aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--BUILD112
-rw-r--r--CMakeLists.txt751
-rw-r--r--Makefile999
-rw-r--r--bazel/grpc_build_system.bzl9
-rw-r--r--build.yaml247
-rw-r--r--config.m462
-rw-r--r--config.w3263
-rw-r--r--gRPC-C++.podspec41
-rw-r--r--gRPC-Core.podspec144
-rw-r--r--grpc.gemspec106
-rw-r--r--grpc.gyp74
-rw-r--r--package.xml106
-rw-r--r--setup.py3
-rw-r--r--src/core/lib/security/credentials/alts/alts_credentials.cc119
-rw-r--r--src/core/lib/security/credentials/alts/alts_credentials.h102
-rw-r--r--src/core/lib/security/credentials/alts/check_gcp_environment.cc72
-rw-r--r--src/core/lib/security/credentials/alts/check_gcp_environment.h57
-rw-r--r--src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc67
-rw-r--r--src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc33
-rw-r--r--src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc114
-rw-r--r--src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc126
-rw-r--r--src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc46
-rw-r--r--src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h112
-rw-r--r--src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc58
-rw-r--r--src/core/lib/security/security_connector/alts_security_connector.cc287
-rw-r--r--src/core/lib/security/security_connector/alts_security_connector.h69
-rw-r--r--src/core/plugin_registry/grpc_plugin_registry.cc8
-rw-r--r--src/core/tsi/alts/crypt/aes_gcm.cc687
-rw-r--r--src/core/tsi/alts/crypt/gsec.cc189
-rw-r--r--src/core/tsi/alts/crypt/gsec.h454
-rw-r--r--src/core/tsi/alts/frame_protector/alts_counter.cc118
-rw-r--r--src/core/tsi/alts/frame_protector/alts_counter.h98
-rw-r--r--src/core/tsi/alts/frame_protector/alts_crypter.cc66
-rw-r--r--src/core/tsi/alts/frame_protector/alts_crypter.h255
-rw-r--r--src/core/tsi/alts/frame_protector/alts_frame_protector.cc407
-rw-r--r--src/core/tsi/alts/frame_protector/alts_frame_protector.h55
-rw-r--r--src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc114
-rw-r--r--src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h114
-rw-r--r--src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc105
-rw-r--r--src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc103
-rw-r--r--src/core/tsi/alts/frame_protector/frame_handler.cc218
-rw-r--r--src/core/tsi/alts/frame_protector/frame_handler.h236
-rw-r--r--src/core/tsi/alts/handshaker/alts_handshaker_client.cc316
-rw-r--r--src/core/tsi/alts/handshaker/alts_handshaker_client.h137
-rw-r--r--src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc520
-rw-r--r--src/core/tsi/alts/handshaker/alts_handshaker_service_api.h323
-rw-r--r--src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc143
-rw-r--r--src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h149
-rw-r--r--src/core/tsi/alts/handshaker/alts_tsi_event.cc73
-rw-r--r--src/core/tsi/alts/handshaker/alts_tsi_event.h93
-rw-r--r--src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc483
-rw-r--r--src/core/tsi/alts/handshaker/alts_tsi_handshaker.h83
-rw-r--r--src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h52
-rw-r--r--src/core/tsi/alts/handshaker/alts_tsi_utils.cc58
-rw-r--r--src/core/tsi/alts/handshaker/alts_tsi_utils.h52
-rw-r--r--src/core/tsi/alts/handshaker/altscontext.pb.c48
-rw-r--r--src/core/tsi/alts/handshaker/altscontext.pb.h64
-rw-r--r--src/core/tsi/alts/handshaker/handshaker.pb.c123
-rw-r--r--src/core/tsi/alts/handshaker/handshaker.pb.h255
-rw-r--r--src/core/tsi/alts/handshaker/proto/altscontext.proto41
-rw-r--r--src/core/tsi/alts/handshaker/proto/handshaker.options2
-rw-r--r--src/core/tsi/alts/handshaker/proto/handshaker.proto220
-rw-r--r--src/core/tsi/alts/handshaker/proto/transport_security_common.proto40
-rw-r--r--src/core/tsi/alts/handshaker/transport_security_common.pb.c50
-rw-r--r--src/core/tsi/alts/handshaker/transport_security_common.pb.h78
-rw-r--r--src/core/tsi/alts/handshaker/transport_security_common_api.cc196
-rw-r--r--src/core/tsi/alts/handshaker/transport_security_common_api.h163
-rw-r--r--src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc180
-rw-r--r--src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h52
-rw-r--r--src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc144
-rw-r--r--src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h49
-rw-r--r--src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h91
-rw-r--r--src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc173
-rw-r--r--src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h100
-rw-r--r--src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc476
-rw-r--r--src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h199
-rw-r--r--src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc295
-rw-r--r--src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h52
-rw-r--r--src/python/grpcio/grpc_core_dependencies.py57
-rw-r--r--templates/CMakeLists.txt.template2
-rw-r--r--templates/Makefile.template2
-rw-r--r--templates/gRPC-Core.podspec.template2
-rw-r--r--templates/grpc.gyp.template6
-rw-r--r--test/core/security/BUILD36
-rw-r--r--test/core/security/alts_security_connector_test.cc166
-rw-r--r--test/core/security/check_gcp_environment_linux_test.cc83
-rw-r--r--test/core/security/check_gcp_environment_windows_test.cc71
-rw-r--r--test/core/security/grpc_alts_credentials_options_test.cc118
-rw-r--r--test/core/tsi/BUILD2
-rw-r--r--test/core/tsi/alts/crypt/BUILD38
-rw-r--r--test/core/tsi/alts/crypt/aes_gcm_test.cc2105
-rw-r--r--test/core/tsi/alts/crypt/gsec_test_util.cc87
-rw-r--r--test/core/tsi/alts/crypt/gsec_test_util.h91
-rw-r--r--test/core/tsi/alts/frame_protector/BUILD60
-rw-r--r--test/core/tsi/alts/frame_protector/alts_counter_test.cc180
-rw-r--r--test/core/tsi/alts/frame_protector/alts_crypter_test.cc493
-rw-r--r--test/core/tsi/alts/frame_protector/alts_frame_protector_test.cc394
-rw-r--r--test/core/tsi/alts/frame_protector/frame_handler_test.cc244
-rw-r--r--test/core/tsi/alts/handshaker/BUILD78
-rw-r--r--test/core/tsi/alts/handshaker/alts_handshaker_client_test.cc412
-rw-r--r--test/core/tsi/alts/handshaker/alts_handshaker_service_api_test.cc149
-rw-r--r--test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.cc642
-rw-r--r--test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.h143
-rw-r--r--test/core/tsi/alts/handshaker/alts_tsi_handshaker_test.cc682
-rw-r--r--test/core/tsi/alts/handshaker/alts_tsi_utils_test.cc73
-rw-r--r--test/core/tsi/alts/handshaker/transport_security_common_api_test.cc196
-rw-r--r--test/core/tsi/alts/zero_copy_frame_protector/BUILD49
-rw-r--r--test/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_test.cc449
-rw-r--r--test/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol_test.cc928
-rw-r--r--test/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector_test.cc289
-rw-r--r--test/core/tsi/fake_transport_security_test.cc2
-rw-r--r--test/core/tsi/ssl_transport_security_test.cc2
-rw-r--r--test/core/tsi/transport_security_test_lib.cc224
-rw-r--r--test/core/tsi/transport_security_test_lib.h89
-rw-r--r--third_party/nanopb/pb.h2
-rwxr-xr-xtools/codegen/core/gen_nano_proto.sh9
-rwxr-xr-xtools/distrib/check_copyright.py6
-rwxr-xr-xtools/distrib/check_include_guards.py3
-rwxr-xr-xtools/distrib/check_nanopb_output.sh27
-rw-r--r--tools/doxygen/Doxyfile.core.internal60
-rw-r--r--tools/run_tests/generated/sources_and_headers.json429
-rw-r--r--tools/run_tests/generated/tests.json408
122 files changed, 267 insertions, 22100 deletions
diff --git a/BUILD b/BUILD
index 9c99f95fcd..4fe3dc660e 100644
--- a/BUILD
+++ b/BUILD
@@ -1326,8 +1326,6 @@ grpc_cc_library(
"src/core/lib/security/credentials/oauth2/oauth2_credentials.cc",
"src/core/lib/security/credentials/plugin/plugin_credentials.cc",
"src/core/lib/security/credentials/ssl/ssl_credentials.cc",
- "src/core/lib/security/credentials/alts/alts_credentials.cc",
- "src/core/lib/security/security_connector/alts_security_connector.cc",
"src/core/lib/security/security_connector/security_connector.cc",
"src/core/lib/security/transport/client_auth_filter.cc",
"src/core/lib/security/transport/secure_endpoint.cc",
@@ -1351,8 +1349,6 @@ grpc_cc_library(
"src/core/lib/security/credentials/oauth2/oauth2_credentials.h",
"src/core/lib/security/credentials/plugin/plugin_credentials.h",
"src/core/lib/security/credentials/ssl/ssl_credentials.h",
- "src/core/lib/security/credentials/alts/alts_credentials.h",
- "src/core/lib/security/security_connector/alts_security_connector.h",
"src/core/lib/security/security_connector/security_connector.h",
"src/core/lib/security/transport/auth_filters.h",
"src/core/lib/security/transport/secure_endpoint.h",
@@ -1364,7 +1360,6 @@ grpc_cc_library(
language = "c++",
public_hdrs = GRPC_SECURE_PUBLIC_HDRS,
deps = [
- "alts_util",
"grpc_base",
"grpc_transport_chttp2_alpn",
"tsi",
@@ -1588,118 +1583,15 @@ grpc_cc_library(
)
grpc_cc_library(
- name = "alts_frame_protector",
- srcs = [
- "src/core/tsi/alts/crypt/aes_gcm.cc",
- "src/core/tsi/alts/crypt/gsec.cc",
- "src/core/tsi/alts/frame_protector/alts_counter.cc",
- "src/core/tsi/alts/frame_protector/alts_crypter.cc",
- "src/core/tsi/alts/frame_protector/alts_frame_protector.cc",
- "src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc",
- "src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc",
- "src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc",
- "src/core/tsi/alts/frame_protector/frame_handler.cc",
- "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc",
- "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc",
- "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc",
- "src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc",
- "src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc",
- ],
- hdrs = [
- "src/core/tsi/alts/crypt/gsec.h",
- "src/core/tsi/alts/frame_protector/alts_counter.h",
- "src/core/tsi/alts/frame_protector/alts_crypter.h",
- "src/core/tsi/alts/frame_protector/alts_frame_protector.h",
- "src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h",
- "src/core/tsi/alts/frame_protector/frame_handler.h",
- "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h",
- "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h",
- "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h",
- "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h",
- "src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h",
- "src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h",
- "src/core/tsi/transport_security_grpc.h",
- ],
- external_deps = [
- "libssl",
- ],
- language = "c++",
- deps = [
- "gpr",
- "grpc_base",
- "tsi_interface",
- ],
-)
-
-grpc_cc_library(
- name = "alts_proto",
- srcs = [
- "src/core/tsi/alts/handshaker/altscontext.pb.c",
- "src/core/tsi/alts/handshaker/handshaker.pb.c",
- "src/core/tsi/alts/handshaker/transport_security_common.pb.c",
- ],
- hdrs = [
- "src/core/tsi/alts/handshaker/altscontext.pb.h",
- "src/core/tsi/alts/handshaker/handshaker.pb.h",
- "src/core/tsi/alts/handshaker/transport_security_common.pb.h",
- ],
- external_deps = [
- "nanopb",
- ],
- language = "c++",
-)
-
-grpc_cc_library(
- name = "alts_util",
- srcs = [
- "src/core/lib/security/credentials/alts/check_gcp_environment.cc",
- "src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc",
- "src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc",
- "src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc",
- "src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc",
- "src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc",
- "src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc",
- "src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc",
- "src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc",
- "src/core/tsi/alts/handshaker/transport_security_common_api.cc",
- ],
- hdrs = [
- "src/core/lib/security/credentials/alts/check_gcp_environment.h",
- "src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h",
- "src/core/tsi/alts/handshaker/alts_handshaker_service_api.h",
- "src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h",
- "src/core/tsi/alts/handshaker/transport_security_common_api.h",
- ],
- external_deps = [
- "nanopb",
- ],
- language = "c++",
- deps = [
- "alts_proto",
- "gpr",
- "grpc_base",
- ],
-)
-
-grpc_cc_library(
name = "tsi",
srcs = [
"src/core/tsi/alts_transport_security.cc",
- "src/core/tsi/alts/handshaker/alts_handshaker_client.cc",
- "src/core/tsi/alts/handshaker/alts_tsi_event.cc",
- "src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc",
- "src/core/tsi/alts/handshaker/alts_tsi_utils.cc",
"src/core/tsi/fake_transport_security.cc",
"src/core/tsi/ssl_transport_security.cc",
"src/core/tsi/transport_security_grpc.cc",
],
hdrs = [
"src/core/tsi/alts_transport_security.h",
- "src/core/tsi/alts/handshaker/alts_handshaker_client.h",
- "src/core/tsi/alts/handshaker/alts_tsi_event.h",
- "src/core/tsi/alts/handshaker/alts_tsi_handshaker.h",
- "src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h",
- "src/core/tsi/alts/handshaker/alts_tsi_utils.h",
"src/core/tsi/fake_transport_security.h",
"src/core/tsi/ssl_transport_security.h",
"src/core/tsi/ssl_types.h",
@@ -1710,11 +1602,7 @@ grpc_cc_library(
],
language = "c++",
deps = [
- "alts_frame_protector",
- "alts_util",
- "gpr",
"grpc_base",
- "grpc_transport_chttp2_client_insecure",
"tsi_interface",
],
)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 5dfbdcb85a..ab4fa8a253 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -91,8 +91,6 @@ endif()
set(CMAKE_POSITION_INDEPENDENT_CODE TRUE)
-add_definitions(-DPB_FIELD_16BIT)
-
if (MSVC)
include(cmake/msvc_static_runtime.cmake)
add_definitions(-D_WIN32_WINNT=0x600 -D_SCL_SECURE_NO_WARNINGS -D_CRT_SECURE_NO_WARNINGS -D_WINSOCK_DEPRECATED_NO_WARNINGS)
@@ -471,19 +469,6 @@ add_dependencies(buildtests_c uri_fuzzer_test_one_entry)
add_custom_target(buildtests_cxx)
add_dependencies(buildtests_cxx alarm_test)
-add_dependencies(buildtests_cxx alts_counter_test)
-add_dependencies(buildtests_cxx alts_crypt_test)
-add_dependencies(buildtests_cxx alts_crypter_test)
-add_dependencies(buildtests_cxx alts_frame_handler_test)
-add_dependencies(buildtests_cxx alts_frame_protector_test)
-add_dependencies(buildtests_cxx alts_grpc_record_protocol_test)
-add_dependencies(buildtests_cxx alts_handshaker_client_test)
-add_dependencies(buildtests_cxx alts_handshaker_service_api_test)
-add_dependencies(buildtests_cxx alts_iovec_record_protocol_test)
-add_dependencies(buildtests_cxx alts_security_connector_test)
-add_dependencies(buildtests_cxx alts_tsi_handshaker_test)
-add_dependencies(buildtests_cxx alts_tsi_utils_test)
-add_dependencies(buildtests_cxx alts_zero_copy_grpc_protector_test)
add_dependencies(buildtests_cxx async_end2end_test)
add_dependencies(buildtests_cxx auth_property_iterator_test)
add_dependencies(buildtests_cxx backoff_test)
@@ -532,8 +517,6 @@ add_dependencies(buildtests_cxx bm_pollset)
endif()
add_dependencies(buildtests_cxx channel_arguments_test)
add_dependencies(buildtests_cxx channel_filter_test)
-add_dependencies(buildtests_cxx check_gcp_environment_linux_test)
-add_dependencies(buildtests_cxx check_gcp_environment_windows_test)
add_dependencies(buildtests_cxx chttp2_settings_timeout_test)
add_dependencies(buildtests_cxx cli_call_test)
add_dependencies(buildtests_cxx client_channel_stress_test)
@@ -555,7 +538,6 @@ add_dependencies(buildtests_cxx exception_test)
add_dependencies(buildtests_cxx filter_end2end_test)
add_dependencies(buildtests_cxx generic_end2end_test)
add_dependencies(buildtests_cxx golden_file_test)
-add_dependencies(buildtests_cxx grpc_alts_credentials_options_test)
add_dependencies(buildtests_cxx grpc_cli)
add_dependencies(buildtests_cxx grpc_tool_test)
add_dependencies(buildtests_cxx grpclb_api_test)
@@ -629,7 +611,6 @@ add_dependencies(buildtests_cxx stress_test)
add_dependencies(buildtests_cxx thread_manager_test)
add_dependencies(buildtests_cxx thread_stress_test)
add_dependencies(buildtests_cxx transport_pid_controller_test)
-add_dependencies(buildtests_cxx transport_security_common_api_test)
if(_gRPC_PLATFORM_LINUX OR _gRPC_PLATFORM_MAC OR _gRPC_PLATFORM_POSIX)
add_dependencies(buildtests_cxx writes_per_rpc_test)
endif()
@@ -650,44 +631,6 @@ add_custom_target(buildtests
DEPENDS buildtests_c buildtests_cxx)
endif (gRPC_BUILD_TESTS)
-if (gRPC_BUILD_TESTS)
-
-add_library(alts_test_util
- test/core/tsi/alts/crypt/gsec_test_util.cc
- test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.cc
-)
-
-if(WIN32 AND MSVC)
- set_target_properties(alts_test_util PROPERTIES COMPILE_PDB_NAME "alts_test_util"
- COMPILE_PDB_OUTPUT_DIRECTORY "${CMAKE_BINARY_DIR}"
- )
- if (gRPC_INSTALL)
- install(FILES ${CMAKE_CURRENT_BINARY_DIR}/alts_test_util.pdb
- DESTINATION ${gRPC_INSTALL_LIBDIR} OPTIONAL
- )
- endif()
-endif()
-
-
-target_include_directories(alts_test_util
- PUBLIC $<INSTALL_INTERFACE:${gRPC_INSTALL_INCLUDEDIR}> $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/include>
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}
- PRIVATE ${_gRPC_SSL_INCLUDE_DIR}
- PRIVATE ${_gRPC_PROTOBUF_INCLUDE_DIR}
- PRIVATE ${_gRPC_ZLIB_INCLUDE_DIR}
- PRIVATE ${_gRPC_BENCHMARK_INCLUDE_DIR}
- PRIVATE ${_gRPC_CARES_INCLUDE_DIR}
- PRIVATE ${_gRPC_GFLAGS_INCLUDE_DIR}
-)
-
-target_link_libraries(alts_test_util
- ${_gRPC_SSL_LIBRARIES}
- ${_gRPC_ALLTARGETS_LIBRARIES}
- grpc
-)
-
-
-endif (gRPC_BUILD_TESTS)
add_library(gpr
src/core/lib/gpr/alloc.cc
@@ -1016,7 +959,6 @@ add_library(grpc
src/core/ext/filters/http/server/http_server_filter.cc
src/core/lib/http/httpcli_security_connector.cc
src/core/lib/security/context/security_context.cc
- src/core/lib/security/credentials/alts/alts_credentials.cc
src/core/lib/security/credentials/composite/composite_credentials.cc
src/core/lib/security/credentials/credentials.cc
src/core/lib/security/credentials/credentials_metadata.cc
@@ -1030,7 +972,6 @@ add_library(grpc
src/core/lib/security/credentials/oauth2/oauth2_credentials.cc
src/core/lib/security/credentials/plugin/plugin_credentials.cc
src/core/lib/security/credentials/ssl/ssl_credentials.cc
- src/core/lib/security/security_connector/alts_security_connector.cc
src/core/lib/security/security_connector/security_connector.cc
src/core/lib/security/transport/client_auth_filter.cc
src/core/lib/security/transport/secure_endpoint.cc
@@ -1040,45 +981,14 @@ add_library(grpc
src/core/lib/security/transport/tsi_error.cc
src/core/lib/security/util/json_util.cc
src/core/lib/surface/init_secure.cc
- src/core/tsi/alts/crypt/aes_gcm.cc
- src/core/tsi/alts/crypt/gsec.cc
- src/core/tsi/alts/frame_protector/alts_counter.cc
- src/core/tsi/alts/frame_protector/alts_crypter.cc
- src/core/tsi/alts/frame_protector/alts_frame_protector.cc
- src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc
- src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc
- src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc
- src/core/tsi/alts/frame_protector/frame_handler.cc
- src/core/tsi/alts/handshaker/alts_handshaker_client.cc
- src/core/tsi/alts/handshaker/alts_tsi_event.cc
- src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc
- src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc
- src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc
- src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc
- src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc
- src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc
- src/core/lib/security/credentials/alts/check_gcp_environment.cc
- src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc
- src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc
- src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc
- src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc
- src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc
- src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc
- src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc
- src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc
- src/core/tsi/alts/handshaker/alts_tsi_utils.cc
- src/core/tsi/alts/handshaker/transport_security_common_api.cc
- src/core/tsi/alts/handshaker/altscontext.pb.c
- src/core/tsi/alts/handshaker/handshaker.pb.c
- src/core/tsi/alts/handshaker/transport_security_common.pb.c
- third_party/nanopb/pb_common.c
- third_party/nanopb/pb_decode.c
- third_party/nanopb/pb_encode.c
+ src/core/tsi/alts_transport_security.cc
+ src/core/tsi/fake_transport_security.cc
+ src/core/tsi/ssl_transport_security.cc
+ src/core/tsi/transport_security_grpc.cc
src/core/tsi/transport_security.cc
src/core/tsi/transport_security_adapter.cc
- src/core/ext/transport/chttp2/client/insecure/channel_create.cc
- src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc
- src/core/ext/transport/chttp2/client/chttp2_connector.cc
+ src/core/ext/transport/chttp2/server/chttp2_server.cc
+ src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc
src/core/ext/filters/client_channel/backup_poller.cc
src/core/ext/filters/client_channel/channel_connectivity.cc
src/core/ext/filters/client_channel/client_channel.cc
@@ -1102,14 +1012,11 @@ add_library(grpc
src/core/ext/filters/client_channel/subchannel_index.cc
src/core/ext/filters/client_channel/uri_parser.cc
src/core/ext/filters/deadline/deadline_filter.cc
- src/core/tsi/alts_transport_security.cc
- src/core/tsi/fake_transport_security.cc
- src/core/tsi/ssl_transport_security.cc
- src/core/tsi/transport_security_grpc.cc
- src/core/ext/transport/chttp2/server/chttp2_server.cc
- src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc
+ src/core/ext/transport/chttp2/client/chttp2_connector.cc
src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc
src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc
+ src/core/ext/transport/chttp2/client/insecure/channel_create.cc
+ src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc
src/core/ext/transport/inproc/inproc_plugin.cc
src/core/ext/transport/inproc/inproc_transport.cc
src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc
@@ -1118,6 +1025,9 @@ add_library(grpc
src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc
src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc
src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c
+ third_party/nanopb/pb_common.c
+ third_party/nanopb/pb_decode.c
+ third_party/nanopb/pb_encode.c
src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc
src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc
src/core/ext/filters/client_channel/lb_policy/subchannel_list.cc
@@ -1417,7 +1327,6 @@ add_library(grpc_cronet
src/core/ext/filters/deadline/deadline_filter.cc
src/core/lib/http/httpcli_security_connector.cc
src/core/lib/security/context/security_context.cc
- src/core/lib/security/credentials/alts/alts_credentials.cc
src/core/lib/security/credentials/composite/composite_credentials.cc
src/core/lib/security/credentials/credentials.cc
src/core/lib/security/credentials/credentials_metadata.cc
@@ -1431,7 +1340,6 @@ add_library(grpc_cronet
src/core/lib/security/credentials/oauth2/oauth2_credentials.cc
src/core/lib/security/credentials/plugin/plugin_credentials.cc
src/core/lib/security/credentials/ssl/ssl_credentials.cc
- src/core/lib/security/security_connector/alts_security_connector.cc
src/core/lib/security/security_connector/security_connector.cc
src/core/lib/security/transport/client_auth_filter.cc
src/core/lib/security/transport/secure_endpoint.cc
@@ -1441,49 +1349,13 @@ add_library(grpc_cronet
src/core/lib/security/transport/tsi_error.cc
src/core/lib/security/util/json_util.cc
src/core/lib/surface/init_secure.cc
- src/core/tsi/alts/crypt/aes_gcm.cc
- src/core/tsi/alts/crypt/gsec.cc
- src/core/tsi/alts/frame_protector/alts_counter.cc
- src/core/tsi/alts/frame_protector/alts_crypter.cc
- src/core/tsi/alts/frame_protector/alts_frame_protector.cc
- src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc
- src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc
- src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc
- src/core/tsi/alts/frame_protector/frame_handler.cc
- src/core/tsi/alts/handshaker/alts_handshaker_client.cc
- src/core/tsi/alts/handshaker/alts_tsi_event.cc
- src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc
- src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc
- src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc
- src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc
- src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc
- src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc
- src/core/lib/security/credentials/alts/check_gcp_environment.cc
- src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc
- src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc
- src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc
- src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc
- src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc
- src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc
- src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc
- src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc
- src/core/tsi/alts/handshaker/alts_tsi_utils.cc
- src/core/tsi/alts/handshaker/transport_security_common_api.cc
- src/core/tsi/alts/handshaker/altscontext.pb.c
- src/core/tsi/alts/handshaker/handshaker.pb.c
- src/core/tsi/alts/handshaker/transport_security_common.pb.c
- third_party/nanopb/pb_common.c
- third_party/nanopb/pb_decode.c
- third_party/nanopb/pb_encode.c
- src/core/tsi/transport_security.cc
- src/core/tsi/transport_security_adapter.cc
- src/core/ext/transport/chttp2/client/insecure/channel_create.cc
- src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc
- src/core/ext/transport/chttp2/client/chttp2_connector.cc
src/core/tsi/alts_transport_security.cc
src/core/tsi/fake_transport_security.cc
src/core/tsi/ssl_transport_security.cc
src/core/tsi/transport_security_grpc.cc
+ src/core/tsi/transport_security.cc
+ src/core/tsi/transport_security_adapter.cc
+ src/core/ext/transport/chttp2/client/chttp2_connector.cc
src/core/ext/filters/load_reporting/server_load_reporting_filter.cc
src/core/ext/filters/load_reporting/server_load_reporting_plugin.cc
src/core/plugin_registry/grpc_cronet_plugin_registry.cc
@@ -8789,462 +8661,6 @@ target_link_libraries(alarm_test
endif (gRPC_BUILD_TESTS)
if (gRPC_BUILD_TESTS)
-add_executable(alts_counter_test
- test/core/tsi/alts/frame_protector/alts_counter_test.cc
- third_party/googletest/googletest/src/gtest-all.cc
- third_party/googletest/googlemock/src/gmock-all.cc
-)
-
-
-target_include_directories(alts_counter_test
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include
- PRIVATE ${_gRPC_SSL_INCLUDE_DIR}
- PRIVATE ${_gRPC_PROTOBUF_INCLUDE_DIR}
- PRIVATE ${_gRPC_ZLIB_INCLUDE_DIR}
- PRIVATE ${_gRPC_BENCHMARK_INCLUDE_DIR}
- PRIVATE ${_gRPC_CARES_INCLUDE_DIR}
- PRIVATE ${_gRPC_GFLAGS_INCLUDE_DIR}
- PRIVATE third_party/googletest/googletest/include
- PRIVATE third_party/googletest/googletest
- PRIVATE third_party/googletest/googlemock/include
- PRIVATE third_party/googletest/googlemock
- PRIVATE ${_gRPC_PROTO_GENS_DIR}
-)
-
-target_link_libraries(alts_counter_test
- ${_gRPC_PROTOBUF_LIBRARIES}
- ${_gRPC_ALLTARGETS_LIBRARIES}
- alts_test_util
- gpr
- grpc
- ${_gRPC_GFLAGS_LIBRARIES}
-)
-
-endif (gRPC_BUILD_TESTS)
-if (gRPC_BUILD_TESTS)
-
-add_executable(alts_crypt_test
- test/core/tsi/alts/crypt/aes_gcm_test.cc
- third_party/googletest/googletest/src/gtest-all.cc
- third_party/googletest/googlemock/src/gmock-all.cc
-)
-
-
-target_include_directories(alts_crypt_test
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include
- PRIVATE ${_gRPC_SSL_INCLUDE_DIR}
- PRIVATE ${_gRPC_PROTOBUF_INCLUDE_DIR}
- PRIVATE ${_gRPC_ZLIB_INCLUDE_DIR}
- PRIVATE ${_gRPC_BENCHMARK_INCLUDE_DIR}
- PRIVATE ${_gRPC_CARES_INCLUDE_DIR}
- PRIVATE ${_gRPC_GFLAGS_INCLUDE_DIR}
- PRIVATE third_party/googletest/googletest/include
- PRIVATE third_party/googletest/googletest
- PRIVATE third_party/googletest/googlemock/include
- PRIVATE third_party/googletest/googlemock
- PRIVATE ${_gRPC_PROTO_GENS_DIR}
-)
-
-target_link_libraries(alts_crypt_test
- ${_gRPC_PROTOBUF_LIBRARIES}
- ${_gRPC_ALLTARGETS_LIBRARIES}
- alts_test_util
- gpr_test_util
- gpr
- grpc
- ${_gRPC_GFLAGS_LIBRARIES}
-)
-
-endif (gRPC_BUILD_TESTS)
-if (gRPC_BUILD_TESTS)
-
-add_executable(alts_crypter_test
- test/core/tsi/alts/frame_protector/alts_crypter_test.cc
- third_party/googletest/googletest/src/gtest-all.cc
- third_party/googletest/googlemock/src/gmock-all.cc
-)
-
-
-target_include_directories(alts_crypter_test
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include
- PRIVATE ${_gRPC_SSL_INCLUDE_DIR}
- PRIVATE ${_gRPC_PROTOBUF_INCLUDE_DIR}
- PRIVATE ${_gRPC_ZLIB_INCLUDE_DIR}
- PRIVATE ${_gRPC_BENCHMARK_INCLUDE_DIR}
- PRIVATE ${_gRPC_CARES_INCLUDE_DIR}
- PRIVATE ${_gRPC_GFLAGS_INCLUDE_DIR}
- PRIVATE third_party/googletest/googletest/include
- PRIVATE third_party/googletest/googletest
- PRIVATE third_party/googletest/googlemock/include
- PRIVATE third_party/googletest/googlemock
- PRIVATE ${_gRPC_PROTO_GENS_DIR}
-)
-
-target_link_libraries(alts_crypter_test
- ${_gRPC_PROTOBUF_LIBRARIES}
- ${_gRPC_ALLTARGETS_LIBRARIES}
- alts_test_util
- gpr
- grpc
- ${_gRPC_GFLAGS_LIBRARIES}
-)
-
-endif (gRPC_BUILD_TESTS)
-if (gRPC_BUILD_TESTS)
-
-add_executable(alts_frame_handler_test
- test/core/tsi/alts/frame_protector/frame_handler_test.cc
- third_party/googletest/googletest/src/gtest-all.cc
- third_party/googletest/googlemock/src/gmock-all.cc
-)
-
-
-target_include_directories(alts_frame_handler_test
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include
- PRIVATE ${_gRPC_SSL_INCLUDE_DIR}
- PRIVATE ${_gRPC_PROTOBUF_INCLUDE_DIR}
- PRIVATE ${_gRPC_ZLIB_INCLUDE_DIR}
- PRIVATE ${_gRPC_BENCHMARK_INCLUDE_DIR}
- PRIVATE ${_gRPC_CARES_INCLUDE_DIR}
- PRIVATE ${_gRPC_GFLAGS_INCLUDE_DIR}
- PRIVATE third_party/googletest/googletest/include
- PRIVATE third_party/googletest/googletest
- PRIVATE third_party/googletest/googlemock/include
- PRIVATE third_party/googletest/googlemock
- PRIVATE ${_gRPC_PROTO_GENS_DIR}
-)
-
-target_link_libraries(alts_frame_handler_test
- ${_gRPC_PROTOBUF_LIBRARIES}
- ${_gRPC_ALLTARGETS_LIBRARIES}
- alts_test_util
- gpr
- grpc
- ${_gRPC_GFLAGS_LIBRARIES}
-)
-
-endif (gRPC_BUILD_TESTS)
-if (gRPC_BUILD_TESTS)
-
-add_executable(alts_frame_protector_test
- test/core/tsi/alts/frame_protector/alts_frame_protector_test.cc
- test/core/tsi/transport_security_test_lib.cc
- third_party/googletest/googletest/src/gtest-all.cc
- third_party/googletest/googlemock/src/gmock-all.cc
-)
-
-
-target_include_directories(alts_frame_protector_test
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include
- PRIVATE ${_gRPC_SSL_INCLUDE_DIR}
- PRIVATE ${_gRPC_PROTOBUF_INCLUDE_DIR}
- PRIVATE ${_gRPC_ZLIB_INCLUDE_DIR}
- PRIVATE ${_gRPC_BENCHMARK_INCLUDE_DIR}
- PRIVATE ${_gRPC_CARES_INCLUDE_DIR}
- PRIVATE ${_gRPC_GFLAGS_INCLUDE_DIR}
- PRIVATE third_party/googletest/googletest/include
- PRIVATE third_party/googletest/googletest
- PRIVATE third_party/googletest/googlemock/include
- PRIVATE third_party/googletest/googlemock
- PRIVATE ${_gRPC_PROTO_GENS_DIR}
-)
-
-target_link_libraries(alts_frame_protector_test
- ${_gRPC_PROTOBUF_LIBRARIES}
- ${_gRPC_ALLTARGETS_LIBRARIES}
- alts_test_util
- gpr
- grpc
- ${_gRPC_GFLAGS_LIBRARIES}
-)
-
-endif (gRPC_BUILD_TESTS)
-if (gRPC_BUILD_TESTS)
-
-add_executable(alts_grpc_record_protocol_test
- test/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_test.cc
- third_party/googletest/googletest/src/gtest-all.cc
- third_party/googletest/googlemock/src/gmock-all.cc
-)
-
-
-target_include_directories(alts_grpc_record_protocol_test
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include
- PRIVATE ${_gRPC_SSL_INCLUDE_DIR}
- PRIVATE ${_gRPC_PROTOBUF_INCLUDE_DIR}
- PRIVATE ${_gRPC_ZLIB_INCLUDE_DIR}
- PRIVATE ${_gRPC_BENCHMARK_INCLUDE_DIR}
- PRIVATE ${_gRPC_CARES_INCLUDE_DIR}
- PRIVATE ${_gRPC_GFLAGS_INCLUDE_DIR}
- PRIVATE third_party/googletest/googletest/include
- PRIVATE third_party/googletest/googletest
- PRIVATE third_party/googletest/googlemock/include
- PRIVATE third_party/googletest/googlemock
- PRIVATE ${_gRPC_PROTO_GENS_DIR}
-)
-
-target_link_libraries(alts_grpc_record_protocol_test
- ${_gRPC_PROTOBUF_LIBRARIES}
- ${_gRPC_ALLTARGETS_LIBRARIES}
- alts_test_util
- gpr
- grpc
- ${_gRPC_GFLAGS_LIBRARIES}
-)
-
-endif (gRPC_BUILD_TESTS)
-if (gRPC_BUILD_TESTS)
-
-add_executable(alts_handshaker_client_test
- test/core/tsi/alts/handshaker/alts_handshaker_client_test.cc
- third_party/googletest/googletest/src/gtest-all.cc
- third_party/googletest/googlemock/src/gmock-all.cc
-)
-
-
-target_include_directories(alts_handshaker_client_test
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include
- PRIVATE ${_gRPC_SSL_INCLUDE_DIR}
- PRIVATE ${_gRPC_PROTOBUF_INCLUDE_DIR}
- PRIVATE ${_gRPC_ZLIB_INCLUDE_DIR}
- PRIVATE ${_gRPC_BENCHMARK_INCLUDE_DIR}
- PRIVATE ${_gRPC_CARES_INCLUDE_DIR}
- PRIVATE ${_gRPC_GFLAGS_INCLUDE_DIR}
- PRIVATE third_party/googletest/googletest/include
- PRIVATE third_party/googletest/googletest
- PRIVATE third_party/googletest/googlemock/include
- PRIVATE third_party/googletest/googlemock
- PRIVATE ${_gRPC_PROTO_GENS_DIR}
-)
-
-target_link_libraries(alts_handshaker_client_test
- ${_gRPC_PROTOBUF_LIBRARIES}
- ${_gRPC_ALLTARGETS_LIBRARIES}
- alts_test_util
- gpr
- grpc
- ${_gRPC_GFLAGS_LIBRARIES}
-)
-
-endif (gRPC_BUILD_TESTS)
-if (gRPC_BUILD_TESTS)
-
-add_executable(alts_handshaker_service_api_test
- test/core/tsi/alts/handshaker/alts_handshaker_service_api_test.cc
- third_party/googletest/googletest/src/gtest-all.cc
- third_party/googletest/googlemock/src/gmock-all.cc
-)
-
-
-target_include_directories(alts_handshaker_service_api_test
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include
- PRIVATE ${_gRPC_SSL_INCLUDE_DIR}
- PRIVATE ${_gRPC_PROTOBUF_INCLUDE_DIR}
- PRIVATE ${_gRPC_ZLIB_INCLUDE_DIR}
- PRIVATE ${_gRPC_BENCHMARK_INCLUDE_DIR}
- PRIVATE ${_gRPC_CARES_INCLUDE_DIR}
- PRIVATE ${_gRPC_GFLAGS_INCLUDE_DIR}
- PRIVATE third_party/googletest/googletest/include
- PRIVATE third_party/googletest/googletest
- PRIVATE third_party/googletest/googlemock/include
- PRIVATE third_party/googletest/googlemock
- PRIVATE ${_gRPC_PROTO_GENS_DIR}
-)
-
-target_link_libraries(alts_handshaker_service_api_test
- ${_gRPC_PROTOBUF_LIBRARIES}
- ${_gRPC_ALLTARGETS_LIBRARIES}
- alts_test_util
- gpr
- grpc
- ${_gRPC_GFLAGS_LIBRARIES}
-)
-
-endif (gRPC_BUILD_TESTS)
-if (gRPC_BUILD_TESTS)
-
-add_executable(alts_iovec_record_protocol_test
- test/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol_test.cc
- third_party/googletest/googletest/src/gtest-all.cc
- third_party/googletest/googlemock/src/gmock-all.cc
-)
-
-
-target_include_directories(alts_iovec_record_protocol_test
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include
- PRIVATE ${_gRPC_SSL_INCLUDE_DIR}
- PRIVATE ${_gRPC_PROTOBUF_INCLUDE_DIR}
- PRIVATE ${_gRPC_ZLIB_INCLUDE_DIR}
- PRIVATE ${_gRPC_BENCHMARK_INCLUDE_DIR}
- PRIVATE ${_gRPC_CARES_INCLUDE_DIR}
- PRIVATE ${_gRPC_GFLAGS_INCLUDE_DIR}
- PRIVATE third_party/googletest/googletest/include
- PRIVATE third_party/googletest/googletest
- PRIVATE third_party/googletest/googlemock/include
- PRIVATE third_party/googletest/googlemock
- PRIVATE ${_gRPC_PROTO_GENS_DIR}
-)
-
-target_link_libraries(alts_iovec_record_protocol_test
- ${_gRPC_PROTOBUF_LIBRARIES}
- ${_gRPC_ALLTARGETS_LIBRARIES}
- alts_test_util
- gpr
- grpc
- ${_gRPC_GFLAGS_LIBRARIES}
-)
-
-endif (gRPC_BUILD_TESTS)
-if (gRPC_BUILD_TESTS)
-
-add_executable(alts_security_connector_test
- test/core/security/alts_security_connector_test.cc
- third_party/googletest/googletest/src/gtest-all.cc
- third_party/googletest/googlemock/src/gmock-all.cc
-)
-
-
-target_include_directories(alts_security_connector_test
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include
- PRIVATE ${_gRPC_SSL_INCLUDE_DIR}
- PRIVATE ${_gRPC_PROTOBUF_INCLUDE_DIR}
- PRIVATE ${_gRPC_ZLIB_INCLUDE_DIR}
- PRIVATE ${_gRPC_BENCHMARK_INCLUDE_DIR}
- PRIVATE ${_gRPC_CARES_INCLUDE_DIR}
- PRIVATE ${_gRPC_GFLAGS_INCLUDE_DIR}
- PRIVATE third_party/googletest/googletest/include
- PRIVATE third_party/googletest/googletest
- PRIVATE third_party/googletest/googlemock/include
- PRIVATE third_party/googletest/googlemock
- PRIVATE ${_gRPC_PROTO_GENS_DIR}
-)
-
-target_link_libraries(alts_security_connector_test
- ${_gRPC_PROTOBUF_LIBRARIES}
- ${_gRPC_ALLTARGETS_LIBRARIES}
- gpr
- grpc
- ${_gRPC_GFLAGS_LIBRARIES}
-)
-
-endif (gRPC_BUILD_TESTS)
-if (gRPC_BUILD_TESTS)
-
-add_executable(alts_tsi_handshaker_test
- test/core/tsi/alts/handshaker/alts_tsi_handshaker_test.cc
- third_party/googletest/googletest/src/gtest-all.cc
- third_party/googletest/googlemock/src/gmock-all.cc
-)
-
-
-target_include_directories(alts_tsi_handshaker_test
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include
- PRIVATE ${_gRPC_SSL_INCLUDE_DIR}
- PRIVATE ${_gRPC_PROTOBUF_INCLUDE_DIR}
- PRIVATE ${_gRPC_ZLIB_INCLUDE_DIR}
- PRIVATE ${_gRPC_BENCHMARK_INCLUDE_DIR}
- PRIVATE ${_gRPC_CARES_INCLUDE_DIR}
- PRIVATE ${_gRPC_GFLAGS_INCLUDE_DIR}
- PRIVATE third_party/googletest/googletest/include
- PRIVATE third_party/googletest/googletest
- PRIVATE third_party/googletest/googlemock/include
- PRIVATE third_party/googletest/googlemock
- PRIVATE ${_gRPC_PROTO_GENS_DIR}
-)
-
-target_link_libraries(alts_tsi_handshaker_test
- ${_gRPC_PROTOBUF_LIBRARIES}
- ${_gRPC_ALLTARGETS_LIBRARIES}
- alts_test_util
- gpr
- grpc
- ${_gRPC_GFLAGS_LIBRARIES}
-)
-
-endif (gRPC_BUILD_TESTS)
-if (gRPC_BUILD_TESTS)
-
-add_executable(alts_tsi_utils_test
- test/core/tsi/alts/handshaker/alts_tsi_utils_test.cc
- third_party/googletest/googletest/src/gtest-all.cc
- third_party/googletest/googlemock/src/gmock-all.cc
-)
-
-
-target_include_directories(alts_tsi_utils_test
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include
- PRIVATE ${_gRPC_SSL_INCLUDE_DIR}
- PRIVATE ${_gRPC_PROTOBUF_INCLUDE_DIR}
- PRIVATE ${_gRPC_ZLIB_INCLUDE_DIR}
- PRIVATE ${_gRPC_BENCHMARK_INCLUDE_DIR}
- PRIVATE ${_gRPC_CARES_INCLUDE_DIR}
- PRIVATE ${_gRPC_GFLAGS_INCLUDE_DIR}
- PRIVATE third_party/googletest/googletest/include
- PRIVATE third_party/googletest/googletest
- PRIVATE third_party/googletest/googlemock/include
- PRIVATE third_party/googletest/googlemock
- PRIVATE ${_gRPC_PROTO_GENS_DIR}
-)
-
-target_link_libraries(alts_tsi_utils_test
- ${_gRPC_PROTOBUF_LIBRARIES}
- ${_gRPC_ALLTARGETS_LIBRARIES}
- alts_test_util
- gpr
- grpc
- ${_gRPC_GFLAGS_LIBRARIES}
-)
-
-endif (gRPC_BUILD_TESTS)
-if (gRPC_BUILD_TESTS)
-
-add_executable(alts_zero_copy_grpc_protector_test
- test/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector_test.cc
- third_party/googletest/googletest/src/gtest-all.cc
- third_party/googletest/googlemock/src/gmock-all.cc
-)
-
-
-target_include_directories(alts_zero_copy_grpc_protector_test
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include
- PRIVATE ${_gRPC_SSL_INCLUDE_DIR}
- PRIVATE ${_gRPC_PROTOBUF_INCLUDE_DIR}
- PRIVATE ${_gRPC_ZLIB_INCLUDE_DIR}
- PRIVATE ${_gRPC_BENCHMARK_INCLUDE_DIR}
- PRIVATE ${_gRPC_CARES_INCLUDE_DIR}
- PRIVATE ${_gRPC_GFLAGS_INCLUDE_DIR}
- PRIVATE third_party/googletest/googletest/include
- PRIVATE third_party/googletest/googletest
- PRIVATE third_party/googletest/googlemock/include
- PRIVATE third_party/googletest/googlemock
- PRIVATE ${_gRPC_PROTO_GENS_DIR}
-)
-
-target_link_libraries(alts_zero_copy_grpc_protector_test
- ${_gRPC_PROTOBUF_LIBRARIES}
- ${_gRPC_ALLTARGETS_LIBRARIES}
- alts_test_util
- gpr
- grpc
- ${_gRPC_GFLAGS_LIBRARIES}
-)
-
-endif (gRPC_BUILD_TESTS)
-if (gRPC_BUILD_TESTS)
-
add_executable(async_end2end_test
test/cpp/end2end/async_end2end_test.cc
third_party/googletest/googletest/src/gtest-all.cc
@@ -10054,74 +9470,6 @@ target_link_libraries(channel_filter_test
endif (gRPC_BUILD_TESTS)
if (gRPC_BUILD_TESTS)
-add_executable(check_gcp_environment_linux_test
- test/core/security/check_gcp_environment_linux_test.cc
- third_party/googletest/googletest/src/gtest-all.cc
- third_party/googletest/googlemock/src/gmock-all.cc
-)
-
-
-target_include_directories(check_gcp_environment_linux_test
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include
- PRIVATE ${_gRPC_SSL_INCLUDE_DIR}
- PRIVATE ${_gRPC_PROTOBUF_INCLUDE_DIR}
- PRIVATE ${_gRPC_ZLIB_INCLUDE_DIR}
- PRIVATE ${_gRPC_BENCHMARK_INCLUDE_DIR}
- PRIVATE ${_gRPC_CARES_INCLUDE_DIR}
- PRIVATE ${_gRPC_GFLAGS_INCLUDE_DIR}
- PRIVATE third_party/googletest/googletest/include
- PRIVATE third_party/googletest/googletest
- PRIVATE third_party/googletest/googlemock/include
- PRIVATE third_party/googletest/googlemock
- PRIVATE ${_gRPC_PROTO_GENS_DIR}
-)
-
-target_link_libraries(check_gcp_environment_linux_test
- ${_gRPC_PROTOBUF_LIBRARIES}
- ${_gRPC_ALLTARGETS_LIBRARIES}
- grpc
- gpr
- ${_gRPC_GFLAGS_LIBRARIES}
-)
-
-endif (gRPC_BUILD_TESTS)
-if (gRPC_BUILD_TESTS)
-
-add_executable(check_gcp_environment_windows_test
- test/core/security/check_gcp_environment_windows_test.cc
- third_party/googletest/googletest/src/gtest-all.cc
- third_party/googletest/googlemock/src/gmock-all.cc
-)
-
-
-target_include_directories(check_gcp_environment_windows_test
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include
- PRIVATE ${_gRPC_SSL_INCLUDE_DIR}
- PRIVATE ${_gRPC_PROTOBUF_INCLUDE_DIR}
- PRIVATE ${_gRPC_ZLIB_INCLUDE_DIR}
- PRIVATE ${_gRPC_BENCHMARK_INCLUDE_DIR}
- PRIVATE ${_gRPC_CARES_INCLUDE_DIR}
- PRIVATE ${_gRPC_GFLAGS_INCLUDE_DIR}
- PRIVATE third_party/googletest/googletest/include
- PRIVATE third_party/googletest/googletest
- PRIVATE third_party/googletest/googlemock/include
- PRIVATE third_party/googletest/googlemock
- PRIVATE ${_gRPC_PROTO_GENS_DIR}
-)
-
-target_link_libraries(check_gcp_environment_windows_test
- ${_gRPC_PROTOBUF_LIBRARIES}
- ${_gRPC_ALLTARGETS_LIBRARIES}
- grpc
- gpr
- ${_gRPC_GFLAGS_LIBRARIES}
-)
-
-endif (gRPC_BUILD_TESTS)
-if (gRPC_BUILD_TESTS)
-
add_executable(chttp2_settings_timeout_test
test/core/transport/chttp2/settings_timeout_test.cc
third_party/googletest/googletest/src/gtest-all.cc
@@ -10915,40 +10263,6 @@ target_link_libraries(golden_file_test
endif (gRPC_BUILD_TESTS)
if (gRPC_BUILD_TESTS)
-add_executable(grpc_alts_credentials_options_test
- test/core/security/grpc_alts_credentials_options_test.cc
- third_party/googletest/googletest/src/gtest-all.cc
- third_party/googletest/googlemock/src/gmock-all.cc
-)
-
-
-target_include_directories(grpc_alts_credentials_options_test
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include
- PRIVATE ${_gRPC_SSL_INCLUDE_DIR}
- PRIVATE ${_gRPC_PROTOBUF_INCLUDE_DIR}
- PRIVATE ${_gRPC_ZLIB_INCLUDE_DIR}
- PRIVATE ${_gRPC_BENCHMARK_INCLUDE_DIR}
- PRIVATE ${_gRPC_CARES_INCLUDE_DIR}
- PRIVATE ${_gRPC_GFLAGS_INCLUDE_DIR}
- PRIVATE third_party/googletest/googletest/include
- PRIVATE third_party/googletest/googletest
- PRIVATE third_party/googletest/googlemock/include
- PRIVATE third_party/googletest/googlemock
- PRIVATE ${_gRPC_PROTO_GENS_DIR}
-)
-
-target_link_libraries(grpc_alts_credentials_options_test
- ${_gRPC_PROTOBUF_LIBRARIES}
- ${_gRPC_ALLTARGETS_LIBRARIES}
- grpc
- gpr
- ${_gRPC_GFLAGS_LIBRARIES}
-)
-
-endif (gRPC_BUILD_TESTS)
-if (gRPC_BUILD_TESTS)
-
add_executable(grpc_cli
test/cpp/util/grpc_cli.cc
third_party/googletest/googletest/src/gtest-all.cc
@@ -13289,41 +12603,6 @@ target_link_libraries(transport_pid_controller_test
endif (gRPC_BUILD_TESTS)
if (gRPC_BUILD_TESTS)
-
-add_executable(transport_security_common_api_test
- test/core/tsi/alts/handshaker/transport_security_common_api_test.cc
- third_party/googletest/googletest/src/gtest-all.cc
- third_party/googletest/googlemock/src/gmock-all.cc
-)
-
-
-target_include_directories(transport_security_common_api_test
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include
- PRIVATE ${_gRPC_SSL_INCLUDE_DIR}
- PRIVATE ${_gRPC_PROTOBUF_INCLUDE_DIR}
- PRIVATE ${_gRPC_ZLIB_INCLUDE_DIR}
- PRIVATE ${_gRPC_BENCHMARK_INCLUDE_DIR}
- PRIVATE ${_gRPC_CARES_INCLUDE_DIR}
- PRIVATE ${_gRPC_GFLAGS_INCLUDE_DIR}
- PRIVATE third_party/googletest/googletest/include
- PRIVATE third_party/googletest/googletest
- PRIVATE third_party/googletest/googlemock/include
- PRIVATE third_party/googletest/googlemock
- PRIVATE ${_gRPC_PROTO_GENS_DIR}
-)
-
-target_link_libraries(transport_security_common_api_test
- ${_gRPC_PROTOBUF_LIBRARIES}
- ${_gRPC_ALLTARGETS_LIBRARIES}
- alts_test_util
- gpr
- grpc
- ${_gRPC_GFLAGS_LIBRARIES}
-)
-
-endif (gRPC_BUILD_TESTS)
-if (gRPC_BUILD_TESTS)
if(_gRPC_PLATFORM_LINUX OR _gRPC_PLATFORM_MAC OR _gRPC_PLATFORM_POSIX)
add_executable(writes_per_rpc_test
diff --git a/Makefile b/Makefile
index 7bc2c82938..b090b9fb94 100644
--- a/Makefile
+++ b/Makefile
@@ -338,8 +338,6 @@ CPPFLAGS += -g -Wall -Wextra -Werror -Wno-long-long -Wno-unused-parameter -DOSAT
COREFLAGS += -fno-rtti -fno-exceptions
LDFLAGS += -g
-DEFINES += PB_FIELD_16BIT
-
CPPFLAGS += $(CPPFLAGS_$(CONFIG))
CFLAGS += $(CFLAGS_$(CONFIG))
CXXFLAGS += $(CXXFLAGS_$(CONFIG))
@@ -1096,19 +1094,6 @@ uri_fuzzer_test: $(BINDIR)/$(CONFIG)/uri_fuzzer_test
uri_parser_test: $(BINDIR)/$(CONFIG)/uri_parser_test
wakeup_fd_cv_test: $(BINDIR)/$(CONFIG)/wakeup_fd_cv_test
alarm_test: $(BINDIR)/$(CONFIG)/alarm_test
-alts_counter_test: $(BINDIR)/$(CONFIG)/alts_counter_test
-alts_crypt_test: $(BINDIR)/$(CONFIG)/alts_crypt_test
-alts_crypter_test: $(BINDIR)/$(CONFIG)/alts_crypter_test
-alts_frame_handler_test: $(BINDIR)/$(CONFIG)/alts_frame_handler_test
-alts_frame_protector_test: $(BINDIR)/$(CONFIG)/alts_frame_protector_test
-alts_grpc_record_protocol_test: $(BINDIR)/$(CONFIG)/alts_grpc_record_protocol_test
-alts_handshaker_client_test: $(BINDIR)/$(CONFIG)/alts_handshaker_client_test
-alts_handshaker_service_api_test: $(BINDIR)/$(CONFIG)/alts_handshaker_service_api_test
-alts_iovec_record_protocol_test: $(BINDIR)/$(CONFIG)/alts_iovec_record_protocol_test
-alts_security_connector_test: $(BINDIR)/$(CONFIG)/alts_security_connector_test
-alts_tsi_handshaker_test: $(BINDIR)/$(CONFIG)/alts_tsi_handshaker_test
-alts_tsi_utils_test: $(BINDIR)/$(CONFIG)/alts_tsi_utils_test
-alts_zero_copy_grpc_protector_test: $(BINDIR)/$(CONFIG)/alts_zero_copy_grpc_protector_test
async_end2end_test: $(BINDIR)/$(CONFIG)/async_end2end_test
auth_property_iterator_test: $(BINDIR)/$(CONFIG)/auth_property_iterator_test
backoff_test: $(BINDIR)/$(CONFIG)/backoff_test
@@ -1129,8 +1114,6 @@ bm_metadata: $(BINDIR)/$(CONFIG)/bm_metadata
bm_pollset: $(BINDIR)/$(CONFIG)/bm_pollset
channel_arguments_test: $(BINDIR)/$(CONFIG)/channel_arguments_test
channel_filter_test: $(BINDIR)/$(CONFIG)/channel_filter_test
-check_gcp_environment_linux_test: $(BINDIR)/$(CONFIG)/check_gcp_environment_linux_test
-check_gcp_environment_windows_test: $(BINDIR)/$(CONFIG)/check_gcp_environment_windows_test
chttp2_settings_timeout_test: $(BINDIR)/$(CONFIG)/chttp2_settings_timeout_test
cli_call_test: $(BINDIR)/$(CONFIG)/cli_call_test
client_channel_stress_test: $(BINDIR)/$(CONFIG)/client_channel_stress_test
@@ -1150,7 +1133,6 @@ exception_test: $(BINDIR)/$(CONFIG)/exception_test
filter_end2end_test: $(BINDIR)/$(CONFIG)/filter_end2end_test
generic_end2end_test: $(BINDIR)/$(CONFIG)/generic_end2end_test
golden_file_test: $(BINDIR)/$(CONFIG)/golden_file_test
-grpc_alts_credentials_options_test: $(BINDIR)/$(CONFIG)/grpc_alts_credentials_options_test
grpc_cli: $(BINDIR)/$(CONFIG)/grpc_cli
grpc_cpp_plugin: $(BINDIR)/$(CONFIG)/grpc_cpp_plugin
grpc_csharp_plugin: $(BINDIR)/$(CONFIG)/grpc_csharp_plugin
@@ -1209,7 +1191,6 @@ stress_test: $(BINDIR)/$(CONFIG)/stress_test
thread_manager_test: $(BINDIR)/$(CONFIG)/thread_manager_test
thread_stress_test: $(BINDIR)/$(CONFIG)/thread_stress_test
transport_pid_controller_test: $(BINDIR)/$(CONFIG)/transport_pid_controller_test
-transport_security_common_api_test: $(BINDIR)/$(CONFIG)/transport_security_common_api_test
writes_per_rpc_test: $(BINDIR)/$(CONFIG)/writes_per_rpc_test
public_headers_must_be_c89: $(BINDIR)/$(CONFIG)/public_headers_must_be_c89
gen_hpack_tables: $(BINDIR)/$(CONFIG)/gen_hpack_tables
@@ -1371,7 +1352,7 @@ plugins: $(PROTOC_PLUGINS)
privatelibs: privatelibs_c privatelibs_cxx
-privatelibs_c: $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc_test_util_unsecure.a $(LIBDIR)/$(CONFIG)/libreconnect_server.a $(LIBDIR)/$(CONFIG)/libtest_tcp_server.a $(LIBDIR)/$(CONFIG)/libz.a $(LIBDIR)/$(CONFIG)/libares.a $(LIBDIR)/$(CONFIG)/libbad_client_test.a $(LIBDIR)/$(CONFIG)/libbad_ssl_test_server.a $(LIBDIR)/$(CONFIG)/libend2end_tests.a $(LIBDIR)/$(CONFIG)/libend2end_nosec_tests.a
+privatelibs_c: $(LIBDIR)/$(CONFIG)/libgpr_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc_test_util_unsecure.a $(LIBDIR)/$(CONFIG)/libreconnect_server.a $(LIBDIR)/$(CONFIG)/libtest_tcp_server.a $(LIBDIR)/$(CONFIG)/libz.a $(LIBDIR)/$(CONFIG)/libares.a $(LIBDIR)/$(CONFIG)/libbad_client_test.a $(LIBDIR)/$(CONFIG)/libbad_ssl_test_server.a $(LIBDIR)/$(CONFIG)/libend2end_tests.a $(LIBDIR)/$(CONFIG)/libend2end_nosec_tests.a
pc_c: $(LIBDIR)/$(CONFIG)/pkgconfig/grpc.pc
pc_c_unsecure: $(LIBDIR)/$(CONFIG)/pkgconfig/grpc_unsecure.pc
@@ -1581,19 +1562,6 @@ buildtests_c: privatelibs_c \
ifeq ($(EMBED_OPENSSL),true)
buildtests_cxx: privatelibs_cxx \
$(BINDIR)/$(CONFIG)/alarm_test \
- $(BINDIR)/$(CONFIG)/alts_counter_test \
- $(BINDIR)/$(CONFIG)/alts_crypt_test \
- $(BINDIR)/$(CONFIG)/alts_crypter_test \
- $(BINDIR)/$(CONFIG)/alts_frame_handler_test \
- $(BINDIR)/$(CONFIG)/alts_frame_protector_test \
- $(BINDIR)/$(CONFIG)/alts_grpc_record_protocol_test \
- $(BINDIR)/$(CONFIG)/alts_handshaker_client_test \
- $(BINDIR)/$(CONFIG)/alts_handshaker_service_api_test \
- $(BINDIR)/$(CONFIG)/alts_iovec_record_protocol_test \
- $(BINDIR)/$(CONFIG)/alts_security_connector_test \
- $(BINDIR)/$(CONFIG)/alts_tsi_handshaker_test \
- $(BINDIR)/$(CONFIG)/alts_tsi_utils_test \
- $(BINDIR)/$(CONFIG)/alts_zero_copy_grpc_protector_test \
$(BINDIR)/$(CONFIG)/async_end2end_test \
$(BINDIR)/$(CONFIG)/auth_property_iterator_test \
$(BINDIR)/$(CONFIG)/backoff_test \
@@ -1614,8 +1582,6 @@ buildtests_cxx: privatelibs_cxx \
$(BINDIR)/$(CONFIG)/bm_pollset \
$(BINDIR)/$(CONFIG)/channel_arguments_test \
$(BINDIR)/$(CONFIG)/channel_filter_test \
- $(BINDIR)/$(CONFIG)/check_gcp_environment_linux_test \
- $(BINDIR)/$(CONFIG)/check_gcp_environment_windows_test \
$(BINDIR)/$(CONFIG)/chttp2_settings_timeout_test \
$(BINDIR)/$(CONFIG)/cli_call_test \
$(BINDIR)/$(CONFIG)/client_channel_stress_test \
@@ -1635,7 +1601,6 @@ buildtests_cxx: privatelibs_cxx \
$(BINDIR)/$(CONFIG)/filter_end2end_test \
$(BINDIR)/$(CONFIG)/generic_end2end_test \
$(BINDIR)/$(CONFIG)/golden_file_test \
- $(BINDIR)/$(CONFIG)/grpc_alts_credentials_options_test \
$(BINDIR)/$(CONFIG)/grpc_cli \
$(BINDIR)/$(CONFIG)/grpc_tool_test \
$(BINDIR)/$(CONFIG)/grpclb_api_test \
@@ -1687,7 +1652,6 @@ buildtests_cxx: privatelibs_cxx \
$(BINDIR)/$(CONFIG)/thread_manager_test \
$(BINDIR)/$(CONFIG)/thread_stress_test \
$(BINDIR)/$(CONFIG)/transport_pid_controller_test \
- $(BINDIR)/$(CONFIG)/transport_security_common_api_test \
$(BINDIR)/$(CONFIG)/writes_per_rpc_test \
$(BINDIR)/$(CONFIG)/boringssl_crypto_test_data \
$(BINDIR)/$(CONFIG)/boringssl_asn1_test \
@@ -1746,19 +1710,6 @@ buildtests_cxx: privatelibs_cxx \
else
buildtests_cxx: privatelibs_cxx \
$(BINDIR)/$(CONFIG)/alarm_test \
- $(BINDIR)/$(CONFIG)/alts_counter_test \
- $(BINDIR)/$(CONFIG)/alts_crypt_test \
- $(BINDIR)/$(CONFIG)/alts_crypter_test \
- $(BINDIR)/$(CONFIG)/alts_frame_handler_test \
- $(BINDIR)/$(CONFIG)/alts_frame_protector_test \
- $(BINDIR)/$(CONFIG)/alts_grpc_record_protocol_test \
- $(BINDIR)/$(CONFIG)/alts_handshaker_client_test \
- $(BINDIR)/$(CONFIG)/alts_handshaker_service_api_test \
- $(BINDIR)/$(CONFIG)/alts_iovec_record_protocol_test \
- $(BINDIR)/$(CONFIG)/alts_security_connector_test \
- $(BINDIR)/$(CONFIG)/alts_tsi_handshaker_test \
- $(BINDIR)/$(CONFIG)/alts_tsi_utils_test \
- $(BINDIR)/$(CONFIG)/alts_zero_copy_grpc_protector_test \
$(BINDIR)/$(CONFIG)/async_end2end_test \
$(BINDIR)/$(CONFIG)/auth_property_iterator_test \
$(BINDIR)/$(CONFIG)/backoff_test \
@@ -1779,8 +1730,6 @@ buildtests_cxx: privatelibs_cxx \
$(BINDIR)/$(CONFIG)/bm_pollset \
$(BINDIR)/$(CONFIG)/channel_arguments_test \
$(BINDIR)/$(CONFIG)/channel_filter_test \
- $(BINDIR)/$(CONFIG)/check_gcp_environment_linux_test \
- $(BINDIR)/$(CONFIG)/check_gcp_environment_windows_test \
$(BINDIR)/$(CONFIG)/chttp2_settings_timeout_test \
$(BINDIR)/$(CONFIG)/cli_call_test \
$(BINDIR)/$(CONFIG)/client_channel_stress_test \
@@ -1800,7 +1749,6 @@ buildtests_cxx: privatelibs_cxx \
$(BINDIR)/$(CONFIG)/filter_end2end_test \
$(BINDIR)/$(CONFIG)/generic_end2end_test \
$(BINDIR)/$(CONFIG)/golden_file_test \
- $(BINDIR)/$(CONFIG)/grpc_alts_credentials_options_test \
$(BINDIR)/$(CONFIG)/grpc_cli \
$(BINDIR)/$(CONFIG)/grpc_tool_test \
$(BINDIR)/$(CONFIG)/grpclb_api_test \
@@ -1852,7 +1800,6 @@ buildtests_cxx: privatelibs_cxx \
$(BINDIR)/$(CONFIG)/thread_manager_test \
$(BINDIR)/$(CONFIG)/thread_stress_test \
$(BINDIR)/$(CONFIG)/transport_pid_controller_test \
- $(BINDIR)/$(CONFIG)/transport_security_common_api_test \
$(BINDIR)/$(CONFIG)/writes_per_rpc_test \
$(BINDIR)/$(CONFIG)/resolver_component_test_unsecure \
$(BINDIR)/$(CONFIG)/resolver_component_test \
@@ -2139,32 +2086,6 @@ flaky_test_c: buildtests_c
test_cxx: buildtests_cxx
$(E) "[RUN] Testing alarm_test"
$(Q) $(BINDIR)/$(CONFIG)/alarm_test || ( echo test alarm_test failed ; exit 1 )
- $(E) "[RUN] Testing alts_counter_test"
- $(Q) $(BINDIR)/$(CONFIG)/alts_counter_test || ( echo test alts_counter_test failed ; exit 1 )
- $(E) "[RUN] Testing alts_crypt_test"
- $(Q) $(BINDIR)/$(CONFIG)/alts_crypt_test || ( echo test alts_crypt_test failed ; exit 1 )
- $(E) "[RUN] Testing alts_crypter_test"
- $(Q) $(BINDIR)/$(CONFIG)/alts_crypter_test || ( echo test alts_crypter_test failed ; exit 1 )
- $(E) "[RUN] Testing alts_frame_handler_test"
- $(Q) $(BINDIR)/$(CONFIG)/alts_frame_handler_test || ( echo test alts_frame_handler_test failed ; exit 1 )
- $(E) "[RUN] Testing alts_frame_protector_test"
- $(Q) $(BINDIR)/$(CONFIG)/alts_frame_protector_test || ( echo test alts_frame_protector_test failed ; exit 1 )
- $(E) "[RUN] Testing alts_grpc_record_protocol_test"
- $(Q) $(BINDIR)/$(CONFIG)/alts_grpc_record_protocol_test || ( echo test alts_grpc_record_protocol_test failed ; exit 1 )
- $(E) "[RUN] Testing alts_handshaker_client_test"
- $(Q) $(BINDIR)/$(CONFIG)/alts_handshaker_client_test || ( echo test alts_handshaker_client_test failed ; exit 1 )
- $(E) "[RUN] Testing alts_handshaker_service_api_test"
- $(Q) $(BINDIR)/$(CONFIG)/alts_handshaker_service_api_test || ( echo test alts_handshaker_service_api_test failed ; exit 1 )
- $(E) "[RUN] Testing alts_iovec_record_protocol_test"
- $(Q) $(BINDIR)/$(CONFIG)/alts_iovec_record_protocol_test || ( echo test alts_iovec_record_protocol_test failed ; exit 1 )
- $(E) "[RUN] Testing alts_security_connector_test"
- $(Q) $(BINDIR)/$(CONFIG)/alts_security_connector_test || ( echo test alts_security_connector_test failed ; exit 1 )
- $(E) "[RUN] Testing alts_tsi_handshaker_test"
- $(Q) $(BINDIR)/$(CONFIG)/alts_tsi_handshaker_test || ( echo test alts_tsi_handshaker_test failed ; exit 1 )
- $(E) "[RUN] Testing alts_tsi_utils_test"
- $(Q) $(BINDIR)/$(CONFIG)/alts_tsi_utils_test || ( echo test alts_tsi_utils_test failed ; exit 1 )
- $(E) "[RUN] Testing alts_zero_copy_grpc_protector_test"
- $(Q) $(BINDIR)/$(CONFIG)/alts_zero_copy_grpc_protector_test || ( echo test alts_zero_copy_grpc_protector_test failed ; exit 1 )
$(E) "[RUN] Testing async_end2end_test"
$(Q) $(BINDIR)/$(CONFIG)/async_end2end_test || ( echo test async_end2end_test failed ; exit 1 )
$(E) "[RUN] Testing auth_property_iterator_test"
@@ -2205,10 +2126,6 @@ test_cxx: buildtests_cxx
$(Q) $(BINDIR)/$(CONFIG)/channel_arguments_test || ( echo test channel_arguments_test failed ; exit 1 )
$(E) "[RUN] Testing channel_filter_test"
$(Q) $(BINDIR)/$(CONFIG)/channel_filter_test || ( echo test channel_filter_test failed ; exit 1 )
- $(E) "[RUN] Testing check_gcp_environment_linux_test"
- $(Q) $(BINDIR)/$(CONFIG)/check_gcp_environment_linux_test || ( echo test check_gcp_environment_linux_test failed ; exit 1 )
- $(E) "[RUN] Testing check_gcp_environment_windows_test"
- $(Q) $(BINDIR)/$(CONFIG)/check_gcp_environment_windows_test || ( echo test check_gcp_environment_windows_test failed ; exit 1 )
$(E) "[RUN] Testing chttp2_settings_timeout_test"
$(Q) $(BINDIR)/$(CONFIG)/chttp2_settings_timeout_test || ( echo test chttp2_settings_timeout_test failed ; exit 1 )
$(E) "[RUN] Testing cli_call_test"
@@ -2245,8 +2162,6 @@ test_cxx: buildtests_cxx
$(Q) $(BINDIR)/$(CONFIG)/generic_end2end_test || ( echo test generic_end2end_test failed ; exit 1 )
$(E) "[RUN] Testing golden_file_test"
$(Q) $(BINDIR)/$(CONFIG)/golden_file_test || ( echo test golden_file_test failed ; exit 1 )
- $(E) "[RUN] Testing grpc_alts_credentials_options_test"
- $(Q) $(BINDIR)/$(CONFIG)/grpc_alts_credentials_options_test || ( echo test grpc_alts_credentials_options_test failed ; exit 1 )
$(E) "[RUN] Testing grpc_tool_test"
$(Q) $(BINDIR)/$(CONFIG)/grpc_tool_test || ( echo test grpc_tool_test failed ; exit 1 )
$(E) "[RUN] Testing grpclb_api_test"
@@ -2321,8 +2236,6 @@ test_cxx: buildtests_cxx
$(Q) $(BINDIR)/$(CONFIG)/thread_stress_test || ( echo test thread_stress_test failed ; exit 1 )
$(E) "[RUN] Testing transport_pid_controller_test"
$(Q) $(BINDIR)/$(CONFIG)/transport_pid_controller_test || ( echo test transport_pid_controller_test failed ; exit 1 )
- $(E) "[RUN] Testing transport_security_common_api_test"
- $(Q) $(BINDIR)/$(CONFIG)/transport_security_common_api_test || ( echo test transport_security_common_api_test failed ; exit 1 )
$(E) "[RUN] Testing writes_per_rpc_test"
$(Q) $(BINDIR)/$(CONFIG)/writes_per_rpc_test || ( echo test writes_per_rpc_test failed ; exit 1 )
$(E) "[RUN] Testing resolver_component_tests_runner_invoker_unsecure"
@@ -2980,46 +2893,6 @@ clean:
# The various libraries
-LIBALTS_TEST_UTIL_SRC = \
- test/core/tsi/alts/crypt/gsec_test_util.cc \
- test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.cc \
-
-PUBLIC_HEADERS_C += \
-
-LIBALTS_TEST_UTIL_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(LIBALTS_TEST_UTIL_SRC))))
-
-
-ifeq ($(NO_SECURE),true)
-
-# You can't build secure libraries if you don't have OpenSSL.
-
-$(LIBDIR)/$(CONFIG)/libalts_test_util.a: openssl_dep_error
-
-
-else
-
-
-$(LIBDIR)/$(CONFIG)/libalts_test_util.a: $(ZLIB_DEP) $(OPENSSL_DEP) $(CARES_DEP) $(LIBALTS_TEST_UTIL_OBJS)
- $(E) "[AR] Creating $@"
- $(Q) mkdir -p `dirname $@`
- $(Q) rm -f $(LIBDIR)/$(CONFIG)/libalts_test_util.a
- $(Q) $(AR) $(AROPTS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBALTS_TEST_UTIL_OBJS)
-ifeq ($(SYSTEM),Darwin)
- $(Q) ranlib -no_warning_for_no_symbols $(LIBDIR)/$(CONFIG)/libalts_test_util.a
-endif
-
-
-
-
-endif
-
-ifneq ($(NO_SECURE),true)
-ifneq ($(NO_DEPS),true)
--include $(LIBALTS_TEST_UTIL_OBJS:.o=.dep)
-endif
-endif
-
-
LIBGPR_SRC = \
src/core/lib/gpr/alloc.cc \
src/core/lib/gpr/arena.cc \
@@ -3322,7 +3195,6 @@ LIBGRPC_SRC = \
src/core/ext/filters/http/server/http_server_filter.cc \
src/core/lib/http/httpcli_security_connector.cc \
src/core/lib/security/context/security_context.cc \
- src/core/lib/security/credentials/alts/alts_credentials.cc \
src/core/lib/security/credentials/composite/composite_credentials.cc \
src/core/lib/security/credentials/credentials.cc \
src/core/lib/security/credentials/credentials_metadata.cc \
@@ -3336,7 +3208,6 @@ LIBGRPC_SRC = \
src/core/lib/security/credentials/oauth2/oauth2_credentials.cc \
src/core/lib/security/credentials/plugin/plugin_credentials.cc \
src/core/lib/security/credentials/ssl/ssl_credentials.cc \
- src/core/lib/security/security_connector/alts_security_connector.cc \
src/core/lib/security/security_connector/security_connector.cc \
src/core/lib/security/transport/client_auth_filter.cc \
src/core/lib/security/transport/secure_endpoint.cc \
@@ -3346,45 +3217,14 @@ LIBGRPC_SRC = \
src/core/lib/security/transport/tsi_error.cc \
src/core/lib/security/util/json_util.cc \
src/core/lib/surface/init_secure.cc \
- src/core/tsi/alts/crypt/aes_gcm.cc \
- src/core/tsi/alts/crypt/gsec.cc \
- src/core/tsi/alts/frame_protector/alts_counter.cc \
- src/core/tsi/alts/frame_protector/alts_crypter.cc \
- src/core/tsi/alts/frame_protector/alts_frame_protector.cc \
- src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc \
- src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc \
- src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc \
- src/core/tsi/alts/frame_protector/frame_handler.cc \
- src/core/tsi/alts/handshaker/alts_handshaker_client.cc \
- src/core/tsi/alts/handshaker/alts_tsi_event.cc \
- src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc \
- src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc \
- src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc \
- src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc \
- src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc \
- src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc \
- src/core/lib/security/credentials/alts/check_gcp_environment.cc \
- src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc \
- src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc \
- src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc \
- src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc \
- src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc \
- src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc \
- src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc \
- src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc \
- src/core/tsi/alts/handshaker/alts_tsi_utils.cc \
- src/core/tsi/alts/handshaker/transport_security_common_api.cc \
- src/core/tsi/alts/handshaker/altscontext.pb.c \
- src/core/tsi/alts/handshaker/handshaker.pb.c \
- src/core/tsi/alts/handshaker/transport_security_common.pb.c \
- third_party/nanopb/pb_common.c \
- third_party/nanopb/pb_decode.c \
- third_party/nanopb/pb_encode.c \
+ src/core/tsi/alts_transport_security.cc \
+ src/core/tsi/fake_transport_security.cc \
+ src/core/tsi/ssl_transport_security.cc \
+ src/core/tsi/transport_security_grpc.cc \
src/core/tsi/transport_security.cc \
src/core/tsi/transport_security_adapter.cc \
- src/core/ext/transport/chttp2/client/insecure/channel_create.cc \
- src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc \
- src/core/ext/transport/chttp2/client/chttp2_connector.cc \
+ src/core/ext/transport/chttp2/server/chttp2_server.cc \
+ src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc \
src/core/ext/filters/client_channel/backup_poller.cc \
src/core/ext/filters/client_channel/channel_connectivity.cc \
src/core/ext/filters/client_channel/client_channel.cc \
@@ -3408,14 +3248,11 @@ LIBGRPC_SRC = \
src/core/ext/filters/client_channel/subchannel_index.cc \
src/core/ext/filters/client_channel/uri_parser.cc \
src/core/ext/filters/deadline/deadline_filter.cc \
- src/core/tsi/alts_transport_security.cc \
- src/core/tsi/fake_transport_security.cc \
- src/core/tsi/ssl_transport_security.cc \
- src/core/tsi/transport_security_grpc.cc \
- src/core/ext/transport/chttp2/server/chttp2_server.cc \
- src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc \
+ src/core/ext/transport/chttp2/client/chttp2_connector.cc \
src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc \
src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc \
+ src/core/ext/transport/chttp2/client/insecure/channel_create.cc \
+ src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc \
src/core/ext/transport/inproc/inproc_plugin.cc \
src/core/ext/transport/inproc/inproc_transport.cc \
src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc \
@@ -3424,6 +3261,9 @@ LIBGRPC_SRC = \
src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc \
src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc \
src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c \
+ third_party/nanopb/pb_common.c \
+ third_party/nanopb/pb_decode.c \
+ third_party/nanopb/pb_encode.c \
src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc \
src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc \
src/core/ext/filters/client_channel/lb_policy/subchannel_list.cc \
@@ -3725,7 +3565,6 @@ LIBGRPC_CRONET_SRC = \
src/core/ext/filters/deadline/deadline_filter.cc \
src/core/lib/http/httpcli_security_connector.cc \
src/core/lib/security/context/security_context.cc \
- src/core/lib/security/credentials/alts/alts_credentials.cc \
src/core/lib/security/credentials/composite/composite_credentials.cc \
src/core/lib/security/credentials/credentials.cc \
src/core/lib/security/credentials/credentials_metadata.cc \
@@ -3739,7 +3578,6 @@ LIBGRPC_CRONET_SRC = \
src/core/lib/security/credentials/oauth2/oauth2_credentials.cc \
src/core/lib/security/credentials/plugin/plugin_credentials.cc \
src/core/lib/security/credentials/ssl/ssl_credentials.cc \
- src/core/lib/security/security_connector/alts_security_connector.cc \
src/core/lib/security/security_connector/security_connector.cc \
src/core/lib/security/transport/client_auth_filter.cc \
src/core/lib/security/transport/secure_endpoint.cc \
@@ -3749,49 +3587,13 @@ LIBGRPC_CRONET_SRC = \
src/core/lib/security/transport/tsi_error.cc \
src/core/lib/security/util/json_util.cc \
src/core/lib/surface/init_secure.cc \
- src/core/tsi/alts/crypt/aes_gcm.cc \
- src/core/tsi/alts/crypt/gsec.cc \
- src/core/tsi/alts/frame_protector/alts_counter.cc \
- src/core/tsi/alts/frame_protector/alts_crypter.cc \
- src/core/tsi/alts/frame_protector/alts_frame_protector.cc \
- src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc \
- src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc \
- src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc \
- src/core/tsi/alts/frame_protector/frame_handler.cc \
- src/core/tsi/alts/handshaker/alts_handshaker_client.cc \
- src/core/tsi/alts/handshaker/alts_tsi_event.cc \
- src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc \
- src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc \
- src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc \
- src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc \
- src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc \
- src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc \
- src/core/lib/security/credentials/alts/check_gcp_environment.cc \
- src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc \
- src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc \
- src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc \
- src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc \
- src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc \
- src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc \
- src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc \
- src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc \
- src/core/tsi/alts/handshaker/alts_tsi_utils.cc \
- src/core/tsi/alts/handshaker/transport_security_common_api.cc \
- src/core/tsi/alts/handshaker/altscontext.pb.c \
- src/core/tsi/alts/handshaker/handshaker.pb.c \
- src/core/tsi/alts/handshaker/transport_security_common.pb.c \
- third_party/nanopb/pb_common.c \
- third_party/nanopb/pb_decode.c \
- third_party/nanopb/pb_encode.c \
- src/core/tsi/transport_security.cc \
- src/core/tsi/transport_security_adapter.cc \
- src/core/ext/transport/chttp2/client/insecure/channel_create.cc \
- src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc \
- src/core/ext/transport/chttp2/client/chttp2_connector.cc \
src/core/tsi/alts_transport_security.cc \
src/core/tsi/fake_transport_security.cc \
src/core/tsi/ssl_transport_security.cc \
src/core/tsi/transport_security_grpc.cc \
+ src/core/tsi/transport_security.cc \
+ src/core/tsi/transport_security_adapter.cc \
+ src/core/ext/transport/chttp2/client/chttp2_connector.cc \
src/core/ext/filters/load_reporting/server_load_reporting_filter.cc \
src/core/ext/filters/load_reporting/server_load_reporting_plugin.cc \
src/core/plugin_registry/grpc_cronet_plugin_registry.cc \
@@ -14439,568 +14241,6 @@ endif
endif
-ALTS_COUNTER_TEST_SRC = \
- test/core/tsi/alts/frame_protector/alts_counter_test.cc \
-
-ALTS_COUNTER_TEST_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(ALTS_COUNTER_TEST_SRC))))
-ifeq ($(NO_SECURE),true)
-
-# You can't build secure targets if you don't have OpenSSL.
-
-$(BINDIR)/$(CONFIG)/alts_counter_test: openssl_dep_error
-
-else
-
-
-
-
-ifeq ($(NO_PROTOBUF),true)
-
-# You can't build the protoc plugins or protobuf-enabled targets if you don't have protobuf 3.0.0+.
-
-$(BINDIR)/$(CONFIG)/alts_counter_test: protobuf_dep_error
-
-else
-
-$(BINDIR)/$(CONFIG)/alts_counter_test: $(PROTOBUF_DEP) $(ALTS_COUNTER_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a
- $(E) "[LD] Linking $@"
- $(Q) mkdir -p `dirname $@`
- $(Q) $(LDXX) $(LDFLAGS) $(ALTS_COUNTER_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LDLIBSXX) $(LDLIBS_PROTOBUF) $(LDLIBS) $(LDLIBS_SECURE) $(GTEST_LIB) -o $(BINDIR)/$(CONFIG)/alts_counter_test
-
-endif
-
-endif
-
-$(OBJDIR)/$(CONFIG)/test/core/tsi/alts/frame_protector/alts_counter_test.o: $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a
-
-deps_alts_counter_test: $(ALTS_COUNTER_TEST_OBJS:.o=.dep)
-
-ifneq ($(NO_SECURE),true)
-ifneq ($(NO_DEPS),true)
--include $(ALTS_COUNTER_TEST_OBJS:.o=.dep)
-endif
-endif
-
-
-ALTS_CRYPT_TEST_SRC = \
- test/core/tsi/alts/crypt/aes_gcm_test.cc \
-
-ALTS_CRYPT_TEST_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(ALTS_CRYPT_TEST_SRC))))
-ifeq ($(NO_SECURE),true)
-
-# You can't build secure targets if you don't have OpenSSL.
-
-$(BINDIR)/$(CONFIG)/alts_crypt_test: openssl_dep_error
-
-else
-
-
-
-
-ifeq ($(NO_PROTOBUF),true)
-
-# You can't build the protoc plugins or protobuf-enabled targets if you don't have protobuf 3.0.0+.
-
-$(BINDIR)/$(CONFIG)/alts_crypt_test: protobuf_dep_error
-
-else
-
-$(BINDIR)/$(CONFIG)/alts_crypt_test: $(PROTOBUF_DEP) $(ALTS_CRYPT_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a
- $(E) "[LD] Linking $@"
- $(Q) mkdir -p `dirname $@`
- $(Q) $(LDXX) $(LDFLAGS) $(ALTS_CRYPT_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LDLIBSXX) $(LDLIBS_PROTOBUF) $(LDLIBS) $(LDLIBS_SECURE) $(GTEST_LIB) -o $(BINDIR)/$(CONFIG)/alts_crypt_test
-
-endif
-
-endif
-
-$(OBJDIR)/$(CONFIG)/test/core/tsi/alts/crypt/aes_gcm_test.o: $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a
-
-deps_alts_crypt_test: $(ALTS_CRYPT_TEST_OBJS:.o=.dep)
-
-ifneq ($(NO_SECURE),true)
-ifneq ($(NO_DEPS),true)
--include $(ALTS_CRYPT_TEST_OBJS:.o=.dep)
-endif
-endif
-
-
-ALTS_CRYPTER_TEST_SRC = \
- test/core/tsi/alts/frame_protector/alts_crypter_test.cc \
-
-ALTS_CRYPTER_TEST_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(ALTS_CRYPTER_TEST_SRC))))
-ifeq ($(NO_SECURE),true)
-
-# You can't build secure targets if you don't have OpenSSL.
-
-$(BINDIR)/$(CONFIG)/alts_crypter_test: openssl_dep_error
-
-else
-
-
-
-
-ifeq ($(NO_PROTOBUF),true)
-
-# You can't build the protoc plugins or protobuf-enabled targets if you don't have protobuf 3.0.0+.
-
-$(BINDIR)/$(CONFIG)/alts_crypter_test: protobuf_dep_error
-
-else
-
-$(BINDIR)/$(CONFIG)/alts_crypter_test: $(PROTOBUF_DEP) $(ALTS_CRYPTER_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a
- $(E) "[LD] Linking $@"
- $(Q) mkdir -p `dirname $@`
- $(Q) $(LDXX) $(LDFLAGS) $(ALTS_CRYPTER_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LDLIBSXX) $(LDLIBS_PROTOBUF) $(LDLIBS) $(LDLIBS_SECURE) $(GTEST_LIB) -o $(BINDIR)/$(CONFIG)/alts_crypter_test
-
-endif
-
-endif
-
-$(OBJDIR)/$(CONFIG)/test/core/tsi/alts/frame_protector/alts_crypter_test.o: $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a
-
-deps_alts_crypter_test: $(ALTS_CRYPTER_TEST_OBJS:.o=.dep)
-
-ifneq ($(NO_SECURE),true)
-ifneq ($(NO_DEPS),true)
--include $(ALTS_CRYPTER_TEST_OBJS:.o=.dep)
-endif
-endif
-
-
-ALTS_FRAME_HANDLER_TEST_SRC = \
- test/core/tsi/alts/frame_protector/frame_handler_test.cc \
-
-ALTS_FRAME_HANDLER_TEST_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(ALTS_FRAME_HANDLER_TEST_SRC))))
-ifeq ($(NO_SECURE),true)
-
-# You can't build secure targets if you don't have OpenSSL.
-
-$(BINDIR)/$(CONFIG)/alts_frame_handler_test: openssl_dep_error
-
-else
-
-
-
-
-ifeq ($(NO_PROTOBUF),true)
-
-# You can't build the protoc plugins or protobuf-enabled targets if you don't have protobuf 3.0.0+.
-
-$(BINDIR)/$(CONFIG)/alts_frame_handler_test: protobuf_dep_error
-
-else
-
-$(BINDIR)/$(CONFIG)/alts_frame_handler_test: $(PROTOBUF_DEP) $(ALTS_FRAME_HANDLER_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a
- $(E) "[LD] Linking $@"
- $(Q) mkdir -p `dirname $@`
- $(Q) $(LDXX) $(LDFLAGS) $(ALTS_FRAME_HANDLER_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LDLIBSXX) $(LDLIBS_PROTOBUF) $(LDLIBS) $(LDLIBS_SECURE) $(GTEST_LIB) -o $(BINDIR)/$(CONFIG)/alts_frame_handler_test
-
-endif
-
-endif
-
-$(OBJDIR)/$(CONFIG)/test/core/tsi/alts/frame_protector/frame_handler_test.o: $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a
-
-deps_alts_frame_handler_test: $(ALTS_FRAME_HANDLER_TEST_OBJS:.o=.dep)
-
-ifneq ($(NO_SECURE),true)
-ifneq ($(NO_DEPS),true)
--include $(ALTS_FRAME_HANDLER_TEST_OBJS:.o=.dep)
-endif
-endif
-
-
-ALTS_FRAME_PROTECTOR_TEST_SRC = \
- test/core/tsi/alts/frame_protector/alts_frame_protector_test.cc \
- test/core/tsi/transport_security_test_lib.cc \
-
-ALTS_FRAME_PROTECTOR_TEST_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(ALTS_FRAME_PROTECTOR_TEST_SRC))))
-ifeq ($(NO_SECURE),true)
-
-# You can't build secure targets if you don't have OpenSSL.
-
-$(BINDIR)/$(CONFIG)/alts_frame_protector_test: openssl_dep_error
-
-else
-
-
-
-
-ifeq ($(NO_PROTOBUF),true)
-
-# You can't build the protoc plugins or protobuf-enabled targets if you don't have protobuf 3.0.0+.
-
-$(BINDIR)/$(CONFIG)/alts_frame_protector_test: protobuf_dep_error
-
-else
-
-$(BINDIR)/$(CONFIG)/alts_frame_protector_test: $(PROTOBUF_DEP) $(ALTS_FRAME_PROTECTOR_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a
- $(E) "[LD] Linking $@"
- $(Q) mkdir -p `dirname $@`
- $(Q) $(LDXX) $(LDFLAGS) $(ALTS_FRAME_PROTECTOR_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LDLIBSXX) $(LDLIBS_PROTOBUF) $(LDLIBS) $(LDLIBS_SECURE) $(GTEST_LIB) -o $(BINDIR)/$(CONFIG)/alts_frame_protector_test
-
-endif
-
-endif
-
-$(OBJDIR)/$(CONFIG)/test/core/tsi/alts/frame_protector/alts_frame_protector_test.o: $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a
-
-$(OBJDIR)/$(CONFIG)/test/core/tsi/transport_security_test_lib.o: $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a
-
-deps_alts_frame_protector_test: $(ALTS_FRAME_PROTECTOR_TEST_OBJS:.o=.dep)
-
-ifneq ($(NO_SECURE),true)
-ifneq ($(NO_DEPS),true)
--include $(ALTS_FRAME_PROTECTOR_TEST_OBJS:.o=.dep)
-endif
-endif
-
-
-ALTS_GRPC_RECORD_PROTOCOL_TEST_SRC = \
- test/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_test.cc \
-
-ALTS_GRPC_RECORD_PROTOCOL_TEST_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(ALTS_GRPC_RECORD_PROTOCOL_TEST_SRC))))
-ifeq ($(NO_SECURE),true)
-
-# You can't build secure targets if you don't have OpenSSL.
-
-$(BINDIR)/$(CONFIG)/alts_grpc_record_protocol_test: openssl_dep_error
-
-else
-
-
-
-
-ifeq ($(NO_PROTOBUF),true)
-
-# You can't build the protoc plugins or protobuf-enabled targets if you don't have protobuf 3.0.0+.
-
-$(BINDIR)/$(CONFIG)/alts_grpc_record_protocol_test: protobuf_dep_error
-
-else
-
-$(BINDIR)/$(CONFIG)/alts_grpc_record_protocol_test: $(PROTOBUF_DEP) $(ALTS_GRPC_RECORD_PROTOCOL_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a
- $(E) "[LD] Linking $@"
- $(Q) mkdir -p `dirname $@`
- $(Q) $(LDXX) $(LDFLAGS) $(ALTS_GRPC_RECORD_PROTOCOL_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LDLIBSXX) $(LDLIBS_PROTOBUF) $(LDLIBS) $(LDLIBS_SECURE) $(GTEST_LIB) -o $(BINDIR)/$(CONFIG)/alts_grpc_record_protocol_test
-
-endif
-
-endif
-
-$(OBJDIR)/$(CONFIG)/test/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_test.o: $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a
-
-deps_alts_grpc_record_protocol_test: $(ALTS_GRPC_RECORD_PROTOCOL_TEST_OBJS:.o=.dep)
-
-ifneq ($(NO_SECURE),true)
-ifneq ($(NO_DEPS),true)
--include $(ALTS_GRPC_RECORD_PROTOCOL_TEST_OBJS:.o=.dep)
-endif
-endif
-
-
-ALTS_HANDSHAKER_CLIENT_TEST_SRC = \
- test/core/tsi/alts/handshaker/alts_handshaker_client_test.cc \
-
-ALTS_HANDSHAKER_CLIENT_TEST_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(ALTS_HANDSHAKER_CLIENT_TEST_SRC))))
-ifeq ($(NO_SECURE),true)
-
-# You can't build secure targets if you don't have OpenSSL.
-
-$(BINDIR)/$(CONFIG)/alts_handshaker_client_test: openssl_dep_error
-
-else
-
-
-
-
-ifeq ($(NO_PROTOBUF),true)
-
-# You can't build the protoc plugins or protobuf-enabled targets if you don't have protobuf 3.0.0+.
-
-$(BINDIR)/$(CONFIG)/alts_handshaker_client_test: protobuf_dep_error
-
-else
-
-$(BINDIR)/$(CONFIG)/alts_handshaker_client_test: $(PROTOBUF_DEP) $(ALTS_HANDSHAKER_CLIENT_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a
- $(E) "[LD] Linking $@"
- $(Q) mkdir -p `dirname $@`
- $(Q) $(LDXX) $(LDFLAGS) $(ALTS_HANDSHAKER_CLIENT_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LDLIBSXX) $(LDLIBS_PROTOBUF) $(LDLIBS) $(LDLIBS_SECURE) $(GTEST_LIB) -o $(BINDIR)/$(CONFIG)/alts_handshaker_client_test
-
-endif
-
-endif
-
-$(OBJDIR)/$(CONFIG)/test/core/tsi/alts/handshaker/alts_handshaker_client_test.o: $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a
-
-deps_alts_handshaker_client_test: $(ALTS_HANDSHAKER_CLIENT_TEST_OBJS:.o=.dep)
-
-ifneq ($(NO_SECURE),true)
-ifneq ($(NO_DEPS),true)
--include $(ALTS_HANDSHAKER_CLIENT_TEST_OBJS:.o=.dep)
-endif
-endif
-
-
-ALTS_HANDSHAKER_SERVICE_API_TEST_SRC = \
- test/core/tsi/alts/handshaker/alts_handshaker_service_api_test.cc \
-
-ALTS_HANDSHAKER_SERVICE_API_TEST_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(ALTS_HANDSHAKER_SERVICE_API_TEST_SRC))))
-ifeq ($(NO_SECURE),true)
-
-# You can't build secure targets if you don't have OpenSSL.
