer( - config, channel, client_frame_protector, client_received_message, - &client_received_message_size, true /* is_client */); - GPR_ASSERT(config->server_message_size == client_received_message_size); - GPR_ASSERT(memcmp(config->server_message, client_received_message, - client_received_message_size) == 0); - gpr_free(server_received_message); - gpr_free(client_received_message); -} - -void tsi_test_frame_protector_do_round_trip_no_handshake( - tsi_test_frame_protector_fixture* fixture) { - GPR_ASSERT(fixture != nullptr); - tsi_test_do_ping_pong(fixture->config, fixture->channel, - fixture->client_frame_protector, - fixture->server_frame_protector); -} - void tsi_test_do_round_trip(tsi_test_fixture* fixture) { /* Initialization. */ GPR_ASSERT(fixture != nullptr); @@ -484,11 +437,33 @@ void tsi_test_do_round_trip(tsi_test_fixture* fixture) { ? nullptr : &server_max_output_protected_frame_size, &server_frame_protector) == TSI_OK); - tsi_test_do_ping_pong(config, fixture->channel, client_frame_protector, - server_frame_protector); + /* Client sends a message to server. */ + send_message_to_peer(fixture, client_frame_protector, true /* is_client */); + unsigned char* server_received_message = + static_cast<unsigned char*>(gpr_zalloc(TSI_TEST_DEFAULT_CHANNEL_SIZE)); + size_t server_received_message_size = 0; + receive_message_from_peer( + fixture, server_frame_protector, server_received_message, + &server_received_message_size, false /* is_client */); + GPR_ASSERT(config->client_message_size == server_received_message_size); + GPR_ASSERT(memcmp(config->client_message, server_received_message, + server_received_message_size) == 0); + /* Server sends a message to client. */ + send_message_to_peer(fixture, server_frame_protector, false /* is_client */); + unsigned char* client_received_message = + static_cast<unsigned char*>(gpr_zalloc(TSI_TEST_DEFAULT_CHANNEL_SIZE)); + size_t client_received_message_size = 0; + receive_message_from_peer( + fixture, client_frame_protector, client_received_message, + &client_received_message_size, true /* is_client */); + GPR_ASSERT(config->server_message_size == client_received_message_size); + GPR_ASSERT(memcmp(config->server_message, client_received_message, + client_received_message_size) == 0); /* Destroy server and client frame protectors. */ tsi_frame_protector_destroy(client_frame_protector); tsi_frame_protector_destroy(server_frame_protector); + gpr_free(server_received_message); + gpr_free(client_received_message); } static unsigned char* generate_random_message(size_t size) { @@ -508,7 +483,8 @@ tsi_test_frame_protector_config* tsi_test_frame_protector_config_create( bool use_default_protected_buffer_size, bool use_default_client_message, bool use_default_server_message, bool use_default_client_max_output_protected_frame_size, - bool use_default_server_max_output_protected_frame_size) { + bool use_default_server_max_output_protected_frame_size, + bool use_default_handshake_buffer_size) { tsi_test_frame_protector_config* config = static_cast<tsi_test_frame_protector_config*>( gpr_zalloc(sizeof(*config))); @@ -576,42 +552,24 @@ void tsi_test_frame_protector_config_set_buffer_size( void tsi_test_frame_protector_config_destroy( tsi_test_frame_protector_config* config) { - if (config == nullptr) { - return; - } + GPR_ASSERT(config != nullptr); gpr_free(config->client_message); gpr_free(config->server_message); gpr_free(config); } -static tsi_test_channel* tsi_test_channel_create() { - tsi_test_channel* channel = - static_cast<tsi_test_channel*>(gpr_zalloc(sizeof(*channel))); - channel->client_channel = - static_cast<uint8_t*>(gpr_zalloc(TSI_TEST_DEFAULT_CHANNEL_SIZE)); - channel->server_channel = - static_cast<uint8_t*>(gpr_zalloc(TSI_TEST_DEFAULT_CHANNEL_SIZE)); - channel->bytes_written_to_client_channel = 0; - channel->bytes_written_to_server_channel = 0; - channel->bytes_read_from_client_channel = 0; - channel->bytes_read_from_server_channel = 0; - return channel; -} - -static void tsi_test_channel_destroy(tsi_test_channel* channel) { - if (channel == nullptr) { - return; - } - gpr_free(channel->client_channel); - gpr_free(channel->server_channel); - gpr_free(channel); -} - void tsi_test_fixture_init(tsi_test_fixture* fixture) { fixture->config = tsi_test_frame_protector_config_create( - true, true, true, true, true, true, true); + true, true, true, true, true, true, true, true); fixture->handshake_buffer_size = TSI_TEST_DEFAULT_BUFFER_SIZE; - fixture->channel = tsi_test_channel_create(); + fixture->client_channel = + static_cast<uint8_t*>(gpr_zalloc(TSI_TEST_DEFAULT_CHANNEL_SIZE)); + fixture->server_channel = + static_cast<uint8_t*>(gpr_zalloc(TSI_TEST_DEFAULT_CHANNEL_SIZE)); + fixture->bytes_written_to_client_channel = 0; + fixture->bytes_written_to_server_channel = 0; + fixture->bytes_read_from_client_channel = 0; + fixture->bytes_read_from_server_channel = 0; fixture->test_unused_bytes = true; fixture->has_client_finished_first = false; gpr_mu_init(&fixture->mu); @@ -620,15 +578,14 @@ void tsi_test_fixture_init(tsi_test_fixture* fixture) { } void tsi_test_fixture_destroy(tsi_test_fixture* fixture) { - if (fixture == nullptr) { - return; - } + GPR_ASSERT(fixture != nullptr); tsi_test_frame_protector_config_destroy(fixture->config); tsi_handshaker_destroy(fixture->client_handshaker); tsi_handshaker_destroy(fixture->server_handshaker); tsi_handshaker_result_destroy(fixture->client_result); tsi_handshaker_result_destroy(fixture->server_result); - tsi_test_channel_destroy(fixture->channel); + gpr_free(fixture->client_channel); + gpr_free(fixture->server_channel); GPR_ASSERT(fixture->vtable != nullptr); GPR_ASSERT(fixture->vtable->destruct != nullptr); fixture->vtable->destruct(fixture); @@ -636,34 +593,3 @@ void tsi_test_fixture_destroy(tsi_test_fixture* fixture) { gpr_cv_destroy(&fixture->cv); gpr_free(fixture); } - -tsi_test_frame_protector_fixture* tsi_test_frame_protector_fixture_create() { - tsi_test_frame_protector_fixture* fixture = - static_cast<tsi_test_frame_protector_fixture*>( - gpr_zalloc(sizeof(*fixture))); - fixture->config = tsi_test_frame_protector_config_create( - true, true, true, true, true, true, true); - fixture->channel = tsi_test_channel_create(); - return fixture; -} - -void tsi_test_frame_protector_fixture_init( - tsi_test_frame_protector_fixture* fixture, - tsi_frame_protector* client_frame_protector, - tsi_frame_protector* server_frame_protector) { - GPR_ASSERT(fixture != nullptr); - fixture->client_frame_protector = client_frame_protector; - fixture->server_frame_protector = server_frame_protector; -} - -void tsi_test_frame_protector_fixture_destroy( - tsi_test_frame_protector_fixture* fixture) { - if (fixture == nullptr) { - return; - } - tsi_test_frame_protector_config_destroy(fixture->config); - tsi_test_channel_destroy(fixture->channel); - tsi_frame_protector_destroy(fixture->client_frame_protector); - tsi_frame_protector_destroy(fixture->server_frame_protector); - gpr_free(fixture); -} diff --git a/test/core/tsi/transport_security_test_lib.h b/test/core/tsi/transport_security_test_lib.h index b6a431f5a0..9b07448cc5 100644 --- a/test/core/tsi/transport_security_test_lib.h +++ b/test/core/tsi/transport_security_test_lib.h @@ -35,8 +35,8 @@ #define TSI_TEST_DEFAULT_CHANNEL_SIZE 32768 #define TSI_TEST_BIG_MESSAGE_SIZE 17000 #define TSI_TEST_SMALL_MESSAGE_SIZE 10 -#define TSI_TEST_NUM_OF_ARGUMENTS 7 -#define TSI_TEST_NUM_OF_COMBINATIONS 128 +#define TSI_TEST_NUM_OF_ARGUMENTS 8 +#define TSI_TEST_NUM_OF_COMBINATIONS 256 #define TSI_TEST_UNUSED_BYTES "HELLO GOOGLE" /* --- tsi_test_fixture object --- @@ -46,22 +46,12 @@ protect/unprotect operations with respect to TSI implementations. */ typedef struct tsi_test_fixture tsi_test_fixture; -/* --- tsi_test_frame_protector_fixture object --- - The object wraps all necessary information used to test correctness of TSI - frame protector implementations. */ -typedef struct tsi_test_frame_protector_fixture - tsi_test_frame_protector_fixture; - /* --- tsi_test_frame_protector_config object --- + This object is used to configure different parameters of TSI frame protector APIs. */ typedef struct tsi_test_frame_protector_config tsi_test_frame_protector_config; -/* --- tsi_test_channel object --- - This object represents simulated channels between the client and server - from/to which they could read/write the exchanged information. */ -typedef struct tsi_test_channel tsi_test_channel; - /* V-table for tsi_test_fixture operations that are implemented differently in different TSI implementations. */ typedef struct tsi_test_fixture_vtable { @@ -83,8 +73,17 @@ struct tsi_test_fixture { tsi_handshaker_result* server_result; /* size of buffer used to store data received from the peer. */ size_t handshake_buffer_size; - /* tsi_test_channel instance. */ - tsi_test_channel* channel; + /* simulated channels between client and server. If the server (client) + wants to send data to the client (server), he will write data to + client_channel (server_channel), which will be read by client (server). */ + uint8_t* client_channel; + uint8_t* server_channel; + /* size of data written to the client/server channel. */ + size_t bytes_written_to_client_channel; + size_t bytes_written_to_server_channel; + /* size of data read from the client/server channel */ + size_t bytes_read_from_client_channel; + size_t bytes_read_from_server_channel; /* tsi_test_frame_protector_config instance */ tsi_test_frame_protector_config* config; /* a flag indicating if client has finished TSI handshake first (i.e., before @@ -107,30 +106,6 @@ struct tsi_test_fixture { bool notified; }; -struct tsi_test_frame_protector_fixture { - /* client/server TSI frame protectors whose ownership are transferred. */ - tsi_frame_protector* client_frame_protector; - tsi_frame_protector* server_frame_protector; - /* tsi_test_channel instance. */ - tsi_test_channel* channel; - /* tsi_test_frame_protector_config instance */ - tsi_test_frame_protector_config* config; -}; - -struct tsi_test_channel { - /* simulated channels between client and server. If the server (client) - wants to send data to the client (server), he will write data to - client_channel (server_channel), which will be read by client (server). */ - uint8_t* client_channel; - uint8_t* server_channel; - /* size of data written to the client/server channel. */ - size_t bytes_written_to_client_channel; - size_t bytes_written_to_server_channel; - /* size of data read from the client/server channel */ - size_t bytes_read_from_client_channel; - size_t bytes_read_from_server_channel; -}; - struct tsi_test_frame_protector_config { /* size of buffer used to store protected frames to be unprotected. */ size_t read_buffer_allocated_size; @@ -160,7 +135,8 @@ tsi_test_frame_protector_config* tsi_test_frame_protector_config_create( bool