-
-$(BINDIR)/$(CONFIG)/alts_handshaker_service_api_test: openssl_dep_error
-
-else
-
-
-
-
-ifeq ($(NO_PROTOBUF),true)
-
-# You can't build the protoc plugins or protobuf-enabled targets if you don't have protobuf 3.0.0+.
-
-$(BINDIR)/$(CONFIG)/alts_handshaker_service_api_test: protobuf_dep_error
-
-else
-
-$(BINDIR)/$(CONFIG)/alts_handshaker_service_api_test: $(PROTOBUF_DEP) $(ALTS_HANDSHAKER_SERVICE_API_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a
- $(E) "[LD] Linking $@"
- $(Q) mkdir -p `dirname $@`
- $(Q) $(LDXX) $(LDFLAGS) $(ALTS_HANDSHAKER_SERVICE_API_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LDLIBSXX) $(LDLIBS_PROTOBUF) $(LDLIBS) $(LDLIBS_SECURE) $(GTEST_LIB) -o $(BINDIR)/$(CONFIG)/alts_handshaker_service_api_test
-
-endif
-
-endif
-
-$(OBJDIR)/$(CONFIG)/test/core/tsi/alts/handshaker/alts_handshaker_service_api_test.o: $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a
-
-deps_alts_handshaker_service_api_test: $(ALTS_HANDSHAKER_SERVICE_API_TEST_OBJS:.o=.dep)
-
-ifneq ($(NO_SECURE),true)
-ifneq ($(NO_DEPS),true)
--include $(ALTS_HANDSHAKER_SERVICE_API_TEST_OBJS:.o=.dep)
-endif
-endif
-
-
-ALTS_IOVEC_RECORD_PROTOCOL_TEST_SRC = \
- test/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol_test.cc \
-
-ALTS_IOVEC_RECORD_PROTOCOL_TEST_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(ALTS_IOVEC_RECORD_PROTOCOL_TEST_SRC))))
-ifeq ($(NO_SECURE),true)
-
-# You can't build secure targets if you don't have OpenSSL.
-
-$(BINDIR)/$(CONFIG)/alts_iovec_record_protocol_test: openssl_dep_error
-
-else
-
-
-
-
-ifeq ($(NO_PROTOBUF),true)
-
-# You can't build the protoc plugins or protobuf-enabled targets if you don't have protobuf 3.0.0+.
-
-$(BINDIR)/$(CONFIG)/alts_iovec_record_protocol_test: protobuf_dep_error
-
-else
-
-$(BINDIR)/$(CONFIG)/alts_iovec_record_protocol_test: $(PROTOBUF_DEP) $(ALTS_IOVEC_RECORD_PROTOCOL_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a
- $(E) "[LD] Linking $@"
- $(Q) mkdir -p `dirname $@`
- $(Q) $(LDXX) $(LDFLAGS) $(ALTS_IOVEC_RECORD_PROTOCOL_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LDLIBSXX) $(LDLIBS_PROTOBUF) $(LDLIBS) $(LDLIBS_SECURE) $(GTEST_LIB) -o $(BINDIR)/$(CONFIG)/alts_iovec_record_protocol_test
-
-endif
-
-endif
-
-$(OBJDIR)/$(CONFIG)/test/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol_test.o: $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a
-
-deps_alts_iovec_record_protocol_test: $(ALTS_IOVEC_RECORD_PROTOCOL_TEST_OBJS:.o=.dep)
-
-ifneq ($(NO_SECURE),true)
-ifneq ($(NO_DEPS),true)
--include $(ALTS_IOVEC_RECORD_PROTOCOL_TEST_OBJS:.o=.dep)
-endif
-endif
-
-
-ALTS_SECURITY_CONNECTOR_TEST_SRC = \
- test/core/security/alts_security_connector_test.cc \
-
-ALTS_SECURITY_CONNECTOR_TEST_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(ALTS_SECURITY_CONNECTOR_TEST_SRC))))
-ifeq ($(NO_SECURE),true)
-
-# You can't build secure targets if you don't have OpenSSL.
-
-$(BINDIR)/$(CONFIG)/alts_security_connector_test: openssl_dep_error
-
-else
-
-
-
-
-ifeq ($(NO_PROTOBUF),true)
-
-# You can't build the protoc plugins or protobuf-enabled targets if you don't have protobuf 3.0.0+.
-
-$(BINDIR)/$(CONFIG)/alts_security_connector_test: protobuf_dep_error
-
-else
-
-$(BINDIR)/$(CONFIG)/alts_security_connector_test: $(PROTOBUF_DEP) $(ALTS_SECURITY_CONNECTOR_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a
- $(E) "[LD] Linking $@"
- $(Q) mkdir -p `dirname $@`
- $(Q) $(LDXX) $(LDFLAGS) $(ALTS_SECURITY_CONNECTOR_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LDLIBSXX) $(LDLIBS_PROTOBUF) $(LDLIBS) $(LDLIBS_SECURE) $(GTEST_LIB) -o $(BINDIR)/$(CONFIG)/alts_security_connector_test
-
-endif
-
-endif
-
-$(OBJDIR)/$(CONFIG)/test/core/security/alts_security_connector_test.o: $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a
-
-deps_alts_security_connector_test: $(ALTS_SECURITY_CONNECTOR_TEST_OBJS:.o=.dep)
-
-ifneq ($(NO_SECURE),true)
-ifneq ($(NO_DEPS),true)
--include $(ALTS_SECURITY_CONNECTOR_TEST_OBJS:.o=.dep)
-endif
-endif
-
-
-ALTS_TSI_HANDSHAKER_TEST_SRC = \
- test/core/tsi/alts/handshaker/alts_tsi_handshaker_test.cc \
-
-ALTS_TSI_HANDSHAKER_TEST_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(ALTS_TSI_HANDSHAKER_TEST_SRC))))
-ifeq ($(NO_SECURE),true)
-
-# You can't build secure targets if you don't have OpenSSL.
-
-$(BINDIR)/$(CONFIG)/alts_tsi_handshaker_test: openssl_dep_error
-
-else
-
-
-
-
-ifeq ($(NO_PROTOBUF),true)
-
-# You can't build the protoc plugins or protobuf-enabled targets if you don't have protobuf 3.0.0+.
-
-$(BINDIR)/$(CONFIG)/alts_tsi_handshaker_test: protobuf_dep_error
-
-else
-
-$(BINDIR)/$(CONFIG)/alts_tsi_handshaker_test: $(PROTOBUF_DEP) $(ALTS_TSI_HANDSHAKER_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a
- $(E) "[LD] Linking $@"
- $(Q) mkdir -p `dirname $@`
- $(Q) $(LDXX) $(LDFLAGS) $(ALTS_TSI_HANDSHAKER_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LDLIBSXX) $(LDLIBS_PROTOBUF) $(LDLIBS) $(LDLIBS_SECURE) $(GTEST_LIB) -o $(BINDIR)/$(CONFIG)/alts_tsi_handshaker_test
-
-endif
-
-endif
-
-$(OBJDIR)/$(CONFIG)/test/core/tsi/alts/handshaker/alts_tsi_handshaker_test.o: $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a
-
-deps_alts_tsi_handshaker_test: $(ALTS_TSI_HANDSHAKER_TEST_OBJS:.o=.dep)
-
-ifneq ($(NO_SECURE),true)
-ifneq ($(NO_DEPS),true)
--include $(ALTS_TSI_HANDSHAKER_TEST_OBJS:.o=.dep)
-endif
-endif
-
-
-ALTS_TSI_UTILS_TEST_SRC = \
- test/core/tsi/alts/handshaker/alts_tsi_utils_test.cc \
-
-ALTS_TSI_UTILS_TEST_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(ALTS_TSI_UTILS_TEST_SRC))))
-ifeq ($(NO_SECURE),true)
-
-# You can't build secure targets if you don't have OpenSSL.
-
-$(BINDIR)/$(CONFIG)/alts_tsi_utils_test: openssl_dep_error
-
-else
-
-
-
-
-ifeq ($(NO_PROTOBUF),true)
-
-# You can't build the protoc plugins or protobuf-enabled targets if you don't have protobuf 3.0.0+.
-
-$(BINDIR)/$(CONFIG)/alts_tsi_utils_test: protobuf_dep_error
-
-else
-
-$(BINDIR)/$(CONFIG)/alts_tsi_utils_test: $(PROTOBUF_DEP) $(ALTS_TSI_UTILS_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a
- $(E) "[LD] Linking $@"
- $(Q) mkdir -p `dirname $@`
- $(Q) $(LDXX) $(LDFLAGS) $(ALTS_TSI_UTILS_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LDLIBSXX) $(LDLIBS_PROTOBUF) $(LDLIBS) $(LDLIBS_SECURE) $(GTEST_LIB) -o $(BINDIR)/$(CONFIG)/alts_tsi_utils_test
-
-endif
-
-endif
-
-$(OBJDIR)/$(CONFIG)/test/core/tsi/alts/handshaker/alts_tsi_utils_test.o: $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a
-
-deps_alts_tsi_utils_test: $(ALTS_TSI_UTILS_TEST_OBJS:.o=.dep)
-
-ifneq ($(NO_SECURE),true)
-ifneq ($(NO_DEPS),true)
--include $(ALTS_TSI_UTILS_TEST_OBJS:.o=.dep)
-endif
-endif
-
-
-ALTS_ZERO_COPY_GRPC_PROTECTOR_TEST_SRC = \
- test/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector_test.cc \
-
-ALTS_ZERO_COPY_GRPC_PROTECTOR_TEST_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(ALTS_ZERO_COPY_GRPC_PROTECTOR_TEST_SRC))))
-ifeq ($(NO_SECURE),true)
-
-# You can't build secure targets if you don't have OpenSSL.
-
-$(BINDIR)/$(CONFIG)/alts_zero_copy_grpc_protector_test: openssl_dep_error
-
-else
-
-
-
-
-ifeq ($(NO_PROTOBUF),true)
-
-# You can't build the protoc plugins or protobuf-enabled targets if you don't have protobuf 3.0.0+.
-
-$(BINDIR)/$(CONFIG)/alts_zero_copy_grpc_protector_test: protobuf_dep_error
-
-else
-
-$(BINDIR)/$(CONFIG)/alts_zero_copy_grpc_protector_test: $(PROTOBUF_DEP) $(ALTS_ZERO_COPY_GRPC_PROTECTOR_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a
- $(E) "[LD] Linking $@"
- $(Q) mkdir -p `dirname $@`
- $(Q) $(LDXX) $(LDFLAGS) $(ALTS_ZERO_COPY_GRPC_PROTECTOR_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LDLIBSXX) $(LDLIBS_PROTOBUF) $(LDLIBS) $(LDLIBS_SECURE) $(GTEST_LIB) -o $(BINDIR)/$(CONFIG)/alts_zero_copy_grpc_protector_test
-
-endif
-
-endif
-
-$(OBJDIR)/$(CONFIG)/test/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector_test.o: $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a
-
-deps_alts_zero_copy_grpc_protector_test: $(ALTS_ZERO_COPY_GRPC_PROTECTOR_TEST_OBJS:.o=.dep)
-
-ifneq ($(NO_SECURE),true)
-ifneq ($(NO_DEPS),true)
--include $(ALTS_ZERO_COPY_GRPC_PROTECTOR_TEST_OBJS:.o=.dep)
-endif
-endif
-
-
ASYNC_END2END_TEST_SRC = \
test/cpp/end2end/async_end2end_test.cc \
@@ -15875,92 +15115,6 @@ endif
endif
-CHECK_GCP_ENVIRONMENT_LINUX_TEST_SRC = \
- test/core/security/check_gcp_environment_linux_test.cc \
-
-CHECK_GCP_ENVIRONMENT_LINUX_TEST_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(CHECK_GCP_ENVIRONMENT_LINUX_TEST_SRC))))
-ifeq ($(NO_SECURE),true)
-
-# You can't build secure targets if you don't have OpenSSL.
-
-$(BINDIR)/$(CONFIG)/check_gcp_environment_linux_test: openssl_dep_error
-
-else
-
-
-
-
-ifeq ($(NO_PROTOBUF),true)
-
-# You can't build the protoc plugins or protobuf-enabled targets if you don't have protobuf 3.0.0+.
-
-$(BINDIR)/$(CONFIG)/check_gcp_environment_linux_test: protobuf_dep_error
-
-else
-
-$(BINDIR)/$(CONFIG)/check_gcp_environment_linux_test: $(PROTOBUF_DEP) $(CHECK_GCP_ENVIRONMENT_LINUX_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr.a
- $(E) "[LD] Linking $@"
- $(Q) mkdir -p `dirname $@`
- $(Q) $(LDXX) $(LDFLAGS) $(CHECK_GCP_ENVIRONMENT_LINUX_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LDLIBSXX) $(LDLIBS_PROTOBUF) $(LDLIBS) $(LDLIBS_SECURE) $(GTEST_LIB) -o $(BINDIR)/$(CONFIG)/check_gcp_environment_linux_test
-
-endif
-
-endif
-
-$(OBJDIR)/$(CONFIG)/test/core/security/check_gcp_environment_linux_test.o: $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr.a
-
-deps_check_gcp_environment_linux_test: $(CHECK_GCP_ENVIRONMENT_LINUX_TEST_OBJS:.o=.dep)
-
-ifneq ($(NO_SECURE),true)
-ifneq ($(NO_DEPS),true)
--include $(CHECK_GCP_ENVIRONMENT_LINUX_TEST_OBJS:.o=.dep)
-endif
-endif
-
-
-CHECK_GCP_ENVIRONMENT_WINDOWS_TEST_SRC = \
- test/core/security/check_gcp_environment_windows_test.cc \
-
-CHECK_GCP_ENVIRONMENT_WINDOWS_TEST_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(CHECK_GCP_ENVIRONMENT_WINDOWS_TEST_SRC))))
-ifeq ($(NO_SECURE),true)
-
-# You can't build secure targets if you don't have OpenSSL.
-
-$(BINDIR)/$(CONFIG)/check_gcp_environment_windows_test: openssl_dep_error
-
-else
-
-
-
-
-ifeq ($(NO_PROTOBUF),true)
-
-# You can't build the protoc plugins or protobuf-enabled targets if you don't have protobuf 3.0.0+.
-
-$(BINDIR)/$(CONFIG)/check_gcp_environment_windows_test: protobuf_dep_error
-
-else
-
-$(BINDIR)/$(CONFIG)/check_gcp_environment_windows_test: $(PROTOBUF_DEP) $(CHECK_GCP_ENVIRONMENT_WINDOWS_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr.a
- $(E) "[LD] Linking $@"
- $(Q) mkdir -p `dirname $@`
- $(Q) $(LDXX) $(LDFLAGS) $(CHECK_GCP_ENVIRONMENT_WINDOWS_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LDLIBSXX) $(LDLIBS_PROTOBUF) $(LDLIBS) $(LDLIBS_SECURE) $(GTEST_LIB) -o $(BINDIR)/$(CONFIG)/check_gcp_environment_windows_test
-
-endif
-
-endif
-
-$(OBJDIR)/$(CONFIG)/test/core/security/check_gcp_environment_windows_test.o: $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr.a
-
-deps_check_gcp_environment_windows_test: $(CHECK_GCP_ENVIRONMENT_WINDOWS_TEST_OBJS:.o=.dep)
-
-ifneq ($(NO_SECURE),true)
-ifneq ($(NO_DEPS),true)
--include $(CHECK_GCP_ENVIRONMENT_WINDOWS_TEST_OBJS:.o=.dep)
-endif
-endif
-
-
CHTTP2_SETTINGS_TIMEOUT_TEST_SRC = \
test/core/transport/chttp2/settings_timeout_test.cc \
@@ -16826,49 +15980,6 @@ endif
$(OBJDIR)/$(CONFIG)/test/cpp/codegen/golden_file_test.o: $(GENDIR)/src/proto/grpc/testing/compiler_test.pb.cc $(GENDIR)/src/proto/grpc/testing/compiler_test.grpc.pb.cc
-GRPC_ALTS_CREDENTIALS_OPTIONS_TEST_SRC = \
- test/core/security/grpc_alts_credentials_options_test.cc \
-
-GRPC_ALTS_CREDENTIALS_OPTIONS_TEST_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(GRPC_ALTS_CREDENTIALS_OPTIONS_TEST_SRC))))
-ifeq ($(NO_SECURE),true)
-
-# You can't build secure targets if you don't have OpenSSL.
-
-$(BINDIR)/$(CONFIG)/grpc_alts_credentials_options_test: openssl_dep_error
-
-else
-
-
-
-
-ifeq ($(NO_PROTOBUF),true)
-
-# You can't build the protoc plugins or protobuf-enabled targets if you don't have protobuf 3.0.0+.
-
-$(BINDIR)/$(CONFIG)/grpc_alts_credentials_options_test: protobuf_dep_error
-
-else
-
-$(BINDIR)/$(CONFIG)/grpc_alts_credentials_options_test: $(PROTOBUF_DEP) $(GRPC_ALTS_CREDENTIALS_OPTIONS_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr.a
- $(E) "[LD] Linking $@"
- $(Q) mkdir -p `dirname $@`
- $(Q) $(LDXX) $(LDFLAGS) $(GRPC_ALTS_CREDENTIALS_OPTIONS_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LDLIBSXX) $(LDLIBS_PROTOBUF) $(LDLIBS) $(LDLIBS_SECURE) $(GTEST_LIB) -o $(BINDIR)/$(CONFIG)/grpc_alts_credentials_options_test
-
-endif
-
-endif
-
-$(OBJDIR)/$(CONFIG)/test/core/security/grpc_alts_credentials_options_test.o: $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr.a
-
-deps_grpc_alts_credentials_options_test: $(GRPC_ALTS_CREDENTIALS_OPTIONS_TEST_OBJS:.o=.dep)
-
-ifneq ($(NO_SECURE),true)
-ifneq ($(NO_DEPS),true)
--include $(GRPC_ALTS_CREDENTIALS_OPTIONS_TEST_OBJS:.o=.dep)
-endif
-endif
-
-
GRPC_CLI_SRC = \
test/cpp/util/grpc_cli.cc \
@@ -19322,49 +18433,6 @@ endif
endif
-TRANSPORT_SECURITY_COMMON_API_TEST_SRC = \
- test/core/tsi/alts/handshaker/transport_security_common_api_test.cc \
-
-TRANSPORT_SECURITY_COMMON_API_TEST_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(TRANSPORT_SECURITY_COMMON_API_TEST_SRC))))
-ifeq ($(NO_SECURE),true)
-
-# You can't build secure targets if you don't have OpenSSL.
-
-$(BINDIR)/$(CONFIG)/transport_security_common_api_test: openssl_dep_error
-
-else
-
-
-
-
-ifeq ($(NO_PROTOBUF),true)
-
-# You can't build the protoc plugins or protobuf-enabled targets if you don't have protobuf 3.0.0+.
-
-$(BINDIR)/$(CONFIG)/transport_security_common_api_test: protobuf_dep_error
-
-else
-
-$(BINDIR)/$(CONFIG)/transport_security_common_api_test: $(PROTOBUF_DEP) $(TRANSPORT_SECURITY_COMMON_API_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a
- $(E) "[LD] Linking $@"
- $(Q) mkdir -p `dirname $@`
- $(Q) $(LDXX) $(LDFLAGS) $(TRANSPORT_SECURITY_COMMON_API_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LDLIBSXX) $(LDLIBS_PROTOBUF) $(LDLIBS) $(LDLIBS_SECURE) $(GTEST_LIB) -o $(BINDIR)/$(CONFIG)/transport_security_common_api_test
-
-endif
-
-endif
-
-$(OBJDIR)/$(CONFIG)/test/core/tsi/alts/handshaker/transport_security_common_api_test.o: $(LIBDIR)/$(CONFIG)/libalts_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc.a
-
-deps_transport_security_common_api_test: $(TRANSPORT_SECURITY_COMMON_API_TEST_OBJS:.o=.dep)
-
-ifneq ($(NO_SECURE),true)
-ifneq ($(NO_DEPS),true)
--include $(TRANSPORT_SECURITY_COMMON_API_TEST_OBJS:.o=.dep)
-endif
-endif
-
-
WRITES_PER_RPC_TEST_SRC = \
test/cpp/performance/writes_per_rpc_test.cc \
@@ -23335,14 +22403,6 @@ src/core/ext/transport/cronet/transport/cronet_api_dummy.cc: $(OPENSSL_DEP)
src/core/ext/transport/cronet/transport/cronet_transport.cc: $(OPENSSL_DEP)
src/core/lib/http/httpcli_security_connector.cc: $(OPENSSL_DEP)
src/core/lib/security/context/security_context.cc: $(OPENSSL_DEP)
-src/core/lib/security/credentials/alts/alts_credentials.cc: $(OPENSSL_DEP)
-src/core/lib/security/credentials/alts/check_gcp_environment.cc: $(OPENSSL_DEP)
-src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc: $(OPENSSL_DEP)
-src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc: $(OPENSSL_DEP)
-src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc: $(OPENSSL_DEP)
-src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc: $(OPENSSL_DEP)
-src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc: $(OPENSSL_DEP)
-src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc: $(OPENSSL_DEP)
src/core/lib/security/credentials/composite/composite_credentials.cc: $(OPENSSL_DEP)
src/core/lib/security/credentials/credentials.cc: $(OPENSSL_DEP)
src/core/lib/security/credentials/credentials_metadata.cc: $(OPENSSL_DEP)
@@ -23356,7 +22416,6 @@ src/core/lib/security/credentials/jwt/jwt_verifier.cc: $(OPENSSL_DEP)
src/core/lib/security/credentials/oauth2/oauth2_credentials.cc: $(OPENSSL_DEP)
src/core/lib/security/credentials/plugin/plugin_credentials.cc: $(OPENSSL_DEP)
src/core/lib/security/credentials/ssl/ssl_credentials.cc: $(OPENSSL_DEP)
-src/core/lib/security/security_connector/alts_security_connector.cc: $(OPENSSL_DEP)
src/core/lib/security/security_connector/security_connector.cc: $(OPENSSL_DEP)
src/core/lib/security/transport/client_auth_filter.cc: $(OPENSSL_DEP)
src/core/lib/security/transport/secure_endpoint.cc: $(OPENSSL_DEP)
@@ -23368,30 +22427,6 @@ src/core/lib/security/util/json_util.cc: $(OPENSSL_DEP)
src/core/lib/surface/init_secure.cc: $(OPENSSL_DEP)
src/core/plugin_registry/grpc_cronet_plugin_registry.cc: $(OPENSSL_DEP)
src/core/plugin_registry/grpc_plugin_registry.cc: $(OPENSSL_DEP)
-src/core/tsi/alts/crypt/aes_gcm.cc: $(OPENSSL_DEP)
-src/core/tsi/alts/crypt/gsec.cc: $(OPENSSL_DEP)
-src/core/tsi/alts/frame_protector/alts_counter.cc: $(OPENSSL_DEP)
-src/core/tsi/alts/frame_protector/alts_crypter.cc: $(OPENSSL_DEP)
-src/core/tsi/alts/frame_protector/alts_frame_protector.cc: $(OPENSSL_DEP)
-src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc: $(OPENSSL_DEP)
-src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc: $(OPENSSL_DEP)
-src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc: $(OPENSSL_DEP)
-src/core/tsi/alts/frame_protector/frame_handler.cc: $(OPENSSL_DEP)
-src/core/tsi/alts/handshaker/alts_handshaker_client.cc: $(OPENSSL_DEP)
-src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc: $(OPENSSL_DEP)
-src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc: $(OPENSSL_DEP)
-src/core/tsi/alts/handshaker/alts_tsi_event.cc: $(OPENSSL_DEP)
-src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc: $(OPENSSL_DEP)
-src/core/tsi/alts/handshaker/alts_tsi_utils.cc: $(OPENSSL_DEP)
-src/core/tsi/alts/handshaker/altscontext.pb.c: $(OPENSSL_DEP)
-src/core/tsi/alts/handshaker/handshaker.pb.c: $(OPENSSL_DEP)
-src/core/tsi/alts/handshaker/transport_security_common.pb.c: $(OPENSSL_DEP)
-src/core/tsi/alts/handshaker/transport_security_common_api.cc: $(OPENSSL_DEP)
-src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc: $(OPENSSL_DEP)
-src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc: $(OPENSSL_DEP)
-src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc: $(OPENSSL_DEP)
-src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc: $(OPENSSL_DEP)
-src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc: $(OPENSSL_DEP)
src/core/tsi/alts_transport_security.cc: $(OPENSSL_DEP)
src/core/tsi/fake_transport_security.cc: $(OPENSSL_DEP)
src/core/tsi/ssl_transport_security.cc: $(OPENSSL_DEP)
@@ -23419,8 +22454,6 @@ test/core/end2end/data/test_root_cert.cc: $(OPENSSL_DEP)
test/core/end2end/end2end_tests.cc: $(OPENSSL_DEP)
test/core/end2end/tests/call_creds.cc: $(OPENSSL_DEP)
test/core/security/oauth2_utils.cc: $(OPENSSL_DEP)
-test/core/tsi/alts/crypt/gsec_test_util.cc: $(OPENSSL_DEP)
-test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.cc: $(OPENSSL_DEP)
test/core/util/reconnect_server.cc: $(OPENSSL_DEP)
test/core/util/test_tcp_server.cc: $(OPENSSL_DEP)
test/cpp/end2end/test_service_impl.cc: $(OPENSSL_DEP)
diff --git a/bazel/grpc_build_system.bzl b/bazel/grpc_build_system.bzl
index 662068ad2a..7bc186265d 100644
--- a/bazel/grpc_build_system.bzl
+++ b/bazel/grpc_build_system.bzl
@@ -57,12 +57,6 @@ def _maybe_update_cc_library_hdrs(hdrs):
ret.append(h)
return ret
-def _maybe_update_cc_library_defines(name):
- ret = []
- if name == "alts_proto":
- ret += ["PB_FIELD_16BIT=1"]
- return ret
-
def grpc_cc_library(name, srcs = [], public_hdrs = [], hdrs = [],
external_deps = [], deps = [], standalone = False,
language = "C++", testonly = False, visibility = None,
@@ -70,11 +64,10 @@ def grpc_cc_library(name, srcs = [], public_hdrs = [], hdrs = [],
copts = []
if language.upper() == "C":
copts = if_not_windows(["-std=c99"])
- defines = _maybe_update_cc_library_defines(name)
native.cc_library(
name = name,
srcs = srcs,
- defines = defines + select({"//:grpc_no_ares": ["GRPC_ARES=0"],
+ defines = select({"//:grpc_no_ares": ["GRPC_ARES=0"],
"//conditions:default": [],}) +
select({"//:remote_execution": ["GRPC_PORT_ISOLATED_RUNTIME=1"],
"//conditions:default": [],}) +
diff --git a/build.yaml b/build.yaml
index e2bb8bfa9f..e2d194041a 100644
--- a/build.yaml
+++ b/build.yaml
@@ -16,84 +16,6 @@ settings:
g_stands_for: gorgeous
version: 1.11.0-dev
filegroups:
-- name: alts_proto
- headers:
- - src/core/tsi/alts/handshaker/altscontext.pb.h
- - src/core/tsi/alts/handshaker/handshaker.pb.h
- - src/core/tsi/alts/handshaker/transport_security_common.pb.h
- src:
- - src/core/tsi/alts/handshaker/altscontext.pb.c
- - src/core/tsi/alts/handshaker/handshaker.pb.c
- - src/core/tsi/alts/handshaker/transport_security_common.pb.c
- uses:
- - nanopb
-- name: alts_tsi
- headers:
- - src/core/tsi/alts/crypt/gsec.h
- - src/core/tsi/alts/frame_protector/alts_counter.h
- - src/core/tsi/alts/frame_protector/alts_crypter.h
- - src/core/tsi/alts/frame_protector/alts_frame_protector.h
- - src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h
- - src/core/tsi/alts/frame_protector/frame_handler.h
- - src/core/tsi/alts/handshaker/alts_handshaker_client.h
- - src/core/tsi/alts/handshaker/alts_tsi_event.h
- - src/core/tsi/alts/handshaker/alts_tsi_handshaker.h
- - src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h
- - src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h
- - src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h
- - src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h
- - src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h
- - src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h
- - src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h
- src:
- - src/core/tsi/alts/crypt/aes_gcm.cc
- - src/core/tsi/alts/crypt/gsec.cc
- - src/core/tsi/alts/frame_protector/alts_counter.cc
- - src/core/tsi/alts/frame_protector/alts_crypter.cc
- - src/core/tsi/alts/frame_protector/alts_frame_protector.cc
- - src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc
- - src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc
- - src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc
- - src/core/tsi/alts/frame_protector/frame_handler.cc
- - src/core/tsi/alts/handshaker/alts_handshaker_client.cc
- - src/core/tsi/alts/handshaker/alts_tsi_event.cc
- - src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc
- - src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc
- - src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc
- - src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc
- - src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc
- - src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc
- uses:
- - alts_util
- - grpc_base
- - grpc_transport_chttp2_client_insecure
- - tsi_interface
- - tsi
-- name: alts_util
- headers:
- - src/core/lib/security/credentials/alts/check_gcp_environment.h
- - src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h
- - src/core/tsi/alts/handshaker/alts_handshaker_service_api.h
- - src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h
- - src/core/tsi/alts/handshaker/alts_tsi_utils.h
- - src/core/tsi/alts/handshaker/transport_security_common_api.h
- src:
- - src/core/lib/security/credentials/alts/check_gcp_environment.cc
- - src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc
- - src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc
- - src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc
- - src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc
- - src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc
- - src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc
- - src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc
- - src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc
- - src/core/tsi/alts/handshaker/alts_tsi_utils.cc
- - src/core/tsi/alts/handshaker/transport_security_common_api.cc
- uses:
- - alts_proto
- - grpc_base
- - tsi_interface
- - nanopb
- name: census
public_headers:
- include/grpc/census.h
@@ -720,7 +642,6 @@ filegroups:
- include/grpc/grpc_security.h
headers:
- src/core/lib/security/context/security_context.h
- - src/core/lib/security/credentials/alts/alts_credentials.h
- src/core/lib/security/credentials/composite/composite_credentials.h
- src/core/lib/security/credentials/credentials.h
- src/core/lib/security/credentials/fake/fake_credentials.h
@@ -732,7 +653,6 @@ filegroups:
- src/core/lib/security/credentials/oauth2/oauth2_credentials.h
- src/core/lib/security/credentials/plugin/plugin_credentials.h
- src/core/lib/security/credentials/ssl/ssl_credentials.h
- - src/core/lib/security/security_connector/alts_security_connector.h
- src/core/lib/security/security_connector/security_connector.h
- src/core/lib/security/transport/auth_filters.h
- src/core/lib/security/transport/secure_endpoint.h
@@ -743,7 +663,6 @@ filegroups:
src:
- src/core/lib/http/httpcli_security_connector.cc
- src/core/lib/security/context/security_context.cc
- - src/core/lib/security/credentials/alts/alts_credentials.cc
- src/core/lib/security/credentials/composite/composite_credentials.cc
- src/core/lib/security/credentials/credentials.cc
- src/core/lib/security/credentials/credentials_metadata.cc
@@ -757,7 +676,6 @@ filegroups:
- src/core/lib/security/credentials/oauth2/oauth2_credentials.cc
- src/core/lib/security/credentials/plugin/plugin_credentials.cc
- src/core/lib/security/credentials/ssl/ssl_credentials.cc
- - src/core/lib/security/security_connector/alts_security_connector.cc
- src/core/lib/security/security_connector/security_connector.cc
- src/core/lib/security/transport/client_auth_filter.cc
- src/core/lib/security/transport/secure_endpoint.cc
@@ -769,7 +687,6 @@ filegroups:
- src/core/lib/surface/init_secure.cc
secure: true
uses:
- - alts_tsi
- grpc_base
- grpc_transport_chttp2_alpn
- tsi
@@ -1294,18 +1211,6 @@ filegroups:
- grpc++
- grpc
libs:
-- name: alts_test_util
- build: private
- language: c
- headers:
- - test/core/tsi/alts/crypt/gsec_test_util.h
- - test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.h
- src:
- - test/core/tsi/alts/crypt/gsec_test_util.cc
- - test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.cc
- deps:
- - grpc
- secure: true
- name: gpr
build: all
language: c
@@ -3591,125 +3496,6 @@ targets:
- grpc_unsecure
- gpr_test_util
- gpr
-- name: alts_counter_test
- build: test
- language: c++
- src:
- - test/core/tsi/alts/frame_protector/alts_counter_test.cc
- deps:
- - alts_test_util
- - gpr
- - grpc
-- name: alts_crypt_test
- build: test
- language: c++
- src:
- - test/core/tsi/alts/crypt/aes_gcm_test.cc
- deps:
- - alts_test_util
- - gpr_test_util
- - gpr
- - grpc
-- name: alts_crypter_test
- build: test
- language: c++
- src:
- - test/core/tsi/alts/frame_protector/alts_crypter_test.cc
- deps:
- - alts_test_util
- - gpr
- - grpc
-- name: alts_frame_handler_test
- build: test
- language: c++
- src:
- - test/core/tsi/alts/frame_protector/frame_handler_test.cc
- deps:
- - alts_test_util
- - gpr
- - grpc
-- name: alts_frame_protector_test
- build: test
- language: c++
- src:
- - test/core/tsi/alts/frame_protector/alts_frame_protector_test.cc
- deps:
- - alts_test_util
- - gpr
- - grpc
- filegroups:
- - transport_security_test_lib
-- name: alts_grpc_record_protocol_test
- build: test
- language: c++
- src:
- - test/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_test.cc
- deps:
- - alts_test_util
- - gpr
- - grpc
-- name: alts_handshaker_client_test
- build: test
- language: c++
- src:
- - test/core/tsi/alts/handshaker/alts_handshaker_client_test.cc
- deps:
- - alts_test_util
- - gpr
- - grpc
-- name: alts_handshaker_service_api_test
- build: test
- language: c++
- src:
- - test/core/tsi/alts/handshaker/alts_handshaker_service_api_test.cc
- deps:
- - alts_test_util
- - gpr
- - grpc
-- name: alts_iovec_record_protocol_test
- build: test
- language: c++
- src:
- - test/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol_test.cc
- deps:
- - alts_test_util
- - gpr
- - grpc
-- name: alts_security_connector_test
- build: test
- language: c++
- src:
- - test/core/security/alts_security_connector_test.cc
- deps:
- - gpr
- - grpc
-- name: alts_tsi_handshaker_test
- build: test
- language: c++
- src:
- - test/core/tsi/alts/handshaker/alts_tsi_handshaker_test.cc
- deps:
- - alts_test_util
- - gpr
- - grpc
-- name: alts_tsi_utils_test
- build: test
- language: c++
- src:
- - test/core/tsi/alts/handshaker/alts_tsi_utils_test.cc
- deps:
- - alts_test_util
- - gpr
- - grpc
-- name: alts_zero_copy_grpc_protector_test
- build: test
- language: c++
- src:
- - test/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector_test.cc
- deps:
- - alts_test_util
- - gpr
- - grpc
- name: async_end2end_test
gtest: true
build: test
@@ -4093,22 +3879,6 @@ targets:
- grpc
- gpr
uses_polling: false
-- name: check_gcp_environment_linux_test
- build: test
- language: c++
- src:
- - test/core/security/check_gcp_environment_linux_test.cc
- deps:
- - grpc
- - gpr
-- name: check_gcp_environment_windows_test
- build: test
- language: c++
- src:
- - test/core/security/check_gcp_environment_windows_test.cc
- deps:
- - grpc
- - gpr
- name: chttp2_settings_timeout_test
gtest: true
build: test
@@ -4367,14 +4137,6 @@ targets:
args:
- --generated_file_path=gens/src/proto/grpc/testing/
uses_polling: false
-- name: grpc_alts_credentials_options_test
- build: test
- language: c++
- src:
- - test/core/security/grpc_alts_credentials_options_test.cc
- deps:
- - grpc
- - gpr
- name: grpc_cli
build: test
run: false
@@ -5210,15 +4972,6 @@ targets:
- grpc
- gpr_test_util
- gpr
-- name: transport_security_common_api_test
- build: test
- language: c++
- src:
- - test/core/tsi/alts/handshaker/transport_security_common_api_test.cc
- deps:
- - alts_test_util
- - gpr
- - grpc
- name: writes_per_rpc_test
gtest: true
cpu_cost: 0.5
diff --git a/config.m4 b/config.m4
index 57fc2dbab9..1a055845eb 100644
--- a/config.m4
+++ b/config.m4
@@ -244,7 +244,6 @@ if test "$PHP_GRPC" != "no"; then
src/core/ext/filters/http/server/http_server_filter.cc \
src/core/lib/http/httpcli_security_connector.cc \
src/core/lib/security/context/security_context.cc \
- src/core/lib/security/credentials/alts/alts_credentials.cc \
src/core/lib/security/credentials/composite/composite_credentials.cc \
src/core/lib/security/credentials/credentials.cc \
src/core/lib/security/credentials/credentials_metadata.cc \
@@ -258,7 +257,6 @@ if test "$PHP_GRPC" != "no"; then
src/core/lib/security/credentials/oauth2/oauth2_credentials.cc \
src/core/lib/security/credentials/plugin/plugin_credentials.cc \
src/core/lib/security/credentials/ssl/ssl_credentials.cc \
- src/core/lib/security/security_connector/alts_security_connector.cc \
src/core/lib/security/security_connector/security_connector.cc \
src/core/lib/security/transport/client_auth_filter.cc \
src/core/lib/security/transport/secure_endpoint.cc \
@@ -268,45 +266,14 @@ if test "$PHP_GRPC" != "no"; then
src/core/lib/security/transport/tsi_error.cc \
src/core/lib/security/util/json_util.cc \
src/core/lib/surface/init_secure.cc \
- src/core/tsi/alts/crypt/aes_gcm.cc \
- src/core/tsi/alts/crypt/gsec.cc \
- src/core/tsi/alts/frame_protector/alts_counter.cc \
- src/core/tsi/alts/frame_protector/alts_crypter.cc \
- src/core/tsi/alts/frame_protector/alts_frame_protector.cc \
- src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc \
- src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc \
- src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc \
- src/core/tsi/alts/frame_protector/frame_handler.cc \
- src/core/tsi/alts/handshaker/alts_handshaker_client.cc \
- src/core/tsi/alts/handshaker/alts_tsi_event.cc \
- src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc \
- src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc \
- src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc \
- src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc \
- src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc \
- src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc \
- src/core/lib/security/credentials/alts/check_gcp_environment.cc \
- src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc \
- src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc \
- src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc \
- src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc \
- src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc \
- src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc \
- src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc \
- src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc \
- src/core/tsi/alts/handshaker/alts_tsi_utils.cc \
- src/core/tsi/alts/handshaker/transport_security_common_api.cc \
- src/core/tsi/alts/handshaker/altscontext.pb.c \
- src/core/tsi/alts/handshaker/handshaker.pb.c \
- src/core/tsi/alts/handshaker/transport_security_common.pb.c \
- third_party/nanopb/pb_common.c \
- third_party/nanopb/pb_decode.c \
- third_party/nanopb/pb_encode.c \
+ src/core/tsi/alts_transport_security.cc \
+ src/core/tsi/fake_transport_security.cc \
+ src/core/tsi/ssl_transport_security.cc \
+ src/core/tsi/transport_security_grpc.cc \
src/core/tsi/transport_security.cc \
src/core/tsi/transport_security_adapter.cc \
- src/core/ext/transport/chttp2/client/insecure/channel_create.cc \
- src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc \
- src/core/ext/transport/chttp2/client/chttp2_connector.cc \
+ src/core/ext/transport/chttp2/server/chttp2_server.cc \
+ src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc \
src/core/ext/filters/client_channel/backup_poller.cc \
src/core/ext/filters/client_channel/channel_connectivity.cc \
src/core/ext/filters/client_channel/client_channel.cc \
@@ -330,14 +297,11 @@ if test "$PHP_GRPC" != "no"; then
src/core/ext/filters/client_channel/subchannel_index.cc \
src/core/ext/filters/client_channel/uri_parser.cc \
src/core/ext/filters/deadline/deadline_filter.cc \
- src/core/tsi/alts_transport_security.cc \
- src/core/tsi/fake_transport_security.cc \
- src/core/tsi/ssl_transport_security.cc \
- src/core/tsi/transport_security_grpc.cc \
- src/core/ext/transport/chttp2/server/chttp2_server.cc \
- src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc \
+ src/core/ext/transport/chttp2/client/chttp2_connector.cc \
src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc \
src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc \
+ src/core/ext/transport/chttp2/client/insecure/channel_create.cc \
+ src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc \
src/core/ext/transport/inproc/inproc_plugin.cc \
src/core/ext/transport/inproc/inproc_transport.cc \
src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc \
@@ -346,6 +310,9 @@ if test "$PHP_GRPC" != "no"; then
src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc \
src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc \
src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c \
+ third_party/nanopb/pb_common.c \
+ third_party/nanopb/pb_decode.c \
+ third_party/nanopb/pb_encode.c \
src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc \
src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc \
src/core/ext/filters/client_channel/lb_policy/subchannel_list.cc \
@@ -668,7 +635,6 @@ if test "$PHP_GRPC" != "no"; then
PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/profiling)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/context)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/credentials)
- PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/credentials/alts)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/credentials/composite)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/credentials/fake)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/credentials/google_default)
@@ -685,10 +651,6 @@ if test "$PHP_GRPC" != "no"; then
PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/transport)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/plugin_registry)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/tsi)
- PHP_ADD_BUILD_DIR($ext_builddir/src/core/tsi/alts/crypt)
- PHP_ADD_BUILD_DIR($ext_builddir/src/core/tsi/alts/frame_protector)
- PHP_ADD_BUILD_DIR($ext_builddir/src/core/tsi/alts/handshaker)
- PHP_ADD_BUILD_DIR($ext_builddir/src/core/tsi/alts/zero_copy_frame_protector)
PHP_ADD_BUILD_DIR($ext_builddir/third_party/boringssl/crypto)
PHP_ADD_BUILD_DIR($ext_builddir/third_party/boringssl/crypto/asn1)
PHP_ADD_BUILD_DIR($ext_builddir/third_party/boringssl/crypto/base64)
diff --git a/config.w32 b/config.w32
index 580607dd3d..5e41295cbf 100644
--- a/config.w32
+++ b/config.w32
@@ -221,7 +221,6 @@ if (PHP_GRPC != "no") {
"src\\core\\ext\\filters\\http\\server\\http_server_filter.cc " +
"src\\core\\lib\\http\\httpcli_security_connector.cc " +
"src\\core\\lib\\security\\context\\security_context.cc " +
- "src\\core\\lib\\security\\credentials\\alts\\alts_credentials.cc " +
"src\\core\\lib\\security\\credentials\\composite\\composite_credentials.cc " +
"src\\core\\lib\\security\\credentials\\credentials.cc " +
"src\\core\\lib\\security\\credentials\\credentials_metadata.cc " +
@@ -235,7 +234,6 @@ if (PHP_GRPC != "no") {
"src\\core\\lib\\security\\credentials\\oauth2\\oauth2_credentials.cc " +
"src\\core\\lib\\security\\credentials\\plugin\\plugin_credentials.cc " +
"src\\core\\lib\\security\\credentials\\ssl\\ssl_credentials.cc " +
- "src\\core\\lib\\security\\security_connector\\alts_security_connector.cc " +
"src\\core\\lib\\security\\security_connector\\security_connector.cc " +
"src\\core\\lib\\security\\transport\\client_auth_filter.cc " +
"src\\core\\lib\\security\\transport\\secure_endpoint.cc " +
@@ -245,45 +243,14 @@ if (PHP_GRPC != "no") {
"src\\core\\lib\\security\\transport\\tsi_error.cc " +
"src\\core\\lib\\security\\util\\json_util.cc " +
"src\\core\\lib\\surface\\init_secure.cc " +
- "src\\core\\tsi\\alts\\crypt\\aes_gcm.cc " +
- "src\\core\\tsi\\alts\\crypt\\gsec.cc " +
- "src\\core\\tsi\\alts\\frame_protector\\alts_counter.cc " +
- "src\\core\\tsi\\alts\\frame_protector\\alts_crypter.cc " +
- "src\\core\\tsi\\alts\\frame_protector\\alts_frame_protector.cc " +
- "src\\core\\tsi\\alts\\frame_protector\\alts_record_protocol_crypter_common.cc " +
- "src\\core\\tsi\\alts\\frame_protector\\alts_seal_privacy_integrity_crypter.cc " +
- "src\\core\\tsi\\alts\\frame_protector\\alts_unseal_privacy_integrity_crypter.cc " +
- "src\\core\\tsi\\alts\\frame_protector\\frame_handler.cc " +
- "src\\core\\tsi\\alts\\handshaker\\alts_handshaker_client.cc " +
- "src\\core\\tsi\\alts\\handshaker\\alts_tsi_event.cc " +
- "src\\core\\tsi\\alts\\handshaker\\alts_tsi_handshaker.cc " +
- "src\\core\\tsi\\alts\\zero_copy_frame_protector\\alts_grpc_integrity_only_record_protocol.cc " +
- "src\\core\\tsi\\alts\\zero_copy_frame_protector\\alts_grpc_privacy_integrity_record_protocol.cc " +
- "src\\core\\tsi\\alts\\zero_copy_frame_protector\\alts_grpc_record_protocol_common.cc " +
- "src\\core\\tsi\\alts\\zero_copy_frame_protector\\alts_iovec_record_protocol.cc " +
- "src\\core\\tsi\\alts\\zero_copy_frame_protector\\alts_zero_copy_grpc_protector.cc " +
- "src\\core\\lib\\security\\credentials\\alts\\check_gcp_environment.cc " +
- "src\\core\\lib\\security\\credentials\\alts\\check_gcp_environment_linux.cc " +
- "src\\core\\lib\\security\\credentials\\alts\\check_gcp_environment_no_op.cc " +
- "src\\core\\lib\\security\\credentials\\alts\\check_gcp_environment_windows.cc " +
- "src\\core\\lib\\security\\credentials\\alts\\grpc_alts_credentials_client_options.cc " +
- "src\\core\\lib\\security\\credentials\\alts\\grpc_alts_credentials_options.cc " +
- "src\\core\\lib\\security\\credentials\\alts\\grpc_alts_credentials_server_options.cc " +
- "src\\core\\tsi\\alts\\handshaker\\alts_handshaker_service_api.cc " +
- "src\\core\\tsi\\alts\\handshaker\\alts_handshaker_service_api_util.cc " +
- "src\\core\\tsi\\alts\\handshaker\\alts_tsi_utils.cc " +
- "src\\core\\tsi\\alts\\handshaker\\transport_security_common_api.cc " +
- "src\\core\\tsi\\alts\\handshaker\\altscontext.pb.c " +
- "src\\core\\tsi\\alts\\handshaker\\handshaker.pb.c " +
- "src\\core\\tsi\\alts\\handshaker\\transport_security_common.pb.c " +
- "third_party\\nanopb\\pb_common.c " +
- "third_party\\nanopb\\pb_decode.c " +
- "third_party\\nanopb\\pb_encode.c " +
+ "src\\core\\tsi\\alts_transport_security.cc " +
+ "src\\core\\tsi\\fake_transport_security.cc " +
+ "src\\core\\tsi\\ssl_transport_security.cc " +
+ "src\\core\\tsi\\transport_security_grpc.cc " +
"src\\core\\tsi\\transport_security.cc " +
"src\\core\\tsi\\transport_security_adapter.cc " +
- "src\\core\\ext\\transport\\chttp2\\client\\insecure\\channel_create.cc " +
- "src\\core\\ext\\transport\\chttp2\\client\\insecure\\channel_create_posix.cc " +
- "src\\core\\ext\\transport\\chttp2\\client\\chttp2_connector.cc " +
+ "src\\core\\ext\\transport\\chttp2\\server\\chttp2_server.cc " +
+ "src\\core\\ext\\transport\\chttp2\\client\\secure\\secure_channel_create.cc " +
"src\\core\\ext\\filters\\client_channel\\backup_poller.cc " +
"src\\core\\ext\\filters\\client_channel\\channel_connectivity.cc " +
"src\\core\\ext\\filters\\client_channel\\client_channel.cc " +
@@ -307,14 +274,11 @@ if (PHP_GRPC != "no") {
"src\\core\\ext\\filters\\client_channel\\subchannel_index.cc " +
"src\\core\\ext\\filters\\client_channel\\uri_parser.cc " +
"src\\core\\ext\\filters\\deadline\\deadline_filter.cc " +
- "src\\core\\tsi\\alts_transport_security.cc " +
- "src\\core\\tsi\\fake_transport_security.cc " +
- "src\\core\\tsi\\ssl_transport_security.cc " +
- "src\\core\\tsi\\transport_security_grpc.cc " +
- "src\\core\\ext\\transport\\chttp2\\server\\chttp2_server.cc " +
- "src\\core\\ext\\transport\\chttp2\\client\\secure\\secure_channel_create.cc " +
+ "src\\core\\ext\\transport\\chttp2\\client\\chttp2_connector.cc " +
"src\\core\\ext\\transport\\chttp2\\server\\insecure\\server_chttp2.cc " +
"src\\core\\ext\\transport\\chttp2\\server\\insecure\\server_chttp2_posix.cc " +
+ "src\\core\\ext\\transport\\chttp2\\client\\insecure\\channel_create.cc " +
+ "src\\core\\ext\\transport\\chttp2\\client\\insecure\\channel_create_posix.cc " +
"src\\core\\ext\\transport\\inproc\\inproc_plugin.cc " +
"src\\core\\ext\\transport\\inproc\\inproc_transport.cc " +
"src\\core\\ext\\filters\\client_channel\\lb_policy\\grpclb\\client_load_reporting_filter.cc " +
@@ -323,6 +287,9 @@ if (PHP_GRPC != "no") {
"src\\core\\ext\\filters\\client_channel\\lb_policy\\grpclb\\grpclb_client_stats.cc " +
"src\\core\\ext\\filters\\client_channel\\lb_policy\\grpclb\\load_balancer_api.cc " +
"src\\core\\ext\\filters\\client_channel\\lb_policy\\grpclb\\proto\\grpc\\lb\\v1\\load_balancer.pb.c " +
+ "third_party\\nanopb\\pb_common.c " +
+ "third_party\\nanopb\\pb_decode.c " +
+ "third_party\\nanopb\\pb_encode.c " +
"src\\core\\ext\\filters\\client_channel\\resolver\\fake\\fake_resolver.cc " +
"src\\core\\ext\\filters\\client_channel\\lb_policy\\pick_first\\pick_first.cc " +
"src\\core\\ext\\filters\\client_channel\\lb_policy\\subchannel_list.cc " +
@@ -681,7 +648,6 @@ if (PHP_GRPC != "no") {
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\lib\\security");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\lib\\security\\context");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\lib\\security\\credentials");
- FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\lib\\security\\credentials\\alts");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\lib\\security\\credentials\\composite");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\lib\\security\\credentials\\fake");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\lib\\security\\credentials\\google_default");
@@ -698,11 +664,6 @@ if (PHP_GRPC != "no") {
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\lib\\transport");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\plugin_registry");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\tsi");
- FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\tsi\\alts");
- FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\tsi\\alts\\crypt");
- FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\tsi\\alts\\frame_protector");
- FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\tsi\\alts\\handshaker");
- FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\tsi\\alts\\zero_copy_frame_protector");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\php");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\php\\ext");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\php\\ext\\grpc");
diff --git a/gRPC-C++.podspec b/gRPC-C++.podspec
index 65a5dc66b4..821c16da45 100644
--- a/gRPC-C++.podspec
+++ b/gRPC-C++.podspec
@@ -260,7 +260,6 @@ Pod::Spec.new do |s|
'src/core/ext/filters/http/message_compress/message_compress_filter.h',
'src/core/ext/filters/http/server/http_server_filter.h',
'src/core/lib/security/context/security_context.h',
- 'src/core/lib/security/credentials/alts/alts_credentials.h',
'src/core/lib/security/credentials/composite/composite_credentials.h',
'src/core/lib/security/credentials/credentials.h',
'src/core/lib/security/credentials/fake/fake_credentials.h',
@@ -272,7 +271,6 @@ Pod::Spec.new do |s|
'src/core/lib/security/credentials/oauth2/oauth2_credentials.h',
'src/core/lib/security/credentials/plugin/plugin_credentials.h',
'src/core/lib/security/credentials/ssl/ssl_credentials.h',
- 'src/core/lib/security/security_connector/alts_security_connector.h',
'src/core/lib/security/security_connector/security_connector.h',
'src/core/lib/security/transport/auth_filters.h',
'src/core/lib/security/transport/secure_endpoint.h',
@@ -280,35 +278,15 @@ Pod::Spec.new do |s|
'src/core/lib/security/transport/target_authority_table.h',
'src/core/lib/security/transport/tsi_error.h',
'src/core/lib/security/util/json_util.h',
- 'src/core/tsi/alts/crypt/gsec.h',
- 'src/core/tsi/alts/frame_protector/alts_counter.h',
- 'src/core/tsi/alts/frame_protector/alts_crypter.h',
- 'src/core/tsi/alts/frame_protector/alts_frame_protector.h',
- 'src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h',
- 'src/core/tsi/alts/frame_protector/frame_handler.h',
- 'src/core/tsi/alts/handshaker/alts_handshaker_client.h',
- 'src/core/tsi/alts/handshaker/alts_tsi_event.h',
- 'src/core/tsi/alts/handshaker/alts_tsi_handshaker.h',
- 'src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h',
- 'src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h',
- 'src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h',
- 'src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h',
- 'src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h',
- 'src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h',
- 'src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h',
- 'src/core/lib/security/credentials/alts/check_gcp_environment.h',
- 'src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h',
- 'src/core/tsi/alts/handshaker/alts_handshaker_service_api.h',
- 'src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h',
- 'src/core/tsi/alts/handshaker/alts_tsi_utils.h',
- 'src/core/tsi/alts/handshaker/transport_security_common_api.h',
- 'src/core/tsi/alts/handshaker/altscontext.pb.h',
- 'src/core/tsi/alts/handshaker/handshaker.pb.h',
- 'src/core/tsi/alts/handshaker/transport_security_common.pb.h',
+ 'src/core/tsi/alts_transport_security.h',
+ 'src/core/tsi/fake_transport_security.h',
+ 'src/core/tsi/ssl_transport_security.h',
+ 'src/core/tsi/ssl_types.h',
+ 'src/core/tsi/transport_security_grpc.h',
'src/core/tsi/transport_security.h',
'src/core/tsi/transport_security_adapter.h',
'src/core/tsi/transport_security_interface.h',
- 'src/core/ext/transport/chttp2/client/chttp2_connector.h',
+ 'src/core/ext/transport/chttp2/server/chttp2_server.h',
'src/core/ext/filters/client_channel/backup_poller.h',
'src/core/ext/filters/client_channel/client_channel.h',
'src/core/ext/filters/client_channel/client_channel_factory.h',
@@ -331,12 +309,7 @@ Pod::Spec.new do |s|
'src/core/ext/filters/client_channel/subchannel_index.h',
'src/core/ext/filters/client_channel/uri_parser.h',
'src/core/ext/filters/deadline/deadline_filter.h',
- 'src/core/tsi/alts_transport_security.h',
- 'src/core/tsi/fake_transport_security.h',
- 'src/core/tsi/ssl_transport_security.h',
- 'src/core/tsi/ssl_types.h',
- 'src/core/tsi/transport_security_grpc.h',
- 'src/core/ext/transport/chttp2/server/chttp2_server.h',
+ 'src/core/ext/transport/chttp2/client/chttp2_connector.h',
'src/core/ext/transport/inproc/inproc_transport.h',
'src/core/lib/avl/avl.h',
'src/core/lib/backoff/backoff.h',
diff --git a/gRPC-Core.podspec b/gRPC-Core.podspec
index 7f61719cb1..6c6c76991c 100644
--- a/gRPC-Core.podspec
+++ b/gRPC-Core.podspec
@@ -93,7 +93,7 @@ Pod::Spec.new do |s|
}
s.default_subspecs = 'Interface', 'Implementation'
- s.compiler_flags = '-DGRPC_ARES=0', '-DPB_FIELD_16BIT'
+ s.compiler_flags = '-DGRPC_ARES=0'
s.libraries = 'c++'
# Like many other C libraries, gRPC-Core has its public headers under `include/<libname>/` and its
@@ -271,7 +271,6 @@ Pod::Spec.new do |s|
'src/core/ext/filters/http/message_compress/message_compress_filter.h',
'src/core/ext/filters/http/server/http_server_filter.h',
'src/core/lib/security/context/security_context.h',
- 'src/core/lib/security/credentials/alts/alts_credentials.h',
'src/core/lib/security/credentials/composite/composite_credentials.h',
'src/core/lib/security/credentials/credentials.h',
'src/core/lib/security/credentials/fake/fake_credentials.h',
@@ -283,7 +282,6 @@ Pod::Spec.new do |s|
'src/core/lib/security/credentials/oauth2/oauth2_credentials.h',
'src/core/lib/security/credentials/plugin/plugin_credentials.h',
'src/core/lib/security/credentials/ssl/ssl_credentials.h',
- 'src/core/lib/security/security_connector/alts_security_connector.h',
'src/core/lib/security/security_connector/security_connector.h',
'src/core/lib/security/transport/auth_filters.h',
'src/core/lib/security/transport/secure_endpoint.h',
@@ -291,35 +289,15 @@ Pod::Spec.new do |s|
'src/core/lib/security/transport/target_authority_table.h',
'src/core/lib/security/transport/tsi_error.h',
'src/core/lib/security/util/json_util.h',
- 'src/core/tsi/alts/crypt/gsec.h',
- 'src/core/tsi/alts/frame_protector/alts_counter.h',
- 'src/core/tsi/alts/frame_protector/alts_crypter.h',
- 'src/core/tsi/alts/frame_protector/alts_frame_protector.h',
- 'src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h',
- 'src/core/tsi/alts/frame_protector/frame_handler.h',
- 'src/core/tsi/alts/handshaker/alts_handshaker_client.h',
- 'src/core/tsi/alts/handshaker/alts_tsi_event.h',
- 'src/core/tsi/alts/handshaker/alts_tsi_handshaker.h',
- 'src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h',
- 'src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h',
- 'src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h',
- 'src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h',
- 'src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h',
- 'src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h',
- 'src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h',
- 'src/core/lib/security/credentials/alts/check_gcp_environment.h',
- 'src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h',
- 'src/core/tsi/alts/handshaker/alts_handshaker_service_api.h',
- 'src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h',
- 'src/core/tsi/alts/handshaker/alts_tsi_utils.h',
- 'src/core/tsi/alts/handshaker/transport_security_common_api.h',
- 'src/core/tsi/alts/handshaker/altscontext.pb.h',
- 'src/core/tsi/alts/handshaker/handshaker.pb.h',
- 'src/core/tsi/alts/handshaker/transport_security_common.pb.h',
+ 'src/core/tsi/alts_transport_security.h',
+ 'src/core/tsi/fake_transport_security.h',
+ 'src/core/tsi/ssl_transport_security.h',
+ 'src/core/tsi/ssl_types.h',
+ 'src/core/tsi/transport_security_grpc.h',
'src/core/tsi/transport_security.h',
'src/core/tsi/transport_security_adapter.h',
'src/core/tsi/transport_security_interface.h',
- 'src/core/ext/transport/chttp2/client/chttp2_connector.h',
+ 'src/core/ext/transport/chttp2/server/chttp2_server.h',
'src/core/ext/filters/client_channel/backup_poller.h',
'src/core/ext/filters/client_channel/client_channel.h',
'src/core/ext/filters/client_channel/client_channel_factory.h',
@@ -342,12 +320,7 @@ Pod::Spec.new do |s|
'src/core/ext/filters/client_channel/subchannel_index.h',
'src/core/ext/filters/client_channel/uri_parser.h',
'src/core/ext/filters/deadline/deadline_filter.h',
- 'src/core/tsi/alts_transport_security.h',
- 'src/core/tsi/fake_transport_security.h',
- 'src/core/tsi/ssl_transport_security.h',
- 'src/core/tsi/ssl_types.h',
- 'src/core/tsi/transport_security_grpc.h',
- 'src/core/ext/transport/chttp2/server/chttp2_server.h',
+ 'src/core/ext/transport/chttp2/client/chttp2_connector.h',
'src/core/ext/transport/inproc/inproc_transport.h',
'src/core/lib/avl/avl.h',
'src/core/lib/backoff/backoff.h',
@@ -658,7 +631,6 @@ Pod::Spec.new do |s|
'src/core/ext/filters/http/server/http_server_filter.cc',
'src/core/lib/http/httpcli_security_connector.cc',
'src/core/lib/security/context/security_context.cc',
- 'src/core/lib/security/credentials/alts/alts_credentials.cc',
'src/core/lib/security/credentials/composite/composite_credentials.cc',
'src/core/lib/security/credentials/credentials.cc',
'src/core/lib/security/credentials/credentials_metadata.cc',
@@ -672,7 +644,6 @@ Pod::Spec.new do |s|
'src/core/lib/security/credentials/oauth2/oauth2_credentials.cc',
'src/core/lib/security/credentials/plugin/plugin_credentials.cc',
'src/core/lib/security/credentials/ssl/ssl_credentials.cc',
- 'src/core/lib/security/security_connector/alts_security_connector.cc',
'src/core/lib/security/security_connector/security_connector.cc',
'src/core/lib/security/transport/client_auth_filter.cc',
'src/core/lib/security/transport/secure_endpoint.cc',
@@ -682,42 +653,14 @@ Pod::Spec.new do |s|
'src/core/lib/security/transport/tsi_error.cc',
'src/core/lib/security/util/json_util.cc',
'src/core/lib/surface/init_secure.cc',
- 'src/core/tsi/alts/crypt/aes_gcm.cc',
- 'src/core/tsi/alts/crypt/gsec.cc',
- 'src/core/tsi/alts/frame_protector/alts_counter.cc',
- 'src/core/tsi/alts/frame_protector/alts_crypter.cc',
- 'src/core/tsi/alts/frame_protector/alts_frame_protector.cc',
- 'src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc',
- 'src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc',
- 'src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc',
- 'src/core/tsi/alts/frame_protector/frame_handler.cc',
- 'src/core/tsi/alts/handshaker/alts_handshaker_client.cc',
- 'src/core/tsi/alts/handshaker/alts_tsi_event.cc',
- 'src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc',
- 'src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc',
- 'src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc',
- 'src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc',
- 'src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc',
- 'src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc',
- 'src/core/lib/security/credentials/alts/check_gcp_environment.cc',
- 'src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc',
- 'src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc',
- 'src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc',
- 'src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc',
- 'src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc',
- 'src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc',
- 'src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc',
- 'src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc',
- 'src/core/tsi/alts/handshaker/alts_tsi_utils.cc',
- 'src/core/tsi/alts/handshaker/transport_security_common_api.cc',
- 'src/core/tsi/alts/handshaker/altscontext.pb.c',
- 'src/core/tsi/alts/handshaker/handshaker.pb.c',
- 'src/core/tsi/alts/handshaker/transport_security_common.pb.c',
+ 'src/core/tsi/alts_transport_security.cc',
+ 'src/core/tsi/fake_transport_security.cc',
+ 'src/core/tsi/ssl_transport_security.cc',
+ 'src/core/tsi/transport_security_grpc.cc',
'src/core/tsi/transport_security.cc',
'src/core/tsi/transport_security_adapter.cc',
- 'src/core/ext/transport/chttp2/client/insecure/channel_create.cc',
- 'src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc',
- 'src/core/ext/transport/chttp2/client/chttp2_connector.cc',
+ 'src/core/ext/transport/chttp2/server/chttp2_server.cc',
+ 'src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc',
'src/core/ext/filters/client_channel/backup_poller.cc',
'src/core/ext/filters/client_channel/channel_connectivity.cc',
'src/core/ext/filters/client_channel/client_channel.cc',
@@ -741,14 +684,11 @@ Pod::Spec.new do |s|
'src/core/ext/filters/client_channel/subchannel_index.cc',
'src/core/ext/filters/client_channel/uri_parser.cc',
'src/core/ext/filters/deadline/deadline_filter.cc',
- 'src/core/tsi/alts_transport_security.cc',
- 'src/core/tsi/fake_transport_security.cc',
- 'src/core/tsi/ssl_transport_security.cc',
- 'src/core/tsi/transport_security_grpc.cc',
- 'src/core/ext/transport/chttp2/server/chttp2_server.cc',
- 'src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc',
+ 'src/core/ext/transport/chttp2/client/chttp2_connector.cc',
'src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc',
'src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc',
+ 'src/core/ext/transport/chttp2/client/insecure/channel_create.cc',
+ 'src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc',
'src/core/ext/transport/inproc/inproc_plugin.cc',
'src/core/ext/transport/inproc/inproc_transport.cc',
'src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc',
@@ -825,7 +765,6 @@ Pod::Spec.new do |s|
'src/core/ext/filters/http/message_compress/message_compress_filter.h',
'src/core/ext/filters/http/server/http_server_filter.h',
'src/core/lib/security/context/security_context.h',
- 'src/core/lib/security/credentials/alts/alts_credentials.h',
'src/core/lib/security/credentials/composite/composite_credentials.h',
'src/core/lib/security/credentials/credentials.h',
'src/core/lib/security/credentials/fake/fake_credentials.h',
@@ -837,7 +776,6 @@ Pod::Spec.new do |s|
'src/core/lib/security/credentials/oauth2/oauth2_credentials.h',
'src/core/lib/security/credentials/plugin/plugin_credentials.h',
'src/core/lib/security/credentials/ssl/ssl_credentials.h',
- 'src/core/lib/security/security_connector/alts_security_connector.h',
'src/core/lib/security/security_connector/security_connector.h',
'src/core/lib/security/transport/auth_filters.h',
'src/core/lib/security/transport/secure_endpoint.h',
@@ -845,35 +783,15 @@ Pod::Spec.new do |s|
'src/core/lib/security/transport/target_authority_table.h',
'src/core/lib/security/transport/tsi_error.h',
'src/core/lib/security/util/json_util.h',
- 'src/core/tsi/alts/crypt/gsec.h',
- 'src/core/tsi/alts/frame_protector/alts_counter.h',
- 'src/core/tsi/alts/frame_protector/alts_crypter.h',
- 'src/core/tsi/alts/frame_protector/alts_frame_protector.h',
- 'src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h',
- 'src/core/tsi/alts/frame_protector/frame_handler.h',
- 'src/core/tsi/alts/handshaker/alts_handshaker_client.h',
- 'src/core/tsi/alts/handshaker/alts_tsi_event.h',
- 'src/core/tsi/alts/handshaker/alts_tsi_handshaker.h',
- 'src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h',
- 'src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h',
- 'src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h',
- 'src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h',
- 'src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h',
- 'src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h',
- 'src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h',
- 'src/core/lib/security/credentials/alts/check_gcp_environment.h',
- 'src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h',
- 'src/core/tsi/alts/handshaker/alts_handshaker_service_api.h',
- 'src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h',
- 'src/core/tsi/alts/handshaker/alts_tsi_utils.h',
- 'src/core/tsi/alts/handshaker/transport_security_common_api.h',
- 'src/core/tsi/alts/handshaker/altscontext.pb.h',
- 'src/core/tsi/alts/handshaker/handshaker.pb.h',
- 'src/core/tsi/alts/handshaker/transport_security_common.pb.h',
+ 'src/core/tsi/alts_transport_security.h',
+ 'src/core/tsi/fake_transport_security.h',
+ 'src/core/tsi/ssl_transport_security.h',
+ 'src/core/tsi/ssl_types.h',
+ 'src/core/tsi/transport_security_grpc.h',
'src/core/tsi/transport_security.h',
'src/core/tsi/transport_security_adapter.h',
'src/core/tsi/transport_security_interface.h',
- 'src/core/ext/transport/chttp2/client/chttp2_connector.h',
+ 'src/core/ext/transport/chttp2/server/chttp2_server.h',
'src/core/ext/filters/client_channel/backup_poller.h',
'src/core/ext/filters/client_channel/client_channel.h',
'src/core/ext/filters/client_channel/client_channel_factory.h',
@@ -896,12 +814,7 @@ Pod::Spec.new do |s|
'src/core/ext/filters/client_channel/subchannel_index.h',
'src/core/ext/filters/client_channel/uri_parser.h',
'src/core/ext/filters/deadline/deadline_filter.h',
- 'src/core/tsi/alts_transport_security.h',
- 'src/core/tsi/fake_transport_security.h',
- 'src/core/tsi/ssl_transport_security.h',
- 'src/core/tsi/ssl_types.h',
- 'src/core/tsi/transport_security_grpc.h',
- 'src/core/ext/transport/chttp2/server/chttp2_server.h',
+ 'src/core/ext/transport/chttp2/client/chttp2_connector.h',
'src/core/ext/transport/inproc/inproc_transport.h',
'src/core/lib/avl/avl.h',
'src/core/lib/backoff/backoff.h',
@@ -1062,15 +975,8 @@ Pod::Spec.new do |s|
ss.source_files = 'src/core/ext/transport/cronet/client/secure/cronet_channel_create.cc',
'src/core/ext/transport/cronet/transport/cronet_transport.cc',
- 'third_party/nanopb/pb_common.c',
- 'third_party/nanopb/pb_decode.c',
- 'third_party/nanopb/pb_encode.c',
'src/core/ext/transport/cronet/transport/cronet_transport.h',
- 'third_party/objective_c/Cronet/bidirectional_stream_c.h',
- 'third_party/nanopb/pb.h',
- 'third_party/nanopb/pb_common.h',
- 'third_party/nanopb/pb_decode.h',
- 'third_party/nanopb/pb_encode.h'
+ 'third_party/objective_c/Cronet/bidirectional_stream_c.h'
end
s.subspec 'Tests' do |ss|
diff --git a/grpc.gemspec b/grpc.gemspec
index 3df7cea33f..fbe70aa795 100644
--- a/grpc.gemspec
+++ b/grpc.gemspec
@@ -197,7 +197,6 @@ Gem::Specification.new do |s|
s.files += %w( src/core/ext/filters/http/message_compress/message_compress_filter.h )
s.files += %w( src/core/ext/filters/http/server/http_server_filter.h )
s.files += %w( src/core/lib/security/context/security_context.h )
- s.files += %w( src/core/lib/security/credentials/alts/alts_credentials.h )
s.files += %w( src/core/lib/security/credentials/composite/composite_credentials.h )
s.files += %w( src/core/lib/security/credentials/credentials.h )
s.files += %w( src/core/lib/security/credentials/fake/fake_credentials.h )
@@ -209,7 +208,6 @@ Gem::Specification.new do |s|
s.files += %w( src/core/lib/security/credentials/oauth2/oauth2_credentials.h )
s.files += %w( src/core/lib/security/credentials/plugin/plugin_credentials.h )
s.files += %w( src/core/lib/security/credentials/ssl/ssl_credentials.h )
- s.files += %w( src/core/lib/security/security_connector/alts_security_connector.h )
s.files += %w( src/core/lib/security/security_connector/security_connector.h )
s.files += %w( src/core/lib/security/transport/auth_filters.h )
s.files += %w( src/core/lib/security/transport/secure_endpoint.h )
@@ -217,39 +215,15 @@ Gem::Specification.new do |s|
s.files += %w( src/core/lib/security/transport/target_authority_table.h )
s.files += %w( src/core/lib/security/transport/tsi_error.h )
s.files += %w( src/core/lib/security/util/json_util.h )
- s.files += %w( src/core/tsi/alts/crypt/gsec.h )
- s.files += %w( src/core/tsi/alts/frame_protector/alts_counter.h )
- s.files += %w( src/core/tsi/alts/frame_protector/alts_crypter.h )
- s.files += %w( src/core/tsi/alts/frame_protector/alts_frame_protector.h )
- s.files += %w( src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h )
- s.files += %w( src/core/tsi/alts/frame_protector/frame_handler.h )
- s.files += %w( src/core/tsi/alts/handshaker/alts_handshaker_client.h )
- s.files += %w( src/core/tsi/alts/handshaker/alts_tsi_event.h )
- s.files += %w( src/core/tsi/alts/handshaker/alts_tsi_handshaker.h )
- s.files += %w( src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h )
- s.files += %w( src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h )
- s.files += %w( src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h )
- s.files += %w( src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h )
- s.files += %w( src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h )
- s.files += %w( src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h )
- s.files += %w( src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h )
- s.files += %w( src/core/lib/security/credentials/alts/check_gcp_environment.h )
- s.files += %w( src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h )
- s.files += %w( src/core/tsi/alts/handshaker/alts_handshaker_service_api.h )
- s.files += %w( src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h )
- s.files += %w( src/core/tsi/alts/handshaker/alts_tsi_utils.h )
- s.files += %w( src/core/tsi/alts/handshaker/transport_security_common_api.h )
- s.files += %w( src/core/tsi/alts/handshaker/altscontext.pb.h )
- s.files += %w( src/core/tsi/alts/handshaker/handshaker.pb.h )
- s.files += %w( src/core/tsi/alts/handshaker/transport_security_common.pb.h )
- s.files += %w( third_party/nanopb/pb.h )
- s.files += %w( third_party/nanopb/pb_common.h )
- s.files += %w( third_party/nanopb/pb_decode.h )
- s.files += %w( third_party/nanopb/pb_encode.h )
+ s.files += %w( src/core/tsi/alts_transport_security.h )
+ s.files += %w( src/core/tsi/fake_transport_security.h )
+ s.files += %w( src/core/tsi/ssl_transport_security.h )
+ s.files += %w( src/core/tsi/ssl_types.h )
+ s.files += %w( src/core/tsi/transport_security_grpc.h )
s.files += %w( src/core/tsi/transport_security.h )
s.files += %w( src/core/tsi/transport_security_adapter.h )
s.files += %w( src/core/tsi/transport_security_interface.h )
- s.files += %w( src/core/ext/transport/chttp2/client/chttp2_connector.h )
+ s.files += %w( src/core/ext/transport/chttp2/server/chttp2_server.h )
s.files += %w( src/core/ext/filters/client_channel/backup_poller.h )
s.files += %w( src/core/ext/filters/client_channel/client_channel.h )
s.files += %w( src/core/ext/filters/client_channel/client_channel_factory.h )
@@ -272,12 +246,7 @@ Gem::Specification.new do |s|
s.files += %w( src/core/ext/filters/client_channel/subchannel_index.h )
s.files += %w( src/core/ext/filters/client_channel/uri_parser.h )
s.files += %w( src/core/ext/filters/deadline/deadline_filter.h )
- s.files += %w( src/core/tsi/alts_transport_security.h )
- s.files += %w( src/core/tsi/fake_transport_security.h )
- s.files += %w( src/core/tsi/ssl_transport_security.h )
- s.files += %w( src/core/tsi/ssl_types.h )
- s.files += %w( src/core/tsi/transport_security_grpc.h )
- s.files += %w( src/core/ext/transport/chttp2/server/chttp2_server.h )
+ s.files += %w( src/core/ext/transport/chttp2/client/chttp2_connector.h )
s.files += %w( src/core/ext/transport/inproc/inproc_transport.h )
s.files += %w( src/core/lib/avl/avl.h )
s.files += %w( src/core/lib/backoff/backoff.h )
@@ -412,6 +381,10 @@ Gem::Specification.new do |s|
s.files += %w( src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h )
s.files += %w( src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h )
s.files += %w( src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.h )
+ s.files += %w( third_party/nanopb/pb.h )
+ s.files += %w( third_party/nanopb/pb_common.h )
+ s.files += %w( third_party/nanopb/pb_decode.h )
+ s.files += %w( third_party/nanopb/pb_encode.h )
s.files += %w( src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h )
s.files += %w( src/core/ext/filters/client_channel/lb_policy/subchannel_list.h )
s.files += %w( src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h )
@@ -588,7 +561,6 @@ Gem::Specification.new do |s|
s.files += %w( src/core/ext/filters/http/server/http_server_filter.cc )
s.files += %w( src/core/lib/http/httpcli_security_connector.cc )
s.files += %w( src/core/lib/security/context/security_context.cc )
- s.files += %w( src/core/lib/security/credentials/alts/alts_credentials.cc )
s.files += %w( src/core/lib/security/credentials/composite/composite_credentials.cc )
s.files += %w( src/core/lib/security/credentials/credentials.cc )
s.files += %w( src/core/lib/security/credentials/credentials_metadata.cc )
@@ -602,7 +574,6 @@ Gem::Specification.new do |s|
s.files += %w( src/core/lib/security/credentials/oauth2/oauth2_credentials.cc )
s.files += %w( src/core/lib/security/credentials/plugin/plugin_credentials.cc )
s.files += %w( src/core/lib/security/credentials/ssl/ssl_credentials.cc )
- s.files += %w( src/core/lib/security/security_connector/alts_security_connector.cc )
s.files += %w( src/core/lib/security/security_connector/security_connector.cc )
s.files += %w( src/core/lib/security/transport/client_auth_filter.cc )
s.files += %w( src/core/lib/security/transport/secure_endpoint.cc )
@@ -612,45 +583,14 @@ Gem::Specification.new do |s|
s.files += %w( src/core/lib/security/transport/tsi_error.cc )
s.files += %w( src/core/lib/security/util/json_util.cc )
s.files += %w( src/core/lib/surface/init_secure.cc )
- s.files += %w( src/core/tsi/alts/crypt/aes_gcm.cc )
- s.files += %w( src/core/tsi/alts/crypt/gsec.cc )
- s.files += %w( src/core/tsi/alts/frame_protector/alts_counter.cc )
- s.files += %w( src/core/tsi/alts/frame_protector/alts_crypter.cc )
- s.files += %w( src/core/tsi/alts/frame_protector/alts_frame_protector.cc )
- s.files += %w( src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc )
- s.files += %w( src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc )
- s.files += %w( src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc )
- s.files += %w( src/core/tsi/alts/frame_protector/frame_handler.cc )
- s.files += %w( src/core/tsi/alts/handshaker/alts_handshaker_client.cc )
- s.files += %w( src/core/tsi/alts/handshaker/alts_tsi_event.cc )
- s.files += %w( src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc )
- s.files += %w( src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc )
- s.files += %w( src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc )
- s.files += %w( src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc )
- s.files += %w( src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc )
- s.files += %w( src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc )
- s.files += %w( src/core/lib/security/credentials/alts/check_gcp_environment.cc )
- s.files += %w( src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc )
- s.files += %w( src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc )
- s.files += %w( src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc )
- s.files += %w( src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc )
- s.files += %w( src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc )
- s.files += %w( src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc )
- s.files += %w( src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc )
- s.files += %w( src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc )
- s.files += %w( src/core/tsi/alts/handshaker/alts_tsi_utils.cc )
- s.files += %w( src/core/tsi/alts/handshaker/transport_security_common_api.cc )
- s.files += %w( src/core/tsi/alts/handshaker/altscontext.pb.c )
- s.files += %w( src/core/tsi/alts/handshaker/handshaker.pb.c )
- s.files += %w( src/core/tsi/alts/handshaker/transport_security_common.pb.c )
- s.files += %w( third_party/nanopb/pb_common.c )
- s.files += %w( third_party/nanopb/pb_decode.c )
- s.files += %w( third_party/nanopb/pb_encode.c )
+ s.files += %w( src/core/tsi/alts_transport_security.cc )
+ s.files += %w( src/core/tsi/fake_transport_security.cc )
+ s.files += %w( src/core/tsi/ssl_transport_security.cc )
+ s.files += %w( src/core/tsi/transport_security_grpc.cc )
s.files += %w( src/core/tsi/transport_security.cc )
s.files += %w( src/core/tsi/transport_security_adapter.cc )
- s.files += %w( src/core/ext/transport/chttp2/client/insecure/channel_create.cc )
- s.files += %w( src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc )
- s.files += %w( src/core/ext/transport/chttp2/client/chttp2_connector.cc )
+ s.files += %w( src/core/ext/transport/chttp2/server/chttp2_server.cc )
+ s.files += %w( src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc )
s.files += %w( src/core/ext/filters/client_channel/backup_poller.cc )
s.files += %w( src/core/ext/filters/client_channel/channel_connectivity.cc )
s.files += %w( src/core/ext/filters/client_channel/client_channel.cc )
@@ -674,14 +614,11 @@ Gem::Specification.new do |s|
s.files += %w( src/core/ext/filters/client_channel/subchannel_index.cc )
s.files += %w( src/core/ext/filters/client_channel/uri_parser.cc )
s.files += %w( src/core/ext/filters/deadline/deadline_filter.cc )
- s.files += %w( src/core/tsi/alts_transport_security.cc )
- s.files += %w( src/core/tsi/fake_transport_security.cc )
- s.files += %w( src/core/tsi/ssl_transport_security.cc )
- s.files += %w( src/core/tsi/transport_security_grpc.cc )
- s.files += %w( src/core/ext/transport/chttp2/server/chttp2_server.cc )
- s.files += %w( src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc )
+ s.files += %w( src/core/ext/transport/chttp2/client/chttp2_connector.cc )
s.files += %w( src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc )
s.files += %w( src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc )
+ s.files += %w( src/core/ext/transport/chttp2/client/insecure/channel_create.cc )
+ s.files += %w( src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc )
s.files += %w( src/core/ext/transport/inproc/inproc_plugin.cc )
s.files += %w( src/core/ext/transport/inproc/inproc_transport.cc )
s.files += %w( src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc )
@@ -690,6 +627,9 @@ Gem::Specification.new do |s|
s.files += %w( src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc )
s.files += %w( src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc )
s.files += %w( src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c )
+ s.files += %w( third_party/nanopb/pb_common.c )
+ s.files += %w( third_party/nanopb/pb_decode.c )
+ s.files += %w( third_party/nanopb/pb_encode.c )
s.files += %w( src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc )
s.files += %w( src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc )
s.files += %w( src/core/ext/filters/client_channel/lb_policy/subchannel_list.cc )
diff --git a/grpc.gyp b/grpc.gyp
index 38597a5b4f..cd3deddb0e 100644
--- a/grpc.gyp
+++ b/grpc.gyp
@@ -64,11 +64,11 @@
],
'cflags_c': [
'-Werror',
- '-std=c99',
+ '-std=c99'
],
'cflags_cc': [
'-Werror',
- '-std=c++11',
+ '-std=c++11'
],
'include_dirs': [
'.',
@@ -148,7 +148,7 @@
'-Wno-deprecated-declarations',
'-stdlib=libc++',
'-std=c++11',
- '-Wno-error=deprecated-declarations',
+ '-Wno-error=deprecated-declarations'
],
},
}]
@@ -156,17 +156,6 @@
},
'targets': [
{
- 'target_name': 'alts_test_util',
- 'type': 'static_library',
- 'dependencies': [
- 'grpc',
- ],
- 'sources': [
- 'test/core/tsi/alts/crypt/gsec_test_util.cc',
- 'test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.cc',
- ],
- },
- {
'target_name': 'gpr',
'type': 'static_library',
'dependencies': [
@@ -396,7 +385,6 @@
'src/core/ext/filters/http/server/http_server_filter.cc',
'src/core/lib/http/httpcli_security_connector.cc',
'src/core/lib/security/context/security_context.cc',
- 'src/core/lib/security/credentials/alts/alts_credentials.cc',
'src/core/lib/security/credentials/composite/composite_credentials.cc',
'src/core/lib/security/credentials/credentials.cc',
'src/core/lib/security/credentials/credentials_metadata.cc',
@@ -410,7 +398,6 @@
'src/core/lib/security/credentials/oauth2/oauth2_credentials.cc',
'src/core/lib/security/credentials/plugin/plugin_credentials.cc',
'src/core/lib/security/credentials/ssl/ssl_credentials.cc',
- 'src/core/lib/security/security_connector/alts_security_connector.cc',
'src/core/lib/security/security_connector/security_connector.cc',
'src/core/lib/security/transport/client_auth_filter.cc',
'src/core/lib/security/transport/secure_endpoint.cc',
@@ -420,45 +407,14 @@
'src/core/lib/security/transport/tsi_error.cc',
'src/core/lib/security/util/json_util.cc',
'src/core/lib/surface/init_secure.cc',
- 'src/core/tsi/alts/crypt/aes_gcm.cc',
- 'src/core/tsi/alts/crypt/gsec.cc',
- 'src/core/tsi/alts/frame_protector/alts_counter.cc',
- 'src/core/tsi/alts/frame_protector/alts_crypter.cc',
- 'src/core/tsi/alts/frame_protector/alts_frame_protector.cc',
- 'src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc',
- 'src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc',
- 'src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc',
- 'src/core/tsi/alts/frame_protector/frame_handler.cc',
- 'src/core/tsi/alts/handshaker/alts_handshaker_client.cc',
- 'src/core/tsi/alts/handshaker/alts_tsi_event.cc',
- 'src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc',
- 'src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc',
- 'src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc',
- 'src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc',
- 'src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc',
- 'src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc',
- 'src/core/lib/security/credentials/alts/check_gcp_environment.cc',
- 'src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc',
- 'src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc',
- 'src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc',
- 'src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc',
- 'src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc',
- 'src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc',
- 'src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc',
- 'src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc',
- 'src/core/tsi/alts/handshaker/alts_tsi_utils.cc',
- 'src/core/tsi/alts/handshaker/transport_security_common_api.cc',
- 'src/core/tsi/alts/handshaker/altscontext.pb.c',
- 'src/core/tsi/alts/handshaker/handshaker.pb.c',
- 'src/core/tsi/alts/handshaker/transport_security_common.pb.c',
- 'third_party/nanopb/pb_common.c',
- 'third_party/nanopb/pb_decode.c',
- 'third_party/nanopb/pb_encode.c',
+ 'src/core/tsi/alts_transport_security.cc',
+ 'src/core/tsi/fake_transport_security.cc',
+ 'src/core/tsi/ssl_transport_security.cc',
+ 'src/core/tsi/transport_security_grpc.cc',
'src/core/tsi/transport_security.cc',
'src/core/tsi/transport_security_adapter.cc',
- 'src/core/ext/transport/chttp2/client/insecure/channel_create.cc',
- 'src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc',
- 'src/core/ext/transport/chttp2/client/chttp2_connector.cc',
+ 'src/core/ext/transport/chttp2/server/chttp2_server.cc',
+ 'src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc',
'src/core/ext/filters/client_channel/backup_poller.cc',
'src/core/ext/filters/client_channel/channel_connectivity.cc',
'src/core/ext/filters/client_channel/client_channel.cc',
@@ -482,14 +438,11 @@
'src/core/ext/filters/client_channel/subchannel_index.cc',
'src/core/ext/filters/client_channel/uri_parser.cc',
'src/core/ext/filters/deadline/deadline_filter.cc',
- 'src/core/tsi/alts_transport_security.cc',
- 'src/core/tsi/fake_transport_security.cc',
- 'src/core/tsi/ssl_transport_security.cc',
- 'src/core/tsi/transport_security_grpc.cc',
- 'src/core/ext/transport/chttp2/server/chttp2_server.cc',
- 'src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc',
+ 'src/core/ext/transport/chttp2/client/chttp2_connector.cc',
'src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc',
'src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc',
+ 'src/core/ext/transport/chttp2/client/insecure/channel_create.cc',
+ 'src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc',
'src/core/ext/transport/inproc/inproc_plugin.cc',
'src/core/ext/transport/inproc/inproc_transport.cc',
'src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc',
@@ -498,6 +451,9 @@
'src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc',
'src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc',
'src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c',
+ 'third_party/nanopb/pb_common.c',
+ 'third_party/nanopb/pb_decode.c',
+ 'third_party/nanopb/pb_encode.c',
'src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc',
'src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc',
'src/core/ext/filters/client_channel/lb_policy/subchannel_list.cc',
diff --git a/package.xml b/package.xml
index c4a6f6fc92..db03230eba 100644
--- a/package.xml
+++ b/package.xml
@@ -204,7 +204,6 @@
<file baseinstalldir="/" name="src/core/ext/filters/http/message_compress/message_compress_filter.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/filters/http/server/http_server_filter.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/context/security_context.h" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/credentials/alts/alts_credentials.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/credentials/composite/composite_credentials.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/credentials/credentials.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/credentials/fake/fake_credentials.h" role="src" />
@@ -216,7 +215,6 @@
<file baseinstalldir="/" name="src/core/lib/security/credentials/oauth2/oauth2_credentials.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/credentials/plugin/plugin_credentials.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/credentials/ssl/ssl_credentials.h" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/security_connector/alts_security_connector.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/security_connector/security_connector.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/transport/auth_filters.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/transport/secure_endpoint.h" role="src" />
@@ -224,39 +222,15 @@
<file baseinstalldir="/" name="src/core/lib/security/transport/target_authority_table.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/transport/tsi_error.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/util/json_util.h" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/crypt/gsec.h" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/frame_protector/alts_counter.h" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/frame_protector/alts_crypter.h" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/frame_protector/alts_frame_protector.h" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/frame_protector/frame_handler.h" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/handshaker/alts_handshaker_client.h" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/handshaker/alts_tsi_event.h" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/handshaker/alts_tsi_handshaker.h" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/credentials/alts/check_gcp_environment.h" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/handshaker/alts_handshaker_service_api.h" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/handshaker/alts_tsi_utils.h" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/handshaker/transport_security_common_api.h" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/handshaker/altscontext.pb.h" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/handshaker/handshaker.pb.h" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/handshaker/transport_security_common.pb.h" role="src" />
- <file baseinstalldir="/" name="third_party/nanopb/pb.h" role="src" />
- <file baseinstalldir="/" name="third_party/nanopb/pb_common.h" role="src" />
- <file baseinstalldir="/" name="third_party/nanopb/pb_decode.h" role="src" />
- <file baseinstalldir="/" name="third_party/nanopb/pb_encode.h" role="src" />
+ <file baseinstalldir="/" name="src/core/tsi/alts_transport_security.h" role="src" />
+ <file baseinstalldir="/" name="src/core/tsi/fake_transport_security.h" role="src" />
+ <file baseinstalldir="/" name="src/core/tsi/ssl_transport_security.h" role="src" />
+ <file baseinstalldir="/" name="src/core/tsi/ssl_types.h" role="src" />
+ <file baseinstalldir="/" name="src/core/tsi/transport_security_grpc.h" role="src" />
<file baseinstalldir="/" name="src/core/tsi/transport_security.h" role="src" />
<file baseinstalldir="/" name="src/core/tsi/transport_security_adapter.h" role="src" />
<file baseinstalldir="/" name="src/core/tsi/transport_security_interface.h" role="src" />
- <file baseinstalldir="/" name="src/core/ext/transport/chttp2/client/chttp2_connector.h" role="src" />
+ <file baseinstalldir="/" name="src/core/ext/transport/chttp2/server/chttp2_server.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/filters/client_channel/backup_poller.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/filters/client_channel/client_channel.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/filters/client_channel/client_channel_factory.h" role="src" />
@@ -279,12 +253,7 @@
<file baseinstalldir="/" name="src/core/ext/filters/client_channel/subchannel_index.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/filters/client_channel/uri_parser.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/filters/deadline/deadline_filter.h" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts_transport_security.h" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/fake_transport_security.h" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/ssl_transport_security.h" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/ssl_types.h" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/transport_security_grpc.h" role="src" />
- <file baseinstalldir="/" name="src/core/ext/transport/chttp2/server/chttp2_server.h" role="src" />
+ <file baseinstalldir="/" name="src/core/ext/transport/chttp2/client/chttp2_connector.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/transport/inproc/inproc_transport.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/avl/avl.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/backoff/backoff.h" role="src" />
@@ -419,6 +388,10 @@
<file baseinstalldir="/" name="src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.h" role="src" />
+ <file baseinstalldir="/" name="third_party/nanopb/pb.h" role="src" />
+ <file baseinstalldir="/" name="third_party/nanopb/pb_common.h" role="src" />
+ <file baseinstalldir="/" name="third_party/nanopb/pb_decode.h" role="src" />
+ <file baseinstalldir="/" name="third_party/nanopb/pb_encode.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/filters/client_channel/lb_policy/subchannel_list.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h" role="src" />
@@ -595,7 +568,6 @@
<file baseinstalldir="/" name="src/core/ext/filters/http/server/http_server_filter.cc" role="src" />
<file baseinstalldir="/" name="src/core/lib/http/httpcli_security_connector.cc" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/context/security_context.cc" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/credentials/alts/alts_credentials.cc" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/credentials/composite/composite_credentials.cc" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/credentials/credentials.cc" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/credentials/credentials_metadata.cc" role="src" />
@@ -609,7 +581,6 @@
<file baseinstalldir="/" name="src/core/lib/security/credentials/oauth2/oauth2_credentials.cc" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/credentials/plugin/plugin_credentials.cc" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/credentials/ssl/ssl_credentials.cc" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/security_connector/alts_security_connector.cc" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/security_connector/security_connector.cc" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/transport/client_auth_filter.cc" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/transport/secure_endpoint.cc" role="src" />
@@ -619,45 +590,14 @@
<file baseinstalldir="/" name="src/core/lib/security/transport/tsi_error.cc" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/util/json_util.cc" role="src" />
<file baseinstalldir="/" name="src/core/lib/surface/init_secure.cc" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/crypt/aes_gcm.cc" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/crypt/gsec.cc" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/frame_protector/alts_counter.cc" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/frame_protector/alts_crypter.cc" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/frame_protector/alts_frame_protector.cc" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/frame_protector/frame_handler.cc" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/handshaker/alts_handshaker_client.cc" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/handshaker/alts_tsi_event.cc" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/credentials/alts/check_gcp_environment.cc" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/handshaker/alts_tsi_utils.cc" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/handshaker/transport_security_common_api.cc" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/handshaker/altscontext.pb.c" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/handshaker/handshaker.pb.c" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts/handshaker/transport_security_common.pb.c" role="src" />
- <file baseinstalldir="/" name="third_party/nanopb/pb_common.c" role="src" />
- <file baseinstalldir="/" name="third_party/nanopb/pb_decode.c" role="src" />
- <file baseinstalldir="/" name="third_party/nanopb/pb_encode.c" role="src" />
+ <file baseinstalldir="/" name="src/core/tsi/alts_transport_security.cc" role="src" />
+ <file baseinstalldir="/" name="src/core/tsi/fake_transport_security.cc" role="src" />
+ <file baseinstalldir="/" name="src/core/tsi/ssl_transport_security.cc" role="src" />
+ <file baseinstalldir="/" name="src/core/tsi/transport_security_grpc.cc" role="src" />
<file baseinstalldir="/" name="src/core/tsi/transport_security.cc" role="src" />
<file baseinstalldir="/" name="src/core/tsi/transport_security_adapter.cc" role="src" />
- <file baseinstalldir="/" name="src/core/ext/transport/chttp2/client/insecure/channel_create.cc" role="src" />
- <file baseinstalldir="/" name="src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc" role="src" />
- <file baseinstalldir="/" name="src/core/ext/transport/chttp2/client/chttp2_connector.cc" role="src" />
+ <file baseinstalldir="/" name="src/core/ext/transport/chttp2/server/chttp2_server.cc" role="src" />
+ <file baseinstalldir="/" name="src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc" role="src" />
<file baseinstalldir="/" name="src/core/ext/filters/client_channel/backup_poller.cc" role="src" />
<file baseinstalldir="/" name="src/core/ext/filters/client_channel/channel_connectivity.cc" role="src" />
<file baseinstalldir="/" name="src/core/ext/filters/client_channel/client_channel.cc" role="src" />
@@ -681,14 +621,11 @@
<file baseinstalldir="/" name="src/core/ext/filters/client_channel/subchannel_index.cc" role="src" />
<file baseinstalldir="/" name="src/core/ext/filters/client_channel/uri_parser.cc" role="src" />
<file baseinstalldir="/" name="src/core/ext/filters/deadline/deadline_filter.cc" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/alts_transport_security.cc" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/fake_transport_security.cc" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/ssl_transport_security.cc" role="src" />
- <file baseinstalldir="/" name="src/core/tsi/transport_security_grpc.cc" role="src" />
- <file baseinstalldir="/" name="src/core/ext/transport/chttp2/server/chttp2_server.cc" role="src" />
- <file baseinstalldir="/" name="src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc" role="src" />
+ <file baseinstalldir="/" name="src/core/ext/transport/chttp2/client/chttp2_connector.cc" role="src" />
<file baseinstalldir="/" name="src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc" role="src" />
<file baseinstalldir="/" name="src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc" role="src" />
+ <file baseinstalldir="/" name="src/core/ext/transport/chttp2/client/insecure/channel_create.cc" role="src" />
+ <file baseinstalldir="/" name="src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc" role="src" />
<file baseinstalldir="/" name="src/core/ext/transport/inproc/inproc_plugin.cc" role="src" />
<file baseinstalldir="/" name="src/core/ext/transport/inproc/inproc_transport.cc" role="src" />
<file baseinstalldir="/" name="src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc" role="src" />
@@ -697,6 +634,9 @@
<file baseinstalldir="/" name="src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc" role="src" />
<file baseinstalldir="/" name="src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc" role="src" />
<file baseinstalldir="/" name="src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c" role="src" />
+ <file baseinstalldir="/" name="third_party/nanopb/pb_common.c" role="src" />
+ <file baseinstalldir="/" name="third_party/nanopb/pb_decode.c" role="src" />
+ <file baseinstalldir="/" name="third_party/nanopb/pb_encode.c" role="src" />
<file baseinstalldir="/" name="src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc" role="src" />
<file baseinstalldir="/" name="src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc" role="src" />
<file baseinstalldir="/" name="src/core/ext/filters/client_channel/lb_policy/subchannel_list.cc" role="src" />
diff --git a/setup.py b/setup.py
index 7c07c5614c..4f67f82275 100644
--- a/setup.py
+++ b/setup.py
@@ -118,7 +118,6 @@ if EXTRA_ENV_COMPILE_ARGS is None:
EXTRA_ENV_COMPILE_ARGS += ' -std=c++11 -std=gnu99 -fvisibility=hidden -fno-wrapv -fno-exceptions'
elif "darwin" in sys.platform:
EXTRA_ENV_COMPILE_ARGS += ' -fvisibility=hidden -fno-wrapv -fno-exceptions'
-EXTRA_ENV_COMPILE_ARGS += ' -DPB_FIELD_16BIT'
if EXTRA_ENV_LINK_ARGS is None:
EXTRA_ENV_LINK_ARGS = ''
@@ -161,7 +160,7 @@ if "win32" in sys.platform:
DEFINE_MACROS = (
('OPENSSL_NO_ASM', 1), ('_WIN32_WINNT', 0x600),
- ('GPR_BACKWARDS_COMPATIBILITY_MODE', 1))
+ ('GPR_BACKWARDS_COMPATIBILITY_MODE', 1),)
if "win32" in sys.platform:
# TODO(zyc): Re-enble c-ares on x64 and x86 windows after fixing the
# ares_library_init compilation issue
diff --git a/src/core/lib/security/credentials/alts/alts_credentials.cc b/src/core/lib/security/credentials/alts/alts_credentials.cc
deleted file mode 100644
index fa05d901bf..0000000000
--- a/src/core/lib/security/credentials/alts/alts_credentials.cc
+++ /dev/null
@@ -1,119 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <grpc/support/port_platform.h>
-
-#include "src/core/lib/security/credentials/alts/alts_credentials.h"
-
-#include <cstring>
-
-#include <grpc/grpc.h>
-#include <grpc/support/alloc.h>
-#include <grpc/support/log.h>
-#include <grpc/support/string_util.h>
-
-#include "src/core/lib/security/credentials/alts/check_gcp_environment.h"
-#include "src/core/lib/security/security_connector/alts_security_connector.h"
-
-#define GRPC_CREDENTIALS_TYPE_ALTS "Alts"
-#define GRPC_ALTS_HANDSHAKER_SERVICE_URL "metadata.google.internal:8080"
-
-static void alts_credentials_destruct(grpc_channel_credentials* creds) {
- grpc_alts_credentials* alts_creds =
- reinterpret_cast<grpc_alts_credentials*>(creds);
- grpc_alts_credentials_options_destroy(alts_creds->options);
- gpr_free(alts_creds->handshaker_service_url);
-}
-
-static void alts_server_credentials_destruct(grpc_server_credentials* creds) {
- grpc_alts_server_credentials* alts_creds =
- reinterpret_cast<grpc_alts_server_credentials*>(creds);
- grpc_alts_credentials_options_destroy(alts_creds->options);
- gpr_free(alts_creds->handshaker_service_url);
-}
-
-static grpc_security_status alts_create_security_connector(
- grpc_channel_credentials* creds,
- grpc_call_credentials* request_metadata_creds, const char* target_name,
- const grpc_channel_args* args, grpc_channel_security_connector** sc,
- grpc_channel_args** new_args) {
- return grpc_alts_channel_security_connector_create(
- creds, request_metadata_creds, target_name, sc);
-}
-
-static grpc_security_status alts_server_create_security_connector(
- grpc_server_credentials* creds, grpc_server_security_connector** sc) {
- return grpc_alts_server_security_connector_create(creds, sc);
-}
-
-static const grpc_channel_credentials_vtable alts_credentials_vtable = {
- alts_credentials_destruct, alts_create_security_connector,
- /*duplicate_without_call_credentials=*/nullptr};
-
-static const grpc_server_credentials_vtable alts_server_credentials_vtable = {
- alts_server_credentials_destruct, alts_server_create_security_connector};
-
-grpc_channel_credentials* grpc_alts_credentials_create_customized(
- const grpc_alts_credentials_options* options,
- const char* handshaker_service_url, bool enable_untrusted_alts) {
- if (!enable_untrusted_alts && !grpc_alts_is_running_on_gcp()) {
- return nullptr;
- }
- auto creds = static_cast<grpc_alts_credentials*>(
- gpr_zalloc(sizeof(grpc_alts_credentials)));
- creds->options = grpc_alts_credentials_options_copy(options);
- creds->handshaker_service_url =
- handshaker_service_url == nullptr
- ? gpr_strdup(GRPC_ALTS_HANDSHAKER_SERVICE_URL)
- : gpr_strdup(handshaker_service_url);
- creds->base.type = GRPC_CREDENTIALS_TYPE_ALTS;
- creds->base.vtable = &alts_credentials_vtable;
- gpr_ref_init(&creds->base.refcount, 1);
- return &creds->base;
-}
-
-grpc_server_credentials* grpc_alts_server_credentials_create_customized(
- const grpc_alts_credentials_options* options,
- const char* handshaker_service_url, bool enable_untrusted_alts) {
- if (!enable_untrusted_alts && !grpc_alts_is_running_on_gcp()) {
- return nullptr;
- }
- auto creds = static_cast<grpc_alts_server_credentials*>(
- gpr_zalloc(sizeof(grpc_alts_server_credentials)));
- creds->options = grpc_alts_credentials_options_copy(options);
- creds->handshaker_service_url =
- handshaker_service_url == nullptr
- ? gpr_strdup(GRPC_ALTS_HANDSHAKER_SERVICE_URL)
- : gpr_strdup(handshaker_service_url);
- creds->base.type = GRPC_CREDENTIALS_TYPE_ALTS;
- creds->base.vtable = &alts_server_credentials_vtable;
- gpr_ref_init(&creds->base.refcount, 1);
- return &creds->base;
-}
-
-grpc_channel_credentials* grpc_alts_credentials_create(
- const grpc_alts_credentials_options* options) {
- return grpc_alts_credentials_create_customized(
- options, GRPC_ALTS_HANDSHAKER_SERVICE_URL, false);
-}
-
-grpc_server_credentials* grpc_alts_server_credentials_create(
- const grpc_alts_credentials_options* options) {
- return grpc_alts_server_credentials_create_customized(
- options, GRPC_ALTS_HANDSHAKER_SERVICE_URL, false);
-}
diff --git a/src/core/lib/security/credentials/alts/alts_credentials.h b/src/core/lib/security/credentials/alts/alts_credentials.h
deleted file mode 100644
index 621789cf65..0000000000
--- a/src/core/lib/security/credentials/alts/alts_credentials.h
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_ALTS_ALTS_CREDENTIALS_H
-#define GRPC_CORE_LIB_SECURITY_CREDENTIALS_ALTS_ALTS_CREDENTIALS_H
-
-#include <grpc/support/port_platform.h>
-
-#include <grpc/grpc_security.h>
-
-#include "src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h"
-#include "src/core/lib/security/credentials/credentials.h"
-
-/* Main struct for grpc ALTS channel credential. */
-typedef struct grpc_alts_credentials {
- grpc_channel_credentials base;
- grpc_alts_credentials_options* options;
- char* handshaker_service_url;
-} grpc_alts_credentials;
-
-/* Main struct for grpc ALTS server credential. */
-typedef struct grpc_alts_server_credentials {
- grpc_server_credentials base;
- grpc_alts_credentials_options* options;
- char* handshaker_service_url;
-} grpc_alts_server_credentials;
-
-/**
- * This method creates an ALTS channel credential object.
- *
- * - options: grpc ALTS credentials options instance for client.
- *
- * It returns the created ALTS channel credential object.
- */
-grpc_channel_credentials* grpc_alts_credentials_create(
- const grpc_alts_credentials_options* options);
-
-/**
- * This method creates an ALTS server credential object.
- *
- * - options: grpc ALTS credentials options instance for server.
- *
- * It returns the created ALTS server credential object.
- */
-grpc_server_credentials* grpc_alts_server_credentials_create(
- const grpc_alts_credentials_options* options);
-
-/**
- * This method creates an ALTS channel credential object with customized
- * information provided by caller.
- *
- * - options: grpc ALTS credentials options instance for client.
- * - handshaker_service_url: address of ALTS handshaker service in the format of
- * "host:port". If it's nullptr, the address of default metadata server will
- * be used.
- * - enable_untrusted_alts: a boolean flag used to enable ALTS in untrusted
- * mode. This mode can be enabled when we are sure ALTS is running on GCP or
- * for testing purpose.
- *
- * It returns nullptr if the flag is disabled AND ALTS is not running on GCP.
- * Otherwise, it returns the created credential object.
- */
-
-grpc_channel_credentials* grpc_alts_credentials_create_customized(
- const grpc_alts_credentials_options* options,
- const char* handshaker_service_url, bool enable_untrusted_alts);
-
-/**
- * This method creates an ALTS server credential object with customized
- * information provided by caller.
- *
- * - options: grpc ALTS credentials options instance for server.
- * - handshaker_service_url: address of ALTS handshaker service in the format of
- * "host:port". If it's nullptr, the address of default metadata server will
- * be used.
- * - enable_untrusted_alts: a boolean flag used to enable ALTS in untrusted
- * mode. This mode can be enabled when we are sure ALTS is running on GCP or
- * for testing purpose.
- *
- * It returns nullptr if the flag is disabled and ALTS is not running on GCP.
- * Otherwise, it returns the created credential object.
- */
-grpc_server_credentials* grpc_alts_server_credentials_create_customized(
- const grpc_alts_credentials_options* options,
- const char* handshaker_service_url, bool enable_untrusted_alts);
-
-#endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_ALTS_ALTS_CREDENTIALS_H */
diff --git a/src/core/lib/security/credentials/alts/check_gcp_environment.cc b/src/core/lib/security/credentials/alts/check_gcp_environment.cc
deleted file mode 100644
index 96807876cf..0000000000
--- a/src/core/lib/security/credentials/alts/check_gcp_environment.cc
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <grpc/support/port_platform.h>
-
-#include "src/core/lib/security/credentials/alts/check_gcp_environment.h"
-
-#include <ctype.h>
-#include <stdio.h>
-#include <string.h>
-
-#include <grpc/support/alloc.h>
-#include <grpc/support/log.h>
-
-const size_t kBiosDataBufferSize = 256;
-
-static char* trim(const char* src) {
- if (src == nullptr) {
- return nullptr;
- }
- char* des = nullptr;
- size_t start = 0, end = strlen(src) - 1;
- /* find the last character that is not a whitespace. */
- while (end != 0 && isspace(src[end])) {
- end--;
- }
- /* find the first character that is not a whitespace. */
- while (start < strlen(src) && isspace(src[start])) {
- start++;
- }
- if (start <= end) {
- des = static_cast<char*>(
- gpr_zalloc(sizeof(char) * (end - start + 2 /* '\0' */)));
- memcpy(des, src + start, end - start + 1);
- }
- return des;
-}
-
-namespace grpc_core {
-namespace internal {
-
-char* read_bios_file(const char* bios_file) {
- FILE* fp = fopen(bios_file, "r");
- if (!fp) {
- gpr_log(GPR_ERROR, "BIOS data file cannot be opened.");
- return nullptr;
- }
- char buf[kBiosDataBufferSize + 1];
- size_t ret = fread(buf, sizeof(char), kBiosDataBufferSize, fp);
- buf[ret] = '\0';
- char* trimmed_buf = trim(buf);
- fclose(fp);
- return trimmed_buf;
-}
-
-} // namespace internal
-} // namespace grpc_core
diff --git a/src/core/lib/security/credentials/alts/check_gcp_environment.h b/src/core/lib/security/credentials/alts/check_gcp_environment.h
deleted file mode 100644
index aea4cea643..0000000000
--- a/src/core/lib/security/credentials/alts/check_gcp_environment.h
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_ALTS_CHECK_GCP_ENVIRONMENT_H
-#define GRPC_CORE_LIB_SECURITY_CREDENTIALS_ALTS_CHECK_GCP_ENVIRONMENT_H
-
-namespace grpc_core {
-namespace internal {
-
-/**
- * This method is a helper function that reads a file containing system bios
- * data. Exposed for testing only.
- *
- * - bios_file: a file containing BIOS data used to determine GCE tenancy
- * information.
- *
- * It returns a buffer containing the data read from the file.
- */
-char* read_bios_file(const char* bios_file);
-
-/**
- * This method checks if system BIOS data contains Google-specific phrases.
- * Exposed for testing only.
- *
- * - bios_data: a buffer containing system BIOS data.
- *
- * It returns true if the BIOS data contains Google-specific phrases, and false
- * otherwise.
- */
-bool check_bios_data(const char* bios_data);
-
-} // namespace internal
-} // namespace grpc_core
-
-/**
- * This method checks if a VM (Windows or Linux) is running within Google
- * compute Engine (GCE) or not. It returns true if the VM is running in GCE and
- * false otherwise.
- */
-bool grpc_alts_is_running_on_gcp();
-
-#endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_ALTS_CHECK_GCP_ENVIRONMENT_H */
diff --git a/src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc b/src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc
deleted file mode 100644
index 7c4d7a71cd..0000000000
--- a/src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <grpc/support/port_platform.h>
-
-#ifdef GPR_LINUX
-
-#include "src/core/lib/security/credentials/alts/check_gcp_environment.h"
-
-#include <grpc/support/alloc.h>
-#include <grpc/support/sync.h>
-
-#include <string.h>
-
-#define GRPC_ALTS_EXPECT_NAME_GOOGLE "Google"
-#define GRPC_ALTS_EXPECT_NAME_GCE "Google Compute Engine"
-#define GRPC_ALTS_PRODUCT_NAME_FILE "/sys/class/dmi/id/product_name"
-
-static bool g_compute_engine_detection_done = false;
-static bool g_is_on_compute_engine = false;
-static gpr_mu g_mu;
-static gpr_once g_once = GPR_ONCE_INIT;
-
-namespace grpc_core {
-namespace internal {
-
-bool check_bios_data(const char* bios_data_file) {
- char* bios_data = read_bios_file(bios_data_file);
- bool result = (!strcmp(bios_data, GRPC_ALTS_EXPECT_NAME_GOOGLE)) ||
- (!strcmp(bios_data, GRPC_ALTS_EXPECT_NAME_GCE));
- gpr_free(bios_data);
- return result;
-}
-
-} // namespace internal
-} // namespace grpc_core
-
-static void init_mu(void) { gpr_mu_init(&g_mu); }
-
-bool grpc_alts_is_running_on_gcp() {
- gpr_once_init(&g_once, init_mu);
- gpr_mu_lock(&g_mu);
- if (!g_compute_engine_detection_done) {
- g_is_on_compute_engine =
- grpc_core::internal::check_bios_data(GRPC_ALTS_PRODUCT_NAME_FILE);
- g_compute_engine_detection_done = true;
- }
- gpr_mu_unlock(&g_mu);
- return g_is_on_compute_engine;
-}
-
-#endif // GPR_LINUX
diff --git a/src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc b/src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc
deleted file mode 100644
index d97681b86d..0000000000
--- a/src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <grpc/support/port_platform.h>
-
-#if !defined(GPR_LINUX) && !defined(GPR_WINDOWS)
-
-#include "src/core/lib/security/credentials/alts/check_gcp_environment.h"
-
-#include <grpc/support/log.h>
-
-bool grpc_alts_is_running_on_gcp() {
- gpr_log(GPR_ERROR,
- "Platforms other than Linux and Windows are not supported");
- return false;
-}
-
-#endif // !defined(LINUX) && !defined(GPR_WINDOWS)
diff --git a/src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc b/src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc
deleted file mode 100644
index 55efe0e9dd..0000000000
--- a/src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc
+++ /dev/null
@@ -1,114 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <grpc/support/port_platform.h>
-
-#ifdef GPR_WINDOWS
-
-#include "src/core/lib/security/credentials/alts/check_gcp_environment.h"
-
-#include <shellapi.h>
-#include <stdio.h>
-#include <tchar.h>
-#include <windows.h>
-
-#include <grpc/support/alloc.h>
-#include <grpc/support/log.h>
-#include <grpc/support/sync.h>
-
-#define GRPC_ALTS_EXPECT_NAME_GOOGLE "Google"
-#define GRPC_ALTS_WINDOWS_CHECK_COMMAND "powershell.exe"
-#define GRPC_ALTS_WINDOWS_CHECK_COMMAND_ARGS \
- "(Get-WmiObject -Class Win32_BIOS).Manufacturer"
-#define GRPC_ALTS_WINDOWS_CHECK_BIOS_FILE "windows_bios.data"
-
-const size_t kBiosDataBufferSize = 256;
-
-static bool g_compute_engine_detection_done = false;
-static bool g_is_on_compute_engine = false;
-static gpr_mu g_mu;
-static gpr_once g_once = GPR_ONCE_INIT;
-
-namespace grpc_core {
-namespace internal {
-
-bool check_bios_data(const char* bios_data_file) {
- char* bios_data = read_bios_file(bios_data_file);
- bool result = !strcmp(bios_data, GRPC_ALTS_EXPECT_NAME_GOOGLE);
- remove(GRPC_ALTS_WINDOWS_CHECK_BIOS_FILE);
- gpr_free(bios_data);
- return result;
-}
-
-} // namespace internal
-} // namespace grpc_core
-
-static void init_mu(void) { gpr_mu_init(&g_mu); }
-
-static bool run_powershell() {
- SECURITY_ATTRIBUTES sa;
- sa.nLength = sizeof(sa);
- sa.lpSecurityDescriptor = NULL;
- sa.bInheritHandle = TRUE;
- HANDLE h = CreateFile(_T(GRPC_ALTS_WINDOWS_CHECK_BIOS_FILE), GENERIC_WRITE,
- FILE_SHARE_WRITE | FILE_SHARE_READ, &sa, OPEN_ALWAYS,
- FILE_ATTRIBUTE_NORMAL, NULL);
- if (h == INVALID_HANDLE_VALUE) {
- gpr_log(GPR_ERROR, "CreateFile failed (%d).", GetLastError());
- return false;
- }
- PROCESS_INFORMATION pi;
- STARTUPINFO si;
- DWORD flags = CREATE_NO_WINDOW;
- ZeroMemory(&pi, sizeof(pi));
- ZeroMemory(&si, sizeof(si));
- si.cb = sizeof(si);
- si.dwFlags |= STARTF_USESTDHANDLES;
- si.hStdInput = NULL;
- si.hStdError = h;
- si.hStdOutput = h;
- TCHAR cmd[kBiosDataBufferSize];
- _sntprintf(cmd, kBiosDataBufferSize, _T("%s %s"),
- _T(GRPC_ALTS_WINDOWS_CHECK_COMMAND),
- _T(GRPC_ALTS_WINDOWS_CHECK_COMMAND_ARGS));
- if (!CreateProcess(NULL, cmd, NULL, NULL, TRUE, flags, NULL, NULL, &si,
- &pi)) {
- gpr_log(GPR_ERROR, "CreateProcess failed (%d).\n", GetLastError());
- return false;
- }
- WaitForSingleObject(pi.hProcess, INFINITE);
- CloseHandle(pi.hProcess);
- CloseHandle(pi.hThread);
- CloseHandle(h);
- return true;
-}
-
-bool grpc_alts_is_running_on_gcp() {
- gpr_once_init(&g_once, init_mu);
- gpr_mu_lock(&g_mu);
- if (!g_compute_engine_detection_done) {
- g_is_on_compute_engine =
- run_powershell() &&
- grpc_core::internal::check_bios_data(GRPC_ALTS_WINDOWS_CHECK_BIOS_FILE);
- g_compute_engine_detection_done = true;
- }
- gpr_mu_unlock(&g_mu);
- return g_is_on_compute_engine;
-}
-
-#endif // GPR_WINDOWS
diff --git a/src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc b/src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc
deleted file mode 100644
index 7d54e8346f..0000000000
--- a/src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc
+++ /dev/null
@@ -1,126 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <grpc/support/port_platform.h>
-
-#include <stdlib.h>
-#include <string.h>
-
-#include <grpc/support/alloc.h>
-#include <grpc/support/log.h>
-#include <grpc/support/string_util.h>
-
-#include "src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h"
-#include "src/core/tsi/alts/handshaker/transport_security_common_api.h"
-
-static grpc_alts_credentials_options* alts_client_options_copy(
- const grpc_alts_credentials_options* options);
-
-static void alts_client_options_destroy(grpc_alts_credentials_options* options);
-
-static target_service_account* target_service_account_create(
- const char* service_account) {
- if (service_account == nullptr) {
- return nullptr;
- }
- auto* sa = static_cast<target_service_account*>(
- gpr_zalloc(sizeof(target_service_account)));
- sa->data = gpr_strdup(service_account);
- return sa;
-}
-
-bool grpc_alts_credentials_client_options_add_target_service_account(
- grpc_alts_credentials_client_options* options,
- const char* service_account) {
- if (options == nullptr || service_account == nullptr) {
- gpr_log(
- GPR_ERROR,
- "Invalid nullptr arguments to "
- "grpc_alts_credentials_client_options_add_target_service_account()");
- return false;
- }
- target_service_account* node = target_service_account_create(service_account);
- node->next = options->target_account_list_head;
- options->target_account_list_head = node;
- return true;
-}
-
-static void target_service_account_destroy(
- target_service_account* service_account) {
- if (service_account == nullptr) {
- return;
- }
- gpr_free(service_account->data);
- gpr_free(service_account);
-}
-
-static const grpc_alts_credentials_options_vtable vtable = {
- alts_client_options_copy, alts_client_options_destroy};
-
-grpc_alts_credentials_options* grpc_alts_credentials_client_options_create() {
- auto client_options = static_cast<grpc_alts_credentials_client_options*>(
- gpr_zalloc(sizeof(grpc_alts_credentials_client_options)));
- client_options->base.vtable = &vtable;
- return &client_options->base;
-}
-
-static grpc_alts_credentials_options* alts_client_options_copy(
- const grpc_alts_credentials_options* options) {
- if (options == nullptr) {
- return nullptr;
- }
- grpc_alts_credentials_options* new_options =
- grpc_alts_credentials_client_options_create();
- auto new_client_options =
- reinterpret_cast<grpc_alts_credentials_client_options*>(new_options);
- /* Copy target service accounts. */
- target_service_account* prev = nullptr;
- auto node =
- (reinterpret_cast<const grpc_alts_credentials_client_options*>(options))
- ->target_account_list_head;
- while (node != nullptr) {
- target_service_account* new_node =
- target_service_account_create(node->data);
- if (prev == nullptr) {
- new_client_options->target_account_list_head = new_node;
- } else {
- prev->next = new_node;
- }
- prev = new_node;
- node = node->next;
- }
- /* Copy rpc protocol versions. */
- grpc_gcp_rpc_protocol_versions_copy(&options->rpc_versions,
- &new_options->rpc_versions);
- return new_options;
-}
-
-static void alts_client_options_destroy(
- grpc_alts_credentials_options* options) {
- if (options == nullptr) {
- return;
- }
- auto* client_options =
- reinterpret_cast<grpc_alts_credentials_client_options*>(options);
- target_service_account* node = client_options->target_account_list_head;
- while (node != nullptr) {
- target_service_account* next_node = node->next;
- target_service_account_destroy(node);
- node = next_node;
- }
-}
diff --git a/src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc b/src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc
deleted file mode 100644
index d428171540..0000000000
--- a/src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <grpc/support/port_platform.h>
-
-#include "src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h"
-
-#include <grpc/support/alloc.h>
-#include <grpc/support/log.h>
-
-grpc_alts_credentials_options* grpc_alts_credentials_options_copy(
- const grpc_alts_credentials_options* options) {
- if (options != nullptr && options->vtable != nullptr &&
- options->vtable->copy != nullptr) {
- return options->vtable->copy(options);
- }
- /* An error occurred. */
- gpr_log(GPR_ERROR,
- "Invalid arguments to grpc_alts_credentials_options_copy()");
- return nullptr;
-}
-
-void grpc_alts_credentials_options_destroy(
- grpc_alts_credentials_options* options) {
- if (options != nullptr) {
- if (options->vtable != nullptr && options->vtable->destruct != nullptr) {
- options->vtable->destruct(options);
- }
- gpr_free(options);
- }
-}
diff --git a/src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h b/src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h
deleted file mode 100644
index 4e46d9f2de..0000000000
--- a/src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h
+++ /dev/null
@@ -1,112 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_ALTS_GRPC_ALTS_CREDENTIALS_OPTIONS_H
-#define GRPC_CORE_LIB_SECURITY_CREDENTIALS_ALTS_GRPC_ALTS_CREDENTIALS_OPTIONS_H
-
-#include <grpc/support/port_platform.h>
-
-#include <stdbool.h>
-
-#include "src/core/tsi/alts/handshaker/transport_security_common_api.h"
-
-/**
- * Main interface for ALTS credentials options. The options will contain
- * information that will be passed from grpc to TSI layer such as RPC protocol
- * versions. ALTS client (channel) and server credentials will have their own
- * implementation of this interface. The APIs listed in this header are
- * thread-compatible.
- */
-typedef struct grpc_alts_credentials_options grpc_alts_credentials_options;
-
-/* V-table for grpc_alts_credentials_options */
-typedef struct grpc_alts_credentials_options_vtable {
- grpc_alts_credentials_options* (*copy)(
- const grpc_alts_credentials_options* options);
- void (*destruct)(grpc_alts_credentials_options* options);
-} grpc_alts_credentials_options_vtable;
-
-struct grpc_alts_credentials_options {
- const struct grpc_alts_credentials_options_vtable* vtable;
- grpc_gcp_rpc_protocol_versions rpc_versions;
-};
-
-typedef struct target_service_account {
- struct target_service_account* next;
- char* data;
-} target_service_account;
-
-/**
- * Main struct for ALTS client credentials options. The options contain a
- * a list of target service accounts (if specified) used for secure naming
- * check.
- */
-typedef struct grpc_alts_credentials_client_options {
- grpc_alts_credentials_options base;
- target_service_account* target_account_list_head;
-} grpc_alts_credentials_client_options;
-
-/**
- * Main struct for ALTS server credentials options. The options currently
- * do not contain any server-specific fields.
- */
-typedef struct grpc_alts_credentials_server_options {
- grpc_alts_credentials_options base;
-} grpc_alts_credentials_server_options;
-
-/**
- * This method performs a deep copy on grpc_alts_credentials_options instance.
- *
- * - options: a grpc_alts_credentials_options instance that needs to be copied.
- *
- * It returns a new grpc_alts_credentials_options instance on success and NULL
- * on failure.
- */
-grpc_alts_credentials_options* grpc_alts_credentials_options_copy(
- const grpc_alts_credentials_options* options);
-
-/**
- * This method destroys a grpc_alts_credentials_options instance by
- * de-allocating all of its occupied memory.
- *
- * - options: a grpc_alts_credentials_options instance that needs to be
- * destroyed.
- */
-void grpc_alts_credentials_options_destroy(
- grpc_alts_credentials_options* options);
-
-/* This method creates a grpc ALTS credentials client options instance. */
-grpc_alts_credentials_options* grpc_alts_credentials_client_options_create();
-
-/* This method creates a grpc ALTS credentials server options instance. */
-grpc_alts_credentials_options* grpc_alts_credentials_server_options_create();
-
-/**
- * This method adds a target service account to grpc ALTS credentials client
- * options instance.
- *
- * - options: grpc ALTS credentials client options instance.
- * - service_account: service account of target endpoint.
- *
- * It returns true on success and false on failure.
- */
-bool grpc_alts_credentials_client_options_add_target_service_account(
- grpc_alts_credentials_client_options* options, const char* service_account);
-
-#endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_ALTS_GRPC_ALTS_CREDENTIALS_OPTIONS_H \
- */
diff --git a/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc b/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc
deleted file mode 100644
index 62aa7a620a..0000000000
--- a/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <grpc/support/port_platform.h>
-
-#include <stdlib.h>
-#include <string.h>
-
-#include <grpc/support/alloc.h>
-#include <grpc/support/log.h>
-
-#include "src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h"
-#include "src/core/tsi/alts/handshaker/transport_security_common_api.h"
-
-static grpc_alts_credentials_options* alts_server_options_copy(
- const grpc_alts_credentials_options* options);
-
-static void alts_server_options_destroy(
- grpc_alts_credentials_options* options) {}
-
-static const grpc_alts_credentials_options_vtable vtable = {
- alts_server_options_copy, alts_server_options_destroy};
-
-grpc_alts_credentials_options* grpc_alts_credentials_server_options_create() {
- grpc_alts_credentials_server_options* server_options =
- static_cast<grpc_alts_credentials_server_options*>(
- gpr_zalloc(sizeof(*server_options)));
- server_options->base.vtable = &vtable;
- return &server_options->base;
-}
-
-static grpc_alts_credentials_options* alts_server_options_copy(
- const grpc_alts_credentials_options* options) {
- if (options == nullptr) {
- return nullptr;
- }
- grpc_alts_credentials_options* new_options =
- grpc_alts_credentials_server_options_create();
- /* Copy rpc protocol versions. */
- grpc_gcp_rpc_protocol_versions_copy(&options->rpc_versions,
- &new_options->rpc_versions);
- return new_options;
-}
diff --git a/src/core/lib/security/security_connector/alts_security_connector.cc b/src/core/lib/security/security_connector/alts_security_connector.cc
deleted file mode 100644
index 5ff7d7938b..0000000000
--- a/src/core/lib/security/security_connector/alts_security_connector.cc
+++ /dev/null
@@ -1,287 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <grpc/support/port_platform.h>
-
-#include "src/core/lib/security/security_connector/alts_security_connector.h"
-
-#include <stdbool.h>
-#include <string.h>
-
-#include <grpc/grpc.h>
-#include <grpc/support/alloc.h>
-#include <grpc/support/log.h>
-#include <grpc/support/string_util.h>
-
-#include "src/core/lib/security/credentials/alts/alts_credentials.h"
-#include "src/core/lib/security/transport/security_handshaker.h"
-#include "src/core/lib/transport/transport.h"
-#include "src/core/tsi/alts/handshaker/alts_tsi_handshaker.h"
-
-typedef struct {
- grpc_channel_security_connector base;
- char* target_name;
-} grpc_alts_channel_security_connector;
-
-typedef struct {
- grpc_server_security_connector base;
-} grpc_alts_server_security_connector;
-
-static void alts_channel_destroy(grpc_security_connector* sc) {
- if (sc == nullptr) {
- return;
- }
- auto c = reinterpret_cast<grpc_alts_channel_security_connector*>(sc);
- grpc_call_credentials_unref(c->base.request_metadata_creds);
- grpc_channel_credentials_unref(c->base.channel_creds);
- gpr_free(c->target_name);
- gpr_free(sc);
-}
-
-static void alts_server_destroy(grpc_security_connector* sc) {
- if (sc == nullptr) {
- return;
- }
- auto c = reinterpret_cast<grpc_alts_server_security_connector*>(sc);
- grpc_server_credentials_unref(c->base.server_creds);
- gpr_free(sc);
-}
-
-static void alts_channel_add_handshakers(
- grpc_channel_security_connector* sc,
- grpc_handshake_manager* handshake_manager) {
- tsi_handshaker* handshaker = nullptr;
- auto c = reinterpret_cast<grpc_alts_channel_security_connector*>(sc);
- grpc_alts_credentials* creds =
- reinterpret_cast<grpc_alts_credentials*>(c->base.channel_creds);
- GPR_ASSERT(alts_tsi_handshaker_create(creds->options, c->target_name,
- creds->handshaker_service_url, true,
- &handshaker) == TSI_OK);
- grpc_handshake_manager_add(handshake_manager, grpc_security_handshaker_create(
- handshaker, &sc->base));
-}
-
-static void alts_server_add_handshakers(
- grpc_server_security_connector* sc,
- grpc_handshake_manager* handshake_manager) {
- tsi_handshaker* handshaker = nullptr;
- auto c = reinterpret_cast<grpc_alts_server_security_connector*>(sc);
- grpc_alts_server_credentials* creds =
- reinterpret_cast<grpc_alts_server_credentials*>(c->base.server_creds);
- GPR_ASSERT(alts_tsi_handshaker_create(creds->options, nullptr,
- creds->handshaker_service_url, false,
- &handshaker) == TSI_OK);
- grpc_handshake_manager_add(handshake_manager, grpc_security_handshaker_create(
- handshaker, &sc->base));
-}
-
-static void alts_set_rpc_protocol_versions(
- grpc_gcp_rpc_protocol_versions* rpc_versions) {
- grpc_gcp_rpc_protocol_versions_set_max(rpc_versions,
- GRPC_PROTOCOL_VERSION_MAX_MAJOR,
- GRPC_PROTOCOL_VERSION_MAX_MINOR);
- grpc_gcp_rpc_protocol_versions_set_min(rpc_versions,
- GRPC_PROTOCOL_VERSION_MIN_MAJOR,
- GRPC_PROTOCOL_VERSION_MIN_MINOR);
-}
-
-namespace grpc_core {
-namespace internal {
-
-grpc_security_status grpc_alts_auth_context_from_tsi_peer(
- const tsi_peer* peer, grpc_auth_context** ctx) {
- if (peer == nullptr || ctx == nullptr) {
- gpr_log(GPR_ERROR,
- "Invalid arguments to grpc_alts_auth_context_from_tsi_peer()");
- return GRPC_SECURITY_ERROR;
- }
- *ctx = nullptr;
- /* Validate certificate type. */
- const tsi_peer_property* cert_type_prop =
- tsi_peer_get_property_by_name(peer, TSI_CERTIFICATE_TYPE_PEER_PROPERTY);
- if (cert_type_prop == nullptr ||
- strncmp(cert_type_prop->value.data, TSI_ALTS_CERTIFICATE_TYPE,
- cert_type_prop->value.length) != 0) {
- gpr_log(GPR_ERROR, "Invalid or missing certificate type property.");
- return GRPC_SECURITY_ERROR;
- }
- /* Validate RPC protocol versions. */
- const tsi_peer_property* rpc_versions_prop =
- tsi_peer_get_property_by_name(peer, TSI_ALTS_RPC_VERSIONS);
- if (rpc_versions_prop == nullptr) {
- gpr_log(GPR_ERROR, "Missing rpc protocol versions property.");
- return GRPC_SECURITY_ERROR;
- }
- grpc_gcp_rpc_protocol_versions local_versions, peer_versions;
- alts_set_rpc_protocol_versions(&local_versions);
- grpc_slice slice = grpc_slice_from_copied_buffer(
- rpc_versions_prop->value.data, rpc_versions_prop->value.length);
- bool decode_result =
- grpc_gcp_rpc_protocol_versions_decode(slice, &peer_versions);
- grpc_slice_unref(slice);
- if (!decode_result) {
- gpr_log(GPR_ERROR, "Invalid peer rpc protocol versions.");
- return GRPC_SECURITY_ERROR;
- }
- /* TODO: Pass highest common rpc protocol version to grpc caller. */
- bool check_result = grpc_gcp_rpc_protocol_versions_check(
- &local_versions, &peer_versions, nullptr);
- if (!check_result) {
- gpr_log(GPR_ERROR, "Mismatch of local and peer rpc protocol versions.");
- return GRPC_SECURITY_ERROR;
- }
- /* Create auth context. */
- *ctx = grpc_auth_context_create(nullptr);
- grpc_auth_context_add_cstring_property(
- *ctx, GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME,
- GRPC_ALTS_TRANSPORT_SECURITY_TYPE);
- size_t i = 0;
- for (i = 0; i < peer->property_count; i++) {
- const tsi_peer_property* tsi_prop = &peer->properties[i];
- /* Add service account to auth context. */
- if (strcmp(tsi_prop->name, TSI_ALTS_SERVICE_ACCOUNT_PEER_PROPERTY) == 0) {
- grpc_auth_context_add_property(
- *ctx, TSI_ALTS_SERVICE_ACCOUNT_PEER_PROPERTY, tsi_prop->value.data,
- tsi_prop->value.length);
- GPR_ASSERT(grpc_auth_context_set_peer_identity_property_name(
- *ctx, TSI_ALTS_SERVICE_ACCOUNT_PEER_PROPERTY) == 1);
- }
- }
- if (!grpc_auth_context_peer_is_authenticated(*ctx)) {
- gpr_log(GPR_ERROR, "Invalid unauthenticated peer.");
- GRPC_AUTH_CONTEXT_UNREF(*ctx, "test");
- *ctx = nullptr;
- return GRPC_SECURITY_ERROR;
- }
- return GRPC_SECURITY_OK;
-}
-
-} // namespace internal
-} // namespace grpc_core
-
-static void alts_check_peer(grpc_security_connector* sc, tsi_peer peer,
- grpc_auth_context** auth_context,
- grpc_closure* on_peer_checked) {
- grpc_security_status status;
- status = grpc_core::internal::grpc_alts_auth_context_from_tsi_peer(
- &peer, auth_context);
- tsi_peer_destruct(&peer);
- grpc_error* error =
- status == GRPC_SECURITY_OK
- ? GRPC_ERROR_NONE
- : GRPC_ERROR_CREATE_FROM_STATIC_STRING(
- "Could not get ALTS auth context from TSI peer");
- GRPC_CLOSURE_SCHED(on_peer_checked, error);
-}
-
-static int alts_channel_cmp(grpc_security_connector* sc1,
- grpc_security_connector* sc2) {
- grpc_alts_channel_security_connector* c1 =
- reinterpret_cast<grpc_alts_channel_security_connector*>(sc1);
- grpc_alts_channel_security_connector* c2 =
- reinterpret_cast<grpc_alts_channel_security_connector*>(sc2);
- int c = grpc_channel_security_connector_cmp(&c1->base, &c2->base);
- if (c != 0) return c;
- return strcmp(c1->target_name, c2->target_name);
-}
-
-static int alts_server_cmp(grpc_security_connector* sc1,
- grpc_security_connector* sc2) {
- grpc_alts_server_security_connector* c1 =
- reinterpret_cast<grpc_alts_server_security_connector*>(sc1);
- grpc_alts_server_security_connector* c2 =
- reinterpret_cast<grpc_alts_server_security_connector*>(sc2);
- return grpc_server_security_connector_cmp(&c1->base, &c2->base);
-}
-
-static grpc_security_connector_vtable alts_channel_vtable = {
- alts_channel_destroy, alts_check_peer, alts_channel_cmp};
-
-static grpc_security_connector_vtable alts_server_vtable = {
- alts_server_destroy, alts_check_peer, alts_server_cmp};
-
-static bool alts_check_call_host(grpc_channel_security_connector* sc,
- const char* host,
- grpc_auth_context* auth_context,
- grpc_closure* on_call_host_checked,
- grpc_error** error) {
- grpc_alts_channel_security_connector* alts_sc =
- reinterpret_cast<grpc_alts_channel_security_connector*>(sc);
- if (host == nullptr || alts_sc == nullptr ||
- strcmp(host, alts_sc->target_name) != 0) {
- *error = GRPC_ERROR_CREATE_FROM_STATIC_STRING(
- "ALTS call host does not match target name");
- }
- return true;
-}
-
-static void alts_cancel_check_call_host(grpc_channel_security_connector* sc,
- grpc_closure* on_call_host_checked,
- grpc_error* error) {
- GRPC_ERROR_UNREF(error);
-}
-
-grpc_security_status grpc_alts_channel_security_connector_create(
- grpc_channel_credentials* channel_creds,
- grpc_call_credentials* request_metadata_creds, const char* target_name,
- grpc_channel_security_connector** sc) {
- if (channel_creds == nullptr || sc == nullptr || target_name == nullptr) {
- gpr_log(
- GPR_ERROR,
- "Invalid arguments to grpc_alts_channel_security_connector_create()");
- return GRPC_SECURITY_ERROR;
- }
- auto c = static_cast<grpc_alts_channel_security_connector*>(
- gpr_zalloc(sizeof(grpc_alts_channel_security_connector)));
- gpr_ref_init(&c->base.base.refcount, 1);
- c->base.base.vtable = &alts_channel_vtable;
- c->base.add_handshakers = alts_channel_add_handshakers;
- c->base.channel_creds = grpc_channel_credentials_ref(channel_creds);
- c->base.request_metadata_creds =
- grpc_call_credentials_ref(request_metadata_creds);
- c->base.check_call_host = alts_check_call_host;
- c->base.cancel_check_call_host = alts_cancel_check_call_host;
- grpc_alts_credentials* creds =
- reinterpret_cast<grpc_alts_credentials*>(c->base.channel_creds);
- alts_set_rpc_protocol_versions(&creds->options->rpc_versions);
- c->target_name = gpr_strdup(target_name);
- *sc = &c->base;
- return GRPC_SECURITY_OK;
-}
-
-grpc_security_status grpc_alts_server_security_connector_create(
- grpc_server_credentials* server_creds,
- grpc_server_security_connector** sc) {
- if (server_creds == nullptr || sc == nullptr) {
- gpr_log(
- GPR_ERROR,
- "Invalid arguments to grpc_alts_server_security_connector_create()");
- return GRPC_SECURITY_ERROR;
- }
- auto c = static_cast<grpc_alts_server_security_connector*>(
- gpr_zalloc(sizeof(grpc_alts_server_security_connector)));
- gpr_ref_init(&c->base.base.refcount, 1);
- c->base.base.vtable = &alts_server_vtable;
- c->base.server_creds = grpc_server_credentials_ref(server_creds);
- c->base.add_handshakers = alts_server_add_handshakers;
- grpc_alts_server_credentials* creds =
- reinterpret_cast<grpc_alts_server_credentials*>(c->base.server_creds);
- alts_set_rpc_protocol_versions(&creds->options->rpc_versions);
- *sc = &c->base;
- return GRPC_SECURITY_OK;
-}
diff --git a/src/core/lib/security/security_connector/alts_security_connector.h b/src/core/lib/security/security_connector/alts_security_connector.h
deleted file mode 100644
index e7e4cffe2a..0000000000
--- a/src/core/lib/security/security_connector/alts_security_connector.h
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#ifndef GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_ALTS_SECURITY_CONNECTOR_H
-#define GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_ALTS_SECURITY_CONNECTOR_H
-
-#include <grpc/support/port_platform.h>
-
-#include "src/core/lib/security/context/security_context.h"
-#include "src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h"
-
-#define GRPC_ALTS_TRANSPORT_SECURITY_TYPE "alts"
-
-/**
- * This method creates an ALTS channel security connector.
- *
- * - channel_creds: channel credential instance.
- * - request_metadata_creds: credential object which will be sent with each
- * request. This parameter can be nullptr.
- * - target_name: the name of the endpoint that the channel is connecting to.
- * - sc: address of ALTS channel security connector instance to be returned from
- * the method.
- *
- * It returns GRPC_SECURITY_OK on success, and an error stauts code on failure.
- */
-grpc_security_status grpc_alts_channel_security_connector_create(
- grpc_channel_credentials* channel_creds,
- grpc_call_credentials* request_metadata_creds, const char* target_name,
- grpc_channel_security_connector** sc);
-
-/**
- * This method creates an ALTS server security connector.
- *
- * - server_creds: server credential instance.
- * - sc: address of ALTS server security connector instance to be returned from
- * the method.
- *
- * It returns GRPC_SECURITY_OK on success, and an error status code on failure.
- */
-grpc_security_status grpc_alts_server_security_connector_create(
- grpc_server_credentials* server_creds, grpc_server_security_connector** sc);
-
-namespace grpc_core {
-namespace internal {
-
-/* Exposed only for testing. */
-grpc_security_status grpc_alts_auth_context_from_tsi_peer(
- const tsi_peer* peer, grpc_auth_context** ctx);
-
-} // namespace internal
-} // namespace grpc_core
-
-#endif /* GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_ALTS_SECURITY_CONNECTOR_H \
- */
diff --git a/src/core/plugin_registry/grpc_plugin_registry.cc b/src/core/plugin_registry/grpc_plugin_registry.cc
index 6f11e6bb5b..ccf5f79a8e 100644
--- a/src/core/plugin_registry/grpc_plugin_registry.cc
+++ b/src/core/plugin_registry/grpc_plugin_registry.cc
@@ -24,12 +24,12 @@ void grpc_http_filters_init(void);
void grpc_http_filters_shutdown(void);
void grpc_chttp2_plugin_init(void);
void grpc_chttp2_plugin_shutdown(void);
+void grpc_tsi_alts_init(void);
+void grpc_tsi_alts_shutdown(void);
void grpc_deadline_filter_init(void);
void grpc_deadline_filter_shutdown(void);
void grpc_client_channel_init(void);
void grpc_client_channel_shutdown(void);
-void grpc_tsi_alts_init(void);
-void grpc_tsi_alts_shutdown(void);
void grpc_inproc_plugin_init(void);
void grpc_inproc_plugin_shutdown(void);
void grpc_resolver_fake_init(void);
@@ -60,12 +60,12 @@ void grpc_register_built_in_plugins(void) {
grpc_http_filters_shutdown);
grpc_register_plugin(grpc_chttp2_plugin_init,
grpc_chttp2_plugin_shutdown);
+ grpc_register_plugin(grpc_tsi_alts_init,
+ grpc_tsi_alts_shutdown);
grpc_register_plugin(grpc_deadline_filter_init,
grpc_deadline_filter_shutdown);
grpc_register_plugin(grpc_client_channel_init,
grpc_client_channel_shutdown);
- grpc_register_plugin(grpc_tsi_alts_init,
- grpc_tsi_alts_shutdown);
grpc_register_plugin(grpc_inproc_plugin_init,
grpc_inproc_plugin_shutdown);
grpc_register_plugin(grpc_resolver_fake_init,
diff --git a/src/core/tsi/alts/crypt/aes_gcm.cc b/src/core/tsi/alts/crypt/aes_gcm.cc
deleted file mode 100644
index 02b1ac4492..0000000000
--- a/src/core/tsi/alts/crypt/aes_gcm.cc
+++ /dev/null
@@ -1,687 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <grpc/support/port_platform.h>
-
-#include "src/core/tsi/alts/crypt/gsec.h"
-
-#include <openssl/bio.h>
-#include <openssl/buffer.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include <string.h>
-
-#include <grpc/support/alloc.h>
-
-constexpr size_t kKdfKeyLen = 32;
-constexpr size_t kKdfCounterLen = 6;
-constexpr size_t kKdfCounterOffset = 2;
-constexpr size_t kRekeyAeadKeyLen = kAes128GcmKeyLength;
-
-/* Struct for additional data required if rekeying is enabled. */
-struct gsec_aes_gcm_aead_rekey_data {
- uint8_t kdf_counter[kKdfCounterLen];
- uint8_t nonce_mask[kAesGcmNonceLength];
-};
-
-/* Main struct for AES_GCM crypter interface. */
-struct gsec_aes_gcm_aead_crypter {
- gsec_aead_crypter crypter;
- size_t key_length;
- size_t nonce_length;
- size_t tag_length;
- uint8_t* key;
- gsec_aes_gcm_aead_rekey_data* rekey_data;
- EVP_CIPHER_CTX* ctx;
-};
-
-static char* aes_gcm_get_openssl_errors() {
- BIO* bio = BIO_new(BIO_s_mem());
- ERR_print_errors(bio);
- BUF_MEM* mem = nullptr;
- char* error_msg = nullptr;
- BIO_get_mem_ptr(bio, &mem);
- if (mem != nullptr) {
- error_msg = static_cast<char*>(gpr_malloc(mem->length + 1));
- memcpy(error_msg, mem->data, mem->length);
- error_msg[mem->length] = '\0';
- }
- BIO_free_all(bio);
- return error_msg;
-}
-
-static void aes_gcm_format_errors(const char* error_msg, char** error_details) {
- if (error_details == nullptr) {
- return;
- }
- unsigned long error = ERR_get_error();
- if (error == 0 && error_msg != nullptr) {
- *error_details = static_cast<char*>(gpr_malloc(strlen(error_msg) + 1));
- memcpy(*error_details, error_msg, strlen(error_msg) + 1);
- return;
- }
- char* openssl_errors = aes_gcm_get_openssl_errors();
- if (openssl_errors != nullptr && error_msg != nullptr) {
- size_t len = strlen(error_msg) + strlen(openssl_errors) + 2; /* ", " */
- *error_details = static_cast<char*>(gpr_malloc(len + 1));
- snprintf(*error_details, len + 1, "%s, %s", error_msg, openssl_errors);
- gpr_free(openssl_errors);
- }
-}
-
-static grpc_status_code gsec_aes_gcm_aead_crypter_max_ciphertext_and_tag_length(
- const gsec_aead_crypter* crypter, size_t plaintext_length,
- size_t* max_ciphertext_and_tag_length, char** error_details) {
- if (max_ciphertext_and_tag_length == nullptr) {
- aes_gcm_format_errors("max_ciphertext_and_tag_length is nullptr.",
- error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- gsec_aes_gcm_aead_crypter* aes_gcm_crypter =
- reinterpret_cast<gsec_aes_gcm_aead_crypter*>(
- const_cast<gsec_aead_crypter*>(crypter));
- *max_ciphertext_and_tag_length =
- plaintext_length + aes_gcm_crypter->tag_length;
- return GRPC_STATUS_OK;
-}
-
-static grpc_status_code gsec_aes_gcm_aead_crypter_max_plaintext_length(
- const gsec_aead_crypter* crypter, size_t ciphertext_and_tag_length,
- size_t* max_plaintext_length, char** error_details) {
- if (max_plaintext_length == nullptr) {
- aes_gcm_format_errors("max_plaintext_length is nullptr.", error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- gsec_aes_gcm_aead_crypter* aes_gcm_crypter =
- reinterpret_cast<gsec_aes_gcm_aead_crypter*>(
- const_cast<gsec_aead_crypter*>(crypter));
- if (ciphertext_and_tag_length < aes_gcm_crypter->tag_length) {
- *max_plaintext_length = 0;
- aes_gcm_format_errors(
- "ciphertext_and_tag_length is smaller than tag_length.", error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- *max_plaintext_length =
- ciphertext_and_tag_length - aes_gcm_crypter->tag_length;
- return GRPC_STATUS_OK;
-}
-
-static grpc_status_code gsec_aes_gcm_aead_crypter_nonce_length(
- const gsec_aead_crypter* crypter, size_t* nonce_length,
- char** error_details) {
- if (nonce_length == nullptr) {
- aes_gcm_format_errors("nonce_length is nullptr.", error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- gsec_aes_gcm_aead_crypter* aes_gcm_crypter =
- reinterpret_cast<gsec_aes_gcm_aead_crypter*>(
- const_cast<gsec_aead_crypter*>(crypter));
- *nonce_length = aes_gcm_crypter->nonce_length;
- return GRPC_STATUS_OK;
-}
-
-static grpc_status_code gsec_aes_gcm_aead_crypter_key_length(
- const gsec_aead_crypter* crypter, size_t* key_length,
- char** error_details) {
- if (key_length == nullptr) {
- aes_gcm_format_errors("key_length is nullptr.", error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- gsec_aes_gcm_aead_crypter* aes_gcm_crypter =
- reinterpret_cast<gsec_aes_gcm_aead_crypter*>(
- const_cast<gsec_aead_crypter*>(crypter));
- *key_length = aes_gcm_crypter->key_length;
- return GRPC_STATUS_OK;
-}
-
-static grpc_status_code gsec_aes_gcm_aead_crypter_tag_length(
- const gsec_aead_crypter* crypter, size_t* tag_length,
- char** error_details) {
- if (tag_length == nullptr) {
- aes_gcm_format_errors("tag_length is nullptr.", error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- gsec_aes_gcm_aead_crypter* aes_gcm_crypter =
- reinterpret_cast<gsec_aes_gcm_aead_crypter*>(
- const_cast<gsec_aead_crypter*>(crypter));
- *tag_length = aes_gcm_crypter->tag_length;
- return GRPC_STATUS_OK;
-}
-
-static void aes_gcm_mask_nonce(uint8_t* dst, const uint8_t* nonce,
- const uint8_t* mask) {
- uint64_t mask1;
- uint32_t mask2;
- memcpy(&mask1, mask, sizeof(mask1));
- memcpy(&mask2, mask + sizeof(mask1), sizeof(mask2));
- uint64_t nonce1;
- uint32_t nonce2;
- memcpy(&nonce1, nonce, sizeof(nonce1));
- memcpy(&nonce2, nonce + sizeof(nonce1), sizeof(nonce2));
- nonce1 ^= mask1;
- nonce2 ^= mask2;
- memcpy(dst, &nonce1, sizeof(nonce1));
- memcpy(dst + sizeof(nonce1), &nonce2, sizeof(nonce2));
-}
-
-static grpc_status_code aes_gcm_derive_aead_key(uint8_t* dst,
- const uint8_t* kdf_key,
- const uint8_t* kdf_counter) {
- unsigned char buf[EVP_MAX_MD_SIZE];
- unsigned char ctr = 1;
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
- HMAC_CTX hmac;
- HMAC_CTX_init(&hmac);
- if (!HMAC_Init_ex(&hmac, kdf_key, kKdfKeyLen, EVP_sha256(), nullptr) ||
- !HMAC_Update(&hmac, kdf_counter, kKdfCounterLen) ||
- !HMAC_Update(&hmac, &ctr, 1) || !HMAC_Final(&hmac, buf, nullptr)) {
- HMAC_CTX_cleanup(&hmac);
- return GRPC_STATUS_INTERNAL;
- }
- HMAC_CTX_cleanup(&hmac);
-#else
- HMAC_CTX* hmac = HMAC_CTX_new();
- if (hmac == nullptr) {
- return GRPC_STATUS_INTERNAL;
- }
- if (!HMAC_Init_ex(hmac, kdf_key, kKdfKeyLen, EVP_sha256(), nullptr) ||
- !HMAC_Update(hmac, kdf_counter, kKdfCounterLen) ||
- !HMAC_Update(hmac, &ctr, 1) || !HMAC_Final(hmac, buf, nullptr)) {
- HMAC_CTX_free(hmac);
- return GRPC_STATUS_INTERNAL;
- }
- HMAC_CTX_free(hmac);
-#endif
- memcpy(dst, buf, kRekeyAeadKeyLen);
- return GRPC_STATUS_OK;
-}
-
-static grpc_status_code aes_gcm_rekey_if_required(
- gsec_aes_gcm_aead_crypter* aes_gcm_crypter, const uint8_t* nonce,
- char** error_details) {
- // If rekey_data is nullptr, then rekeying is not supported and not required.
- // If bytes 2-7 of kdf_counter differ from the (per message) nonce, then the
- // encryption key is recomputed from a new kdf_counter to ensure that we don't
- // encrypt more than 2^16 messages per encryption key (in each direction).
- if (aes_gcm_crypter->rekey_data == nullptr ||
- memcmp(aes_gcm_crypter->rekey_data->kdf_counter,
- nonce + kKdfCounterOffset, kKdfCounterLen) == 0) {
- return GRPC_STATUS_OK;
- }
- memcpy(aes_gcm_crypter->rekey_data->kdf_counter, nonce + kKdfCounterOffset,
- kKdfCounterLen);
- uint8_t aead_key[kRekeyAeadKeyLen];
- if (aes_gcm_derive_aead_key(aead_key, aes_gcm_crypter->key,
- aes_gcm_crypter->rekey_data->kdf_counter) !=
- GRPC_STATUS_OK) {
- aes_gcm_format_errors("Rekeying failed in key derivation.", error_details);
- return GRPC_STATUS_INTERNAL;
- }
- if (!EVP_DecryptInit_ex(aes_gcm_crypter->ctx, nullptr, nullptr, aead_key,
- nullptr)) {
- aes_gcm_format_errors("Rekeying failed in context update.", error_details);
- return GRPC_STATUS_INTERNAL;
- }
- return GRPC_STATUS_OK;
-}
-
-static grpc_status_code gsec_aes_gcm_aead_crypter_encrypt_iovec(
- gsec_aead_crypter* crypter, const uint8_t* nonce, size_t nonce_length,
- const struct iovec* aad_vec, size_t aad_vec_length,
- const struct iovec* plaintext_vec, size_t plaintext_vec_length,
- struct iovec ciphertext_vec, size_t* ciphertext_bytes_written,
- char** error_details) {
- gsec_aes_gcm_aead_crypter* aes_gcm_crypter =
- reinterpret_cast<gsec_aes_gcm_aead_crypter*>(crypter);
- // Input checks
- if (nonce == nullptr) {
- aes_gcm_format_errors("Nonce buffer is nullptr.", error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- if (kAesGcmNonceLength != nonce_length) {
- aes_gcm_format_errors("Nonce buffer has the wrong length.", error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- if (aad_vec_length > 0 && aad_vec == nullptr) {
- aes_gcm_format_errors("Non-zero aad_vec_length but aad_vec is nullptr.",
- error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- if (plaintext_vec_length > 0 && plaintext_vec == nullptr) {
- aes_gcm_format_errors(
- "Non-zero plaintext_vec_length but plaintext_vec is nullptr.",
- error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- if (ciphertext_bytes_written == nullptr) {
- aes_gcm_format_errors("bytes_written is nullptr.", error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- *ciphertext_bytes_written = 0;
- // rekey if required
- if (aes_gcm_rekey_if_required(aes_gcm_crypter, nonce, error_details) !=
- GRPC_STATUS_OK) {
- return GRPC_STATUS_INTERNAL;
- }
- // mask nonce if required
- const uint8_t* nonce_aead = nonce;
- uint8_t nonce_masked[kAesGcmNonceLength];
- if (aes_gcm_crypter->rekey_data != nullptr) {
- aes_gcm_mask_nonce(nonce_masked, aes_gcm_crypter->rekey_data->nonce_mask,
- nonce);
- nonce_aead = nonce_masked;
- }
- // init openssl context
- if (!EVP_EncryptInit_ex(aes_gcm_crypter->ctx, nullptr, nullptr, nullptr,
- nonce_aead)) {
- aes_gcm_format_errors("Initializing nonce failed", error_details);
- return GRPC_STATUS_INTERNAL;
- }
- // process aad
- size_t i;
- for (i = 0; i < aad_vec_length; i++) {
- const uint8_t* aad = static_cast<uint8_t*>(aad_vec[i].iov_base);
- size_t aad_length = aad_vec[i].iov_len;
- if (aad_length == 0) {
- continue;
- }
- size_t aad_bytes_read = 0;
- if (aad == nullptr) {
- aes_gcm_format_errors("aad is nullptr.", error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- if (!EVP_EncryptUpdate(aes_gcm_crypter->ctx, nullptr,
- reinterpret_cast<int*>(&aad_bytes_read), aad,
- static_cast<int>(aad_length)) ||
- aad_bytes_read != aad_length) {
- aes_gcm_format_errors("Setting authenticated associated data failed",
- error_details);
- return GRPC_STATUS_INTERNAL;
- }
- }
- uint8_t* ciphertext = static_cast<uint8_t*>(ciphertext_vec.iov_base);
- size_t ciphertext_length = ciphertext_vec.iov_len;
- if (ciphertext == nullptr) {
- aes_gcm_format_errors("ciphertext is nullptr.", error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- // process plaintext
- for (i = 0; i < plaintext_vec_length; i++) {
- const uint8_t* plaintext = static_cast<uint8_t*>(plaintext_vec[i].iov_base);
- size_t plaintext_length = plaintext_vec[i].iov_len;
- if (plaintext == nullptr) {
- if (plaintext_length == 0) {
- continue;
- }
- aes_gcm_format_errors("plaintext is nullptr.", error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- if (ciphertext_length < plaintext_length) {
- aes_gcm_format_errors(
- "ciphertext is not large enough to hold the result.", error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- int bytes_written = 0;
- int bytes_to_write = static_cast<int>(plaintext_length);
- if (!EVP_EncryptUpdate(aes_gcm_crypter->ctx, ciphertext, &bytes_written,
- plaintext, bytes_to_write)) {
- aes_gcm_format_errors("Encrypting plaintext failed.", error_details);
- return GRPC_STATUS_INTERNAL;
- }
- if (bytes_written > bytes_to_write) {
- aes_gcm_format_errors("More bytes written than expected.", error_details);
- return GRPC_STATUS_INTERNAL;
- }
- ciphertext += bytes_written;
- ciphertext_length -= bytes_written;
- }
- int bytes_written_temp = 0;
- if (!EVP_EncryptFinal_ex(aes_gcm_crypter->ctx, nullptr,
- &bytes_written_temp)) {
- aes_gcm_format_errors("Finalizing encryption failed.", error_details);
- return GRPC_STATUS_INTERNAL;
- }
- if (bytes_written_temp != 0) {
- aes_gcm_format_errors("Openssl wrote some unexpected bytes.",
- error_details);
- return GRPC_STATUS_INTERNAL;
- }
- if (ciphertext_length < kAesGcmTagLength) {
- aes_gcm_format_errors("ciphertext is too small to hold a tag.",
- error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
-
- if (!EVP_CIPHER_CTX_ctrl(aes_gcm_crypter->ctx, EVP_CTRL_GCM_GET_TAG,
- kAesGcmTagLength, ciphertext)) {
- aes_gcm_format_errors("Writing tag failed.", error_details);
- return GRPC_STATUS_INTERNAL;
- }
- ciphertext += kAesGcmTagLength;
- ciphertext_length -= kAesGcmTagLength;
- *ciphertext_bytes_written = ciphertext_vec.iov_len - ciphertext_length;
- return GRPC_STATUS_OK;
-}
-
-static grpc_status_code gsec_aes_gcm_aead_crypter_decrypt_iovec(
- gsec_aead_crypter* crypter, const uint8_t* nonce, size_t nonce_length,
- const struct iovec* aad_vec, size_t aad_vec_length,
- const struct iovec* ciphertext_vec, size_t ciphertext_vec_length,
- struct iovec plaintext_vec, size_t* plaintext_bytes_written,
- char** error_details) {
- gsec_aes_gcm_aead_crypter* aes_gcm_crypter =
- reinterpret_cast<gsec_aes_gcm_aead_crypter*>(
- const_cast<gsec_aead_crypter*>(crypter));
- if (nonce == nullptr) {
- aes_gcm_format_errors("Nonce buffer is nullptr.", error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- if (kAesGcmNonceLength != nonce_length) {
- aes_gcm_format_errors("Nonce buffer has the wrong length.", error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- if (aad_vec_length > 0 && aad_vec == nullptr) {
- aes_gcm_format_errors("Non-zero aad_vec_length but aad_vec is nullptr.",
- error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- if (ciphertext_vec_length > 0 && ciphertext_vec == nullptr) {
- aes_gcm_format_errors(
- "Non-zero plaintext_vec_length but plaintext_vec is nullptr.",
- error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- // Compute the total length so we can ensure we don't pass the tag into
- // EVP_decrypt.
- size_t total_ciphertext_length = 0;
- size_t i;
- for (i = 0; i < ciphertext_vec_length; i++) {
- total_ciphertext_length += ciphertext_vec[i].iov_len;
- }
- if (total_ciphertext_length < kAesGcmTagLength) {
- aes_gcm_format_errors("ciphertext is too small to hold a tag.",
- error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- if (plaintext_bytes_written == nullptr) {
- aes_gcm_format_errors("bytes_written is nullptr.", error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- *plaintext_bytes_written = 0;
- // rekey if required
- if (aes_gcm_rekey_if_required(aes_gcm_crypter, nonce, error_details) !=
- GRPC_STATUS_OK) {
- aes_gcm_format_errors("Rekeying failed.", error_details);
- return GRPC_STATUS_INTERNAL;
- }
- // mask nonce if required
- const uint8_t* nonce_aead = nonce;
- uint8_t nonce_masked[kAesGcmNonceLength];
- if (aes_gcm_crypter->rekey_data != nullptr) {
- aes_gcm_mask_nonce(nonce_masked, aes_gcm_crypter->rekey_data->nonce_mask,
- nonce);
- nonce_aead = nonce_masked;
- }
- // init openssl context
- if (!EVP_DecryptInit_ex(aes_gcm_crypter->ctx, nullptr, nullptr, nullptr,
- nonce_aead)) {
- aes_gcm_format_errors("Initializing nonce failed.", error_details);
- return GRPC_STATUS_INTERNAL;
- }
- // process aad
- for (i = 0; i < aad_vec_length; i++) {
- const uint8_t* aad = static_cast<uint8_t*>(aad_vec[i].iov_base);
- size_t aad_length = aad_vec[i].iov_len;
- if (aad_length == 0) {
- continue;
- }
- size_t aad_bytes_read = 0;
- if (aad == nullptr) {
- aes_gcm_format_errors("aad is nullptr.", error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- if (!EVP_DecryptUpdate(aes_gcm_crypter->ctx, nullptr,
- reinterpret_cast<int*>(&aad_bytes_read), aad,
- static_cast<int>(aad_length)) ||
- aad_bytes_read != aad_length) {
- aes_gcm_format_errors("Setting authenticated associated data failed.",
- error_details);
- return GRPC_STATUS_INTERNAL;
- }
- }
- // process ciphertext
- uint8_t* plaintext = static_cast<uint8_t*>(plaintext_vec.iov_base);
- size_t plaintext_length = plaintext_vec.iov_len;
- if (plaintext_length > 0 && plaintext == nullptr) {
- aes_gcm_format_errors(
- "plaintext is nullptr, but plaintext_length is positive.",
- error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- const uint8_t* ciphertext = nullptr;
- size_t ciphertext_length = 0;
- for (i = 0;
- i < ciphertext_vec_length && total_ciphertext_length > kAesGcmTagLength;
- i++) {
- ciphertext = static_cast<uint8_t*>(ciphertext_vec[i].iov_base);
- ciphertext_length = ciphertext_vec[i].iov_len;
- if (ciphertext == nullptr) {
- if (ciphertext_length == 0) {
- continue;
- }
- aes_gcm_format_errors("ciphertext is nullptr.", error_details);
- memset(plaintext_vec.iov_base, 0x00, plaintext_vec.iov_len);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- size_t bytes_written = 0;
- size_t bytes_to_write = ciphertext_length;
- // Don't include the tag
- if (bytes_to_write > total_ciphertext_length - kAesGcmTagLength) {
- bytes_to_write = total_ciphertext_length - kAesGcmTagLength;
- }
- if (plaintext_length < bytes_to_write) {
- aes_gcm_format_errors(
- "Not enough plaintext buffer to hold encrypted ciphertext.",
- error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- if (!EVP_DecryptUpdate(aes_gcm_crypter->ctx, plaintext,
- reinterpret_cast<int*>(&bytes_written), ciphertext,
- static_cast<int>(bytes_to_write))) {
- aes_gcm_format_errors("Decrypting ciphertext failed.", error_details);
- memset(plaintext_vec.iov_base, 0x00, plaintext_vec.iov_len);
- return GRPC_STATUS_INTERNAL;
- }
- if (bytes_written > ciphertext_length) {
- aes_gcm_format_errors("More bytes written than expected.", error_details);
- memset(plaintext_vec.iov_base, 0x00, plaintext_vec.iov_len);
- return GRPC_STATUS_INTERNAL;
- }
- ciphertext += bytes_written;
- ciphertext_length -= bytes_written;
- total_ciphertext_length -= bytes_written;
- plaintext += bytes_written;
- plaintext_length -= bytes_written;
- }
- if (total_ciphertext_length > kAesGcmTagLength) {
- aes_gcm_format_errors(
- "Not enough plaintext buffer to hold encrypted ciphertext.",
- error_details);
- memset(plaintext_vec.iov_base, 0x00, plaintext_vec.iov_len);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- uint8_t tag[kAesGcmTagLength];
- uint8_t* tag_tmp = tag;
- if (ciphertext_length > 0) {
- memcpy(tag_tmp, ciphertext, ciphertext_length);
- tag_tmp += ciphertext_length;
- total_ciphertext_length -= ciphertext_length;
- }
- for (; i < ciphertext_vec_length; i++) {
- ciphertext = static_cast<uint8_t*>(ciphertext_vec[i].iov_base);
- ciphertext_length = ciphertext_vec[i].iov_len;
- if (ciphertext == nullptr) {
- if (ciphertext_length == 0) {
- continue;
- }
- aes_gcm_format_errors("ciphertext is nullptr.", error_details);
- memset(plaintext_vec.iov_base, 0x00, plaintext_vec.iov_len);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- memcpy(tag_tmp, ciphertext, ciphertext_length);
- tag_tmp += ciphertext_length;
- total_ciphertext_length -= ciphertext_length;
- }
- if (!EVP_CIPHER_CTX_ctrl(aes_gcm_crypter->ctx, EVP_CTRL_GCM_SET_TAG,
- kAesGcmTagLength, reinterpret_cast<void*>(tag))) {
- aes_gcm_format_errors("Setting tag failed.", error_details);
- memset(plaintext_vec.iov_base, 0x00, plaintext_vec.iov_len);
- return GRPC_STATUS_INTERNAL;
- }
- int bytes_written_temp = 0;
- if (!EVP_DecryptFinal_ex(aes_gcm_crypter->ctx, nullptr,
- &bytes_written_temp)) {
- aes_gcm_format_errors("Checking tag failed.", error_details);
- memset(plaintext_vec.iov_base, 0x00, plaintext_vec.iov_len);
- return GRPC_STATUS_FAILED_PRECONDITION;
- }
- if (bytes_written_temp != 0) {
- aes_gcm_format_errors("Openssl wrote some unexpected bytes.",
- error_details);
- memset(plaintext_vec.iov_base, 0x00, plaintext_vec.iov_len);
- return GRPC_STATUS_INTERNAL;
- }
- *plaintext_bytes_written = plaintext_vec.iov_len - plaintext_length;
- return GRPC_STATUS_OK;
-}
-
-static void gsec_aes_gcm_aead_crypter_destroy(gsec_aead_crypter* crypter) {
- gsec_aes_gcm_aead_crypter* aes_gcm_crypter =
- reinterpret_cast<gsec_aes_gcm_aead_crypter*>(
- const_cast<gsec_aead_crypter*>(crypter));
- gpr_free(aes_gcm_crypter->key);
- gpr_free(aes_gcm_crypter->rekey_data);
- EVP_CIPHER_CTX_free(aes_gcm_crypter->ctx);
-}
-
-static const gsec_aead_crypter_vtable vtable = {
- gsec_aes_gcm_aead_crypter_encrypt_iovec,
- gsec_aes_gcm_aead_crypter_decrypt_iovec,
- gsec_aes_gcm_aead_crypter_max_ciphertext_and_tag_length,
- gsec_aes_gcm_aead_crypter_max_plaintext_length,
- gsec_aes_gcm_aead_crypter_nonce_length,
- gsec_aes_gcm_aead_crypter_key_length,
- gsec_aes_gcm_aead_crypter_tag_length,
- gsec_aes_gcm_aead_crypter_destroy};
-
-static grpc_status_code aes_gcm_new_evp_cipher_ctx(
- gsec_aes_gcm_aead_crypter* aes_gcm_crypter, char** error_details) {
- const EVP_CIPHER* cipher = nullptr;
- bool is_rekey = aes_gcm_crypter->rekey_data != nullptr;
- switch (is_rekey ? kRekeyAeadKeyLen : aes_gcm_crypter->key_length) {
- case kAes128GcmKeyLength:
- cipher = EVP_aes_128_gcm();
- break;
- case kAes256GcmKeyLength:
- cipher = EVP_aes_256_gcm();
- break;
- }
- const uint8_t* aead_key = aes_gcm_crypter->key;
- uint8_t aead_key_rekey[kRekeyAeadKeyLen];
- if (is_rekey) {
- if (aes_gcm_derive_aead_key(aead_key_rekey, aes_gcm_crypter->key,
- aes_gcm_crypter->rekey_data->kdf_counter) !=
- GRPC_STATUS_OK) {
- aes_gcm_format_errors("Deriving key failed.", error_details);
- return GRPC_STATUS_INTERNAL;
- }
- aead_key = aead_key_rekey;
- }
- if (!EVP_DecryptInit_ex(aes_gcm_crypter->ctx, cipher, nullptr, aead_key,
- nullptr)) {
- aes_gcm_format_errors("Setting key failed.", error_details);
- return GRPC_STATUS_INTERNAL;
- }
- if (!EVP_CIPHER_CTX_ctrl(aes_gcm_crypter->ctx, EVP_CTRL_GCM_SET_IVLEN,
- static_cast<int>(aes_gcm_crypter->nonce_length),
- nullptr)) {
- aes_gcm_format_errors("Setting nonce length failed.", error_details);
- return GRPC_STATUS_INTERNAL;
- }
- return GRPC_STATUS_OK;
-}
-
-grpc_status_code gsec_aes_gcm_aead_crypter_create(const uint8_t* key,
- size_t key_length,
- size_t nonce_length,
- size_t tag_length, bool rekey,
- gsec_aead_crypter** crypter,
- char** error_details) {
- if (key == nullptr) {
- aes_gcm_format_errors("key is nullptr.", error_details);
- return GRPC_STATUS_FAILED_PRECONDITION;
- }
- if (crypter == nullptr) {
- aes_gcm_format_errors("crypter is nullptr.", error_details);
- return GRPC_STATUS_FAILED_PRECONDITION;
- }
- *crypter = nullptr;
- if ((rekey && key_length != kAes128GcmRekeyKeyLength) ||
- (!rekey && key_length != kAes128GcmKeyLength &&
- key_length != kAes256GcmKeyLength) ||
- (tag_length != kAesGcmTagLength) ||
- (nonce_length != kAesGcmNonceLength)) {
- aes_gcm_format_errors(
- "Invalid key and/or nonce and/or tag length are provided at AEAD "
- "crypter instance construction time.",
- error_details);
- return GRPC_STATUS_FAILED_PRECONDITION;
- }
- gsec_aes_gcm_aead_crypter* aes_gcm_crypter =
- static_cast<gsec_aes_gcm_aead_crypter*>(
- gpr_malloc(sizeof(gsec_aes_gcm_aead_crypter)));
- aes_gcm_crypter->crypter.vtable = &vtable;
- aes_gcm_crypter->nonce_length = nonce_length;
- aes_gcm_crypter->tag_length = tag_length;
- if (rekey) {
- aes_gcm_crypter->key_length = kKdfKeyLen;
- aes_gcm_crypter->rekey_data = static_cast<gsec_aes_gcm_aead_rekey_data*>(
- gpr_malloc(sizeof(gsec_aes_gcm_aead_rekey_data)));
- memcpy(aes_gcm_crypter->rekey_data->nonce_mask, key + kKdfKeyLen,
- kAesGcmNonceLength);
- // Set kdf_counter to all-zero for initial key derivation.
- memset(aes_gcm_crypter->rekey_data->kdf_counter, 0, kKdfCounterLen);
- } else {
- aes_gcm_crypter->key_length = key_length;
- aes_gcm_crypter->rekey_data = nullptr;
- }
- aes_gcm_crypter->key =
- static_cast<uint8_t*>(gpr_malloc(aes_gcm_crypter->key_length));
- memcpy(aes_gcm_crypter->key, key, aes_gcm_crypter->key_length);
- aes_gcm_crypter->ctx = EVP_CIPHER_CTX_new();
- grpc_status_code status =
- aes_gcm_new_evp_cipher_ctx(aes_gcm_crypter, error_details);
- if (status != GRPC_STATUS_OK) {
- gsec_aes_gcm_aead_crypter_destroy(&aes_gcm_crypter->crypter);
- gpr_free(aes_gcm_crypter);
- return status;
- }
- *crypter = &aes_gcm_crypter->crypter;
- return GRPC_STATUS_OK;
-}
diff --git a/src/core/tsi/alts/crypt/gsec.cc b/src/core/tsi/alts/crypt/gsec.cc
deleted file mode 100644
index 6236591a97..0000000000
--- a/src/core/tsi/alts/crypt/gsec.cc
+++ /dev/null
@@ -1,189 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <grpc/support/port_platform.h>
-
-#include "src/core/tsi/alts/crypt/gsec.h"
-
-#include <stdio.h>
-#include <string.h>
-
-#include <grpc/support/alloc.h>
-
-static const char vtable_error_msg[] =
- "crypter or crypter->vtable has not been initialized properly";
-
-static void maybe_copy_error_msg(const char* src, char** dst) {
- if (dst != nullptr && src != nullptr) {
- *dst = static_cast<char*>(gpr_malloc(strlen(src) + 1));
- memcpy(*dst, src, strlen(src) + 1);
- }
-}
-
-grpc_status_code gsec_aead_crypter_encrypt(
- gsec_aead_crypter* crypter, const uint8_t* nonce, size_t nonce_length,
- const uint8_t* aad, size_t aad_length, const uint8_t* plaintext,
- size_t plaintext_length, uint8_t* ciphertext_and_tag,
- size_t ciphertext_and_tag_length, size_t* bytes_written,
- char** error_details) {
- if (crypter != nullptr && crypter->vtable != nullptr &&
- crypter->vtable->encrypt_iovec != nullptr) {
- struct iovec aad_vec = {(void*)aad, aad_length};
- struct iovec plaintext_vec = {(void*)plaintext, plaintext_length};
- struct iovec ciphertext_vec = {ciphertext_and_tag,
- ciphertext_and_tag_length};
- return crypter->vtable->encrypt_iovec(
- crypter, nonce, nonce_length, &aad_vec, 1, &plaintext_vec, 1,
- ciphertext_vec, bytes_written, error_details);
- }
- /* An error occurred. */
- maybe_copy_error_msg(vtable_error_msg, error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
-}
-
-grpc_status_code gsec_aead_crypter_encrypt_iovec(
- gsec_aead_crypter* crypter, const uint8_t* nonce, size_t nonce_length,
- const struct iovec* aad_vec, size_t aad_vec_length,
- const struct iovec* plaintext_vec, size_t plaintext_vec_length,
- struct iovec ciphertext_vec, size_t* ciphertext_bytes_written,
- char** error_details) {
- if (crypter != nullptr && crypter->vtable != nullptr &&
- crypter->vtable->encrypt_iovec != nullptr) {
- return crypter->vtable->encrypt_iovec(
- crypter, nonce, nonce_length, aad_vec, aad_vec_length, plaintext_vec,
- plaintext_vec_length, ciphertext_vec, ciphertext_bytes_written,
- error_details);
- }
- /* An error occurred. */
- maybe_copy_error_msg(vtable_error_msg, error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
-}
-
-grpc_status_code gsec_aead_crypter_decrypt(
- gsec_aead_crypter* crypter, const uint8_t* nonce, size_t nonce_length,
- const uint8_t* aad, size_t aad_length, const uint8_t* ciphertext_and_tag,
- size_t ciphertext_and_tag_length, uint8_t* plaintext,
- size_t plaintext_length, size_t* bytes_written, char** error_details) {
- if (crypter != nullptr && crypter->vtable != nullptr &&
- crypter->vtable->decrypt_iovec != nullptr) {
- struct iovec aad_vec = {(void*)aad, aad_length};
- struct iovec ciphertext_vec = {(void*)ciphertext_and_tag,
- ciphertext_and_tag_length};
- struct iovec plaintext_vec = {plaintext, plaintext_length};
- return crypter->vtable->decrypt_iovec(
- crypter, nonce, nonce_length, &aad_vec, 1, &ciphertext_vec, 1,
- plaintext_vec, bytes_written, error_details);
- }
- /* An error occurred. */
- maybe_copy_error_msg(vtable_error_msg, error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
-}
-
-grpc_status_code gsec_aead_crypter_decrypt_iovec(
- gsec_aead_crypter* crypter, const uint8_t* nonce, size_t nonce_length,
- const struct iovec* aad_vec, size_t aad_vec_length,
- const struct iovec* ciphertext_vec, size_t ciphertext_vec_length,
- struct iovec plaintext_vec, size_t* plaintext_bytes_written,
- char** error_details) {
- if (crypter != nullptr && crypter->vtable != nullptr &&
- crypter->vtable->encrypt_iovec != nullptr) {
- return crypter->vtable->decrypt_iovec(
- crypter, nonce, nonce_length, aad_vec, aad_vec_length, ciphertext_vec,
- ciphertext_vec_length, plaintext_vec, plaintext_bytes_written,
- error_details);
- }
- /* An error occurred. */
- maybe_copy_error_msg(vtable_error_msg, error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
-}
-
-grpc_status_code gsec_aead_crypter_max_ciphertext_and_tag_length(
- const gsec_aead_crypter* crypter, size_t plaintext_length,
- size_t* max_ciphertext_and_tag_length_to_return, char** error_details) {
- if (crypter != nullptr && crypter->vtable != nullptr &&
- crypter->vtable->max_ciphertext_and_tag_length != nullptr) {
- return crypter->vtable->max_ciphertext_and_tag_length(
- crypter, plaintext_length, max_ciphertext_and_tag_length_to_return,
- error_details);
- }
- /* An error occurred. */
- maybe_copy_error_msg(vtable_error_msg, error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
-}
-
-grpc_status_code gsec_aead_crypter_max_plaintext_length(
- const gsec_aead_crypter* crypter, size_t ciphertext_and_tag_length,
- size_t* max_plaintext_length_to_return, char** error_details) {
- if (crypter != nullptr && crypter->vtable != nullptr &&
- crypter->vtable->max_plaintext_length != nullptr) {
- return crypter->vtable->max_plaintext_length(
- crypter, ciphertext_and_tag_length, max_plaintext_length_to_return,
- error_details);
- }
- /* An error occurred. */
- maybe_copy_error_msg(vtable_error_msg, error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
-}
-
-grpc_status_code gsec_aead_crypter_nonce_length(
- const gsec_aead_crypter* crypter, size_t* nonce_length_to_return,
- char** error_details) {
- if (crypter != nullptr && crypter->vtable != nullptr &&
- crypter->vtable->nonce_length != nullptr) {
- return crypter->vtable->nonce_length(crypter, nonce_length_to_return,
- error_details);
- }
- /* An error occurred. */
- maybe_copy_error_msg(vtable_error_msg, error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
-}
-
-grpc_status_code gsec_aead_crypter_key_length(const gsec_aead_crypter* crypter,
- size_t* key_length_to_return,
- char** error_details) {
- if (crypter != nullptr && crypter->vtable != nullptr &&
- crypter->vtable->key_length != nullptr) {
- return crypter->vtable->key_length(crypter, key_length_to_return,
- error_details);
- }
- /* An error occurred */
- maybe_copy_error_msg(vtable_error_msg, error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
-}
-
-grpc_status_code gsec_aead_crypter_tag_length(const gsec_aead_crypter* crypter,
- size_t* tag_length_to_return,
- char** error_details) {
- if (crypter != nullptr && crypter->vtable != nullptr &&
- crypter->vtable->tag_length != nullptr) {
- return crypter->vtable->tag_length(crypter, tag_length_to_return,
- error_details);
- }
- /* An error occurred. */
- maybe_copy_error_msg(vtable_error_msg, error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
-}
-
-void gsec_aead_crypter_destroy(gsec_aead_crypter* crypter) {
- if (crypter != nullptr) {
- if (crypter->vtable != nullptr && crypter->vtable->destruct != nullptr) {
- crypter->vtable->destruct(crypter);
- }
- gpr_free(crypter);
- }
-}
diff --git a/src/core/tsi/alts/crypt/gsec.h b/src/core/tsi/alts/crypt/gsec.h
deleted file mode 100644
index 4d65caa944..0000000000
--- a/src/core/tsi/alts/crypt/gsec.h
+++ /dev/null
@@ -1,454 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#ifndef GRPC_CORE_TSI_ALTS_CRYPT_GSEC_H
-#define GRPC_CORE_TSI_ALTS_CRYPT_GSEC_H
-
-#include <grpc/support/port_platform.h>
-
-#include <assert.h>
-#include <stdint.h>
-#include <stdlib.h>
-
-#include <grpc/grpc.h>
-
-struct iovec {
- void* iov_base;
- size_t iov_len;
-};
-
-/**
- * A gsec interface for AEAD encryption schemes. The API is thread-compatible.
- * Each implementation of this interface should specify supported values for
- * key, nonce, and tag lengths.
- */
-
-/* Key, nonce, and tag length in bytes */
-const size_t kAesGcmNonceLength = 12;
-const size_t kAesGcmTagLength = 16;
-const size_t kAes128GcmKeyLength = 16;
-const size_t kAes256GcmKeyLength = 32;
-
-// The first 32 bytes are used as a KDF key and the remaining 12 bytes are used
-// to mask the nonce.
-const size_t kAes128GcmRekeyKeyLength = 44;
-
-typedef struct gsec_aead_crypter gsec_aead_crypter;
-
-/**
- * The gsec_aead_crypter is an API for different AEAD implementations such as
- * AES_GCM. It encapsulates all AEAD-related operations in the format of
- * V-table that stores pointers to functions implementing those operations.
- * It also provides helper functions to wrap each of those function pointers.
- *
- * A typical usage of this object would be:
- *
- *------------------------------------------------------------------------------
- * // Declare a gsec_aead_crypter object, and create and assign an instance
- * // of specific AEAD implementation e.g., AES_GCM to it. We assume both
- * // key and nonce contain cryptographically secure random bytes, and the key
- * // can be derived from an upper-layer application.
- * gsec_aead_crypter* crypter;
- * char* error_in_creation;
- * // User can populate the message with any 100 bytes data.
- * uint8_t* message = gpr_malloc(100);
- * grpc_status_code creation_status = gsec_aes_gcm_aead_crypter_create(key,
- * kAes128GcmKeyLength,
- * kAesGcmNonceLength,
- * kAesGcmTagLength,
- * &crypter,
- * false,
- * 0
- * &error_in_creation);
- *
- * if (creation_status == GRPC_STATUS_OK) {
- * // Allocate a correct amount of memory to hold a ciphertext.
- * size_t clength = 0;
- * gsec_aead_crypter_max_ciphertext_and_tag_length(crypter, 100, &clength,
- * nullptr);
- * uint8_t* ciphertext = gpr_malloc(clength);
- *
- * // Perform encryption
- * size_t num_encrypted_bytes = 0;
- * char* error_in_encryption = nullptr;
- * grpc_status_code status = gsec_aead_crypter_encrypt(crypter, nonce,
- * kAesGcmNonceLength,
- * nullptr, 0, message,
- * 100, ciphertext,
- * clength,
- * &num_encrypted_bytes,
- * &error_in_encryption);
- * if (status == GRPC_STATUS_OK) {
- * // Allocate a correct amount of memory to hold a plaintext.
- * size_t plength = 0;
- * gsec_aead_crypter_max_plaintext_length(crypter, num_encrypted_bytes,
- * &plength, nullptr);
- * uint8_t* plaintext = gpr_malloc(plength);
- *
- * // Perform decryption.
- * size_t num_decrypted_bytes = 0;
- * char* error_in_decryption = nullptr;
- * status = gsec_aead_crypter_decrypt(crypter, nonce,
- * kAesGcmNonceLength, nullptr, 0,
- * ciphertext, num_encrypted_bytes,
- * plaintext, plength,
- * &num_decrypted_bytes,
- * &error_in_decryption);
- * if (status != GRPC_STATUS_OK) {
- * fprintf(stderr, "AEAD decrypt operation failed with error code:"
- * "%d, message: %s\n", status, error_in_decryption);
- * }
- * ...
- * gpr_free(plaintext);
- * gpr_free(error_in_decryption);
- * } else {
- * fprintf(stderr, "AEAD encrypt operation failed with error code:"
- * "%d, message: %s\n", status, error_in_encryption);
- * }
- * ...
- * gpr_free(ciphertext);
- * gpr_free(error_in_encryption);
- * } else {
- * fprintf(stderr, "Creation of AEAD crypter instance failed with error code:"
- * "%d, message: %s\n", creation_status, error_in_creation);
- * }
- *
- * // Destruct AEAD crypter instance.
- * if (creation_status == GRPC_STATUS_OK) {
- * gsec_aead_crypter_destroy(crypter);
- * }
- * gpr_free(error_in_creation);
- * gpr_free(message);
- * -----------------------------------------------------------------------------
- */
-
-/* V-table for gsec AEAD operations */
-typedef struct gsec_aead_crypter_vtable {
- grpc_status_code (*encrypt_iovec)(
- gsec_aead_crypter* crypter, const uint8_t* nonce, size_t nonce_length,
- const struct iovec* aad_vec, size_t aad_vec_length,
- const struct iovec* plaintext_vec, size_t plaintext_vec_length,
- struct iovec ciphertext_vec, size_t* ciphertext_bytes_written,
- char** error_details);
- grpc_status_code (*decrypt_iovec)(
- gsec_aead_crypter* crypter, const uint8_t* nonce, size_t nonce_length,
- const struct iovec* aad_vec, size_t aad_vec_length,
- const struct iovec* ciphertext_vec, size_t ciphertext_vec_length,
- struct iovec plaintext_vec, size_t* plaintext_bytes_written,
- char** error_details);
- grpc_status_code (*max_ciphertext_and_tag_length)(
- const gsec_aead_crypter* crypter, size_t plaintext_length,
- size_t* max_ciphertext_and_tag_length_to_return, char** error_details);
- grpc_status_code (*max_plaintext_length)(
- const gsec_aead_crypter* crypter, size_t ciphertext_and_tag_length,
- size_t* max_plaintext_length_to_return, char** error_details);
- grpc_status_code (*nonce_length)(const gsec_aead_crypter* crypter,
- size_t* nonce_length_to_return,
- char** error_details);
- grpc_status_code (*key_length)(const gsec_aead_crypter* crypter,
- size_t* key_length_to_return,
- char** error_details);
- grpc_status_code (*tag_length)(const gsec_aead_crypter* crypter,
- size_t* tag_length_to_return,
- char** error_details);
- void (*destruct)(gsec_aead_crypter* crypter);
-} gsec_aead_crypter_vtable;
-
-/* Main struct for gsec interface */
-struct gsec_aead_crypter {
- const struct gsec_aead_crypter_vtable* vtable;
-};
-
-/**
- * This method performs an AEAD encrypt operation.
- *
- * - crypter: AEAD crypter instance.
- * - nonce: buffer containing a nonce with its size equal to nonce_length.
- * - nonce_length: size of nonce buffer, and must be equal to the value returned
- * from method gsec_aead_crypter_nonce_length.
- * - aad: buffer containing data that needs to be authenticated but not
- * encrypted with its size equal to aad_length.
- * - aad_length: size of aad buffer, which should be zero if the buffer is
- * nullptr.
- * - plaintext: buffer containing data that needs to be both encrypted and
- * authenticated with its size equal to plaintext_length.
- * - plaintext_length: size of plaintext buffer, which should be zero if
- * plaintext is nullptr.
- * - ciphertext_and_tag: buffer that will contain ciphertext and tags the method
- * produced. The buffer should not overlap the plaintext buffer, and pointers
- * to those buffers should not be equal. Also if the ciphertext+tag buffer is
- * nullptr, the plaintext_length should be zero.
- * - ciphertext_and_tag_length: size of ciphertext+tag buffer, which should be
- * at least as long as the one returned from method
- * gsec_aead_crypter_max_ciphertext_and_tag_length.
- * - bytes_written: the actual number of bytes written to the ciphertext+tag
- * buffer. If bytes_written is nullptr, the plaintext_length should be zero.
- * - error_details: a buffer containing an error message if the method does not
- * function correctly. It is legal to pass nullptr into error_details, and
- * otherwise, the parameter should be freed with gpr_free.
- *
- * On the success of encryption, the method returns GRPC_STATUS_OK. Otherwise,
- * it returns an error status code along with its details specified in
- * error_details (if error_details is not nullptr).
- *
- */
-grpc_status_code gsec_aead_crypter_encrypt(
- gsec_aead_crypter* crypter, const uint8_t* nonce, size_t nonce_length,
- const uint8_t* aad, size_t aad_length, const uint8_t* plaintext,
- size_t plaintext_length, uint8_t* ciphertext_and_tag,
- size_t ciphertext_and_tag_length, size_t* bytes_written,
- char** error_details);
-
-/**
- * This method performs an AEAD encrypt operation.
- *
- * - crypter: AEAD crypter instance.
- * - nonce: buffer containing a nonce with its size equal to nonce_length.
- * - nonce_length: size of nonce buffer, and must be equal to the value returned
- * from method gsec_aead_crypter_nonce_length.
- * - aad_vec: an iovec array containing data that needs to be authenticated but
- * not encrypted.
- * - aad_vec_length: the array length of aad_vec.
- * - plaintext_vec: an iovec array containing data that needs to be both
- * encrypted and authenticated.
- * - plaintext_vec_length: the array length of plaintext_vec.
- * - ciphertext_vec: an iovec containing a ciphertext buffer. The buffer should
- * not overlap the plaintext buffer.
- * - ciphertext_bytes_written: the actual number of bytes written to
- * ciphertext_vec.