use_default_protected_buffer_size, bool use_default_client_message, bool use_default_server_message, bool use_default_client_max_output_protected_frame_size, - bool use_default_server_max_output_protected_frame_size); + bool use_default_server_max_output_protected_frame_size, + bool use_default_handshake_buffer_size); /* This method sets different buffer and frame sizes of a tsi_test_frame_protector_config instance with user provided values. */ @@ -184,35 +160,6 @@ void tsi_test_fixture_init(tsi_test_fixture* fixture); this function. */ void tsi_test_fixture_destroy(tsi_test_fixture* fixture); -/* This method creates a tsi_test_frame_protector_fixture instance. */ -tsi_test_frame_protector_fixture* tsi_test_frame_protector_fixture_create(); - -/* This method initializes members of tsi_test_frame_protector_fixture instance. - Note that the struct instance should be allocated before making - this call. */ -void tsi_test_frame_protector_fixture_init( - tsi_test_frame_protector_fixture* fixture, - tsi_frame_protector* client_frame_protector, - tsi_frame_protector* server_frame_protector); - -/* This method destroys a tsi_test_frame_protector_fixture instance. Note that - the fixture intance must be dynamically allocated and will be freed by this - function. */ -void tsi_test_frame_protector_fixture_destroy( - tsi_test_frame_protector_fixture* fixture); - -/* This method performs a protect opeation on raw data and sends the result to - peer. */ -void tsi_test_frame_protector_send_message_to_peer( - tsi_test_frame_protector_config* config, tsi_test_channel* channel, - tsi_frame_protector* protector, bool is_client); - -/* This method receives message from peer and unprotects it. */ -void tsi_test_frame_protector_receive_message_from_peer( - tsi_test_frame_protector_config* config, tsi_test_channel* channel, - tsi_frame_protector* protector, unsigned char* message, - size_t* bytes_received, bool is_client); - /* This method performs a full TSI handshake between a client and a server. Note that the test library will implement the new TSI handshaker API to perform handshakes. */ @@ -224,8 +171,4 @@ void tsi_test_do_handshake(tsi_test_fixture* fixture); the client and server switching its role. */ void tsi_test_do_round_trip(tsi_test_fixture* fixture); -/* This method performs the above round trip test without doing handshakes. */ -void tsi_test_frame_protector_do_round_trip_no_handshake( - tsi_test_frame_protector_fixture* fixture); - #endif // GRPC_TEST_CORE_TSI_TRANSPORT_SECURITY_TEST_LIB_H_ diff --git a/third_party/nanopb/pb.h b/third_party/nanopb/pb.h index 62dca73f4f..4576f79abc 100644 --- a/third_party/nanopb/pb.h +++ b/third_party/nanopb/pb.h @@ -25,7 +25,7 @@ /* #define PB_FIELD_16BIT 1 */ /* Add support for tag numbers > 65536 and fields larger than 65536 bytes. */ -/* #define PB_FIELD_32BIT 1 */ +/* #define PB_FIELD_32BIT 1 */ /* Disable support for error messages in order to save some code space. */ /* #define PB_NO_ERRMSG 1 */ diff --git a/tools/codegen/core/gen_nano_proto.sh b/tools/codegen/core/gen_nano_proto.sh index 6ce15178bd..4246840173 100755 --- a/tools/codegen/core/gen_nano_proto.sh +++ b/tools/codegen/core/gen_nano_proto.sh @@ -43,9 +43,9 @@ if [[ ! -f "$INPUT_PROTO" ]]; then echo "Input proto file '$INPUT_PROTO' doesn't exist." exit 2 fi - if [[ ! -f "${EXPECTED_OPTIONS_FILE_PATH}" ]]; then - echo "Input proto file may need .options file to be correctly compiled." + echo "Expected nanopb options file '${EXPECTED_OPTIONS_FILE_PATH}' missing" + exit 3 fi if [[ "${OUTPUT_DIR:0:1}" != '/' ]]; then @@ -81,11 +81,6 @@ readonly PROTO_BASENAME=$(basename $INPUT_PROTO .proto) sed -i "s:$PROTO_BASENAME.pb.h:${GRPC_OUTPUT_DIR}/$PROTO_BASENAME.pb.h:g" \ "$OUTPUT_DIR/$PROTO_BASENAME.pb.c" -if [ $PROTO_BASENAME == "handshaker" ] || [ $PROTO_BASENAME == "altscontext" ]; then - sed -i "s:transport_security_common.pb.h:${GRPC_OUTPUT_DIR}/transport_security_common.pb.h:g" \ - "$OUTPUT_DIR/$PROTO_BASENAME.pb.h" -fi - # Fix up the include guards such that they pass the check_include_guards.py # test. Assumes that the generated files are being placed in gRPC src dir. readonly INCLUDE_GUARD_BASE=`echo $GRPC_OUTPUT_DIR | tr [a-z/] [A-Z_] | sed s:^.*SRC_::` diff --git a/tools/distrib/check_copyright.py b/tools/distrib/check_copyright.py index e7893a1fd5..6e1a303fb0 100755 --- a/tools/distrib/check_copyright.py +++ b/tools/distrib/check_copyright.py @@ -77,12 +77,6 @@ _EXEMPT = frozenset(( 'examples/python/route_guide/route_guide_pb2_grpc.py', 'src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.h', 'src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c', - 'src/core/tsi/alts/handshaker/altscontext.pb.h', - 'src/core/tsi/alts/handshaker/altscontext.pb.c', - 'src/core/tsi/alts/handshaker/handshaker.pb.h', - 'src/core/tsi/alts/handshaker/handshaker.pb.c', - 'src/core/tsi/alts/handshaker/transport_security_common.pb.h', - 'src/core/tsi/alts/handshaker/transport_security_common.pb.c', 'src/cpp/server/health/health.pb.h', 'src/cpp/server/health/health.pb.c', diff --git a/tools/distrib/check_include_guards.py b/tools/distrib/check_include_guards.py index b356a74d2d..05d34c2b28 100755 --- a/tools/distrib/check_include_guards.py +++ b/tools/distrib/check_include_guards.py @@ -157,9 +157,6 @@ args = argp.parse_args() KNOWN_BAD = set([ 'src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.h', - 'src/core/tsi/alts/handshaker/altscontext.pb.h', - 