- * - error_details: a buffer containing an error message if the method does not
- * function correctly. It is legal to pass nullptr into error_details, and
- * otherwise, the parameter should be freed with gpr_free.
- *
- * On the success of encryption, the method returns GRPC_STATUS_OK. Otherwise,
- * it returns an error status code along with its details specified in
- * error_details (if error_details is not nullptr).
- *
- */
-grpc_status_code gsec_aead_crypter_encrypt_iovec(
- gsec_aead_crypter* crypter, const uint8_t* nonce, size_t nonce_length,
- const struct iovec* aad_vec, size_t aad_vec_length,
- const struct iovec* plaintext_vec, size_t plaintext_vec_length,
- struct iovec ciphertext_vec, size_t* ciphertext_bytes_written,
- char** error_details);
-
-/**
- * This method performs an AEAD decrypt operation.
- *
- * - crypter: AEAD crypter instance.
- * - nonce: buffer containing a nonce with its size equal to nonce_length.
- * - nonce_length: size of nonce buffer, and must be equal to the value returned
- * from method gsec_aead_crypter_nonce_length.
- * - aad: buffer containing data that needs to be authenticated only.
- * - aad_length: size of aad buffer, which should be zero if the buffer is
- * nullptr.
- * - ciphertext_and_tag: buffer containing ciphertext and tag.
- * - ciphertext_and_tag_length: length of ciphertext and tag. It should be zero
- * if any of plaintext, ciphertext_and_tag, or bytes_written is nullptr. Also,
- * ciphertext_and_tag_length should be at least as large as the tag length set
- * at AEAD crypter instance construction time.
- * - plaintext: buffer containing decrypted and authenticated data the method
- * produced. The buffer should not overlap with the ciphertext+tag buffer, and
- * pointers to those buffers should not be equal.
- * - plaintext_length: size of plaintext buffer, which should be at least as
- * long as the one returned from gsec_aead_crypter_max_plaintext_length
- * method.
- * - bytes_written: the actual number of bytes written to the plaintext
- * buffer.
- * - error_details: a buffer containing an error message if the method does not
- * function correctly. It is legal to pass nullptr into error_details, and
- * otherwise, the parameter should be freed with gpr_free.
- *
- * On the success of decryption, the method returns GRPC_STATUS_OK. Otherwise,
- * it returns an error status code along with its details specified in
- * error_details (if error_details is not nullptr).
- */
-grpc_status_code gsec_aead_crypter_decrypt(
- gsec_aead_crypter* crypter, const uint8_t* nonce, size_t nonce_length,
- const uint8_t* aad, size_t aad_length, const uint8_t* ciphertext_and_tag,
- size_t ciphertext_and_tag_length, uint8_t* plaintext,
- size_t plaintext_length, size_t* bytes_written, char** error_details);
-
-/**
- * This method performs an AEAD decrypt operation.
- *
- * - crypter: AEAD crypter instance.
- * - nonce: buffer containing a nonce with its size equal to nonce_length.
- * - nonce_length: size of nonce buffer, and must be equal to the value returned
- * from method gsec_aead_crypter_nonce_length.
- * - aad_vec: an iovec array containing data that needs to be authenticated but
- * not encrypted.
- * - aad_vec_length: the array length of aad_vec.
- * - ciphertext_vec: an iovec array containing the ciphertext and tag.
- * - ciphertext_vec_length: the array length of ciphertext_vec.
- * - plaintext_vec: an iovec containing a plaintext buffer. The buffer should
- * not overlap the ciphertext buffer.
- * - plaintext_bytes_written: the actual number of bytes written to
- * plaintext_vec.
- * - error_details: a buffer containing an error message if the method does not
- * function correctly. It is legal to pass nullptr into error_details, and
- * otherwise, the parameter should be freed with gpr_free.
- *
- * On the success of decryption, the method returns GRPC_STATUS_OK. Otherwise,
- * it returns an error status code along with its details specified in
- * error_details (if error_details is not nullptr).
- */
-grpc_status_code gsec_aead_crypter_decrypt_iovec(
- gsec_aead_crypter* crypter, const uint8_t* nonce, size_t nonce_length,
- const struct iovec* aad_vec, size_t aad_vec_length,
- const struct iovec* ciphertext_vec, size_t ciphertext_vec_length,
- struct iovec plaintext_vec, size_t* plaintext_bytes_written,
- char** error_details);
-
-/**
- * This method computes the size of ciphertext+tag buffer that must be passed to
- * gsec_aead_crypter_encrypt function to ensure correct encryption of a
- * plaintext. The actual size of ciphertext+tag written to the buffer could be
- * smaller.
- *
- * - crypter: AEAD crypter instance.
- * - plaintext_length: length of plaintext.
- * - max_ciphertext_and_tag_length_to_return: the size of ciphertext+tag buffer
- * the method returns.
- * - error_details: a buffer containing an error message if the method does not
- * function correctly. It is legal to pass nullptr into error_details, and
- * otherwise, the parameter should be freed with gpr_free.
- *
- * On the success of execution, the method returns GRPC_STATUS_OK. Otherwise,
- * it returns an error status code along with its details specified in
- * error_details (if error_details is not nullptr).
- */
-grpc_status_code gsec_aead_crypter_max_ciphertext_and_tag_length(
- const gsec_aead_crypter* crypter, size_t plaintext_length,
- size_t* max_ciphertext_and_tag_length_to_return, char** error_details);
-
-/**
- * This method computes the size of plaintext buffer that must be passed to
- * gsec_aead_crypter_decrypt function to ensure correct decryption of a
- * ciphertext. The actual size of plaintext written to the buffer could be
- * smaller.
- *
- * - crypter: AEAD crypter instance.
- * - ciphertext_and_tag_length: length of ciphertext and tag.
- * - max_plaintext_length_to_return: the size of plaintext buffer the method
- * returns.
- * - error_details: a buffer containing an error message if the method does not
- * function correctly. It is legal to pass nullptr into error_details, and
- * otherwise, the parameter should be freed with gpr_free.
- *
- * On the success of execution, the method returns GRPC_STATUS_OK. Otherwise,
- * it returns an error status code along with its details specified in
- * error_details (if error_details is not nullptr).
- */
-grpc_status_code gsec_aead_crypter_max_plaintext_length(
- const gsec_aead_crypter* crypter, size_t ciphertext_and_tag_length,
- size_t* max_plaintext_length_to_return, char** error_details);
-
-/**
- * This method returns a valid size of nonce array used at the construction of
- * AEAD crypter instance. It is also the size that should be passed to encrypt
- * and decrypt methods executed on the instance.
- *
- * - crypter: AEAD crypter instance.
- * - nonce_length_to_return: the length of nonce array the method returns.
- * - error_details: a buffer containing an error message if the method does not
- * function correctly. It is legal to pass nullptr into error_details, and
- * otherwise, the parameter should be freed with gpr_free.
- *
- * On the success of execution, the method returns GRPC_STATUS_OK. Otherwise,
- * it returns an error status code along with its details specified in
- * error_details (if error_details is not nullptr).
- */
-grpc_status_code gsec_aead_crypter_nonce_length(
- const gsec_aead_crypter* crypter, size_t* nonce_length_to_return,
- char** error_details);
-
-/**
- * This method returns a valid size of key array used at the construction of
- * AEAD crypter instance. It is also the size that should be passed to encrypt
- * and decrypt methods executed on the instance.
- *
- * - crypter: AEAD crypter instance.
- * - key_length_to_return: the length of key array the method returns.
- * - error_details: a buffer containing an error message if the method does not
- * function correctly. It is legal to pass nullptr into error_details, and
- * otherwise, the parameter should be freed with gpr_free.
- *
- * On the success of execution, the method returns GRPC_STATUS_OK. Otherwise,
- * it returns an error status code along with its details specified in
- * error_details (if error_details is not nullptr).
- */
-grpc_status_code gsec_aead_crypter_key_length(const gsec_aead_crypter* crypter,
- size_t* key_length_to_return,
- char** error_details);
-/**
- * This method returns a valid size of tag array used at the construction of
- * AEAD crypter instance. It is also the size that should be passed to encrypt
- * and decrypt methods executed on the instance.
- *
- * - crypter: AEAD crypter instance.
- * - tag_length_to_return: the length of tag array the method returns.
- * - error_details: a buffer containing an error message if the method does not
- * function correctly. It is legal to pass nullptr into error_details, and
- * otherwise, the parameter should be freed with gpr_free.
- *
- * On the success of execution, the method returns GRPC_STATUS_OK. Otherwise,
- * it returns an error status code along with its details specified in
- * error_details (if error_details is not nullptr).
- */
-grpc_status_code gsec_aead_crypter_tag_length(const gsec_aead_crypter* crypter,
- size_t* tag_length_to_return,
- char** error_details);
-
-/**
- * This method destroys an AEAD crypter instance by de-allocating all of its
- * occupied memory.
- *
- * - crypter: AEAD crypter instance that needs to be destroyed.
- */
-void gsec_aead_crypter_destroy(gsec_aead_crypter* crypter);
-
-/**
- * This method creates an AEAD crypter instance of AES-GCM encryption scheme
- * which supports 16 and 32 bytes long keys, 12 and 16 bytes long nonces, and
- * 16 bytes long tags. It should be noted that once the lengths of key, nonce,
- * and tag are determined at construction time, they cannot be modified later.
- *
- * - key: buffer containing a key which is binded with AEAD crypter instance.
- * - key_length: length of a key in bytes, which should be 44 if rekeying is
- * enabled and 16 or 32 otherwise.
- * - nonce_length: length of a nonce in bytes, which should be either 12 or 16.
- * - tag_length: length of a tag in bytes, which should be always 16.
- * - rekey: enable nonce-based rekeying and nonce-masking.
- * - crypter: address of AES_GCM crypter instance returned from the method.
- * - error_details: a buffer containing an error message if the method does not
- * function correctly. It is legal to pass nullptr into error_details, and
- * otherwise, the parameter should be freed with gpr_free.
- *
- * On success of instance creation, it stores the address of instance at
- * crypter. Otherwise, it returns an error status code together with its details
- * specified in error_details.
- */
-grpc_status_code gsec_aes_gcm_aead_crypter_create(const uint8_t* key,
- size_t key_length,
- size_t nonce_length,
- size_t tag_length, bool rekey,
- gsec_aead_crypter** crypter,
- char** error_details);
-
-#endif /* GRPC_CORE_TSI_ALTS_CRYPT_GSEC_H */
diff --git a/src/core/tsi/alts/frame_protector/alts_counter.cc b/src/core/tsi/alts/frame_protector/alts_counter.cc
deleted file mode 100644
index de163e3e08..0000000000
--- a/src/core/tsi/alts/frame_protector/alts_counter.cc
+++ /dev/null
@@ -1,118 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <grpc/support/port_platform.h>
-
-#include "src/core/tsi/alts/frame_protector/alts_counter.h"
-
-#include <string.h>
-
-#include <grpc/support/alloc.h>
-
-static void maybe_copy_error_msg(const char* src, char** dst) {
- if (dst != nullptr && src != nullptr) {
- *dst = static_cast<char*>(gpr_malloc(strlen(src) + 1));
- memcpy(*dst, src, strlen(src) + 1);
- }
-}
-
-grpc_status_code alts_counter_create(bool is_client, size_t counter_size,
- size_t overflow_size,
- alts_counter** crypter_counter,
- char** error_details) {
- /* Perform input sanity check. */
- if (counter_size == 0) {
- const char error_msg[] = "counter_size is invalid.";
- maybe_copy_error_msg(error_msg, error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- if (overflow_size == 0 || overflow_size >= counter_size) {
- const char error_msg[] = "overflow_size is invalid.";
- maybe_copy_error_msg(error_msg, error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- if (crypter_counter == nullptr) {
- const char error_msg[] = "crypter_counter is nullptr.";
- maybe_copy_error_msg(error_msg, error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- *crypter_counter =
- static_cast<alts_counter*>(gpr_malloc(sizeof(**crypter_counter)));
- (*crypter_counter)->size = counter_size;
- (*crypter_counter)->overflow_size = overflow_size;
- (*crypter_counter)->counter =
- static_cast<unsigned char*>(gpr_zalloc(counter_size));
- if (is_client) {
- ((*crypter_counter)->counter)[counter_size - 1] = 0x80;
- }
- return GRPC_STATUS_OK;
-}
-
-grpc_status_code alts_counter_increment(alts_counter* crypter_counter,
- bool* is_overflow,
- char** error_details) {
- /* Perform input sanity check. */
- if (crypter_counter == nullptr) {
- const char error_msg[] = "crypter_counter is nullptr.";
- maybe_copy_error_msg(error_msg, error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- if (is_overflow == nullptr) {
- const char error_msg[] = "is_overflow is nullptr.";
- maybe_copy_error_msg(error_msg, error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- /* Increment the internal counter. */
- size_t i = 0;
- for (; i < crypter_counter->overflow_size; i++) {
- (crypter_counter->counter)[i]++;
- if ((crypter_counter->counter)[i] != 0x00) {
- break;
- }
- }
- /**
- * If the lower overflow_size bytes are all zero, the counter has overflowed.
- */
- if (i == crypter_counter->overflow_size) {
- *is_overflow = true;
- return GRPC_STATUS_FAILED_PRECONDITION;
- }
- *is_overflow = false;
- return GRPC_STATUS_OK;
-}
-
-size_t alts_counter_get_size(alts_counter* crypter_counter) {
- if (crypter_counter == nullptr) {
- return 0;
- }
- return crypter_counter->size;
-}
-
-unsigned char* alts_counter_get_counter(alts_counter* crypter_counter) {
- if (crypter_counter == nullptr) {
- return nullptr;
- }
- return crypter_counter->counter;
-}
-
-void alts_counter_destroy(alts_counter* crypter_counter) {
- if (crypter_counter != nullptr) {
- gpr_free(crypter_counter->counter);
- gpr_free(crypter_counter);
- }
-}
diff --git a/src/core/tsi/alts/frame_protector/alts_counter.h b/src/core/tsi/alts/frame_protector/alts_counter.h
deleted file mode 100644
index d705638fa8..0000000000
--- a/src/core/tsi/alts/frame_protector/alts_counter.h
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#ifndef GRPC_CORE_TSI_ALTS_FRAME_PROTECTOR_ALTS_COUNTER_H
-#define GRPC_CORE_TSI_ALTS_FRAME_PROTECTOR_ALTS_COUNTER_H
-
-#include <grpc/support/port_platform.h>
-
-#include <stdbool.h>
-#include <stdlib.h>
-
-#include <grpc/grpc.h>
-
-/* Main struct for a crypter counter managed within seal/unseal operations. */
-typedef struct alts_counter {
- size_t size;
- size_t overflow_size;
- unsigned char* counter;
-} alts_counter;
-
-/**
- * This method creates and initializes an alts_counter instance.
- *
- * - is_client: a flag indicating if the alts_counter instance will be used
- * at client (is_client = true) or server (is_client = false) side.
- * - counter_size: size of buffer holding the counter value.
- * - overflow_size: overflow size in bytes. The counter instance can be used
- * to produce at most 2^(overflow_size*8) frames.
- * - crypter_counter: an alts_counter instance to be returned from the method.
- * - error_details: a buffer containing an error message if the method does not
- * function correctly. It is legal to pass nullptr into error_details and
- * otherwise, the parameter should be freed with gpr_free.
- *
- * On success, the method returns GRPC_STATUS_OK. Otherwise,
- * it returns an error status code along with its details specified in
- * error_details (if error_details is not nullptr).
- */
-grpc_status_code alts_counter_create(bool is_client, size_t counter_size,
- size_t overflow_size,
- alts_counter** crypter_counter,
- char** error_details);
-
-/**
- * This method increments the internal counter.
- *
- * - crypter_counter: an alts_counter instance.
- * - is_overflow: after incrementing the internal counter, if an overflow
- * occurs, is_overflow is set to true, and no further calls to
- * alts_counter_increment() should be made. Otherwise, is_overflow is set to
- * false.
- * - error_details: a buffer containing an error message if the method does not
- * function correctly. It is legal to pass nullptr into error_details and
- * otherwise, the parameter should be freed with gpr_free.
- *
- * On success, the method returns GRPC_STATUS_OK. Otherwise,
- * it returns an error status code along with its details specified in
- * error_details (if error_details is not nullptr).
- */
-grpc_status_code alts_counter_increment(alts_counter* crypter_counter,
- bool* is_overflow,
- char** error_details);
-
-/**
- * This method returns the size of counter buffer.
- *
- * - crypter_counter: an alts_counter instance.
- */
-size_t alts_counter_get_size(alts_counter* crypter_counter);
-
-/**
- * This method returns the counter buffer.
- *
- * - crypter_counter: an alts_counter instance.
- */
-unsigned char* alts_counter_get_counter(alts_counter* crypter_counter);
-
-/**
- * This method de-allocates all memory allocated to an alts_coutner instance.
- * - crypter_counter: an alts_counter instance.
- */
-void alts_counter_destroy(alts_counter* crypter_counter);
-
-#endif /* GRPC_CORE_TSI_ALTS_FRAME_PROTECTOR_ALTS_COUNTER_H */
diff --git a/src/core/tsi/alts/frame_protector/alts_crypter.cc b/src/core/tsi/alts/frame_protector/alts_crypter.cc
deleted file mode 100644
index 56f0512186..0000000000
--- a/src/core/tsi/alts/frame_protector/alts_crypter.cc
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <grpc/support/port_platform.h>
-
-#include "src/core/tsi/alts/frame_protector/alts_crypter.h"
-
-#include <string.h>
-
-#include <grpc/support/alloc.h>
-
-static void maybe_copy_error_msg(const char* src, char** dst) {
- if (dst != nullptr && src != nullptr) {
- *dst = static_cast<char*>(gpr_malloc(strlen(src) + 1));
- memcpy(*dst, src, strlen(src) + 1);
- }
-}
-
-grpc_status_code alts_crypter_process_in_place(
- alts_crypter* crypter, unsigned char* data, size_t data_allocated_size,
- size_t data_size, size_t* output_size, char** error_details) {
- if (crypter != nullptr && crypter->vtable != nullptr &&
- crypter->vtable->process_in_place != nullptr) {
- return crypter->vtable->process_in_place(crypter, data, data_allocated_size,
- data_size, output_size,
- error_details);
- }
- /* An error occurred. */
- const char error_msg[] =
- "crypter or crypter->vtable has not been initialized properly.";
- maybe_copy_error_msg(error_msg, error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
-}
-
-size_t alts_crypter_num_overhead_bytes(const alts_crypter* crypter) {
- if (crypter != nullptr && crypter->vtable != nullptr &&
- crypter->vtable->num_overhead_bytes != nullptr) {
- return crypter->vtable->num_overhead_bytes(crypter);
- }
- /* An error occurred. */
- return 0;
-}
-
-void alts_crypter_destroy(alts_crypter* crypter) {
- if (crypter != nullptr) {
- if (crypter->vtable != nullptr && crypter->vtable->destruct != nullptr) {
- crypter->vtable->destruct(crypter);
- }
- gpr_free(crypter);
- }
-}
diff --git a/src/core/tsi/alts/frame_protector/alts_crypter.h b/src/core/tsi/alts/frame_protector/alts_crypter.h
deleted file mode 100644
index 3140778f4f..0000000000
--- a/src/core/tsi/alts/frame_protector/alts_crypter.h
+++ /dev/null
@@ -1,255 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#ifndef GRPC_CORE_TSI_ALTS_FRAME_PROTECTOR_ALTS_CRYPTER_H
-#define GRPC_CORE_TSI_ALTS_FRAME_PROTECTOR_ALTS_CRYPTER_H
-
-#include <grpc/support/port_platform.h>
-
-#include <stdbool.h>
-#include <string.h>
-
-#include <grpc/grpc.h>
-
-#include "src/core/tsi/alts/crypt/gsec.h"
-
-/**
- * An alts_crypter interface for an ALTS record protocol providing
- * seal/unseal functionality. The interface is thread-compatible.
- */
-
-typedef struct alts_crypter alts_crypter;
-
-/**
- * A typical usage of the interface would be
- *------------------------------------------------------------------------------
- * // Perform a seal operation. We assume the gsec_aead_crypter instance -
- * // client_aead_crypter is created beforehand with a 16-byte key and 12-byte
- * // nonce length.
- *
- * alts_crypter* client = nullptr;
- * char* client_error_in_creation = nullptr;
- * unsigned char* data = nullptr;
- * grpc_status_code client_status =
- * alts_seal_crypter_create(client_aead_crypter, 1, 5, &client,
- * &client_error_in_creation);
- * if (client_status == GRPC_STATUS_OK) {
- * size_t data_size = 100;
- * size_t num_overhead_bytes = alts_crypter_num_overhead_bytes(client);
- * size_t data_allocated_size = data_size + num_overhead_bytes;
- * data = gpr_malloc(data_allocated_size);
- * char* client_error_in_seal = nullptr;
- * // Client performs a seal operation.
- * client_status = alts_crypter_process_in_place(client, data,
- * data_allocated_size,
- * &data_size,
- * &client_error_in_seal);
- * if (client_status != GRPC_STATUS_OK) {
- * fprintf(stderr, "seal operation failed with error code:"
- * "%d, message: %s\n", client_status,
- * client_error_in_seal);
- * }
- * gpr_free(client_error_in_seal);
- * } else {
- * fprintf(stderr, "alts_crypter instance creation failed with error"
- * "code: %d, message: %s\n", client_status,
- * client_error_in_creation);
- * }
- *
- * ...
- *
- * gpr_free(client_error_in_creation);
- * alts_crypter_destroy(client);
- *
- * ...
- *
- * // Perform an unseal operation. We assume the gsec_aead_crypter instance -
- * // server_aead_crypter is created beforehand with a 16-byte key and 12-byte
- * // nonce length. The key used in the creation of gsec_aead_crypter instances
- * // at server and client sides should be identical.
- *
- * alts_crypter* server = nullptr;
- * char* server_error_in_creation = nullptr;
- * grpc_status_code server_status =
- * alts_unseal_crypter_create(server_aead_crypter, 0, 5, &server,
- * &server_error_in_creation);
- * if (server_status == GRPC_STATUS_OK) {
- * size_t num_overhead_bytes = alts_crypter_num_overhead_bytes(server);
- * size_t data_size = 100 + num_overhead_bytes;
- * size_t data_allocated_size = data_size;
- * char* server_error_in_unseal = nullptr;
- * // Server performs an unseal operation.
- * server_status = alts_crypter_process_in_place(server, data,
- * data_allocated_size,
- * &data_size,
- * &server_error_in_unseal);
- * if (server_status != GRPC_STATUS_OK) {
- * fprintf(stderr, "unseal operation failed with error code:"
- * "%d, message: %s\n", server_status,
- * server_error_in_unseal);
- * }
- * gpr_free(server_error_in_unseal);
- * } else {
- * fprintf(stderr, "alts_crypter instance creation failed with error"
- * "code: %d, message: %s\n", server_status,
- * server_error_in_creation);
- * }
- *
- * ...
- *
- * gpr_free(data);
- * gpr_free(server_error_in_creation);
- * alts_crypter_destroy(server);
- *
- * ...
- *------------------------------------------------------------------------------
- */
-
-/* V-table for alts_crypter operations */
-typedef struct alts_crypter_vtable {
- size_t (*num_overhead_bytes)(const alts_crypter* crypter);
- grpc_status_code (*process_in_place)(alts_crypter* crypter,
- unsigned char* data,
- size_t data_allocated_size,
- size_t data_size, size_t* output_size,
- char** error_details);
- void (*destruct)(alts_crypter* crypter);
-} alts_crypter_vtable;
-
-/* Main struct for alts_crypter interface */
-struct alts_crypter {
- const alts_crypter_vtable* vtable;
-};
-
-/**
- * This method gets the number of overhead bytes needed for sealing data that
- * is the difference in size between the protected and raw data. The counter
- * value used in a seal or unseal operation is locally maintained (not sent or
- * received from the other peer) and therefore, will not be counted as part of
- * overhead bytes.
- *
- * - crypter: an alts_crypter instance.
- *
- * On success, the method returns the number of overhead bytes. Otherwise, it
- * returns zero.
- *
- */
-size_t alts_crypter_num_overhead_bytes(const alts_crypter* crypter);
-
-/**
- * This method performs either a seal or an unseal operation depending on the
- * alts_crypter instance - crypter passed to the method. If the crypter is
- * an instance implementing a seal operation, the method will perform a seal
- * operation. That is, it seals raw data and stores the result in-place, and the
- * memory allocated for data must be at least data_length +
- * alts_crypter_num_overhead_bytes(). If the crypter is an instance
- * implementing an unseal operation, the method will perform an unseal
- * operation. That is, it unseals protected data and stores the result in-place.
- * The size of unsealed data will be data_length -
- * alts_crypter_num_overhead_bytes(). Integrity tag will be verified during
- * the unseal operation, and if verification fails, the data will be wiped.
- * The counters used in both seal and unseal operations are managed internally.
- *
- * - crypter: an alts_crypter instance.
- * - data: if the method performs a seal operation, the data represents raw data
- * that needs to be sealed. It also plays the role of buffer to hold the
- * protected data as a result of seal. If the method performs an unseal
- * operation, the data represents protected data that needs to be unsealed. It
- * also plays the role of buffer to hold raw data as a result of unseal.
- * - data_allocated_size: the size of data buffer. The parameter is used to
- * check whether the result of either seal or unseal can be safely written to
- * the data buffer.
- * - data_size: if the method performs a seal operation, data_size
- * represents the size of raw data that needs to be sealed, and if the method
- * performs an unseal operation, data_size represents the size of protected
- * data that needs to be unsealed.
- * - output_size: size of data written to the data buffer after a seal or an
- * unseal operation.
- * - error_details: a buffer containing an error message if the method does not
- * function correctly. It is legal to pass nullptr into error_details and
- * otherwise, the parameter should be freed with gpr_free.
- *
- * On success, the method returns GRPC_STATUS_OK. Otherwise,
- * it returns an error status code along with its details specified in
- * error_details (if error_details is not nullptr).
- */
-grpc_status_code alts_crypter_process_in_place(
- alts_crypter* crypter, unsigned char* data, size_t data_allocated_size,
- size_t data_size, size_t* output_size, char** error_details);
-
-/**
- * This method creates an alts_crypter instance to be used to perform a seal
- * operation, given a gsec_aead_crypter instance and a flag indicating if the
- * created instance will be used at the client or server side. It takes
- * ownership of gsec_aead_crypter instance.
- *
- * - gc: a gsec_aead_crypter instance used to perform AEAD encryption.
- * - is_client: a flag indicating if the alts_crypter instance will be
- * used at the client (is_client = true) or server (is_client =
- * false) side.
- * - overflow_size: overflow size of counter in bytes.
- * - crypter: an alts_crypter instance to be returned from the method.
- * - error_details: a buffer containing an error message if the method does
- * not function correctly. It is legal to pass nullptr into error_details, and
- * otherwise, the parameter should be freed with gpr_free.
- *
- * On success of creation, the method returns GRPC_STATUS_OK.
- * Otherwise, it returns an error status code along with its details specified
- * in error_details (if error_details is not nullptr).
- */
-grpc_status_code alts_seal_crypter_create(gsec_aead_crypter* gc, bool is_client,
- size_t overflow_size,
- alts_crypter** crypter,
- char** error_details);
-
-/**
- * This method creates an alts_crypter instance used to perform an unseal
- * operation, given a gsec_aead_crypter instance and a flag indicating if the
- * created instance will be used at the client or server side. It takes
- * ownership of gsec_aead_crypter instance.
- *
- * - gc: a gsec_aead_crypter instance used to perform AEAD decryption.
- * - is_client: a flag indicating if the alts_crypter instance will be
- * used at the client (is_client = true) or server (is_client =
- * false) side.
- * - overflow_size: overflow size of counter in bytes.
- * - crypter: an alts_crypter instance to be returned from the method.
- * - error_details: a buffer containing an error message if the method does
- * not function correctly. It is legal to pass nullptr into error_details, and
- * otherwise, the parameter should be freed with gpr_free.
- *
- * On success of creation, the method returns GRPC_STATUS_OK.
- * Otherwise, it returns an error status code along with its details specified
- * in error_details (if error_details is not nullptr).
- */
-grpc_status_code alts_unseal_crypter_create(gsec_aead_crypter* gc,
- bool is_client,
- size_t overflow_size,
- alts_crypter** crypter,
- char** error_details);
-
-/**
- * This method destroys an alts_crypter instance by de-allocating all of its
- * occupied memory. A gsec_aead_crypter instance passed in at alts_crypter
- * instance creation time will be destroyed in this method.
- *
- * - crypter: an alts_crypter instance.
- */
-void alts_crypter_destroy(alts_crypter* crypter);
-
-#endif /* GRPC_CORE_TSI_ALTS_FRAME_PROTECTOR_ALTS_CRYPTER_H */
diff --git a/src/core/tsi/alts/frame_protector/alts_frame_protector.cc b/src/core/tsi/alts/frame_protector/alts_frame_protector.cc
deleted file mode 100644
index bfa0b7a720..0000000000
--- a/src/core/tsi/alts/frame_protector/alts_frame_protector.cc
+++ /dev/null
@@ -1,407 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <grpc/support/port_platform.h>
-
-#include "src/core/tsi/alts/frame_protector/alts_frame_protector.h"
-
-#include <stdio.h>
-#include <stdlib.h>
-
-#include <grpc/support/alloc.h>
-#include <grpc/support/log.h>
-
-#include "src/core/lib/gpr/useful.h"
-#include "src/core/tsi/alts/crypt/gsec.h"
-#include "src/core/tsi/alts/frame_protector/alts_crypter.h"
-#include "src/core/tsi/alts/frame_protector/frame_handler.h"
-#include "src/core/tsi/transport_security.h"
-
-constexpr size_t kMinFrameLength = 1024;
-constexpr size_t kDefaultFrameLength = 16 * 1024;
-constexpr size_t kMaxFrameLength = 1024 * 1024;
-
-// Limit k on number of frames such that at most 2^(8 * k) frames can be sent.
-constexpr size_t kAltsRecordProtocolRekeyFrameLimit = 8;
-constexpr size_t kAltsRecordProtocolFrameLimit = 5;
-
-/* Main struct for alts_frame_protector. */
-struct alts_frame_protector {
- tsi_frame_protector base;
- alts_crypter* seal_crypter;
- alts_crypter* unseal_crypter;
- alts_frame_writer* writer;
- alts_frame_reader* reader;
- unsigned char* in_place_protect_buffer;
- unsigned char* in_place_unprotect_buffer;
- size_t in_place_protect_bytes_buffered;
- size_t in_place_unprotect_bytes_processed;
- size_t max_protected_frame_size;
- size_t max_unprotected_frame_size;
- size_t overhead_length;
- size_t counter_overflow;
-};
-
-static tsi_result seal(alts_frame_protector* impl) {
- char* error_details = nullptr;
- size_t output_size = 0;
- grpc_status_code status = alts_crypter_process_in_place(
- impl->seal_crypter, impl->in_place_protect_buffer,
- impl->max_protected_frame_size, impl->in_place_protect_bytes_buffered,
- &output_size, &error_details);
- impl->in_place_protect_bytes_buffered = output_size;
- if (status != GRPC_STATUS_OK) {
- gpr_log(GPR_ERROR, "%s", error_details);
- gpr_free(error_details);
- return TSI_INTERNAL_ERROR;
- }
- return TSI_OK;
-}
-
-static size_t max_encrypted_payload_bytes(alts_frame_protector* impl) {
- return impl->max_protected_frame_size - kFrameHeaderSize;
-}
-
-static tsi_result alts_protect_flush(tsi_frame_protector* self,
- unsigned char* protected_output_frames,
- size_t* protected_output_frames_size,
- size_t* still_pending_size) {
- if (self == nullptr || protected_output_frames == nullptr ||
- protected_output_frames_size == nullptr ||
- still_pending_size == nullptr) {
- gpr_log(GPR_ERROR, "Invalid nullptr arguments to alts_protect_flush().");
- return TSI_INVALID_ARGUMENT;
- }
- alts_frame_protector* impl = reinterpret_cast<alts_frame_protector*>(self);
- /**
- * If there's nothing to flush (i.e., in_place_protect_buffer is empty),
- * we're done.
- */
- if (impl->in_place_protect_bytes_buffered == 0) {
- *protected_output_frames_size = 0;
- *still_pending_size = 0;
- return TSI_OK;
- }
- /**
- * If a new frame can start being processed, we encrypt the payload and reset
- * the frame writer to point to in_place_protect_buffer that holds the newly
- * sealed frame.
- */
- if (alts_is_frame_writer_done(impl->writer)) {
- tsi_result result = seal(impl);
- if (result != TSI_OK) {
- return result;
- }
- if (!alts_reset_frame_writer(impl->writer, impl->in_place_protect_buffer,
- impl->in_place_protect_bytes_buffered)) {
- gpr_log(GPR_ERROR, "Couldn't reset frame writer.");
- return TSI_INTERNAL_ERROR;
- }
- }
- /**
- * Write the sealed frame as much as possible to protected_output_frames. It's
- * possible a frame will not be written out completely by a single flush
- * (i.e., still_pending_size != 0), in which case the flush should be called
- * iteratively until a complete frame has been written out.
- */
- size_t written_frame_bytes = *protected_output_frames_size;
- if (!alts_write_frame_bytes(impl->writer, protected_output_frames,
- &written_frame_bytes)) {
- gpr_log(GPR_ERROR, "Couldn't write frame bytes.");
- return TSI_INTERNAL_ERROR;
- }
- *protected_output_frames_size = written_frame_bytes;
- *still_pending_size = alts_get_num_writer_bytes_remaining(impl->writer);
- /**
- * If the current frame has been finished processing (i.e., sealed and written
- * out completely), we empty in_place_protect_buffer.
- */
- if (alts_is_frame_writer_done(impl->writer)) {
- impl->in_place_protect_bytes_buffered = 0;
- }
- return TSI_OK;
-}
-
-static tsi_result alts_protect(tsi_frame_protector* self,
- const unsigned char* unprotected_bytes,
- size_t* unprotected_bytes_size,
- unsigned char* protected_output_frames,
- size_t* protected_output_frames_size) {
- if (self == nullptr || unprotected_bytes == nullptr ||
- unprotected_bytes_size == nullptr || protected_output_frames == nullptr ||
- protected_output_frames_size == nullptr) {
- gpr_log(GPR_ERROR, "Invalid nullptr arguments to alts_protect().");
- return TSI_INVALID_ARGUMENT;
- }
- alts_frame_protector* impl = reinterpret_cast<alts_frame_protector*>(self);
-
- /**
- * If more payload can be buffered, we buffer it as much as possible to
- * in_place_protect_buffer.
- */
- if (impl->in_place_protect_bytes_buffered + impl->overhead_length <
- max_encrypted_payload_bytes(impl)) {
- size_t bytes_to_buffer = GPR_MIN(*unprotected_bytes_size,
- max_encrypted_payload_bytes(impl) -
- impl->in_place_protect_bytes_buffered -
- impl->overhead_length);
- *unprotected_bytes_size = bytes_to_buffer;
- if (bytes_to_buffer > 0) {
- memcpy(
- impl->in_place_protect_buffer + impl->in_place_protect_bytes_buffered,
- unprotected_bytes, bytes_to_buffer);
- impl->in_place_protect_bytes_buffered += bytes_to_buffer;
- }
- } else {
- *unprotected_bytes_size = 0;
- }
- /**
- * If a full frame has been buffered, we output it. If the first condition
- * holds, then there exists an unencrypted full frame. If the second
- * condition holds, then there exists a full frame that has already been
- * encrypted.
- */
- if (max_encrypted_payload_bytes(impl) ==
- impl->in_place_protect_bytes_buffered + impl->overhead_length ||
- max_encrypted_payload_bytes(impl) ==
- impl->in_place_protect_bytes_buffered) {
- size_t still_pending_size = 0;
- return alts_protect_flush(self, protected_output_frames,
- protected_output_frames_size,
- &still_pending_size);
- } else {
- *protected_output_frames_size = 0;
- return TSI_OK;
- }
-}
-
-static tsi_result unseal(alts_frame_protector* impl) {
- char* error_details = nullptr;
- size_t output_size = 0;
- grpc_status_code status = alts_crypter_process_in_place(
- impl->unseal_crypter, impl->in_place_unprotect_buffer,
- impl->max_unprotected_frame_size,
- alts_get_output_bytes_read(impl->reader), &output_size, &error_details);
- if (status != GRPC_STATUS_OK) {
- gpr_log(GPR_ERROR, "%s", error_details);
- gpr_free(error_details);
- return TSI_DATA_CORRUPTED;
- }
- return TSI_OK;
-}
-
-static void ensure_buffer_size(alts_frame_protector* impl) {
- if (!alts_has_read_frame_length(impl->reader)) {
- return;
- }
- size_t buffer_space_remaining = impl->max_unprotected_frame_size -
- alts_get_output_bytes_read(impl->reader);
- /**
- * Check if we need to resize in_place_unprotect_buffer in order to hold
- * remaining bytes of a full frame.
- */
- if (buffer_space_remaining < alts_get_reader_bytes_remaining(impl->reader)) {
- size_t buffer_len = alts_get_output_bytes_read(impl->reader) +
- alts_get_reader_bytes_remaining(impl->reader);
- unsigned char* buffer = static_cast<unsigned char*>(gpr_malloc(buffer_len));
- memcpy(buffer, impl->in_place_unprotect_buffer,
- alts_get_output_bytes_read(impl->reader));
- impl->max_unprotected_frame_size = buffer_len;
- gpr_free(impl->in_place_unprotect_buffer);
- impl->in_place_unprotect_buffer = buffer;
- alts_reset_reader_output_buffer(
- impl->reader, buffer + alts_get_output_bytes_read(impl->reader));
- }
-}
-
-static tsi_result alts_unprotect(tsi_frame_protector* self,
- const unsigned char* protected_frames_bytes,
- size_t* protected_frames_bytes_size,
- unsigned char* unprotected_bytes,
- size_t* unprotected_bytes_size) {
- if (self == nullptr || protected_frames_bytes == nullptr ||
- protected_frames_bytes_size == nullptr || unprotected_bytes == nullptr ||
- unprotected_bytes_size == nullptr) {
- gpr_log(GPR_ERROR, "Invalid nullptr arguments to alts_unprotect().");
- return TSI_INVALID_ARGUMENT;
- }
- alts_frame_protector* impl = reinterpret_cast<alts_frame_protector*>(self);
- /**
- * If a new frame can start being processed, we reset the frame reader to
- * point to in_place_unprotect_buffer that will be used to hold deframed
- * result.
- */
- if (alts_is_frame_reader_done(impl->reader) &&
- ((alts_get_output_buffer(impl->reader) == nullptr) ||
- (alts_get_output_bytes_read(impl->reader) ==
- impl->in_place_unprotect_bytes_processed + impl->overhead_length))) {
- if (!alts_reset_frame_reader(impl->reader,
- impl->in_place_unprotect_buffer)) {
- gpr_log(GPR_ERROR, "Couldn't reset frame reader.");
- return TSI_INTERNAL_ERROR;
- }
- impl->in_place_unprotect_bytes_processed = 0;
- }
- /**
- * If a full frame has not yet been read, we read more bytes from
- * protected_frames_bytes until a full frame has been read. We also need to
- * make sure in_place_unprotect_buffer is large enough to hold a complete
- * frame.
- */
- if (!alts_is_frame_reader_done(impl->reader)) {
- ensure_buffer_size(impl);
- *protected_frames_bytes_size =
- GPR_MIN(impl->max_unprotected_frame_size -
- alts_get_output_bytes_read(impl->reader),
- *protected_frames_bytes_size);
- size_t read_frames_bytes_size = *protected_frames_bytes_size;
- if (!alts_read_frame_bytes(impl->reader, protected_frames_bytes,
- &read_frames_bytes_size)) {
- gpr_log(GPR_ERROR, "Failed to process frame.");
- return TSI_INTERNAL_ERROR;
- }
- *protected_frames_bytes_size = read_frames_bytes_size;
- } else {
- *protected_frames_bytes_size = 0;
- }
- /**
- * If a full frame has been read, we unseal it, and write out the
- * deframed result to unprotected_bytes.
- */
- if (alts_is_frame_reader_done(impl->reader)) {
- if (impl->in_place_unprotect_bytes_processed == 0) {
- tsi_result result = unseal(impl);
- if (result != TSI_OK) {
- return result;
- }
- }
- size_t bytes_to_write = GPR_MIN(
- *unprotected_bytes_size, alts_get_output_bytes_read(impl->reader) -
- impl->in_place_unprotect_bytes_processed -
- impl->overhead_length);
- if (bytes_to_write > 0) {
- memcpy(unprotected_bytes,
- impl->in_place_unprotect_buffer +
- impl->in_place_unprotect_bytes_processed,
- bytes_to_write);
- }
- *unprotected_bytes_size = bytes_to_write;
- impl->in_place_unprotect_bytes_processed += bytes_to_write;
- return TSI_OK;
- } else {
- *unprotected_bytes_size = 0;
- return TSI_OK;
- }
-}
-
-static void alts_destroy(tsi_frame_protector* self) {
- alts_frame_protector* impl = reinterpret_cast<alts_frame_protector*>(self);
- if (impl != nullptr) {
- alts_crypter_destroy(impl->seal_crypter);
- alts_crypter_destroy(impl->unseal_crypter);
- gpr_free(impl->in_place_protect_buffer);
- gpr_free(impl->in_place_unprotect_buffer);
- alts_destroy_frame_writer(impl->writer);
- alts_destroy_frame_reader(impl->reader);
- gpr_free(impl);
- }
-}
-
-static const tsi_frame_protector_vtable alts_frame_protector_vtable = {
- alts_protect, alts_protect_flush, alts_unprotect, alts_destroy};
-
-static grpc_status_code create_alts_crypters(const uint8_t* key,
- size_t key_size, bool is_client,
- bool is_rekey,
- alts_frame_protector* impl,
- char** error_details) {
- grpc_status_code status;
- gsec_aead_crypter* aead_crypter_seal = nullptr;
- gsec_aead_crypter* aead_crypter_unseal = nullptr;
- status = gsec_aes_gcm_aead_crypter_create(key, key_size, kAesGcmNonceLength,
- kAesGcmTagLength, is_rekey,
- &aead_crypter_seal, error_details);
- if (status != GRPC_STATUS_OK) {
- return status;
- }
- status = gsec_aes_gcm_aead_crypter_create(
- key, key_size, kAesGcmNonceLength, kAesGcmTagLength, is_rekey,
- &aead_crypter_unseal, error_details);
- if (status != GRPC_STATUS_OK) {
- return status;
- }
- size_t overflow_size = is_rekey ? kAltsRecordProtocolRekeyFrameLimit
- : kAltsRecordProtocolFrameLimit;
- status = alts_seal_crypter_create(aead_crypter_seal, is_client, overflow_size,
- &impl->seal_crypter, error_details);
- if (status != GRPC_STATUS_OK) {
- return status;
- }
- status =
- alts_unseal_crypter_create(aead_crypter_unseal, is_client, overflow_size,
- &impl->unseal_crypter, error_details);
- return status;
-}
-
-tsi_result alts_create_frame_protector(const uint8_t* key, size_t key_size,
- bool is_client, bool is_rekey,
- size_t* max_protected_frame_size,
- tsi_frame_protector** self) {
- if (key == nullptr || self == nullptr) {
- gpr_log(GPR_ERROR,
- "Invalid nullptr arguments to alts_create_frame_protector().");
- return TSI_INTERNAL_ERROR;
- }
- char* error_details = nullptr;
- alts_frame_protector* impl =
- static_cast<alts_frame_protector*>(gpr_zalloc(sizeof(*impl)));
- grpc_status_code status = create_alts_crypters(
- key, key_size, is_client, is_rekey, impl, &error_details);
- if (status != GRPC_STATUS_OK) {
- gpr_log(GPR_ERROR, "Failed to create ALTS crypters, %s.", error_details);
- gpr_free(error_details);
- return TSI_INTERNAL_ERROR;
- }
- /**
- * Set maximum frame size to be used by a frame protector. If it is nullptr, a
- * default frame size will be used. Otherwise, the provided frame size will be
- * adjusted (if not falling into a valid frame range) and used.
- */
- size_t max_protected_frame_size_to_set = kDefaultFrameLength;
- if (max_protected_frame_size != nullptr) {
- *max_protected_frame_size =
- GPR_MIN(*max_protected_frame_size, kMaxFrameLength);
- *max_protected_frame_size =
- GPR_MAX(*max_protected_frame_size, kMinFrameLength);
- max_protected_frame_size_to_set = *max_protected_frame_size;
- }
- impl->max_protected_frame_size = max_protected_frame_size_to_set;
- impl->max_unprotected_frame_size = max_protected_frame_size_to_set;
- impl->in_place_protect_bytes_buffered = 0;
- impl->in_place_unprotect_bytes_processed = 0;
- impl->in_place_protect_buffer = static_cast<unsigned char*>(
- gpr_malloc(sizeof(unsigned char) * max_protected_frame_size_to_set));
- impl->in_place_unprotect_buffer = static_cast<unsigned char*>(
- gpr_malloc(sizeof(unsigned char) * max_protected_frame_size_to_set));
- impl->overhead_length = alts_crypter_num_overhead_bytes(impl->seal_crypter);
- impl->writer = alts_create_frame_writer();
- impl->reader = alts_create_frame_reader();
- impl->base.vtable = &alts_frame_protector_vtable;
- *self = &impl->base;
- return TSI_OK;
-}
diff --git a/src/core/tsi/alts/frame_protector/alts_frame_protector.h b/src/core/tsi/alts/frame_protector/alts_frame_protector.h
deleted file mode 100644
index 321bffaed8..0000000000
--- a/src/core/tsi/alts/frame_protector/alts_frame_protector.h
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#ifndef GRPC_CORE_TSI_ALTS_FRAME_PROTECTOR_ALTS_FRAME_PROTECTOR_H
-#define GRPC_CORE_TSI_ALTS_FRAME_PROTECTOR_ALTS_FRAME_PROTECTOR_H
-
-#include <grpc/support/port_platform.h>
-
-#include <stdbool.h>
-
-#include "src/core/tsi/transport_security_interface.h"
-
-typedef struct alts_frame_protector alts_frame_protector;
-
-/**
- * TODO: Add a parameter to the interface to support the use of
- * different record protocols within a frame protector.
- *
- * This method creates a frame protector.
- *
- * - key: a symmetric key used to seal/unseal frames.
- * - key_size: the size of symmetric key.
- * - is_client: a flag indicating if the frame protector will be used at client
- * (is_client = true) or server (is_client = false) side.
- * - is_rekey: a flag indicating if the frame protector will use an AEAD with
- * rekeying.
- * - max_protected_frame_size: an in/out parameter indicating max frame size
- * to be used by the frame protector. If it is nullptr, the default frame
- * size will be used. Otherwise, the provided frame size will be adjusted (if
- * not falling into a valid frame range) and used.
- * - self: a pointer to the frame protector returned from the method.
- *
- * This method returns TSI_OK on success and TSI_INTERNAL_ERROR otherwise.
- */
-tsi_result alts_create_frame_protector(const uint8_t* key, size_t key_size,
- bool is_client, bool is_rekey,
- size_t* max_protected_frame_size,
- tsi_frame_protector** self);
-
-#endif /* GRPC_CORE_TSI_ALTS_FRAME_PROTECTOR_ALTS_FRAME_PROTECTOR_H */
diff --git a/src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc b/src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc
deleted file mode 100644
index 0574ed5012..0000000000
--- a/src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc
+++ /dev/null
@@ -1,114 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <grpc/support/port_platform.h>
-
-#include "src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h"
-
-#include <grpc/support/alloc.h>
-
-static void maybe_copy_error_msg(const char* src, char** dst) {
- if (dst != nullptr && src != nullptr) {
- *dst = static_cast<char*>(gpr_malloc(strlen(src) + 1));
- memcpy(*dst, src, strlen(src) + 1);
- }
-}
-
-grpc_status_code input_sanity_check(
- const alts_record_protocol_crypter* rp_crypter, const unsigned char* data,
- size_t* output_size, char** error_details) {
- if (rp_crypter == nullptr) {
- maybe_copy_error_msg("alts_crypter instance is nullptr.", error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- } else if (data == nullptr) {
- maybe_copy_error_msg("data is nullptr.", error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- } else if (output_size == nullptr) {
- maybe_copy_error_msg("output_size is nullptr.", error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- return GRPC_STATUS_OK;
-}
-
-grpc_status_code increment_counter(alts_record_protocol_crypter* rp_crypter,
- char** error_details) {
- bool is_overflow = false;
- grpc_status_code status =
- alts_counter_increment(rp_crypter->ctr, &is_overflow, error_details);
- if (status != GRPC_STATUS_OK) {
- return status;
- }
- if (is_overflow) {
- const char error_msg[] =
- "crypter counter is wrapped. The connection"
- "should be closed and the key should be deleted.";
- maybe_copy_error_msg(error_msg, error_details);
- return GRPC_STATUS_INTERNAL;
- }
- return GRPC_STATUS_OK;
-}
-
-size_t alts_record_protocol_crypter_num_overhead_bytes(const alts_crypter* c) {
- if (c != nullptr) {
- size_t num_overhead_bytes = 0;
- char* error_details = nullptr;
- const alts_record_protocol_crypter* rp_crypter =
- reinterpret_cast<const alts_record_protocol_crypter*>(c);
- grpc_status_code status = gsec_aead_crypter_tag_length(
- rp_crypter->crypter, &num_overhead_bytes, &error_details);
- if (status == GRPC_STATUS_OK) {
- return num_overhead_bytes;
- }
- }
- return 0;
-}
-
-void alts_record_protocol_crypter_destruct(alts_crypter* c) {
- if (c != nullptr) {
- alts_record_protocol_crypter* rp_crypter =
- reinterpret_cast<alts_record_protocol_crypter*>(c);
- alts_counter_destroy(rp_crypter->ctr);
- gsec_aead_crypter_destroy(rp_crypter->crypter);
- }
-}
-
-alts_record_protocol_crypter* alts_crypter_create_common(
- gsec_aead_crypter* crypter, bool is_client, size_t overflow_size,
- char** error_details) {
- if (crypter != nullptr) {
- auto* rp_crypter = static_cast<alts_record_protocol_crypter*>(
- gpr_malloc(sizeof(alts_record_protocol_crypter)));
- size_t counter_size = 0;
- grpc_status_code status =
- gsec_aead_crypter_nonce_length(crypter, &counter_size, error_details);
- if (status != GRPC_STATUS_OK) {
- return nullptr;
- }
- /* Create a counter. */
- status = alts_counter_create(is_client, counter_size, overflow_size,
- &rp_crypter->ctr, error_details);
- if (status != GRPC_STATUS_OK) {
- return nullptr;
- }
- rp_crypter->crypter = crypter;
- return rp_crypter;
- }
- const char error_msg[] = "crypter is nullptr.";
- maybe_copy_error_msg(error_msg, error_details);
- return nullptr;
-}
diff --git a/src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h b/src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h
deleted file mode 100644
index 682a8f7e7a..0000000000
--- a/src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h
+++ /dev/null
@@ -1,114 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#ifndef GRPC_CORE_TSI_ALTS_FRAME_PROTECTOR_ALTS_RECORD_PROTOCOL_CRYPTER_COMMON_H
-#define GRPC_CORE_TSI_ALTS_FRAME_PROTECTOR_ALTS_RECORD_PROTOCOL_CRYPTER_COMMON_H
-
-#include <grpc/support/port_platform.h>
-
-#include <grpc/grpc.h>
-
-#include "src/core/tsi/alts/frame_protector/alts_counter.h"
-#include "src/core/tsi/alts/frame_protector/alts_crypter.h"
-
-/**
- * This file contains common implementation that will be used in both seal and
- * unseal operations.
- */
-
-/**
- * Main struct for alts_record_protocol_crypter that will be used in both
- * seal and unseal operations.
- */
-typedef struct alts_record_protocol_crypter {
- alts_crypter base;
- gsec_aead_crypter* crypter;
- alts_counter* ctr;
-} alts_record_protocol_crypter;
-
-/**
- * This method performs input sanity checks on a subset of inputs to
- * alts_crypter_process_in_place() for both seal and unseal operations.
- *
- * - rp_crypter: an alts_record_protocol_crypter instance.
- * - data: it represents raw data that needs to be sealed in a seal operation or
- * protected data that needs to be unsealed in an unseal operation.
- * - output_size: size of data written to the data buffer after a seal or
- * unseal operation.
- * - error_details: a buffer containing an error message if any of checked
- * inputs is nullptr. It is legal to pass nullptr into error_details and
- * otherwise, the parameter should be freed with gpr_free.
- *
- * On success, the method returns GRPC_STATUS_OK. Otherwise,
- * it returns an error status code along with its details specified in
- * error_details (if error_details is not nullptr).
- */
-grpc_status_code input_sanity_check(
- const alts_record_protocol_crypter* rp_crypter, const unsigned char* data,
- size_t* output_size, char** error_details);
-
-/**
- * This method increments the counter within an alts_record_protocol_crypter
- * instance.
- *
- * - rp_crypter: an alts_record_protocol_crypter instance.
- * - error_details: a buffer containing an error message if the method does not
- * function correctly or the counter is wrapped. It is legal to pass nullptr
- * into error_details and otherwise, the parameter should be freed with
- * gpr_free.
- *
- * On success, the method returns GRPC_STATUS_OK. Otherwise,
- * it returns an error status code along with its details specified in
- * error_details (if error_details is not nullptr).
- */
-grpc_status_code increment_counter(alts_record_protocol_crypter* rp_crypter,
- char** error_details);
-
-/**
- * This method creates an alts_crypter instance, and populates the fields
- * that are common to both seal and unseal operations.
- *
- * - crypter: a gsec_aead_crypter instance used to perform AEAD decryption. The
- * function does not take ownership of crypter.
- * - is_client: a flag indicating if the alts_crypter instance will be
- * used at the client (is_client = true) or server (is_client =
- * false) side.
- * - overflow_size: overflow size of counter in bytes.
- * - error_details: a buffer containing an error message if the method does
- * not function correctly. It is legal to pass nullptr into error_details, and
- * otherwise, the parameter should be freed with gpr_free.
- *
- * On success of creation, the method returns alts_record_protocol_crypter
- * instance. Otherwise, it returns nullptr with its details specified in
- * error_details (if error_details is not nullptr).
- *
- */
-alts_record_protocol_crypter* alts_crypter_create_common(
- gsec_aead_crypter* crypter, bool is_client, size_t overflow_size,
- char** error_details);
-
-/**
- * For the following two methods, please refer to the corresponding API in
- * alts_crypter.h for detailed specifications.
- */
-size_t alts_record_protocol_crypter_num_overhead_bytes(const alts_crypter* c);
-
-void alts_record_protocol_crypter_destruct(alts_crypter* c);
-
-#endif /* GRPC_CORE_TSI_ALTS_FRAME_PROTECTOR_ALTS_RECORD_PROTOCOL_CRYPTER_COMMON_H \
- */
diff --git a/src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc b/src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc
deleted file mode 100644
index f407831613..0000000000
--- a/src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc
+++ /dev/null
@@ -1,105 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <grpc/support/port_platform.h>
-
-#include <grpc/support/alloc.h>
-
-#include "src/core/tsi/alts/frame_protector/alts_counter.h"
-#include "src/core/tsi/alts/frame_protector/alts_crypter.h"
-#include "src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h"
-
-static void maybe_copy_error_msg(const char* src, char** dst) {
- if (dst != nullptr && src != nullptr) {
- *dst = static_cast<char*>(gpr_malloc(strlen(src) + 1));
- memcpy(*dst, src, strlen(src) + 1);
- }
-}
-
-/* Perform input santity check for a seal operation. */
-static grpc_status_code seal_check(alts_crypter* c, const unsigned char* data,
- size_t data_allocated_size, size_t data_size,
- size_t* output_size, char** error_details) {
- /* Do common input sanity check. */
- grpc_status_code status = input_sanity_check(
- reinterpret_cast<const alts_record_protocol_crypter*>(c), data,
- output_size, error_details);
- if (status != GRPC_STATUS_OK) return status;
- /* Do seal-specific check. */
- size_t num_overhead_bytes =
- alts_crypter_num_overhead_bytes(reinterpret_cast<const alts_crypter*>(c));
- if (data_size == 0) {
- const char error_msg[] = "data_size is zero.";
- maybe_copy_error_msg(error_msg, error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- if (data_size + num_overhead_bytes > data_allocated_size) {
- const char error_msg[] =
- "data_allocated_size is smaller than sum of data_size and "
- "num_overhead_bytes.";
- maybe_copy_error_msg(error_msg, error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- return GRPC_STATUS_OK;
-}
-
-static grpc_status_code alts_seal_crypter_process_in_place(
- alts_crypter* c, unsigned char* data, size_t data_allocated_size,
- size_t data_size, size_t* output_size, char** error_details) {
- grpc_status_code status = seal_check(c, data, data_allocated_size, data_size,
- output_size, error_details);
- if (status != GRPC_STATUS_OK) {
- return status;
- }
- /* Do AEAD encryption. */
- alts_record_protocol_crypter* rp_crypter =
- reinterpret_cast<alts_record_protocol_crypter*>(c);
- status = gsec_aead_crypter_encrypt(
- rp_crypter->crypter, alts_counter_get_counter(rp_crypter->ctr),
- alts_counter_get_size(rp_crypter->ctr), nullptr /* aad */,
- 0 /* aad_length */, data, data_size, data, data_allocated_size,
- output_size, error_details);
- if (status != GRPC_STATUS_OK) {
- return status;
- }
- /* Increment the crypter counter. */
- return increment_counter(rp_crypter, error_details);
-}
-
-static const alts_crypter_vtable vtable = {
- alts_record_protocol_crypter_num_overhead_bytes,
- alts_seal_crypter_process_in_place, alts_record_protocol_crypter_destruct};
-
-grpc_status_code alts_seal_crypter_create(gsec_aead_crypter* gc, bool is_client,
- size_t overflow_size,
- alts_crypter** crypter,
- char** error_details) {
- if (crypter == nullptr) {
- const char error_msg[] = "crypter is nullptr.";
- maybe_copy_error_msg(error_msg, error_details);
- return GRPC_STATUS_FAILED_PRECONDITION;
- }
- alts_record_protocol_crypter* rp_crypter =
- alts_crypter_create_common(gc, !is_client, overflow_size, error_details);
- if (rp_crypter == nullptr) {
- return GRPC_STATUS_FAILED_PRECONDITION;
- }
- rp_crypter->base.vtable = &vtable;
- *crypter = &rp_crypter->base;
- return GRPC_STATUS_OK;
-}
diff --git a/src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc b/src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc
deleted file mode 100644
index 51bea24f1f..0000000000
--- a/src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc
+++ /dev/null
@@ -1,103 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <grpc/support/port_platform.h>
-
-#include <grpc/support/alloc.h>
-
-#include "src/core/tsi/alts/frame_protector/alts_counter.h"
-#include "src/core/tsi/alts/frame_protector/alts_crypter.h"
-#include "src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h"
-
-static void maybe_copy_error_msg(const char* src, char** dst) {
- if (dst != nullptr && src != nullptr) {
- *dst = static_cast<char*>(gpr_malloc(strlen(src) + 1));
- memcpy(*dst, src, strlen(src) + 1);
- }
-}
-
-/* Perform input santity check. */
-static grpc_status_code unseal_check(alts_crypter* c, const unsigned char* data,
- size_t data_allocated_size,
- size_t data_size, size_t* output_size,
- char** error_details) {
- /* Do common input sanity check. */
- grpc_status_code status = input_sanity_check(
- reinterpret_cast<const alts_record_protocol_crypter*>(c), data,
- output_size, error_details);
- if (status != GRPC_STATUS_OK) {
- return status;
- }
- /* Do unseal-specific input check. */
- size_t num_overhead_bytes =
- alts_crypter_num_overhead_bytes(reinterpret_cast<const alts_crypter*>(c));
- if (num_overhead_bytes > data_size) {
- const char error_msg[] = "data_size is smaller than num_overhead_bytes.";
- maybe_copy_error_msg(error_msg, error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- return GRPC_STATUS_OK;
-}
-
-static grpc_status_code alts_unseal_crypter_process_in_place(
- alts_crypter* c, unsigned char* data, size_t data_allocated_size,
- size_t data_size, size_t* output_size, char** error_details) {
- grpc_status_code status = unseal_check(c, data, data_allocated_size,
- data_size, output_size, error_details);
- if (status != GRPC_STATUS_OK) {
- return status;
- }
- /* Do AEAD decryption. */
- alts_record_protocol_crypter* rp_crypter =
- reinterpret_cast<alts_record_protocol_crypter*>(c);
- status = gsec_aead_crypter_decrypt(
- rp_crypter->crypter, alts_counter_get_counter(rp_crypter->ctr),
- alts_counter_get_size(rp_crypter->ctr), nullptr /* aad */,
- 0 /* aad_length */, data, data_size, data, data_allocated_size,
- output_size, error_details);
- if (status != GRPC_STATUS_OK) {
- return status;
- }
- /* Increment the crypter counter. */
- return increment_counter(rp_crypter, error_details);
-}
-
-static const alts_crypter_vtable vtable = {
- alts_record_protocol_crypter_num_overhead_bytes,
- alts_unseal_crypter_process_in_place,
- alts_record_protocol_crypter_destruct};
-
-grpc_status_code alts_unseal_crypter_create(gsec_aead_crypter* gc,
- bool is_client,
- size_t overflow_size,
- alts_crypter** crypter,
- char** error_details) {
- if (crypter == nullptr) {
- const char error_msg[] = "crypter is nullptr.";
- maybe_copy_error_msg(error_msg, error_details);
- return GRPC_STATUS_FAILED_PRECONDITION;
- }
- alts_record_protocol_crypter* rp_crypter =
- alts_crypter_create_common(gc, is_client, overflow_size, error_details);
- if (rp_crypter == nullptr) {
- return GRPC_STATUS_FAILED_PRECONDITION;
- }
- rp_crypter->base.vtable = &vtable;
- *crypter = &rp_crypter->base;
- return GRPC_STATUS_OK;
-}
diff --git a/src/core/tsi/alts/frame_protector/frame_handler.cc b/src/core/tsi/alts/frame_protector/frame_handler.cc
deleted file mode 100644
index d3fda63b3d..0000000000
--- a/src/core/tsi/alts/frame_protector/frame_handler.cc
+++ /dev/null
@@ -1,218 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <grpc/support/port_platform.h>
-
-#include "src/core/tsi/alts/frame_protector/frame_handler.h"
-
-#include <limits.h>
-#include <stdint.h>
-#include <string.h>
-
-#include <grpc/support/alloc.h>
-#include <grpc/support/log.h>
-
-#include "src/core/lib/gpr/useful.h"
-
-/* Use little endian to interpret a string of bytes as uint32_t. */
-static uint32_t load_32_le(const unsigned char* buffer) {
- return (((uint32_t)buffer[3]) << 24) | (((uint32_t)buffer[2]) << 16) |
- (((uint32_t)buffer[1]) << 8) | ((uint32_t)buffer[0]);
-}
-
-/* Store uint32_t as a string of little endian bytes. */
-static void store_32_le(uint32_t value, unsigned char* buffer) {
- buffer[3] = (unsigned char)(value >> 24) & 0xFF;
- buffer[2] = (unsigned char)(value >> 16) & 0xFF;
- buffer[1] = (unsigned char)(value >> 8) & 0xFF;
- buffer[0] = (unsigned char)(value)&0xFF;
-}
-
-/* Frame writer implementation. */
-alts_frame_writer* alts_create_frame_writer() {
- alts_frame_writer* writer =
- static_cast<alts_frame_writer*>(gpr_zalloc(sizeof(*writer)));
- return writer;
-}
-
-bool alts_reset_frame_writer(alts_frame_writer* writer,
- const unsigned char* buffer, size_t length) {
- if (buffer == nullptr) return false;
- size_t max_input_size = SIZE_MAX - kFrameLengthFieldSize;
- if (length > max_input_size) {
- gpr_log(GPR_ERROR, "length must be at most %zu", max_input_size);
- return false;
- }
- writer->input_buffer = buffer;
- writer->input_size = length;
- writer->input_bytes_written = 0;
- writer->header_bytes_written = 0;
- store_32_le(
- static_cast<uint32_t>(writer->input_size + kFrameMessageTypeFieldSize),
- writer->header_buffer);
- store_32_le(kFrameMessageType, writer->header_buffer + kFrameLengthFieldSize);
- return true;
-}
-
-bool alts_write_frame_bytes(alts_frame_writer* writer, unsigned char* output,
- size_t* bytes_size) {
- if (bytes_size == nullptr || output == nullptr) return false;
- if (alts_is_frame_writer_done(writer)) {
- *bytes_size = 0;
- return true;
- }
- size_t bytes_written = 0;
- /* Write some header bytes, if needed. */
- if (writer->header_bytes_written != sizeof(writer->header_buffer)) {
- size_t bytes_to_write =
- GPR_MIN(*bytes_size,
- sizeof(writer->header_buffer) - writer->header_bytes_written);
- memcpy(output, writer->header_buffer + writer->header_bytes_written,
- bytes_to_write);
- bytes_written += bytes_to_write;
- *bytes_size -= bytes_to_write;
- writer->header_bytes_written += bytes_to_write;
- output += bytes_to_write;
- if (writer->header_bytes_written != sizeof(writer->header_buffer)) {
- *bytes_size = bytes_written;
- return true;
- }
- }
- /* Write some non-header bytes. */
- size_t bytes_to_write =
- GPR_MIN(writer->input_size - writer->input_bytes_written, *bytes_size);
- memcpy(output, writer->input_buffer, bytes_to_write);
- writer->input_buffer += bytes_to_write;
- bytes_written += bytes_to_write;
- writer->input_bytes_written += bytes_to_write;
- *bytes_size = bytes_written;
- return true;
-}
-
-bool alts_is_frame_writer_done(alts_frame_writer* writer) {
- return writer->input_buffer == nullptr ||
- writer->input_size == writer->input_bytes_written;
-}
-
-size_t alts_get_num_writer_bytes_remaining(alts_frame_writer* writer) {
- return (sizeof(writer->header_buffer) - writer->header_bytes_written) +
- (writer->input_size - writer->input_bytes_written);
-}
-
-void alts_destroy_frame_writer(alts_frame_writer* writer) { gpr_free(writer); }
-
-/* Frame reader implementation. */
-alts_frame_reader* alts_create_frame_reader() {
- alts_frame_reader* reader =
- static_cast<alts_frame_reader*>(gpr_zalloc(sizeof(*reader)));
- return reader;
-}
-
-bool alts_is_frame_reader_done(alts_frame_reader* reader) {
- return reader->output_buffer == nullptr ||
- (reader->header_bytes_read == sizeof(reader->header_buffer) &&
- reader->bytes_remaining == 0);
-}
-
-bool alts_has_read_frame_length(alts_frame_reader* reader) {
- return sizeof(reader->header_buffer) == reader->header_bytes_read;
-}
-
-size_t alts_get_reader_bytes_remaining(alts_frame_reader* reader) {
- return alts_has_read_frame_length(reader) ? reader->bytes_remaining : 0;
-}
-
-void alts_reset_reader_output_buffer(alts_frame_reader* reader,
- unsigned char* buffer) {
- reader->output_buffer = buffer;
-}
-
-bool alts_reset_frame_reader(alts_frame_reader* reader, unsigned char* buffer) {
- if (buffer == nullptr) return false;
- reader->output_buffer = buffer;
- reader->bytes_remaining = 0;
- reader->header_bytes_read = 0;
- reader->output_bytes_read = 0;
- return true;
-}
-
-bool alts_read_frame_bytes(alts_frame_reader* reader,
- const unsigned char* bytes, size_t* bytes_size) {
- if (bytes_size == nullptr) return false;
- if (bytes == nullptr) {
- *bytes_size = 0;
- return false;
- }
- if (alts_is_frame_reader_done(reader)) {
- *bytes_size = 0;
- return true;
- }
- size_t bytes_processed = 0;
- /* Process the header, if needed. */
- if (reader->header_bytes_read != sizeof(reader->header_buffer)) {
- size_t bytes_to_write = GPR_MIN(
- *bytes_size, sizeof(reader->header_buffer) - reader->header_bytes_read);
- memcpy(reader->header_buffer + reader->header_bytes_read, bytes,
- bytes_to_write);
- reader->header_bytes_read += bytes_to_write;
- bytes_processed += bytes_to_write;
- bytes += bytes_to_write;
- *bytes_size -= bytes_to_write;
- if (reader->header_bytes_read != sizeof(reader->header_buffer)) {
- *bytes_size = bytes_processed;
- return true;
- }
- size_t frame_length = load_32_le(reader->header_buffer);
- if (frame_length < kFrameMessageTypeFieldSize ||
- frame_length > kFrameMaxSize) {
- gpr_log(GPR_ERROR,
- "Bad frame length (should be at least %zu, and at most %zu)",
- kFrameMessageTypeFieldSize, kFrameMaxSize);
- *bytes_size = 0;
- return false;
- }
- size_t message_type =
- load_32_le(reader->header_buffer + kFrameLengthFieldSize);
- if (message_type != kFrameMessageType) {
- gpr_log(GPR_ERROR, "Unsupported message type %zu (should be %zu)",
- message_type, kFrameMessageType);
- *bytes_size = 0;
- return false;
- }
- reader->bytes_remaining = frame_length - kFrameMessageTypeFieldSize;
- }
- /* Process the non-header bytes. */
- size_t bytes_to_write = GPR_MIN(*bytes_size, reader->bytes_remaining);
- memcpy(reader->output_buffer, bytes, bytes_to_write);
- reader->output_buffer += bytes_to_write;
- bytes_processed += bytes_to_write;
- reader->bytes_remaining -= bytes_to_write;
- reader->output_bytes_read += bytes_to_write;
- *bytes_size = bytes_processed;
- return true;
-}
-
-size_t alts_get_output_bytes_read(alts_frame_reader* reader) {
- return reader->output_bytes_read;
-}
-
-unsigned char* alts_get_output_buffer(alts_frame_reader* reader) {
- return reader->output_buffer;
-}
-
-void alts_destroy_frame_reader(alts_frame_reader* reader) { gpr_free(reader); }
diff --git a/src/core/tsi/alts/frame_protector/frame_handler.h b/src/core/tsi/alts/frame_protector/frame_handler.h
deleted file mode 100644
index a703ff40d3..0000000000
--- a/src/core/tsi/alts/frame_protector/frame_handler.h
+++ /dev/null
@@ -1,236 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#ifndef GRPC_CORE_TSI_ALTS_FRAME_PROTECTOR_FRAME_HANDLER_H
-#define GRPC_CORE_TSI_ALTS_FRAME_PROTECTOR_FRAME_HANDLER_H
-
-#include <grpc/support/port_platform.h>
-
-#include <stdbool.h>
-#include <stdlib.h>
-
-const size_t kFrameMessageType = 0x06;
-const size_t kFrameLengthFieldSize = 4;
-const size_t kFrameMessageTypeFieldSize = 4;
-const size_t kFrameMaxSize = 1024 * 1024;
-const size_t kFrameHeaderSize =
- kFrameLengthFieldSize + kFrameMessageTypeFieldSize;
-
-/**
- * Implementation of frame reader and frame writer. All APIs in the
- * header are thread-compatible.
- */
-
-/**
- * Main struct for a frame writer. It reads frames from an input buffer, and
- * writes the contents as raw bytes. It does not own the input buffer.
- */
-typedef struct alts_frame_writer {
- const unsigned char* input_buffer;
- unsigned char header_buffer[kFrameHeaderSize];
- size_t input_bytes_written;
- size_t header_bytes_written;
- size_t input_size;
-} alts_frame_writer;
-
-/**
- * Main struct for a frame reader. It reads raw bytes and puts the framed
- * result into an output buffer. It does not own the output buffer.
- */
-typedef struct alts_frame_reader {
- unsigned char* output_buffer;
- unsigned char header_buffer[kFrameHeaderSize];
- size_t header_bytes_read;
- size_t output_bytes_read;
- size_t bytes_remaining;
-} alts_frame_reader;
-
-/**
- * This method creates a frame writer instance and initializes its internal
- * states.
- */
-alts_frame_writer* alts_create_frame_writer();
-
-/**
- * This method resets internal states of a frame writer and prepares to write
- * a single frame. It does not take ownership of payload_buffer.
- * The payload_buffer must outlive the writer.
- *
- * - writer: a frame writer instance.
- * - buffer: a buffer storing full payload data to be framed.
- * - length: size of payload data.
- *
- * The method returns true on success and false otherwise.
- */
-bool alts_reset_frame_writer(alts_frame_writer* writer,
- const unsigned char* buffer, size_t length);
-
-/**
- * This method writes up to bytes_size bytes of a frame to output.
- *
- * - writer: a frame writer instance.
- * - output: an output buffer used to store the frame.
- * - bytes_size: an in/out parameter that stores the size of output buffer
- * before the call, and gets written the number of frame bytes written to the
- * buffer.
- *
- * The method returns true on success and false otherwise.
- */
-bool alts_write_frame_bytes(alts_frame_writer* writer, unsigned char* output,
- size_t* bytes_size);
-
-/**
- * This method checks if a reset can be called to write a new frame. It returns
- * true if it's the first time to frame a payload, or the current frame has
- * been finished processing. It returns false if it's not ready yet to start a
- * new frame (e.g., more payload data needs to be accumulated to process the
- * current frame).
- *
- * if (alts_is_frame_writer_done(writer)) {
- * // a new frame can be written, call reset.
- * alts_reset_frame_writer(writer, payload_buffer, payload_size);
- * } else {
- * // accumulate more payload data until a full frame can be written.
- * }
- *
- * - writer: a frame writer instance.
- */
-bool alts_is_frame_writer_done(alts_frame_writer* writer);
-
-/**
- * This method returns the number of bytes left to write before a complete frame
- * is formed.
- *
- * - writer: a frame writer instance.
- */
-size_t alts_get_num_writer_bytes_remaining(alts_frame_writer* writer);
-
-/**
- * This method destroys a frame writer instance.
- *
- * - writer: a frame writer instance.
- */
-void alts_destroy_frame_writer(alts_frame_writer* writer);
-
-/**
- * This method creates a frame reader instance and initializes its internal
- * states.
- */
-alts_frame_reader* alts_create_frame_reader();
-
-/**
- * This method resets internal states of a frame reader (including setting its
- * output_buffer with buffer), and prepares to write processed bytes to
- * an output_buffer. It does not take ownership of buffer. The buffer must
- * outlive reader.
- *
- * - reader: a frame reader instance.
- * - buffer: an output buffer used to store deframed results.
- *
- * The method returns true on success and false otherwise.
- */
-bool alts_reset_frame_reader(alts_frame_reader* reader, unsigned char* buffer);
-
-/**
- * This method processes up to the number of bytes given in bytes_size. It may
- * choose not to process all the bytes, if, for instance, more bytes are
- * given to the method than required to complete the current frame.
- *
- * - reader: a frame reader instance.
- * - bytes: a buffer that stores data to be processed.
- * - bytes_size: an in/out parameter that stores the size of bytes before the
- * call and gets written the number of bytes processed.
- *
- * The method returns true on success and false otherwise.
- */
-bool alts_read_frame_bytes(alts_frame_reader* reader,
- const unsigned char* bytes, size_t* bytes_size);
-
-/**
- * This method checks if a frame length has been read.
- *
- * - reader: a frame reader instance.
- *
- * The method returns true if a frame length has been read and false otherwise.
- */
-bool alts_has_read_frame_length(alts_frame_reader* reader);
-
-/**
- * This method returns the number of bytes the frame reader intends to write.
- * It may only be called if alts_has_read_frame_length() returns true.
- *
- * - reader: a frame reader instance.
- */
-size_t alts_get_reader_bytes_remaining(alts_frame_reader* reader);
-
-/**
- * This method resets output_buffer but does not otherwise modify other internal
- * states of a frame reader instance. After being set, the new output_buffer
- * will hold the deframed payload held by the original output_buffer. It does
- * not take ownership of buffer. The buffer must outlive the reader.
- * To distinguish between two reset methods on a frame reader,
- *
- * if (alts_fh_is_frame_reader_done(reader)) {
- * // if buffer contains a full payload to be deframed, call reset.
- * alts_reset_frame_reader(reader, buffer);
- * }
- *
- * // if remaining buffer space is not enough to hold a full payload
- * if (buffer_space_remaining < alts_get_reader_bytes_remaining(reader)) {
- * // allocate enough space for a new buffer, copy back data processed so far,
- * // and call reset.
- * alts_reset_reader_output_buffer(reader, new_buffer).
- * }
- *
- * - reader: a frame reader instance.
- * - buffer: a buffer used to set reader's output_buffer.
- */
-void alts_reset_reader_output_buffer(alts_frame_reader* reader,
- unsigned char* buffer);
-
-/**
- * This method checks if reset can be called to start processing a new frame.
- * If true and reset was previously called, a full frame has been processed and
- * the content of the frame is available in output_buffer.
-
- * - reader: a frame reader instance.
- */
-bool alts_is_frame_reader_done(alts_frame_reader* reader);
-
-/**
- * This method returns output_bytes_read of a frame reader instance.
- *
- * - reader: a frame reader instance.
- */
-size_t alts_get_output_bytes_read(alts_frame_reader* reader);
-
-/**
- * This method returns output_buffer of a frame reader instance.
- *
- * - reader: a frame reader instance.
- */
-unsigned char* alts_get_output_buffer(alts_frame_reader* reader);
-
-/**
- * This method destroys a frame reader instance.
- *
- * - reader: a frame reader instance.
- */
-void alts_destroy_frame_reader(alts_frame_reader* reader);
-
-#endif /* GRPC_CORE_TSI_ALTS_FRAME_PROTECTOR_FRAME_HANDLER_H */
diff --git a/src/core/tsi/alts/handshaker/alts_handshaker_client.cc b/src/core/tsi/alts/handshaker/alts_handshaker_client.cc
deleted file mode 100644
index 40f30e41ca..0000000000
--- a/src/core/tsi/alts/handshaker/alts_handshaker_client.cc
+++ /dev/null
@@ -1,316 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <grpc/support/port_platform.h>
-
-#include "src/core/tsi/alts/handshaker/alts_handshaker_client.h"
-
-#include <grpc/byte_buffer.h>
-#include <grpc/support/alloc.h>
-#include <grpc/support/log.h>
-
-#include "src/core/tsi/alts/handshaker/alts_handshaker_service_api.h"
-
-const int kHandshakerClientOpNum = 4;
-
-typedef struct alts_grpc_handshaker_client {
- alts_handshaker_client base;
- grpc_call* call;
- alts_grpc_caller grpc_caller;
-} alts_grpc_handshaker_client;
-
-static grpc_call_error grpc_start_batch(grpc_call* call, const grpc_op* ops,
- size_t nops, void* tag) {
- return grpc_call_start_batch(call, ops, nops, tag, nullptr);
-}
-
-/**
- * Populate grpc operation data with the fields of ALTS TSI event and make a
- * grpc call.
- */
-static tsi_result make_grpc_call(alts_handshaker_client* client,
- alts_tsi_event* event, bool is_start) {
- GPR_ASSERT(client != nullptr && event != nullptr);
- alts_grpc_handshaker_client* grpc_client =
- reinterpret_cast<alts_grpc_handshaker_client*>(client);
- grpc_op ops[kHandshakerClientOpNum];
- memset(ops, 0, sizeof(ops));
- grpc_op* op = ops;
- if (is_start) {
- op->op = GRPC_OP_SEND_INITIAL_METADATA;
- op->data.send_initial_metadata.count = 0;
- op++;
- GPR_ASSERT(op - ops <= kHandshakerClientOpNum);
- op->op = GRPC_OP_RECV_INITIAL_METADATA;
- op->data.recv_initial_metadata.recv_initial_metadata =
- &event->initial_metadata;
- op++;
- GPR_ASSERT(op - ops <= kHandshakerClientOpNum);
- }
- op->op = GRPC_OP_SEND_MESSAGE;
- op->data.send_message.send_message = event->send_buffer;
- op++;
- GPR_ASSERT(op - ops <= kHandshakerClientOpNum);
- op->op = GRPC_OP_RECV_MESSAGE;
- op->data.recv_message.recv_message = &event->recv_buffer;
- op++;
- GPR_ASSERT(op - ops <= kHandshakerClientOpNum);
- GPR_ASSERT(grpc_client->grpc_caller != nullptr);
- if (grpc_client->grpc_caller(grpc_client->call, ops,
- static_cast<size_t>(op - ops),
- (void*)event) != GRPC_CALL_OK) {
- gpr_log(GPR_ERROR, "Start batch operation failed");
- return TSI_INTERNAL_ERROR;
- }
- return TSI_OK;
-}
-
-/* Create and populate a client_start handshaker request, then serialize it. */
-static grpc_byte_buffer* get_serialized_start_client(alts_tsi_event* event) {
- bool ok = true;
- grpc_gcp_handshaker_req* req =
- grpc_gcp_handshaker_req_create(CLIENT_START_REQ);
- ok &= grpc_gcp_handshaker_req_set_handshake_protocol(
- req, grpc_gcp_HandshakeProtocol_ALTS);
- ok &= grpc_gcp_handshaker_req_add_application_protocol(
- req, ALTS_APPLICATION_PROTOCOL);
- ok &= grpc_gcp_handshaker_req_add_record_protocol(req, ALTS_RECORD_PROTOCOL);
- grpc_gcp_rpc_protocol_versions* versions = &event->options->rpc_versions;
- ok &= grpc_gcp_handshaker_req_set_rpc_versions(
- req, versions->max_rpc_version.major, versions->max_rpc_version.minor,
- versions->min_rpc_version.major, versions->min_rpc_version.minor);
- char* target_name = grpc_slice_to_c_string(event->target_name);
- ok &= grpc_gcp_handshaker_req_set_target_name(req, target_name);
- target_service_account* ptr =
- (reinterpret_cast<grpc_alts_credentials_client_options*>(event->options))
- ->target_account_list_head;
- while (ptr != nullptr) {
- grpc_gcp_handshaker_req_add_target_identity_service_account(req, ptr->data);
- ptr = ptr->next;
- }
- grpc_slice slice;
- ok &= grpc_gcp_handshaker_req_encode(req, &slice);
- grpc_byte_buffer* buffer = nullptr;
- if (ok) {
- buffer = grpc_raw_byte_buffer_create(&slice, 1 /* number of slices */);
- }
- grpc_slice_unref(slice);
- gpr_free(target_name);
- grpc_gcp_handshaker_req_destroy(req);
- return buffer;
-}
-
-static tsi_result handshaker_client_start_client(alts_handshaker_client* client,
- alts_tsi_event* event) {
- if (client == nullptr || event == nullptr) {
- gpr_log(GPR_ERROR,
- "Invalid arguments to alts_grpc_handshaker_client_start_client()");
- return TSI_INVALID_ARGUMENT;
- }
- grpc_byte_buffer* buffer = get_serialized_start_client(event);
- if (buffer == nullptr) {
- gpr_log(GPR_ERROR, "get_serialized_start_client() failed");
- return TSI_INTERNAL_ERROR;
- }
- event->send_buffer = buffer;
- tsi_result result = make_grpc_call(client, event, true /* is_start */);
- if (result != TSI_OK) {
- gpr_log(GPR_ERROR, "make_grpc_call() failed");
- }
- return result;
-}
-
-/* Create and populate a start_server handshaker request, then serialize it. */
-static grpc_byte_buffer* get_serialized_start_server(
- alts_tsi_event* event, grpc_slice* bytes_received) {
- GPR_ASSERT(bytes_received != nullptr);
- grpc_gcp_handshaker_req* req =
- grpc_gcp_handshaker_req_create(SERVER_START_REQ);
- bool ok = grpc_gcp_handshaker_req_add_application_protocol(
- req, ALTS_APPLICATION_PROTOCOL);
- ok &= grpc_gcp_handshaker_req_param_add_record_protocol(
- req, grpc_gcp_HandshakeProtocol_ALTS, ALTS_RECORD_PROTOCOL);
- ok &= grpc_gcp_handshaker_req_set_in_bytes(
- req, reinterpret_cast<const char*> GRPC_SLICE_START_PTR(*bytes_received),
- GRPC_SLICE_LENGTH(*bytes_received));
- grpc_gcp_rpc_protocol_versions* versions = &event->options->rpc_versions;
- ok &= grpc_gcp_handshaker_req_set_rpc_versions(
- req, versions->max_rpc_version.major, versions->max_rpc_version.minor,
- versions->min_rpc_version.major, versions->min_rpc_version.minor);
- grpc_slice req_slice;
- ok &= grpc_gcp_handshaker_req_encode(req, &req_slice);
- grpc_byte_buffer* buffer = nullptr;
- if (ok) {
- buffer = grpc_raw_byte_buffer_create(&req_slice, 1 /* number of slices */);
- }
- grpc_slice_unref(req_slice);
- grpc_gcp_handshaker_req_destroy(req);
- return buffer;
-}
-
-static tsi_result handshaker_client_start_server(alts_handshaker_client* client,
- alts_tsi_event* event,
- grpc_slice* bytes_received) {
- if (client == nullptr || event == nullptr || bytes_received == nullptr) {
- gpr_log(GPR_ERROR,
- "Invalid arguments to alts_grpc_handshaker_client_start_server()");
- return TSI_INVALID_ARGUMENT;
- }
- grpc_byte_buffer* buffer = get_serialized_start_server(event, bytes_received);
- if (buffer == nullptr) {
- gpr_log(GPR_ERROR, "get_serialized_start_server() failed");
- return TSI_INTERNAL_ERROR;
- }
- event->send_buffer = buffer;
- tsi_result result = make_grpc_call(client, event, true /* is_start */);
- if (result != TSI_OK) {
- gpr_log(GPR_ERROR, "make_grpc_call() failed");
- }
- return result;
-}
-
-/* Create and populate a next handshaker request, then serialize it. */
-static grpc_byte_buffer* get_serialized_next(grpc_slice* bytes_received) {
- GPR_ASSERT(bytes_received != nullptr);
- grpc_gcp_handshaker_req* req = grpc_gcp_handshaker_req_create(NEXT_REQ);
- bool ok = grpc_gcp_handshaker_req_set_in_bytes(
- req, reinterpret_cast<const char*> GRPC_SLICE_START_PTR(*bytes_received),
- GRPC_SLICE_LENGTH(*bytes_received));
- grpc_slice req_slice;
- ok &= grpc_gcp_handshaker_req_encode(req, &req_slice);
- grpc_byte_buffer* buffer = nullptr;
- if (ok) {
- buffer = grpc_raw_byte_buffer_create(&req_slice, 1 /* number of slices */);
- }
- grpc_slice_unref(req_slice);
- grpc_gcp_handshaker_req_destroy(req);
- return buffer;
-}
-
-static tsi_result handshaker_client_next(alts_handshaker_client* client,
- alts_tsi_event* event,
- grpc_slice* bytes_received) {
- if (client == nullptr || event == nullptr || bytes_received == nullptr) {
- gpr_log(GPR_ERROR,
- "Invalid arguments to alts_grpc_handshaker_client_next()");
- return TSI_INVALID_ARGUMENT;
- }
- grpc_byte_buffer* buffer = get_serialized_next(bytes_received);
- if (buffer == nullptr) {
- gpr_log(GPR_ERROR, "get_serialized_next() failed");
- return TSI_INTERNAL_ERROR;
- }
- event->send_buffer = buffer;
- tsi_result result = make_grpc_call(client, event, false /* is_start */);
- if (result != TSI_OK) {
- gpr_log(GPR_ERROR, "make_grpc_call() failed");
- }
- return result;
-}
-
-static void handshaker_client_destruct(alts_handshaker_client* client) {
- if (client == nullptr) {
- return;
- }
- alts_grpc_handshaker_client* grpc_client =
- reinterpret_cast<alts_grpc_handshaker_client*>(client);
- grpc_call_unref(grpc_client->call);
-}
-
-static const alts_handshaker_client_vtable vtable = {
- handshaker_client_start_client, handshaker_client_start_server,
- handshaker_client_next, handshaker_client_destruct};
-
-alts_handshaker_client* alts_grpc_handshaker_client_create(
- grpc_channel* channel, grpc_completion_queue* queue,
- const char* handshaker_service_url) {
- if (channel == nullptr || queue == nullptr ||
- handshaker_service_url == nullptr) {
- gpr_log(GPR_ERROR, "Invalid arguments to alts_handshaker_client_create()");
- return nullptr;
- }
- alts_grpc_handshaker_client* client =
- static_cast<alts_grpc_handshaker_client*>(gpr_zalloc(sizeof(*client)));
- client->grpc_caller = grpc_start_batch;
- grpc_slice slice = grpc_slice_from_copied_string(handshaker_service_url);
- client->call = grpc_channel_create_call(
- channel, nullptr, GRPC_PROPAGATE_DEFAULTS, queue,
- grpc_slice_from_static_string(ALTS_SERVICE_METHOD), &slice,
- gpr_inf_future(GPR_CLOCK_REALTIME), nullptr);
- client->base.vtable = &vtable;
- grpc_slice_unref(slice);
- return &client->base;
-}
-
-namespace grpc_core {
-namespace internal {
-
-void alts_handshaker_client_set_grpc_caller_for_testing(
- alts_handshaker_client* client, alts_grpc_caller caller) {
- GPR_ASSERT(client != nullptr && caller != nullptr);
- alts_grpc_handshaker_client* grpc_client =
- reinterpret_cast<alts_grpc_handshaker_client*>(client);
- grpc_client->grpc_caller = caller;
-}
-
-} // namespace internal
-} // namespace grpc_core
-
-tsi_result alts_handshaker_client_start_client(alts_handshaker_client* client,
- alts_tsi_event* event) {
- if (client != nullptr && client->vtable != nullptr &&
- client->vtable->client_start != nullptr) {
- return client->vtable->client_start(client, event);
- }
- gpr_log(GPR_ERROR,
- "client or client->vtable has not been initialized properly");
- return TSI_INVALID_ARGUMENT;
-}
-
-tsi_result alts_handshaker_client_start_server(alts_handshaker_client* client,
- alts_tsi_event* event,
- grpc_slice* bytes_received) {
- if (client != nullptr && client->vtable != nullptr &&
- client->vtable->server_start != nullptr) {
- return client->vtable->server_start(client, event, bytes_received);
- }
- gpr_log(GPR_ERROR,
- "client or client->vtable has not been initialized properly");
- return TSI_INVALID_ARGUMENT;
-}
-
-tsi_result alts_handshaker_client_next(alts_handshaker_client* client,
- alts_tsi_event* event,
- grpc_slice* bytes_received) {
- if (client != nullptr && client->vtable != nullptr &&
- client->vtable->next != nullptr) {
- return client->vtable->next(client, event, bytes_received);
- }
- gpr_log(GPR_ERROR,
- "client or client->vtable has not been initialized properly");
- return TSI_INVALID_ARGUMENT;
-}
-
-void alts_handshaker_client_destroy(alts_handshaker_client* client) {
- if (client != nullptr) {
- if (client->vtable != nullptr && client->vtable->destruct != nullptr) {
- client->vtable->destruct(client);
- }
- gpr_free(client);
- }
-}
diff --git a/src/core/tsi/alts/handshaker/alts_handshaker_client.h b/src/core/tsi/alts/handshaker/alts_handshaker_client.h
deleted file mode 100644
index fb2d2cf68e..0000000000
--- a/src/core/tsi/alts/handshaker/alts_handshaker_client.h
+++ /dev/null
@@ -1,137 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#ifndef GRPC_CORE_TSI_ALTS_HANDSHAKER_ALTS_HANDSHAKER_CLIENT_H
-#define GRPC_CORE_TSI_ALTS_HANDSHAKER_ALTS_HANDSHAKER_CLIENT_H
-
-#include <grpc/support/port_platform.h>
-
-#include <grpc/grpc.h>
-
-#include "src/core/tsi/alts/handshaker/alts_tsi_event.h"
-
-#define ALTS_SERVICE_METHOD "/grpc.gcp.HandshakerService/DoHandshake"
-#define ALTS_APPLICATION_PROTOCOL "grpc"
-#define ALTS_RECORD_PROTOCOL "ALTSRP_GCM_AES128_REKEY"
-
-const size_t kAltsAes128GcmRekeyKeyLength = 44;
-
-/**
- * A ALTS handshaker client interface. It is used to communicate with
- * ALTS handshaker service by scheduling a handshaker request that could be one
- * of client_start, server_start, and next handshaker requests. All APIs in the
- * header are thread-compatible.
- */
-typedef struct alts_handshaker_client alts_handshaker_client;
-
-/* A function that makes the grpc call to the handshaker service. */
-typedef grpc_call_error (*alts_grpc_caller)(grpc_call* call, const grpc_op* ops,
- size_t nops, void* tag);
-
-/* V-table for ALTS handshaker client operations. */
-typedef struct alts_handshaker_client_vtable {
- tsi_result (*client_start)(alts_handshaker_client* client,
- alts_tsi_event* event);
- tsi_result (*server_start)(alts_handshaker_client* client,
- alts_tsi_event* event, grpc_slice* bytes_received);
- tsi_result (*next)(alts_handshaker_client* client, alts_tsi_event* event,
- grpc_slice* bytes_received);
- void (*destruct)(alts_handshaker_client* client);
-} alts_handshaker_client_vtable;
-
-struct alts_handshaker_client {
- const alts_handshaker_client_vtable* vtable;
-};
-
-/**
- * This method schedules a client_start handshaker request to ALTS handshaker
- * service.
- *
- * - client: ALTS handshaker client instance.
- * - event: ALTS TSI event instance.
- *
- * It returns TSI_OK on success and an error status code on failure.
- */
-tsi_result alts_handshaker_client_start_client(alts_handshaker_client* client,
- alts_tsi_event* event);
-
-/**
- * This method schedules a server_start handshaker request to ALTS handshaker
- * service.
- *
- * - client: ALTS handshaker client instance.
- * - event: ALTS TSI event instance.
- * - bytes_received: bytes in out_frames returned from the peer's handshaker
- * response.
- *
- * It returns TSI_OK on success and an error status code on failure.
- */
-tsi_result alts_handshaker_client_start_server(alts_handshaker_client* client,
- alts_tsi_event* event,
- grpc_slice* bytes_received);
-
-/**
- * This method schedules a next handshaker request to ALTS handshaker service.
- *
- * - client: ALTS handshaker client instance.
- * - event: ALTS TSI event instance.
- * - bytes_received: bytes in out_frames returned from the peer's handshaker
- * response.
- *
- * It returns TSI_OK on success and an error status code on failure.
- */
-tsi_result alts_handshaker_client_next(alts_handshaker_client* client,
- alts_tsi_event* event,
- grpc_slice* bytes_received);
-
-/**
- * This method destroys a ALTS handshaker client.
- *
- * - client: a ALTS handshaker client instance.
- */
-void alts_handshaker_client_destroy(alts_handshaker_client* client);
-
-/**
- * This method creates a ALTS handshaker client.
- *
- * - channel: grpc channel to ALTS handshaker service.
- * - queue: grpc completion queue.
- * - handshaker_service_url: address of ALTS handshaker service in the format of
- * "host:port".
- *
- * It returns the created ALTS handshaker client on success, and NULL on
- * failure.
- */
-alts_handshaker_client* alts_grpc_handshaker_client_create(
- grpc_channel* channel, grpc_completion_queue* queue,
- const char* handshaker_service_url);
-
-namespace grpc_core {
-namespace internal {
-
-/**
- * Unsafe, use for testing only. It allows the caller to change the way that
- * GRPC calls are made to the handshaker service.
- */
-void alts_handshaker_client_set_grpc_caller_for_testing(
- alts_handshaker_client* client, alts_grpc_caller caller);
-
-} // namespace internal
-} // namespace grpc_core
-
-#endif /* GRPC_CORE_TSI_ALTS_HANDSHAKER_ALTS_HANDSHAKER_CLIENT_H */
diff --git a/src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc b/src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc
deleted file mode 100644
index 256e414ae4..0000000000
--- a/src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc
+++ /dev/null
@@ -1,520 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <grpc/support/port_platform.h>
-
-#include "src/core/tsi/alts/handshaker/alts_handshaker_service_api.h"
-
-#include <stdio.h>
-#include <stdlib.h>
-
-#include "src/core/tsi/alts/handshaker/transport_security_common_api.h"
-
-/* HandshakerReq */
-grpc_gcp_handshaker_req* grpc_gcp_handshaker_req_create(
- grpc_gcp_handshaker_req_type type) {
- grpc_gcp_handshaker_req* req =
- static_cast<grpc_gcp_handshaker_req*>(gpr_zalloc(sizeof(*req)));
- switch (type) {
- case CLIENT_START_REQ:
- req->has_client_start = true;
- break;
- case SERVER_START_REQ:
- req->has_server_start = true;
- break;
- case NEXT_REQ:
- req->has_next = true;
- break;
- }
- return req;
-}
-
-void grpc_gcp_handshaker_req_destroy(grpc_gcp_handshaker_req* req) {
- if (req == nullptr) {
- return;
- }
- if (req->has_client_start) {
- /* Destroy client_start request. */
- destroy_repeated_field_list_identity(
- static_cast<repeated_field*>(req->client_start.target_identities.arg));
- destroy_repeated_field_list_string(static_cast<repeated_field*>(
- req->client_start.application_protocols.arg));
- destroy_repeated_field_list_string(
- static_cast<repeated_field*>(req->client_start.record_protocols.arg));
- if (req->client_start.has_local_identity) {
- destroy_slice(static_cast<grpc_slice*>(
- req->client_start.local_identity.hostname.arg));
- destroy_slice(static_cast<grpc_slice*>(
- req->client_start.local_identity.service_account.arg));
- }
- if (req->client_start.has_local_endpoint) {
- destroy_slice(static_cast<grpc_slice*>(
- req->client_start.local_endpoint.ip_address.arg));
- }
- if (req->client_start.has_remote_endpoint) {
- destroy_slice(static_cast<grpc_slice*>(
- req->client_start.remote_endpoint.ip_address.arg));
- }
- destroy_slice(static_cast<grpc_slice*>(req->client_start.target_name.arg));
- } else if (req->has_server_start) {
- /* Destroy server_start request. */
- size_t i = 0;
- for (i = 0; i < req->server_start.handshake_parameters_count; i++) {
- destroy_repeated_field_list_identity(
- static_cast<repeated_field*>(req->server_start.handshake_parameters[i]
- .value.local_identities.arg));
- destroy_repeated_field_list_string(
- static_cast<repeated_field*>(req->server_start.handshake_parameters[i]
- .value.record_protocols.arg));
- }
- destroy_repeated_field_list_string(static_cast<repeated_field*>(
- req->server_start.application_protocols.arg));
- if (req->server_start.has_local_endpoint) {
- destroy_slice(static_cast<grpc_slice*>(
- req->server_start.local_endpoint.ip_address.arg));
- }
- if (req->server_start.has_remote_endpoint) {
- destroy_slice(static_cast<grpc_slice*>(
- req->server_start.remote_endpoint.ip_address.arg));
- }
- destroy_slice(static_cast<grpc_slice*>(req->server_start.in_bytes.arg));
- } else {
- /* Destroy next request. */
- destroy_slice(static_cast<grpc_slice*>(req->next.in_bytes.arg));
- }
- gpr_free(req);
-}
-
-bool grpc_gcp_handshaker_req_set_handshake_protocol(
- grpc_gcp_handshaker_req* req,
- grpc_gcp_handshake_protocol handshake_protocol) {
- if (req == nullptr || !req->has_client_start) {
- gpr_log(GPR_ERROR,
- "Invalid arguments to "
- "grpc_gcp_handshaker_req_set_handshake_protocol().");
- return false;
- }
- req->client_start.has_handshake_security_protocol = true;
- req->client_start.handshake_security_protocol = handshake_protocol;
- return true;
-}
-
-bool grpc_gcp_handshaker_req_set_target_name(grpc_gcp_handshaker_req* req,
- const char* target_name) {
- if (req == nullptr || target_name == nullptr || !req->has_client_start) {
- gpr_log(GPR_ERROR,
- "Invalid arguments to "
- "grpc_gcp_handshaker_req_set_target_name().");
- return false;
- }
- grpc_slice* slice = create_slice(target_name, strlen(target_name));
- req->client_start.target_name.arg = slice;
- req->client_start.target_name.funcs.encode = encode_string_or_bytes_cb;
- return true;
-}
-
-bool grpc_gcp_handshaker_req_add_application_protocol(
- grpc_gcp_handshaker_req* req, const char* application_protocol) {
- if (req == nullptr || application_protocol == nullptr || req->has_next) {
- gpr_log(GPR_ERROR,
- "Invalid arguments to "
- "grpc_gcp_handshaker_req_add_application_protocol().");
- return false;
- }
- grpc_slice* slice =
- create_slice(application_protocol, strlen(application_protocol));
- if (req->has_client_start) {
- add_repeated_field(reinterpret_cast<repeated_field**>(
- &req->client_start.application_protocols.arg),
- slice);
- req->client_start.application_protocols.funcs.encode =
- encode_repeated_string_cb;
- } else {
- add_repeated_field(reinterpret_cast<repeated_field**>(
- &req->server_start.application_protocols.arg),
- slice);
- req->server_start.application_protocols.funcs.encode =
- encode_repeated_string_cb;
- }
- return true;
-}
-
-bool grpc_gcp_handshaker_req_add_record_protocol(grpc_gcp_handshaker_req* req,
- const char* record_protocol) {
- if (req == nullptr || record_protocol == nullptr || !req->has_client_start) {
- gpr_log(GPR_ERROR,
- "Invalid arguments to "
- "grpc_gcp_handshaker_req_add_record_protocol().");
- return false;
- }
- grpc_slice* slice = create_slice(record_protocol, strlen(record_protocol));
- add_repeated_field(reinterpret_cast<repeated_field**>(
- &req->client_start.record_protocols.arg),
- slice);
- req->client_start.record_protocols.funcs.encode = encode_repeated_string_cb;
- return true;
-}
-
-static void set_identity_hostname(grpc_gcp_identity* identity,
- const char* hostname) {
- grpc_slice* slice = create_slice(hostname, strlen(hostname));
- identity->hostname.arg = slice;
- identity->hostname.funcs.encode = encode_string_or_bytes_cb;
-}
-
-static void set_identity_service_account(grpc_gcp_identity* identity,
- const char* service_account) {
- grpc_slice* slice = create_slice(service_account, strlen(service_account));
- identity->service_account.arg = slice;
- identity->service_account.funcs.encode = encode_string_or_bytes_cb;
-}
-
-bool grpc_gcp_handshaker_req_add_target_identity_hostname(
- grpc_gcp_handshaker_req* req, const char* hostname) {
- if (req == nullptr || hostname == nullptr || !req->has_client_start) {
- gpr_log(GPR_ERROR,
- "Invalid nullptr arguments to "
- "grpc_gcp_handshaker_req_add_target_identity_hostname().");
- return false;
- }
- grpc_gcp_identity* target_identity =
- static_cast<grpc_gcp_identity*>(gpr_zalloc(sizeof(*target_identity)));
- set_identity_hostname(target_identity, hostname);
- req->client_start.target_identities.funcs.encode =
- encode_repeated_identity_cb;
- add_repeated_field(reinterpret_cast<repeated_field**>(
- &req->client_start.target_identities.arg),
- target_identity);
- return true;
-}
-
-bool grpc_gcp_handshaker_req_add_target_identity_service_account(
- grpc_gcp_handshaker_req* req, const char* service_account) {
- if (req == nullptr || service_account == nullptr || !req->has_client_start) {
- gpr_log(GPR_ERROR,
- "Invalid nullptr arguments to "
- "grpc_gcp_handshaker_req_add_target_identity_service_account().");
- return false;
- }
- grpc_gcp_identity* target_identity =
- static_cast<grpc_gcp_identity*>(gpr_zalloc(sizeof(*target_identity)));
- set_identity_service_account(target_identity, service_account);
- req->client_start.target_identities.funcs.encode =
- encode_repeated_identity_cb;
- add_repeated_field(reinterpret_cast<repeated_field**>(
- &req->client_start.target_identities.arg),
- target_identity);
- return true;
-}
-
-bool grpc_gcp_handshaker_req_set_local_identity_hostname(
- grpc_gcp_handshaker_req* req, const char* hostname) {
- if (req == nullptr || hostname == nullptr || !req->has_client_start) {
- gpr_log(GPR_ERROR,
- "Invalid nullptr arguments to "
- "grpc_gcp_handshaker_req_set_local_identity_hostname().");
- return false;
- }
- req->client_start.has_local_identity = true;
- set_identity_hostname(&req->client_start.local_identity, hostname);
- return true;
-}
-
-bool grpc_gcp_handshaker_req_set_local_identity_service_account(
- grpc_gcp_handshaker_req* req, const char* service_account) {
- if (req == nullptr || service_account == nullptr || !req->has_client_start) {
- gpr_log(GPR_ERROR,
- "Invalid nullptr arguments to "
- "grpc_gcp_handshaker_req_set_local_identity_service_account().");
- return false;
- }
- req->client_start.has_local_identity = true;
- set_identity_service_account(&req->client_start.local_identity,
- service_account);
- return true;
-}
-
-static void set_endpoint(grpc_gcp_endpoint* endpoint, const char* ip_address,
- size_t port, grpc_gcp_network_protocol protocol) {
- grpc_slice* slice = create_slice(ip_address, strlen(ip_address));
- endpoint->ip_address.arg = slice;
- endpoint->ip_address.funcs.encode = encode_string_or_bytes_cb;
- endpoint->has_port = true;
- endpoint->port = static_cast<int32_t>(port);
- endpoint->has_protocol = true;
- endpoint->protocol = protocol;
-}
-
-bool grpc_gcp_handshaker_req_set_rpc_versions(grpc_gcp_handshaker_req* req,
- uint32_t max_major,
- uint32_t max_minor,
- uint32_t min_major,
- uint32_t min_minor) {
- if (req == nullptr || req->has_next) {
- gpr_log(GPR_ERROR,
- "Invalid arguments to "
- "grpc_gcp_handshaker_req_set_rpc_versions().");
- return false;
- }
- if (req->has_client_start) {
- req->client_start.has_rpc_versions = true;
- grpc_gcp_rpc_protocol_versions_set_max(&req->client_start.rpc_versions,
- max_major, max_minor);
- grpc_gcp_rpc_protocol_versions_set_min(&req->client_start.rpc_versions,
- min_major, min_minor);
- } else {
- req->server_start.has_rpc_versions = true;
- grpc_gcp_rpc_protocol_versions_set_max(&req->server_start.rpc_versions,
- max_major, max_minor);
- grpc_gcp_rpc_protocol_versions_set_min(&req->server_start.rpc_versions,
- min_major, min_minor);
- }
- return true;
-}
-
-bool grpc_gcp_handshaker_req_set_local_endpoint(
- grpc_gcp_handshaker_req* req, const char* ip_address, size_t port,
- grpc_gcp_network_protocol protocol) {
- if (req == nullptr || ip_address == nullptr || port > 65535 ||
- req->has_next) {
- gpr_log(GPR_ERROR,
- "Invalid arguments to "
- "grpc_gcp_handshaker_req_set_local_endpoint().");
- return false;
- }
- if (req->has_client_start) {
- req->client_start.has_local_endpoint = true;
- set_endpoint(&req->client_start.local_endpoint, ip_address, port, protocol);
- } else {
- req->server_start.has_local_endpoint = true;
- set_endpoint(&req->server_start.local_endpoint, ip_address, port, protocol);
- }
- return true;
-}
-
-bool grpc_gcp_handshaker_req_set_remote_endpoint(
- grpc_gcp_handshaker_req* req, const char* ip_address, size_t port,
- grpc_gcp_network_protocol protocol) {
- if (req == nullptr || ip_address == nullptr || port > 65535 ||
- req->has_next) {
- gpr_log(GPR_ERROR,
- "Invalid arguments to "
- "grpc_gcp_handshaker_req_set_remote_endpoint().");
- return false;
- }
- if (req->has_client_start) {
- req->client_start.has_remote_endpoint = true;
- set_endpoint(&req->client_start.remote_endpoint, ip_address, port,
- protocol);
- } else {
- req->server_start.has_remote_endpoint = true;
- set_endpoint(&req->server_start.remote_endpoint, ip_address, port,
- protocol);
- }
- return true;
-}
-
-bool grpc_gcp_handshaker_req_set_in_bytes(grpc_gcp_handshaker_req* req,
- const char* in_bytes, size_t size) {
- if (req == nullptr || in_bytes == nullptr || req->has_client_start) {
- gpr_log(GPR_ERROR,
- "Invalid arguments to "
- "grpc_gcp_handshaker_req_set_in_bytes().");
- return false;
- }
- grpc_slice* slice = create_slice(in_bytes, size);
- if (req->has_next) {
- req->next.in_bytes.arg = slice;
- req->next.in_bytes.funcs.encode = &encode_string_or_bytes_cb;
- } else {
- req->server_start.in_bytes.arg = slice;
- req->server_start.in_bytes.funcs.encode = &encode_string_or_bytes_cb;
- }
- return true;
-}
-
-static grpc_gcp_server_handshake_parameters* server_start_find_param(
- grpc_gcp_handshaker_req* req, int32_t key) {
- size_t i = 0;
- for (i = 0; i < req->server_start.handshake_parameters_count; i++) {
- if (req->server_start.handshake_parameters[i].key == key) {
- return &req->server_start.handshake_parameters[i].value;
- }
- }
- req->server_start
- .handshake_parameters[req->server_start.handshake_parameters_count]
- .has_key = true;
- req->server_start
- .handshake_parameters[req->server_start.handshake_parameters_count]
- .has_value = true;
- req->server_start
- .handshake_parameters[req->server_start.handshake_parameters_count++]
- .key = key;
- return &req->server_start
- .handshake_parameters
- [req->server_start.handshake_parameters_count - 1]
- .value;
-}
-
-bool grpc_gcp_handshaker_req_param_add_record_protocol(
- grpc_gcp_handshaker_req* req, grpc_gcp_handshake_protocol key,
- const char* record_protocol) {
- if (req == nullptr || record_protocol == nullptr || !req->has_server_start) {
- gpr_log(GPR_ERROR,
- "Invalid arguments to "
- "grpc_gcp_handshaker_req_param_add_record_protocol().");
- return false;
- }
- grpc_gcp_server_handshake_parameters* param =
- server_start_find_param(req, key);
- grpc_slice* slice = create_slice(record_protocol, strlen(record_protocol));
- add_repeated_field(
- reinterpret_cast<repeated_field**>(&param->record_protocols.arg), slice);
- param->record_protocols.funcs.encode = &encode_repeated_string_cb;
- return true;
-}
-
-bool grpc_gcp_handshaker_req_param_add_local_identity_hostname(
- grpc_gcp_handshaker_req* req, grpc_gcp_handshake_protocol key,
- const char* hostname) {
- if (req == nullptr || hostname == nullptr || !req->has_server_start) {
- gpr_log(GPR_ERROR,
- "Invalid arguments to "
- "grpc_gcp_handshaker_req_param_add_local_identity_hostname().");
- return false;
- }
- grpc_gcp_server_handshake_parameters* param =
- server_start_find_param(req, key);
- grpc_gcp_identity* local_identity =
- static_cast<grpc_gcp_identity*>(gpr_zalloc(sizeof(*local_identity)));
- set_identity_hostname(local_identity, hostname);
- add_repeated_field(
- reinterpret_cast<repeated_field**>(&param->local_identities.arg),
- local_identity);
- param->local_identities.funcs.encode = &encode_repeated_identity_cb;
- return true;
-}
-
-bool grpc_gcp_handshaker_req_param_add_local_identity_service_account(
- grpc_gcp_handshaker_req* req, grpc_gcp_handshake_protocol key,
- const char* service_account) {
- if (req == nullptr || service_account == nullptr || !req->has_server_start) {
- gpr_log(
- GPR_ERROR,
- "Invalid arguments to "
- "grpc_gcp_handshaker_req_param_add_local_identity_service_account().");
- return false;
- }
- grpc_gcp_server_handshake_parameters* param =
- server_start_find_param(req, key);
- grpc_gcp_identity* local_identity =
- static_cast<grpc_gcp_identity*>(gpr_zalloc(sizeof(*local_identity)));
- set_identity_service_account(local_identity, service_account);
- add_repeated_field(
- reinterpret_cast<repeated_field**>(&param->local_identities.arg),
- local_identity);
- param->local_identities.funcs.encode = &encode_repeated_identity_cb;
- return true;
-}
-
-bool grpc_gcp_handshaker_req_encode(grpc_gcp_handshaker_req* req,
- grpc_slice* slice) {
- if (req == nullptr || slice == nullptr) {
- gpr_log(GPR_ERROR,
- "Invalid nullptr arguments to grpc_gcp_handshaker_req_encode().");
- return false;
- }
- pb_ostream_t size_stream;
- memset(&size_stream, 0, sizeof(pb_ostream_t));
- if (!pb_encode(&size_stream, grpc_gcp_HandshakerReq_fields, req)) {
- gpr_log(GPR_ERROR, "nanopb error: %s", PB_GET_ERROR(&size_stream));
- return false;
- }
- size_t encoded_length = size_stream.bytes_written;
- *slice = grpc_slice_malloc(encoded_length);
- pb_ostream_t output_stream =
- pb_ostream_from_buffer(GRPC_SLICE_START_PTR(*slice), encoded_length);
- if (!pb_encode(&output_stream, grpc_gcp_HandshakerReq_fields, req) != 0) {
- gpr_log(GPR_ERROR, "nanopb error: %s", PB_GET_ERROR(&output_stream));
- return false;
- }
- return true;
-}
-
-/* HandshakerResp. */
-grpc_gcp_handshaker_resp* grpc_gcp_handshaker_resp_create(void) {
- grpc_gcp_handshaker_resp* resp =
- static_cast<grpc_gcp_handshaker_resp*>(gpr_zalloc(sizeof(*resp)));
- return resp;
-}
-
-void grpc_gcp_handshaker_resp_destroy(grpc_gcp_handshaker_resp* resp) {
- if (resp != nullptr) {
- destroy_slice(static_cast<grpc_slice*>(resp->out_frames.arg));
- if (resp->has_status) {
- destroy_slice(static_cast<grpc_slice*>(resp->status.details.arg));
- }
- if (resp->has_result) {
- destroy_slice(
- static_cast<grpc_slice*>(resp->result.application_protocol.arg));
- destroy_slice(static_cast<grpc_slice*>(resp->result.record_protocol.arg));
- destroy_slice(static_cast<grpc_slice*>(resp->result.key_data.arg));
- if (resp->result.has_local_identity) {
- destroy_slice(
- static_cast<grpc_slice*>(resp->result.local_identity.hostname.arg));
- destroy_slice(static_cast<grpc_slice*>(
- resp->result.local_identity.service_account.arg));
- }
- if (resp->result.has_peer_identity) {
- destroy_slice(
- static_cast<grpc_slice*>(resp->result.peer_identity.hostname.arg));
- destroy_slice(static_cast<grpc_slice*>(
- resp->result.peer_identity.service_account.arg));
- }
- }
- gpr_free(resp);
- }
-}
-
-bool grpc_gcp_handshaker_resp_decode(grpc_slice encoded_handshaker_resp,
- grpc_gcp_handshaker_resp* resp) {
- if (resp == nullptr) {
- gpr_log(GPR_ERROR,
- "Invalid nullptr argument to grpc_gcp_handshaker_resp_decode().");
- return false;
- }
- pb_istream_t stream =
- pb_istream_from_buffer(GRPC_SLICE_START_PTR(encoded_handshaker_resp),
- GRPC_SLICE_LENGTH(encoded_handshaker_resp));
- resp->out_frames.funcs.decode = decode_string_or_bytes_cb;
- resp->status.details.funcs.decode = decode_string_or_bytes_cb;
- resp->result.application_protocol.funcs.decode = decode_string_or_bytes_cb;
- resp->result.record_protocol.funcs.decode = decode_string_or_bytes_cb;
- resp->result.key_data.funcs.decode = decode_string_or_bytes_cb;
- resp->result.peer_identity.hostname.funcs.decode = decode_string_or_bytes_cb;
- resp->result.peer_identity.service_account.funcs.decode =
- decode_string_or_bytes_cb;
- resp->result.local_identity.hostname.funcs.decode = decode_string_or_bytes_cb;
- resp->result.local_identity.service_account.funcs.decode =
- decode_string_or_bytes_cb;
- if (!pb_decode(&stream, grpc_gcp_HandshakerResp_fields, resp)) {
- gpr_log(GPR_ERROR, "nanopb error: %s", PB_GET_ERROR(&stream));
- return false;
- }
- return true;
-}
diff --git a/src/core/tsi/alts/handshaker/alts_handshaker_service_api.h b/src/core/tsi/alts/handshaker/alts_handshaker_service_api.h
deleted file mode 100644
index 5df56a86fa..0000000000
--- a/src/core/tsi/alts/handshaker/alts_handshaker_service_api.h
+++ /dev/null
@@ -1,323 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#ifndef GRPC_CORE_TSI_ALTS_HANDSHAKER_ALTS_HANDSHAKER_SERVICE_API_H
-#define GRPC_CORE_TSI_ALTS_HANDSHAKER_ALTS_HANDSHAKER_SERVICE_API_H
-
-#include <grpc/support/port_platform.h>
-
-#include "src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h"
-
-/**
- * An implementation of nanopb thin wrapper used to set/get and
- * serialize/de-serialize of ALTS handshake requests and responses.
- *
- * All APIs in the header are thread-compatible. A typical usage of this API at
- * the client side is as follows:
- *
- * -----------------------------------------------------------------------------
- * // Create, populate, and serialize an ALTS client_start handshake request to
- * // send to the server.
- * grpc_gcp_handshaker_req* req =
- * grpc_gcp_handshaker_req_create(CLIENT_START_REQ);
- * grpc_gcp_handshaker_req_set_handshake_protocol(
- req, grpc_gcp_HandshakeProtocol_ALTS);
- * grpc_gcp_handshaker_req_add_application_protocol(req, "grpc");
- * grpc_gcp_handshaker_req_add_record_protocol(req, "ALTSRP_GCM_AES128");
- * grpc_slice client_slice;
- * if (!grpc_gcp_handshaker_req_encode(req, &client_slice)) {
- * fprintf(stderr, "ALTS handshake request encoding failed.";
- * }
- *
- * // De-serialize a data stream received from the server, and store the result
- * // at ALTS handshake response.
- * grpc_gcp_handshaker_resp* resp = grpc_gcp_handshaker_resp_create();
- * if (!grpc_gcp_handshaker_resp_decode(server_slice, resp)) {
- * fprintf(stderr, "ALTS handshake response decoding failed.");
- * }
- * // To access a variable-length datatype field (i.e., pb_callback_t),
- * // access its "arg" subfield (if it has been set).
- * if (resp->out_frames.arg != nullptr) {
- * grpc_slice* slice = resp->out_frames.arg;
- * }
- * // To access a fixed-length datatype field (i.e., not pb_calback_t),
- * // access the field directly (if it has been set).
- * if (resp->has_status && resp->status->has_code) {
- * uint32_t code = resp->status->code;
- * }
- *------------------------------------------------------------------------------
- */
-
-/**
- * This method creates an ALTS handshake request.
- *
- * - type: an enum type value that can be either CLIENT_START_REQ,
- * SERVER_START_REQ, or NEXT_REQ to indicate the created instance will be
- * client_start, server_start, and next handshake request message
- * respectively.
- *
- * The method returns a pointer to the created instance.
- */
-grpc_gcp_handshaker_req* grpc_gcp_handshaker_req_create(
- grpc_gcp_handshaker_req_type type);
-
-/**
- * This method sets the value for handshake_security_protocol field of ALTS
- * client_start handshake request.
- *
- * - req: an ALTS handshake request.
- * - handshake_protocol: a enum type value representing the handshake security
- * protocol.
- *
- * The method returns true on success and false otherwise.
- */
-bool grpc_gcp_handshaker_req_set_handshake_protocol(
- grpc_gcp_handshaker_req* req,
- grpc_gcp_handshake_protocol handshake_protocol);
-
-/**
- * This method sets the value for target_name field of ALTS client_start
- * handshake request.
- *
- * - req: an ALTS handshake request.
- * - target_name: a target name to be set.
- *
- * The method returns true on success and false otherwise.
- */
-bool grpc_gcp_handshaker_req_set_target_name(grpc_gcp_handshaker_req* req,
- const char* target_name);
-
-/**
- * This method adds an application protocol supported by the server (or
- * client) to ALTS server_start (or client_start) handshake request.
- *
- * - req: an ALTS handshake request.
- * - application_protocol: an application protocol (e.g., grpc) to be added.
- *
- * The method returns true on success and false otherwise.
- */
-bool grpc_gcp_handshaker_req_add_application_protocol(
- grpc_gcp_handshaker_req* req, const char* application_protocol);
-
-/**
- * This method adds a record protocol supported by the client to ALTS
- * client_start handshake request.
- *
- * - req: an ALTS handshake request.
- * - record_protocol: a record protocol (e.g., ALTSRP_GCM_AES128) to be
- * added.
- *
- * The method returns true on success and false otherwise.
- */
-bool grpc_gcp_handshaker_req_add_record_protocol(grpc_gcp_handshaker_req* req,
- const char* record_protocol);
-
-/**
- * This method adds a target server identity represented as hostname and
- * acceptable by a client to ALTS client_start handshake request.
- *
- * - req: an ALTS handshake request.
- * - hostname: a string representation of hostname at the connection
- * endpoint to be added.
- *
- * The method returns true on success and false otherwise.
- */
-bool grpc_gcp_handshaker_req_add_target_identity_hostname(
- grpc_gcp_handshaker_req* req, const char* hostname);
-
-/**
- * This method adds a target server identity represented as service account and
- * acceptable by a client to ALTS client_start handshake request.
- *
- * - req: an ALTS handshake request.
- * - service_account: a string representation of service account at the
- * connection endpoint to be added.
- *
- * The method returns true on success and false otherwise.
- */
-bool grpc_gcp_handshaker_req_add_target_identity_service_account(
- grpc_gcp_handshaker_req* req, const char* service_account);
-
-/**
- * This method sets the hostname for local_identity field of ALTS client_start
- * handshake request.
- *
- * - req: an ALTS handshake request.
- * - hostname: a string representation of hostname.
- *
- * The method returns true on success and false otherwise.
- */
-bool grpc_gcp_handshaker_req_set_local_identity_hostname(
- grpc_gcp_handshaker_req* req, const char* hostname);
-
-/**
- * This method sets the service account for local_identity field of ALTS
- * client_start handshake request.
- *
- * - req: an ALTS handshake request.
- * - service_account: a string representation of service account.
- *
- * The method returns true on success and false otherwise.
- */
-bool grpc_gcp_handshaker_req_set_local_identity_service_account(
- grpc_gcp_handshaker_req* req, const char* service_account);
-
-/**
- * This method sets the value for local_endpoint field of either ALTS
- * client_start or server_start handshake request.
- *
- * - req: an ALTS handshake request.
- * - ip_address: a string representation of ip address associated with the
- * local endpoint, that could be either IPv4 or IPv6.
- * - port: a port number associated with the local endpoint.
- * - protocol: a network protocol (e.g., TCP or UDP) associated with the
- * local endpoint.
- *
- * The method returns true on success and false otherwise.
- */
-bool grpc_gcp_handshaker_req_set_local_endpoint(
- grpc_gcp_handshaker_req* req, const char* ip_address, size_t port,
- grpc_gcp_network_protocol protocol);
-
-/**
- * This method sets the value for remote_endpoint field of either ALTS
- * client_start or server_start handshake request.
- *
- * - req: an ALTS handshake request.
- * - ip_address: a string representation of ip address associated with the
- * remote endpoint, that could be either IPv4 or IPv6.
- * - port: a port number associated with the remote endpoint.
- * - protocol: a network protocol (e.g., TCP or UDP) associated with the
- * remote endpoint.
- *
- * The method returns true on success and false otherwise.
- */
-bool grpc_gcp_handshaker_req_set_remote_endpoint(
- grpc_gcp_handshaker_req* req, const char* ip_address, size_t port,
- grpc_gcp_network_protocol protocol);
-
-/**
- * This method sets the value for in_bytes field of either ALTS server_start or
- * next handshake request.
- *
- * - req: an ALTS handshake request.
- * - in_bytes: a buffer containing bytes taken from out_frames of the peer's
- * ALTS handshake response. It is possible that the peer's out_frames are
- * split into multiple handshake request messages.
- * - size: size of in_bytes buffer.
- *
- * The method returns true on success and false otherwise.
- */
-bool grpc_gcp_handshaker_req_set_in_bytes(grpc_gcp_handshaker_req* req,
- const char* in_bytes, size_t size);
-
-/**
- * This method adds a record protocol to handshake parameters mapped by the
- * handshake protocol for ALTS server_start handshake request.
- *
- * - req: an ALTS handshake request.
- * - key: an enum type value representing a handshake security protocol.
- * - record_protocol: a record protocol to be added.
- *
- * The method returns true on success and false otherwise.
- */
-bool grpc_gcp_handshaker_req_param_add_record_protocol(
- grpc_gcp_handshaker_req* req, grpc_gcp_handshake_protocol key,
- const char* record_protocol);
-
-/**
- * This method adds a local identity represented as hostname to handshake
- * parameters mapped by the handshake protocol for ALTS server_start handshake
- * request.
- *
- * - req: an ALTS handshake request.
- * - key: an enum type value representing a handshake security protocol.
- * - hostname: a string representation of hostname to be added.
- *
- * The method returns true on success and false otherwise.
- */
-bool grpc_gcp_handshaker_req_param_add_local_identity_hostname(
- grpc_gcp_handshaker_req* req, grpc_gcp_handshake_protocol key,
- const char* hostname);
-
-/**
- * This method adds a local identity represented as service account to handshake
- * parameters mapped by the handshake protocol for ALTS server_start handshake
- * request.
- *
- * - req: an ALTS handshake request.
- * - key: an enum type value representing a handshake security protocol.
- * - service_account: a string representation of service account to be added.
- *
- * The method returns true on success and false otherwise.
- */
-bool grpc_gcp_handshaker_req_param_add_local_identity_service_account(
- grpc_gcp_handshaker_req* req, grpc_gcp_handshake_protocol key,
- const char* service_account);
-
-/**
- * This method sets the value for rpc_versions field of either ALTS
- * client_start or server_start handshake request.
- *
- * - req: an ALTS handshake request.
- * - max_major: a major version of maximum supported RPC version.
- * - max_minor: a minor version of maximum supported RPC version.
- * - min_major: a major version of minimum supported RPC version.
- * - min_minor: a minor version of minimum supported RPC version.
- *
- * The method returns true on success and false otherwise.
- */
-bool grpc_gcp_handshaker_req_set_rpc_versions(grpc_gcp_handshaker_req* req,
- uint32_t max_major,
- uint32_t max_minor,
- uint32_t min_major,
- uint32_t min_minor);
-
-/**
- * This method serializes an ALTS handshake request and returns a data stream.
- *
- * - req: an ALTS handshake request.
- * - slice: a data stream where the serialized result will be written.
- *
- * The method returns true on success and false otherwise.
- */
-bool grpc_gcp_handshaker_req_encode(grpc_gcp_handshaker_req* req,
- grpc_slice* slice);
-
-/* This method destroys an ALTS handshake request. */
-void grpc_gcp_handshaker_req_destroy(grpc_gcp_handshaker_req* req);
-
-/* This method creates an ALTS handshake response. */
-grpc_gcp_handshaker_resp* grpc_gcp_handshaker_resp_create(void);
-
-/**
- * This method de-serializes a data stream and stores the result
- * in an ALTS handshake response.
- *
- * - slice: a data stream containing a serialized ALTS handshake response.
- * - resp: an ALTS handshake response used to hold de-serialized result.
- *
- * The method returns true on success and false otherwise.
- */
-bool grpc_gcp_handshaker_resp_decode(grpc_slice slice,
- grpc_gcp_handshaker_resp* resp);
-
-/* This method destroys an ALTS handshake response. */
-void grpc_gcp_handshaker_resp_destroy(grpc_gcp_handshaker_resp* resp);
-
-#endif /* GRPC_CORE_TSI_ALTS_HANDSHAKER_ALTS_HANDSHAKER_SERVICE_API_H */
diff --git a/src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc b/src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc
deleted file mode 100644
index e0e4184686..0000000000
--- a/src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc
+++ /dev/null
@@ -1,143 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <grpc/support/port_platform.h>
-
-#include "src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h"
-
-void add_repeated_field(repeated_field** head, const void* data) {
- repeated_field* field =
- static_cast<repeated_field*>(gpr_zalloc(sizeof(*field)));
- field->data = data;
- if (*head == nullptr) {
- *head = field;
- (*head)->next = nullptr;
- } else {
- field->next = *head;
- *head = field;
- }
-}
-
-void destroy_repeated_field_list_identity(repeated_field* head) {
- repeated_field* field = head;
- while (field != nullptr) {
- repeated_field* next_field = field->next;
- const grpc_gcp_identity* identity =
- static_cast<const grpc_gcp_identity*>(field->data);
- destroy_slice(static_cast<grpc_slice*>(identity->hostname.arg));
- destroy_slice(static_cast<grpc_slice*>(identity->service_account.arg));
- gpr_free((void*)identity);
- gpr_free(field);
- field = next_field;
- }
-}
-
-void destroy_repeated_field_list_string(repeated_field* head) {
- repeated_field* field = head;
- while (field != nullptr) {
- repeated_field* next_field = field->next;
- destroy_slice((grpc_slice*)field->data);
- gpr_free(field);
- field = next_field;
- }
-}
-
-grpc_slice* create_slice(const char* data, size_t size) {
- grpc_slice slice = grpc_slice_from_copied_buffer(data, size);
- grpc_slice* cb_slice =
- static_cast<grpc_slice*>(gpr_zalloc(sizeof(*cb_slice)));
- memcpy(cb_slice, &slice, sizeof(*cb_slice));
- return cb_slice;
-}
-
-void destroy_slice(grpc_slice* slice) {
- if (slice != nullptr) {
- grpc_slice_unref(*slice);
- gpr_free(slice);
- }
-}
-
-bool encode_string_or_bytes_cb(pb_ostream_t* stream, const pb_field_t* field,
- void* const* arg) {
- grpc_slice* slice = static_cast<grpc_slice*>(*arg);
- if (!pb_encode_tag_for_field(stream, field)) return false;
- return pb_encode_string(stream, GRPC_SLICE_START_PTR(*slice),
- GRPC_SLICE_LENGTH(*slice));
-}
-
-bool encode_repeated_identity_cb(pb_ostream_t* stream, const pb_field_t* field,
- void* const* arg) {
- repeated_field* var = static_cast<repeated_field*>(*arg);
- while (var != nullptr) {
- if (!pb_encode_tag_for_field(stream, field)) return false;
- if (!pb_encode_submessage(stream, grpc_gcp_Identity_fields,
- (grpc_gcp_identity*)var->data))
- return false;
- var = var->next;
- }
- return true;
-}
-
-bool encode_repeated_string_cb(pb_ostream_t* stream, const pb_field_t* field,
- void* const* arg) {
- repeated_field* var = static_cast<repeated_field*>(*arg);
- while (var != nullptr) {
- if (!pb_encode_tag_for_field(stream, field)) return false;
- const grpc_slice* slice = static_cast<const grpc_slice*>(var->data);
- if (!pb_encode_string(stream, GRPC_SLICE_START_PTR(*slice),
- GRPC_SLICE_LENGTH(*slice)))
- return false;
- var = var->next;
- }
- return true;
-}
-
-bool decode_string_or_bytes_cb(pb_istream_t* stream, const pb_field_t* field,
- void** arg) {
- grpc_slice slice = grpc_slice_malloc(stream->bytes_left);
- grpc_slice* cb_slice =
- static_cast<grpc_slice*>(gpr_zalloc(sizeof(*cb_slice)));
- memcpy(cb_slice, &slice, sizeof(*cb_slice));
- if (!pb_read(stream, GRPC_SLICE_START_PTR(*cb_slice), stream->bytes_left))
- return false;
- *arg = cb_slice;
- return true;
-}
-
-bool decode_repeated_identity_cb(pb_istream_t* stream, const pb_field_t* field,
- void** arg) {
- grpc_gcp_identity* identity =
- static_cast<grpc_gcp_identity*>(gpr_zalloc(sizeof(*identity)));
- identity->hostname.funcs.decode = decode_string_or_bytes_cb;
- identity->service_account.funcs.decode = decode_string_or_bytes_cb;
- add_repeated_field(reinterpret_cast<repeated_field**>(arg), identity);
- if (!pb_decode(stream, grpc_gcp_Identity_fields, identity)) return false;
- return true;
-}
-
-bool decode_repeated_string_cb(pb_istream_t* stream, const pb_field_t* field,
- void** arg) {
- grpc_slice slice = grpc_slice_malloc(stream->bytes_left);
- grpc_slice* cb_slice =
- static_cast<grpc_slice*>(gpr_zalloc(sizeof(*cb_slice)));
- memcpy(cb_slice, &slice, sizeof(grpc_slice));
- if (!pb_read(stream, GRPC_SLICE_START_PTR(*cb_slice), stream->bytes_left))
- return false;
- add_repeated_field(reinterpret_cast<repeated_field**>(arg), cb_slice);
- return true;
-}
diff --git a/src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h b/src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h
deleted file mode 100644
index 8fe8f73f8b..0000000000
--- a/src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h
+++ /dev/null
@@ -1,149 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#ifndef GRPC_CORE_TSI_ALTS_HANDSHAKER_ALTS_HANDSHAKER_SERVICE_API_UTIL_H
-#define GRPC_CORE_TSI_ALTS_HANDSHAKER_ALTS_HANDSHAKER_SERVICE_API_UTIL_H
-
-#include <grpc/support/port_platform.h>
-
-#include "third_party/nanopb/pb_decode.h"
-#include "third_party/nanopb/pb_encode.h"
-
-#include <grpc/slice.h>
-#include <grpc/slice_buffer.h>
-#include <grpc/support/alloc.h>
-#include <grpc/support/log.h>
-
-#include "src/core/tsi/alts/handshaker/handshaker.pb.h"
-
-/**
- * An implementation of utility functions used to serialize/
- * de-serialize ALTS handshake requests/responses. All APIs in the header
- * are thread-compatible.
- */
-
-/* Renaming of message/field structs generated by nanopb compiler. */
-typedef grpc_gcp_HandshakeProtocol grpc_gcp_handshake_protocol;
-typedef grpc_gcp_NetworkProtocol grpc_gcp_network_protocol;
-typedef grpc_gcp_Identity grpc_gcp_identity;
-typedef grpc_gcp_NextHandshakeMessageReq grpc_gcp_next_handshake_message_req;
-typedef grpc_gcp_ServerHandshakeParameters grpc_gcp_server_handshake_parameters;
-typedef grpc_gcp_Endpoint grpc_gcp_endpoint;
-typedef grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry
- grpc_gcp_handshake_parameters_entry;
-typedef grpc_gcp_StartClientHandshakeReq grpc_gcp_start_client_handshake_req;
-typedef grpc_gcp_StartServerHandshakeReq grpc_gcp_start_server_handshake_req;
-typedef grpc_gcp_HandshakerReq grpc_gcp_handshaker_req;
-typedef grpc_gcp_HandshakerResult grpc_gcp_handshaker_result;
-typedef grpc_gcp_HandshakerStatus grpc_gcp_handshaker_status;
-typedef grpc_gcp_HandshakerResp grpc_gcp_handshaker_resp;
-
-typedef enum {
- CLIENT_START_REQ = 0, /* StartClientHandshakeReq. */
- SERVER_START_REQ = 1, /* StartServerHandshakeReq. */
- NEXT_REQ = 2, /* NextHandshakeMessageReq. */
-} grpc_gcp_handshaker_req_type;
-
-/**
- * A struct representing a repeated field. The struct is used to organize all
- * instances of a specific repeated field into a linked list, which then will
- * be used at encode/decode phase. For instance at the encode phase, the encode
- * function will iterate through the list, encode each field, and then output
- * the result to the stream.
- */
-typedef struct repeated_field_ {
- struct repeated_field_* next;
- const void* data;
-} repeated_field;
-
-/**
- * This method adds a repeated field to the head of repeated field list.
- *
- * - head: a head of repeated field list.
- * - field: a repeated field to be added to the list.
- */
-void add_repeated_field(repeated_field** head, const void* field);
-
-/**
- * This method destroys a repeated field list that consists of string type
- * fields.
- *
- * - head: a head of repeated field list.
- */
-void destroy_repeated_field_list_string(repeated_field* head);
-
-/**
- * This method destroys a repeated field list that consists of
- * grpc_gcp_identity type fields.
- *
- * - head: a head of repeated field list.
- */
-void destroy_repeated_field_list_identity(repeated_field* head);
-
-/**
- * This method creates a grpc_slice instance by copying a data buffer. It is
- * similar to grpc_slice_from_copied_buffer() except that it returns an instance
- * allocated from the heap.
- *
- * - data: a data buffer to be copied to grpc_slice instance.
- * - size: size of data buffer.
- */
-grpc_slice* create_slice(const char* data, size_t size);
-
-/* This method destroys a grpc_slice instance. */
-void destroy_slice(grpc_slice* slice);
-
-/**
- * The following encode/decode functions will be assigned to encode/decode
- * function pointers of pb_callback_t struct (defined in
- * //third_party/nanopb/pb.h), that represent a repeated field with a dynamic
- * length (e.g., a string type or repeated field).
- */
-
-/* This method is an encode callback function for a string or byte array. */
-bool encode_string_or_bytes_cb(pb_ostream_t* stream, const pb_field_t* field,
- void* const* arg);
-
-/**
- * This method is an encode callback function for a repeated grpc_gcp_identity
- * field.
- */
-bool encode_repeated_identity_cb(pb_ostream_t* stream, const pb_field_t* field,
- void* const* arg);
-
-/* This method is an encode callback function for a repeated string field. */
-bool encode_repeated_string_cb(pb_ostream_t* stream, const pb_field_t* field,
- void* const* arg);
-
-/**
- * This method is a decode callback function for a string or byte array field.
- */
-bool decode_string_or_bytes_cb(pb_istream_t* stream, const pb_field_t* field,
- void** arg);
-/**
- * This method is a decode callback function for a repeated grpc_gcp_identity
- * field.
- */
-bool decode_repeated_identity_cb(pb_istream_t* stream, const pb_field_t* field,
- void** arg);
-
-/* This method is a decode callback function for a repeated string field. */
-bool decode_repeated_string_cb(pb_istream_t* stream, const pb_field_t* field,
- void** arg);
-
-#endif /* GRPC_CORE_TSI_ALTS_HANDSHAKER_ALTS_HANDSHAKER_SERVICE_API_UTIL_H */
diff --git a/src/core/tsi/alts/handshaker/alts_tsi_event.cc b/src/core/tsi/alts/handshaker/alts_tsi_event.cc
deleted file mode 100644
index ec0bf12b95..0000000000
--- a/src/core/tsi/alts/handshaker/alts_tsi_event.cc
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <grpc/support/port_platform.h>
-
-#include "src/core/tsi/alts/handshaker/alts_tsi_event.h"
-
-#include <grpc/grpc.h>
-#include <grpc/support/alloc.h>
-#include <grpc/support/log.h>
-
-tsi_result alts_tsi_event_create(alts_tsi_handshaker* handshaker,
- tsi_handshaker_on_next_done_cb cb,
- void* user_data,
- grpc_alts_credentials_options* options,
- grpc_slice target_name,
- alts_tsi_event** event) {
- if (event == nullptr || handshaker == nullptr || cb == nullptr) {
- gpr_log(GPR_ERROR, "Invalid arguments to alts_tsi_event_create()");
- return TSI_INVALID_ARGUMENT;
- }
- alts_tsi_event* e = static_cast<alts_tsi_event*>(gpr_zalloc(sizeof(*e)));
- e->handshaker = handshaker;
- e->cb = cb;
- e->user_data = user_data;
- e->options = grpc_alts_credentials_options_copy(options);
- e->target_name = grpc_slice_copy(target_name);
- grpc_metadata_array_init(&e->initial_metadata);
- grpc_metadata_array_init(&e->trailing_metadata);
- *event = e;
- return TSI_OK;
-}
-
-void alts_tsi_event_dispatch_to_handshaker(alts_tsi_event* event, bool is_ok) {
- if (event == nullptr) {
- gpr_log(
- GPR_ERROR,
- "ALTS TSI event is nullptr in alts_tsi_event_dispatch_to_handshaker()");
- return;
- }
- alts_tsi_handshaker_handle_response(event->handshaker, event->recv_buffer,
- event->status, &event->details, event->cb,
- event->user_data, is_ok);
-}
-
-void alts_tsi_event_destroy(alts_tsi_event* event) {
- if (event == nullptr) {
- return;
- }
- grpc_byte_buffer_destroy(event->send_buffer);
- grpc_byte_buffer_destroy(event->recv_buffer);
- grpc_metadata_array_destroy(&event->initial_metadata);
- grpc_metadata_array_destroy(&event->trailing_metadata);
- grpc_slice_unref(event->details);
- grpc_slice_unref(event->target_name);
- grpc_alts_credentials_options_destroy(event->options);
- gpr_free(event);
-}
diff --git a/src/core/tsi/alts/handshaker/alts_tsi_event.h b/src/core/tsi/alts/handshaker/alts_tsi_event.h
deleted file mode 100644
index 043e75d4a9..0000000000
--- a/src/core/tsi/alts/handshaker/alts_tsi_event.h
+++ /dev/null
@@ -1,93 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#ifndef GRPC_CORE_TSI_ALTS_HANDSHAKER_ALTS_TSI_EVENT_H
-#define GRPC_CORE_TSI_ALTS_HANDSHAKER_ALTS_TSI_EVENT_H
-
-#include <grpc/support/port_platform.h>
-
-#include <grpc/byte_buffer.h>
-#include <grpc/byte_buffer_reader.h>
-
-#include "src/core/tsi/alts/handshaker/alts_tsi_handshaker.h"
-#include "src/core/tsi/transport_security_interface.h"
-
-/**
- * A ALTS TSI event interface. In asynchronous implementation of
- * tsi_handshaker_next(), the function will exit after scheduling a handshaker
- * request to ALTS handshaker service without waiting for response to return.
- * The event is used to link the scheduled handshaker request with the
- * corresponding response so that enough context information can be inferred
- * from it to handle the response. All APIs in the header are thread-compatible.
- */
-
-/**
- * Main struct for ALTS TSI event. It retains ownership on send_buffer and
- * recv_buffer, but not on handshaker.
- */
-typedef struct alts_tsi_event {
- alts_tsi_handshaker* handshaker;
- grpc_byte_buffer* send_buffer;
- grpc_byte_buffer* recv_buffer;
- grpc_status_code status;
- grpc_slice details;
- grpc_metadata_array initial_metadata;
- grpc_metadata_array trailing_metadata;
- tsi_handshaker_on_next_done_cb cb;
- void* user_data;
- grpc_alts_credentials_options* options;
- grpc_slice target_name;
-} alts_tsi_event;
-
-/**
- * This method creates a ALTS TSI event.
- *
- * - handshaker: ALTS TSI handshaker instance associated with the event to be
- * created. The created event does not own the handshaker instance.
- * - cb: callback function to be called when handling data received from ALTS
- * handshaker service.
- * - user_data: argument to callback function.
- * - options: ALTS credentials options.
- * - target_name: name of endpoint used for secure naming check.
- * - event: address of ALTS TSI event instance to be returned from the method.
- *
- * It returns TSI_OK on success and an error status code on failure.
- */
-tsi_result alts_tsi_event_create(alts_tsi_handshaker* handshaker,
- tsi_handshaker_on_next_done_cb cb,
- void* user_data,
- grpc_alts_credentials_options* options,
- grpc_slice target_name,
- alts_tsi_event** event);
-
-/**
- * This method dispatches a ALTS TSI event received from the handshaker service,
- * and a boolean flag indicating if the event is valid to read to ALTS TSI
- * handshaker to process. It is called by TSI thread.
- *
- * - event: ALTS TSI event instance.
- * - is_ok: a boolean value indicating if the event is valid to read.
- */
-void alts_tsi_event_dispatch_to_handshaker(alts_tsi_event* event, bool is_ok);
-
-/**
- * This method destroys the ALTS TSI event.
- */
-void alts_tsi_event_destroy(alts_tsi_event* event);
-
-#endif /* GRPC_CORE_TSI_ALTS_HANDSHAKER_ALTS_TSI_EVENT_H */
diff --git a/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc b/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc
deleted file mode 100644
index 529f2103c7..0000000000
--- a/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc
+++ /dev/null
@@ -1,483 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <grpc/support/port_platform.h>
-
-#include "src/core/tsi/alts/handshaker/alts_tsi_handshaker.h"
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <grpc/support/alloc.h>
-#include <grpc/support/log.h>
-#include <grpc/support/sync.h>
-#include <grpc/support/thd_id.h>
-
-#include "src/core/lib/gpr/host_port.h"
-#include "src/core/lib/gprpp/thd.h"
-#include "src/core/tsi/alts/frame_protector/alts_frame_protector.h"
-#include "src/core/tsi/alts/handshaker/alts_handshaker_client.h"
-#include "src/core/tsi/alts/handshaker/alts_tsi_utils.h"
-#include "src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h"
-#include "src/core/tsi/alts_transport_security.h"
-
-#define TSI_ALTS_INITIAL_BUFFER_SIZE 256
-
-static alts_shared_resource* kSharedResource = alts_get_shared_resource();
-
-/* Main struct for ALTS TSI handshaker. */
-typedef struct alts_tsi_handshaker {
- tsi_handshaker base;
- alts_handshaker_client* client;
- grpc_slice recv_bytes;
- grpc_slice target_name;
- unsigned char* buffer;
- size_t buffer_size;
- bool is_client;
- bool has_sent_start_message;
- grpc_alts_credentials_options* options;
-} alts_tsi_handshaker;
-
-/* Main struct for ALTS TSI handshaker result. */
-typedef struct alts_tsi_handshaker_result {
- tsi_handshaker_result base;
- char* peer_identity;
- char* key_data;
- unsigned char* unused_bytes;
- size_t unused_bytes_size;
- grpc_slice rpc_versions;
- bool is_client;
-} alts_tsi_handshaker_result;
-
-static tsi_result handshaker_result_extract_peer(
- const tsi_handshaker_result* self, tsi_peer* peer) {
- if (self == nullptr || peer == nullptr) {
- gpr_log(GPR_ERROR, "Invalid argument to handshaker_result_extract_peer()");
- return TSI_INVALID_ARGUMENT;
- }
- alts_tsi_handshaker_result* result =
- reinterpret_cast<alts_tsi_handshaker_result*>(
- const_cast<tsi_handshaker_result*>(self));
- GPR_ASSERT(kTsiAltsNumOfPeerProperties == 3);
- tsi_result ok = tsi_construct_peer(kTsiAltsNumOfPeerProperties, peer);
- int index = 0;
- if (ok != TSI_OK) {
- gpr_log(GPR_ERROR, "Failed to construct tsi peer");
- return ok;
- }
- GPR_ASSERT(&peer->properties[index] != nullptr);
- ok = tsi_construct_string_peer_property_from_cstring(
- TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_ALTS_CERTIFICATE_TYPE,
- &peer->properties[index]);
- if (ok != TSI_OK) {
- tsi_peer_destruct(peer);
- gpr_log(GPR_ERROR, "Failed to set tsi peer property");
- return ok;
- }
- index++;
- GPR_ASSERT(&peer->properties[index] != nullptr);
- ok = tsi_construct_string_peer_property_from_cstring(
- TSI_ALTS_SERVICE_ACCOUNT_PEER_PROPERTY, result->peer_identity,
- &peer->properties[index]);
- if (ok != TSI_OK) {
- tsi_peer_destruct(peer);
- gpr_log(GPR_ERROR, "Failed to set tsi peer property");
- }
- index++;
- GPR_ASSERT(&peer->properties[index] != nullptr);
- ok = tsi_construct_string_peer_property(
- TSI_ALTS_RPC_VERSIONS,
- reinterpret_cast<char*>(GRPC_SLICE_START_PTR(result->rpc_versions)),
- GRPC_SLICE_LENGTH(result->rpc_versions), &peer->properties[2]);
- if (ok != TSI_OK) {
- tsi_peer_destruct(peer);
- gpr_log(GPR_ERROR, "Failed to set tsi peer property");
- }
- GPR_ASSERT(++index == kTsiAltsNumOfPeerProperties);
- return ok;
-}
-
-static tsi_result handshaker_result_create_zero_copy_grpc_protector(
- const tsi_handshaker_result* self, size_t* max_output_protected_frame_size,
- tsi_zero_copy_grpc_protector** protector) {
- if (self == nullptr || protector == nullptr) {
- gpr_log(GPR_ERROR,
- "Invalid arguments to create_zero_copy_grpc_protector()");
- return TSI_INVALID_ARGUMENT;
- }
- alts_tsi_handshaker_result* result =
- reinterpret_cast<alts_tsi_handshaker_result*>(
- const_cast<tsi_handshaker_result*>(self));
- tsi_result ok = alts_zero_copy_grpc_protector_create(
- reinterpret_cast<const uint8_t*>(result->key_data),
- kAltsAes128GcmRekeyKeyLength, /*is_rekey=*/true, result->is_client,
- /*is_integrity_only=*/false, max_output_protected_frame_size, protector);
- if (ok != TSI_OK) {
- gpr_log(GPR_ERROR, "Failed to create zero-copy grpc protector");
- }
- return ok;
-}
-
-static tsi_result handshaker_result_create_frame_protector(
- const tsi_handshaker_result* self, size_t* max_output_protected_frame_size,
- tsi_frame_protector** protector) {
- if (self == nullptr || protector == nullptr) {
- gpr_log(GPR_ERROR,
- "Invalid arguments to handshaker_result_create_frame_protector()");
- return TSI_INVALID_ARGUMENT;
- }
- alts_tsi_handshaker_result* result =
- reinterpret_cast<alts_tsi_handshaker_result*>(
- const_cast<tsi_handshaker_result*>(self));
- tsi_result ok = alts_create_frame_protector(
- reinterpret_cast<const uint8_t*>(result->key_data),
- kAltsAes128GcmRekeyKeyLength, result->is_client, /*is_rekey=*/true,
- max_output_protected_frame_size, protector);
- if (ok != TSI_OK) {
- gpr_log(GPR_ERROR, "Failed to create frame protector");
- }
- return ok;
-}
-
-static tsi_result handshaker_result_get_unused_bytes(
- const tsi_handshaker_result* self, const unsigned char** bytes,
- size_t* bytes_size) {
- if (self == nullptr || bytes == nullptr || bytes_size == nullptr) {
- gpr_log(GPR_ERROR,
- "Invalid arguments to handshaker_result_get_unused_bytes()");
- return TSI_INVALID_ARGUMENT;
- }
- alts_tsi_handshaker_result* result =
- reinterpret_cast<alts_tsi_handshaker_result*>(
- const_cast<tsi_handshaker_result*>(self));
- *bytes = result->unused_bytes;
- *bytes_size = result->unused_bytes_size;
- return TSI_OK;
-}
-
-static void handshaker_result_destroy(tsi_handshaker_result* self) {
- if (self == nullptr) {
- return;
- }
- alts_tsi_handshaker_result* result =
- reinterpret_cast<alts_tsi_handshaker_result*>(
- const_cast<tsi_handshaker_result*>(self));
- gpr_free(result->peer_identity);
- gpr_free(result->key_data);
- gpr_free(result->unused_bytes);
- grpc_slice_unref(result->rpc_versions);
- gpr_free(result);
-}
-
-static const tsi_handshaker_result_vtable result_vtable = {
- handshaker_result_extract_peer,
- handshaker_result_create_zero_copy_grpc_protector,
- handshaker_result_create_frame_protector,
- handshaker_result_get_unused_bytes, handshaker_result_destroy};
-
-static tsi_result create_handshaker_result(grpc_gcp_handshaker_resp* resp,
- bool is_client,
- tsi_handshaker_result** self) {
- if (self == nullptr || resp == nullptr) {
- gpr_log(GPR_ERROR, "Invalid arguments to create_handshaker_result()");
- return TSI_INVALID_ARGUMENT;
- }
- grpc_slice* key = static_cast<grpc_slice*>(resp->result.key_data.arg);
- GPR_ASSERT(key != nullptr);
- grpc_slice* identity =
- static_cast<grpc_slice*>(resp->result.peer_identity.service_account.arg);
- if (identity == nullptr) {
- gpr_log(GPR_ERROR, "Invalid service account");
- return TSI_FAILED_PRECONDITION;
- }
- if (GRPC_SLICE_LENGTH(*key) < kAltsAes128GcmRekeyKeyLength) {
- gpr_log(GPR_ERROR, "Bad key length");
- return TSI_FAILED_PRECONDITION;
- }
- alts_tsi_handshaker_result* result =
- static_cast<alts_tsi_handshaker_result*>(gpr_zalloc(sizeof(*result)));
- result->key_data =
- static_cast<char*>(gpr_zalloc(kAltsAes128GcmRekeyKeyLength));
- memcpy(result->key_data, GRPC_SLICE_START_PTR(*key),
- kAltsAes128GcmRekeyKeyLength);
- result->peer_identity = grpc_slice_to_c_string(*identity);
- if (!resp->result.has_peer_rpc_versions) {
- gpr_log(GPR_ERROR, "Peer does not set RPC protocol versions.");
- return TSI_FAILED_PRECONDITION;
- }
- if (!grpc_gcp_rpc_protocol_versions_encode(&resp->result.peer_rpc_versions,
- &result->rpc_versions)) {
- gpr_log(GPR_ERROR, "Failed to serialize peer's RPC protocol versions.");
- return TSI_FAILED_PRECONDITION;
- }
- result->is_client = is_client;
- result->base.vtable = &result_vtable;
- *self = &result->base;
- return TSI_OK;
-}
-
-static tsi_result handshaker_next(
- tsi_handshaker* self, const unsigned char* received_bytes,
- size_t received_bytes_size, const unsigned char** bytes_to_send,
- size_t* bytes_to_send_size, tsi_handshaker_result** result,
- tsi_handshaker_on_next_done_cb cb, void* user_data) {
- if (self == nullptr || cb == nullptr) {
- gpr_log(GPR_ERROR, "Invalid arguments to handshaker_next()");
- return TSI_INVALID_ARGUMENT;
- }
- alts_tsi_handshaker* handshaker =
- reinterpret_cast<alts_tsi_handshaker*>(self);
- tsi_result ok = TSI_OK;
- alts_tsi_event* event = nullptr;
- ok = alts_tsi_event_create(handshaker, cb, user_data, handshaker->options,
- handshaker->target_name, &event);
- if (ok != TSI_OK) {
- gpr_log(GPR_ERROR, "Failed to create ALTS TSI event");
- return ok;
- }
- grpc_slice slice = (received_bytes == nullptr || received_bytes_size == 0)
- ? grpc_empty_slice()
- : grpc_slice_from_copied_buffer(
- reinterpret_cast<const char*>(received_bytes),
- received_bytes_size);
- if (!handshaker->has_sent_start_message) {
- ok = handshaker->is_client
- ? alts_handshaker_client_start_client(handshaker->client, event)
- : alts_handshaker_client_start_server(handshaker->client, event,
- &slice);
- handshaker->has_sent_start_message = true;
- } else {
- if (!GRPC_SLICE_IS_EMPTY(handshaker->recv_bytes)) {
- grpc_slice_unref(handshaker->recv_bytes);
- }
- handshaker->recv_bytes = grpc_slice_ref(slice);
- ok = alts_handshaker_client_next(handshaker->client, event, &slice);
- }
- grpc_slice_unref(slice);
- if (ok != TSI_OK) {
- gpr_log(GPR_ERROR, "Failed to schedule ALTS handshaker requests");
- return ok;
- }
- return TSI_ASYNC;
-}
-
-static void handshaker_destroy(tsi_handshaker* self) {
- if (self == nullptr) {
- return;
- }
- alts_tsi_handshaker* handshaker =
- reinterpret_cast<alts_tsi_handshaker*>(self);
- alts_handshaker_client_destroy(handshaker->client);
- grpc_slice_unref(handshaker->recv_bytes);
- grpc_slice_unref(handshaker->target_name);
- grpc_alts_credentials_options_destroy(handshaker->options);
- gpr_free(handshaker->buffer);
- gpr_free(handshaker);
-}
-
-static const tsi_handshaker_vtable handshaker_vtable = {
- nullptr, nullptr, nullptr, nullptr, nullptr, handshaker_destroy,
- handshaker_next};
-
-static void thread_worker(void* arg) {
- while (true) {
- grpc_event event = grpc_completion_queue_next(
- kSharedResource->cq, gpr_inf_future(GPR_CLOCK_REALTIME), nullptr);
- GPR_ASSERT(event.type != GRPC_QUEUE_TIMEOUT);
- if (event.type == GRPC_QUEUE_SHUTDOWN) {
- /* signal alts_tsi_shutdown() to destroy completion queue. */
- grpc_tsi_alts_signal_for_cq_destroy();
- break;
- }
- /* event.type == GRPC_OP_COMPLETE. */
- alts_tsi_event* alts_event = static_cast<alts_tsi_event*>(event.tag);
- alts_tsi_event_dispatch_to_handshaker(alts_event, event.success);
- alts_tsi_event_destroy(alts_event);
- }
-}
-
-static void init_shared_resources(const char* handshaker_service_url) {
- GPR_ASSERT(handshaker_service_url != nullptr);
- gpr_mu_lock(&kSharedResource->mu);
- if (kSharedResource->channel == nullptr) {
- gpr_cv_init(&kSharedResource->cv);
- kSharedResource->channel =
- grpc_insecure_channel_create(handshaker_service_url, nullptr, nullptr);
- kSharedResource->cq = grpc_completion_queue_create_for_next(nullptr);
- kSharedResource->thread =
- grpc_core::Thread("alts_tsi_handshaker", &thread_worker, nullptr);
- kSharedResource->thread.Start();
- }
- gpr_mu_unlock(&kSharedResource->mu);
-}
-
-tsi_result alts_tsi_handshaker_create(
- const grpc_alts_credentials_options* options, const char* target_name,
- const char* handshaker_service_url, bool is_client, tsi_handshaker** self) {
- if (handshaker_service_url == nullptr || self == nullptr ||
- options == nullptr || (is_client && target_name == nullptr)) {
- gpr_log(GPR_ERROR, "Invalid arguments to alts_tsi_handshaker_create()");
- return TSI_INVALID_ARGUMENT;
- }
- init_shared_resources(handshaker_service_url);
- alts_handshaker_client* client = alts_grpc_handshaker_client_create(
- kSharedResource->channel, kSharedResource->cq, handshaker_service_url);
- if (client == nullptr) {
- gpr_log(GPR_ERROR, "Failed to create ALTS handshaker client");
- return TSI_FAILED_PRECONDITION;
- }
- alts_tsi_handshaker* handshaker =
- static_cast<alts_tsi_handshaker*>(gpr_zalloc(sizeof(*handshaker)));
- handshaker->client = client;
- handshaker->buffer_size = TSI_ALTS_INITIAL_BUFFER_SIZE;
- handshaker->buffer =
- static_cast<unsigned char*>(gpr_zalloc(handshaker->buffer_size));
- handshaker->is_client = is_client;
- handshaker->has_sent_start_message = false;
- handshaker->target_name = target_name == nullptr
- ? grpc_empty_slice()
- : grpc_slice_from_static_string(target_name);
- handshaker->options = grpc_alts_credentials_options_copy(options);
- handshaker->base.vtable = &handshaker_vtable;
- *self = &handshaker->base;
- return TSI_OK;
-}
-
-static bool is_handshake_finished_properly(grpc_gcp_handshaker_resp* resp) {
- GPR_ASSERT(resp != nullptr);
- if (resp->has_result) {
- return true;
- }
- return false;
-}
-
-static void set_unused_bytes(tsi_handshaker_result* self,
- grpc_slice* recv_bytes, size_t bytes_consumed) {
- GPR_ASSERT(recv_bytes != nullptr && self != nullptr);
- if (GRPC_SLICE_LENGTH(*recv_bytes) == bytes_consumed) {
- return;
- }
- alts_tsi_handshaker_result* result =
- reinterpret_cast<alts_tsi_handshaker_result*>(self);
- result->unused_bytes_size = GRPC_SLICE_LENGTH(*recv_bytes) - bytes_consumed;
- result->unused_bytes =
- static_cast<unsigned char*>(gpr_zalloc(result->unused_bytes_size));
- memcpy(result->unused_bytes,
- GRPC_SLICE_START_PTR(*recv_bytes) + bytes_consumed,
- result->unused_bytes_size);
-}
-
-void alts_tsi_handshaker_handle_response(alts_tsi_handshaker* handshaker,
- grpc_byte_buffer* recv_buffer,
- grpc_status_code status,
- grpc_slice* details,
- tsi_handshaker_on_next_done_cb cb,
- void* user_data, bool is_ok) {
- /* Invalid input check. */
- if (cb == nullptr) {
- gpr_log(GPR_ERROR,
- "cb is nullptr in alts_tsi_handshaker_handle_response()");
- return;
- }
- if (handshaker == nullptr || recv_buffer == nullptr) {
- gpr_log(GPR_ERROR,
- "Invalid arguments to alts_tsi_handshaker_handle_response()");
- cb(TSI_INTERNAL_ERROR, user_data, nullptr, 0, nullptr);
- return;
- }
- /* Failed grpc call check. */
- if (!is_ok || status != GRPC_STATUS_OK) {
- gpr_log(GPR_ERROR, "grpc call made to handshaker service failed");
- if (details != nullptr) {
- char* error_details = grpc_slice_to_c_string(*details);
- gpr_log(GPR_ERROR, "error details:%s", error_details);
- gpr_free(error_details);
- }
- cb(TSI_INTERNAL_ERROR, user_data, nullptr, 0, nullptr);
- return;
- }
- grpc_gcp_handshaker_resp* resp =
- alts_tsi_utils_deserialize_response(recv_buffer);
- /* Invalid handshaker response check. */
- if (resp == nullptr) {
- gpr_log(GPR_ERROR, "alts_tsi_utils_deserialize_response() failed");
- cb(TSI_DATA_CORRUPTED, user_data, nullptr, 0, nullptr);
- return;
- }
- grpc_slice* slice = static_cast<grpc_slice*>(resp->out_frames.arg);
- unsigned char* bytes_to_send = nullptr;
- size_t bytes_to_send_size = 0;
- if (slice != nullptr) {
- bytes_to_send_size = GRPC_SLICE_LENGTH(*slice);
- while (bytes_to_send_size > handshaker->buffer_size) {
- handshaker->buffer_size *= 2;
- handshaker->buffer = static_cast<unsigned char*>(
- gpr_realloc(handshaker->buffer, handshaker->buffer_size));
- }
- memcpy(handshaker->buffer, GRPC_SLICE_START_PTR(*slice),
- bytes_to_send_size);
- bytes_to_send = handshaker->buffer;
- }
- tsi_handshaker_result* result = nullptr;
- if (is_handshake_finished_properly(resp)) {
- create_handshaker_result(resp, handshaker->is_client, &result);
- set_unused_bytes(result, &handshaker->recv_bytes, resp->bytes_consumed);
- }
- grpc_status_code code = static_cast<grpc_status_code>(resp->status.code);
- grpc_gcp_handshaker_resp_destroy(resp);
- cb(alts_tsi_utils_convert_to_tsi_result(code), user_data, bytes_to_send,
- bytes_to_send_size, result);
-}
-
-namespace grpc_core {
-namespace internal {
-
-bool alts_tsi_handshaker_get_has_sent_start_message_for_testing(
- alts_tsi_handshaker* handshaker) {
- GPR_ASSERT(handshaker != nullptr);
- return handshaker->has_sent_start_message;
-}
-
-bool alts_tsi_handshaker_get_is_client_for_testing(
- alts_tsi_handshaker* handshaker) {
- GPR_ASSERT(handshaker != nullptr);
- return handshaker->is_client;
-}
-
-void alts_tsi_handshaker_set_recv_bytes_for_testing(
- alts_tsi_handshaker* handshaker, grpc_slice* slice) {
- GPR_ASSERT(handshaker != nullptr && slice != nullptr);
- handshaker->recv_bytes = grpc_slice_ref(*slice);
-}
-
-grpc_slice alts_tsi_handshaker_get_recv_bytes_for_testing(
- alts_tsi_handshaker* handshaker) {
- GPR_ASSERT(handshaker != nullptr);
- return handshaker->recv_bytes;
-}
-
-void alts_tsi_handshaker_set_client_for_testing(
- alts_tsi_handshaker* handshaker, alts_handshaker_client* client) {
- GPR_ASSERT(handshaker != nullptr && client != nullptr);
- alts_handshaker_client_destroy(handshaker->client);
- handshaker->client = client;
-}
-
-} // namespace internal
-} // namespace grpc_core
diff --git a/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h b/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h
deleted file mode 100644
index 227b30ce53..0000000000
--- a/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#ifndef GRPC_CORE_TSI_ALTS_HANDSHAKER_ALTS_TSI_HANDSHAKER_H
-#define GRPC_CORE_TSI_ALTS_HANDSHAKER_ALTS_TSI_HANDSHAKER_H
-
-#include <grpc/support/port_platform.h>
-
-#include <grpc/grpc.h>
-
-#include "src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h"
-#include "src/core/tsi/alts_transport_security.h"
-#include "src/core/tsi/transport_security.h"
-#include "src/core/tsi/transport_security_interface.h"
-
-#define TSI_ALTS_SERVICE_ACCOUNT_PEER_PROPERTY "service_accont"
-#define TSI_ALTS_CERTIFICATE_TYPE "ALTS"
-#define TSI_ALTS_RPC_VERSIONS "rpc_versions"
-
-const size_t kTsiAltsNumOfPeerProperties = 3;
-
-/**
- * Main struct for ALTS TSI handshaker. All APIs in the header are
- * thread-comptabile.
- */
-typedef struct alts_tsi_handshaker alts_tsi_handshaker;
-
-/**
- * This method creates a ALTS TSI handshaker instance.
- *
- * - options: ALTS credentials options containing information passed from TSI
- * caller (e.g., rpc protocol versions).
- * - target_name: the name of the endpoint that the channel is connecting to,
- * and will be used for secure naming check.
- * - handshaker_service_url: address of ALTS handshaker service in the format of
- * "host:port".
- * - is_client: boolean value indicating if the handshaker is used at the client
- * (is_client = true) or server (is_client = false) side.
- * - self: address of ALTS TSI handshaker instance to be returned from the
- * method.
- *
- * It returns TSI_OK on success and an error status code on failure.
- */
-tsi_result alts_tsi_handshaker_create(
- const grpc_alts_credentials_options* options, const char* target_name,
- const char* handshaker_service_url, bool is_client, tsi_handshaker** self);
-
-/**
- * This method handles handshaker response returned from ALTS handshaker
- * service.
- *
- * - handshaker: ALTS TSI handshaker instance.
- * - recv_buffer: buffer holding data received from the handshaker service.
- * - status: status of the grpc call made to the handshaker service.
- * - details: error details of the grpc call made to the handshaker service.
- * - cb: callback function of ALTS TSI event.
- * - user_data: argument of callback function.
- * - is_ok: a boolean value indicating if the handshaker response is ok to read.
- *
- */
-void alts_tsi_handshaker_handle_response(alts_tsi_handshaker* handshaker,
- grpc_byte_buffer* recv_buffer,
- grpc_status_code status,
- grpc_slice* details,
- tsi_handshaker_on_next_done_cb cb,
- void* user_data, bool is_ok);
-
-#endif /* GRPC_CORE_TSI_ALTS_HANDSHAKER_ALTS_TSI_HANDSHAKER_H */
diff --git a/src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h b/src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h
deleted file mode 100644
index 9b7b9bb6b1..0000000000
--- a/src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#ifndef GRPC_CORE_TSI_ALTS_HANDSHAKER_ALTS_TSI_HANDSHAKER_PRIVATE_H
-#define GRPC_CORE_TSI_ALTS_HANDSHAKER_ALTS_TSI_HANDSHAKER_PRIVATE_H
-
-#include <grpc/support/port_platform.h>
-
-#include "src/core/tsi/alts/handshaker/alts_handshaker_client.h"
-
-namespace grpc_core {
-namespace internal {
-
-/**
- * Unsafe, use for testing only. It allows the caller to change the way the
- * ALTS TSI handshaker schedules handshaker requests.
- */
-void alts_tsi_handshaker_set_client_for_testing(alts_tsi_handshaker* handshaker,
- alts_handshaker_client* client);
-
-/* For testing only. */
-bool alts_tsi_handshaker_get_has_sent_start_message_for_testing(
- alts_tsi_handshaker* handshaker);
-
-bool alts_tsi_handshaker_get_is_client_for_testing(
- alts_tsi_handshaker* handshaker);
-
-void alts_tsi_handshaker_set_recv_bytes_for_testing(
- alts_tsi_handshaker* handshaker, grpc_slice* slice);
-
-grpc_slice alts_tsi_handshaker_get_recv_bytes_for_testing(
- alts_tsi_handshaker* handshaker);
-
-} // namespace internal
-} // namespace grpc_core
-
-#endif /* GRPC_CORE_TSI_ALTS_HANDSHAKER_ALTS_TSI_HANDSHAKER_PRIVATE_H */
diff --git a/src/core/tsi/alts/handshaker/alts_tsi_utils.cc b/src/core/tsi/alts/handshaker/alts_tsi_utils.cc
deleted file mode 100644
index d9b5e6c945..0000000000
--- a/src/core/tsi/alts/handshaker/alts_tsi_utils.cc
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <grpc/support/port_platform.h>
-
-#include "src/core/tsi/alts/handshaker/alts_tsi_utils.h"
-
-#include <grpc/byte_buffer_reader.h>
-
-tsi_result alts_tsi_utils_convert_to_tsi_result(grpc_status_code code) {
- switch (code) {
- case GRPC_STATUS_OK:
- return TSI_OK;
- case GRPC_STATUS_UNKNOWN:
- return TSI_UNKNOWN_ERROR;
- case GRPC_STATUS_INVALID_ARGUMENT:
- return TSI_INVALID_ARGUMENT;
- case GRPC_STATUS_NOT_FOUND:
- return TSI_NOT_FOUND;
- case GRPC_STATUS_INTERNAL:
- return TSI_INTERNAL_ERROR;
- default:
- return TSI_UNKNOWN_ERROR;
- }
-}
-
-grpc_gcp_handshaker_resp* alts_tsi_utils_deserialize_response(
- grpc_byte_buffer* resp_buffer) {
- GPR_ASSERT(resp_buffer != nullptr);
- grpc_byte_buffer_reader bbr;
- grpc_byte_buffer_reader_init(&bbr, resp_buffer);
- grpc_slice slice = grpc_byte_buffer_reader_readall(&bbr);
- grpc_gcp_handshaker_resp* resp = grpc_gcp_handshaker_resp_create();
- bool ok = grpc_gcp_handshaker_resp_decode(slice, resp);
- grpc_slice_unref(slice);
- grpc_byte_buffer_reader_destroy(&bbr);
- if (!ok) {
- grpc_gcp_handshaker_resp_destroy(resp);
- gpr_log(GPR_ERROR, "grpc_gcp_handshaker_resp_decode() failed");
- return nullptr;
- }
- return resp;
-}
diff --git a/src/core/tsi/alts/handshaker/alts_tsi_utils.h b/src/core/tsi/alts/handshaker/alts_tsi_utils.h
deleted file mode 100644
index 9ef649de2b..0000000000
--- a/src/core/tsi/alts/handshaker/alts_tsi_utils.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#ifndef GRPC_CORE_TSI_ALTS_HANDSHAKER_ALTS_TSI_UTILS_H
-#define GRPC_CORE_TSI_ALTS_HANDSHAKER_ALTS_TSI_UTILS_H
-
-#include <grpc/support/port_platform.h>
-
-#include <grpc/byte_buffer.h>
-#include <grpc/grpc.h>
-
-#include "src/core/tsi/alts/handshaker/alts_handshaker_service_api.h"
-#include "src/core/tsi/transport_security_interface.h"
-
-/**
- * This method converts grpc_status_code code to the corresponding tsi_result
- * code.
- *
- * - code: grpc_status_code code.
- *
- * It returns the converted tsi_result code.
- */
-tsi_result alts_tsi_utils_convert_to_tsi_result(grpc_status_code code);
-
-/**
- * This method deserializes a handshaker response returned from ALTS handshaker
- * service.
- *
- * - bytes_received: data returned from ALTS handshaker service.
- *
- * It returns a deserialized handshaker response on success and nullptr on
- * failure.
- */
-grpc_gcp_handshaker_resp* alts_tsi_utils_deserialize_response(
- grpc_byte_buffer* resp_buffer);
-
-#endif /* GRPC_CORE_TSI_ALTS_HANDSHAKER_ALTS_TSI_UTILS_H */
diff --git a/src/core/tsi/alts/handshaker/altscontext.pb.c b/src/core/tsi/alts/handshaker/altscontext.pb.c
deleted file mode 100644
index 81a82f5992..0000000000
--- a/src/core/tsi/alts/handshaker/altscontext.pb.c
+++ /dev/null
@@ -1,48 +0,0 @@
-/* Automatically generated nanopb constant definitions */
-/* Generated by nanopb-0.3.7-dev */
-
-#include "src/core/tsi/alts/handshaker/altscontext.pb.h"
-
-/* @@protoc_insertion_point(includes) */
-#if PB_PROTO_HEADER_VERSION != 30
-#error Regenerate this file with the current version of nanopb generator.
-#endif
-
-
-
-const pb_field_t grpc_gcp_AltsContext_fields[7] = {
- PB_FIELD( 1, STRING , OPTIONAL, CALLBACK, FIRST, grpc_gcp_AltsContext, application_protocol, application_protocol, 0),
- PB_FIELD( 2, STRING , OPTIONAL, CALLBACK, OTHER, grpc_gcp_AltsContext, record_protocol, application_protocol, 0),
- PB_FIELD( 3, UENUM , OPTIONAL, STATIC , OTHER, grpc_gcp_AltsContext, security_level, record_protocol, 0),
- PB_FIELD( 4, STRING , OPTIONAL, CALLBACK, OTHER, grpc_gcp_AltsContext, peer_service_account, security_level, 0),
- PB_FIELD( 5, STRING , OPTIONAL, CALLBACK, OTHER, grpc_gcp_AltsContext, local_service_account, peer_service_account, 0),
- PB_FIELD( 6, MESSAGE , OPTIONAL, STATIC , OTHER, grpc_gcp_AltsContext, peer_rpc_versions, local_service_account, &grpc_gcp_RpcProtocolVersions_fields),
- PB_LAST_FIELD
-};
-
-
-/* Check that field information fits in pb_field_t */
-#if !defined(PB_FIELD_32BIT)
-/* If you get an error here, it means that you need to define PB_FIELD_32BIT
- * compile-time option. You can do that in pb.h or on compiler command line.
- *
- * The reason you need to do this is that some of your messages contain tag
- * numbers or field sizes that are larger than what can fit in 8 or 16 bit
- * field descriptors.
- */
-PB_STATIC_ASSERT((pb_membersize(grpc_gcp_AltsContext, peer_rpc_versions) < 65536), YOU_MUST_DEFINE_PB_FIELD_32BIT_FOR_MESSAGES_grpc_gcp_AltsContext)
-#endif
-
-#if !defined(PB_FIELD_16BIT) && !defined(PB_FIELD_32BIT)
-/* If you get an error here, it means that you need to define PB_FIELD_16BIT
- * compile-time option. You can do that in pb.h or on compiler command line.
- *
- * The reason you need to do this is that some of your messages contain tag
- * numbers or field sizes that are larger than what can fit in the default
- * 8 bit descriptors.
- */
-PB_STATIC_ASSERT((pb_membersize(grpc_gcp_AltsContext, peer_rpc_versions) < 256), YOU_MUST_DEFINE_PB_FIELD_16BIT_FOR_MESSAGES_grpc_gcp_AltsContext)
-#endif
-
-
-/* @@protoc_insertion_point(eof) */
diff --git a/src/core/tsi/alts/handshaker/altscontext.pb.h b/src/core/tsi/alts/handshaker/altscontext.pb.h
deleted file mode 100644
index 3e72d7f678..0000000000
--- a/src/core/tsi/alts/handshaker/altscontext.pb.h
+++ /dev/null
@@ -1,64 +0,0 @@
-/* Automatically generated nanopb header */
-/* Generated by nanopb-0.3.7-dev */
-
-#ifndef PB_GRPC_GCP_ALTSCONTEXT_PB_H_INCLUDED
-#define PB_GRPC_GCP_ALTSCONTEXT_PB_H_INCLUDED
-#include "third_party/nanopb/pb.h"
-#include "src/core/tsi/alts/handshaker/transport_security_common.pb.h"
-
-/* @@protoc_insertion_point(includes) */
-#if PB_PROTO_HEADER_VERSION != 30
-#error Regenerate this file with the current version of nanopb generator.
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Struct definitions */
-typedef struct _grpc_gcp_AltsContext {
- pb_callback_t application_protocol;
- pb_callback_t record_protocol;
- bool has_security_level;
- grpc_gcp_SecurityLevel security_level;
- pb_callback_t peer_service_account;
- pb_callback_t local_service_account;
- bool has_peer_rpc_versions;
- grpc_gcp_RpcProtocolVersions peer_rpc_versions;
-/* @@protoc_insertion_point(struct:grpc_gcp_AltsContext) */
-} grpc_gcp_AltsContext;
-
-/* Default values for struct fields */
-
-/* Initializer values for message structs */
-#define grpc_gcp_AltsContext_init_default {{{NULL}, NULL}, {{NULL}, NULL}, false, (grpc_gcp_SecurityLevel)0, {{NULL}, NULL}, {{NULL}, NULL}, false, grpc_gcp_RpcProtocolVersions_init_default}
-#define grpc_gcp_AltsContext_init_zero {{{NULL}, NULL}, {{NULL}, NULL}, false, (grpc_gcp_SecurityLevel)0, {{NULL}, NULL}, {{NULL}, NULL}, false, grpc_gcp_RpcProtocolVersions_init_zero}
-
-/* Field tags (for use in manual encoding/decoding) */
-#define grpc_gcp_AltsContext_application_protocol_tag 1
-#define grpc_gcp_AltsContext_record_protocol_tag 2
-#define grpc_gcp_AltsContext_security_level_tag 3
-#define grpc_gcp_AltsContext_peer_service_account_tag 4
-#define grpc_gcp_AltsContext_local_service_account_tag 5
-#define grpc_gcp_AltsContext_peer_rpc_versions_tag 6
-
-/* Struct field encoding specification for nanopb */
-extern const pb_field_t grpc_gcp_AltsContext_fields[7];
-
-/* Maximum encoded size of messages (where known) */
-/* grpc_gcp_AltsContext_size depends on runtime parameters */
-
-/* Message IDs (where set with "msgid" option) */
-#ifdef PB_MSGID
-
-#define ALTSCONTEXT_MESSAGES \
-
-
-#endif
-
-#ifdef __cplusplus
-} /* extern "C" */
-#endif
-/* @@protoc_insertion_point(eof) */
-
-#endif
diff --git a/src/core/tsi/alts/handshaker/handshaker.pb.c b/src/core/tsi/alts/handshaker/handshaker.pb.c
deleted file mode 100644
index bd992dfa4a..0000000000
--- a/src/core/tsi/alts/handshaker/handshaker.pb.c
+++ /dev/null
@@ -1,123 +0,0 @@
-/* Automatically generated nanopb constant definitions */
-/* Generated by nanopb-0.3.7-dev */
-
-#include "src/core/tsi/alts/handshaker/handshaker.pb.h"
-
-/* @@protoc_insertion_point(includes) */
-#if PB_PROTO_HEADER_VERSION != 30
-#error Regenerate this file with the current version of nanopb generator.
-#endif
-
-
-
-const pb_field_t grpc_gcp_Endpoint_fields[4] = {
- PB_FIELD( 1, STRING , OPTIONAL, CALLBACK, FIRST, grpc_gcp_Endpoint, ip_address, ip_address, 0),
- PB_FIELD( 2, INT32 , OPTIONAL, STATIC , OTHER, grpc_gcp_Endpoint, port, ip_address, 0),
- PB_FIELD( 3, UENUM , OPTIONAL, STATIC , OTHER, grpc_gcp_Endpoint, protocol, port, 0),
- PB_LAST_FIELD
-};
-
-const pb_field_t grpc_gcp_Identity_fields[3] = {
- PB_FIELD( 1, STRING , OPTIONAL, CALLBACK, FIRST, grpc_gcp_Identity, service_account, service_account, 0),
- PB_FIELD( 2, STRING , OPTIONAL, CALLBACK, OTHER, grpc_gcp_Identity, hostname, service_account, 0),
- PB_LAST_FIELD
-};
-
-const pb_field_t grpc_gcp_StartClientHandshakeReq_fields[10] = {
- PB_FIELD( 1, UENUM , OPTIONAL, STATIC , FIRST, grpc_gcp_StartClientHandshakeReq, handshake_security_protocol, handshake_security_protocol, 0),
- PB_FIELD( 2, STRING , REPEATED, CALLBACK, OTHER, grpc_gcp_StartClientHandshakeReq, application_protocols, handshake_security_protocol, 0),
- PB_FIELD( 3, STRING , REPEATED, CALLBACK, OTHER, grpc_gcp_StartClientHandshakeReq, record_protocols, application_protocols, 0),
- PB_FIELD( 4, MESSAGE , REPEATED, CALLBACK, OTHER, grpc_gcp_StartClientHandshakeReq, target_identities, record_protocols, &grpc_gcp_Identity_fields),
- PB_FIELD( 5, MESSAGE , OPTIONAL, STATIC , OTHER, grpc_gcp_StartClientHandshakeReq, local_identity, target_identities, &grpc_gcp_Identity_fields),
- PB_FIELD( 6, MESSAGE , OPTIONAL, STATIC , OTHER, grpc_gcp_StartClientHandshakeReq, local_endpoint, local_identity, &grpc_gcp_Endpoint_fields),
- PB_FIELD( 7, MESSAGE , OPTIONAL, STATIC , OTHER, grpc_gcp_StartClientHandshakeReq, remote_endpoint, local_endpoint, &grpc_gcp_Endpoint_fields),
- PB_FIELD( 8, STRING , OPTIONAL, CALLBACK, OTHER, grpc_gcp_StartClientHandshakeReq, target_name, remote_endpoint, 0),
- PB_FIELD( 9, MESSAGE , OPTIONAL, STATIC , OTHER, grpc_gcp_StartClientHandshakeReq, rpc_versions, target_name, &grpc_gcp_RpcProtocolVersions_fields),
- PB_LAST_FIELD
-};
-
-const pb_field_t grpc_gcp_ServerHandshakeParameters_fields[3] = {
- PB_FIELD( 1, STRING , REPEATED, CALLBACK, FIRST, grpc_gcp_ServerHandshakeParameters, record_protocols, record_protocols, 0),
- PB_FIELD( 2, MESSAGE , REPEATED, CALLBACK, OTHER, grpc_gcp_ServerHandshakeParameters, local_identities, record_protocols, &grpc_gcp_Identity_fields),
- PB_LAST_FIELD
-};
-
-const pb_field_t grpc_gcp_StartServerHandshakeReq_fields[7] = {
- PB_FIELD( 1, STRING , REPEATED, CALLBACK, FIRST, grpc_gcp_StartServerHandshakeReq, application_protocols, application_protocols, 0),
- PB_FIELD( 2, MESSAGE , REPEATED, STATIC , OTHER, grpc_gcp_StartServerHandshakeReq, handshake_parameters, application_protocols, &grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry_fields),
- PB_FIELD( 3, BYTES , OPTIONAL, CALLBACK, OTHER, grpc_gcp_StartServerHandshakeReq, in_bytes, handshake_parameters, 0),
- PB_FIELD( 4, MESSAGE , OPTIONAL, STATIC , OTHER, grpc_gcp_StartServerHandshakeReq, local_endpoint, in_bytes, &grpc_gcp_Endpoint_fields),
- PB_FIELD( 5, MESSAGE , OPTIONAL, STATIC , OTHER, grpc_gcp_StartServerHandshakeReq, remote_endpoint, local_endpoint, &grpc_gcp_Endpoint_fields),
- PB_FIELD( 6, MESSAGE , OPTIONAL, STATIC , OTHER, grpc_gcp_StartServerHandshakeReq, rpc_versions, remote_endpoint, &grpc_gcp_RpcProtocolVersions_fields),
- PB_LAST_FIELD
-};
-
-const pb_field_t grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry_fields[3] = {
- PB_FIELD( 1, INT32 , OPTIONAL, STATIC , FIRST, grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry, key, key, 0),
- PB_FIELD( 2, MESSAGE , OPTIONAL, STATIC , OTHER, grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry, value, key, &grpc_gcp_ServerHandshakeParameters_fields),
- PB_LAST_FIELD
-};
-
-const pb_field_t grpc_gcp_NextHandshakeMessageReq_fields[2] = {
- PB_FIELD( 1, BYTES , OPTIONAL, CALLBACK, FIRST, grpc_gcp_NextHandshakeMessageReq, in_bytes, in_bytes, 0),
- PB_LAST_FIELD
-};
-
-const pb_field_t grpc_gcp_HandshakerReq_fields[4] = {
- PB_FIELD( 1, MESSAGE , OPTIONAL, STATIC , FIRST, grpc_gcp_HandshakerReq, client_start, client_start, &grpc_gcp_StartClientHandshakeReq_fields),
- PB_FIELD( 2, MESSAGE , OPTIONAL, STATIC , OTHER, grpc_gcp_HandshakerReq, server_start, client_start, &grpc_gcp_StartServerHandshakeReq_fields),
- PB_FIELD( 3, MESSAGE , OPTIONAL, STATIC , OTHER, grpc_gcp_HandshakerReq, next, server_start, &grpc_gcp_NextHandshakeMessageReq_fields),
- PB_LAST_FIELD
-};
-
-const pb_field_t grpc_gcp_HandshakerResult_fields[8] = {
- PB_FIELD( 1, STRING , OPTIONAL, CALLBACK, FIRST, grpc_gcp_HandshakerResult, application_protocol, application_protocol, 0),
- PB_FIELD( 2, STRING , OPTIONAL, CALLBACK, OTHER, grpc_gcp_HandshakerResult, record_protocol, application_protocol, 0),
- PB_FIELD( 3, BYTES , OPTIONAL, CALLBACK, OTHER, grpc_gcp_HandshakerResult, key_data, record_protocol, 0),
- PB_FIELD( 4, MESSAGE , OPTIONAL, STATIC , OTHER, grpc_gcp_HandshakerResult, peer_identity, key_data, &grpc_gcp_Identity_fields),
- PB_FIELD( 5, MESSAGE , OPTIONAL, STATIC , OTHER, grpc_gcp_HandshakerResult, local_identity, peer_identity, &grpc_gcp_Identity_fields),
- PB_FIELD( 6, BOOL , OPTIONAL, STATIC , OTHER, grpc_gcp_HandshakerResult, keep_channel_open, local_identity, 0),
- PB_FIELD( 7, MESSAGE , OPTIONAL, STATIC , OTHER, grpc_gcp_HandshakerResult, peer_rpc_versions, keep_channel_open, &grpc_gcp_RpcProtocolVersions_fields),
- PB_LAST_FIELD
-};
-
-const pb_field_t grpc_gcp_HandshakerStatus_fields[3] = {
- PB_FIELD( 1, UINT32 , OPTIONAL, STATIC , FIRST, grpc_gcp_HandshakerStatus, code, code, 0),
- PB_FIELD( 2, STRING , OPTIONAL, CALLBACK, OTHER, grpc_gcp_HandshakerStatus, details, code, 0),
- PB_LAST_FIELD
-};
-
-const pb_field_t grpc_gcp_HandshakerResp_fields[5] = {
- PB_FIELD( 1, BYTES , OPTIONAL, CALLBACK, FIRST, grpc_gcp_HandshakerResp, out_frames, out_frames, 0),
- PB_FIELD( 2, UINT32 , OPTIONAL, STATIC , OTHER, grpc_gcp_HandshakerResp, bytes_consumed, out_frames, 0),
- PB_FIELD( 3, MESSAGE , OPTIONAL, STATIC , OTHER, grpc_gcp_HandshakerResp, result, bytes_consumed, &grpc_gcp_HandshakerResult_fields),
- PB_FIELD( 4, MESSAGE , OPTIONAL, STATIC , OTHER, grpc_gcp_HandshakerResp, status, result, &grpc_gcp_HandshakerStatus_fields),
- PB_LAST_FIELD
-};
-
-
-/* Check that field information fits in pb_field_t */
-#if !defined(PB_FIELD_32BIT)
-/* If you get an error here, it means that you need to define PB_FIELD_32BIT
- * compile-time option. You can do that in pb.h or on compiler command line.
- *
- * The reason you need to do this is that some of your messages contain tag
- * numbers or field sizes that are larger than what can fit in 8 or 16 bit
- * field descriptors.