'src/core/tsi/alts/handshaker/handshaker.pb.h', - 'src/core/tsi/alts/handshaker/transport_security_common.pb.h', 'include/grpc++/ext/reflection.grpc.pb.h', 'include/grpc++/ext/reflection.pb.h', ]) diff --git a/tools/distrib/check_nanopb_output.sh b/tools/distrib/check_nanopb_output.sh index 8b5823b938..a30b73f689 100755 --- a/tools/distrib/check_nanopb_output.sh +++ b/tools/distrib/check_nanopb_output.sh @@ -15,7 +15,6 @@ set -ex -readonly NANOPB_ALTS_TMP_OUTPUT="$(mktemp -d)" readonly NANOPB_TMP_OUTPUT="$(mktemp -d)" readonly PROTOBUF_INSTALL_PREFIX="$(mktemp -d)" @@ -56,29 +55,3 @@ if ! diff -r "$NANOPB_TMP_OUTPUT" src/core/ext/filters/client_channel/lb_policy/ echo "Outputs differ: $NANOPB_TMP_OUTPUT vs $LOAD_BALANCER_GRPC_OUTPUT_PATH" exit 2 fi - -# -# Checks for handshaker.proto and transport_security_common.proto -# -readonly HANDSHAKER_GRPC_OUTPUT_PATH='src/core/tsi/alts/handshaker' -# nanopb-compile the proto to a temp location -./tools/codegen/core/gen_nano_proto.sh \ - src/core/tsi/alts/handshaker/proto/handshaker.proto \ - "$NANOPB_ALTS_TMP_OUTPUT" \ - "$HANDSHAKER_GRPC_OUTPUT_PATH" -./tools/codegen/core/gen_nano_proto.sh \ - src/core/tsi/alts/handshaker/proto/transport_security_common.proto \ - "$NANOPB_ALTS_TMP_OUTPUT" \ - "$HANDSHAKER_GRPC_OUTPUT_PATH" -./tools/codegen/core/gen_nano_proto.sh \ - src/core/tsi/alts/handshaker/proto/altscontext.proto \ - "$NANOPB_ALTS_TMP_OUTPUT" \ - "$HANDSHAKER_GRPC_OUTPUT_PATH" - -# compare outputs to checked compiled code -for NANOPB_OUTPUT_FILE in $NANOPB_ALTS_TMP_OUTPUT/*.pb.*; do - if ! diff "$NANOPB_OUTPUT_FILE" "src/core/tsi/alts/handshaker/$(basename $NANOPB_OUTPUT_FILE)"; then - echo "Outputs differ: $NANOPB_ALTS_TMP_OUTPUT vs $HANDSHAKER_GRPC_OUTPUT_PATH" - exit 2 - fi -done diff --git a/tools/doxygen/Doxyfile.core.internal b/tools/doxygen/Doxyfile.core.internal index e7e9e04979..57f9147f44 100644 --- a/tools/doxygen/Doxyfile.core.internal +++ b/tools/doxygen/Doxyfile.core.internal @@ -1284,17 +1284,6 @@ src/core/lib/profiling/stap_timers.cc \ src/core/lib/profiling/timers.h \ src/core/lib/security/context/security_context.cc \ src/core/lib/security/context/security_context.h \ -src/core/lib/security/credentials/alts/alts_credentials.cc \ -src/core/lib/security/credentials/alts/alts_credentials.h \ -src/core/lib/security/credentials/alts/check_gcp_environment.cc \ -src/core/lib/security/credentials/alts/check_gcp_environment.h \ -src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc \ -src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc \ -src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc \ -src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc \ -src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc \ -src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h \ -src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc \ src/core/lib/security/credentials/composite/composite_credentials.cc \ src/core/lib/security/credentials/composite/composite_credentials.h \ src/core/lib/security/credentials/credentials.cc \ @@ -1319,8 +1308,6 @@ src/core/lib/security/credentials/plugin/plugin_credentials.cc \ src/core/lib/security/credentials/plugin/plugin_credentials.h \ src/core/lib/security/credentials/ssl/ssl_credentials.cc \ src/core/lib/security/credentials/ssl/ssl_credentials.h \ -src/core/lib/security/security_connector/alts_security_connector.cc \ -src/core/lib/security/security_connector/alts_security_connector.h \ src/core/lib/security/security_connector/security_connector.cc \ src/core/lib/security/security_connector/security_connector.h \ src/core/lib/security/transport/auth_filters.h \ @@ -1414,53 +1401,6 @@ src/core/lib/transport/transport_impl.h \ src/core/lib/transport/transport_op_string.cc \ src/core/plugin_registry/grpc_plugin_registry.cc \ src/core/tsi/README.md \ -src/core/tsi/alts/crypt/aes_gcm.cc \ -src/core/tsi/alts/crypt/gsec.cc \ -src/core/tsi/alts/crypt/gsec.h \ -src/core/tsi/alts/frame_protector/alts_counter.cc \ -src/core/tsi/alts/frame_protector/alts_counter.h \ -src/core/tsi/alts/frame_protector/alts_crypter.cc \ -src/core/tsi/alts/frame_protector/alts_crypter.h \ -src/core/tsi/alts/frame_protector/alts_frame_protector.cc \ -src/core/tsi/alts/frame_protector/alts_frame_protector.h \ -src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc \ -src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h \ -src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc \ -src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc \ -src/core/tsi/alts/frame_protector/frame_handler.cc \ -src/core/tsi/alts/frame_protector/frame_handler.h \ -src/core/tsi/alts/handshaker/alts_handshaker_client.cc \ -src/core/tsi/alts/handshaker/alts_handshaker_client.h \ -src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc \ -src/core/tsi/alts/handshaker/alts_handshaker_service_api.h \ -src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc \ -src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h \ -src/core/tsi/alts/handshaker/alts_tsi_event.cc \ -src/core/tsi/alts/handshaker/alts_tsi_event.h \ -src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc \ -src/core/tsi/alts/handshaker/alts_tsi_handshaker.h \ -src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h \ -src/core/tsi/alts/handshaker/alts_tsi_utils.cc \ -src/core/tsi/alts/handshaker/alts_tsi_utils.h \ -src/core/tsi/alts/handshaker/altscontext.pb.c \ -src/core/tsi/alts/handshaker/altscontext.pb.h \ -src/core/tsi/alts/handshaker/handshaker.pb.c \ -src/core/tsi/alts/handshaker/handshaker.pb.h \ -src/core/tsi/alts/handshaker/transport_security_common.pb.c \ -src/core/tsi/alts/handshaker/transport_security_common.pb.h \ -src/core/tsi/alts/handshaker/transport_security_common_api.cc \ -src/core/tsi/alts/handshaker/transport_security_common_api.h \ -src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc \ -src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h \ -src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc \ -src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h \ -src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h \ -src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc \ -src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h \ -src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc \ -src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h \ -src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc \ -src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h \ src/core/tsi/alts_transport_security.cc \ src/core/tsi/alts_transport_security.h \ src/core/tsi/fake_transport_security.cc \ diff --git a/tools/run_tests/generated/sources_and_headers.json b/tools/run_tests/generated/sources_and_headers.json index 724967145e..6b8b26f41b 100644 --- a/tools/run_tests/generated/sources_and_headers.json +++ b/tools/run_tests/generated/sources_and_headers.json @@ -2417,215 +2417,6 @@ }, { "deps": [ - "alts_test_util", - "gpr", - "grpc" - ], - "headers": [], - "is_filegroup": false, - "language": "c++", - "name": "alts_counter_test", - "src": [ - "test/core/tsi/alts/frame_protector/alts_counter_test.cc" - ], - "third_party": false, - "type": "target" - }, - { - "deps": [ - "alts_test_util", - "gpr", - "gpr_test_util", - "grpc" - ], - "headers": [], - "is_filegroup": false, - "language": "c++", - "name": "alts_crypt_test", - "src": [ - "test/core/tsi/alts/crypt/aes_gcm_test.cc" - ], - "third_party": false, - "type": "target" - }, - { - "deps": [ - "alts_test_util", - "gpr", - "grpc" - ], - "headers": [], - "is_filegroup": false, - "language": "c++", - "name": "alts_crypter_test", - "src": [ - "test/core/tsi/alts/frame_protector/alts_crypter_test.cc" - ], - "third_party": false, - "type": "target" - }, - { - "deps": [ - "alts_test_util", - "gpr", - "grpc" - ], - "headers": [], - "is_filegroup": false, - "language": "c++", - "name": "alts_frame_handler_test", - "src": [ - "test/core/tsi/alts/frame_protector/frame_handler_test.cc" - ], - "third_party": false, - "type": "target" - }, - { - "deps": [ - "alts_test_util", - "gpr", - "grpc", - "transport_security_test_lib" - ], - "headers": [], - "is_filegroup": false, - "language": "c++", - "name": "alts_frame_protector_test", - "src": [ - "test/core/tsi/alts/frame_protector/alts_frame_protector_test.cc" - ], - "third_party": false, - "type": "target" - }, - { - "deps": [ - "alts_test_util", - "gpr", - "grpc" - ], - "headers": [], - "is_filegroup": false, - "language": "c++", - "name": "alts_grpc_record_protocol_test", - "src": [ - "test/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_test.cc" - ], - "third_party": false, - "type": "target" - }, - { - "deps": [ - "alts_test_util", - "gpr", - "grpc" - ], - "headers": [], - "is_filegroup": false, - "language": "c++", - "name": "alts_handshaker_client_test", - "src": [ - "test/core/tsi/alts/handshaker/alts_handshaker_client_test.cc" - ], - "third_party": false, - "type": "target" - }, - { - "deps": [ - "alts_test_util", - "gpr", - "grpc" - ], - "headers": [], - "is_filegroup": false, - "language": "c++", - "name": "alts_handshaker_service_api_test", - "src": [ - "test/core/tsi/alts/handshaker/alts_handshaker_service_api_test.cc" - ], - "third_party": false, - "type": "target" - }, - { - "deps": [ - "alts_test_util", - "gpr", - "grpc" - ], - "headers": [], - "is_filegroup": false, - "language": "c++", - "name": "alts_iovec_record_protocol_test", - "src": [ - "test/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol_test.cc" - ], - "third_party": false, - "type": "target" - }, - { - "deps": [ - "gpr", - "grpc" - ], - "headers": [], - "is_filegroup": false, - "language": "c++", - "name": "alts_security_connector_test", - "src": [ - "test/core/security/alts_security_connector_test.cc" - ], - "third_party": false, - "type": "target" - }, - { - "deps": [ - "alts_test_util", - "gpr", - "grpc" - ], - "headers": [], - "is_filegroup": false, - "language": "c++", - "name": "alts_tsi_handshaker_test", - "src": [ - "test/core/tsi/alts/handshaker/alts_tsi_handshaker_test.cc" - ], - "third_party": false, - "type": "target" - }, - { - "deps": [ - "alts_test_util", - "gpr", - "grpc" - ], - "headers": [], - "is_filegroup": false, - "language": "c++", - "name": "alts_tsi_utils_test", - "src": [ - "test/core/tsi/alts/handshaker/alts_tsi_utils_test.cc" - ], - "third_party": false, - "type": "target" - }, - { - "deps": [ - "alts_test_util", - "gpr", - "grpc" - ], - "headers": [], - "is_filegroup": false, - "language": "c++", - "name": "alts_zero_copy_grpc_protector_test", - "src": [ - "test/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector_test.cc" - ], - "third_party": false, - "type": "target" - }, - { - "deps": [ "gpr", "gpr_test_util", "grpc", @@ -3037,36 +2828,6 @@ { "deps": [ "gpr", - "grpc" - ], - "headers": [], - "is_filegroup": false, - "language": "c++", - "name": "check_gcp_environment_linux_test", - "src": [ - "test/core/security/check_gcp_environment_linux_test.cc" - ], - "third_party": false, - "type": "target" - }, - { - "deps": [ - "gpr", - "grpc" - ], - "headers": [], - "is_filegroup": false, - "language": "c++", - "name": "check_gcp_environment_windows_test", - "src": [ - "test/core/security/check_gcp_environment_windows_test.cc" - ], - "third_party": false, - "type": "target" - }, - { - "deps": [ - "gpr", "gpr_test_util", "grpc", "grpc_test_util" @@ -3452,21 +3213,6 @@ { "deps": [ "gpr", - "grpc" - ], - "headers": [], - "is_filegroup": false, - "language": "c++", - "name": "grpc_alts_credentials_options_test", - "src": [ - "test/core/security/grpc_alts_credentials_options_test.cc" - ], - "third_party": false, - "type": "target" - }, - { - "deps": [ - "gpr", "grpc", "grpc++", "grpc++_proto_reflection_desc_db", @@ -4627,22 +4373,6 @@ }, { "deps": [ - "alts_test_util", - "gpr", - "grpc" - ], - "headers": [], - "is_filegroup": false, - "language": "c++", - "name": "transport_security_common_api_test", - "src": [ - "test/core/tsi/alts/handshaker/transport_security_common_api_test.cc" - ], - "third_party": false, - "type": "target" - }, - { - "deps": [ "gpr", "gpr_test_util", "grpc", @@ -6561,26 +6291,6 @@ }, { "deps": [ - "grpc" - ], - "headers": [ - "test/core/tsi/alts/crypt/gsec_test_util.h", - "test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.h" - ], - "is_filegroup": false, - "language": "c", - "name": "alts_test_util", - "src": [ - "test/core/tsi/alts/crypt/gsec_test_util.cc", - "test/core/tsi/alts/crypt/gsec_test_util.h", - "test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.cc", - "test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.h" - ], - "third_party": false, - "type": "lib" - }, - { - "deps": [ "gpr_base" ], "headers": [], @@ -8579,138 +8289,6 @@ }, { "deps": [ - "nanopb" - ], - "headers": [ - "src/core/tsi/alts/handshaker/altscontext.pb.h", - "src/core/tsi/alts/handshaker/handshaker.pb.h", - "src/core/tsi/alts/handshaker/transport_security_common.pb.h" - ], - "is_filegroup": true, - "language": "c", - "name": "alts_proto", - "src": [ - "src/core/tsi/alts/handshaker/altscontext.pb.c", - "src/core/tsi/alts/handshaker/altscontext.pb.h", - "src/core/tsi/alts/handshaker/handshaker.pb.c", - "src/core/tsi/alts/handshaker/handshaker.pb.h", - "src/core/tsi/alts/handshaker/transport_security_common.pb.c", - "src/core/tsi/alts/handshaker/transport_security_common.pb.h" - ], - "third_party": false, - "type": "filegroup" - }, - { - "deps": [ - "alts_util", - "gpr", - "grpc_base", - "grpc_transport_chttp2_client_insecure", - "tsi", - "tsi_interface" - ], - "headers": [ - "src/core/tsi/alts/crypt/gsec.h", - "src/core/tsi/alts/frame_protector/alts_counter.h", - "src/core/tsi/alts/frame_protector/alts_crypter.h", - "src/core/tsi/alts/frame_protector/alts_frame_protector.h", - "src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h", - "src/core/tsi/alts/frame_protector/frame_handler.h", - "src/core/tsi/alts/handshaker/alts_handshaker_client.h", - "src/core/tsi/alts/handshaker/alts_tsi_event.h", - "src/core/tsi/alts/handshaker/alts_tsi_handshaker.h", - "src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h", - "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h", - "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h", - "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h", - "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h", - "src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h", - "src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h" - ], - "is_filegroup": true, - "language": "c", - "name": "alts_tsi", - "src": [ - "src/core/tsi/alts/crypt/aes_gcm.cc", - "src/core/tsi/alts/crypt/gsec.cc", - "src/core/tsi/alts/crypt/gsec.h", - "src/core/tsi/alts/frame_protector/alts_counter.cc", - "src/core/tsi/alts/frame_protector/alts_counter.h", - "src/core/tsi/alts/frame_protector/alts_crypter.cc", - "src/core/tsi/alts/frame_protector/alts_crypter.h", - "src/core/tsi/alts/frame_protector/alts_frame_protector.cc", - "src/core/tsi/alts/frame_protector/alts_frame_protector.h", - "src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc", - "src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h", - "src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc", - "src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc", - "src/core/tsi/alts/frame_protector/frame_handler.cc", - "src/core/tsi/alts/frame_protector/frame_handler.h", - "src/core/tsi/alts/handshaker/alts_handshaker_client.cc", - "src/core/tsi/alts/handshaker/alts_handshaker_client.h", - "src/core/tsi/alts/handshaker/alts_tsi_event.cc", - "src/core/tsi/alts/handshaker/alts_tsi_event.h", - "src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc", - "src/core/tsi/alts/handshaker/alts_tsi_handshaker.h", - "src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h", - "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc", - "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h", - "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc", - "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h", - "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h", - "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc", - "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h", - "src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc", - "src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h", - "src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc", - "src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h" - ], - "third_party": false, - "type": "filegroup" - }, - { - "deps": [ - "alts_proto", - "gpr", - "grpc_base", - "nanopb", - "tsi_interface" - ], - "headers": [ - "src/core/lib/security/credentials/alts/check_gcp_environment.h", - "src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h", - "src/core/tsi/alts/handshaker/alts_handshaker_service_api.h", - "src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h", - "src/core/tsi/alts/handshaker/alts_tsi_utils.h", - "src/core/tsi/alts/handshaker/transport_security_common_api.h" - ], - "is_filegroup": true, - "language": "c", - "name": "alts_util", - "src": [ - "src/core/lib/security/credentials/alts/check_gcp_environment.cc", - "src/core/lib/security/credentials/alts/check_gcp_environment.h", - "src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc", - "src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc", - "src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc", - "src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc", - "src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc", - "src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h", - "src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc", - "src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc", - "src/core/tsi/alts/handshaker/alts_handshaker_service_api.h", - "src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc", - "src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h", - "src/core/tsi/alts/handshaker/alts_tsi_utils.cc", - "src/core/tsi/alts/handshaker/alts_tsi_utils.h", - "src/core/tsi/alts/handshaker/transport_security_common_api.cc", - "src/core/tsi/alts/handshaker/transport_security_common_api.h" - ], - "third_party": false, - "type": "filegroup" - }, - { - "deps": [ "gpr", "grpc_base", "nanopb" @@ -9793,7 +9371,6 @@ }, { "deps": [ - "alts_tsi", "gpr", "grpc_base", "grpc_transport_chttp2_alpn", @@ -9802,7 +9379,6 @@ "headers": [ "include/grpc/grpc_security.h", "src/core/lib/security/context/security_context.h", - "src/core/lib/security/credentials/alts/alts_credentials.h", "src/core/lib/security/credentials/composite/composite_credentials.h", "src/core/lib/security/credentials/credentials.h", "src/core/lib/security/credentials/fake/fake_credentials.h", @@ -9814,7 +9390,6 @@ "src/core/lib/security/credentials/oauth2/oauth2_credentials.h", "src/core/lib/security/credentials/plugin/plugin_credentials.h", "src/core/lib/security/credentials/ssl/ssl_credentials.h", - "src/core/lib/security/security_connector/alts_security_connector.h", "src/core/lib/security/security_connector/security_connector.h", "src/core/lib/security/transport/auth_filters.h", "src/core/lib/security/transport/secure_endpoint.h", @@ -9831,8 +9406,6 @@ "src/core/lib/http/httpcli_security_connector.cc", "src/core/lib/security/context/security_context.cc", "src/core/lib/security/context/security_context.h", - "src/core/lib/security/credentials/alts/alts_credentials.cc", - "src/core/lib/security/credentials/alts/alts_credentials.h", "src/core/lib/security/credentials/composite/composite_credentials.cc", "src/core/lib/security/credentials/composite/composite_credentials.h", "src/core/lib/security/credentials/credentials.cc", @@ -9857,8 +9430,6 @@ "src/core/lib/security/credentials/plugin/plugin_credentials.h", "src/core/lib/security/credentials/ssl/ssl_credentials.cc", "src/core/lib/security/credentials/ssl/ssl_credentials.h", - "src/core/lib/security/security_connector/alts_security_connector.cc", - "src/core/lib/security/security_connector/alts_security_connector.h", "src/core/lib/security/security_connector/security_connector.cc", "src/core/lib/security/security_connector/security_connector.h", "src/core/lib/security/transport/auth_filters.h", diff --git a/tools/run_tests/generated/tests.json b/tools/run_tests/generated/tests.json index b7fdb6f579..6ce7ec28c4 100644 --- a/tools/run_tests/generated/tests.json +++ b/tools/run_tests/generated/tests.json @@ -2876,318 +2876,6 @@ "exclude_configs": [], "exclude_iomgrs": [], "flaky": false, - "gtest": false, - "language": "c++", - "name": "alts_counter_test", - "platforms": [ - "linux", - "mac", - "posix", - "windows" - ], - "uses_polling": true - }, - { - "args": [], - "benchmark": false, - "ci_platforms": [ - "linux", - "mac", - "posix", - "windows" - ], - "cpu_cost": 1.0, - "exclude_configs": [], - "exclude_iomgrs": [], - "flaky": false, - "gtest": false, - "language": "c++", - "name": "alts_crypt_test", - "platforms": [ - "linux", - "mac", - "posix", - "windows" - ], - "uses_polling": true - }, - { - "args": [], - "benchmark": false, - "ci_platforms": [ - "linux", - "mac", - "posix", - "windows" - ], - "cpu_cost": 1.0, - "exclude_configs": [], - "exclude_iomgrs": [], - "flaky": false, - "gtest": false, - "language": "c++", - "name": "alts_crypter_test", - "platforms": [ - "linux", - "mac", - "posix", - "windows" - ], - "uses_polling": true - }, - { - "args": [], - "benchmark": false, - "ci_platforms": [ - "linux", - "mac", - "posix", - "windows" - ], - "cpu_cost": 1.0, - "exclude_configs": [], - "exclude_iomgrs": [], - "flaky": false, - "gtest": false, - "language": "c++", - "name": "alts_frame_handler_test", - "platforms": [ - "linux", - "mac", - "posix", - "windows" - ], - "uses_polling": true - }, - { - "args": [], - "benchmark": false, - "ci_platforms": [ - "linux", - "mac", - "posix", - "windows" - ], - "cpu_cost": 1.0, - "exclude_configs": [], - "exclude_iomgrs": [], - "flaky": false, - "gtest": false, - "language": "c++", - "name": "alts_frame_protector_test", - "platforms": [ - "linux", - "mac", - "posix", - "windows" - ], - "uses_polling": true - }, - { - "args": [], - "benchmark": false, - "ci_platforms": [ - "linux", - "mac", - "posix", - "windows" - ], - "cpu_cost": 1.0, - "exclude_configs": [], - "exclude_iomgrs": [], - "flaky": false, - "gtest": false, - "language": "c++", - "name": "alts_grpc_record_protocol_test", - "platforms": [ - "linux", - "mac", - "posix", - "windows" - ], - "uses_polling": true - }, - { - "args": [], - "benchmark": false, - "ci_platforms": [ - "linux", - "mac", - "posix", - "windows" - ], - "cpu_cost": 1.0, - "exclude_configs": [], - "exclude_iomgrs": [], - "flaky": false, - "gtest": false, - "language": "c++", - "name": "alts_handshaker_client_test", - "platforms": [ - "linux", - "mac", - "posix", - "windows" - ], - "uses_polling": true - }, - { - "args": [], - "benchmark": false, - "ci_platforms": [ - "linux", - "mac", - "posix", - "windows" - ], - "cpu_cost": 1.0, - "exclude_configs": [], - "exclude_iomgrs": [], - "flaky": false, - "gtest": false, - "language": "c++", - "name": "alts_handshaker_service_api_test", - "platforms": [ - "linux", - "mac", - "posix", - "windows" - ], - "uses_polling": true - }, - { - "args": [], - "benchmark": false, - "ci_platforms": [ - "linux", - "mac", - "posix", - "windows" - ], - "cpu_cost": 1.0, - "exclude_configs": [], - "exclude_iomgrs": [], - "flaky": false, - "gtest": false, - "language": "c++", - "name": "alts_iovec_record_protocol_test", - "platforms": [ - "linux", - "mac", - "posix", - "windows" - ], - "uses_polling": true - }, - { - "args": [], - "benchmark": false, - "ci_platforms": [ - "linux", - "mac", - "posix", - "windows" - ], - "cpu_cost": 1.0, - "exclude_configs": [], - "exclude_iomgrs": [], - "flaky": false, - "gtest": false, - "language": "c++", - "name": "alts_security_connector_test", - "platforms": [ - "linux", - "mac", - "posix", - "windows" - ], - "uses_polling": true - }, - { - "args": [], - "benchmark": false, - "ci_platforms": [ - "linux", - "mac", - "posix", - "windows" - ], - "cpu_cost": 1.0, - "exclude_configs": [], - "exclude_iomgrs": [], - "flaky": false, - "gtest": false, - "language": "c++", - "name": "alts_tsi_handshaker_test", - "platforms": [ - "linux", - "mac", - "posix", - "windows" - ], - "uses_polling": true - }, - { - "args": [], - "benchmark": false, - "ci_platforms": [ - "linux", - "mac", - "posix", - "windows" - ], - "cpu_cost": 1.0, - "exclude_configs": [], - "exclude_iomgrs": [], - "flaky": false, - "gtest": false, - "language": "c++", - "name": "alts_tsi_utils_test", - "platforms": [ - "linux", - "mac", - "posix", - "windows" - ], - "uses_polling": true - }, - { - "args": [], - "benchmark": false, - "ci_platforms": [ - "linux", - "mac", - "posix", - "windows" - ], - "cpu_cost": 1.0, - "exclude_configs": [], - "exclude_iomgrs": [], - "flaky": false, - "gtest": false, - "language": "c++", - "name": "alts_zero_copy_grpc_protector_test", - "platforms": [ - "linux", - "mac", - "posix", - "windows" - ], - "uses_polling": true - }, - { - "args": [], - "benchmark": false, - "ci_platforms": [ - "linux", - "mac", - "posix", - "windows" - ], - "cpu_cost": 1.0, - "exclude_configs": [], - "exclude_iomgrs": [], - "flaky": false, "gtest": true, "language": "c++", "name": "async_end2end_test", @@ -3662,54 +3350,6 @@ "exclude_configs": [], "exclude_iomgrs": [], "flaky": false, - "gtest": false, - "language": "c++", - "name": "check_gcp_environment_linux_test", - "platforms": [ - "linux", - "mac", - "posix", - "windows" - ], - "uses_polling": true - }, - { - "args": [], - "benchmark": false, - "ci_platforms": [ - "linux", - "mac", - "posix", - "windows" - ], - "cpu_cost": 1.0, - "exclude_configs": [], - "exclude_iomgrs": [], - "flaky": false, - "gtest": false, - "language": "c++", - "name": "check_gcp_environment_windows_test", - "platforms": [ - "linux", - "mac", - "posix", - "windows" - ], - "uses_polling": true - }, - { - "args": [], - "benchmark": false, - "ci_platforms": [ - "linux", - "mac", - "posix", - "windows" - ], - "cpu_cost": 1.0, - "exclude_configs": [], - "exclude_iomgrs": [], - "flaky": false, "gtest": true, "language": "c++", "name": "chttp2_settings_timeout_test", @@ -4142,30 +3782,6 @@ "exclude_configs": [], "exclude_iomgrs": [], "flaky": false, - "gtest": false, - "language": "c++", - "name": "grpc_alts_credentials_options_test", - "platforms": [ - "linux", - "mac", - "posix", - "windows" - ], - "uses_polling": true - }, - { - "args": [], - "benchmark": false, - "ci_platforms": [ - "linux", - "mac", - "posix", - "windows" - ], - "cpu_cost": 1.0, - "exclude_configs": [], - "exclude_iomgrs": [], - "flaky": false, "gtest": true, "language": "c++", "name": "grpc_tool_test", @@ -5062,30 +4678,6 @@ "ci_platforms": [ "linux", "mac", - "posix", - "windows" - ], - "cpu_cost": 1.0, - "exclude_configs": [], - "exclude_iomgrs": [], - "flaky": false, - "gtest": false, - "language": "c++", - "name": "transport_security_common_api_test", - "platforms": [ - "linux", - "mac", - "posix", - "windows" - ], - "uses_polling": true - }, - { - "args": [], - "benchmark": false, - "ci_platforms": [ - "linux", - "mac", "posix" ], "cpu_cost": 0.5, |