- */
-PB_STATIC_ASSERT((pb_membersize(grpc_gcp_StartClientHandshakeReq, target_identities) < 65536 && pb_membersize(grpc_gcp_StartClientHandshakeReq, local_identity) < 65536 && pb_membersize(grpc_gcp_StartClientHandshakeReq, local_endpoint) < 65536 && pb_membersize(grpc_gcp_StartClientHandshakeReq, remote_endpoint) < 65536 && pb_membersize(grpc_gcp_StartClientHandshakeReq, rpc_versions) < 65536 && pb_membersize(grpc_gcp_ServerHandshakeParameters, local_identities) < 65536 && pb_membersize(grpc_gcp_StartServerHandshakeReq, handshake_parameters[0]) < 65536 && pb_membersize(grpc_gcp_StartServerHandshakeReq, local_endpoint) < 65536 && pb_membersize(grpc_gcp_StartServerHandshakeReq, remote_endpoint) < 65536 && pb_membersize(grpc_gcp_StartServerHandshakeReq, rpc_versions) < 65536 && pb_membersize(grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry, value) < 65536 && pb_membersize(grpc_gcp_HandshakerReq, client_start) < 65536 && pb_membersize(grpc_gcp_HandshakerReq, server_start) < 65536 && pb_membersize(grpc_gcp_HandshakerReq, next) < 65536 && pb_membersize(grpc_gcp_HandshakerResult, peer_identity) < 65536 && pb_membersize(grpc_gcp_HandshakerResult, local_identity) < 65536 && pb_membersize(grpc_gcp_HandshakerResult, peer_rpc_versions) < 65536 && pb_membersize(grpc_gcp_HandshakerResp, result) < 65536 && pb_membersize(grpc_gcp_HandshakerResp, status) < 65536), YOU_MUST_DEFINE_PB_FIELD_32BIT_FOR_MESSAGES_grpc_gcp_Endpoint_grpc_gcp_Identity_grpc_gcp_StartClientHandshakeReq_grpc_gcp_ServerHandshakeParameters_grpc_gcp_StartServerHandshakeReq_grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry_grpc_gcp_NextHandshakeMessageReq_grpc_gcp_HandshakerReq_grpc_gcp_HandshakerResult_grpc_gcp_HandshakerStatus_grpc_gcp_HandshakerResp)
-#endif
-
-#if !defined(PB_FIELD_16BIT) && !defined(PB_FIELD_32BIT)
-/* If you get an error here, it means that you need to define PB_FIELD_16BIT
- * compile-time option. You can do that in pb.h or on compiler command line.
- *
- * The reason you need to do this is that some of your messages contain tag
- * numbers or field sizes that are larger than what can fit in the default
- * 8 bit descriptors.
- */
-PB_STATIC_ASSERT((pb_membersize(grpc_gcp_StartClientHandshakeReq, target_identities) < 256 && pb_membersize(grpc_gcp_StartClientHandshakeReq, local_identity) < 256 && pb_membersize(grpc_gcp_StartClientHandshakeReq, local_endpoint) < 256 && pb_membersize(grpc_gcp_StartClientHandshakeReq, remote_endpoint) < 256 && pb_membersize(grpc_gcp_StartClientHandshakeReq, rpc_versions) < 256 && pb_membersize(grpc_gcp_ServerHandshakeParameters, local_identities) < 256 && pb_membersize(grpc_gcp_StartServerHandshakeReq, handshake_parameters[0]) < 256 && pb_membersize(grpc_gcp_StartServerHandshakeReq, local_endpoint) < 256 && pb_membersize(grpc_gcp_StartServerHandshakeReq, remote_endpoint) < 256 && pb_membersize(grpc_gcp_StartServerHandshakeReq, rpc_versions) < 256 && pb_membersize(grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry, value) < 256 && pb_membersize(grpc_gcp_HandshakerReq, client_start) < 256 && pb_membersize(grpc_gcp_HandshakerReq, server_start) < 256 && pb_membersize(grpc_gcp_HandshakerReq, next) < 256 && pb_membersize(grpc_gcp_HandshakerResult, peer_identity) < 256 && pb_membersize(grpc_gcp_HandshakerResult, local_identity) < 256 && pb_membersize(grpc_gcp_HandshakerResult, peer_rpc_versions) < 256 && pb_membersize(grpc_gcp_HandshakerResp, result) < 256 && pb_membersize(grpc_gcp_HandshakerResp, status) < 256), YOU_MUST_DEFINE_PB_FIELD_16BIT_FOR_MESSAGES_grpc_gcp_Endpoint_grpc_gcp_Identity_grpc_gcp_StartClientHandshakeReq_grpc_gcp_ServerHandshakeParameters_grpc_gcp_StartServerHandshakeReq_grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry_grpc_gcp_NextHandshakeMessageReq_grpc_gcp_HandshakerReq_grpc_gcp_HandshakerResult_grpc_gcp_HandshakerStatus_grpc_gcp_HandshakerResp)
-#endif
-
-
-/* @@protoc_insertion_point(eof) */
diff --git a/src/core/tsi/alts/handshaker/handshaker.pb.h b/src/core/tsi/alts/handshaker/handshaker.pb.h
deleted file mode 100644
index 0805a144de..0000000000
--- a/src/core/tsi/alts/handshaker/handshaker.pb.h
+++ /dev/null
@@ -1,255 +0,0 @@
-/* Automatically generated nanopb header */
-/* Generated by nanopb-0.3.7-dev */
-
-#ifndef PB_GRPC_GCP_HANDSHAKER_PB_H_INCLUDED
-#define PB_GRPC_GCP_HANDSHAKER_PB_H_INCLUDED
-#include "third_party/nanopb/pb.h"
-#include "src/core/tsi/alts/handshaker/transport_security_common.pb.h"
-
-/* @@protoc_insertion_point(includes) */
-#if PB_PROTO_HEADER_VERSION != 30
-#error Regenerate this file with the current version of nanopb generator.
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Enum definitions */
-typedef enum _grpc_gcp_HandshakeProtocol {
- grpc_gcp_HandshakeProtocol_HANDSHAKE_PROTOCOL_UNSPECIFIED = 0,
- grpc_gcp_HandshakeProtocol_TLS = 1,
- grpc_gcp_HandshakeProtocol_ALTS = 2
-} grpc_gcp_HandshakeProtocol;
-#define _grpc_gcp_HandshakeProtocol_MIN grpc_gcp_HandshakeProtocol_HANDSHAKE_PROTOCOL_UNSPECIFIED
-#define _grpc_gcp_HandshakeProtocol_MAX grpc_gcp_HandshakeProtocol_ALTS
-#define _grpc_gcp_HandshakeProtocol_ARRAYSIZE ((grpc_gcp_HandshakeProtocol)(grpc_gcp_HandshakeProtocol_ALTS+1))
-
-typedef enum _grpc_gcp_NetworkProtocol {
- grpc_gcp_NetworkProtocol_NETWORK_PROTOCOL_UNSPECIFIED = 0,
- grpc_gcp_NetworkProtocol_TCP = 1,
- grpc_gcp_NetworkProtocol_UDP = 2
-} grpc_gcp_NetworkProtocol;
-#define _grpc_gcp_NetworkProtocol_MIN grpc_gcp_NetworkProtocol_NETWORK_PROTOCOL_UNSPECIFIED
-#define _grpc_gcp_NetworkProtocol_MAX grpc_gcp_NetworkProtocol_UDP
-#define _grpc_gcp_NetworkProtocol_ARRAYSIZE ((grpc_gcp_NetworkProtocol)(grpc_gcp_NetworkProtocol_UDP+1))
-
-/* Struct definitions */
-typedef struct _grpc_gcp_Identity {
- pb_callback_t service_account;
- pb_callback_t hostname;
-/* @@protoc_insertion_point(struct:grpc_gcp_Identity) */
-} grpc_gcp_Identity;
-
-typedef struct _grpc_gcp_NextHandshakeMessageReq {
- pb_callback_t in_bytes;
-/* @@protoc_insertion_point(struct:grpc_gcp_NextHandshakeMessageReq) */
-} grpc_gcp_NextHandshakeMessageReq;
-
-typedef struct _grpc_gcp_ServerHandshakeParameters {
- pb_callback_t record_protocols;
- pb_callback_t local_identities;
-/* @@protoc_insertion_point(struct:grpc_gcp_ServerHandshakeParameters) */
-} grpc_gcp_ServerHandshakeParameters;
-
-typedef struct _grpc_gcp_Endpoint {
- pb_callback_t ip_address;
- bool has_port;
- int32_t port;
- bool has_protocol;
- grpc_gcp_NetworkProtocol protocol;
-/* @@protoc_insertion_point(struct:grpc_gcp_Endpoint) */
-} grpc_gcp_Endpoint;
-
-typedef struct _grpc_gcp_HandshakerResult {
- pb_callback_t application_protocol;
- pb_callback_t record_protocol;
- pb_callback_t key_data;
- bool has_peer_identity;
- grpc_gcp_Identity peer_identity;
- bool has_local_identity;
- grpc_gcp_Identity local_identity;
- bool has_keep_channel_open;
- bool keep_channel_open;
- bool has_peer_rpc_versions;
- grpc_gcp_RpcProtocolVersions peer_rpc_versions;
-/* @@protoc_insertion_point(struct:grpc_gcp_HandshakerResult) */
-} grpc_gcp_HandshakerResult;
-
-typedef struct _grpc_gcp_HandshakerStatus {
- bool has_code;
- uint32_t code;
- pb_callback_t details;
-/* @@protoc_insertion_point(struct:grpc_gcp_HandshakerStatus) */
-} grpc_gcp_HandshakerStatus;
-
-typedef struct _grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry {
- bool has_key;
- int32_t key;
- bool has_value;
- grpc_gcp_ServerHandshakeParameters value;
-/* @@protoc_insertion_point(struct:grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry) */
-} grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry;
-
-typedef struct _grpc_gcp_HandshakerResp {
- pb_callback_t out_frames;
- bool has_bytes_consumed;
- uint32_t bytes_consumed;
- bool has_result;
- grpc_gcp_HandshakerResult result;
- bool has_status;
- grpc_gcp_HandshakerStatus status;
-/* @@protoc_insertion_point(struct:grpc_gcp_HandshakerResp) */
-} grpc_gcp_HandshakerResp;
-
-typedef struct _grpc_gcp_StartClientHandshakeReq {
- bool has_handshake_security_protocol;
- grpc_gcp_HandshakeProtocol handshake_security_protocol;
- pb_callback_t application_protocols;
- pb_callback_t record_protocols;
- pb_callback_t target_identities;
- bool has_local_identity;
- grpc_gcp_Identity local_identity;
- bool has_local_endpoint;
- grpc_gcp_Endpoint local_endpoint;
- bool has_remote_endpoint;
- grpc_gcp_Endpoint remote_endpoint;
- pb_callback_t target_name;
- bool has_rpc_versions;
- grpc_gcp_RpcProtocolVersions rpc_versions;
-/* @@protoc_insertion_point(struct:grpc_gcp_StartClientHandshakeReq) */
-} grpc_gcp_StartClientHandshakeReq;
-
-typedef struct _grpc_gcp_StartServerHandshakeReq {
- pb_callback_t application_protocols;
- pb_size_t handshake_parameters_count;
- grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry handshake_parameters[3];
- pb_callback_t in_bytes;
- bool has_local_endpoint;
- grpc_gcp_Endpoint local_endpoint;
- bool has_remote_endpoint;
- grpc_gcp_Endpoint remote_endpoint;
- bool has_rpc_versions;
- grpc_gcp_RpcProtocolVersions rpc_versions;
-/* @@protoc_insertion_point(struct:grpc_gcp_StartServerHandshakeReq) */
-} grpc_gcp_StartServerHandshakeReq;
-
-typedef struct _grpc_gcp_HandshakerReq {
- bool has_client_start;
- grpc_gcp_StartClientHandshakeReq client_start;
- bool has_server_start;
- grpc_gcp_StartServerHandshakeReq server_start;
- bool has_next;
- grpc_gcp_NextHandshakeMessageReq next;
-/* @@protoc_insertion_point(struct:grpc_gcp_HandshakerReq) */
-} grpc_gcp_HandshakerReq;
-
-/* Default values for struct fields */
-
-/* Initializer values for message structs */
-#define grpc_gcp_Endpoint_init_default {{{NULL}, NULL}, false, 0, false, (grpc_gcp_NetworkProtocol)0}
-#define grpc_gcp_Identity_init_default {{{NULL}, NULL}, {{NULL}, NULL}}
-#define grpc_gcp_StartClientHandshakeReq_init_default {false, (grpc_gcp_HandshakeProtocol)0, {{NULL}, NULL}, {{NULL}, NULL}, {{NULL}, NULL}, false, grpc_gcp_Identity_init_default, false, grpc_gcp_Endpoint_init_default, false, grpc_gcp_Endpoint_init_default, {{NULL}, NULL}, false, grpc_gcp_RpcProtocolVersions_init_default}
-#define grpc_gcp_ServerHandshakeParameters_init_default {{{NULL}, NULL}, {{NULL}, NULL}}
-#define grpc_gcp_StartServerHandshakeReq_init_default {{{NULL}, NULL}, 0, {grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry_init_default, grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry_init_default, grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry_init_default}, {{NULL}, NULL}, false, grpc_gcp_Endpoint_init_default, false, grpc_gcp_Endpoint_init_default, false, grpc_gcp_RpcProtocolVersions_init_default}
-#define grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry_init_default {false, 0, false, grpc_gcp_ServerHandshakeParameters_init_default}
-#define grpc_gcp_NextHandshakeMessageReq_init_default {{{NULL}, NULL}}
-#define grpc_gcp_HandshakerReq_init_default {false, grpc_gcp_StartClientHandshakeReq_init_default, false, grpc_gcp_StartServerHandshakeReq_init_default, false, grpc_gcp_NextHandshakeMessageReq_init_default}
-#define grpc_gcp_HandshakerResult_init_default {{{NULL}, NULL}, {{NULL}, NULL}, {{NULL}, NULL}, false, grpc_gcp_Identity_init_default, false, grpc_gcp_Identity_init_default, false, 0, false, grpc_gcp_RpcProtocolVersions_init_default}
-#define grpc_gcp_HandshakerStatus_init_default {false, 0, {{NULL}, NULL}}
-#define grpc_gcp_HandshakerResp_init_default {{{NULL}, NULL}, false, 0, false, grpc_gcp_HandshakerResult_init_default, false, grpc_gcp_HandshakerStatus_init_default}
-#define grpc_gcp_Endpoint_init_zero {{{NULL}, NULL}, false, 0, false, (grpc_gcp_NetworkProtocol)0}
-#define grpc_gcp_Identity_init_zero {{{NULL}, NULL}, {{NULL}, NULL}}
-#define grpc_gcp_StartClientHandshakeReq_init_zero {false, (grpc_gcp_HandshakeProtocol)0, {{NULL}, NULL}, {{NULL}, NULL}, {{NULL}, NULL}, false, grpc_gcp_Identity_init_zero, false, grpc_gcp_Endpoint_init_zero, false, grpc_gcp_Endpoint_init_zero, {{NULL}, NULL}, false, grpc_gcp_RpcProtocolVersions_init_zero}
-#define grpc_gcp_ServerHandshakeParameters_init_zero {{{NULL}, NULL}, {{NULL}, NULL}}
-#define grpc_gcp_StartServerHandshakeReq_init_zero {{{NULL}, NULL}, 0, {grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry_init_zero, grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry_init_zero, grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry_init_zero}, {{NULL}, NULL}, false, grpc_gcp_Endpoint_init_zero, false, grpc_gcp_Endpoint_init_zero, false, grpc_gcp_RpcProtocolVersions_init_zero}
-#define grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry_init_zero {false, 0, false, grpc_gcp_ServerHandshakeParameters_init_zero}
-#define grpc_gcp_NextHandshakeMessageReq_init_zero {{{NULL}, NULL}}
-#define grpc_gcp_HandshakerReq_init_zero {false, grpc_gcp_StartClientHandshakeReq_init_zero, false, grpc_gcp_StartServerHandshakeReq_init_zero, false, grpc_gcp_NextHandshakeMessageReq_init_zero}
-#define grpc_gcp_HandshakerResult_init_zero {{{NULL}, NULL}, {{NULL}, NULL}, {{NULL}, NULL}, false, grpc_gcp_Identity_init_zero, false, grpc_gcp_Identity_init_zero, false, 0, false, grpc_gcp_RpcProtocolVersions_init_zero}
-#define grpc_gcp_HandshakerStatus_init_zero {false, 0, {{NULL}, NULL}}
-#define grpc_gcp_HandshakerResp_init_zero {{{NULL}, NULL}, false, 0, false, grpc_gcp_HandshakerResult_init_zero, false, grpc_gcp_HandshakerStatus_init_zero}
-
-/* Field tags (for use in manual encoding/decoding) */
-#define grpc_gcp_Identity_service_account_tag 1
-#define grpc_gcp_Identity_hostname_tag 2
-#define grpc_gcp_NextHandshakeMessageReq_in_bytes_tag 1
-#define grpc_gcp_ServerHandshakeParameters_record_protocols_tag 1
-#define grpc_gcp_ServerHandshakeParameters_local_identities_tag 2
-#define grpc_gcp_Endpoint_ip_address_tag 1
-#define grpc_gcp_Endpoint_port_tag 2
-#define grpc_gcp_Endpoint_protocol_tag 3
-#define grpc_gcp_HandshakerResult_application_protocol_tag 1
-#define grpc_gcp_HandshakerResult_record_protocol_tag 2
-#define grpc_gcp_HandshakerResult_key_data_tag 3
-#define grpc_gcp_HandshakerResult_peer_identity_tag 4
-#define grpc_gcp_HandshakerResult_local_identity_tag 5
-#define grpc_gcp_HandshakerResult_keep_channel_open_tag 6
-#define grpc_gcp_HandshakerResult_peer_rpc_versions_tag 7
-#define grpc_gcp_HandshakerStatus_code_tag 1
-#define grpc_gcp_HandshakerStatus_details_tag 2
-#define grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry_key_tag 1
-#define grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry_value_tag 2
-#define grpc_gcp_HandshakerResp_out_frames_tag 1
-#define grpc_gcp_HandshakerResp_bytes_consumed_tag 2
-#define grpc_gcp_HandshakerResp_result_tag 3
-#define grpc_gcp_HandshakerResp_status_tag 4
-#define grpc_gcp_StartClientHandshakeReq_handshake_security_protocol_tag 1
-#define grpc_gcp_StartClientHandshakeReq_application_protocols_tag 2
-#define grpc_gcp_StartClientHandshakeReq_record_protocols_tag 3
-#define grpc_gcp_StartClientHandshakeReq_target_identities_tag 4
-#define grpc_gcp_StartClientHandshakeReq_local_identity_tag 5
-#define grpc_gcp_StartClientHandshakeReq_local_endpoint_tag 6
-#define grpc_gcp_StartClientHandshakeReq_remote_endpoint_tag 7
-#define grpc_gcp_StartClientHandshakeReq_target_name_tag 8
-#define grpc_gcp_StartClientHandshakeReq_rpc_versions_tag 9
-#define grpc_gcp_StartServerHandshakeReq_application_protocols_tag 1
-#define grpc_gcp_StartServerHandshakeReq_handshake_parameters_tag 2
-#define grpc_gcp_StartServerHandshakeReq_in_bytes_tag 3
-#define grpc_gcp_StartServerHandshakeReq_local_endpoint_tag 4
-#define grpc_gcp_StartServerHandshakeReq_remote_endpoint_tag 5
-#define grpc_gcp_StartServerHandshakeReq_rpc_versions_tag 6
-#define grpc_gcp_HandshakerReq_client_start_tag 1
-#define grpc_gcp_HandshakerReq_server_start_tag 2
-#define grpc_gcp_HandshakerReq_next_tag 3
-
-/* Struct field encoding specification for nanopb */
-extern const pb_field_t grpc_gcp_Endpoint_fields[4];
-extern const pb_field_t grpc_gcp_Identity_fields[3];
-extern const pb_field_t grpc_gcp_StartClientHandshakeReq_fields[10];
-extern const pb_field_t grpc_gcp_ServerHandshakeParameters_fields[3];
-extern const pb_field_t grpc_gcp_StartServerHandshakeReq_fields[7];
-extern const pb_field_t grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry_fields[3];
-extern const pb_field_t grpc_gcp_NextHandshakeMessageReq_fields[2];
-extern const pb_field_t grpc_gcp_HandshakerReq_fields[4];
-extern const pb_field_t grpc_gcp_HandshakerResult_fields[8];
-extern const pb_field_t grpc_gcp_HandshakerStatus_fields[3];
-extern const pb_field_t grpc_gcp_HandshakerResp_fields[5];
-
-/* Maximum encoded size of messages (where known) */
-/* grpc_gcp_Endpoint_size depends on runtime parameters */
-/* grpc_gcp_Identity_size depends on runtime parameters */
-/* grpc_gcp_StartClientHandshakeReq_size depends on runtime parameters */
-/* grpc_gcp_ServerHandshakeParameters_size depends on runtime parameters */
-/* grpc_gcp_StartServerHandshakeReq_size depends on runtime parameters */
-#define grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry_size (17 + grpc_gcp_ServerHandshakeParameters_size)
-/* grpc_gcp_NextHandshakeMessageReq_size depends on runtime parameters */
-#define grpc_gcp_HandshakerReq_size (18 + grpc_gcp_StartClientHandshakeReq_size + grpc_gcp_StartServerHandshakeReq_size + grpc_gcp_NextHandshakeMessageReq_size)
-/* grpc_gcp_HandshakerResult_size depends on runtime parameters */
-/* grpc_gcp_HandshakerStatus_size depends on runtime parameters */
-/* grpc_gcp_HandshakerResp_size depends on runtime parameters */
-
-/* Message IDs (where set with "msgid" option) */
-#ifdef PB_MSGID
-
-#define HANDSHAKER_MESSAGES \
-
-
-#endif
-
-#ifdef __cplusplus
-} /* extern "C" */
-#endif
-/* @@protoc_insertion_point(eof) */
-
-#endif
diff --git a/src/core/tsi/alts/handshaker/proto/altscontext.proto b/src/core/tsi/alts/handshaker/proto/altscontext.proto
deleted file mode 100644
index d195b37e08..0000000000
--- a/src/core/tsi/alts/handshaker/proto/altscontext.proto
+++ /dev/null
@@ -1,41 +0,0 @@
-// Copyright 2018 gRPC authors.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-syntax = "proto3";
-
-import "transport_security_common.proto";
-
-package grpc.gcp;
-
-option java_package = "io.grpc.alts";
-
-message AltsContext {
- // The application protocol negotiated for this connection.
- string application_protocol = 1;
-
- // The record protocol negotiated for this connection.
- string record_protocol = 2;
-
- // The security level of the created secure channel.
- SecurityLevel security_level = 3;
-
- // The peer service account.
- string peer_service_account = 4;
-
- // The local service account.
- string local_service_account = 5;
-
- // The RPC protocol versions supported by the peer.
- RpcProtocolVersions peer_rpc_versions = 6;
-}
diff --git a/src/core/tsi/alts/handshaker/proto/handshaker.options b/src/core/tsi/alts/handshaker/proto/handshaker.options
deleted file mode 100644
index 702ba3802a..0000000000
--- a/src/core/tsi/alts/handshaker/proto/handshaker.options
+++ /dev/null
@@ -1,2 +0,0 @@
-handshaker.proto no_unions:true
-grpc.gcp.StartServerHandshakeReq.handshake_parameters max_count:3
diff --git a/src/core/tsi/alts/handshaker/proto/handshaker.proto b/src/core/tsi/alts/handshaker/proto/handshaker.proto
deleted file mode 100644
index 46b8b09eb0..0000000000
--- a/src/core/tsi/alts/handshaker/proto/handshaker.proto
+++ /dev/null
@@ -1,220 +0,0 @@
-// Copyright 2018 gRPC authors.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-syntax = "proto3";
-
-import "transport_security_common.proto";
-
-package grpc.gcp;
-
-option java_package = "io.grpc.alts";
-
-enum HandshakeProtocol {
- // Default value.
- HANDSHAKE_PROTOCOL_UNSPECIFIED = 0;
-
- // TLS handshake protocol.
- TLS = 1;
-
- // Application Layer Transport Security handshake protocol.
- ALTS = 2;
-}
-
-enum NetworkProtocol {
- NETWORK_PROTOCOL_UNSPECIFIED = 0;
- TCP = 1;
- UDP = 2;
-}
-
-message Endpoint {
- // IP address. It should contain an IPv4 or IPv6 string literal, e.g.
- // "192.168.0.1" or "2001:db8::1".
- string ip_address = 1;
-
- // Port number.
- int32 port = 2;
-
- // Network protocol (e.g., TCP, UDP) associated with this endpoint.
- NetworkProtocol protocol = 3;
-}
-
-message Identity {
- oneof identity_oneof {
- // Service account of a connection endpoint.
- string service_account = 1;
-
- // Hostname of a connection endpoint.
- string hostname = 2;
- }
-}
-
-message StartClientHandshakeReq {
- // Handshake security protocol requested by the client.
- HandshakeProtocol handshake_security_protocol = 1;
-
- // The application protocols supported by the client, e.g., "h2" (for http2),
- // "grpc".
- repeated string application_protocols = 2;
-
- // The record protocols supported by the client, e.g.,
- // "ALTSRP_GCM_AES128".
- repeated string record_protocols = 3;
-
- // (Optional) Describes which server identities are acceptable by the client.
- // If target identities are provided and none of them matches the peer
- // identity of the server, handshake will fail.
- repeated Identity target_identities = 4;
-
- // (Optional) Application may specify a local identity. Otherwise, the
- // handshaker chooses a default local identity.
- Identity local_identity = 5;
-
- // (Optional) Local endpoint information of the connection to the server,
- // such as local IP address, port number, and network protocol.
- Endpoint local_endpoint = 6;
-
- // (Optional) Endpoint information of the remote server, such as IP address,
- // port number, and network protocool.
- Endpoint remote_endpoint = 7;
-
- // (Optional) If target name is provided, a secure naming check is performed
- // to verify that the peer authenticated identity is indeed authorized to run
- // the target name.
- string target_name = 8;
-
- // (Optional) RPC protocol versions supported by the client.
- RpcProtocolVersions rpc_versions = 9;
-}
-
-message ServerHandshakeParameters {
- // The record protocols supported by the server, e.g.,
- // "ALTSRP_GCM_AES128".
- repeated string record_protocols = 1;
-
- // (Optional) A list of local identities supported by the server, if
- // specified. Otherwise, the handshaker chooses a default local identity.
- repeated Identity local_identities = 2;
-}
-
-message StartServerHandshakeReq {
- // The application protocols supported by the server, e.g., "h2" (for http2),
- // "grpc".
- repeated string application_protocols = 1;
-
- // Handshake parameters (record protocols and local identities supported by
- // the server) mapped by the handshake protocol. Each handshake security
- // protocol (e.g., TLS or ALTS) has its own set of record protocols and local
- // identities. Since protobuf does not support enum as key to the map, the key
- // to handshake_parameters is the integer value of HandshakeProtocol enum.
- map<int32, ServerHandshakeParameters> handshake_parameters = 2;
-
- // Bytes in out_frames returned from the peer's HandshakerResp. It is possible
- // that the peer's out_frames are split into multiple HandshakReq messages.
- bytes in_bytes = 3;
-
- // (Optional) Local endpoint information of the connection to the client,
- // such as local IP address, port number, and network protocol.
- Endpoint local_endpoint = 4;
-
- // (Optional) Endpoint information of the remote client, such as IP address,
- // port number, and network protocool.
- Endpoint remote_endpoint = 5;
-
- // (Optional) RPC protocol versions supported by the server.
- RpcProtocolVersions rpc_versions = 6;
-}
-
-message NextHandshakeMessageReq {
- // Bytes in out_frames returned from the peer's HandshakerResp. It is possible
- // that the peer's out_frames are split into multiple NextHandshakerMessageReq
- // messages.
- bytes in_bytes = 1;
-}
-
-message HandshakerReq {
- oneof req_oneof {
- // The start client handshake request message.
- StartClientHandshakeReq client_start = 1;
-
- // The start server handshake request message.
- StartServerHandshakeReq server_start = 2;
-
- // The next handshake request message.
- NextHandshakeMessageReq next = 3;
- }
-}
-
-message HandshakerResult {
- // The application protocol negotiated for this connection.
- string application_protocol = 1;
-
- // The record protocol negotiated for this connection.
- string record_protocol = 2;
-
- // Cryptographic key data. The key data may be more than the key length
- // required for the record protocol, thus the client of the handshaker
- // service needs to truncate the key data into the right key length.
- bytes key_data = 3;
-
- // The authenticated identity of the peer.
- Identity peer_identity = 4;
-
- // The local identity used in the handshake.
- Identity local_identity = 5;
-
- // Indicate whether the handshaker service client should keep the channel
- // between the handshaker service open, e.g., in order to handle
- // post-handshake messages in the future.
- bool keep_channel_open = 6;
-
- // The RPC protocol versions supported by the peer.
- RpcProtocolVersions peer_rpc_versions = 7;
-}
-
-message HandshakerStatus {
- // The status code. This could be the gRPC status code.
- uint32 code = 1;
-
- // The status details.
- string details = 2;
-}
-
-message HandshakerResp {
- // Frames to be given to the peer for the NextHandshakeMessageReq. May be
- // empty if no out_frames have to be sent to the peer or if in_bytes in the
- // HandshakerReq are incomplete. All the non-empty out frames must be sent to
- // the peer even if the handshaker status is not OK as these frames may
- // contain the alert frames.
- bytes out_frames = 1;
-
- // Number of bytes in the in_bytes consumed by the handshaker. It is possible
- // that part of in_bytes in HandshakerReq was unrelated to the handshake
- // process.
- uint32 bytes_consumed = 2;
-
- // This is set iff the handshake was successful. out_frames may still be set
- // to frames that needs to be forwarded to the peer.
- HandshakerResult result = 3;
-
- // Status of the handshaker.
- HandshakerStatus status = 4;
-}
-
-service HandshakerService {
- // Accepts a stream of handshaker request, returning a stream of handshaker
- // response.
- rpc DoHandshake(stream HandshakerReq)
- returns (stream HandshakerResp) {
- }
-}
diff --git a/src/core/tsi/alts/handshaker/proto/transport_security_common.proto b/src/core/tsi/alts/handshaker/proto/transport_security_common.proto
deleted file mode 100644
index 41983ab9f9..0000000000
--- a/src/core/tsi/alts/handshaker/proto/transport_security_common.proto
+++ /dev/null
@@ -1,40 +0,0 @@
-// Copyright 2018 gRPC authors.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-syntax = "proto3";
-
-package grpc.gcp;
-
-option java_package = "io.grpc.alts";
-
-// The security level of the created channel. The list is sorted in increasing
-// level of security. This order must always be maintained.
-enum SecurityLevel {
- SECURITY_NONE = 0;
- INTEGRITY_ONLY = 1;
- INTEGRITY_AND_PRIVACY = 2;
-}
-
-// Max and min supported RPC protocol versions.
-message RpcProtocolVersions {
- // RPC version contains a major version and a minor version.
- message Version {
- uint32 major = 1;
- uint32 minor = 2;
- }
- // Maximum supported RPC version.
- Version max_rpc_version = 1;
- // Minimum supported RPC version.
- Version min_rpc_version = 2;
-}
diff --git a/src/core/tsi/alts/handshaker/transport_security_common.pb.c b/src/core/tsi/alts/handshaker/transport_security_common.pb.c
deleted file mode 100644
index 6063c7625e..0000000000
--- a/src/core/tsi/alts/handshaker/transport_security_common.pb.c
+++ /dev/null
@@ -1,50 +0,0 @@
-/* Automatically generated nanopb constant definitions */
-/* Generated by nanopb-0.3.7-dev */
-
-#include "src/core/tsi/alts/handshaker/transport_security_common.pb.h"
-
-/* @@protoc_insertion_point(includes) */
-#if PB_PROTO_HEADER_VERSION != 30
-#error Regenerate this file with the current version of nanopb generator.
-#endif
-
-
-
-const pb_field_t grpc_gcp_RpcProtocolVersions_fields[3] = {
- PB_FIELD( 1, MESSAGE , OPTIONAL, STATIC , FIRST, grpc_gcp_RpcProtocolVersions, max_rpc_version, max_rpc_version, &grpc_gcp_RpcProtocolVersions_Version_fields),
- PB_FIELD( 2, MESSAGE , OPTIONAL, STATIC , OTHER, grpc_gcp_RpcProtocolVersions, min_rpc_version, max_rpc_version, &grpc_gcp_RpcProtocolVersions_Version_fields),
- PB_LAST_FIELD
-};
-
-const pb_field_t grpc_gcp_RpcProtocolVersions_Version_fields[3] = {
- PB_FIELD( 1, UINT32 , OPTIONAL, STATIC , FIRST, grpc_gcp_RpcProtocolVersions_Version, major, major, 0),
- PB_FIELD( 2, UINT32 , OPTIONAL, STATIC , OTHER, grpc_gcp_RpcProtocolVersions_Version, minor, major, 0),
- PB_LAST_FIELD
-};
-
-
-/* Check that field information fits in pb_field_t */
-#if !defined(PB_FIELD_32BIT)
-/* If you get an error here, it means that you need to define PB_FIELD_32BIT
- * compile-time option. You can do that in pb.h or on compiler command line.
- *
- * The reason you need to do this is that some of your messages contain tag
- * numbers or field sizes that are larger than what can fit in 8 or 16 bit
- * field descriptors.
- */
-PB_STATIC_ASSERT((pb_membersize(grpc_gcp_RpcProtocolVersions, max_rpc_version) < 65536 && pb_membersize(grpc_gcp_RpcProtocolVersions, min_rpc_version) < 65536), YOU_MUST_DEFINE_PB_FIELD_32BIT_FOR_MESSAGES_grpc_gcp_RpcProtocolVersions_grpc_gcp_RpcProtocolVersions_Version)
-#endif
-
-#if !defined(PB_FIELD_16BIT) && !defined(PB_FIELD_32BIT)
-/* If you get an error here, it means that you need to define PB_FIELD_16BIT
- * compile-time option. You can do that in pb.h or on compiler command line.
- *
- * The reason you need to do this is that some of your messages contain tag
- * numbers or field sizes that are larger than what can fit in the default
- * 8 bit descriptors.
- */
-PB_STATIC_ASSERT((pb_membersize(grpc_gcp_RpcProtocolVersions, max_rpc_version) < 256 && pb_membersize(grpc_gcp_RpcProtocolVersions, min_rpc_version) < 256), YOU_MUST_DEFINE_PB_FIELD_16BIT_FOR_MESSAGES_grpc_gcp_RpcProtocolVersions_grpc_gcp_RpcProtocolVersions_Version)
-#endif
-
-
-/* @@protoc_insertion_point(eof) */
diff --git a/src/core/tsi/alts/handshaker/transport_security_common.pb.h b/src/core/tsi/alts/handshaker/transport_security_common.pb.h
deleted file mode 100644
index 49096dffa3..0000000000
--- a/src/core/tsi/alts/handshaker/transport_security_common.pb.h
+++ /dev/null
@@ -1,78 +0,0 @@
-/* Automatically generated nanopb header */
-/* Generated by nanopb-0.3.7-dev */
-
-#ifndef PB_GRPC_GCP_TRANSPORT_SECURITY_COMMON_PB_H_INCLUDED
-#define PB_GRPC_GCP_TRANSPORT_SECURITY_COMMON_PB_H_INCLUDED
-#include "third_party/nanopb/pb.h"
-/* @@protoc_insertion_point(includes) */
-#if PB_PROTO_HEADER_VERSION != 30
-#error Regenerate this file with the current version of nanopb generator.
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Enum definitions */
-typedef enum _grpc_gcp_SecurityLevel {
- grpc_gcp_SecurityLevel_SECURITY_NONE = 0,
- grpc_gcp_SecurityLevel_INTEGRITY_ONLY = 1,
- grpc_gcp_SecurityLevel_INTEGRITY_AND_PRIVACY = 2
-} grpc_gcp_SecurityLevel;
-#define _grpc_gcp_SecurityLevel_MIN grpc_gcp_SecurityLevel_SECURITY_NONE
-#define _grpc_gcp_SecurityLevel_MAX grpc_gcp_SecurityLevel_INTEGRITY_AND_PRIVACY
-#define _grpc_gcp_SecurityLevel_ARRAYSIZE ((grpc_gcp_SecurityLevel)(grpc_gcp_SecurityLevel_INTEGRITY_AND_PRIVACY+1))
-
-/* Struct definitions */
-typedef struct _grpc_gcp_RpcProtocolVersions_Version {
- bool has_major;
- uint32_t major;
- bool has_minor;
- uint32_t minor;
-/* @@protoc_insertion_point(struct:grpc_gcp_RpcProtocolVersions_Version) */
-} grpc_gcp_RpcProtocolVersions_Version;
-
-typedef struct _grpc_gcp_RpcProtocolVersions {
- bool has_max_rpc_version;
- grpc_gcp_RpcProtocolVersions_Version max_rpc_version;
- bool has_min_rpc_version;
- grpc_gcp_RpcProtocolVersions_Version min_rpc_version;
-/* @@protoc_insertion_point(struct:grpc_gcp_RpcProtocolVersions) */
-} grpc_gcp_RpcProtocolVersions;
-
-/* Default values for struct fields */
-
-/* Initializer values for message structs */
-#define grpc_gcp_RpcProtocolVersions_init_default {false, grpc_gcp_RpcProtocolVersions_Version_init_default, false, grpc_gcp_RpcProtocolVersions_Version_init_default}
-#define grpc_gcp_RpcProtocolVersions_Version_init_default {false, 0, false, 0}
-#define grpc_gcp_RpcProtocolVersions_init_zero {false, grpc_gcp_RpcProtocolVersions_Version_init_zero, false, grpc_gcp_RpcProtocolVersions_Version_init_zero}
-#define grpc_gcp_RpcProtocolVersions_Version_init_zero {false, 0, false, 0}
-
-/* Field tags (for use in manual encoding/decoding) */
-#define grpc_gcp_RpcProtocolVersions_Version_major_tag 1
-#define grpc_gcp_RpcProtocolVersions_Version_minor_tag 2
-#define grpc_gcp_RpcProtocolVersions_max_rpc_version_tag 1
-#define grpc_gcp_RpcProtocolVersions_min_rpc_version_tag 2
-
-/* Struct field encoding specification for nanopb */
-extern const pb_field_t grpc_gcp_RpcProtocolVersions_fields[3];
-extern const pb_field_t grpc_gcp_RpcProtocolVersions_Version_fields[3];
-
-/* Maximum encoded size of messages (where known) */
-#define grpc_gcp_RpcProtocolVersions_size 28
-#define grpc_gcp_RpcProtocolVersions_Version_size 12
-
-/* Message IDs (where set with "msgid" option) */
-#ifdef PB_MSGID
-
-#define TRANSPORT_SECURITY_COMMON_MESSAGES \
-
-
-#endif
-
-#ifdef __cplusplus
-} /* extern "C" */
-#endif
-/* @@protoc_insertion_point(eof) */
-
-#endif
diff --git a/src/core/tsi/alts/handshaker/transport_security_common_api.cc b/src/core/tsi/alts/handshaker/transport_security_common_api.cc
deleted file mode 100644
index 8a7edb53d4..0000000000
--- a/src/core/tsi/alts/handshaker/transport_security_common_api.cc
+++ /dev/null
@@ -1,196 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <grpc/support/port_platform.h>
-
-#include "src/core/tsi/alts/handshaker/transport_security_common_api.h"
-
-bool grpc_gcp_rpc_protocol_versions_set_max(
- grpc_gcp_rpc_protocol_versions* versions, uint32_t max_major,
- uint32_t max_minor) {
- if (versions == nullptr) {
- gpr_log(GPR_ERROR,
- "versions is nullptr in "
- "grpc_gcp_rpc_protocol_versions_set_max().");
- return false;
- }
- versions->has_max_rpc_version = true;
- versions->max_rpc_version.has_major = true;
- versions->max_rpc_version.has_minor = true;
- versions->max_rpc_version.major = max_major;
- versions->max_rpc_version.minor = max_minor;
- return true;
-}
-
-bool grpc_gcp_rpc_protocol_versions_set_min(
- grpc_gcp_rpc_protocol_versions* versions, uint32_t min_major,
- uint32_t min_minor) {
- if (versions == nullptr) {
- gpr_log(GPR_ERROR,
- "versions is nullptr in "
- "grpc_gcp_rpc_protocol_versions_set_min().");
- return false;
- }
- versions->has_min_rpc_version = true;
- versions->min_rpc_version.has_major = true;
- versions->min_rpc_version.has_minor = true;
- versions->min_rpc_version.major = min_major;
- versions->min_rpc_version.minor = min_minor;
- return true;
-}
-
-size_t grpc_gcp_rpc_protocol_versions_encode_length(
- const grpc_gcp_rpc_protocol_versions* versions) {
- if (versions == nullptr) {
- gpr_log(GPR_ERROR,
- "Invalid nullptr arguments to "
- "grpc_gcp_rpc_protocol_versions_encode_length().");
- return 0;
- }
- pb_ostream_t size_stream;
- memset(&size_stream, 0, sizeof(pb_ostream_t));
- if (!pb_encode(&size_stream, grpc_gcp_RpcProtocolVersions_fields, versions)) {
- gpr_log(GPR_ERROR, "nanopb error: %s", PB_GET_ERROR(&size_stream));
- return 0;
- }
- return size_stream.bytes_written;
-}
-
-bool grpc_gcp_rpc_protocol_versions_encode_to_raw_bytes(
- const grpc_gcp_rpc_protocol_versions* versions, uint8_t* bytes,
- size_t bytes_length) {
- if (versions == nullptr || bytes == nullptr || bytes_length == 0) {
- gpr_log(GPR_ERROR,
- "Invalid nullptr arguments to "
- "grpc_gcp_rpc_protocol_versions_encode_to_raw_bytes().");
- return false;
- }
- pb_ostream_t output_stream = pb_ostream_from_buffer(bytes, bytes_length);
- if (!pb_encode(&output_stream, grpc_gcp_RpcProtocolVersions_fields,
- versions)) {
- gpr_log(GPR_ERROR, "nanopb error: %s", PB_GET_ERROR(&output_stream));
- return false;
- }
- return true;
-}
-
-bool grpc_gcp_rpc_protocol_versions_encode(
- const grpc_gcp_rpc_protocol_versions* versions, grpc_slice* slice) {
- if (versions == nullptr || slice == nullptr) {
- gpr_log(GPR_ERROR,
- "Invalid nullptr arguments to "
- "grpc_gcp_rpc_protocol_versions_encode().");
- return false;
- }
- size_t encoded_length =
- grpc_gcp_rpc_protocol_versions_encode_length(versions);
- if (encoded_length == 0) return false;
- *slice = grpc_slice_malloc(encoded_length);
- return grpc_gcp_rpc_protocol_versions_encode_to_raw_bytes(
- versions, GRPC_SLICE_START_PTR(*slice), encoded_length);
-}
-
-bool grpc_gcp_rpc_protocol_versions_decode(
- grpc_slice slice, grpc_gcp_rpc_protocol_versions* versions) {
- if (versions == nullptr) {
- gpr_log(GPR_ERROR,
- "version is nullptr in "
- "grpc_gcp_rpc_protocol_versions_decode().");
- return false;
- }
- pb_istream_t stream = pb_istream_from_buffer(GRPC_SLICE_START_PTR(slice),
- GRPC_SLICE_LENGTH(slice));
- if (!pb_decode(&stream, grpc_gcp_RpcProtocolVersions_fields, versions)) {
- gpr_log(GPR_ERROR, "nanopb error: %s", PB_GET_ERROR(&stream));
- return false;
- }
- return true;
-}
-
-bool grpc_gcp_rpc_protocol_versions_copy(
- const grpc_gcp_rpc_protocol_versions* src,
- grpc_gcp_rpc_protocol_versions* dst) {
- if ((src == nullptr && dst != nullptr) ||
- (src != nullptr && dst == nullptr)) {
- gpr_log(GPR_ERROR,
- "Invalid arguments to "
- "grpc_gcp_rpc_protocol_versions_copy().");
- return false;
- }
- if (src == nullptr) {
- return true;
- }
- grpc_gcp_rpc_protocol_versions_set_max(dst, src->max_rpc_version.major,
- src->max_rpc_version.minor);
- grpc_gcp_rpc_protocol_versions_set_min(dst, src->min_rpc_version.major,
- src->min_rpc_version.minor);
- return true;
-}
-
-namespace grpc_core {
-namespace internal {
-
-int grpc_gcp_rpc_protocol_version_compare(
- const grpc_gcp_rpc_protocol_versions_version* v1,
- const grpc_gcp_rpc_protocol_versions_version* v2) {
- if ((v1->major > v2->major) ||
- (v1->major == v2->major && v1->minor > v2->minor)) {
- return 1;
- }
- if ((v1->major < v2->major) ||
- (v1->major == v2->major && v1->minor < v2->minor)) {
- return -1;
- }
- return 0;
-}
-
-} // namespace internal
-} // namespace grpc_core
-
-bool grpc_gcp_rpc_protocol_versions_check(
- const grpc_gcp_rpc_protocol_versions* local_versions,
- const grpc_gcp_rpc_protocol_versions* peer_versions,
- grpc_gcp_rpc_protocol_versions_version* highest_common_version) {
- if (local_versions == nullptr || peer_versions == nullptr) {
- gpr_log(GPR_ERROR,
- "Invalid arguments to "
- "grpc_gcp_rpc_protocol_versions_check().");
- return false;
- }
- /* max_common_version is MIN(local.max, peer.max) */
- const grpc_gcp_rpc_protocol_versions_version* max_common_version =
- grpc_core::internal::grpc_gcp_rpc_protocol_version_compare(
- &local_versions->max_rpc_version, &peer_versions->max_rpc_version) > 0
- ? &peer_versions->max_rpc_version
- : &local_versions->max_rpc_version;
- /* min_common_version is MAX(local.min, peer.min) */
- const grpc_gcp_rpc_protocol_versions_version* min_common_version =
- grpc_core::internal::grpc_gcp_rpc_protocol_version_compare(
- &local_versions->min_rpc_version, &peer_versions->min_rpc_version) > 0
- ? &local_versions->min_rpc_version
- : &peer_versions->min_rpc_version;
- bool result = grpc_core::internal::grpc_gcp_rpc_protocol_version_compare(
- max_common_version, min_common_version) >= 0
- ? true
- : false;
- if (result && highest_common_version != nullptr) {
- memcpy(highest_common_version, max_common_version,
- sizeof(grpc_gcp_rpc_protocol_versions_version));
- }
- return result;
-}
diff --git a/src/core/tsi/alts/handshaker/transport_security_common_api.h b/src/core/tsi/alts/handshaker/transport_security_common_api.h
deleted file mode 100644
index 68228cb3b5..0000000000
--- a/src/core/tsi/alts/handshaker/transport_security_common_api.h
+++ /dev/null
@@ -1,163 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#ifndef GRPC_CORE_TSI_ALTS_HANDSHAKER_TRANSPORT_SECURITY_COMMON_API_H
-#define GRPC_CORE_TSI_ALTS_HANDSHAKER_TRANSPORT_SECURITY_COMMON_API_H
-
-#include <grpc/support/port_platform.h>
-
-#include "third_party/nanopb/pb_decode.h"
-#include "third_party/nanopb/pb_encode.h"
-
-#include <grpc/slice.h>
-#include <grpc/slice_buffer.h>
-#include <grpc/support/alloc.h>
-#include <grpc/support/log.h>
-
-#include "src/core/tsi/alts/handshaker/transport_security_common.pb.h"
-
-typedef grpc_gcp_RpcProtocolVersions grpc_gcp_rpc_protocol_versions;
-
-typedef grpc_gcp_RpcProtocolVersions_Version
- grpc_gcp_rpc_protocol_versions_version;
-
-/**
- * This method sets the value for max_rpc_versions field of rpc protocol
- * versions.
- *
- * - versions: an rpc protocol version instance.
- * - max_major: a major version of maximum supported RPC version.
- * - max_minor: a minor version of maximum supported RPC version.
- *
- * The method returns true on success and false otherwise.
- */
-bool grpc_gcp_rpc_protocol_versions_set_max(
- grpc_gcp_rpc_protocol_versions* versions, uint32_t max_major,
- uint32_t max_minor);
-
-/**
- * This method sets the value for min_rpc_versions field of rpc protocol
- * versions.
- *
- * - versions: an rpc protocol version instance.
- * - min_major: a major version of minimum supported RPC version.
- * - min_minor: a minor version of minimum supported RPC version.
- *
- * The method returns true on success and false otherwise.
- */
-bool grpc_gcp_rpc_protocol_versions_set_min(
- grpc_gcp_rpc_protocol_versions* versions, uint32_t min_major,
- uint32_t min_minor);
-
-/**
- * This method computes serialized byte length of rpc protocol versions.
- *
- * - versions: an rpc protocol versions instance.
- *
- * The method returns serialized byte length. It returns 0 on failure.
- */
-size_t grpc_gcp_rpc_protocol_versions_encode_length(
- const grpc_gcp_rpc_protocol_versions* versions);
-
-/**
- * This method serializes rpc protocol versions and writes the result to
- * the memory buffer provided by the caller. Caller is responsible for
- * allocating sufficient memory to store the serialized data.
- *
- * - versions: an rpc protocol versions instance.
- * - bytes: bytes buffer where the result will be written to.
- * - bytes_length: length of the bytes buffer.
- *
- * The method returns true on success and false otherwise.
- */
-bool grpc_gcp_rpc_protocol_versions_encode_to_raw_bytes(
- const grpc_gcp_rpc_protocol_versions* versions, uint8_t* bytes,
- size_t bytes_length);
-
-/**
- * This method serializes an rpc protocol version and returns serialized rpc
- * versions in grpc slice.
- *
- * - versions: an rpc protocol versions instance.
- * - slice: grpc slice where the serialized result will be written.
- *
- * The method returns true on success and false otherwise.
- */
-bool grpc_gcp_rpc_protocol_versions_encode(
- const grpc_gcp_rpc_protocol_versions* versions, grpc_slice* slice);
-
-/**
- * This method de-serializes input in grpc slice form and stores the result
- * in rpc protocol versions.
- *
- * - slice: a data stream containing a serialized rpc protocol version.
- * - versions: an rpc protocol version instance used to hold de-serialized
- * result.
- *
- * The method returns true on success and false otherwise.
- */
-bool grpc_gcp_rpc_protocol_versions_decode(
- grpc_slice slice, grpc_gcp_rpc_protocol_versions* versions);
-
-/**
- * This method performs a deep copy operation on rpc protocol versions
- * instance.
- *
- * - src: rpc protocol versions instance that needs to be copied.
- * - dst: rpc protocol versions instance that stores the copied result.
- *
- * The method returns true on success and false otherwise.
- */
-bool grpc_gcp_rpc_protocol_versions_copy(
- const grpc_gcp_rpc_protocol_versions* src,
- grpc_gcp_rpc_protocol_versions* dst);
-
-/**
- * This method performs a version check between local and peer rpc protocol
- * versions.
- *
- * - local_versions: local rpc protocol versions instance.
- * - peer_versions: peer rpc protocol versions instance.
- * - highest_common_version: an output parameter that will store the highest
- * common rpc protocol version both parties agreed on.
- *
- * The method returns true if the check passes which means both parties agreed
- * on a common rpc protocol to use, and false otherwise.
- */
-bool grpc_gcp_rpc_protocol_versions_check(
- const grpc_gcp_rpc_protocol_versions* local_versions,
- const grpc_gcp_rpc_protocol_versions* peer_versions,
- grpc_gcp_rpc_protocol_versions_version* highest_common_version);
-
-namespace grpc_core {
-namespace internal {
-
-/**
- * Exposed for testing only.
- * The method returns 0 if v1 = v2,
- * returns 1 if v1 > v2,
- * returns -1 if v1 < v2.
- */
-int grpc_gcp_rpc_protocol_version_compare(
- const grpc_gcp_rpc_protocol_versions_version* v1,
- const grpc_gcp_rpc_protocol_versions_version* v2);
-
-} // namespace internal
-} // namespace grpc_core
-
-#endif /* GRPC_CORE_TSI_ALTS_HANDSHAKER_TRANSPORT_SECURITY_COMMON_API_H */
diff --git a/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc b/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc
deleted file mode 100644
index 7ba03eb7f0..0000000000
--- a/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc
+++ /dev/null
@@ -1,180 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <grpc/support/port_platform.h>
-
-#include "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h"
-
-#include <grpc/support/alloc.h>
-#include <grpc/support/log.h>
-
-#include "src/core/lib/slice/slice_internal.h"
-#include "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h"
-#include "src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h"
-
-/* Main struct for alts_grpc_integrity_only_record_protocol. */
-typedef struct alts_grpc_integrity_only_record_protocol {
- alts_grpc_record_protocol base;
- grpc_slice_buffer data_sb;
- unsigned char* tag_buf;
-} alts_grpc_integrity_only_record_protocol;
-
-/* --- alts_grpc_record_protocol methods implementation. --- */
-
-static tsi_result alts_grpc_integrity_only_protect(
- alts_grpc_record_protocol* rp, grpc_slice_buffer* unprotected_slices,
- grpc_slice_buffer* protected_slices) {
- /* Input sanity check. */
- if (rp == nullptr || unprotected_slices == nullptr ||
- protected_slices == nullptr) {
- gpr_log(GPR_ERROR,
- "Invalid nullptr arguments to alts_grpc_record_protocol protect.");
- return TSI_INVALID_ARGUMENT;
- }
- /* Allocates memory for header and tag slices. */
- grpc_slice header_slice = GRPC_SLICE_MALLOC(rp->header_length);
- grpc_slice tag_slice = GRPC_SLICE_MALLOC(rp->tag_length);
- /* Calls alts_iovec_record_protocol protect. */
- char* error_details = nullptr;
- iovec_t header_iovec = {GRPC_SLICE_START_PTR(header_slice),
- GRPC_SLICE_LENGTH(header_slice)};
- iovec_t tag_iovec = {GRPC_SLICE_START_PTR(tag_slice),
- GRPC_SLICE_LENGTH(tag_slice)};
- alts_grpc_record_protocol_convert_slice_buffer_to_iovec(rp,
- unprotected_slices);
- grpc_status_code status = alts_iovec_record_protocol_integrity_only_protect(
- rp->iovec_rp, rp->iovec_buf, unprotected_slices->count, header_iovec,
- tag_iovec, &error_details);
- if (status != GRPC_STATUS_OK) {
- gpr_log(GPR_ERROR, "Failed to protect, %s", error_details);
- gpr_free(error_details);
- return TSI_INTERNAL_ERROR;
- }
- /* Appends result to protected_slices. */
- grpc_slice_buffer_add(protected_slices, header_slice);
- grpc_slice_buffer_move_into(unprotected_slices, protected_slices);
- grpc_slice_buffer_add(protected_slices, tag_slice);
- return TSI_OK;
-}
-
-static tsi_result alts_grpc_integrity_only_unprotect(
- alts_grpc_record_protocol* rp, grpc_slice_buffer* protected_slices,
- grpc_slice_buffer* unprotected_slices) {
- /* Input sanity check. */
- if (rp == nullptr || protected_slices == nullptr ||
- unprotected_slices == nullptr) {
- gpr_log(
- GPR_ERROR,
- "Invalid nullptr arguments to alts_grpc_record_protocol unprotect.");
- return TSI_INVALID_ARGUMENT;
- }
- if (protected_slices->length < rp->header_length + rp->tag_length) {
- gpr_log(GPR_ERROR, "Protected slices do not have sufficient data.");
- return TSI_INVALID_ARGUMENT;
- }
- /* In this method, rp points to alts_grpc_record_protocol struct
- * and integrity_only_record_protocol points to
- * alts_grpc_integrity_only_record_protocol struct. */
- alts_grpc_integrity_only_record_protocol* integrity_only_record_protocol =
- reinterpret_cast<alts_grpc_integrity_only_record_protocol*>(rp);
- /* Strips frame header from protected slices. */
- grpc_slice_buffer_reset_and_unref_internal(&rp->header_sb);
- grpc_slice_buffer_move_first(protected_slices, rp->header_length,
- &rp->header_sb);
- GPR_ASSERT(rp->header_sb.length == rp->header_length);
- iovec_t header_iovec = alts_grpc_record_protocol_get_header_iovec(rp);
- /* Moves protected slices data to data_sb and leaves the remaining tag. */
- grpc_slice_buffer_reset_and_unref_internal(
- &integrity_only_record_protocol->data_sb);
- grpc_slice_buffer_move_first(protected_slices,
- protected_slices->length - rp->tag_length,
- &integrity_only_record_protocol->data_sb);
- GPR_ASSERT(protected_slices->length == rp->tag_length);
- iovec_t tag_iovec = {nullptr, rp->tag_length};
- if (protected_slices->count == 1) {
- tag_iovec.iov_base = GRPC_SLICE_START_PTR(protected_slices->slices[0]);
- } else {
- /* Frame tag is in multiple slices, copies the tag bytes from slice
- * buffer to a single flat buffer. */
- alts_grpc_record_protocol_copy_slice_buffer(
- protected_slices, integrity_only_record_protocol->tag_buf);
- tag_iovec.iov_base = integrity_only_record_protocol->tag_buf;
- }
- /* Calls alts_iovec_record_protocol unprotect. */
- char* error_details = nullptr;
- alts_grpc_record_protocol_convert_slice_buffer_to_iovec(
- rp, &integrity_only_record_protocol->data_sb);
- grpc_status_code status = alts_iovec_record_protocol_integrity_only_unprotect(
- rp->iovec_rp, rp->iovec_buf,
- integrity_only_record_protocol->data_sb.count, header_iovec, tag_iovec,
- &error_details);
- if (status != GRPC_STATUS_OK) {
- gpr_log(GPR_ERROR, "Failed to unprotect, %s", error_details);
- gpr_free(error_details);
- return TSI_INTERNAL_ERROR;
- }
- grpc_slice_buffer_reset_and_unref_internal(&rp->header_sb);
- grpc_slice_buffer_reset_and_unref_internal(protected_slices);
- grpc_slice_buffer_move_into(&integrity_only_record_protocol->data_sb,
- unprotected_slices);
- return TSI_OK;
-}
-
-static void alts_grpc_integrity_only_destruct(alts_grpc_record_protocol* rp) {
- if (rp == nullptr) {
- return;
- }
- alts_grpc_integrity_only_record_protocol* integrity_only_rp =
- reinterpret_cast<alts_grpc_integrity_only_record_protocol*>(rp);
- grpc_slice_buffer_destroy_internal(&integrity_only_rp->data_sb);
- gpr_free(integrity_only_rp->tag_buf);
-}
-
-static const alts_grpc_record_protocol_vtable
- alts_grpc_integrity_only_record_protocol_vtable = {
- alts_grpc_integrity_only_protect, alts_grpc_integrity_only_unprotect,
- alts_grpc_integrity_only_destruct};
-
-tsi_result alts_grpc_integrity_only_record_protocol_create(
- gsec_aead_crypter* crypter, size_t overflow_size, bool is_client,
- bool is_protect, alts_grpc_record_protocol** rp) {
- if (crypter == nullptr || rp == nullptr) {
- gpr_log(GPR_ERROR,
- "Invalid nullptr arguments to alts_grpc_record_protocol create.");
- return TSI_INVALID_ARGUMENT;
- }
- alts_grpc_integrity_only_record_protocol* impl =
- static_cast<alts_grpc_integrity_only_record_protocol*>(
- gpr_zalloc(sizeof(alts_grpc_integrity_only_record_protocol)));
- /* Calls alts_grpc_record_protocol init. */
- tsi_result result = alts_grpc_record_protocol_init(
- &impl->base, crypter, overflow_size, is_client,
- /*is_integrity_only=*/true, is_protect);
- if (result != TSI_OK) {
- gpr_free(impl);
- return result;
- }
- /* Initializes slice buffer for data_sb. */
- grpc_slice_buffer_init(&impl->data_sb);
- /* Allocates tag buffer. */
- impl->tag_buf =
- static_cast<unsigned char*>(gpr_malloc(impl->base.tag_length));
- impl->base.vtable = &alts_grpc_integrity_only_record_protocol_vtable;
- *rp = &impl->base;
- return TSI_OK;
-}
diff --git a/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h b/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h
deleted file mode 100644
index 8d68b27e07..0000000000
--- a/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#ifndef GRPC_CORE_TSI_ALTS_ZERO_COPY_FRAME_PROTECTOR_ALTS_GRPC_INTEGRITY_ONLY_RECORD_PROTOCOL_H
-#define GRPC_CORE_TSI_ALTS_ZERO_COPY_FRAME_PROTECTOR_ALTS_GRPC_INTEGRITY_ONLY_RECORD_PROTOCOL_H
-
-#include <grpc/support/port_platform.h>
-
-#include <stdbool.h>
-
-#include "src/core/tsi/alts/crypt/gsec.h"
-#include "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h"
-
-/**
- * This method creates an integrity-only alts_grpc_record_protocol instance,
- * given a gsec_aead_crypter instance and a flag indicating if the created
- * instance will be used at the client or server side. The ownership of
- * gsec_aead_crypter instance is transferred to this new object.
- *
- * - crypter: a gsec_aead_crypter instance used to perform AEAD decryption.
- * - overflow_size: overflow size of counter in bytes.
- * - is_client: a flag indicating if the alts_grpc_record_protocol instance will
- * be used at the client or server side.
- * - is_protect: a flag indicating if the alts_grpc_record_protocol instance
- * will be used for protect or unprotect.
- * - rp: an alts_grpc_record_protocol instance to be returned from
- * the method.
- *
- * This method returns TSI_OK in case of success or a specific error code in
- * case of failure.
- */
-tsi_result alts_grpc_integrity_only_record_protocol_create(
- gsec_aead_crypter* crypter, size_t overflow_size, bool is_client,
- bool is_protect, alts_grpc_record_protocol** rp);
-
-#endif /* GRPC_CORE_TSI_ALTS_ZERO_COPY_FRAME_PROTECTOR_ALTS_GRPC_INTEGRITY_ONLY_RECORD_PROTOCOL_H \
- */
diff --git a/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc b/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc
deleted file mode 100644
index d4fd88d1e2..0000000000
--- a/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc
+++ /dev/null
@@ -1,144 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <grpc/support/port_platform.h>
-
-#include "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h"
-
-#include <grpc/support/alloc.h>
-#include <grpc/support/log.h>
-
-#include "src/core/lib/slice/slice_internal.h"
-#include "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h"
-#include "src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h"
-
-/* Privacy-integrity alts_grpc_record_protocol object uses the same struct
- * defined in alts_grpc_record_protocol_common.h. */
-
-/* --- alts_grpc_record_protocol methods implementation. --- */
-
-static tsi_result alts_grpc_privacy_integrity_protect(
- alts_grpc_record_protocol* rp, grpc_slice_buffer* unprotected_slices,
- grpc_slice_buffer* protected_slices) {
- /* Input sanity check. */
- if (rp == nullptr || unprotected_slices == nullptr ||
- protected_slices == nullptr) {
- gpr_log(GPR_ERROR,
- "Invalid nullptr arguments to alts_grpc_record_protocol protect.");
- return TSI_INVALID_ARGUMENT;
- }
- /* Allocates memory for output frame. In privacy-integrity protect, the
- * protected frame is stored in a newly allocated buffer. */
- size_t protected_frame_size =
- unprotected_slices->length + rp->header_length +
- alts_iovec_record_protocol_get_tag_length(rp->iovec_rp);
- grpc_slice protected_slice = GRPC_SLICE_MALLOC(protected_frame_size);
- iovec_t protected_iovec = {GRPC_SLICE_START_PTR(protected_slice),
- GRPC_SLICE_LENGTH(protected_slice)};
- /* Calls alts_iovec_record_protocol protect. */
- char* error_details = nullptr;
- alts_grpc_record_protocol_convert_slice_buffer_to_iovec(rp,
- unprotected_slices);
- grpc_status_code status =
- alts_iovec_record_protocol_privacy_integrity_protect(
- rp->iovec_rp, rp->iovec_buf, unprotected_slices->count,
- protected_iovec, &error_details);
- if (status != GRPC_STATUS_OK) {
- gpr_log(GPR_ERROR, "Failed to protect, %s", error_details);
- gpr_free(error_details);
- grpc_slice_unref(protected_slice);
- return TSI_INTERNAL_ERROR;
- }
- grpc_slice_buffer_add(protected_slices, protected_slice);
- grpc_slice_buffer_reset_and_unref_internal(unprotected_slices);
- return TSI_OK;
-}
-
-static tsi_result alts_grpc_privacy_integrity_unprotect(
- alts_grpc_record_protocol* rp, grpc_slice_buffer* protected_slices,
- grpc_slice_buffer* unprotected_slices) {
- /* Input sanity check. */
- if (rp == nullptr || protected_slices == nullptr ||
- unprotected_slices == nullptr) {
- gpr_log(
- GPR_ERROR,
- "Invalid nullptr arguments to alts_grpc_record_protocol unprotect.");
- return TSI_INVALID_ARGUMENT;
- }
- /* Allocates memory for output frame. In privacy-integrity unprotect, the
- * unprotected data are stored in a newly allocated buffer. */
- if (protected_slices->length < rp->header_length + rp->tag_length) {
- gpr_log(GPR_ERROR, "Protected slices do not have sufficient data.");
- return TSI_INVALID_ARGUMENT;
- }
- size_t unprotected_frame_size =
- protected_slices->length - rp->header_length - rp->tag_length;
- grpc_slice unprotected_slice = GRPC_SLICE_MALLOC(unprotected_frame_size);
- iovec_t unprotected_iovec = {GRPC_SLICE_START_PTR(unprotected_slice),
- GRPC_SLICE_LENGTH(unprotected_slice)};
- /* Strips frame header from protected slices. */
- grpc_slice_buffer_reset_and_unref_internal(&rp->header_sb);
- grpc_slice_buffer_move_first(protected_slices, rp->header_length,
- &rp->header_sb);
- iovec_t header_iovec = alts_grpc_record_protocol_get_header_iovec(rp);
- /* Calls alts_iovec_record_protocol unprotect. */
- char* error_details = nullptr;
- alts_grpc_record_protocol_convert_slice_buffer_to_iovec(rp, protected_slices);
- grpc_status_code status =
- alts_iovec_record_protocol_privacy_integrity_unprotect(
- rp->iovec_rp, header_iovec, rp->iovec_buf, protected_slices->count,
- unprotected_iovec, &error_details);
- if (status != GRPC_STATUS_OK) {
- gpr_log(GPR_ERROR, "Failed to unprotect, %s", error_details);
- gpr_free(error_details);
- grpc_slice_unref(unprotected_slice);
- return TSI_INTERNAL_ERROR;
- }
- grpc_slice_buffer_reset_and_unref_internal(&rp->header_sb);
- grpc_slice_buffer_reset_and_unref_internal(protected_slices);
- grpc_slice_buffer_add(unprotected_slices, unprotected_slice);
- return TSI_OK;
-}
-
-static const alts_grpc_record_protocol_vtable
- alts_grpc_privacy_integrity_record_protocol_vtable = {
- alts_grpc_privacy_integrity_protect,
- alts_grpc_privacy_integrity_unprotect, nullptr};
-
-tsi_result alts_grpc_privacy_integrity_record_protocol_create(
- gsec_aead_crypter* crypter, size_t overflow_size, bool is_client,
- bool is_protect, alts_grpc_record_protocol** rp) {
- if (crypter == nullptr || rp == nullptr) {
- gpr_log(GPR_ERROR,
- "Invalid nullptr arguments to alts_grpc_record_protocol create.");
- return TSI_INVALID_ARGUMENT;
- }
- auto* impl = static_cast<alts_grpc_record_protocol*>(
- gpr_zalloc(sizeof(alts_grpc_record_protocol)));
- /* Calls alts_grpc_record_protocol init. */
- tsi_result result =
- alts_grpc_record_protocol_init(impl, crypter, overflow_size, is_client,
- /*is_integrity_only=*/false, is_protect);
- if (result != TSI_OK) {
- gpr_free(impl);
- return result;
- }
- impl->vtable = &alts_grpc_privacy_integrity_record_protocol_vtable;
- *rp = impl;
- return TSI_OK;
-}
diff --git a/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h b/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h
deleted file mode 100644
index 1e34aef2d8..0000000000
--- a/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#ifndef GRPC_CORE_TSI_ALTS_ZERO_COPY_FRAME_PROTECTOR_ALTS_GRPC_PRIVACY_INTEGRITY_RECORD_PROTOCOL_H
-#define GRPC_CORE_TSI_ALTS_ZERO_COPY_FRAME_PROTECTOR_ALTS_GRPC_PRIVACY_INTEGRITY_RECORD_PROTOCOL_H
-
-#include <grpc/support/port_platform.h>
-
-#include <stdbool.h>
-
-#include "src/core/tsi/alts/crypt/gsec.h"
-#include "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h"
-
-/**
- * This method creates a privacy-integrity alts_grpc_record_protocol instance,
- * given a gsec_aead_crypter instance and a flag indicating if the created
- * instance will be used at the client or server side. The ownership of
- * gsec_aead_crypter instance is transferred to this new object.
- *
- * - crypter: a gsec_aead_crypter instance used to perform AEAD decryption.
- * - is_client: a flag indicating if the alts_grpc_record_protocol instance will
- * be used at the client or server side.
- * - rp: an alts_grpc_record_protocol instance to be returned from
- * the method.
- *
- * This method returns TSI_OK in case of success or a specific error code in
- * case of failure.
- */
-tsi_result alts_grpc_privacy_integrity_record_protocol_create(
- gsec_aead_crypter* crypter, size_t overflow_size, bool is_client,
- bool is_protect, alts_grpc_record_protocol** rp);
-
-#endif /* GRPC_CORE_TSI_ALTS_ZERO_COPY_FRAME_PROTECTOR_ALTS_GRPC_PRIVACY_INTEGRITY_RECORD_PROTOCOL_H \
- */
diff --git a/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h b/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h
deleted file mode 100644
index d1e433dac4..0000000000
--- a/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h
+++ /dev/null
@@ -1,91 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#ifndef GRPC_CORE_TSI_ALTS_ZERO_COPY_FRAME_PROTECTOR_ALTS_GRPC_RECORD_PROTOCOL_H
-#define GRPC_CORE_TSI_ALTS_ZERO_COPY_FRAME_PROTECTOR_ALTS_GRPC_RECORD_PROTOCOL_H
-
-#include <grpc/support/port_platform.h>
-
-#include <grpc/slice_buffer.h>
-
-#include "src/core/tsi/transport_security_interface.h"
-
-/**
- * This alts_grpc_record_protocol object protects and unprotects a single frame
- * stored in grpc slice buffer with zero or minimized memory copy.
- * Implementations of this object must be thread compatible.
- */
-typedef struct alts_grpc_record_protocol alts_grpc_record_protocol;
-
-/**
- * This methods performs protect operation on unprotected data and appends the
- * protected frame to protected_slices. The caller needs to ensure the length
- * of unprotected data plus the frame overhead is less than or equal to the
- * maximum frame length. The input unprotected data slice buffer will be
- * cleared, although the actual unprotected data bytes are not modified.
- *
- * - self: an alts_grpc_record_protocol instance.
- * - unprotected_slices: the unprotected data to be protected.
- * - protected_slices: slice buffer where the protected frame is appended.
- *
- * This method returns TSI_OK in case of success or a specific error code in
- * case of failure.
- */
-tsi_result alts_grpc_record_protocol_protect(
- alts_grpc_record_protocol* self, grpc_slice_buffer* unprotected_slices,
- grpc_slice_buffer* protected_slices);
-
-/**
- * This methods performs unprotect operation on a full frame of protected data
- * and appends unprotected data to unprotected_slices. It is the caller's
- * responsibility to prepare a full frame of data before calling this method.
- * The input protected frame slice buffer will be cleared, although the actual
- * protected data bytes are not modified.
- *
- * - self: an alts_grpc_record_protocol instance.
- * - protected_slices: a full frame of protected data in grpc slices.
- * - unprotected_slices: slice buffer where unprotected data is appended.
- *
- * This method returns TSI_OK in case of success or a specific error code in
- * case of failure.
- */
-tsi_result alts_grpc_record_protocol_unprotect(
- alts_grpc_record_protocol* self, grpc_slice_buffer* protected_slices,
- grpc_slice_buffer* unprotected_slices);
-
-/**
- * This method returns maximum allowed unprotected data size, given maximum
- * protected frame size.
- *
- * - self: an alts_grpc_record_protocol instance.
- * - max_protected_frame_size: maximum protected frame size.
- *
- * On success, the method returns the maximum allowed unprotected data size.
- * Otherwise, it returns zero.
- */
-size_t alts_grpc_record_protocol_max_unprotected_data_size(
- const alts_grpc_record_protocol* self, size_t max_protected_frame_size);
-
-/**
- * This method destroys an alts_grpc_record_protocol instance by de-allocating
- * all of its occupied memory.
- */
-void alts_grpc_record_protocol_destroy(alts_grpc_record_protocol* self);
-
-#endif /* GRPC_CORE_TSI_ALTS_ZERO_COPY_FRAME_PROTECTOR_ALTS_GRPC_RECORD_PROTOCOL_H \
- */
diff --git a/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc b/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc
deleted file mode 100644
index ff91aea350..0000000000
--- a/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc
+++ /dev/null
@@ -1,173 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <grpc/support/port_platform.h>
-
-#include "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h"
-
-#include <string.h>
-
-#include <grpc/support/alloc.h>
-#include <grpc/support/log.h>
-
-#include "src/core/lib/gpr/useful.h"
-#include "src/core/lib/slice/slice_internal.h"
-
-const size_t kInitialIovecBufferSize = 8;
-
-/* Makes sure iovec_buf in alts_grpc_record_protocol is large enough. */
-static void ensure_iovec_buf_size(alts_grpc_record_protocol* rp,
- const grpc_slice_buffer* sb) {
- GPR_ASSERT(rp != nullptr && sb != nullptr);
- if (sb->count <= rp->iovec_buf_length) {
- return;
- }
- /* At least double the iovec buffer size. */
- rp->iovec_buf_length = GPR_MAX(sb->count, 2 * rp->iovec_buf_length);
- rp->iovec_buf = static_cast<iovec_t*>(
- gpr_realloc(rp->iovec_buf, rp->iovec_buf_length * sizeof(iovec_t)));
-}
-
-/* --- Implementation of methods defined in tsi_grpc_record_protocol_common.h.
- * --- */
-
-void alts_grpc_record_protocol_convert_slice_buffer_to_iovec(
- alts_grpc_record_protocol* rp, const grpc_slice_buffer* sb) {
- GPR_ASSERT(rp != nullptr && sb != nullptr);
- ensure_iovec_buf_size(rp, sb);
- for (size_t i = 0; i < sb->count; i++) {
- rp->iovec_buf[i].iov_base = GRPC_SLICE_START_PTR(sb->slices[i]);
- rp->iovec_buf[i].iov_len = GRPC_SLICE_LENGTH(sb->slices[i]);
- }
-}
-
-void alts_grpc_record_protocol_copy_slice_buffer(const grpc_slice_buffer* src,
- unsigned char* dst) {
- GPR_ASSERT(src != nullptr && dst != nullptr);
- for (size_t i = 0; i < src->count; i++) {
- size_t slice_length = GRPC_SLICE_LENGTH(src->slices[i]);
- memcpy(dst, GRPC_SLICE_START_PTR(src->slices[i]), slice_length);
- dst += slice_length;
- }
-}
-
-iovec_t alts_grpc_record_protocol_get_header_iovec(
- alts_grpc_record_protocol* rp) {
- iovec_t header_iovec = {nullptr, 0};
- if (rp == nullptr) {
- return header_iovec;
- }
- header_iovec.iov_len = rp->header_length;
- if (rp->header_sb.count == 1) {
- header_iovec.iov_base = GRPC_SLICE_START_PTR(rp->header_sb.slices[0]);
- } else {
- /* Frame header is in multiple slices, copies the header bytes from slice
- * buffer to a single flat buffer. */
- alts_grpc_record_protocol_copy_slice_buffer(&rp->header_sb, rp->header_buf);
- header_iovec.iov_base = rp->header_buf;
- }
- return header_iovec;
-}
-
-tsi_result alts_grpc_record_protocol_init(alts_grpc_record_protocol* rp,
- gsec_aead_crypter* crypter,
- size_t overflow_size, bool is_client,
- bool is_integrity_only,
- bool is_protect) {
- if (rp == nullptr || crypter == nullptr) {
- gpr_log(GPR_ERROR,
- "Invalid nullptr arguments to alts_grpc_record_protocol init.");
- return TSI_INVALID_ARGUMENT;
- }
- /* Creates alts_iovec_record_protocol. */
- char* error_details = nullptr;
- grpc_status_code status = alts_iovec_record_protocol_create(
- crypter, overflow_size, is_client, is_integrity_only, is_protect,
- &rp->iovec_rp, &error_details);
- if (status != GRPC_STATUS_OK) {
- gpr_log(GPR_ERROR, "Failed to create alts_iovec_record_protocol, %s.",
- error_details);
- gpr_free(error_details);
- return TSI_INTERNAL_ERROR;
- }
- /* Allocates header slice buffer. */
- grpc_slice_buffer_init(&rp->header_sb);
- /* Allocates header buffer. */
- rp->header_length = alts_iovec_record_protocol_get_header_length();
- rp->header_buf = static_cast<unsigned char*>(gpr_malloc(rp->header_length));
- rp->tag_length = alts_iovec_record_protocol_get_tag_length(rp->iovec_rp);
- /* Allocates iovec buffer. */
- rp->iovec_buf_length = kInitialIovecBufferSize;
- rp->iovec_buf =
- static_cast<iovec_t*>(gpr_malloc(rp->iovec_buf_length * sizeof(iovec_t)));
- return TSI_OK;
-}
-
-/* --- Implementation of methods defined in tsi_grpc_record_protocol.h. --- */
-tsi_result alts_grpc_record_protocol_protect(
- alts_grpc_record_protocol* self, grpc_slice_buffer* unprotected_slices,
- grpc_slice_buffer* protected_slices) {
- if (grpc_core::ExecCtx::Get() == nullptr || self == nullptr ||
- self->vtable == nullptr || unprotected_slices == nullptr ||
- protected_slices == nullptr) {
- return TSI_INVALID_ARGUMENT;
- }
- if (self->vtable->protect == nullptr) {
- return TSI_UNIMPLEMENTED;
- }
- return self->vtable->protect(self, unprotected_slices, protected_slices);
-}
-
-tsi_result alts_grpc_record_protocol_unprotect(
- alts_grpc_record_protocol* self, grpc_slice_buffer* protected_slices,
- grpc_slice_buffer* unprotected_slices) {
- if (grpc_core::ExecCtx::Get() == nullptr || self == nullptr ||
- self->vtable == nullptr || protected_slices == nullptr ||
- unprotected_slices == nullptr) {
- return TSI_INVALID_ARGUMENT;
- }
- if (self->vtable->unprotect == nullptr) {
- return TSI_UNIMPLEMENTED;
- }
- return self->vtable->unprotect(self, protected_slices, unprotected_slices);
-}
-
-void alts_grpc_record_protocol_destroy(alts_grpc_record_protocol* self) {
- if (self == nullptr) {
- return;
- }
- if (self->vtable->destruct != nullptr) {
- self->vtable->destruct(self);
- }
- alts_iovec_record_protocol_destroy(self->iovec_rp);
- grpc_slice_buffer_destroy_internal(&self->header_sb);
- gpr_free(self->header_buf);
- gpr_free(self->iovec_buf);
- gpr_free(self);
-}
-
-/* Integrity-only and privacy-integrity share the same implementation. No need
- * to call vtable. */
-size_t alts_grpc_record_protocol_max_unprotected_data_size(
- const alts_grpc_record_protocol* self, size_t max_protected_frame_size) {
- if (self == nullptr) {
- return 0;
- }
- return alts_iovec_record_protocol_max_unprotected_data_size(
- self->iovec_rp, max_protected_frame_size);
-}
diff --git a/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h b/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h
deleted file mode 100644
index 43b8a4a2b8..0000000000
--- a/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#ifndef GRPC_CORE_TSI_ALTS_ZERO_COPY_FRAME_PROTECTOR_ALTS_GRPC_RECORD_PROTOCOL_COMMON_H
-#define GRPC_CORE_TSI_ALTS_ZERO_COPY_FRAME_PROTECTOR_ALTS_GRPC_RECORD_PROTOCOL_COMMON_H
-
-/**
- * this file contains alts_grpc_record_protocol internals and internal-only
- * helper functions. The public functions of alts_grpc_record_protocol are
- * defined in the alts_grpc_record_protocol.h.
- */
-
-#include <grpc/support/port_platform.h>
-
-#include "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h"
-#include "src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h"
-
-/* V-table for alts_grpc_record_protocol implementations. */
-typedef struct {
- tsi_result (*protect)(alts_grpc_record_protocol* self,
- grpc_slice_buffer* unprotected_slices,
- grpc_slice_buffer* protected_slices);
- tsi_result (*unprotect)(alts_grpc_record_protocol* self,
- grpc_slice_buffer* protected_slices,
- grpc_slice_buffer* unprotected_slices);
- void (*destruct)(alts_grpc_record_protocol* self);
-} alts_grpc_record_protocol_vtable;
-
-/* Main struct for alts_grpc_record_protocol implementation, shared by both
- * integrity-only record protocol and privacy-integrity record protocol.
- * Integrity-only record protocol has additional data elements.
- * Privacy-integrity record protocol uses this struct directly. */
-struct alts_grpc_record_protocol {
- const alts_grpc_record_protocol_vtable* vtable;
- alts_iovec_record_protocol* iovec_rp;
- grpc_slice_buffer header_sb;
- unsigned char* header_buf;
- size_t header_length;
- size_t tag_length;
- iovec_t* iovec_buf;
- size_t iovec_buf_length;
-};
-
-/**
- * Converts the slices of input sb into iovec_t's and puts the result into
- * rp->iovec_buf. Note that the actual data are not copied, only
- * pointers and lengths are copied.
- */
-void alts_grpc_record_protocol_convert_slice_buffer_to_iovec(
- alts_grpc_record_protocol* rp, const grpc_slice_buffer* sb);
-
-/**
- * Copies bytes from slice buffer to destination buffer. Caller is responsible
- * for allocating enough memory of destination buffer. This method is used for
- * copying frame header and tag in case they are stored in multiple slices.
- */
-void alts_grpc_record_protocol_copy_slice_buffer(const grpc_slice_buffer* src,
- unsigned char* dst);
-
-/**
- * This method returns an iovec object pointing to the frame header stored in
- * rp->header_sb. If the frame header is stored in multiple slices,
- * this method will copy the bytes in rp->header_sb to
- * rp->header_buf, and return an iovec object pointing to
- * rp->header_buf.
- */
-iovec_t alts_grpc_record_protocol_get_header_iovec(
- alts_grpc_record_protocol* rp);
-
-/**
- * Initializes an alts_grpc_record_protocol object, given a gsec_aead_crypter
- * instance, the overflow size of the counter in bytes, a flag indicating if the
- * object is used for client or server side, a flag indicating if it is used for
- * integrity-only or privacy-integrity mode, and a flag indicating if it is for
- * protect or unprotect. The ownership of gsec_aead_crypter object is
- * transferred to the alts_grpc_record_protocol object.
- */
-tsi_result alts_grpc_record_protocol_init(alts_grpc_record_protocol* rp,
- gsec_aead_crypter* crypter,
- size_t overflow_size, bool is_client,
- bool is_integrity_only,
- bool is_protect);
-
-#endif /* GRPC_CORE_TSI_ALTS_ZERO_COPY_FRAME_PROTECTOR_ALTS_GRPC_RECORD_PROTOCOL_COMMON_H \
- */
diff --git a/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc b/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc
deleted file mode 100644
index 6a548e50dd..0000000000
--- a/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc
+++ /dev/null
@@ -1,476 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <grpc/support/port_platform.h>
-
-#include "src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h"
-
-#include <stdlib.h>
-#include <string.h>
-
-#include <grpc/support/alloc.h>
-#include <grpc/support/log.h>
-
-#include "src/core/tsi/alts/frame_protector/alts_counter.h"
-
-struct alts_iovec_record_protocol {
- alts_counter* ctr;
- gsec_aead_crypter* crypter;
- size_t tag_length;
- bool is_integrity_only;
- bool is_protect;
-};
-
-/* Copies error message to destination. */
-static void maybe_copy_error_msg(const char* src, char** dst) {
- if (dst != nullptr && src != nullptr) {
- *dst = static_cast<char*>(gpr_malloc(strlen(src) + 1));
- memcpy(*dst, src, strlen(src) + 1);
- }
-}
-
-/* Appends error message to destination. */
-static void maybe_append_error_msg(const char* appendix, char** dst) {
- if (dst != nullptr && appendix != nullptr) {
- int dst_len = static_cast<int>(strlen(*dst));
- *dst = static_cast<char*>(realloc(*dst, dst_len + strlen(appendix) + 1));
- assert(*dst != nullptr);
- memcpy(*dst + dst_len, appendix, strlen(appendix) + 1);
- }
-}
-
-/* Use little endian to interpret a string of bytes as uint32_t. */
-static uint32_t load_32_le(const unsigned char* buffer) {
- return (((uint32_t)buffer[3]) << 24) | (((uint32_t)buffer[2]) << 16) |
- (((uint32_t)buffer[1]) << 8) | ((uint32_t)buffer[0]);
-}
-
-/* Store uint32_t as a string of little endian bytes. */
-static void store_32_le(uint32_t value, unsigned char* buffer) {
- buffer[3] = (unsigned char)(value >> 24) & 0xFF;
- buffer[2] = (unsigned char)(value >> 16) & 0xFF;
- buffer[1] = (unsigned char)(value >> 8) & 0xFF;
- buffer[0] = (unsigned char)(value)&0xFF;
-}
-
-/* Ensures header and tag iovec have sufficient length. */
-static grpc_status_code ensure_header_and_tag_length(
- const alts_iovec_record_protocol* rp, iovec_t header, iovec_t tag,
- char** error_details) {
- if (rp == nullptr) {
- return GRPC_STATUS_FAILED_PRECONDITION;
- }
- if (header.iov_base == nullptr) {
- maybe_copy_error_msg("Header is nullptr.", error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- if (header.iov_len != alts_iovec_record_protocol_get_header_length()) {
- maybe_copy_error_msg("Header length is incorrect.", error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- if (tag.iov_base == nullptr) {
- maybe_copy_error_msg("Tag is nullptr.", error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- if (tag.iov_len != rp->tag_length) {
- maybe_copy_error_msg("Tag length is incorrect.", error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- return GRPC_STATUS_OK;
-}
-
-/* Increments crypter counter and checks overflow. */
-static grpc_status_code increment_counter(alts_counter* counter,
- char** error_details) {
- if (counter == nullptr) {
- return GRPC_STATUS_FAILED_PRECONDITION;
- }
- bool is_overflow = false;
- grpc_status_code status =
- alts_counter_increment(counter, &is_overflow, error_details);
- if (status != GRPC_STATUS_OK) {
- return status;
- }
- if (is_overflow) {
- maybe_copy_error_msg("Crypter counter is overflowed.", error_details);
- return GRPC_STATUS_INTERNAL;
- }
- return GRPC_STATUS_OK;
-}
-
-/* Given an array of iovec, computes the total length of buffer. */
-static size_t get_total_length(const iovec_t* vec, size_t vec_length) {
- size_t total_length = 0;
- for (size_t i = 0; i < vec_length; ++i) {
- total_length += vec[i].iov_len;
- }
- return total_length;
-}
-
-/* Writes frame header given data and tag length. */
-static grpc_status_code write_frame_header(size_t data_length,
- unsigned char* header,
- char** error_details) {
- if (header == nullptr) {
- maybe_copy_error_msg("Header is nullptr.", error_details);
- return GRPC_STATUS_FAILED_PRECONDITION;
- }
- size_t frame_length = kZeroCopyFrameMessageTypeFieldSize + data_length;
- store_32_le(static_cast<uint32_t>(frame_length), header);
- store_32_le(kZeroCopyFrameMessageType,
- header + kZeroCopyFrameLengthFieldSize);
- return GRPC_STATUS_OK;
-}
-
-/* Verifies frame header given protected data length. */
-static grpc_status_code verify_frame_header(size_t data_length,
- unsigned char* header,
- char** error_details) {
- if (header == nullptr) {
- maybe_copy_error_msg("Header is nullptr.", error_details);
- return GRPC_STATUS_FAILED_PRECONDITION;
- }
- size_t frame_length = load_32_le(header);
- if (frame_length != kZeroCopyFrameMessageTypeFieldSize + data_length) {
- maybe_copy_error_msg("Bad frame length.", error_details);
- return GRPC_STATUS_INTERNAL;
- }
- size_t message_type = load_32_le(header + kZeroCopyFrameLengthFieldSize);
- if (message_type != kZeroCopyFrameMessageType) {
- maybe_copy_error_msg("Unsupported message type.", error_details);
- return GRPC_STATUS_INTERNAL;
- }
- return GRPC_STATUS_OK;
-}
-
-/* --- alts_iovec_record_protocol methods implementation. --- */
-
-size_t alts_iovec_record_protocol_get_header_length() {
- return kZeroCopyFrameHeaderSize;
-}
-
-size_t alts_iovec_record_protocol_get_tag_length(
- const alts_iovec_record_protocol* rp) {
- if (rp != nullptr) {
- return rp->tag_length;
- }
- return 0;
-}
-
-size_t alts_iovec_record_protocol_max_unprotected_data_size(
- const alts_iovec_record_protocol* rp, size_t max_protected_frame_size) {
- if (rp == nullptr) {
- return 0;
- }
- size_t overhead_bytes_size =
- kZeroCopyFrameMessageTypeFieldSize + rp->tag_length;
- if (max_protected_frame_size <= overhead_bytes_size) return 0;
- return max_protected_frame_size - overhead_bytes_size;
-}
-
-grpc_status_code alts_iovec_record_protocol_integrity_only_protect(
- alts_iovec_record_protocol* rp, const iovec_t* unprotected_vec,
- size_t unprotected_vec_length, iovec_t header, iovec_t tag,
- char** error_details) {
- /* Input sanity checks. */
- if (rp == nullptr) {
- maybe_copy_error_msg("Input iovec_record_protocol is nullptr.",
- error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- if (!rp->is_integrity_only) {
- maybe_copy_error_msg(
- "Integrity-only operations are not allowed for this object.",
- error_details);
- return GRPC_STATUS_FAILED_PRECONDITION;
- }
- if (!rp->is_protect) {
- maybe_copy_error_msg("Protect operations are not allowed for this object.",
- error_details);
- return GRPC_STATUS_FAILED_PRECONDITION;
- }
- grpc_status_code status =
- ensure_header_and_tag_length(rp, header, tag, error_details);
- if (status != GRPC_STATUS_OK) {
- return status;
- }
- /* Unprotected data should not be zero length. */
- size_t data_length =
- get_total_length(unprotected_vec, unprotected_vec_length);
- /* Sets frame header. */
- status = write_frame_header(data_length + rp->tag_length,
- static_cast<unsigned char*>(header.iov_base),
- error_details);
- if (status != GRPC_STATUS_OK) {
- return status;
- }
- /* Computes frame tag by calling AEAD crypter. */
- size_t bytes_written = 0;
- status = gsec_aead_crypter_encrypt_iovec(
- rp->crypter, alts_counter_get_counter(rp->ctr),
- alts_counter_get_size(rp->ctr), unprotected_vec, unprotected_vec_length,
- /* plaintext_vec = */ nullptr, /* plaintext_vec_length = */ 0, tag,
- &bytes_written, error_details);
- if (status != GRPC_STATUS_OK) {
- return status;
- }
- if (bytes_written != rp->tag_length) {
- maybe_copy_error_msg("Bytes written expects to be the same as tag length.",
- error_details);
- return GRPC_STATUS_INTERNAL;
- }
- /* Increments the crypter counter. */
- return increment_counter(rp->ctr, error_details);
-}
-
-grpc_status_code alts_iovec_record_protocol_integrity_only_unprotect(
- alts_iovec_record_protocol* rp, const iovec_t* protected_vec,
- size_t protected_vec_length, iovec_t header, iovec_t tag,
- char** error_details) {
- /* Input sanity checks. */
- if (rp == nullptr) {
- maybe_copy_error_msg("Input iovec_record_protocol is nullptr.",
- error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- if (!rp->is_integrity_only) {
- maybe_copy_error_msg(
- "Integrity-only operations are not allowed for this object.",
- error_details);
- return GRPC_STATUS_FAILED_PRECONDITION;
- }
- if (rp->is_protect) {
- maybe_copy_error_msg(
- "Unprotect operations are not allowed for this object.", error_details);
- return GRPC_STATUS_FAILED_PRECONDITION;
- }
- grpc_status_code status =
- ensure_header_and_tag_length(rp, header, tag, error_details);
- if (status != GRPC_STATUS_OK) return status;
- /* Protected data should not be zero length. */
- size_t data_length = get_total_length(protected_vec, protected_vec_length);
- /* Verifies frame header. */
- status = verify_frame_header(data_length + rp->tag_length,
- static_cast<unsigned char*>(header.iov_base),
- error_details);
- if (status != GRPC_STATUS_OK) {
- return status;
- }
- /* Verifies frame tag by calling AEAD crypter. */
- iovec_t plaintext = {nullptr, 0};
- size_t bytes_written = 0;
- status = gsec_aead_crypter_decrypt_iovec(
- rp->crypter, alts_counter_get_counter(rp->ctr),
- alts_counter_get_size(rp->ctr), protected_vec, protected_vec_length, &tag,
- 1, plaintext, &bytes_written, error_details);
- if (status != GRPC_STATUS_OK || bytes_written != 0) {
- maybe_append_error_msg(" Frame tag verification failed.", error_details);
- return GRPC_STATUS_INTERNAL;
- }
- /* Increments the crypter counter. */
- return increment_counter(rp->ctr, error_details);
-}
-
-grpc_status_code alts_iovec_record_protocol_privacy_integrity_protect(
- alts_iovec_record_protocol* rp, const iovec_t* unprotected_vec,
- size_t unprotected_vec_length, iovec_t protected_frame,
- char** error_details) {
- /* Input sanity checks. */
- if (rp == nullptr) {
- maybe_copy_error_msg("Input iovec_record_protocol is nullptr.",
- error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- if (rp->is_integrity_only) {
- maybe_copy_error_msg(
- "Privacy-integrity operations are not allowed for this object.",
- error_details);
- return GRPC_STATUS_FAILED_PRECONDITION;
- }
- if (!rp->is_protect) {
- maybe_copy_error_msg("Protect operations are not allowed for this object.",
- error_details);
- return GRPC_STATUS_FAILED_PRECONDITION;
- }
- /* Unprotected data should not be zero length. */
- size_t data_length =
- get_total_length(unprotected_vec, unprotected_vec_length);
- /* Ensures protected frame iovec has sufficient size. */
- if (protected_frame.iov_base == nullptr) {
- maybe_copy_error_msg("Protected frame is nullptr.", error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- if (protected_frame.iov_len !=
- alts_iovec_record_protocol_get_header_length() + data_length +
- rp->tag_length) {
- maybe_copy_error_msg("Protected frame size is incorrect.", error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- /* Writer frame header. */
- grpc_status_code status = write_frame_header(
- data_length + rp->tag_length,
- static_cast<unsigned char*>(protected_frame.iov_base), error_details);
- if (status != GRPC_STATUS_OK) {
- return status;
- }
- /* Encrypt unprotected data by calling AEAD crypter. */
- unsigned char* ciphertext_buffer =
- static_cast<unsigned char*>(protected_frame.iov_base) +
- alts_iovec_record_protocol_get_header_length();
- iovec_t ciphertext = {ciphertext_buffer, data_length + rp->tag_length};
- size_t bytes_written = 0;
- status = gsec_aead_crypter_encrypt_iovec(
- rp->crypter, alts_counter_get_counter(rp->ctr),
- alts_counter_get_size(rp->ctr), /* aad_vec = */ nullptr,
- /* aad_vec_length = */ 0, unprotected_vec, unprotected_vec_length,
- ciphertext, &bytes_written, error_details);
- if (status != GRPC_STATUS_OK) {
- return status;
- }
- if (bytes_written != data_length + rp->tag_length) {
- maybe_copy_error_msg(
- "Bytes written expects to be data length plus tag length.",
- error_details);
- return GRPC_STATUS_INTERNAL;
- }
- /* Increments the crypter counter. */
- return increment_counter(rp->ctr, error_details);
-}
-
-grpc_status_code alts_iovec_record_protocol_privacy_integrity_unprotect(
- alts_iovec_record_protocol* rp, iovec_t header,
- const iovec_t* protected_vec, size_t protected_vec_length,
- iovec_t unprotected_data, char** error_details) {
- /* Input sanity checks. */
- if (rp == nullptr) {
- maybe_copy_error_msg("Input iovec_record_protocol is nullptr.",
- error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- if (rp->is_integrity_only) {
- maybe_copy_error_msg(
- "Privacy-integrity operations are not allowed for this object.",
- error_details);
- return GRPC_STATUS_FAILED_PRECONDITION;
- }
- if (rp->is_protect) {
- maybe_copy_error_msg(
- "Unprotect operations are not allowed for this object.", error_details);
- return GRPC_STATUS_FAILED_PRECONDITION;
- }
- /* Protected data size should be no less than tag size. */
- size_t protected_data_length =
- get_total_length(protected_vec, protected_vec_length);
- if (protected_data_length < rp->tag_length) {
- maybe_copy_error_msg(
- "Protected data length should be more than the tag length.",
- error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- /* Ensures header has sufficient size. */
- if (header.iov_base == nullptr) {
- maybe_copy_error_msg("Header is nullptr.", error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- if (header.iov_len != alts_iovec_record_protocol_get_header_length()) {
- maybe_copy_error_msg("Header length is incorrect.", error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- /* Ensures unprotected data iovec has sufficient size. */
- if (unprotected_data.iov_len != protected_data_length - rp->tag_length) {
- maybe_copy_error_msg("Unprotected data size is incorrect.", error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- /* Verify frame header. */
- grpc_status_code status = verify_frame_header(
- protected_data_length, static_cast<unsigned char*>(header.iov_base),
- error_details);
- if (status != GRPC_STATUS_OK) {
- return status;
- }
- /* Decrypt protected data by calling AEAD crypter. */
- size_t bytes_written = 0;
- status = gsec_aead_crypter_decrypt_iovec(
- rp->crypter, alts_counter_get_counter(rp->ctr),
- alts_counter_get_size(rp->ctr), /* aad_vec = */ nullptr,
- /* aad_vec_length = */ 0, protected_vec, protected_vec_length,
- unprotected_data, &bytes_written, error_details);
- if (status != GRPC_STATUS_OK) {
- maybe_append_error_msg(" Frame decryption failed.", error_details);
- return GRPC_STATUS_INTERNAL;
- }
- if (bytes_written != protected_data_length - rp->tag_length) {
- maybe_copy_error_msg(
- "Bytes written expects to be protected data length minus tag length.",
- error_details);
- return GRPC_STATUS_INTERNAL;
- }
- /* Increments the crypter counter. */
- return increment_counter(rp->ctr, error_details);
-}
-
-grpc_status_code alts_iovec_record_protocol_create(
- gsec_aead_crypter* crypter, size_t overflow_size, bool is_client,
- bool is_integrity_only, bool is_protect, alts_iovec_record_protocol** rp,
- char** error_details) {
- if (crypter == nullptr || rp == nullptr) {
- maybe_copy_error_msg(
- "Invalid nullptr arguments to alts_iovec_record_protocol create.",
- error_details);
- return GRPC_STATUS_INVALID_ARGUMENT;
- }
- alts_iovec_record_protocol* impl = static_cast<alts_iovec_record_protocol*>(
- gpr_zalloc(sizeof(alts_iovec_record_protocol)));
- /* Gets counter length. */
- size_t counter_length = 0;
- grpc_status_code status =
- gsec_aead_crypter_nonce_length(crypter, &counter_length, error_details);
- if (status != GRPC_STATUS_OK) {
- goto cleanup;
- }
- /* Creates counters. */
- status =
- alts_counter_create(is_protect ? !is_client : is_client, counter_length,
- overflow_size, &impl->ctr, error_details);
- if (status != GRPC_STATUS_OK) {
- goto cleanup;
- }
- /* Gets tag length. */
- status =
- gsec_aead_crypter_tag_length(crypter, &impl->tag_length, error_details);
- if (status != GRPC_STATUS_OK) {
- goto cleanup;
- }
- impl->crypter = crypter;
- impl->is_integrity_only = is_integrity_only;
- impl->is_protect = is_protect;
- *rp = impl;
- return GRPC_STATUS_OK;
-cleanup:
- alts_counter_destroy(impl->ctr);
- gpr_free(impl);
- return GRPC_STATUS_FAILED_PRECONDITION;
-}
-
-void alts_iovec_record_protocol_destroy(alts_iovec_record_protocol* rp) {
- if (rp != nullptr) {
- alts_counter_destroy(rp->ctr);
- gsec_aead_crypter_destroy(rp->crypter);
- gpr_free(rp);
- }
-}
diff --git a/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h b/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h
deleted file mode 100644
index 0b7d1bf5bf..0000000000
--- a/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h
+++ /dev/null
@@ -1,199 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#ifndef GRPC_CORE_TSI_ALTS_ZERO_COPY_FRAME_PROTECTOR_ALTS_IOVEC_RECORD_PROTOCOL_H
-#define GRPC_CORE_TSI_ALTS_ZERO_COPY_FRAME_PROTECTOR_ALTS_IOVEC_RECORD_PROTOCOL_H
-
-#include <grpc/support/port_platform.h>
-
-#include <stdbool.h>
-
-#include "src/core/tsi/alts/crypt/gsec.h"
-
-constexpr size_t kZeroCopyFrameMessageType = 0x06;
-constexpr size_t kZeroCopyFrameLengthFieldSize = 4;
-constexpr size_t kZeroCopyFrameMessageTypeFieldSize = 4;
-constexpr size_t kZeroCopyFrameHeaderSize =
- kZeroCopyFrameLengthFieldSize + kZeroCopyFrameMessageTypeFieldSize;
-
-// Limit k on number of frames such that at most 2^(8 * k) frames can be sent.
-constexpr size_t kAltsRecordProtocolRekeyFrameLimit = 8;
-constexpr size_t kAltsRecordProtocolFrameLimit = 5;
-
-/* An implementation of alts record protocol. The API is thread-compatible. */
-
-typedef struct iovec iovec_t;
-
-typedef struct alts_iovec_record_protocol alts_iovec_record_protocol;
-
-/**
- * This method gets the length of record protocol frame header.
- */
-size_t alts_iovec_record_protocol_get_header_length();
-
-/**
- * This method gets the length of record protocol frame tag.
- *
- * - rp: an alts_iovec_record_protocol instance.
- *
- * On success, the method returns the length of record protocol frame tag.
- * Otherwise, it returns zero.
- */
-size_t alts_iovec_record_protocol_get_tag_length(
- const alts_iovec_record_protocol* rp);
-
-/**
- * This method returns maximum allowed unprotected data size, given maximum
- * protected frame size.
- *
- * - rp: an alts_iovec_record_protocol instance.
- * - max_protected_frame_size: maximum protected frame size.
- *
- * On success, the method returns the maximum allowed unprotected data size.
- * Otherwise, it returns zero.
- */
-size_t alts_iovec_record_protocol_max_unprotected_data_size(
- const alts_iovec_record_protocol* rp, size_t max_protected_frame_size);
-
-/**
- * This method performs integrity-only protect operation on a
- * alts_iovec_record_protocol instance, i.e., compute frame header and tag. The
- * caller needs to allocate the memory for header and tag prior to calling this
- * method.
- *
- * - rp: an alts_iovec_record_protocol instance.
- * - unprotected_vec: an iovec array containing unprotected data.
- * - unprotected_vec_length: the array length of unprotected_vec.
- * - header: an iovec containing the output frame header.
- * - tag: an iovec containing the output frame tag.
- * - error_details: a buffer containing an error message if the method does not
- * function correctly. It is OK to pass nullptr into error_details.
- *
- * On success, the method returns GRPC_STATUS_OK. Otherwise, it returns an
- * error status code along with its details specified in error_details (if
- * error_details is not nullptr).
- */
-grpc_status_code alts_iovec_record_protocol_integrity_only_protect(
- alts_iovec_record_protocol* rp, const iovec_t* unprotected_vec,
- size_t unprotected_vec_length, iovec_t header, iovec_t tag,
- char** error_details);
-
-/**
- * This method performs integrity-only unprotect operation on a
- * alts_iovec_record_protocol instance, i.e., verify frame header and tag.
- *
- * - rp: an alts_iovec_record_protocol instance.
- * - protected_vec: an iovec array containing protected data.
- * - protected_vec_length: the array length of protected_vec.
- * - header: an iovec containing the frame header.
- * - tag: an iovec containing the frame tag.
- * - error_details: a buffer containing an error message if the method does not
- * function correctly. It is OK to pass nullptr into error_details.
- *
- * On success, the method returns GRPC_STATUS_OK. Otherwise, it returns an
- * error status code along with its details specified in error_details (if
- * error_details is not nullptr).
- */
-grpc_status_code alts_iovec_record_protocol_integrity_only_unprotect(
- alts_iovec_record_protocol* rp, const iovec_t* protected_vec,
- size_t protected_vec_length, iovec_t header, iovec_t tag,
- char** error_details);
-
-/**
- * This method performs privacy-integrity protect operation on a
- * alts_iovec_record_protocol instance, i.e., compute a protected frame. The
- * caller needs to allocate the memory for the protected frame prior to calling
- * this method.
- *
- * - rp: an alts_iovec_record_protocol instance.
- * - unprotected_vec: an iovec array containing unprotected data.
- * - unprotected_vec_length: the array length of unprotected_vec.
- * - protected_frame: an iovec containing the output protected frame.
- * - error_details: a buffer containing an error message if the method does not
- * function correctly. It is OK to pass nullptr into error_details.
- *
- * On success, the method returns GRPC_STATUS_OK. Otherwise, it returns an
- * error status code along with its details specified in error_details (if
- * error_details is not nullptr).
- */
-grpc_status_code alts_iovec_record_protocol_privacy_integrity_protect(
- alts_iovec_record_protocol* rp, const iovec_t* unprotected_vec,
- size_t unprotected_vec_length, iovec_t protected_frame,
- char** error_details);
-
-/**
- * This method performs privacy-integrity unprotect operation on a
- * alts_iovec_record_protocol instance given a full protected frame, i.e.,
- * compute the unprotected data. The caller needs to allocated the memory for
- * the unprotected data prior to calling this method.
- *
- * - rp: an alts_iovec_record_protocol instance.
- * - header: an iovec containing the frame header.
- * - protected_vec: an iovec array containing protected data including the tag.
- * - protected_vec_length: the array length of protected_vec.
- * - unprotected_data: an iovec containing the output unprotected data.
- * - error_details: a buffer containing an error message if the method does not
- * function correctly. It is OK to pass nullptr into error_details.
- *
- * On success, the method returns GRPC_STATUS_OK. Otherwise, it returns an
- * error status code along with its details specified in error_details (if
- * error_details is not nullptr).
- */
-grpc_status_code alts_iovec_record_protocol_privacy_integrity_unprotect(
- alts_iovec_record_protocol* rp, iovec_t header,
- const iovec_t* protected_vec, size_t protected_vec_length,
- iovec_t unprotected_data, char** error_details);
-
-/**
- * This method creates an alts_iovec_record_protocol instance, given a
- * gsec_aead_crypter instance, a flag indicating if the created instance will be
- * used at the client or server side, and a flag indicating if the created
- * instance will be used for integrity-only mode or privacy-integrity mode. The
- * ownership of gsec_aead_crypter instance is transferred to this new object.
- *
- * - crypter: a gsec_aead_crypter instance used to perform AEAD decryption.
- * - overflow_size: overflow size of counter in bytes.
- * - is_client: a flag indicating if the alts_iovec_record_protocol instance
- * will be used at the client or server side.
- * - is_integrity_only: a flag indicating if the alts_iovec_record_protocol
- * instance will be used for integrity-only or privacy-integrity mode.
- * - is_protect: a flag indicating if the alts_grpc_record_protocol instance
- * will be used for protect or unprotect.
- * - rp: an alts_iovec_record_protocol instance to be returned from
- * the method.
- * - error_details: a buffer containing an error message if the method does not
- * function correctly. It is OK to pass nullptr into error_details.
- *
- * On success, the method returns GRPC_STATUS_OK. Otherwise, it returns an
- * error status code along with its details specified in error_details (if
- * error_details is not nullptr).
- */
-grpc_status_code alts_iovec_record_protocol_create(
- gsec_aead_crypter* crypter, size_t overflow_size, bool is_client,
- bool is_integrity_only, bool is_protect, alts_iovec_record_protocol** rp,
- char** error_details);
-
-/**
- * This method destroys an alts_iovec_record_protocol instance by de-allocating
- * all of its occupied memory. A gsec_aead_crypter instance passed in at
- * gsec_alts_crypter instance creation time will be destroyed in this method.
- */
-void alts_iovec_record_protocol_destroy(alts_iovec_record_protocol* rp);
-
-#endif /* GRPC_CORE_TSI_ALTS_ZERO_COPY_FRAME_PROTECTOR_ALTS_IOVEC_RECORD_PROTOCOL_H \
- */
diff --git a/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc b/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc
deleted file mode 100644
index 8c764961b3..0000000000
--- a/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc
+++ /dev/null
@@ -1,295 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <grpc/support/port_platform.h>
-
-#include "src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h"
-
-#include <string.h>
-
-#include <grpc/support/alloc.h>
-#include <grpc/support/log.h>
-
-#include "src/core/lib/gpr/useful.h"
-#include "src/core/lib/slice/slice_internal.h"
-#include "src/core/tsi/alts/crypt/gsec.h"
-#include "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h"
-#include "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h"
-#include "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h"
-#include "src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h"
-#include "src/core/tsi/transport_security_grpc.h"
-
-constexpr size_t kMinFrameLength = 1024;
-constexpr size_t kDefaultFrameLength = 16 * 1024;
-constexpr size_t kMaxFrameLength = 1024 * 1024;
-
-/**
- * Main struct for alts_zero_copy_grpc_protector.
- * We choose to have two alts_grpc_record_protocol objects and two sets of slice
- * buffers: one for protect and the other for unprotect, so that protect and
- * unprotect can be executed in parallel. Implementations of this object must be
- * thread compatible.
- */
-typedef struct alts_zero_copy_grpc_protector {
- tsi_zero_copy_grpc_protector base;
- alts_grpc_record_protocol* record_protocol;
- alts_grpc_record_protocol* unrecord_protocol;
- size_t max_protected_frame_size;
- size_t max_unprotected_data_size;
- grpc_slice_buffer unprotected_staging_sb;
- grpc_slice_buffer protected_sb;
- grpc_slice_buffer protected_staging_sb;
- uint32_t parsed_frame_size;
-} alts_zero_copy_grpc_protector;
-
-/**
- * Given a slice buffer, parses the first 4 bytes little-endian unsigned frame
- * size and returns the total frame size including the frame field. Caller
- * needs to make sure the input slice buffer has at least 4 bytes. Returns true
- * on success and false on failure.
- */
-static bool read_frame_size(const grpc_slice_buffer* sb,
- uint32_t* total_frame_size) {
- if (sb == nullptr || sb->length < kZeroCopyFrameLengthFieldSize) {
- return false;
- }
- uint8_t frame_size_buffer[kZeroCopyFrameLengthFieldSize];
- uint8_t* buf = frame_size_buffer;
- /* Copies the first 4 bytes to a temporary buffer. */
- size_t remaining = kZeroCopyFrameLengthFieldSize;
- for (size_t i = 0; i < sb->count; i++) {
- size_t slice_length = GRPC_SLICE_LENGTH(sb->slices[i]);
- if (remaining <= slice_length) {
- memcpy(buf, GRPC_SLICE_START_PTR(sb->slices[i]), remaining);
- remaining = 0;
- break;
- } else {
- memcpy(buf, GRPC_SLICE_START_PTR(sb->slices[i]), slice_length);
- buf += slice_length;
- remaining -= slice_length;
- }
- }
- GPR_ASSERT(remaining == 0);
- /* Gets little-endian frame size. */
- uint32_t frame_size = (((uint32_t)frame_size_buffer[3]) << 24) |
- (((uint32_t)frame_size_buffer[2]) << 16) |
- (((uint32_t)frame_size_buffer[1]) << 8) |
- ((uint32_t)frame_size_buffer[0]);
- if (frame_size > kMaxFrameLength) {
- gpr_log(GPR_ERROR, "Frame size is larger than maximum frame size");
- return false;
- }
- /* Returns frame size including frame length field. */
- *total_frame_size =
- static_cast<uint32_t>(frame_size + kZeroCopyFrameLengthFieldSize);
- return true;
-}
-
-/**
- * Creates an alts_grpc_record_protocol object, given key, key size, and flags
- * to indicate whether the record_protocol object uses the rekeying AEAD,
- * whether the object is for client or server, whether the object is for
- * integrity-only or privacy-integrity mode, and whether the object is is used
- * for protect or unprotect.
- */
-static tsi_result create_alts_grpc_record_protocol(
- const uint8_t* key, size_t key_size, bool is_rekey, bool is_client,
- bool is_integrity_only, bool is_protect,
- alts_grpc_record_protocol** record_protocol) {
- if (key == nullptr || record_protocol == nullptr) {
- return TSI_INVALID_ARGUMENT;
- }
- grpc_status_code status;
- gsec_aead_crypter* crypter = nullptr;
- char* error_details = nullptr;
- status = gsec_aes_gcm_aead_crypter_create(key, key_size, kAesGcmNonceLength,
- kAesGcmTagLength, is_rekey,
- &crypter, &error_details);
- if (status != GRPC_STATUS_OK) {
- gpr_log(GPR_ERROR, "Failed to create AEAD crypter, %s", error_details);
- gpr_free(error_details);
- return TSI_INTERNAL_ERROR;
- }
- size_t overflow_limit = is_rekey ? kAltsRecordProtocolRekeyFrameLimit
- : kAltsRecordProtocolFrameLimit;
- /* Creates alts_grpc_record_protocol with AEAD crypter ownership transferred.
- */
- tsi_result result =
- is_integrity_only
- ? alts_grpc_integrity_only_record_protocol_create(
- crypter, overflow_limit, is_client, is_protect, record_protocol)
- : alts_grpc_privacy_integrity_record_protocol_create(
- crypter, overflow_limit, is_client, is_protect,
- record_protocol);
- if (result != TSI_OK) {
- gsec_aead_crypter_destroy(crypter);
- return result;
- }
- return TSI_OK;
-}
-
-/* --- tsi_zero_copy_grpc_protector methods implementation. --- */
-
-static tsi_result alts_zero_copy_grpc_protector_protect(
- tsi_zero_copy_grpc_protector* self, grpc_slice_buffer* unprotected_slices,
- grpc_slice_buffer* protected_slices) {
- if (self == nullptr || unprotected_slices == nullptr ||
- protected_slices == nullptr) {
- gpr_log(GPR_ERROR, "Invalid nullptr arguments to zero-copy grpc protect.");
- return TSI_INVALID_ARGUMENT;
- }
- alts_zero_copy_grpc_protector* protector =
- reinterpret_cast<alts_zero_copy_grpc_protector*>(self);
- /* Calls alts_grpc_record_protocol protect repeatly. */
- while (unprotected_slices->length > protector->max_unprotected_data_size) {
- grpc_slice_buffer_move_first(unprotected_slices,
- protector->max_unprotected_data_size,
- &protector->unprotected_staging_sb);
- tsi_result status = alts_grpc_record_protocol_protect(
- protector->record_protocol, &protector->unprotected_staging_sb,
- protected_slices);
- if (status != TSI_OK) {
- return status;
- }
- }
- return alts_grpc_record_protocol_protect(
- protector->record_protocol, unprotected_slices, protected_slices);
-}
-
-static tsi_result alts_zero_copy_grpc_protector_unprotect(
- tsi_zero_copy_grpc_protector* self, grpc_slice_buffer* protected_slices,
- grpc_slice_buffer* unprotected_slices) {
- if (self == nullptr || unprotected_slices == nullptr ||
- protected_slices == nullptr) {
- gpr_log(GPR_ERROR,
- "Invalid nullptr arguments to zero-copy grpc unprotect.");
- return TSI_INVALID_ARGUMENT;
- }
- alts_zero_copy_grpc_protector* protector =
- reinterpret_cast<alts_zero_copy_grpc_protector*>(self);
- grpc_slice_buffer_move_into(protected_slices, &protector->protected_sb);
- /* Keep unprotecting each frame if possible. */
- while (protector->protected_sb.length >= kZeroCopyFrameLengthFieldSize) {
- if (protector->parsed_frame_size == 0) {
- /* We have not parsed frame size yet. Parses frame size. */
- if (!read_frame_size(&protector->protected_sb,
- &protector->parsed_frame_size)) {
- grpc_slice_buffer_reset_and_unref_internal(&protector->protected_sb);
- return TSI_DATA_CORRUPTED;
- }
- }
- if (protector->protected_sb.length < protector->parsed_frame_size) break;
- /* At this point, protected_sb contains at least one frame of data. */
- tsi_result status;
- if (protector->protected_sb.length == protector->parsed_frame_size) {
- status = alts_grpc_record_protocol_unprotect(protector->unrecord_protocol,
- &protector->protected_sb,
- unprotected_slices);
- } else {
- grpc_slice_buffer_move_first(&protector->protected_sb,
- protector->parsed_frame_size,
- &protector->protected_staging_sb);
- status = alts_grpc_record_protocol_unprotect(
- protector->unrecord_protocol, &protector->protected_staging_sb,
- unprotected_slices);
- }
- protector->parsed_frame_size = 0;
- if (status != TSI_OK) {
- grpc_slice_buffer_reset_and_unref_internal(&protector->protected_sb);
- return status;
- }
- }
- return TSI_OK;
-}
-
-static void alts_zero_copy_grpc_protector_destroy(
- tsi_zero_copy_grpc_protector* self) {
- if (self == nullptr) {
- return;
- }
- alts_zero_copy_grpc_protector* protector =
- reinterpret_cast<alts_zero_copy_grpc_protector*>(self);
- alts_grpc_record_protocol_destroy(protector->record_protocol);
- alts_grpc_record_protocol_destroy(protector->unrecord_protocol);
- grpc_slice_buffer_destroy_internal(&protector->unprotected_staging_sb);
- grpc_slice_buffer_destroy_internal(&protector->protected_sb);
- grpc_slice_buffer_destroy_internal(&protector->protected_staging_sb);
- gpr_free(protector);
-}
-
-static const tsi_zero_copy_grpc_protector_vtable
- alts_zero_copy_grpc_protector_vtable = {
- alts_zero_copy_grpc_protector_protect,
- alts_zero_copy_grpc_protector_unprotect,
- alts_zero_copy_grpc_protector_destroy};
-
-tsi_result alts_zero_copy_grpc_protector_create(
- const uint8_t* key, size_t key_size, bool is_rekey, bool is_client,
- bool is_integrity_only, size_t* max_protected_frame_size,
- tsi_zero_copy_grpc_protector** protector) {
- if (grpc_core::ExecCtx::Get() == nullptr || key == nullptr ||
- protector == nullptr) {
- gpr_log(
- GPR_ERROR,
- "Invalid nullptr arguments to alts_zero_copy_grpc_protector create.");
- return TSI_INVALID_ARGUMENT;
- }
- /* Creates alts_zero_copy_protector. */
- alts_zero_copy_grpc_protector* impl =
- static_cast<alts_zero_copy_grpc_protector*>(
- gpr_zalloc(sizeof(alts_zero_copy_grpc_protector)));
- /* Creates alts_grpc_record_protocol objects. */
- tsi_result status = create_alts_grpc_record_protocol(
- key, key_size, is_rekey, is_client, is_integrity_only,
- /*is_protect=*/true, &impl->record_protocol);
- if (status == TSI_OK) {
- status = create_alts_grpc_record_protocol(
- key, key_size, is_rekey, is_client, is_integrity_only,
- /*is_protect=*/false, &impl->unrecord_protocol);
- if (status == TSI_OK) {
- /* Sets maximum frame size. */
- size_t max_protected_frame_size_to_set = kDefaultFrameLength;
- if (max_protected_frame_size != nullptr) {
- *max_protected_frame_size =
- GPR_MIN(*max_protected_frame_size, kMaxFrameLength);
- *max_protected_frame_size =
- GPR_MAX(*max_protected_frame_size, kMinFrameLength);
- max_protected_frame_size_to_set = *max_protected_frame_size;
- }
- impl->max_protected_frame_size = max_protected_frame_size_to_set;
- impl->max_unprotected_data_size =
- alts_grpc_record_protocol_max_unprotected_data_size(
- impl->record_protocol, max_protected_frame_size_to_set);
- GPR_ASSERT(impl->max_unprotected_data_size > 0);
- /* Allocates internal slice buffers. */
- grpc_slice_buffer_init(&impl->unprotected_staging_sb);
- grpc_slice_buffer_init(&impl->protected_sb);
- grpc_slice_buffer_init(&impl->protected_staging_sb);
- impl->parsed_frame_size = 0;
- impl->base.vtable = &alts_zero_copy_grpc_protector_vtable;
- *protector = &impl->base;
- return TSI_OK;
- }
- }
-
- /* Cleanup if create failed. */
- alts_grpc_record_protocol_destroy(impl->record_protocol);
- alts_grpc_record_protocol_destroy(impl->unrecord_protocol);
- gpr_free(impl);
- return TSI_INTERNAL_ERROR;
-}
diff --git a/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h b/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h
deleted file mode 100644
index 71e953cfc1..0000000000
--- a/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#ifndef GRPC_CORE_TSI_ALTS_ZERO_COPY_FRAME_PROTECTOR_ALTS_ZERO_COPY_GRPC_PROTECTOR_H
-#define GRPC_CORE_TSI_ALTS_ZERO_COPY_FRAME_PROTECTOR_ALTS_ZERO_COPY_GRPC_PROTECTOR_H
-
-#include <grpc/support/port_platform.h>
-
-#include <stdbool.h>
-
-#include "src/core/tsi/transport_security_grpc.h"
-
-/**
- * This method creates an ALTS zero-copy grpc protector.
- *
- * - key: a symmetric key used to seal/unseal frames.
- * - key_size: the size of symmetric key.
- * - is_rekey: use rekeying AEAD crypter.
- * - is_client: a flag indicating if the protector will be used at client or
- * server side.
- * - is_integrity_only: a flag indicating if the protector instance will be
- * used for integrity-only or privacy-integrity mode.
- * - max_protected_frame_size: an in/out parameter indicating max frame size
- * to be used by the protector. If it is nullptr, the default frame size will
- * be used. Otherwise, the provided frame size will be adjusted (if not
- * falling into a valid frame range) and used.
- * - protector: a pointer to the zero-copy protector returned from the method.
- *
- * This method returns TSI_OK on success or a specific error code otherwise.
- */
-tsi_result alts_zero_copy_grpc_protector_create(
- const uint8_t* key, size_t key_size, bool is_rekey, bool is_client,
- bool is_integrity_only, size_t* max_protected_frame_size,
- tsi_zero_copy_grpc_protector** protector);
-
-#endif /* GRPC_CORE_TSI_ALTS_ZERO_COPY_FRAME_PROTECTOR_ALTS_ZERO_COPY_GRPC_PROTECTOR_H \
- */
diff --git a/src/python/grpcio/grpc_core_dependencies.py b/src/python/grpcio/grpc_core_dependencies.py
index dd3a8f963f..75156793f1 100644
--- a/src/python/grpcio/grpc_core_dependencies.py
+++ b/src/python/grpcio/grpc_core_dependencies.py
@@ -220,7 +220,6 @@ CORE_SOURCE_FILES = [
'src/core/ext/filters/http/server/http_server_filter.cc',
'src/core/lib/http/httpcli_security_connector.cc',
'src/core/lib/security/context/security_context.cc',
- 'src/core/lib/security/credentials/alts/alts_credentials.cc',
'src/core/lib/security/credentials/composite/composite_credentials.cc',
'src/core/lib/security/credentials/credentials.cc',
'src/core/lib/security/credentials/credentials_metadata.cc',
@@ -234,7 +233,6 @@ CORE_SOURCE_FILES = [
'src/core/lib/security/credentials/oauth2/oauth2_credentials.cc',
'src/core/lib/security/credentials/plugin/plugin_credentials.cc',
'src/core/lib/security/credentials/ssl/ssl_credentials.cc',
- 'src/core/lib/security/security_connector/alts_security_connector.cc',
'src/core/lib/security/security_connector/security_connector.cc',
'src/core/lib/security/transport/client_auth_filter.cc',
'src/core/lib/security/transport/secure_endpoint.cc',
@@ -244,45 +242,14 @@ CORE_SOURCE_FILES = [
'src/core/lib/security/transport/tsi_error.cc',
'src/core/lib/security/util/json_util.cc',
'src/core/lib/surface/init_secure.cc',
- 'src/core/tsi/alts/crypt/aes_gcm.cc',
- 'src/core/tsi/alts/crypt/gsec.cc',
- 'src/core/tsi/alts/frame_protector/alts_counter.cc',
- 'src/core/tsi/alts/frame_protector/alts_crypter.cc',
- 'src/core/tsi/alts/frame_protector/alts_frame_protector.cc',
- 'src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc',
- 'src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc',
- 'src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc',
- 'src/core/tsi/alts/frame_protector/frame_handler.cc',
- 'src/core/tsi/alts/handshaker/alts_handshaker_client.cc',
- 'src/core/tsi/alts/handshaker/alts_tsi_event.cc',
- 'src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc',
- 'src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc',
- 'src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc',
- 'src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc',
- 'src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc',
- 'src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc',
- 'src/core/lib/security/credentials/alts/check_gcp_environment.cc',
- 'src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc',
- 'src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc',
- 'src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc',
- 'src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc',
- 'src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc',
- 'src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc',
- 'src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc',
- 'src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc',
- 'src/core/tsi/alts/handshaker/alts_tsi_utils.cc',
- 'src/core/tsi/alts/handshaker/transport_security_common_api.cc',
- 'src/core/tsi/alts/handshaker/altscontext.pb.c',
- 'src/core/tsi/alts/handshaker/handshaker.pb.c',
- 'src/core/tsi/alts/handshaker/transport_security_common.pb.c',
- 'third_party/nanopb/pb_common.c',
- 'third_party/nanopb/pb_decode.c',
- 'third_party/nanopb/pb_encode.c',
+ 'src/core/tsi/alts_transport_security.cc',
+ 'src/core/tsi/fake_transport_security.cc',
+ 'src/core/tsi/ssl_transport_security.cc',
+ 'src/core/tsi/transport_security_grpc.cc',
'src/core/tsi/transport_security.cc',
'src/core/tsi/transport_security_adapter.cc',
- 'src/core/ext/transport/chttp2/client/insecure/channel_create.cc',
- 'src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc',
- 'src/core/ext/transport/chttp2/client/chttp2_connector.cc',
+ 'src/core/ext/transport/chttp2/server/chttp2_server.cc',
+ 'src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc',
'src/core/ext/filters/client_channel/backup_poller.cc',
'src/core/ext/filters/client_channel/channel_connectivity.cc',
'src/core/ext/filters/client_channel/client_channel.cc',
@@ -306,14 +273,11 @@ CORE_SOURCE_FILES = [
'src/core/ext/filters/client_channel/subchannel_index.cc',
'src/core/ext/filters/client_channel/uri_parser.cc',
'src/core/ext/filters/deadline/deadline_filter.cc',
- 'src/core/tsi/alts_transport_security.cc',
- 'src/core/tsi/fake_transport_security.cc',
- 'src/core/tsi/ssl_transport_security.cc',
- 'src/core/tsi/transport_security_grpc.cc',
- 'src/core/ext/transport/chttp2/server/chttp2_server.cc',
- 'src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc',
+ 'src/core/ext/transport/chttp2/client/chttp2_connector.cc',
'src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc',
'src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc',
+ 'src/core/ext/transport/chttp2/client/insecure/channel_create.cc',
+ 'src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc',
'src/core/ext/transport/inproc/inproc_plugin.cc',
'src/core/ext/transport/inproc/inproc_transport.cc',
'src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc',
@@ -322,6 +286,9 @@ CORE_SOURCE_FILES = [
'src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc',
'src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc',
'src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c',
+ 'third_party/nanopb/pb_common.c',
+ 'third_party/nanopb/pb_decode.c',
+ 'third_party/nanopb/pb_encode.c',
'src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc',
'src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc',
'src/core/ext/filters/client_channel/lb_policy/subchannel_list.cc',
diff --git a/templates/CMakeLists.txt.template b/templates/CMakeLists.txt.template
index ef4d7d710c..0f088436d1 100644
--- a/templates/CMakeLists.txt.template
+++ b/templates/CMakeLists.txt.template
@@ -138,8 +138,6 @@
## Some libraries are shared even with BUILD_SHARED_LIBRARIES=OFF
set(CMAKE_POSITION_INDEPENDENT_CODE TRUE)
-
- add_definitions(-DPB_FIELD_16BIT)
if (MSVC)
include(cmake/msvc_static_runtime.cmake)
diff --git a/templates/Makefile.template b/templates/Makefile.template
index 196d12f678..390847b4f2 100644
--- a/templates/Makefile.template
+++ b/templates/Makefile.template
@@ -221,8 +221,6 @@
% endif
% endfor
- DEFINES += PB_FIELD_16BIT
-
CPPFLAGS += $(CPPFLAGS_$(CONFIG))
CFLAGS += $(CFLAGS_$(CONFIG))
CXXFLAGS += $(CXXFLAGS_$(CONFIG))
diff --git a/templates/gRPC-Core.podspec.template b/templates/gRPC-Core.podspec.template
index 3e80d602e1..c28b78dbdf 100644
--- a/templates/gRPC-Core.podspec.template
+++ b/templates/gRPC-Core.podspec.template
@@ -144,7 +144,7 @@
}
s.default_subspecs = 'Interface', 'Implementation'
- s.compiler_flags = '-DGRPC_ARES=0', '-DPB_FIELD_16BIT'
+ s.compiler_flags = '-DGRPC_ARES=0'
s.libraries = 'c++'
# Like many other C libraries, gRPC-Core has its public headers under `include/<libname>/` and its
diff --git a/templates/grpc.gyp.template b/templates/grpc.gyp.template
index 2ea0d06ebd..3363082a83 100644
--- a/templates/grpc.gyp.template
+++ b/templates/grpc.gyp.template
@@ -60,11 +60,11 @@
% endfor
'cflags_c': [
'-Werror',
- '-std=c99',
+ '-std=c99'
],
'cflags_cc': [
'-Werror',
- '-std=c++11',
+ '-std=c++11'
],
'include_dirs': [
'.',
@@ -127,7 +127,7 @@
% endfor
'-stdlib=libc++',
'-std=c++11',
- '-Wno-error=deprecated-declarations',
+ '-Wno-error=deprecated-declarations'
],
% endif
},
diff --git a/test/core/security/BUILD b/test/core/security/BUILD
index 68de2d169f..9776e6d5fd 100644
--- a/test/core/security/BUILD
+++ b/test/core/security/BUILD
@@ -161,39 +161,3 @@ grpc_cc_binary(
"//test/core/util:grpc_test_util",
],
)
-
-grpc_cc_test(
- name = "check_gcp_environment_linux_test",
- srcs = ["check_gcp_environment_linux_test.cc"],
- language = "C++",
- deps = [
- "//:grpc",
- ],
-)
-
-grpc_cc_test(
- name = "check_gcp_environment_windows_test",
- srcs = ["check_gcp_environment_windows_test.cc"],
- language = "C++",
- deps = [
- "//:grpc",
- ],
-)
-
-grpc_cc_test(
- name = "grpc_alts_credentials_options_test",
- srcs = ["grpc_alts_credentials_options_test.cc"],
- language = "C++",
- deps = [
- "//:grpc",
- ],
-)
-
-grpc_cc_test(
- name = "alts_security_connector_test",
- srcs = ["alts_security_connector_test.cc"],
- language = "C++",
- deps = [
- "//:grpc",
- ],
-)
diff --git a/test/core/security/alts_security_connector_test.cc b/test/core/security/alts_security_connector_test.cc
deleted file mode 100644
index 103a493526..0000000000
--- a/test/core/security/alts_security_connector_test.cc
+++ /dev/null
@@ -1,166 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <grpc/grpc.h>
-#include <grpc/support/alloc.h>
-#include <grpc/support/log.h>
-
-#include "src/core/lib/security/security_connector/alts_security_connector.h"
-#include "src/core/lib/transport/transport.h"
-#include "src/core/tsi/alts/handshaker/alts_tsi_handshaker.h"
-#include "src/core/tsi/transport_security.h"
-
-using grpc_core::internal::grpc_alts_auth_context_from_tsi_peer;
-
-/* This file contains unit tests of grpc_alts_auth_context_from_tsi_peer(). */
-static void test_invalid_input_failure() {
- tsi_peer peer;
- grpc_auth_context* ctx;
- GPR_ASSERT(grpc_alts_auth_context_from_tsi_peer(nullptr, &ctx) ==
- GRPC_SECURITY_ERROR);
- GPR_ASSERT(grpc_alts_auth_context_from_tsi_peer(&peer, nullptr) ==
- GRPC_SECURITY_ERROR);
-}
-
-static void test_empty_certificate_type_failure() {
- tsi_peer peer;
- grpc_auth_context* ctx = nullptr;
- GPR_ASSERT(tsi_construct_peer(0, &peer) == TSI_OK);
- GPR_ASSERT(grpc_alts_auth_context_from_tsi_peer(&peer, &ctx) ==
- GRPC_SECURITY_ERROR);
- GPR_ASSERT(ctx == nullptr);
- tsi_peer_destruct(&peer);
-}
-
-static void test_empty_peer_property_failure() {
- tsi_peer peer;
- grpc_auth_context* ctx;
- GPR_ASSERT(tsi_construct_peer(1, &peer) == TSI_OK);
- GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
- TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_ALTS_CERTIFICATE_TYPE,
- &peer.properties[0]) == TSI_OK);
- GPR_ASSERT(grpc_alts_auth_context_from_tsi_peer(&peer, &ctx) ==
- GRPC_SECURITY_ERROR);
- GPR_ASSERT(ctx == nullptr);
- tsi_peer_destruct(&peer);
-}
-
-static void test_missing_rpc_protocol_versions_property_failure() {
- tsi_peer peer;
- grpc_auth_context* ctx;
- GPR_ASSERT(tsi_construct_peer(kTsiAltsNumOfPeerProperties, &peer) == TSI_OK);
- GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
- TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_ALTS_CERTIFICATE_TYPE,
- &peer.properties[0]) == TSI_OK);
- GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
- TSI_ALTS_SERVICE_ACCOUNT_PEER_PROPERTY, "alice",
- &peer.properties[1]) == TSI_OK);
- GPR_ASSERT(grpc_alts_auth_context_from_tsi_peer(&peer, &ctx) ==
- GRPC_SECURITY_ERROR);
- GPR_ASSERT(ctx == nullptr);
- tsi_peer_destruct(&peer);
-}
-
-static void test_unknown_peer_property_failure() {
- tsi_peer peer;
- grpc_auth_context* ctx;
- GPR_ASSERT(tsi_construct_peer(kTsiAltsNumOfPeerProperties, &peer) == TSI_OK);
- GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
- TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_ALTS_CERTIFICATE_TYPE,
- &peer.properties[0]) == TSI_OK);
- GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
- "unknown", "alice", &peer.properties[1]) == TSI_OK);
- GPR_ASSERT(grpc_alts_auth_context_from_tsi_peer(&peer, &ctx) ==
- GRPC_SECURITY_ERROR);
- GPR_ASSERT(ctx == nullptr);
- tsi_peer_destruct(&peer);
-}
-
-static bool test_identity(const grpc_auth_context* ctx,
- const char* expected_property_name,
- const char* expected_identity) {
- grpc_auth_property_iterator it;
- const grpc_auth_property* prop;
- GPR_ASSERT(grpc_auth_context_peer_is_authenticated(ctx));
- it = grpc_auth_context_peer_identity(ctx);
- prop = grpc_auth_property_iterator_next(&it);
- GPR_ASSERT(prop != nullptr);
- if (strcmp(prop->name, expected_property_name) != 0) {
- gpr_log(GPR_ERROR, "Expected peer identity property name %s and got %s.",
- expected_property_name, prop->name);
- return false;
- }
- if (strncmp(prop->value, expected_identity, prop->value_length) != 0) {
- gpr_log(GPR_ERROR, "Expected peer identity %s and got got %s.",
- expected_identity, prop->value);
- return false;
- }
- return true;
-}
-
-static void test_alts_peer_to_auth_context_success() {
- tsi_peer peer;
- grpc_auth_context* ctx;
- GPR_ASSERT(tsi_construct_peer(kTsiAltsNumOfPeerProperties, &peer) == TSI_OK);
- GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
- TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_ALTS_CERTIFICATE_TYPE,
- &peer.properties[0]) == TSI_OK);
- GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
- TSI_ALTS_SERVICE_ACCOUNT_PEER_PROPERTY, "alice",
- &peer.properties[1]) == TSI_OK);
- grpc_gcp_rpc_protocol_versions peer_versions;
- grpc_gcp_rpc_protocol_versions_set_max(&peer_versions,
- GRPC_PROTOCOL_VERSION_MAX_MAJOR,
- GRPC_PROTOCOL_VERSION_MAX_MINOR);
- grpc_gcp_rpc_protocol_versions_set_min(&peer_versions,
- GRPC_PROTOCOL_VERSION_MIN_MAJOR,
- GRPC_PROTOCOL_VERSION_MIN_MINOR);
- grpc_slice serialized_peer_versions;
- GPR_ASSERT(grpc_gcp_rpc_protocol_versions_encode(&peer_versions,
- &serialized_peer_versions));
-
- GPR_ASSERT(tsi_construct_string_peer_property(
- TSI_ALTS_RPC_VERSIONS,
- reinterpret_cast<char*>(
- GRPC_SLICE_START_PTR(serialized_peer_versions)),
- GRPC_SLICE_LENGTH(serialized_peer_versions),
- &peer.properties[2]) == TSI_OK);
- GPR_ASSERT(grpc_alts_auth_context_from_tsi_peer(&peer, &ctx) ==
- GRPC_SECURITY_OK);
- GPR_ASSERT(
- test_identity(ctx, TSI_ALTS_SERVICE_ACCOUNT_PEER_PROPERTY, "alice"));
- GRPC_AUTH_CONTEXT_UNREF(ctx, "test");
- grpc_slice_unref(serialized_peer_versions);
- tsi_peer_destruct(&peer);
-}
-
-int main(int argc, char** argv) {
- /* Test. */
- test_invalid_input_failure();
- test_empty_certificate_type_failure();
- test_empty_peer_property_failure();
- test_unknown_peer_property_failure();
- test_missing_rpc_protocol_versions_property_failure();
- test_alts_peer_to_auth_context_success();
-
- return 0;
-}
diff --git a/test/core/security/check_gcp_environment_linux_test.cc b/test/core/security/check_gcp_environment_linux_test.cc
deleted file mode 100644
index 6c436a3945..0000000000
--- a/test/core/security/check_gcp_environment_linux_test.cc
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include "src/core/lib/security/credentials/alts/check_gcp_environment.h"
-
-#if GPR_LINUX
-
-#include <stdio.h>
-#include <string.h>
-
-#include <grpc/support/alloc.h>
-#include <grpc/support/log.h>
-
-#include "src/core/lib/gpr/tmpfile.h"
-
-static bool check_bios_data_linux_test(const char* data) {
- /* Create a file with contents data. */
- char* filename = nullptr;
- FILE* fp = gpr_tmpfile("check_gcp_environment_test", &filename);
- GPR_ASSERT(filename != nullptr);
- GPR_ASSERT(fp != nullptr);
- GPR_ASSERT(fwrite(data, 1, strlen(data), fp) == strlen(data));
- fclose(fp);
- bool result = grpc_core::internal::check_bios_data(
- reinterpret_cast<const char*>(filename));
- /* Cleanup. */
- remove(filename);
- gpr_free(filename);
- return result;
-}
-
-static void test_gcp_environment_check_success() {
- /* Exact match. */
- GPR_ASSERT(check_bios_data_linux_test("Google"));
- GPR_ASSERT(check_bios_data_linux_test("Google Compute Engine"));
- /* With leading and trailing whitespaces. */
- GPR_ASSERT(check_bios_data_linux_test(" Google "));
- GPR_ASSERT(check_bios_data_linux_test("Google "));
- GPR_ASSERT(check_bios_data_linux_test(" Google"));
- GPR_ASSERT(check_bios_data_linux_test(" Google Compute Engine "));
- GPR_ASSERT(check_bios_data_linux_test("Google Compute Engine "));
- GPR_ASSERT(check_bios_data_linux_test(" Google Compute Engine"));
- /* With leading and trailing \t and \n. */
- GPR_ASSERT(check_bios_data_linux_test("\t\tGoogle Compute Engine\t"));
- GPR_ASSERT(check_bios_data_linux_test("Google Compute Engine\n"));
- GPR_ASSERT(check_bios_data_linux_test("\n\n\tGoogle Compute Engine \n\t\t"));
-}
-
-static void test_gcp_environment_check_failure() {
- GPR_ASSERT(!check_bios_data_linux_test("non_existing-file"));
- GPR_ASSERT(!check_bios_data_linux_test("Google-Chrome"));
- GPR_ASSERT(!check_bios_data_linux_test("Amazon"));
- GPR_ASSERT(!check_bios_data_linux_test("Google-Chrome\t\t"));
- GPR_ASSERT(!check_bios_data_linux_test("Amazon"));
-}
-
-int main(int argc, char** argv) {
- /* Tests. */
- test_gcp_environment_check_success();
- test_gcp_environment_check_failure();
- return 0;
-}
-
-#else // GPR_LINUX
-
-int main(int argc, char** argv) { return 0; }
-
-#endif // GPR_LINUX
diff --git a/test/core/security/check_gcp_environment_windows_test.cc b/test/core/security/check_gcp_environment_windows_test.cc
deleted file mode 100644
index 46179b747d..0000000000
--- a/test/core/security/check_gcp_environment_windows_test.cc
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include "src/core/lib/security/credentials/alts/check_gcp_environment.h"
-
-#ifdef GPR_WINDOWS
-
-#include <stdio.h>
-#include <string.h>
-
-#include <grpc/support/alloc.h>
-#include <grpc/support/log.h>
-#include "src/core/lib/gpr/tmpfile.h"
-
-static bool check_bios_data_windows_test(const char* data) {
- /* Create a file with contents data. */
- char* filename = nullptr;
- FILE* fp = gpr_tmpfile("check_gcp_environment_test", &filename);
- GPR_ASSERT(filename != nullptr);
- GPR_ASSERT(fp != nullptr);
- GPR_ASSERT(fwrite(data, 1, strlen(data), fp) == strlen(data));
- fclose(fp);
- bool result = grpc_core::internal::check_bios_data(
- reinterpret_cast<const char*>(filename));
- /* Cleanup. */
- remove(filename);
- gpr_free(filename);
- return result;
-}
-
-static void test_gcp_environment_check_success() {
- GPR_ASSERT(check_bios_data_windows_test("Google"));
- GPR_ASSERT(check_bios_data_windows_test("Google\n"));
- GPR_ASSERT(check_bios_data_windows_test("Google\r"));
- GPR_ASSERT(check_bios_data_windows_test("Google\r\n"));
- GPR_ASSERT(check_bios_data_windows_test(" Google \r\n"));
- GPR_ASSERT(check_bios_data_windows_test(" \t\t Google\r\n"));
- GPR_ASSERT(check_bios_data_windows_test(" \t\t Google\t\t \r\n"));
-}
-
-static void test_gcp_environment_check_failure() {
- GPR_ASSERT(!check_bios_data_windows_test("\t\tAmazon\n"));
- GPR_ASSERT(!check_bios_data_windows_test(" Amazon\r\n"));
-}
-
-int main(int argc, char** argv) {
- /* Tests. */
- test_gcp_environment_check_success();
- test_gcp_environment_check_failure();
- return 0;
-}
-#else // GPR_WINDOWS
-
-int main(int argc, char** argv) { return 0; }
-
-#endif // GPR_WINDOWS
diff --git a/test/core/security/grpc_alts_credentials_options_test.cc b/test/core/security/grpc_alts_credentials_options_test.cc
deleted file mode 100644
index 1217065507..0000000000
--- a/test/core/security/grpc_alts_credentials_options_test.cc
+++ /dev/null
@@ -1,118 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <grpc/grpc.h>
-#include <grpc/support/log.h>
-
-#include "src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h"
-
-#define ALTS_CLIENT_OPTIONS_TEST_TARGET_SERVICE_ACCOUNT_1 "abc@google.com"
-#define ALTS_CLIENT_OPTIONS_TEST_TARGET_SERVICE_ACCOUNT_2 "def@google.com"
-
-const size_t kTargetServiceAccountNum = 2;
-
-static void test_add_target_service_account_failure() {
- /* Initialization. */
- grpc_alts_credentials_options* options =
- grpc_alts_credentials_client_options_create();
- auto client_options =
- reinterpret_cast<grpc_alts_credentials_client_options*>(options);
-
- /* Test. */
- GPR_ASSERT(!grpc_alts_credentials_client_options_add_target_service_account(
- client_options, nullptr));
- GPR_ASSERT(!grpc_alts_credentials_client_options_add_target_service_account(
- nullptr, ALTS_CLIENT_OPTIONS_TEST_TARGET_SERVICE_ACCOUNT_1));
-
- /* Cleanup. */
- grpc_alts_credentials_options_destroy(options);
-}
-
-static void test_copy_client_options_failure() {
- /* Initialization. */
- grpc_alts_credentials_options* options =
- grpc_alts_credentials_client_options_create();
-
- /* Test. */
- GPR_ASSERT(grpc_alts_credentials_options_copy(nullptr) == nullptr);
-
- /* Cleanup. */
- grpc_alts_credentials_options_destroy(options);
-}
-
-static size_t get_target_service_account_num(
- grpc_alts_credentials_client_options* options) {
- size_t num = 0;
- target_service_account* node = options->target_account_list_head;
- while (node != nullptr) {
- num++;
- node = node->next;
- }
- return num;
-}
-
-static void test_client_options_api_success() {
- /* Initialization. */
- grpc_alts_credentials_options* options =
- grpc_alts_credentials_client_options_create();
- auto client_options =
- reinterpret_cast<grpc_alts_credentials_client_options*>(options);
-
- /* Set client options fields. */
- grpc_alts_credentials_client_options_add_target_service_account(
- client_options, ALTS_CLIENT_OPTIONS_TEST_TARGET_SERVICE_ACCOUNT_1);
- grpc_alts_credentials_client_options_add_target_service_account(
- client_options, ALTS_CLIENT_OPTIONS_TEST_TARGET_SERVICE_ACCOUNT_2);
-
- /* Validate client option fields. */
- GPR_ASSERT(get_target_service_account_num(client_options) ==
- kTargetServiceAccountNum);
- GPR_ASSERT(strcmp(client_options->target_account_list_head->data,
- ALTS_CLIENT_OPTIONS_TEST_TARGET_SERVICE_ACCOUNT_2) == 0);
- GPR_ASSERT(strcmp(client_options->target_account_list_head->next->data,
- ALTS_CLIENT_OPTIONS_TEST_TARGET_SERVICE_ACCOUNT_1) == 0);
-
- /* Perform a copy operation and validate its correctness. */
- grpc_alts_credentials_options* new_options =
- grpc_alts_credentials_options_copy(options);
- auto new_client_options =
- reinterpret_cast<grpc_alts_credentials_client_options*>(new_options);
-
- GPR_ASSERT(get_target_service_account_num(new_client_options) ==
- kTargetServiceAccountNum);
- GPR_ASSERT(strcmp(new_client_options->target_account_list_head->data,
- ALTS_CLIENT_OPTIONS_TEST_TARGET_SERVICE_ACCOUNT_2) == 0);
- GPR_ASSERT(strcmp(new_client_options->target_account_list_head->next->data,
- ALTS_CLIENT_OPTIONS_TEST_TARGET_SERVICE_ACCOUNT_1) == 0);
-
- /* Cleanup.*/
- grpc_alts_credentials_options_destroy(options);
- grpc_alts_credentials_options_destroy(new_options);
-}
-
-int main(int argc, char** argv) {
- /* Test. */
- test_add_target_service_account_failure();
- test_copy_client_options_failure();
- test_client_options_api_success();
- return 0;
-}
diff --git a/test/core/tsi/BUILD b/test/core/tsi/BUILD
index 8ac3e7687c..e28c0b5f84 100644
--- a/test/core/tsi/BUILD
+++ b/test/core/tsi/BUILD
@@ -16,7 +16,7 @@ load("//bazel:grpc_build_system.bzl", "grpc_cc_library", "grpc_cc_test", "grpc_c
licenses(["notice"]) # Apache v2
-grpc_package(name = "test/core/tsi", visibility = "public")
+grpc_package(name = "test/core/tsi")
grpc_cc_library(
name = "transport_security_test_lib",
diff --git a/test/core/tsi/alts/crypt/BUILD b/test/core/tsi/alts/crypt/BUILD
deleted file mode 100644
index 0057d7f6e6..0000000000
--- a/test/core/tsi/alts/crypt/BUILD
+++ /dev/null
@@ -1,38 +0,0 @@
-# Copyright 2018 gRPC authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-load("//bazel:grpc_build_system.bzl", "grpc_cc_library", "grpc_cc_test", "grpc_package")
-
-licenses(["notice"]) # Apache v2
-
-grpc_package(name = "crypt", visibility = "public")
-
-grpc_cc_library(
- name = "alts_crypt_test_util",
- srcs = ["gsec_test_util.cc"],
- hdrs = ["gsec_test_util.h"],
- deps = [
- "//:grpc",
- ],
-)
-
-grpc_cc_test(
- name = "alts_crypt_test",
- srcs = ["aes_gcm_test.cc"],
- language = "C++",
- deps = [
- ":alts_crypt_test_util",
- "//:grpc",
- ],
-)
diff --git a/test/core/tsi/alts/crypt/aes_gcm_test.cc b/test/core/tsi/alts/crypt/aes_gcm_test.cc
deleted file mode 100644
index 576dd8f27b..0000000000
--- a/test/core/tsi/alts/crypt/aes_gcm_test.cc
+++ /dev/null
@@ -1,2105 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include "src/core/tsi/alts/crypt/gsec.h"
-#include "test/core/tsi/alts/crypt/gsec_test_util.h"
-
-#include <grpc/support/alloc.h>
-#include <grpc/support/log.h>
-
-const size_t kTestMinTagLengthForCorruption = 8;
-const size_t kTestNumCrypters = 3;
-const size_t kTestMaxSlices = 5;
-const size_t kTestMaxLength = 1024;
-const size_t kTestNumEncryptions = 100;
-
-/* Struct for pre-generated test vector */
-typedef struct gsec_aead_test_vector {
- uint8_t* nonce;
- uint8_t* aad;
- uint8_t* key;
- uint8_t* plaintext;
- uint8_t* ciphertext_and_tag;
- size_t nonce_length;
- size_t aad_length;
- size_t key_length;
- size_t plaintext_length;
- size_t ciphertext_and_tag_length;
-} gsec_aead_test_vector;
-
-static void gsec_randomly_slice(uint8_t* input, size_t input_length,
- struct iovec** output, size_t* output_length) {
- if (input_length == 0) {
- *output = nullptr;
- *output_length = 0;
- return;
- }
- *output_length = gsec_test_bias_random_uint32(kTestMaxSlices) + 1;
- *output =
- static_cast<struct iovec*>(malloc(*output_length * sizeof(**output)));
- size_t i;
- for (i = 0; i < *output_length - 1; i++) {
- size_t slice_length =
- gsec_test_bias_random_uint32(static_cast<uint32_t>(input_length));
- struct iovec slice = {input, slice_length};
- (*output)[i] = slice;
- input += slice_length;
- input_length -= slice_length;
- }
- struct iovec slice = {input, input_length};
- (*output)[*output_length - 1] = slice;
-}
-
-static void gsec_assert_ok(grpc_status_code status, const char* error_detail) {
- char empty_string[] = "";
- if (error_detail == nullptr) {
- error_detail = empty_string;
- }
- if (status != GRPC_STATUS_OK) {
- fprintf(stderr, "Status is not ok: %s\n", error_detail);
- }
- GPR_ASSERT(status == GRPC_STATUS_OK);
-}
-
-static void gsec_test_random_encrypt_decrypt(gsec_aead_crypter* crypter,
- size_t aad_length,
- size_t message_length) {
- GPR_ASSERT(crypter != nullptr);
- size_t nonce_length, tag_length;
- uint8_t *nonce, *aad, *message;
- gsec_aead_crypter_nonce_length(crypter, &nonce_length, nullptr);
- gsec_aead_crypter_tag_length(crypter, &tag_length, nullptr);
-
- gsec_test_random_array(&nonce, nonce_length);
- gsec_test_random_array(&aad, aad_length);
- gsec_test_random_array(&message, message_length);
-
- /* Test encryption */
- size_t ciphertext_and_tag_length, ciphertext_bytes_written = 0;
- gsec_aead_crypter_max_ciphertext_and_tag_length(
- crypter, message_length, &ciphertext_and_tag_length, nullptr);
-
- uint8_t* ciphertext_and_tag =
- static_cast<uint8_t*>(gpr_malloc(ciphertext_and_tag_length));
-
- char* error_buffer = nullptr;
- gsec_assert_ok(
- gsec_aead_crypter_encrypt(crypter, nonce, nonce_length, aad, aad_length,
- message, message_length, ciphertext_and_tag,
- ciphertext_and_tag_length,
- &ciphertext_bytes_written, &error_buffer),
- error_buffer);
- GPR_ASSERT(message_length + tag_length == ciphertext_and_tag_length);
- GPR_ASSERT(ciphertext_bytes_written == ciphertext_and_tag_length);
-
- /* Test decryption */
- size_t plaintext_length, plaintext_bytes_written = 0;
- gsec_aead_crypter_max_plaintext_length(crypter, ciphertext_bytes_written,
- &plaintext_length, nullptr);
- uint8_t* plaintext = static_cast<uint8_t*>(gpr_malloc(plaintext_length));
- grpc_status_code status = gsec_aead_crypter_decrypt(
- crypter, nonce, nonce_length, aad, aad_length, ciphertext_and_tag,
- ciphertext_bytes_written, plaintext, plaintext_length,
- &plaintext_bytes_written, nullptr);
-
- GPR_ASSERT(status == GRPC_STATUS_OK);
- GPR_ASSERT(message_length == plaintext_bytes_written);
- GPR_ASSERT(memcmp(message, plaintext, message_length) == 0);
-
- /**
- * The returned plaintext will be zeroed if there was an authentication error.
- */
- uint8_t* zero_message = static_cast<uint8_t*>(gpr_zalloc(plaintext_length));
- if (tag_length >= kTestMinTagLengthForCorruption) {
- char* error_message;
- /* Corrupt nonce */
- if (nonce_length > 0) {
- plaintext_bytes_written = 0;
- uint8_t* corrupt_nonce;
- gsec_test_copy_and_alter_random_byte(nonce, &corrupt_nonce, nonce_length);
- status = gsec_aead_crypter_decrypt(
- crypter, corrupt_nonce, nonce_length, aad, aad_length,
- ciphertext_and_tag, ciphertext_bytes_written, plaintext,
- plaintext_length, &plaintext_bytes_written, &error_message);
-
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_FAILED_PRECONDITION, "Checking tag failed.",
- error_message));
- GPR_ASSERT(plaintext_bytes_written == 0);
- GPR_ASSERT(memcmp(zero_message, plaintext, plaintext_length) == 0);
- gpr_free(corrupt_nonce);
- gpr_free(error_message);
- }
-
- /* Corrupt ciphertext_and_tag */
- plaintext_bytes_written = 0;
- uint8_t* corrupt_ciphertext_and_tag;
- gsec_test_copy_and_alter_random_byte(ciphertext_and_tag,
- &corrupt_ciphertext_and_tag,
- ciphertext_and_tag_length);
- status = gsec_aead_crypter_decrypt(
- crypter, nonce, nonce_length, aad, aad_length,
- corrupt_ciphertext_and_tag, ciphertext_bytes_written, plaintext,
- plaintext_length, &plaintext_bytes_written, &error_message);
-
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_FAILED_PRECONDITION, error_message,
- "Checking tag failed"));
- GPR_ASSERT(plaintext_bytes_written == 0);
- GPR_ASSERT(memcmp(zero_message, plaintext, plaintext_length) == 0);
- gpr_free(error_message);
- gpr_free(corrupt_ciphertext_and_tag);
-
- /* Corrupt start of ciphertext_and_tag */
- plaintext_bytes_written = 0;
- gsec_test_copy(ciphertext_and_tag, &corrupt_ciphertext_and_tag,
- ciphertext_and_tag_length);
- (*corrupt_ciphertext_and_tag)++;
- status = gsec_aead_crypter_decrypt(
- crypter, nonce, nonce_length, aad, aad_length,
- corrupt_ciphertext_and_tag, ciphertext_bytes_written, plaintext,
- plaintext_length, &plaintext_bytes_written, &error_message);
- GPR_ASSERT(plaintext_bytes_written == 0);
- GPR_ASSERT(memcmp(zero_message, plaintext, plaintext_length) == 0);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_FAILED_PRECONDITION, error_message,
- "Checking tag failed"));
- gpr_free(error_message);
- gpr_free(corrupt_ciphertext_and_tag);
-
- /* Corrupt end of ciphertext_and_tag */
- plaintext_bytes_written = 0;
- gsec_test_copy(ciphertext_and_tag, &corrupt_ciphertext_and_tag,
- ciphertext_and_tag_length);
- (*(corrupt_ciphertext_and_tag + ciphertext_and_tag_length - 1))++;
-
- status = gsec_aead_crypter_decrypt(
- crypter, nonce, nonce_length, aad, aad_length,
- corrupt_ciphertext_and_tag, ciphertext_bytes_written, plaintext,
- plaintext_length, &plaintext_bytes_written, &error_message);
-
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_FAILED_PRECONDITION, error_message,
- "Checking tag failed"));
- GPR_ASSERT(plaintext_bytes_written == 0);
- GPR_ASSERT(memcmp(zero_message, plaintext, plaintext_length) == 0);
- gpr_free(error_message);
- gpr_free(corrupt_ciphertext_and_tag);
- }
-
- gpr_free(zero_message);
- gpr_free(nonce);
- gpr_free(aad);
- gpr_free(message);
- gpr_free(plaintext);
- gpr_free(ciphertext_and_tag);
-}
-
-static void gsec_test_encrypt_decrypt(gsec_aead_crypter* crypter) {
- GPR_ASSERT(crypter != nullptr);
- size_t aad_length, message_length;
- aad_length = gsec_test_bias_random_uint32(kTestMaxLength);
- message_length = gsec_test_bias_random_uint32(kTestMaxLength);
- gsec_test_random_encrypt_decrypt(crypter, aad_length, message_length);
- gsec_test_random_encrypt_decrypt(crypter, 0, message_length);
- gsec_test_random_encrypt_decrypt(crypter, aad_length, 0);
-}
-
-static void gsec_test_multiple_random_encrypt_decrypt(
- gsec_aead_crypter* crypter, size_t* aad_lengths, size_t* message_lengths,
- size_t count) {
- GPR_ASSERT(crypter != nullptr);
- size_t nonce_length, tag_length;
- uint8_t **nonces, **aads, **messages;
- nonces = static_cast<uint8_t**>(gpr_malloc(sizeof(uint8_t*) * count));
- aads = static_cast<uint8_t**>(gpr_malloc(sizeof(uint8_t*) * count));
- messages = static_cast<uint8_t**>(gpr_malloc(sizeof(uint8_t*) * count));
-
- gsec_aead_crypter_nonce_length(crypter, &nonce_length, nullptr);
- gsec_aead_crypter_tag_length(crypter, &tag_length, nullptr);
-
- size_t ind;
- for (ind = 0; ind < count; ind++) {
- size_t aad_length = (aad_lengths == nullptr) ? 0 : aad_lengths[ind];
- size_t message_length =
- (message_lengths == nullptr) ? 0 : message_lengths[ind];
- gsec_test_random_array(&(nonces[ind]), nonce_length);
- gsec_test_random_array(&(aads[ind]), aad_length);
- gsec_test_random_array(&(messages[ind]), message_length);
- }
-
- size_t* ciphertext_and_tag_lengths =
- static_cast<size_t*>(gpr_malloc(sizeof(size_t) * count));
- size_t* ciphertext_bytes_writtens =
- static_cast<size_t*>(gpr_malloc(sizeof(size_t) * count));
- size_t* plaintext_lengths =
- static_cast<size_t*>(gpr_malloc(sizeof(size_t) * count));
- size_t* plaintext_bytes_writtens =
- static_cast<size_t*>(gpr_malloc(sizeof(size_t) * count));
- uint8_t** ciphertext_and_tags =
- static_cast<uint8_t**>(gpr_malloc(sizeof(uint8_t*) * count));
- uint8_t** plaintexts =
- static_cast<uint8_t**>(gpr_malloc(sizeof(uint8_t*) * count));
-
- /* Do encryption */
- for (ind = 0; ind < count; ind++) {
- size_t aad_length = (aad_lengths == nullptr) ? 0 : aad_lengths[ind];
- size_t message_length =
- (message_lengths == nullptr) ? 0 : message_lengths[ind];
- gsec_aead_crypter_max_ciphertext_and_tag_length(
- crypter, message_length, &(ciphertext_and_tag_lengths[ind]), nullptr);
- ciphertext_and_tags[ind] =
- static_cast<uint8_t*>(gpr_malloc(ciphertext_and_tag_lengths[ind]));
- grpc_status_code status = gsec_aead_crypter_encrypt(
- crypter, nonces[ind], nonce_length, aads[ind], aad_length,
- messages[ind], message_length, ciphertext_and_tags[ind],
- ciphertext_and_tag_lengths[ind], &(ciphertext_bytes_writtens[ind]),
- nullptr);
- GPR_ASSERT(status == GRPC_STATUS_OK);
- GPR_ASSERT(message_length + tag_length == ciphertext_and_tag_lengths[ind]);
- GPR_ASSERT(ciphertext_bytes_writtens[ind] ==
- ciphertext_and_tag_lengths[ind]);
- }
- /* Do Decryption */
- for (ind = 0; ind < count; ind++) {
- size_t aad_length = (aad_lengths == nullptr) ? 0 : aad_lengths[ind];
- size_t message_length =
- (message_lengths == nullptr) ? 0 : message_lengths[ind];
- gsec_aead_crypter_max_plaintext_length(crypter,
- ciphertext_bytes_writtens[ind],
- &(plaintext_lengths[ind]), nullptr);
- plaintexts[ind] = static_cast<uint8_t*>(gpr_malloc(plaintext_lengths[ind]));
- grpc_status_code status = gsec_aead_crypter_decrypt(
- crypter, nonces[ind], nonce_length, aads[ind], aad_length,
- ciphertext_and_tags[ind], ciphertext_bytes_writtens[ind],
- plaintexts[ind], plaintext_lengths[ind],
- &(plaintext_bytes_writtens[ind]), nullptr);
- GPR_ASSERT(status == GRPC_STATUS_OK);
- GPR_ASSERT(message_length == plaintext_bytes_writtens[ind]);
- GPR_ASSERT(memcmp(messages[ind], plaintexts[ind], message_length) == 0);
- }
-
- /* Slice the plaintext and encrypt with iovecs */
- for (ind = 0; ind < count; ind++) {
- size_t aad_length = (aad_lengths == nullptr) ? 0 : aad_lengths[ind];
- struct iovec* aad_vecs = nullptr;
- size_t aad_vecs_length = 0;
- gsec_randomly_slice(aads[ind], aad_length, &aad_vecs, &aad_vecs_length);
- size_t message_length =
- (message_lengths == nullptr) ? 0 : message_lengths[ind];
- struct iovec* message_vecs = nullptr;
- size_t message_vecs_length = 0;
- gsec_randomly_slice(messages[ind], message_length, &message_vecs,
- &message_vecs_length);
-
- size_t ciphertext_length = ciphertext_and_tag_lengths[ind];
- uint8_t* another_ciphertext =
- static_cast<uint8_t*>(malloc(ciphertext_length));
- struct iovec another_ciphertext_vec = {another_ciphertext,
- ciphertext_length};
-
- char* error_details = nullptr;
- size_t ciphertext_bytes_written = 0;
- gsec_assert_ok(
- gsec_aead_crypter_encrypt_iovec(
- crypter, nonces[ind], nonce_length, aad_vecs, aad_vecs_length,
- message_vecs, message_vecs_length, another_ciphertext_vec,
- &ciphertext_bytes_written, &error_details),
- error_details);
- GPR_ASSERT(memcmp(ciphertext_and_tags[ind], another_ciphertext_vec.iov_base,
- ciphertext_length) == 0);
- free(another_ciphertext);
- free(aad_vecs);
- free(message_vecs);
- }
-
- /* Slice the ciphertext and decrypt with iovecs */
- for (ind = 0; ind < count; ind++) {
- size_t message_length =
- (message_lengths == nullptr) ? 0 : message_lengths[ind];
- message_length = message_length + 0;
-
- size_t aad_length = (aad_lengths == nullptr) ? 0 : aad_lengths[ind];
-
- struct iovec* aad_vecs = nullptr;
- size_t aad_vecs_length = 0;
- gsec_randomly_slice(aads[ind], aad_length, &aad_vecs, &aad_vecs_length);
-
- struct iovec* ciphertext_vecs = nullptr;
- size_t ciphertext_vecs_length = 0;
- gsec_randomly_slice(ciphertext_and_tags[ind],
- ciphertext_bytes_writtens[ind], &ciphertext_vecs,
- &ciphertext_vecs_length);
-
- size_t decrypted_length = plaintext_lengths[ind];
- uint8_t* decrypted = static_cast<uint8_t*>(malloc(decrypted_length));
- struct iovec decrypted_vec = {decrypted, decrypted_length};
-
- char* error_details = nullptr;
- gsec_assert_ok(gsec_aead_crypter_decrypt_iovec(
- crypter, nonces[ind], nonce_length, aad_vecs,
- aad_vecs_length, ciphertext_vecs, ciphertext_vecs_length,
- decrypted_vec, &decrypted_length, &error_details),
- error_details);
- GPR_ASSERT(decrypted_vec.iov_len == message_length);
- GPR_ASSERT(memcmp(decrypted_vec.iov_base, messages[ind], message_length) ==
- 0);
- free(decrypted);
- free(aad_vecs);
- free(ciphertext_vecs);
- }
-
- for (ind = 0; ind < count; ind++) {
- gpr_free(nonces[ind]);
- gpr_free(aads[ind]);
- gpr_free(messages[ind]);
- gpr_free(ciphertext_and_tags[ind]);
- gpr_free(plaintexts[ind]);
- }
- gpr_free(nonces);
- gpr_free(aads);
- gpr_free(messages);
- gpr_free(ciphertext_and_tag_lengths);
- gpr_free(ciphertext_bytes_writtens);
- gpr_free(plaintext_lengths);
- gpr_free(plaintext_bytes_writtens);
- gpr_free(ciphertext_and_tags);
- gpr_free(plaintexts);
-}
-
-static void gsec_test_multiple_encrypt_decrypt(gsec_aead_crypter* crypter) {
- GPR_ASSERT(crypter != nullptr);
- size_t count = kTestNumEncryptions;
- size_t* aad_lengths =
- static_cast<size_t*>(gpr_malloc(sizeof(size_t) * count));
- size_t* message_lengths =
- static_cast<size_t*>(gpr_malloc(sizeof(size_t) * count));
- size_t ind;
- for (ind = 0; ind < count; ind++) {
- aad_lengths[ind] = gsec_test_bias_random_uint32(kTestMaxLength);
- message_lengths[ind] = gsec_test_bias_random_uint32(kTestMaxLength);
- }
- gsec_test_multiple_random_encrypt_decrypt(crypter, aad_lengths,
- message_lengths, count);
- gsec_test_multiple_random_encrypt_decrypt(crypter, aad_lengths, nullptr,
- count);
- gsec_test_multiple_random_encrypt_decrypt(crypter, nullptr, message_lengths,
- count);
- gpr_free(aad_lengths);
- gpr_free(message_lengths);
-}
-
-static void gsec_test_encryption_failure(gsec_aead_crypter* crypter) {
- GPR_ASSERT(crypter != nullptr);
- size_t aad_length = kTestMaxLength;
- size_t message_length = kTestMaxLength;
- size_t nonce_length;
-
- char* error_message;
- uint8_t *nonce, *aad, *message;
-
- gsec_aead_crypter_nonce_length(crypter, &nonce_length, nullptr);
- gsec_test_random_array(&nonce, nonce_length);
- gsec_test_random_array(&aad, aad_length);
- gsec_test_random_array(&message, message_length);
-
- size_t ciphertext_and_tag_length, ciphertext_bytes_written = 0;
- gsec_aead_crypter_max_ciphertext_and_tag_length(
- crypter, message_length, &ciphertext_and_tag_length, nullptr);
- uint8_t* ciphertext_and_tag =
- static_cast<uint8_t*>(gpr_malloc(ciphertext_and_tag_length));
-
- /* nullptr nonce */
- grpc_status_code status = gsec_aead_crypter_encrypt(
- crypter, nullptr, nonce_length, aad, aad_length, message, message_length,
- ciphertext_and_tag, ciphertext_and_tag_length, &ciphertext_bytes_written,
- &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INVALID_ARGUMENT, error_message,
- "Nonce buffer is nullptr."));
- gpr_free(error_message);
-
- /* Big nonce */
- status = gsec_aead_crypter_encrypt(
- crypter, nonce, nonce_length + 1, aad, aad_length, message,
- message_length, ciphertext_and_tag, ciphertext_and_tag_length,
- &ciphertext_bytes_written, &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INVALID_ARGUMENT, error_message,
- "Nonce buffer has the wrong length."));
- gpr_free(error_message);
-
- /* Small nonce */
- status = gsec_aead_crypter_encrypt(
- crypter, nonce, nonce_length - 1, aad, aad_length, message,
- message_length, ciphertext_and_tag, ciphertext_and_tag_length,
- &ciphertext_bytes_written, &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INVALID_ARGUMENT, error_message,
- "Nonce buffer has the wrong length."));
- gpr_free(error_message);
-
- /* nullptr aad */
- status = gsec_aead_crypter_encrypt(
- crypter, nonce, nonce_length, nullptr, aad_length, message,
- message_length, ciphertext_and_tag, ciphertext_and_tag_length,
- &ciphertext_bytes_written, &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INVALID_ARGUMENT, error_message, "aad is nullptr."));
- gpr_free(error_message);
-
- /* nullptr aad with zero length */
- gsec_assert_ok(
- gsec_aead_crypter_encrypt(crypter, nonce, nonce_length, nullptr, 0,
- message, message_length, ciphertext_and_tag,
- ciphertext_and_tag_length,
- &ciphertext_bytes_written, &error_message),
- error_message);
-
- /* nullptr plaintext */
- status = gsec_aead_crypter_encrypt(
- crypter, nonce, nonce_length, aad, aad_length, nullptr, message_length,
- ciphertext_and_tag, ciphertext_and_tag_length, &ciphertext_bytes_written,
- &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INVALID_ARGUMENT, error_message,
- "plaintext is nullptr."));
- gpr_free(error_message);
-
- /* nullptr ciphertext */
- status = gsec_aead_crypter_encrypt(crypter, nonce, nonce_length, aad,
- aad_length, message, message_length,
- nullptr, ciphertext_and_tag_length,
- &ciphertext_bytes_written, &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INVALID_ARGUMENT, error_message,
- "ciphertext is nullptr."));
- gpr_free(error_message);
-
- /* Short ciphertext */
- status = gsec_aead_crypter_encrypt(
- crypter, nonce, nonce_length, aad, aad_length, message, message_length,
- ciphertext_and_tag, ciphertext_and_tag_length - 1,
- &ciphertext_bytes_written, &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INVALID_ARGUMENT, error_message,
- "ciphertext is too small to hold a tag."));
- gpr_free(error_message);
-
- /* nullptr ciphertext_bytes_written */
- status = gsec_aead_crypter_encrypt(
- crypter, nonce, nonce_length, aad, aad_length, message, message_length,
- ciphertext_and_tag, ciphertext_and_tag_length, nullptr, &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INVALID_ARGUMENT, error_message,
- "bytes_written is nullptr."));
- gpr_free(error_message);
-
- /* nullptr plaintext/ciphertext encrypt with zero length */
- gsec_assert_ok(gsec_aead_crypter_encrypt(
- crypter, nonce, nonce_length, aad, aad_length, nullptr, 0,
- ciphertext_and_tag, ciphertext_and_tag_length,
- &ciphertext_bytes_written, &error_message),
- error_message);
-
- /* Success */
- status = gsec_aead_crypter_encrypt(
- crypter, nonce, nonce_length, aad, aad_length, message, message_length,
- ciphertext_and_tag, ciphertext_and_tag_length, &ciphertext_bytes_written,
- &error_message);
- GPR_ASSERT(status == GRPC_STATUS_OK);
-
- gpr_free(message);
- gpr_free(aad);
- gpr_free(nonce);
- gpr_free(ciphertext_and_tag);
-}
-
-static void gsec_test_decryption_failure(gsec_aead_crypter* crypter) {
- GPR_ASSERT(crypter != nullptr);
- size_t aad_length = kTestMaxLength;
- size_t message_length = kTestMaxLength;
- size_t nonce_length, tag_length;
- uint8_t *nonce, *aad, *message;
-
- gsec_aead_crypter_nonce_length(crypter, &nonce_length, nullptr);
- gsec_aead_crypter_tag_length(crypter, &tag_length, nullptr);
- gsec_test_random_array(&nonce, nonce_length);
- gsec_test_random_array(&aad, aad_length);
- gsec_test_random_array(&message, message_length);
-
- /* Test encryption */
- size_t ciphertext_and_tag_length, ciphertext_bytes_written = 0;
- gsec_aead_crypter_max_ciphertext_and_tag_length(
- crypter, message_length, &ciphertext_and_tag_length, nullptr);
- uint8_t* ciphertext_and_tag =
- static_cast<uint8_t*>(gpr_malloc(ciphertext_and_tag_length));
-
- grpc_status_code status = gsec_aead_crypter_encrypt(
- crypter, nonce, nonce_length, aad, aad_length, message, message_length,
- ciphertext_and_tag, ciphertext_and_tag_length, &ciphertext_bytes_written,
- nullptr);
- GPR_ASSERT(status == GRPC_STATUS_OK);
- GPR_ASSERT(ciphertext_bytes_written == ciphertext_and_tag_length);
-
- size_t plaintext_length, plaintext_bytes_written = 0;
- gsec_aead_crypter_max_plaintext_length(crypter, ciphertext_bytes_written,
- &plaintext_length, nullptr);
- uint8_t* plaintext = static_cast<uint8_t*>(gpr_malloc(plaintext_length));
-
- char* error_message;
- /* nullptr nonce */
- status = gsec_aead_crypter_decrypt(
- crypter, nullptr, nonce_length, aad, aad_length, ciphertext_and_tag,
- ciphertext_and_tag_length, plaintext, plaintext_length,
- &plaintext_bytes_written, &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INVALID_ARGUMENT, error_message,
- "Nonce buffer is nullptr."));
- gpr_free(error_message);
-
- /* Big nonce */
- status = gsec_aead_crypter_decrypt(
- crypter, nonce, nonce_length + 1, aad, aad_length, ciphertext_and_tag,
- ciphertext_and_tag_length, plaintext, plaintext_length,
- &plaintext_bytes_written, &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INVALID_ARGUMENT, error_message,
- "Nonce buffer has the wrong length."));
- gpr_free(error_message);
-
- /* Small nonce */
- status = gsec_aead_crypter_decrypt(
- crypter, nonce, nonce_length - 1, aad, aad_length, ciphertext_and_tag,
- ciphertext_and_tag_length, plaintext, plaintext_length,
- &plaintext_bytes_written, &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INVALID_ARGUMENT, error_message,
- "Nonce buffer has the wrong length."));
- gpr_free(error_message);
-
- /* nullptr aad */
- status = gsec_aead_crypter_decrypt(
- crypter, nonce, nonce_length, nullptr, aad_length, ciphertext_and_tag,
- ciphertext_and_tag_length, plaintext, plaintext_length,
- &plaintext_bytes_written, &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INVALID_ARGUMENT, error_message, "aad is nullptr."));
- gpr_free(error_message);
-
- /* nullptr aad with zero length */
- status = gsec_aead_crypter_encrypt(
- crypter, nonce, nonce_length, nullptr, 0, message, message_length,
- ciphertext_and_tag, ciphertext_and_tag_length, &ciphertext_bytes_written,
- &error_message);
- GPR_ASSERT(status == GRPC_STATUS_OK);
-
- status = gsec_aead_crypter_decrypt(
- crypter, nonce, nonce_length, nullptr, 0, ciphertext_and_tag,
- ciphertext_and_tag_length, plaintext, plaintext_length,
- &plaintext_bytes_written, &error_message);
- GPR_ASSERT(status == GRPC_STATUS_OK);
-
- /* Small ciphertext */
- if (tag_length > 0) {
- status = gsec_aead_crypter_decrypt(
- crypter, nonce, nonce_length, aad, aad_length, ciphertext_and_tag,
- tag_length - 1, plaintext, plaintext_length, &plaintext_bytes_written,
- &error_message);
-
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INVALID_ARGUMENT, error_message,
- "ciphertext is too small to hold a tag."));
- gpr_free(error_message);
- }
-
- /* nullptr ciphertext */
- status = gsec_aead_crypter_decrypt(
- crypter, nonce, nonce_length, aad, aad_length, nullptr,
- ciphertext_and_tag_length, plaintext, plaintext_length,
- &plaintext_bytes_written, &error_message);
-
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INVALID_ARGUMENT, error_message,
- "ciphertext is nullptr."));
- gpr_free(error_message);
-
- /* nullptr plaintext */
- status = gsec_aead_crypter_decrypt(
- crypter, nonce, nonce_length, aad, aad_length, ciphertext_and_tag,
- ciphertext_and_tag_length, nullptr, plaintext_length,
- &plaintext_bytes_written, &error_message);
-
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INVALID_ARGUMENT, error_message,
- "plaintext is nullptr, but plaintext_length is positive."));
- gpr_free(error_message);
-
- /* Short plaintext */
- status = gsec_aead_crypter_decrypt(
- crypter, nonce, nonce_length, aad, aad_length, ciphertext_and_tag,
- ciphertext_and_tag_length, plaintext, plaintext_length - 1,
- &plaintext_bytes_written, &error_message);
-
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INVALID_ARGUMENT, error_message,
- "Not enough plaintext buffer to hold encrypted ciphertext."));
- gpr_free(error_message);
-
- /* nullptr plaintext_bytes_written */
- status = gsec_aead_crypter_decrypt(crypter, nonce, nonce_length, aad,
- aad_length, ciphertext_and_tag,
- ciphertext_and_tag_length, plaintext,
- plaintext_length, nullptr, &error_message);
-
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INVALID_ARGUMENT, error_message,
- "bytes_written is nullptr."));
- gpr_free(error_message);
-
- gpr_free(message);
- gpr_free(plaintext);
- gpr_free(ciphertext_and_tag);
- gpr_free(aad);
- gpr_free(nonce);
-}
-
-static void gsec_test_encrypt_decrypt_test_vector(
- gsec_aead_crypter* crypter, gsec_aead_test_vector* test_vector) {
- GPR_ASSERT(crypter != nullptr);
- /* Test byte-based encryption interface. */
- size_t ciphertext_and_tag_length, ciphertext_bytes_written = 0;
- gsec_aead_crypter_max_ciphertext_and_tag_length(
- crypter, test_vector->plaintext_length, &ciphertext_and_tag_length,
- nullptr);
- uint8_t* ciphertext_and_tag_bytes =
- static_cast<uint8_t*>(gpr_malloc(ciphertext_and_tag_length));
- grpc_status_code status = gsec_aead_crypter_encrypt(
- crypter, test_vector->nonce, test_vector->nonce_length, test_vector->aad,
- test_vector->aad_length, test_vector->plaintext,
- test_vector->plaintext_length, ciphertext_and_tag_bytes,
- ciphertext_and_tag_length, &ciphertext_bytes_written, nullptr);
-
- GPR_ASSERT(status == GRPC_STATUS_OK);
- GPR_ASSERT(ciphertext_bytes_written == ciphertext_and_tag_length);
- GPR_ASSERT(memcmp(test_vector->ciphertext_and_tag, ciphertext_and_tag_bytes,
- ciphertext_and_tag_length) == 0);
-
- /* Test byte-based decryption interface */
- size_t plaintext_length, plaintext_bytes_written = 0;
- gsec_aead_crypter_max_plaintext_length(crypter, ciphertext_and_tag_length,
- &plaintext_length, nullptr);
- uint8_t* plaintext_bytes =
- static_cast<uint8_t*>(gpr_malloc(plaintext_length));
- status = gsec_aead_crypter_decrypt(
- crypter, test_vector->nonce, test_vector->nonce_length, test_vector->aad,
- test_vector->aad_length, test_vector->ciphertext_and_tag,
- test_vector->ciphertext_and_tag_length, plaintext_bytes, plaintext_length,
- &plaintext_bytes_written, nullptr);
- GPR_ASSERT(status == GRPC_STATUS_OK);
- GPR_ASSERT(memcmp(test_vector->plaintext, plaintext_bytes,
- plaintext_bytes_written) == 0);
-
- gpr_free(ciphertext_and_tag_bytes);
- gpr_free(plaintext_bytes);
-}
-
-static void gsec_test_get_crypter_from_test_vector(
- gsec_aead_crypter** crypter, gsec_aead_test_vector* test_vector,
- bool rekey = false) {
- size_t key_length = test_vector->key_length;
- GPR_ASSERT(key_length == kAes128GcmKeyLength ||
- key_length == kAes256GcmKeyLength ||
- key_length == kAes128GcmRekeyKeyLength);
- size_t nonce_length = test_vector->nonce_length;
- GPR_ASSERT(nonce_length == kAesGcmNonceLength);
- size_t plaintext_length = test_vector->plaintext_length;
- size_t ciphertext_and_tag_length = test_vector->ciphertext_and_tag_length;
- GPR_ASSERT(ciphertext_and_tag_length == plaintext_length + kAesGcmTagLength);
- size_t tag_length = ciphertext_and_tag_length - plaintext_length;
- gsec_aes_gcm_aead_crypter_create(test_vector->key, key_length, nonce_length,
- tag_length, rekey, crypter, nullptr);
-}
-
-static void gsec_test_verify_crypter_on_test_vector(
- gsec_aead_test_vector* test_vector, bool rekey = false) {
- gsec_aead_crypter* crypter;
- gsec_test_get_crypter_from_test_vector(&crypter, test_vector, rekey);
- gsec_test_encrypt_decrypt_test_vector(crypter, test_vector);
- gsec_aead_crypter_destroy(crypter);
-}
-
-static void gsec_aead_malloc_test_vector(
- gsec_aead_test_vector** test_vector, const uint8_t* key, size_t key_length,
- const uint8_t* nonce, size_t nonce_length, const uint8_t* aad,
- size_t aad_length, const uint8_t* plaintext, size_t plaintext_length,
- const uint8_t* ciphertext_and_tag, size_t ciphertext_and_tag_length) {
- *test_vector = static_cast<gsec_aead_test_vector*>(
- gpr_malloc(sizeof(gsec_aead_test_vector)));
- (*test_vector)->key_length = key_length;
- (*test_vector)->nonce_length = nonce_length;
- (*test_vector)->aad_length = aad_length;
- (*test_vector)->plaintext_length = plaintext_length;
- (*test_vector)->ciphertext_and_tag_length = ciphertext_and_tag_length;
- gsec_test_copy(key, &((*test_vector)->key), key_length);
- gsec_test_copy(nonce, &((*test_vector)->nonce), nonce_length);
- gsec_test_copy(aad, &((*test_vector)->aad), aad_length);
- gsec_test_copy(plaintext, &((*test_vector)->plaintext), plaintext_length);
- gsec_test_copy(ciphertext_and_tag, &((*test_vector)->ciphertext_and_tag),
- ciphertext_and_tag_length);
-}
-
-static void gsec_aead_free_test_vector(gsec_aead_test_vector* test_vector) {
- gpr_free(test_vector->key);
- gpr_free(test_vector->nonce);
- gpr_free(test_vector->aad);
- gpr_free(test_vector->plaintext);
- gpr_free(test_vector->ciphertext_and_tag);
- gpr_free(test_vector);
-}
-
-static void gsec_test_create_random_aes_gcm_crypter(gsec_aead_crypter** crypter,
- size_t key_length,
- size_t nonce_length,
- size_t tag_length,
- bool rekey) {
- uint8_t* key;
- gsec_test_random_array(&key, key_length);
- gsec_aes_gcm_aead_crypter_create(key, key_length, nonce_length, tag_length,
- rekey, crypter, nullptr);
- gpr_free(key);
-}
-
-static void gsec_test_get_random_aes_gcm_crypters(
- gsec_aead_crypter*** crypters) {
- *crypters = static_cast<gsec_aead_crypter**>(
- gpr_malloc(sizeof(gsec_aead_crypter*) * kTestNumCrypters));
- gsec_test_create_random_aes_gcm_crypter(
- &((*crypters)[0]), kAes128GcmKeyLength, kAesGcmNonceLength,
- kAesGcmTagLength, /*rekey=*/false);
- gsec_test_create_random_aes_gcm_crypter(
- &((*crypters)[1]), kAes256GcmKeyLength, kAesGcmNonceLength,
- kAesGcmTagLength, /*rekey=*/false);
- gsec_test_create_random_aes_gcm_crypter(
- &((*crypters)[2]), kAes128GcmRekeyKeyLength, kAesGcmNonceLength,
- kAesGcmTagLength, /*rekey=*/true);
-}
-
-static void gsec_test_do_generic_crypter_tests() {
- gsec_aead_crypter** crypters;
- gsec_test_get_random_aes_gcm_crypters(&crypters);
- size_t ind;
- for (ind = 0; ind < kTestNumCrypters; ind++) {
- gsec_test_encrypt_decrypt(crypters[ind]);
- gsec_test_multiple_encrypt_decrypt(crypters[ind]);
- gsec_test_encryption_failure(crypters[ind]);
- gsec_test_decryption_failure(crypters[ind]);
- }
- for (ind = 0; ind < kTestNumCrypters; ind++) {
- gsec_aead_crypter_destroy(crypters[ind]);
- }
- gpr_free(crypters);
-}
-
-static void gsec_test_do_vector_tests_rekey_nist() {
- // NIST vectors from:
- // http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
- //
- // IEEE vectors from:
- // http://www.ieee802.org/1/files/public/docs2011/bn-randall-test-vectors-0511-v1.pdf
- //
- // Key expanded by setting expandedKey = (key||(key ^ {0x01, .., 0x01})||key ^
- // {0x02,..,0x02}))[0:44].
-
- gsec_aead_test_vector vec;
-
- // Derived from NIST test vector 1
- uint8_t nonce_0[] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
- 0x0, 0x0, 0x0, 0x0, 0x0, 0x0};
- uint8_t aad_0[1] = {};
- uint8_t key_0[] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
- 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1,
- 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2,
- 0x2, 0x2, 0x2, 0x2, 0x2, 0x2, 0x2, 0x2, 0x2, 0x2, 0x2};
- uint8_t plaintext_0[1] = {};
- uint8_t ciphertext_0[] = {0x85, 0xE8, 0x73, 0xE0, 0x2, 0xF6, 0xEB, 0xDC,
- 0x40, 0x60, 0x95, 0x4E, 0xB8, 0x67, 0x55, 0x8};
- vec = {nonce_0, aad_0, key_0, plaintext_0, ciphertext_0, 12, 0, 44, 0, 16};
- gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true);
-
- // Derived from NIST test vector 2
- uint8_t nonce_1[] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
- 0x0, 0x0, 0x0, 0x0, 0x0, 0x0};
- uint8_t aad_1[1] = {};
- uint8_t key_1[] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
- 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1,
- 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2,
- 0x2, 0x2, 0x2, 0x2, 0x2, 0x2, 0x2, 0x2, 0x2, 0x2, 0x2};
- uint8_t plaintext_1[] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
- 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0};
- uint8_t ciphertext_1[] = {0x51, 0xE9, 0xA8, 0xCB, 0x23, 0xCA, 0x25, 0x12,
- 0xC8, 0x25, 0x6A, 0xFF, 0xF8, 0xE7, 0x2D, 0x68,
- 0x1A, 0xCA, 0x19, 0xA1, 0x14, 0x8A, 0xC1, 0x15,
- 0xE8, 0x3D, 0xF4, 0x88, 0x8C, 0xC0, 0xD, 0x11};
- vec = {nonce_1, aad_1, key_1, plaintext_1, ciphertext_1, 12, 0, 44, 16, 32};
- gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true);
-
- // Derived from NIST test vector 3
- uint8_t nonce_2[] = {0xCA, 0xFE, 0xBA, 0xBE, 0xFA, 0xCE,
- 0xDB, 0xAD, 0xDE, 0xCA, 0xF8, 0x88};
- uint8_t aad_2[1] = {};
- uint8_t key_2[] = {0xFE, 0xFF, 0xE9, 0x92, 0x86, 0x65, 0x73, 0x1C, 0x6D,
- 0x6A, 0x8F, 0x94, 0x67, 0x30, 0x83, 0x8, 0xFF, 0xFE,
- 0xE8, 0x93, 0x87, 0x64, 0x72, 0x1D, 0x6C, 0x6B, 0x8E,
- 0x95, 0x66, 0x31, 0x82, 0x9, 0xFC, 0xFD, 0xEB, 0x90,
- 0x84, 0x67, 0x71, 0x1E, 0x6F, 0x68, 0x8D, 0x96};
- uint8_t plaintext_2[] = {
- 0xD9, 0x31, 0x32, 0x25, 0xF8, 0x84, 0x6, 0xE5, 0xA5, 0x59, 0x9,
- 0xC5, 0xAF, 0xF5, 0x26, 0x9A, 0x86, 0xA7, 0xA9, 0x53, 0x15, 0x34,
- 0xF7, 0xDA, 0x2E, 0x4C, 0x30, 0x3D, 0x8A, 0x31, 0x8A, 0x72, 0x1C,
- 0x3C, 0xC, 0x95, 0x95, 0x68, 0x9, 0x53, 0x2F, 0xCF, 0xE, 0x24,
- 0x49, 0xA6, 0xB5, 0x25, 0xB1, 0x6A, 0xED, 0xF5, 0xAA, 0xD, 0xE6,
- 0x57, 0xBA, 0x63, 0x7B, 0x39, 0x1A, 0xAF, 0xD2, 0x55};
- uint8_t ciphertext_2[] = {
- 0x10, 0x18, 0xED, 0x5A, 0x14, 0x2, 0xA8, 0x65, 0x16, 0xD6, 0x57, 0x6D,
- 0x70, 0xB2, 0xFF, 0xCC, 0xCA, 0x26, 0x1B, 0x94, 0xDF, 0x88, 0xB5, 0x8F,
- 0x53, 0xB6, 0x4D, 0xFB, 0xA4, 0x35, 0xD1, 0x8B, 0x2F, 0x6E, 0x3B, 0x78,
- 0x69, 0xF9, 0x35, 0x3D, 0x4A, 0xC8, 0xCF, 0x9, 0xAF, 0xB1, 0x66, 0x3D,
- 0xAA, 0x7B, 0x40, 0x17, 0xE6, 0xFC, 0x2C, 0x17, 0x7C, 0xC, 0x8, 0x7C,
- 0xD, 0xF1, 0x16, 0x21, 0x29, 0x95, 0x22, 0x13, 0xCE, 0xE1, 0xBC, 0x6E,
- 0x9C, 0x84, 0x95, 0xDD, 0x70, 0x5E, 0x1F, 0x3D};
- vec = {nonce_2, aad_2, key_2, plaintext_2, ciphertext_2, 12, 0, 44, 64, 80};
- gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true);
-
- // Derived from NIST test vector 4
- uint8_t nonce_3[] = {0xCA, 0xFE, 0xBA, 0xBE, 0xFA, 0xCE,
- 0xDB, 0xAD, 0xDE, 0xCA, 0xF8, 0x88};
- uint8_t aad_3[] = {0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE,
- 0xEF, 0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD,
- 0xBE, 0xEF, 0xAB, 0xAD, 0xDA, 0xD2};
- uint8_t key_3[] = {0xFE, 0xFF, 0xE9, 0x92, 0x86, 0x65, 0x73, 0x1C, 0x6D,
- 0x6A, 0x8F, 0x94, 0x67, 0x30, 0x83, 0x8, 0xFF, 0xFE,
- 0xE8, 0x93, 0x87, 0x64, 0x72, 0x1D, 0x6C, 0x6B, 0x8E,
- 0x95, 0x66, 0x31, 0x82, 0x9, 0xFC, 0xFD, 0xEB, 0x90,
- 0x84, 0x67, 0x71, 0x1E, 0x6F, 0x68, 0x8D, 0x96};
- uint8_t plaintext_3[] = {
- 0xD9, 0x31, 0x32, 0x25, 0xF8, 0x84, 0x6, 0xE5, 0xA5, 0x59, 0x9, 0xC5,
- 0xAF, 0xF5, 0x26, 0x9A, 0x86, 0xA7, 0xA9, 0x53, 0x15, 0x34, 0xF7, 0xDA,
- 0x2E, 0x4C, 0x30, 0x3D, 0x8A, 0x31, 0x8A, 0x72, 0x1C, 0x3C, 0xC, 0x95,
- 0x95, 0x68, 0x9, 0x53, 0x2F, 0xCF, 0xE, 0x24, 0x49, 0xA6, 0xB5, 0x25,
- 0xB1, 0x6A, 0xED, 0xF5, 0xAA, 0xD, 0xE6, 0x57, 0xBA, 0x63, 0x7B, 0x39};
- uint8_t ciphertext_3[] = {
- 0x10, 0x18, 0xED, 0x5A, 0x14, 0x2, 0xA8, 0x65, 0x16, 0xD6, 0x57,
- 0x6D, 0x70, 0xB2, 0xFF, 0xCC, 0xCA, 0x26, 0x1B, 0x94, 0xDF, 0x88,
- 0xB5, 0x8F, 0x53, 0xB6, 0x4D, 0xFB, 0xA4, 0x35, 0xD1, 0x8B, 0x2F,
- 0x6E, 0x3B, 0x78, 0x69, 0xF9, 0x35, 0x3D, 0x4A, 0xC8, 0xCF, 0x9,
- 0xAF, 0xB1, 0x66, 0x3D, 0xAA, 0x7B, 0x40, 0x17, 0xE6, 0xFC, 0x2C,
- 0x17, 0x7C, 0xC, 0x8, 0x7C, 0x47, 0x64, 0x56, 0x5D, 0x7, 0x7E,
- 0x91, 0x24, 0x0, 0x1D, 0xDB, 0x27, 0xFC, 0x8, 0x48, 0xC5};
- vec = {nonce_3, aad_3, key_3, plaintext_3, ciphertext_3, 12, 20, 44, 60, 76};
- gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true);
-
- // Derived from adapted NIST test vector 4 for KDF counter boundary (flip
- // nonce bit 15)
- uint8_t nonce_4[] = {0xCA, 0x7E, 0xBA, 0xBE, 0xFA, 0xCE,
- 0xDB, 0xAD, 0xDE, 0xCA, 0xF8, 0x88};
- uint8_t aad_4[] = {0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE,
- 0xEF, 0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD,
- 0xBE, 0xEF, 0xAB, 0xAD, 0xDA, 0xD2};
- uint8_t key_4[] = {0xFE, 0xFF, 0xE9, 0x92, 0x86, 0x65, 0x73, 0x1C, 0x6D,
- 0x6A, 0x8F, 0x94, 0x67, 0x30, 0x83, 0x8, 0xFF, 0xFE,
- 0xE8, 0x93, 0x87, 0x64, 0x72, 0x1D, 0x6C, 0x6B, 0x8E,
- 0x95, 0x66, 0x31, 0x82, 0x9, 0xFC, 0xFD, 0xEB, 0x90,
- 0x84, 0x67, 0x71, 0x1E, 0x6F, 0x68, 0x8D, 0x96};
- uint8_t plaintext_4[] = {
- 0xD9, 0x31, 0x32, 0x25, 0xF8, 0x84, 0x6, 0xE5, 0xA5, 0x59, 0x9, 0xC5,
- 0xAF, 0xF5, 0x26, 0x9A, 0x86, 0xA7, 0xA9, 0x53, 0x15, 0x34, 0xF7, 0xDA,
- 0x2E, 0x4C, 0x30, 0x3D, 0x8A, 0x31, 0x8A, 0x72, 0x1C, 0x3C, 0xC, 0x95,
- 0x95, 0x68, 0x9, 0x53, 0x2F, 0xCF, 0xE, 0x24, 0x49, 0xA6, 0xB5, 0x25,
- 0xB1, 0x6A, 0xED, 0xF5, 0xAA, 0xD, 0xE6, 0x57, 0xBA, 0x63, 0x7B, 0x39};
- uint8_t ciphertext_4[] = {
- 0xE6, 0x50, 0xD3, 0xC0, 0xFB, 0x87, 0x93, 0x27, 0xF2, 0xD0, 0x32,
- 0x87, 0xFA, 0x93, 0xCD, 0x7, 0x34, 0x2B, 0x13, 0x62, 0x15, 0xAD,
- 0xBC, 0xA0, 0xC, 0x3B, 0xD5, 0x9, 0x9E, 0xC4, 0x18, 0x32, 0xB1,
- 0xD1, 0x8E, 0x4, 0x23, 0xED, 0x26, 0xBB, 0x12, 0xC6, 0xCD, 0x9,
- 0xDE, 0xBB, 0x29, 0x23, 0xA, 0x94, 0xC0, 0xCE, 0xE1, 0x59, 0x3,
- 0x65, 0x6F, 0x85, 0xED, 0xB6, 0xFC, 0x50, 0x9B, 0x1B, 0x28, 0x21,
- 0x63, 0x82, 0x17, 0x2E, 0xCB, 0xCC, 0x31, 0xE1, 0xE9, 0xB1};
- vec = {nonce_4, aad_4, key_4, plaintext_4, ciphertext_4, 12, 20, 44, 60, 76};
- gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true);
-
- // Derived from adapted NIST test vector 4 for KDF counter boundary (flip
- // nonce bit 16)
- uint8_t nonce_5[] = {0xCA, 0xFE, 0xBB, 0xBE, 0xFA, 0xCE,
- 0xDB, 0xAD, 0xDE, 0xCA, 0xF8, 0x88};
- uint8_t aad_5[] = {0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE,
- 0xEF, 0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD,
- 0xBE, 0xEF, 0xAB, 0xAD, 0xDA, 0xD2};
- uint8_t key_5[] = {0xFE, 0xFF, 0xE9, 0x92, 0x86, 0x65, 0x73, 0x1C, 0x6D,
- 0x6A, 0x8F, 0x94, 0x67, 0x30, 0x83, 0x8, 0xFF, 0xFE,
- 0xE8, 0x93, 0x87, 0x64, 0x72, 0x1D, 0x6C, 0x6B, 0x8E,
- 0x95, 0x66, 0x31, 0x82, 0x9, 0xFC, 0xFD, 0xEB, 0x90,
- 0x84, 0x67, 0x71, 0x1E, 0x6F, 0x68, 0x8D, 0x96};
- uint8_t plaintext_5[] = {
- 0xD9, 0x31, 0x32, 0x25, 0xF8, 0x84, 0x6, 0xE5, 0xA5, 0x59, 0x9, 0xC5,
- 0xAF, 0xF5, 0x26, 0x9A, 0x86, 0xA7, 0xA9, 0x53, 0x15, 0x34, 0xF7, 0xDA,
- 0x2E, 0x4C, 0x30, 0x3D, 0x8A, 0x31, 0x8A, 0x72, 0x1C, 0x3C, 0xC, 0x95,
- 0x95, 0x68, 0x9, 0x53, 0x2F, 0xCF, 0xE, 0x24, 0x49, 0xA6, 0xB5, 0x25,
- 0xB1, 0x6A, 0xED, 0xF5, 0xAA, 0xD, 0xE6, 0x57, 0xBA, 0x63, 0x7B, 0x39};
- uint8_t ciphertext_5[] = {
- 0xC0, 0x12, 0x1E, 0x6C, 0x95, 0x4D, 0x7, 0x67, 0xF9, 0x66, 0x30,
- 0xC3, 0x34, 0x50, 0x99, 0x97, 0x91, 0xB2, 0xDA, 0x2A, 0xD0, 0x5C,
- 0x41, 0x90, 0x16, 0x9C, 0xCA, 0xD9, 0xAC, 0x86, 0xFF, 0x1C, 0x72,
- 0x1E, 0x3D, 0x82, 0xF2, 0xAD, 0x22, 0xAB, 0x46, 0x3B, 0xAB, 0x4A,
- 0x7, 0x54, 0xB7, 0xDD, 0x68, 0xCA, 0x4D, 0xE7, 0xEA, 0x25, 0x31,
- 0xB6, 0x25, 0xED, 0xA0, 0x1F, 0x89, 0x31, 0x2B, 0x2A, 0xB9, 0x57,
- 0xD5, 0xC7, 0xF8, 0x56, 0x8D, 0xD9, 0x5F, 0xCD, 0xCD, 0x1F};
- vec = {nonce_5, aad_5, key_5, plaintext_5, ciphertext_5, 12, 20, 44, 60, 76};
- gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true);
-
- // Derived from adapted NIST test vector 4 for KDF counter boundary (flip
- // nonce bit 63)
- uint8_t nonce_6[] = {0xCA, 0xFE, 0xBA, 0xBE, 0xFA, 0xCE,
- 0xDB, 0x2D, 0xDE, 0xCA, 0xF8, 0x88};
- uint8_t aad_6[] = {0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE,
- 0xEF, 0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD,
- 0xBE, 0xEF, 0xAB, 0xAD, 0xDA, 0xD2};
- uint8_t key_6[] = {0xFE, 0xFF, 0xE9, 0x92, 0x86, 0x65, 0x73, 0x1C, 0x6D,
- 0x6A, 0x8F, 0x94, 0x67, 0x30, 0x83, 0x8, 0xFF, 0xFE,
- 0xE8, 0x93, 0x87, 0x64, 0x72, 0x1D, 0x6C, 0x6B, 0x8E,
- 0x95, 0x66, 0x31, 0x82, 0x9, 0xFC, 0xFD, 0xEB, 0x90,
- 0x84, 0x67, 0x71, 0x1E, 0x6F, 0x68, 0x8D, 0x96};
- uint8_t plaintext_6[] = {
- 0xD9, 0x31, 0x32, 0x25, 0xF8, 0x84, 0x6, 0xE5, 0xA5, 0x59, 0x9, 0xC5,
- 0xAF, 0xF5, 0x26, 0x9A, 0x86, 0xA7, 0xA9, 0x53, 0x15, 0x34, 0xF7, 0xDA,
- 0x2E, 0x4C, 0x30, 0x3D, 0x8A, 0x31, 0x8A, 0x72, 0x1C, 0x3C, 0xC, 0x95,
- 0x95, 0x68, 0x9, 0x53, 0x2F, 0xCF, 0xE, 0x24, 0x49, 0xA6, 0xB5, 0x25,
- 0xB1, 0x6A, 0xED, 0xF5, 0xAA, 0xD, 0xE6, 0x57, 0xBA, 0x63, 0x7B, 0x39};
- uint8_t ciphertext_6[] = {
- 0x8A, 0xF3, 0x7E, 0xA5, 0x68, 0x4A, 0x4D, 0x81, 0xD4, 0xFD, 0x81,
- 0x72, 0x61, 0xFD, 0x97, 0x43, 0x9, 0x9E, 0x7E, 0x6A, 0x2, 0x5E,
- 0xAA, 0xCF, 0x8E, 0x54, 0xB1, 0x24, 0xFB, 0x57, 0x43, 0x14, 0x9E,
- 0x5, 0xCB, 0x89, 0xF4, 0xA4, 0x94, 0x67, 0xFE, 0x2E, 0x5E, 0x59,
- 0x65, 0xF2, 0x9A, 0x19, 0xF9, 0x94, 0x16, 0xB0, 0x1, 0x6B, 0x54,
- 0x58, 0x5D, 0x12, 0x55, 0x37, 0x83, 0xBA, 0x59, 0xE9, 0xF7, 0x82,
- 0xE8, 0x2E, 0x9, 0x7C, 0x33, 0x6B, 0xF7, 0x98, 0x9F, 0x8};
- vec = {nonce_6, aad_6, key_6, plaintext_6, ciphertext_6, 12, 20, 44, 60, 76};
- gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true);
-
- // Derived from adapted NIST test vector 4 for KDF counter boundary (flip
- // nonce bit 64)
- uint8_t nonce_7[] = {0xCA, 0xFE, 0xBA, 0xBE, 0xFA, 0xCE,
- 0xDB, 0xAD, 0xDF, 0xCA, 0xF8, 0x88};
- uint8_t aad_7[] = {0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE,
- 0xEF, 0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD,
- 0xBE, 0xEF, 0xAB, 0xAD, 0xDA, 0xD2};
- uint8_t key_7[] = {0xFE, 0xFF, 0xE9, 0x92, 0x86, 0x65, 0x73, 0x1C, 0x6D,
- 0x6A, 0x8F, 0x94, 0x67, 0x30, 0x83, 0x8, 0xFF, 0xFE,
- 0xE8, 0x93, 0x87, 0x64, 0x72, 0x1D, 0x6C, 0x6B, 0x8E,
- 0x95, 0x66, 0x31, 0x82, 0x9, 0xFC, 0xFD, 0xEB, 0x90,
- 0x84, 0x67, 0x71, 0x1E, 0x6F, 0x68, 0x8D, 0x96};
- uint8_t plaintext_7[] = {
- 0xD9, 0x31, 0x32, 0x25, 0xF8, 0x84, 0x6, 0xE5, 0xA5, 0x59, 0x9, 0xC5,
- 0xAF, 0xF5, 0x26, 0x9A, 0x86, 0xA7, 0xA9, 0x53, 0x15, 0x34, 0xF7, 0xDA,
- 0x2E, 0x4C, 0x30, 0x3D, 0x8A, 0x31, 0x8A, 0x72, 0x1C, 0x3C, 0xC, 0x95,
- 0x95, 0x68, 0x9, 0x53, 0x2F, 0xCF, 0xE, 0x24, 0x49, 0xA6, 0xB5, 0x25,
- 0xB1, 0x6A, 0xED, 0xF5, 0xAA, 0xD, 0xE6, 0x57, 0xBA, 0x63, 0x7B, 0x39};
- uint8_t ciphertext_7[] = {
- 0xFB, 0xD5, 0x28, 0x44, 0x8D, 0x3, 0x46, 0xBF, 0xA8, 0x78, 0x63,
- 0x48, 0x64, 0xD4, 0x7, 0xA3, 0x5A, 0x3, 0x9D, 0xE9, 0xDB, 0x2F,
- 0x1F, 0xEB, 0x8E, 0x96, 0x5B, 0x3A, 0xE9, 0x35, 0x6C, 0xE6, 0x28,
- 0x94, 0x41, 0xD7, 0x7F, 0x8F, 0xD, 0xF2, 0x94, 0x89, 0x1F, 0x37,
- 0xEA, 0x43, 0x8B, 0x22, 0x3E, 0x3B, 0xF2, 0xBD, 0xC5, 0x3D, 0x4C,
- 0x5A, 0x74, 0xFB, 0x68, 0xB, 0xB3, 0x12, 0xA8, 0xDE, 0xC6, 0xF7,
- 0x25, 0x2C, 0xBC, 0xD7, 0xF5, 0x79, 0x97, 0x50, 0xAD, 0x78};
- vec = {nonce_7, aad_7, key_7, plaintext_7, ciphertext_7, 12, 20, 44, 60, 76};
- gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true);
-}
-
-static void gsec_test_do_vector_tests_rekey_ieee() {
- // IEEE vectors from:
- // http://www.ieee802.org/1/files/public/docs2011/bn-randall-test-vectors-0511-v1.pdf
- //
- // Key expanded by setting expandedKey = (key||(key ^ {0x01, .., 0x01})||key ^
- // {0x02,..,0x02}))[0:44].
-
- gsec_aead_test_vector vec;
-
- // Derived from IEEE 2.1.1 54-byte auth
- uint8_t nonce_8[] = {0x12, 0x15, 0x35, 0x24, 0xC0, 0x89,
- 0x5E, 0x81, 0xB2, 0xC2, 0x84, 0x65};
- uint8_t aad_8[] = {0xD6, 0x9, 0xB1, 0xF0, 0x56, 0x63, 0x7A, 0xD, 0x46, 0xDF,
- 0x99, 0x8D, 0x88, 0xE5, 0x22, 0x2A, 0xB2, 0xC2, 0x84, 0x65,
- 0x12, 0x15, 0x35, 0x24, 0xC0, 0x89, 0x5E, 0x81, 0x8, 0x0,
- 0xF, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
- 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22,
- 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C,
- 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x0, 0x1};
- uint8_t key_8[] = {0xAD, 0x7A, 0x2B, 0xD0, 0x3E, 0xAC, 0x83, 0x5A, 0x6F,
- 0x62, 0xF, 0xDC, 0xB5, 0x6, 0xB3, 0x45, 0xAC, 0x7B,
- 0x2A, 0xD1, 0x3F, 0xAD, 0x82, 0x5B, 0x6E, 0x63, 0xE,
- 0xDD, 0xB4, 0x7, 0xB2, 0x44, 0xAF, 0x78, 0x29, 0xD2,
- 0x3C, 0xAE, 0x81, 0x58, 0x6D, 0x60, 0xD, 0xDE};
- uint8_t plaintext_8[1] = {};
- uint8_t ciphertext_8[] = {0x3E, 0xA0, 0xB5, 0x84, 0xF3, 0xC8, 0x5E, 0x93,
- 0xF9, 0x32, 0xE, 0xA5, 0x91, 0x69, 0x9E, 0xFB};
- vec = {nonce_8, aad_8, key_8, plaintext_8, ciphertext_8, 12, 70, 44, 0, 16};
- gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true);
-
- // Derived from IEEE 2.1.2 54-byte auth
- uint8_t nonce_9[] = {0x12, 0x15, 0x35, 0x24, 0xC0, 0x89,
- 0x5E, 0x81, 0xB2, 0xC2, 0x84, 0x65};
- uint8_t aad_9[] = {0xD6, 0x9, 0xB1, 0xF0, 0x56, 0x63, 0x7A, 0xD, 0x46, 0xDF,
- 0x99, 0x8D, 0x88, 0xE5, 0x22, 0x2A, 0xB2, 0xC2, 0x84, 0x65,
- 0x12, 0x15, 0x35, 0x24, 0xC0, 0x89, 0x5E, 0x81, 0x8, 0x0,
- 0xF, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
- 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22,
- 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C,
- 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x0, 0x1};
- uint8_t key_9[] = {0xE3, 0xC0, 0x8A, 0x8F, 0x6, 0xC6, 0xE3, 0xAD, 0x95,
- 0xA7, 0x5, 0x57, 0xB2, 0x3F, 0x75, 0x48, 0x3C, 0xE3,
- 0x30, 0x21, 0xA9, 0xC7, 0x2B, 0x70, 0x25, 0x66, 0x62,
- 0x4, 0xC6, 0x9C, 0xB, 0x72, 0xE1, 0xC2, 0x88, 0x8D,
- 0x4, 0xC4, 0xE1, 0xAF, 0x97, 0xA5, 0x7, 0x55};
- uint8_t plaintext_9[1] = {};
- uint8_t ciphertext_9[] = {0x29, 0x4E, 0x2, 0x8B, 0xF1, 0xFE, 0x6F, 0x14,
- 0xC4, 0xE8, 0xF7, 0x30, 0x5C, 0x93, 0x3E, 0xB5};
- vec = {nonce_9, aad_9, key_9, plaintext_9, ciphertext_9, 12, 70, 44, 0, 16};
- gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true);
-
- // Derived from IEEE 2.2.1 60-byte crypt
- uint8_t nonce_10[] = {0x12, 0x15, 0x35, 0x24, 0xC0, 0x89,
- 0x5E, 0x81, 0xB2, 0xC2, 0x84, 0x65};
- uint8_t aad_10[] = {0xD6, 0x9, 0xB1, 0xF0, 0x56, 0x63, 0x7A,
- 0xD, 0x46, 0xDF, 0x99, 0x8D, 0x88, 0xE5,
- 0x2E, 0x0, 0xB2, 0xC2, 0x84, 0x65, 0x12,
- 0x15, 0x35, 0x24, 0xC0, 0x89, 0x5E, 0x81};
- uint8_t key_10[] = {0xAD, 0x7A, 0x2B, 0xD0, 0x3E, 0xAC, 0x83, 0x5A, 0x6F,
- 0x62, 0xF, 0xDC, 0xB5, 0x6, 0xB3, 0x45, 0xAC, 0x7B,
- 0x2A, 0xD1, 0x3F, 0xAD, 0x82, 0x5B, 0x6E, 0x63, 0xE,
- 0xDD, 0xB4, 0x7, 0xB2, 0x44, 0xAF, 0x78, 0x29, 0xD2,
- 0x3C, 0xAE, 0x81, 0x58, 0x6D, 0x60, 0xD, 0xDE};
- uint8_t plaintext_10[] = {
- 0x8, 0x0, 0xF, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
- 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24,
- 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30,
- 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x0, 0x2};
- uint8_t ciphertext_10[] = {
- 0xDB, 0x3D, 0x25, 0x71, 0x9C, 0x6B, 0xA, 0x3C, 0xA6, 0x14, 0x5C,
- 0x15, 0x9D, 0x5C, 0x6E, 0xD9, 0xAF, 0xF9, 0xC6, 0xE0, 0xB7, 0x9F,
- 0x17, 0x1, 0x9E, 0xA9, 0x23, 0xB8, 0x66, 0x5D, 0xDF, 0x52, 0x13,
- 0x7A, 0xD6, 0x11, 0xF0, 0xD1, 0xBF, 0x41, 0x7A, 0x7C, 0xA8, 0x5E,
- 0x45, 0xAF, 0xE1, 0x6, 0xFF, 0x9C, 0x75, 0x69, 0xD3, 0x35, 0xD0,
- 0x86, 0xAE, 0x6C, 0x3, 0xF0, 0x9, 0x87, 0xCC, 0xD6};
- vec = {nonce_10, aad_10, key_10, plaintext_10, ciphertext_10,
- 12, 28, 44, 48, 64};
- gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true);
-
- // Derived from IEEE 2.2.2 60-byte crypt
- uint8_t nonce_11[] = {0x12, 0x15, 0x35, 0x24, 0xC0, 0x89,
- 0x5E, 0x81, 0xB2, 0xC2, 0x84, 0x65};
- uint8_t aad_11[] = {0xD6, 0x9, 0xB1, 0xF0, 0x56, 0x63, 0x7A,
- 0xD, 0x46, 0xDF, 0x99, 0x8D, 0x88, 0xE5,
- 0x2E, 0x0, 0xB2, 0xC2, 0x84, 0x65, 0x12,
- 0x15, 0x35, 0x24, 0xC0, 0x89, 0x5E, 0x81};
- uint8_t key_11[] = {0xE3, 0xC0, 0x8A, 0x8F, 0x6, 0xC6, 0xE3, 0xAD, 0x95,
- 0xA7, 0x5, 0x57, 0xB2, 0x3F, 0x75, 0x48, 0x3C, 0xE3,
- 0x30, 0x21, 0xA9, 0xC7, 0x2B, 0x70, 0x25, 0x66, 0x62,
- 0x4, 0xC6, 0x9C, 0xB, 0x72, 0xE1, 0xC2, 0x88, 0x8D,
- 0x4, 0xC4, 0xE1, 0xAF, 0x97, 0xA5, 0x7, 0x55};
- uint8_t plaintext_11[] = {
- 0x8, 0x0, 0xF, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
- 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24,
- 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30,
- 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x0, 0x2};
- uint8_t ciphertext_11[] = {
- 0x16, 0x41, 0xF2, 0x8E, 0xC1, 0x3A, 0xFC, 0xC8, 0xF7, 0x90, 0x33,
- 0x89, 0x78, 0x72, 0x1, 0x5, 0x16, 0x44, 0x91, 0x49, 0x33, 0xE9,
- 0x20, 0x2B, 0xB9, 0xD0, 0x6A, 0xA0, 0x20, 0xC2, 0xA6, 0x7E, 0xF5,
- 0x1D, 0xFE, 0x7B, 0xC0, 0xA, 0x85, 0x6C, 0x55, 0xB8, 0xF8, 0x13,
- 0x3E, 0x77, 0xF6, 0x59, 0x13, 0x25, 0x2, 0xBA, 0xD6, 0x3F, 0x57,
- 0x13, 0xD5, 0x7D, 0xC, 0x11, 0xE0, 0xF8, 0x71, 0xED};
- vec = {nonce_11, aad_11, key_11, plaintext_11, ciphertext_11,
- 12, 28, 44, 48, 64};
- gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true);
-
- // Derived from IEEE 2.3.1 60-byte auth
- uint8_t nonce_12[] = {0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,
- 0x0, 0x1, 0x76, 0xD4, 0x57, 0xED};
- uint8_t aad_12[] = {
- 0xE2, 0x1, 0x6, 0xD7, 0xCD, 0xD, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,
- 0x88, 0xE5, 0x40, 0x0, 0x76, 0xD4, 0x57, 0xED, 0x8, 0x0, 0xF, 0x10,
- 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C,
- 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
- 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34,
- 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x0, 0x3};
- uint8_t key_12[] = {0x7, 0x1B, 0x11, 0x3B, 0xC, 0xA7, 0x43, 0xFE, 0xCC,
- 0xCF, 0x3D, 0x5, 0x1F, 0x73, 0x73, 0x82, 0x6, 0x1A,
- 0x10, 0x3A, 0xD, 0xA6, 0x42, 0xFF, 0xCD, 0xCE, 0x3C,
- 0x4, 0x1E, 0x72, 0x72, 0x83, 0x5, 0x19, 0x13, 0x39,
- 0xE, 0xA5, 0x41, 0xFC, 0xCE, 0xCD, 0x3F, 0x7};
- uint8_t plaintext_12[1] = {};
- uint8_t ciphertext_12[] = {0x58, 0x83, 0x7A, 0x10, 0x56, 0x2B, 0xF, 0x1F,
- 0x8E, 0xDB, 0xE5, 0x8C, 0xA5, 0x58, 0x11, 0xD3};
- vec = {nonce_12, aad_12, key_12, plaintext_12, ciphertext_12, 12, 68,
- 44, 0, 16};
- gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true);
-
- // Derived from IEEE 2.3.2 60-byte auth
- uint8_t nonce_13[] = {0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,
- 0x0, 0x1, 0x76, 0xD4, 0x57, 0xED};
- uint8_t aad_13[] = {
- 0xE2, 0x1, 0x6, 0xD7, 0xCD, 0xD, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,
- 0x88, 0xE5, 0x40, 0x0, 0x76, 0xD4, 0x57, 0xED, 0x8, 0x0, 0xF, 0x10,
- 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C,
- 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
- 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34,
- 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x0, 0x3};
- uint8_t key_13[] = {0x69, 0x1D, 0x3E, 0xE9, 0x9, 0xD7, 0xF5, 0x41, 0x67,
- 0xFD, 0x1C, 0xA0, 0xB5, 0xD7, 0x69, 0x8, 0x1F, 0x2B,
- 0xDE, 0x1A, 0xEE, 0x65, 0x5F, 0xDB, 0xAB, 0x80, 0xBD,
- 0x52, 0x95, 0xAE, 0x6B, 0xE7, 0x6B, 0x1F, 0x3C, 0xEB,
- 0xB, 0xD5, 0xF7, 0x43, 0x65, 0xFF, 0x1E, 0xA2};
- uint8_t plaintext_13[1] = {};
- uint8_t ciphertext_13[] = {0xC2, 0x72, 0x2F, 0xF6, 0xCA, 0x29, 0xA2, 0x57,
- 0x71, 0x8A, 0x52, 0x9D, 0x1F, 0xC, 0x6A, 0x3B};
- vec = {nonce_13, aad_13, key_13, plaintext_13, ciphertext_13, 12, 68,
- 44, 0, 16};
- gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true);
-
- // Derived from IEEE 2.4.1 54-byte crypt
- uint8_t nonce_14[] = {0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,
- 0x0, 0x1, 0x76, 0xD4, 0x57, 0xED};
- uint8_t aad_14[] = {0xE2, 0x1, 0x6, 0xD7, 0xCD, 0xD, 0xF0,
- 0x76, 0x1E, 0x8D, 0xCD, 0x3D, 0x88, 0xE5,
- 0x4C, 0x2A, 0x76, 0xD4, 0x57, 0xED};
- uint8_t key_14[] = {0x7, 0x1B, 0x11, 0x3B, 0xC, 0xA7, 0x43, 0xFE, 0xCC,
- 0xCF, 0x3D, 0x5, 0x1F, 0x73, 0x73, 0x82, 0x6, 0x1A,
- 0x10, 0x3A, 0xD, 0xA6, 0x42, 0xFF, 0xCD, 0xCE, 0x3C,
- 0x4, 0x1E, 0x72, 0x72, 0x83, 0x5, 0x19, 0x13, 0x39,
- 0xE, 0xA5, 0x41, 0xFC, 0xCE, 0xCD, 0x3F, 0x7};
- uint8_t plaintext_14[] = {
- 0x8, 0x0, 0xF, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22,
- 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D,
- 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x0, 0x4};
- uint8_t ciphertext_14[] = {
- 0xFD, 0x96, 0xB7, 0x15, 0xB9, 0x3A, 0x13, 0x34, 0x6A, 0xF5, 0x1E, 0x8A,
- 0xCD, 0xF7, 0x92, 0xCD, 0xC7, 0xB2, 0x68, 0x6F, 0x85, 0x74, 0xC7, 0xE,
- 0x6B, 0xC, 0xBF, 0x16, 0x29, 0x1D, 0xED, 0x42, 0x7A, 0xD7, 0x3F, 0xEC,
- 0x48, 0xCD, 0x29, 0x8E, 0x5, 0x28, 0xA1, 0xF4, 0xC6, 0x44, 0xA9, 0x49,
- 0xFC, 0x31, 0xDC, 0x92, 0x79, 0x70, 0x6D, 0xDB, 0xA3, 0x3F};
- vec = {nonce_14, aad_14, key_14, plaintext_14, ciphertext_14,
- 12, 20, 44, 42, 58};
- gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true);
-
- // Derived from IEEE 2.4.2 54-byte crypt
- uint8_t nonce_15[] = {0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,
- 0x0, 0x1, 0x76, 0xD4, 0x57, 0xED};
- uint8_t aad_15[] = {0xE2, 0x1, 0x6, 0xD7, 0xCD, 0xD, 0xF0,
- 0x76, 0x1E, 0x8D, 0xCD, 0x3D, 0x88, 0xE5,
- 0x4C, 0x2A, 0x76, 0xD4, 0x57, 0xED};
- uint8_t key_15[] = {0x69, 0x1D, 0x3E, 0xE9, 0x9, 0xD7, 0xF5, 0x41, 0x67,
- 0xFD, 0x1C, 0xA0, 0xB5, 0xD7, 0x69, 0x8, 0x1F, 0x2B,
- 0xDE, 0x1A, 0xEE, 0x65, 0x5F, 0xDB, 0xAB, 0x80, 0xBD,
- 0x52, 0x95, 0xAE, 0x6B, 0xE7, 0x6B, 0x1F, 0x3C, 0xEB,
- 0xB, 0xD5, 0xF7, 0x43, 0x65, 0xFF, 0x1E, 0xA2};
- uint8_t plaintext_15[] = {
- 0x8, 0x0, 0xF, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22,
- 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D,
- 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x0, 0x4};
- uint8_t ciphertext_15[] = {
- 0xB6, 0x8F, 0x63, 0x0, 0xC2, 0xE9, 0xAE, 0x83, 0x3B, 0xDC, 0x7, 0xE,
- 0x24, 0x2, 0x1A, 0x34, 0x77, 0x11, 0x8E, 0x78, 0xCC, 0xF8, 0x4E, 0x11,
- 0xA4, 0x85, 0xD8, 0x61, 0x47, 0x6C, 0x30, 0xF, 0x17, 0x53, 0x53, 0xD5,
- 0xCD, 0xF9, 0x20, 0x8, 0xA4, 0xF8, 0x78, 0xE6, 0xCC, 0x35, 0x77, 0x76,
- 0x80, 0x85, 0xC5, 0xA, 0xE, 0x98, 0xFD, 0xA6, 0xCB, 0xB8};
- vec = {nonce_15, aad_15, key_15, plaintext_15, ciphertext_15,
- 12, 20, 44, 42, 58};
- gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true);
-
- // Derived from IEEE 2.5.1 65-byte auth
- uint8_t nonce_16[] = {0x7C, 0xFD, 0xE9, 0xF9, 0xE3, 0x37,
- 0x24, 0xC6, 0x89, 0x32, 0xD6, 0x12};
- uint8_t aad_16[] = {
- 0x84, 0xC5, 0xD5, 0x13, 0xD2, 0xAA, 0xF6, 0xE5, 0xBB, 0xD2, 0x72, 0x77,
- 0x88, 0xE5, 0x23, 0x0, 0x89, 0x32, 0xD6, 0x12, 0x7C, 0xFD, 0xE9, 0xF9,
- 0xE3, 0x37, 0x24, 0xC6, 0x8, 0x0, 0xF, 0x10, 0x11, 0x12, 0x13, 0x14,
- 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20,
- 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C,
- 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38,
- 0x39, 0x3A, 0x3B, 0x3C, 0x3D, 0x3E, 0x3F, 0x0, 0x5};
- uint8_t key_16[] = {0x1, 0x3F, 0xE0, 0xB, 0x5F, 0x11, 0xBE, 0x7F, 0x86,
- 0x6D, 0xC, 0xBB, 0xC5, 0x5A, 0x7A, 0x90, 0x0, 0x3E,
- 0xE1, 0xA, 0x5E, 0x10, 0xBF, 0x7E, 0x87, 0x6C, 0xD,
- 0xBA, 0xC4, 0x5B, 0x7B, 0x91, 0x3, 0x3D, 0xE2, 0x9,
- 0x5D, 0x13, 0xBC, 0x7D, 0x84, 0x6F, 0xE, 0xB9};
- uint8_t plaintext_16[1] = {};
- uint8_t ciphertext_16[] = {0xCC, 0xA2, 0xE, 0xEC, 0xDA, 0x62, 0x83, 0xF0,
- 0x9B, 0xB3, 0x54, 0x3D, 0xD9, 0x9E, 0xDB, 0x9B};
- vec = {nonce_16, aad_16, key_16, plaintext_16, ciphertext_16, 12, 81,
- 44, 0, 16};
- gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true);
-
- // Derived from IEEE 2.5.2 65-byte auth
- uint8_t nonce_17[] = {0x7C, 0xFD, 0xE9, 0xF9, 0xE3, 0x37,
- 0x24, 0xC6, 0x89, 0x32, 0xD6, 0x12};
- uint8_t aad_17[] = {
- 0x84, 0xC5, 0xD5, 0x13, 0xD2, 0xAA, 0xF6, 0xE5, 0xBB, 0xD2, 0x72, 0x77,
- 0x88, 0xE5, 0x23, 0x0, 0x89, 0x32, 0xD6, 0x12, 0x7C, 0xFD, 0xE9, 0xF9,
- 0xE3, 0x37, 0x24, 0xC6, 0x8, 0x0, 0xF, 0x10, 0x11, 0x12, 0x13, 0x14,
- 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20,
- 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C,
- 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38,
- 0x39, 0x3A, 0x3B, 0x3C, 0x3D, 0x3E, 0x3F, 0x0, 0x5};
- uint8_t key_17[] = {0x83, 0xC0, 0x93, 0xB5, 0x8D, 0xE7, 0xFF, 0xE1, 0xC0,
- 0xDA, 0x92, 0x6A, 0xC4, 0x3F, 0xB3, 0x60, 0x9A, 0xC1,
- 0xC8, 0xF, 0xEE, 0x1B, 0x62, 0x44, 0x97, 0xEF, 0x94,
- 0x2E, 0x2F, 0x79, 0xA8, 0x23, 0x81, 0xC2, 0x91, 0xB7,
- 0x8F, 0xE5, 0xFD, 0xE3, 0xC2, 0xD8, 0x90, 0x68};
- uint8_t plaintext_17[1] = {};
- uint8_t ciphertext_17[] = {0xB2, 0x32, 0xCC, 0x1D, 0xA5, 0x11, 0x7B, 0xF1,
- 0x50, 0x3, 0x73, 0x4F, 0xA5, 0x99, 0xD2, 0x71};
- vec = {nonce_17, aad_17, key_17, plaintext_17, ciphertext_17, 12, 81,
- 44, 0, 16};
- gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true);
-
- // Derived from IEEE 2.6.1 61-byte crypt
- uint8_t nonce_18[] = {0x7C, 0xFD, 0xE9, 0xF9, 0xE3, 0x37,
- 0x24, 0xC6, 0x89, 0x32, 0xD6, 0x12};
- uint8_t aad_18[] = {0x84, 0xC5, 0xD5, 0x13, 0xD2, 0xAA, 0xF6,
- 0xE5, 0xBB, 0xD2, 0x72, 0x77, 0x88, 0xE5,
- 0x2F, 0x0, 0x89, 0x32, 0xD6, 0x12, 0x7C,
- 0xFD, 0xE9, 0xF9, 0xE3, 0x37, 0x24, 0xC6};
- uint8_t key_18[] = {0x1, 0x3F, 0xE0, 0xB, 0x5F, 0x11, 0xBE, 0x7F, 0x86,
- 0x6D, 0xC, 0xBB, 0xC5, 0x5A, 0x7A, 0x90, 0x0, 0x3E,
- 0xE1, 0xA, 0x5E, 0x10, 0xBF, 0x7E, 0x87, 0x6C, 0xD,
- 0xBA, 0xC4, 0x5B, 0x7B, 0x91, 0x3, 0x3D, 0xE2, 0x9,
- 0x5D, 0x13, 0xBC, 0x7D, 0x84, 0x6F, 0xE, 0xB9};
- uint8_t plaintext_18[] = {
- 0x8, 0x0, 0xF, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16,
- 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20,
- 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A,
- 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34,
- 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x0, 0x6};
- uint8_t ciphertext_18[] = {
- 0xFF, 0x19, 0x10, 0xD3, 0x5A, 0xD7, 0xE5, 0x65, 0x78, 0x90, 0xC7,
- 0xC5, 0x60, 0x14, 0x6F, 0xD0, 0x38, 0x70, 0x7F, 0x20, 0x4B, 0x66,
- 0xED, 0xBC, 0x3D, 0x16, 0x1F, 0x8A, 0xCE, 0x24, 0x4B, 0x98, 0x59,
- 0x21, 0x2, 0x3C, 0x43, 0x6E, 0x3A, 0x1C, 0x35, 0x32, 0xEC, 0xD5,
- 0xD0, 0x9A, 0x5, 0x6D, 0x70, 0xBE, 0x58, 0x3F, 0xD, 0x10, 0x82,
- 0x9D, 0x93, 0x87, 0xD0, 0x7D, 0x33, 0xD8, 0x72, 0xE4, 0x90};
- vec = {nonce_18, aad_18, key_18, plaintext_18, ciphertext_18,
- 12, 28, 44, 49, 65};
- gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true);
-
- // Derived from IEEE 2.6.2 61-byte crypt
- uint8_t nonce_19[] = {0x7C, 0xFD, 0xE9, 0xF9, 0xE3, 0x37,
- 0x24, 0xC6, 0x89, 0x32, 0xD6, 0x12};
- uint8_t aad_19[] = {0x84, 0xC5, 0xD5, 0x13, 0xD2, 0xAA, 0xF6,
- 0xE5, 0xBB, 0xD2, 0x72, 0x77, 0x88, 0xE5,
- 0x2F, 0x0, 0x89, 0x32, 0xD6, 0x12, 0x7C,
- 0xFD, 0xE9, 0xF9, 0xE3, 0x37, 0x24, 0xC6};
- uint8_t key_19[] = {0x83, 0xC0, 0x93, 0xB5, 0x8D, 0xE7, 0xFF, 0xE1, 0xC0,
- 0xDA, 0x92, 0x6A, 0xC4, 0x3F, 0xB3, 0x60, 0x9A, 0xC1,
- 0xC8, 0xF, 0xEE, 0x1B, 0x62, 0x44, 0x97, 0xEF, 0x94,
- 0x2E, 0x2F, 0x79, 0xA8, 0x23, 0x81, 0xC2, 0x91, 0xB7,
- 0x8F, 0xE5, 0xFD, 0xE3, 0xC2, 0xD8, 0x90, 0x68};
- uint8_t plaintext_19[] = {
- 0x8, 0x0, 0xF, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16,
- 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20,
- 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A,
- 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34,
- 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x0, 0x6};
- uint8_t ciphertext_19[] = {
- 0xD, 0xB4, 0xCF, 0x95, 0x6B, 0x5F, 0x97, 0xEC, 0xA4, 0xEA, 0xB8,
- 0x2A, 0x69, 0x55, 0x30, 0x7F, 0x9A, 0xE0, 0x2A, 0x32, 0xDD, 0x7D,
- 0x93, 0xF8, 0x3D, 0x66, 0xAD, 0x4, 0xE1, 0xCF, 0xDC, 0x51, 0x82,
- 0xAD, 0x12, 0xAB, 0xDE, 0xA5, 0xBB, 0xB6, 0x19, 0xA1, 0xBD, 0x5F,
- 0xB9, 0xA5, 0x73, 0x59, 0xF, 0xBA, 0x90, 0x8E, 0x9C, 0x7A, 0x46,
- 0xC1, 0xF7, 0xBA, 0x9, 0x5, 0xD1, 0xB5, 0x5F, 0xFD, 0xA4};
- vec = {nonce_19, aad_19, key_19, plaintext_19, ciphertext_19,
- 12, 28, 44, 49, 65};
- gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true);
-
- // Derived from IEEE 2.7.1 79-byte crypt
- uint8_t nonce_20[] = {0x7A, 0xE8, 0xE2, 0xCA, 0x4E, 0xC5,
- 0x0, 0x1, 0x2E, 0x58, 0x49, 0x5C};
- uint8_t aad_20[] = {
- 0x68, 0xF2, 0xE7, 0x76, 0x96, 0xCE, 0x7A, 0xE8, 0xE2, 0xCA, 0x4E,
- 0xC5, 0x88, 0xE5, 0x41, 0x0, 0x2E, 0x58, 0x49, 0x5C, 0x8, 0x0,
- 0xF, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
- 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24,
- 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A,
- 0x3B, 0x3C, 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45,
- 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C, 0x4D, 0x0, 0x7};
- uint8_t key_20[] = {0x88, 0xEE, 0x8, 0x7F, 0xD9, 0x5D, 0xA9, 0xFB, 0xF6,
- 0x72, 0x5A, 0xA9, 0xD7, 0x57, 0xB0, 0xCD, 0x89, 0xEF,
- 0x9, 0x7E, 0xD8, 0x5C, 0xA8, 0xFA, 0xF7, 0x73, 0x5B,
- 0xA8, 0xD6, 0x56, 0xB1, 0xCC, 0x8A, 0xEC, 0xA, 0x7D,
- 0xDB, 0x5F, 0xAB, 0xF9, 0xF4, 0x70, 0x58, 0xAB};
- uint8_t plaintext_20[1] = {};
- uint8_t ciphertext_20[] = {0x81, 0x3F, 0xE, 0x63, 0xF, 0x96, 0xFB, 0x2D,
- 0x3, 0xF, 0x58, 0xD8, 0x3F, 0x5C, 0xDF, 0xD0};
- vec = {nonce_20, aad_20, key_20, plaintext_20, ciphertext_20, 12, 87,
- 44, 0, 16};
- gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true);
-
- // Derived from IEEE 2.7.2 79-byte crypt
- uint8_t nonce_21[] = {0x7A, 0xE8, 0xE2, 0xCA, 0x4E, 0xC5,
- 0x0, 0x1, 0x2E, 0x58, 0x49, 0x5C};
- uint8_t aad_21[] = {
- 0x68, 0xF2, 0xE7, 0x76, 0x96, 0xCE, 0x7A, 0xE8, 0xE2, 0xCA, 0x4E,
- 0xC5, 0x88, 0xE5, 0x41, 0x0, 0x2E, 0x58, 0x49, 0x5C, 0x8, 0x0,
- 0xF, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
- 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24,
- 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A,
- 0x3B, 0x3C, 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45,
- 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C, 0x4D, 0x0, 0x7};
- uint8_t key_21[] = {0x4C, 0x97, 0x3D, 0xBC, 0x73, 0x64, 0x62, 0x16, 0x74,
- 0xF8, 0xB5, 0xB8, 0x9E, 0x5C, 0x15, 0x51, 0x1F, 0xCE,
- 0xD9, 0x21, 0x64, 0x90, 0xFB, 0x1C, 0x1A, 0x2C, 0xAA,
- 0xF, 0xFE, 0x4, 0x7, 0xE5, 0x4E, 0x95, 0x3F, 0xBE,
- 0x71, 0x66, 0x60, 0x14, 0x76, 0xFA, 0xB7, 0xBA};
- uint8_t plaintext_21[1] = {};
- uint8_t ciphertext_21[] = {0x77, 0xE5, 0xA4, 0x4C, 0x21, 0xEB, 0x7, 0x18,
- 0x8A, 0xAC, 0xBD, 0x74, 0xD1, 0x98, 0xE, 0x97};
- vec = {nonce_21, aad_21, key_21, plaintext_21, ciphertext_21, 12, 87,
- 44, 0, 16};
- gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true);
-
- // Derived from IEEE 2.8.1 61-byte crypt
- uint8_t nonce_22[] = {0x7A, 0xE8, 0xE2, 0xCA, 0x4E, 0xC5,
- 0x0, 0x1, 0x2E, 0x58, 0x49, 0x5C};
- uint8_t aad_22[] = {0x68, 0xF2, 0xE7, 0x76, 0x96, 0xCE, 0x7A,
- 0xE8, 0xE2, 0xCA, 0x4E, 0xC5, 0x88, 0xE5,
- 0x4D, 0x0, 0x2E, 0x58, 0x49, 0x5C};
- uint8_t key_22[] = {0x88, 0xEE, 0x8, 0x7F, 0xD9, 0x5D, 0xA9, 0xFB, 0xF6,
- 0x72, 0x5A, 0xA9, 0xD7, 0x57, 0xB0, 0xCD, 0x89, 0xEF,
- 0x9, 0x7E, 0xD8, 0x5C, 0xA8, 0xFA, 0xF7, 0x73, 0x5B,
- 0xA8, 0xD6, 0x56, 0xB1, 0xCC, 0x8A, 0xEC, 0xA, 0x7D,
- 0xDB, 0x5F, 0xAB, 0xF9, 0xF4, 0x70, 0x58, 0xAB};
- uint8_t plaintext_22[] = {
- 0x8, 0x0, 0xF, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22,
- 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D,
- 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38,
- 0x39, 0x3A, 0x3B, 0x3C, 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43,
- 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x0, 0x8};
- uint8_t ciphertext_22[] = {
- 0x95, 0x8E, 0xC3, 0xF6, 0xD6, 0xA, 0xFE, 0xDA, 0x99, 0xEF, 0xD8, 0x88,
- 0xF1, 0x75, 0xE5, 0xFC, 0xD4, 0xC8, 0x7B, 0x9B, 0xCC, 0x5C, 0x2F, 0x54,
- 0x26, 0x25, 0x3A, 0x8B, 0x50, 0x62, 0x96, 0xC8, 0xC4, 0x33, 0x9, 0xAB,
- 0x2A, 0xDB, 0x59, 0x39, 0x46, 0x25, 0x41, 0xD9, 0x5E, 0x80, 0x81, 0x1E,
- 0x4, 0xE7, 0x6, 0xB1, 0x49, 0x8F, 0x2C, 0x40, 0x7C, 0x7F, 0xB2, 0x34,
- 0xF8, 0xCC, 0x1, 0xA6, 0x47, 0x55, 0xE, 0xE6, 0xB5, 0x57, 0xB3, 0x5A,
- 0x7E, 0x39, 0x45, 0x38, 0x18, 0x21, 0xF4};
- vec = {nonce_22, aad_22, key_22, plaintext_22, ciphertext_22,
- 12, 20, 44, 63, 79};
- gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true);
-
- // Derived from IEEE 2.8.2 61-byte crypt
- uint8_t nonce_23[] = {0x7A, 0xE8, 0xE2, 0xCA, 0x4E, 0xC5,
- 0x0, 0x1, 0x2E, 0x58, 0x49, 0x5C};
- uint8_t aad_23[] = {0x68, 0xF2, 0xE7, 0x76, 0x96, 0xCE, 0x7A,
- 0xE8, 0xE2, 0xCA, 0x4E, 0xC5, 0x88, 0xE5,
- 0x4D, 0x0, 0x2E, 0x58, 0x49, 0x5C};
- uint8_t key_23[] = {0x4C, 0x97, 0x3D, 0xBC, 0x73, 0x64, 0x62, 0x16, 0x74,
- 0xF8, 0xB5, 0xB8, 0x9E, 0x5C, 0x15, 0x51, 0x1F, 0xCE,
- 0xD9, 0x21, 0x64, 0x90, 0xFB, 0x1C, 0x1A, 0x2C, 0xAA,
- 0xF, 0xFE, 0x4, 0x7, 0xE5, 0x4E, 0x95, 0x3F, 0xBE,
- 0x71, 0x66, 0x60, 0x14, 0x76, 0xFA, 0xB7, 0xBA};
- uint8_t plaintext_23[] = {
- 0x8, 0x0, 0xF, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22,
- 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D,
- 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38,
- 0x39, 0x3A, 0x3B, 0x3C, 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43,
- 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x0, 0x8};
- uint8_t ciphertext_23[] = {
- 0xB4, 0x4D, 0x7, 0x20, 0x11, 0xCD, 0x36, 0xD2, 0x72, 0xA9, 0xB7, 0xA9,
- 0x8D, 0xB9, 0xAA, 0x90, 0xCB, 0xC5, 0xC6, 0x7B, 0x93, 0xDD, 0xCE, 0x67,
- 0xC8, 0x54, 0x50, 0x32, 0x14, 0xE2, 0xE8, 0x96, 0xEC, 0x7E, 0x9D, 0xB6,
- 0x49, 0xED, 0x4B, 0xCF, 0x6F, 0x85, 0xA, 0xAC, 0x2, 0x23, 0xD0, 0xCF,
- 0x92, 0xC8, 0x3D, 0xB8, 0x7, 0x95, 0xC3, 0xA1, 0x7E, 0xCC, 0x12, 0x48,
- 0xBB, 0x0, 0x59, 0x17, 0x12, 0xB1, 0xAE, 0x71, 0xE2, 0x68, 0x16, 0x41,
- 0x96, 0x25, 0x21, 0x62, 0x81, 0xB, 0x0};
- vec = {nonce_23, aad_23, key_23, plaintext_23, ciphertext_23,
- 12, 20, 44, 63, 79};
- gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true);
-}
-
-static void gsec_test_do_vector_tests_nist() {
- /**
- * From:
- * http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/
- * gcm-revised-spec.pdf
- */
-
- /* Test vector 1 */
- gsec_aead_test_vector* test_vector_1;
- const uint8_t test_vector_1_key[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00};
- const uint8_t test_vector_1_nonce[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
- const uint8_t test_vector_1_aad[1] = {};
- const uint8_t test_vector_1_plaintext[1] = {};
- const uint8_t test_vector_1_ciphertext_and_tag[] = {
- 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61,
- 0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a};
- gsec_aead_malloc_test_vector(
- &test_vector_1, test_vector_1_key,
- sizeof(test_vector_1_key) / sizeof(uint8_t), test_vector_1_nonce,
- sizeof(test_vector_1_nonce) / sizeof(uint8_t), test_vector_1_aad, 0,
- test_vector_1_plaintext, 0, test_vector_1_ciphertext_and_tag,
- sizeof(test_vector_1_ciphertext_and_tag) / sizeof(uint8_t));
- gsec_test_verify_crypter_on_test_vector(test_vector_1);
- gsec_aead_free_test_vector(test_vector_1);
-
- /* Test vector 2 */
- gsec_aead_test_vector* test_vector_2;
- const uint8_t test_vector_2_key[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00};
- const uint8_t test_vector_2_nonce[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
- const uint8_t test_vector_2_aad[1] = {};
- const uint8_t test_vector_2_plaintext[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00};
- const uint8_t test_vector_2_ciphertext_and_tag[] = {
- 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92, 0xf3, 0x28, 0xc2,
- 0xb9, 0x71, 0xb2, 0xfe, 0x78, 0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec,
- 0x13, 0xbd, 0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf};
- gsec_aead_malloc_test_vector(
- &test_vector_2, test_vector_2_key,
- sizeof(test_vector_2_key) / sizeof(uint8_t), test_vector_2_nonce,
- sizeof(test_vector_2_nonce) / sizeof(uint8_t), test_vector_2_aad, 0,
- test_vector_2_plaintext,
- sizeof(test_vector_2_plaintext) / sizeof(uint8_t),
- test_vector_2_ciphertext_and_tag,
- sizeof(test_vector_2_ciphertext_and_tag) / sizeof(uint8_t));
- gsec_test_verify_crypter_on_test_vector(test_vector_2);
- gsec_aead_free_test_vector(test_vector_2);
-
- /* Test vector 3 */
- gsec_aead_test_vector* test_vector_3;
- const uint8_t test_vector_3_key[] = {0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65,
- 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
- 0x67, 0x30, 0x83, 0x08};
- const uint8_t test_vector_3_nonce[] = {0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce,
- 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88};
- const uint8_t test_vector_3_aad[1] = {};
- const uint8_t test_vector_3_plaintext[] = {
- 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09,
- 0xc5, 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34,
- 0xf7, 0xda, 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c,
- 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24,
- 0x49, 0xa6, 0xb5, 0x25, 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6,
- 0x57, 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55};
- const uint8_t test_vector_3_ciphertext_and_tag[] = {
- 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24, 0x4b, 0x72, 0x21, 0xb7,
- 0x84, 0xd0, 0xd4, 0x9c, 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
- 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e, 0x21, 0xd5, 0x14, 0xb2,
- 0x54, 0x66, 0x93, 0x1c, 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
- 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97, 0x3d, 0x58, 0xe0, 0x91,
- 0x47, 0x3f, 0x59, 0x85, 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6,
- 0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4};
- gsec_aead_malloc_test_vector(
- &test_vector_3, test_vector_3_key,
- sizeof(test_vector_3_key) / sizeof(uint8_t), test_vector_3_nonce,
- sizeof(test_vector_3_nonce) / sizeof(uint8_t), test_vector_3_aad, 0,
- test_vector_3_plaintext,
- sizeof(test_vector_3_plaintext) / sizeof(uint8_t),
- test_vector_3_ciphertext_and_tag,
- sizeof(test_vector_3_ciphertext_and_tag) / sizeof(uint8_t));
- gsec_test_verify_crypter_on_test_vector(test_vector_3);
- gsec_aead_free_test_vector(test_vector_3);
-
- /* Test vector 4 */
- gsec_aead_test_vector* test_vector_4;
- const uint8_t test_vector_4_key[] = {0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65,
- 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
- 0x67, 0x30, 0x83, 0x08};
- const uint8_t test_vector_4_nonce[] = {0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce,
- 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88};
- const uint8_t test_vector_4_aad[] = {0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe,
- 0xef, 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad,
- 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2};
- const uint8_t test_vector_4_plaintext[] = {
- 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
- 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
- 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
- 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
- 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39};
- const uint8_t test_vector_4_ciphertext_and_tag[] = {
- 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24, 0x4b, 0x72, 0x21,
- 0xb7, 0x84, 0xd0, 0xd4, 0x9c, 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02,
- 0xa4, 0xe0, 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e, 0x21,
- 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c, 0x7d, 0x8f, 0x6a, 0x5a,
- 0xac, 0x84, 0xaa, 0x05, 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac,
- 0x97, 0x3d, 0x58, 0xe0, 0x91, 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21,
- 0xa5, 0xdb, 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47};
- gsec_aead_malloc_test_vector(
- &test_vector_4, test_vector_4_key,
- sizeof(test_vector_4_key) / sizeof(uint8_t), test_vector_4_nonce,
- sizeof(test_vector_4_nonce) / sizeof(uint8_t), test_vector_4_aad,
- sizeof(test_vector_4_aad) / sizeof(uint8_t), test_vector_4_plaintext,
- sizeof(test_vector_4_plaintext) / sizeof(uint8_t),
- test_vector_4_ciphertext_and_tag,
- sizeof(test_vector_4_ciphertext_and_tag) / sizeof(uint8_t));
- gsec_test_verify_crypter_on_test_vector(test_vector_4);
- gsec_aead_free_test_vector(test_vector_4);
-}
-
-static void gsec_test_do_vector_tests_ieee() {
- /**
- * From:
- * http://www.ieee802.org/1/files/public/docs2011/
- * bn-randall-test-vectors-0511-v1.pdf
- */
-
- /* 2.1.1 54-byte auth */
- gsec_aead_test_vector* test_vector_5;
- const uint8_t test_vector_5_key[] = {0xad, 0x7a, 0x2b, 0xd0, 0x3e, 0xac,
- 0x83, 0x5a, 0x6f, 0x62, 0x0f, 0xdc,
- 0xb5, 0x06, 0xb3, 0x45};
- const uint8_t test_vector_5_nonce[] = {0x12, 0x15, 0x35, 0x24, 0xc0, 0x89,
- 0x5e, 0x81, 0xb2, 0xc2, 0x84, 0x65};
- const uint8_t test_vector_5_aad[] = {
- 0xd6, 0x09, 0xb1, 0xf0, 0x56, 0x63, 0x7a, 0x0d, 0x46, 0xdf, 0x99, 0x8d,
- 0x88, 0xe5, 0x22, 0x2a, 0xb2, 0xc2, 0x84, 0x65, 0x12, 0x15, 0x35, 0x24,
- 0xc0, 0x89, 0x5e, 0x81, 0x08, 0x00, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14,
- 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20,
- 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c,
- 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x00, 0x01};
- const uint8_t test_vector_5_plaintext[1] = {};
- const uint8_t test_vector_5_ciphertext_and_tag[] = {
- 0xf0, 0x94, 0x78, 0xa9, 0xb0, 0x90, 0x07, 0xd0,
- 0x6f, 0x46, 0xe9, 0xb6, 0xa1, 0xda, 0x25, 0xdd};
- gsec_aead_malloc_test_vector(
- &test_vector_5, test_vector_5_key,
- sizeof(test_vector_5_key) / sizeof(uint8_t), test_vector_5_nonce,
- sizeof(test_vector_5_nonce) / sizeof(uint8_t), test_vector_5_aad,
- sizeof(test_vector_5_aad) / sizeof(uint8_t), test_vector_5_plaintext, 0,
- test_vector_5_ciphertext_and_tag,
- sizeof(test_vector_5_ciphertext_and_tag) / sizeof(uint8_t));
- gsec_test_verify_crypter_on_test_vector(test_vector_5);
- gsec_aead_free_test_vector(test_vector_5);
-
- /* 2.1.2 54-byte auth */
- gsec_aead_test_vector* test_vector_6;
- const uint8_t test_vector_6_key[] = {
- 0xe3, 0xc0, 0x8a, 0x8f, 0x06, 0xc6, 0xe3, 0xad, 0x95, 0xa7, 0x05,
- 0x57, 0xb2, 0x3f, 0x75, 0x48, 0x3c, 0xe3, 0x30, 0x21, 0xa9, 0xc7,
- 0x2b, 0x70, 0x25, 0x66, 0x62, 0x04, 0xc6, 0x9c, 0x0b, 0x72};
-
- const uint8_t test_vector_6_nonce[] = {0x12, 0x15, 0x35, 0x24, 0xc0, 0x89,
- 0x5e, 0x81, 0xb2, 0xc2, 0x84, 0x65};
- const uint8_t test_vector_6_aad[] = {
- 0xd6, 0x09, 0xb1, 0xf0, 0x56, 0x63, 0x7a, 0x0d, 0x46, 0xdf, 0x99, 0x8d,
- 0x88, 0xe5, 0x22, 0x2a, 0xb2, 0xc2, 0x84, 0x65, 0x12, 0x15, 0x35, 0x24,
- 0xc0, 0x89, 0x5e, 0x81, 0x08, 0x00, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14,
- 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20,
- 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c,
- 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x00, 0x01};
- const uint8_t test_vector_6_plaintext[1] = {};
- const uint8_t test_vector_6_ciphertext_and_tag[] = {
- 0x2f, 0x0b, 0xc5, 0xaf, 0x40, 0x9e, 0x06, 0xd6,
- 0x09, 0xea, 0x8b, 0x7d, 0x0f, 0xa5, 0xea, 0x50};
- gsec_aead_malloc_test_vector(
- &test_vector_6, test_vector_6_key,
- sizeof(test_vector_6_key) / sizeof(uint8_t), test_vector_6_nonce,
- sizeof(test_vector_6_nonce) / sizeof(uint8_t), test_vector_6_aad,
- sizeof(test_vector_6_aad) / sizeof(uint8_t), test_vector_6_plaintext, 0,
- test_vector_6_ciphertext_and_tag,
- sizeof(test_vector_6_ciphertext_and_tag) / sizeof(uint8_t));
- gsec_test_verify_crypter_on_test_vector(test_vector_6);
- gsec_aead_free_test_vector(test_vector_6);
-
- /* 2.2.1 60-byte crypt */
- gsec_aead_test_vector* test_vector_7;
- const uint8_t test_vector_7_key[] = {0xad, 0x7a, 0x2b, 0xd0, 0x3e, 0xac,
- 0x83, 0x5a, 0x6f, 0x62, 0x0f, 0xdc,
- 0xb5, 0x06, 0xb3, 0x45};
-
- const uint8_t test_vector_7_nonce[] = {0x12, 0x15, 0x35, 0x24, 0xc0, 0x89,
- 0x5e, 0x81, 0xb2, 0xc2, 0x84, 0x65};
- const uint8_t test_vector_7_aad[] = {
- 0xd6, 0x09, 0xb1, 0xf0, 0x56, 0x63, 0x7a, 0x0d, 0x46, 0xdf,
- 0x99, 0x8d, 0x88, 0xe5, 0x2e, 0x00, 0xb2, 0xc2, 0x84, 0x65,
- 0x12, 0x15, 0x35, 0x24, 0xc0, 0x89, 0x5e, 0x81};
- const uint8_t test_vector_7_plaintext[] = {
- 0x08, 0x00, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
- 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24,
- 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30,
- 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x00, 0x02};
- const uint8_t test_vector_7_ciphertext_and_tag[] = {
- 0x70, 0x1a, 0xfa, 0x1c, 0xc0, 0x39, 0xc0, 0xd7, 0x65, 0x12, 0x8a,
- 0x66, 0x5d, 0xab, 0x69, 0x24, 0x38, 0x99, 0xbf, 0x73, 0x18, 0xcc,
- 0xdc, 0x81, 0xc9, 0x93, 0x1d, 0xa1, 0x7f, 0xbe, 0x8e, 0xdd, 0x7d,
- 0x17, 0xcb, 0x8b, 0x4c, 0x26, 0xfc, 0x81, 0xe3, 0x28, 0x4f, 0x2b,
- 0x7f, 0xba, 0x71, 0x3d, 0x4f, 0x8d, 0x55, 0xe7, 0xd3, 0xf0, 0x6f,
- 0xd5, 0xa1, 0x3c, 0x0c, 0x29, 0xb9, 0xd5, 0xb8, 0x80};
- gsec_aead_malloc_test_vector(
- &test_vector_7, test_vector_7_key,
- sizeof(test_vector_7_key) / sizeof(uint8_t), test_vector_7_nonce,
- sizeof(test_vector_7_nonce) / sizeof(uint8_t), test_vector_7_aad,
- sizeof(test_vector_7_aad) / sizeof(uint8_t), test_vector_7_plaintext,
- sizeof(test_vector_7_plaintext) / sizeof(uint8_t),
- test_vector_7_ciphertext_and_tag,
- sizeof(test_vector_7_ciphertext_and_tag) / sizeof(uint8_t));
- gsec_test_verify_crypter_on_test_vector(test_vector_7);
- gsec_aead_free_test_vector(test_vector_7);
-
- /* 2.2.2 60-byte crypt */
- gsec_aead_test_vector* test_vector_8;
- const uint8_t test_vector_8_key[] = {
- 0xe3, 0xc0, 0x8a, 0x8f, 0x06, 0xc6, 0xe3, 0xad, 0x95, 0xa7, 0x05,
- 0x57, 0xb2, 0x3f, 0x75, 0x48, 0x3c, 0xe3, 0x30, 0x21, 0xa9, 0xc7,
- 0x2b, 0x70, 0x25, 0x66, 0x62, 0x04, 0xc6, 0x9c, 0x0b, 0x72};
- const uint8_t test_vector_8_nonce[] = {0x12, 0x15, 0x35, 0x24, 0xc0, 0x89,
- 0x5e, 0x81, 0xb2, 0xc2, 0x84, 0x65};
- const uint8_t test_vector_8_aad[] = {
- 0xd6, 0x09, 0xb1, 0xf0, 0x56, 0x63, 0x7a, 0x0d, 0x46, 0xdf,
- 0x99, 0x8d, 0x88, 0xe5, 0x2e, 0x00, 0xb2, 0xc2, 0x84, 0x65,
- 0x12, 0x15, 0x35, 0x24, 0xc0, 0x89, 0x5e, 0x81};
- const uint8_t test_vector_8_plaintext[] = {
- 0x08, 0x00, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
- 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24,
- 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30,
- 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x00, 0x02};
- const uint8_t test_vector_8_ciphertext_and_tag[] = {
- 0xe2, 0x00, 0x6e, 0xb4, 0x2f, 0x52, 0x77, 0x02, 0x2d, 0x9b, 0x19,
- 0x92, 0x5b, 0xc4, 0x19, 0xd7, 0xa5, 0x92, 0x66, 0x6c, 0x92, 0x5f,
- 0xe2, 0xef, 0x71, 0x8e, 0xb4, 0xe3, 0x08, 0xef, 0xea, 0xa7, 0xc5,
- 0x27, 0x3b, 0x39, 0x41, 0x18, 0x86, 0x0a, 0x5b, 0xe2, 0xa9, 0x7f,
- 0x56, 0xab, 0x78, 0x36, 0x5c, 0xa5, 0x97, 0xcd, 0xbb, 0x3e, 0xdb,
- 0x8d, 0x1a, 0x11, 0x51, 0xea, 0x0a, 0xf7, 0xb4, 0x36};
- gsec_aead_malloc_test_vector(
- &test_vector_8, test_vector_8_key,
- sizeof(test_vector_8_key) / sizeof(uint8_t), test_vector_8_nonce,
- sizeof(test_vector_8_nonce) / sizeof(uint8_t), test_vector_8_aad,
- sizeof(test_vector_8_aad) / sizeof(uint8_t), test_vector_8_plaintext,
- sizeof(test_vector_8_plaintext) / sizeof(uint8_t),
- test_vector_8_ciphertext_and_tag,
- sizeof(test_vector_8_ciphertext_and_tag) / sizeof(uint8_t));
- gsec_test_verify_crypter_on_test_vector(test_vector_8);
- gsec_aead_free_test_vector(test_vector_8);
-
- /* 2.3.1 60-byte auth */
- gsec_aead_test_vector* test_vector_9;
- const uint8_t test_vector_9_key[] = {0x07, 0x1b, 0x11, 0x3b, 0x0c, 0xa7,
- 0x43, 0xfe, 0xcc, 0xcf, 0x3d, 0x05,
- 0x1f, 0x73, 0x73, 0x82};
- const uint8_t test_vector_9_nonce[] = {0xf0, 0x76, 0x1e, 0x8d, 0xcd, 0x3d,
- 0x00, 0x01, 0x76, 0xd4, 0x57, 0xed};
- const uint8_t test_vector_9_aad[] = {
- 0xe2, 0x01, 0x06, 0xd7, 0xcd, 0x0d, 0xf0, 0x76, 0x1e, 0x8d, 0xcd, 0x3d,
- 0x88, 0xe5, 0x40, 0x00, 0x76, 0xd4, 0x57, 0xed, 0x08, 0x00, 0x0f, 0x10,
- 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c,
- 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
- 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34,
- 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x00, 0x03};
- const uint8_t test_vector_9_plaintext[1] = {};
- const uint8_t test_vector_9_ciphertext_and_tag[] = {
- 0x0c, 0x01, 0x7b, 0xc7, 0x3b, 0x22, 0x7d, 0xfc,
- 0xc9, 0xba, 0xfa, 0x1c, 0x41, 0xac, 0xc3, 0x53};
- gsec_aead_malloc_test_vector(
- &test_vector_9, test_vector_9_key,
- sizeof(test_vector_9_key) / sizeof(uint8_t), test_vector_9_nonce,
- sizeof(test_vector_9_nonce) / sizeof(uint8_t), test_vector_9_aad,
- sizeof(test_vector_9_aad) / sizeof(uint8_t), test_vector_9_plaintext, 0,
- test_vector_9_ciphertext_and_tag,
- sizeof(test_vector_9_ciphertext_and_tag) / sizeof(uint8_t));
- gsec_test_verify_crypter_on_test_vector(test_vector_9);
- gsec_aead_free_test_vector(test_vector_9);
-
- /* 2.3.2 60-byte auth */
- gsec_aead_test_vector* test_vector_10;
- const uint8_t test_vector_10_key[] = {
- 0x69, 0x1d, 0x3e, 0xe9, 0x09, 0xd7, 0xf5, 0x41, 0x67, 0xfd, 0x1c,
- 0xa0, 0xb5, 0xd7, 0x69, 0x08, 0x1f, 0x2b, 0xde, 0x1a, 0xee, 0x65,
- 0x5f, 0xdb, 0xab, 0x80, 0xbd, 0x52, 0x95, 0xae, 0x6b, 0xe7};
- const uint8_t test_vector_10_nonce[] = {0xf0, 0x76, 0x1e, 0x8d, 0xcd, 0x3d,
- 0x00, 0x01, 0x76, 0xd4, 0x57, 0xed};
- const uint8_t test_vector_10_aad[] = {
- 0xe2, 0x01, 0x06, 0xd7, 0xcd, 0x0d, 0xf0, 0x76, 0x1e, 0x8d, 0xcd, 0x3d,
- 0x88, 0xe5, 0x40, 0x00, 0x76, 0xd4, 0x57, 0xed, 0x08, 0x00, 0x0f, 0x10,
- 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c,
- 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
- 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34,
- 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x00, 0x03};
- const uint8_t test_vector_10_plaintext[1] = {};
- const uint8_t test_vector_10_ciphertext_and_tag[] = {
- 0x35, 0x21, 0x7c, 0x77, 0x4b, 0xbc, 0x31, 0xb6,
- 0x31, 0x66, 0xbc, 0xf9, 0xd4, 0xab, 0xed, 0x07};
- gsec_aead_malloc_test_vector(
- &test_vector_10, test_vector_10_key,
- sizeof(test_vector_10_key) / sizeof(uint8_t), test_vector_10_nonce,
- sizeof(test_vector_10_nonce) / sizeof(uint8_t), test_vector_10_aad,
- sizeof(test_vector_10_aad) / sizeof(uint8_t), test_vector_10_plaintext, 0,
- test_vector_10_ciphertext_and_tag,
- sizeof(test_vector_10_ciphertext_and_tag) / sizeof(uint8_t));
- gsec_test_verify_crypter_on_test_vector(test_vector_10);
- gsec_aead_free_test_vector(test_vector_10);
-
- /* 2.4.1 54-byte crypt */
- gsec_aead_test_vector* test_vector_11;
- const uint8_t test_vector_11_key[] = {0x07, 0x1b, 0x11, 0x3b, 0x0c, 0xa7,
- 0x43, 0xfe, 0xcc, 0xcf, 0x3d, 0x05,
- 0x1f, 0x73, 0x73, 0x82};
- const uint8_t test_vector_11_nonce[] = {0xf0, 0x76, 0x1e, 0x8d, 0xcd, 0x3d,
- 0x00, 0x01, 0x76, 0xd4, 0x57, 0xed};
- const uint8_t test_vector_11_aad[] = {
- 0xe2, 0x01, 0x06, 0xd7, 0xcd, 0x0d, 0xf0, 0x76, 0x1e, 0x8d,
- 0xcd, 0x3d, 0x88, 0xe5, 0x4c, 0x2a, 0x76, 0xd4, 0x57, 0xed};
- const uint8_t test_vector_11_plaintext[] = {
- 0x08, 0x00, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22,
- 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d,
- 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x00, 0x04};
- const uint8_t test_vector_11_ciphertext_and_tag[] = {
- 0x13, 0xb4, 0xc7, 0x2b, 0x38, 0x9d, 0xc5, 0x01, 0x8e, 0x72, 0xa1, 0x71,
- 0xdd, 0x85, 0xa5, 0xd3, 0x75, 0x22, 0x74, 0xd3, 0xa0, 0x19, 0xfb, 0xca,
- 0xed, 0x09, 0xa4, 0x25, 0xcd, 0x9b, 0x2e, 0x1c, 0x9b, 0x72, 0xee, 0xe7,
- 0xc9, 0xde, 0x7d, 0x52, 0xb3, 0xf3, 0xd6, 0xa5, 0x28, 0x4f, 0x4a, 0x6d,
- 0x3f, 0xe2, 0x2a, 0x5d, 0x6c, 0x2b, 0x96, 0x04, 0x94, 0xc3};
- gsec_aead_malloc_test_vector(
- &test_vector_11, test_vector_11_key,
- sizeof(test_vector_11_key) / sizeof(uint8_t), test_vector_11_nonce,
- sizeof(test_vector_11_nonce) / sizeof(uint8_t), test_vector_11_aad,
- sizeof(test_vector_11_aad) / sizeof(uint8_t), test_vector_11_plaintext,
- sizeof(test_vector_11_plaintext) / sizeof(uint8_t),
- test_vector_11_ciphertext_and_tag,
- sizeof(test_vector_11_ciphertext_and_tag) / sizeof(uint8_t));
- gsec_test_verify_crypter_on_test_vector(test_vector_11);
- gsec_aead_free_test_vector(test_vector_11);
-
- /* 2.4.2 54-byte crypt */
- gsec_aead_test_vector* test_vector_12;
- const uint8_t test_vector_12_key[] = {
- 0x69, 0x1d, 0x3e, 0xe9, 0x09, 0xd7, 0xf5, 0x41, 0x67, 0xfd, 0x1c,
- 0xa0, 0xb5, 0xd7, 0x69, 0x08, 0x1f, 0x2b, 0xde, 0x1a, 0xee, 0x65,
- 0x5f, 0xdb, 0xab, 0x80, 0xbd, 0x52, 0x95, 0xae, 0x6b, 0xe7};
- const uint8_t test_vector_12_nonce[] = {0xf0, 0x76, 0x1e, 0x8d, 0xcd, 0x3d,
- 0x00, 0x01, 0x76, 0xd4, 0x57, 0xed};
- const uint8_t test_vector_12_aad[] = {
- 0xe2, 0x01, 0x06, 0xd7, 0xcd, 0x0d, 0xf0, 0x76, 0x1e, 0x8d,
- 0xcd, 0x3d, 0x88, 0xe5, 0x4c, 0x2a, 0x76, 0xd4, 0x57, 0xed};
- const uint8_t test_vector_12_plaintext[] = {
- 0x08, 0x00, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22,
- 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d,
- 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x00, 0x04};
- const uint8_t test_vector_12_ciphertext_and_tag[] = {
- 0xc1, 0x62, 0x3f, 0x55, 0x73, 0x0c, 0x93, 0x53, 0x30, 0x97, 0xad, 0xda,
- 0xd2, 0x56, 0x64, 0x96, 0x61, 0x25, 0x35, 0x2b, 0x43, 0xad, 0xac, 0xbd,
- 0x61, 0xc5, 0xef, 0x3a, 0xc9, 0x0b, 0x5b, 0xee, 0x92, 0x9c, 0xe4, 0x63,
- 0x0e, 0xa7, 0x9f, 0x6c, 0xe5, 0x19, 0x12, 0xaf, 0x39, 0xc2, 0xd1, 0xfd,
- 0xc2, 0x05, 0x1f, 0x8b, 0x7b, 0x3c, 0x9d, 0x39, 0x7e, 0xf2};
- gsec_aead_malloc_test_vector(
- &test_vector_12, test_vector_12_key,
- sizeof(test_vector_12_key) / sizeof(uint8_t), test_vector_12_nonce,
- sizeof(test_vector_12_nonce) / sizeof(uint8_t), test_vector_12_aad,
- sizeof(test_vector_12_aad) / sizeof(uint8_t), test_vector_12_plaintext,
- sizeof(test_vector_12_plaintext) / sizeof(uint8_t),
- test_vector_12_ciphertext_and_tag,
- sizeof(test_vector_12_ciphertext_and_tag) / sizeof(uint8_t));
- gsec_test_verify_crypter_on_test_vector(test_vector_12);
- gsec_aead_free_test_vector(test_vector_12);
-
- /* 2.5.1 65-byte auth */
- gsec_aead_test_vector* test_vector_13;
- const uint8_t test_vector_13_key[] = {0x01, 0x3f, 0xe0, 0x0b, 0x5f, 0x11,
- 0xbe, 0x7f, 0x86, 0x6d, 0x0c, 0xbb,
- 0xc5, 0x5a, 0x7a, 0x90};
- const uint8_t test_vector_13_nonce[] = {0x7c, 0xfd, 0xe9, 0xf9, 0xe3, 0x37,
- 0x24, 0xc6, 0x89, 0x32, 0xd6, 0x12};
- const uint8_t test_vector_13_aad[] = {
- 0x84, 0xc5, 0xd5, 0x13, 0xd2, 0xaa, 0xf6, 0xe5, 0xbb, 0xd2, 0x72, 0x77,
- 0x88, 0xe5, 0x23, 0x00, 0x89, 0x32, 0xd6, 0x12, 0x7c, 0xfd, 0xe9, 0xf9,
- 0xe3, 0x37, 0x24, 0xc6, 0x08, 0x00, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14,
- 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20,
- 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c,
- 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38,
- 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x00, 0x05};
- const uint8_t test_vector_13_plaintext[1] = {};
- const uint8_t test_vector_13_ciphertext_and_tag[] = {
- 0x21, 0x78, 0x67, 0xe5, 0x0c, 0x2d, 0xad, 0x74,
- 0xc2, 0x8c, 0x3b, 0x50, 0xab, 0xdf, 0x69, 0x5a};
- gsec_aead_malloc_test_vector(
- &test_vector_13, test_vector_13_key,
- sizeof(test_vector_13_key) / sizeof(uint8_t), test_vector_13_nonce,
- sizeof(test_vector_13_nonce) / sizeof(uint8_t), test_vector_13_aad,
- sizeof(test_vector_13_aad) / sizeof(uint8_t), test_vector_13_plaintext, 0,
- test_vector_13_ciphertext_and_tag,
- sizeof(test_vector_13_ciphertext_and_tag) / sizeof(uint8_t));
- gsec_test_verify_crypter_on_test_vector(test_vector_13);
- gsec_aead_free_test_vector(test_vector_13);
-
- /* 2.5.2 65-byte auth */
- gsec_aead_test_vector* test_vector_14;
- const uint8_t test_vector_14_key[] = {
- 0x83, 0xc0, 0x93, 0xb5, 0x8d, 0xe7, 0xff, 0xe1, 0xc0, 0xda, 0x92,
- 0x6a, 0xc4, 0x3f, 0xb3, 0x60, 0x9a, 0xc1, 0xc8, 0x0f, 0xee, 0x1b,
- 0x62, 0x44, 0x97, 0xef, 0x94, 0x2e, 0x2f, 0x79, 0xa8, 0x23};
- const uint8_t test_vector_14_nonce[] = {0x7c, 0xfd, 0xe9, 0xf9, 0xe3, 0x37,
- 0x24, 0xc6, 0x89, 0x32, 0xd6, 0x12};
- const uint8_t test_vector_14_aad[] = {
- 0x84, 0xc5, 0xd5, 0x13, 0xd2, 0xaa, 0xf6, 0xe5, 0xbb, 0xd2, 0x72, 0x77,
- 0x88, 0xe5, 0x23, 0x00, 0x89, 0x32, 0xd6, 0x12, 0x7c, 0xfd, 0xe9, 0xf9,
- 0xe3, 0x37, 0x24, 0xc6, 0x08, 0x00, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14,
- 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20,
- 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c,
- 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38,
- 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x00, 0x05};
- const uint8_t test_vector_14_plaintext[1] = {};
- const uint8_t test_vector_14_ciphertext_and_tag[] = {
- 0x6e, 0xe1, 0x60, 0xe8, 0xfa, 0xec, 0xa4, 0xb3,
- 0x6c, 0x86, 0xb2, 0x34, 0x92, 0x0c, 0xa9, 0x75};
- gsec_aead_malloc_test_vector(
- &test_vector_14, test_vector_14_key,
- sizeof(test_vector_14_key) / sizeof(uint8_t), test_vector_14_nonce,
- sizeof(test_vector_14_nonce) / sizeof(uint8_t), test_vector_14_aad,
- sizeof(test_vector_14_aad) / sizeof(uint8_t), test_vector_14_plaintext, 0,
- test_vector_14_ciphertext_and_tag,
- sizeof(test_vector_14_ciphertext_and_tag) / sizeof(uint8_t));
- gsec_test_verify_crypter_on_test_vector(test_vector_14);
- gsec_aead_free_test_vector(test_vector_14);
-
- /* 2.6.1 61-byte crypt */
- gsec_aead_test_vector* test_vector_15;
- const uint8_t test_vector_15_key[] = {0x01, 0x3f, 0xe0, 0x0b, 0x5f, 0x11,
- 0xbe, 0x7f, 0x86, 0x6d, 0x0c, 0xbb,
- 0xc5, 0x5a, 0x7a, 0x90};
- const uint8_t test_vector_15_nonce[] = {0x7c, 0xfd, 0xe9, 0xf9, 0xe3, 0x37,
- 0x24, 0xc6, 0x89, 0x32, 0xd6, 0x12};
- const uint8_t test_vector_15_aad[] = {
- 0x84, 0xc5, 0xd5, 0x13, 0xd2, 0xaa, 0xf6, 0xe5, 0xbb, 0xd2,
- 0x72, 0x77, 0x88, 0xe5, 0x2f, 0x00, 0x89, 0x32, 0xd6, 0x12,
- 0x7c, 0xfd, 0xe9, 0xf9, 0xe3, 0x37, 0x24, 0xc6};
- const uint8_t test_vector_15_plaintext[] = {
- 0x08, 0x00, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16,
- 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20,
- 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a,
- 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34,
- 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x00, 0x06};
- const uint8_t test_vector_15_ciphertext_and_tag[] = {
- 0x3a, 0x4d, 0xe6, 0xfa, 0x32, 0x19, 0x10, 0x14, 0xdb, 0xb3, 0x03,
- 0xd9, 0x2e, 0xe3, 0xa9, 0xe8, 0xa1, 0xb5, 0x99, 0xc1, 0x4d, 0x22,
- 0xfb, 0x08, 0x00, 0x96, 0xe1, 0x38, 0x11, 0x81, 0x6a, 0x3c, 0x9c,
- 0x9b, 0xcf, 0x7c, 0x1b, 0x9b, 0x96, 0xda, 0x80, 0x92, 0x04, 0xe2,
- 0x9d, 0x0e, 0x2a, 0x76, 0x42, 0xbf, 0xd3, 0x10, 0xa4, 0x83, 0x7c,
- 0x81, 0x6c, 0xcf, 0xa5, 0xac, 0x23, 0xab, 0x00, 0x39, 0x88};
- gsec_aead_malloc_test_vector(
- &test_vector_15, test_vector_15_key,
- sizeof(test_vector_15_key) / sizeof(uint8_t), test_vector_15_nonce,
- sizeof(test_vector_15_nonce) / sizeof(uint8_t), test_vector_15_aad,
- sizeof(test_vector_15_aad) / sizeof(uint8_t), test_vector_15_plaintext,
- sizeof(test_vector_15_plaintext) / sizeof(uint8_t),
- test_vector_15_ciphertext_and_tag,
- sizeof(test_vector_15_ciphertext_and_tag) / sizeof(uint8_t));
- gsec_test_verify_crypter_on_test_vector(test_vector_15);
- gsec_aead_free_test_vector(test_vector_15);
-
- /* 2.6.2 61-byte crypt */
- gsec_aead_test_vector* test_vector_16;
- const uint8_t test_vector_16_key[] = {
- 0x83, 0xc0, 0x93, 0xb5, 0x8d, 0xe7, 0xff, 0xe1, 0xc0, 0xda, 0x92,
- 0x6a, 0xc4, 0x3f, 0xb3, 0x60, 0x9a, 0xc1, 0xc8, 0x0f, 0xee, 0x1b,
- 0x62, 0x44, 0x97, 0xef, 0x94, 0x2e, 0x2f, 0x79, 0xa8, 0x23};
- const uint8_t test_vector_16_nonce[] = {0x7c, 0xfd, 0xe9, 0xf9, 0xe3, 0x37,
- 0x24, 0xc6, 0x89, 0x32, 0xd6, 0x12};
- const uint8_t test_vector_16_aad[] = {
- 0x84, 0xc5, 0xd5, 0x13, 0xd2, 0xaa, 0xf6, 0xe5, 0xbb, 0xd2,
- 0x72, 0x77, 0x88, 0xe5, 0x2f, 0x00, 0x89, 0x32, 0xd6, 0x12,
- 0x7c, 0xfd, 0xe9, 0xf9, 0xe3, 0x37, 0x24, 0xc6};
- const uint8_t test_vector_16_plaintext[] = {
- 0x08, 0x00, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16,
- 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20,
- 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a,
- 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34,
- 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x00, 0x06};
- const uint8_t test_vector_16_ciphertext_and_tag[] = {
- 0x11, 0x02, 0x22, 0xff, 0x80, 0x50, 0xcb, 0xec, 0xe6, 0x6a, 0x81,
- 0x3a, 0xd0, 0x9a, 0x73, 0xed, 0x7a, 0x9a, 0x08, 0x9c, 0x10, 0x6b,
- 0x95, 0x93, 0x89, 0x16, 0x8e, 0xd6, 0xe8, 0x69, 0x8e, 0xa9, 0x02,
- 0xeb, 0x12, 0x77, 0xdb, 0xec, 0x2e, 0x68, 0xe4, 0x73, 0x15, 0x5a,
- 0x15, 0xa7, 0xda, 0xee, 0xd4, 0xa1, 0x0f, 0x4e, 0x05, 0x13, 0x9c,
- 0x23, 0xdf, 0x00, 0xb3, 0xaa, 0xdc, 0x71, 0xf0, 0x59, 0x6a};
- gsec_aead_malloc_test_vector(
- &test_vector_16, test_vector_16_key,
- sizeof(test_vector_16_key) / sizeof(uint8_t), test_vector_16_nonce,
- sizeof(test_vector_16_nonce) / sizeof(uint8_t), test_vector_16_aad,
- sizeof(test_vector_16_aad) / sizeof(uint8_t), test_vector_16_plaintext,
- sizeof(test_vector_16_plaintext) / sizeof(uint8_t),
- test_vector_16_ciphertext_and_tag,
- sizeof(test_vector_16_ciphertext_and_tag) / sizeof(uint8_t));
- gsec_test_verify_crypter_on_test_vector(test_vector_16);
- gsec_aead_free_test_vector(test_vector_16);
-
- /* 2.7.1 79-byte crypt */
- gsec_aead_test_vector* test_vector_17;
- const uint8_t test_vector_17_key[] = {0x88, 0xee, 0x08, 0x7f, 0xd9, 0x5d,
- 0xa9, 0xfb, 0xf6, 0x72, 0x5a, 0xa9,
- 0xd7, 0x57, 0xb0, 0xcd};
- const uint8_t test_vector_17_nonce[] = {0x7a, 0xe8, 0xe2, 0xca, 0x4e, 0xc5,
- 0x00, 0x01, 0x2e, 0x58, 0x49, 0x5c};
- const uint8_t test_vector_17_aad[] = {
- 0x68, 0xf2, 0xe7, 0x76, 0x96, 0xce, 0x7a, 0xe8, 0xe2, 0xca, 0x4e,
- 0xc5, 0x88, 0xe5, 0x41, 0x00, 0x2e, 0x58, 0x49, 0x5c, 0x08, 0x00,
- 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
- 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24,
- 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a,
- 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45,
- 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x00, 0x07};
- const uint8_t test_vector_17_plaintext[1] = {};
- const uint8_t test_vector_17_ciphertext_and_tag[] = {
- 0x07, 0x92, 0x2b, 0x8e, 0xbc, 0xf1, 0x0b, 0xb2,
- 0x29, 0x75, 0x88, 0xca, 0x4c, 0x61, 0x45, 0x23};
- gsec_aead_malloc_test_vector(
- &test_vector_17, test_vector_17_key,
- sizeof(test_vector_17_key) / sizeof(uint8_t), test_vector_17_nonce,
- sizeof(test_vector_17_nonce) / sizeof(uint8_t), test_vector_17_aad,
- sizeof(test_vector_17_aad) / sizeof(uint8_t), test_vector_17_plaintext, 0,
- test_vector_17_ciphertext_and_tag,
- sizeof(test_vector_17_ciphertext_and_tag) / sizeof(uint8_t));
- gsec_test_verify_crypter_on_test_vector(test_vector_17);
- gsec_aead_free_test_vector(test_vector_17);
-
- /* 2.7.2 79-byte crypt */
- gsec_aead_test_vector* test_vector_18;
- const uint8_t test_vector_18_key[] = {
- 0x4c, 0x97, 0x3d, 0xbc, 0x73, 0x64, 0x62, 0x16, 0x74, 0xf8, 0xb5,
- 0xb8, 0x9e, 0x5c, 0x15, 0x51, 0x1f, 0xce, 0xd9, 0x21, 0x64, 0x90,
- 0xfb, 0x1c, 0x1a, 0x2c, 0xaa, 0x0f, 0xfe, 0x04, 0x07, 0xe5};
- const uint8_t test_vector_18_nonce[] = {0x7a, 0xe8, 0xe2, 0xca, 0x4e, 0xc5,
- 0x00, 0x01, 0x2e, 0x58, 0x49, 0x5c};
- const uint8_t test_vector_18_aad[] = {
- 0x68, 0xf2, 0xe7, 0x76, 0x96, 0xce, 0x7a, 0xe8, 0xe2, 0xca, 0x4e,
- 0xc5, 0x88, 0xe5, 0x41, 0x00, 0x2e, 0x58, 0x49, 0x5c, 0x08, 0x00,
- 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
- 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24,
- 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a,
- 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45,
- 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x00, 0x07};
- const uint8_t test_vector_18_plaintext[1] = {};
- const uint8_t test_vector_18_ciphertext_and_tag[] = {
- 0x00, 0xbd, 0xa1, 0xb7, 0xe8, 0x76, 0x08, 0xbc,
- 0xbf, 0x47, 0x0f, 0x12, 0x15, 0x7f, 0x4c, 0x07};
- gsec_aead_malloc_test_vector(
- &test_vector_18, test_vector_18_key,
- sizeof(test_vector_18_key) / sizeof(uint8_t), test_vector_18_nonce,
- sizeof(test_vector_18_nonce) / sizeof(uint8_t), test_vector_18_aad,
- sizeof(test_vector_18_aad) / sizeof(uint8_t), test_vector_18_plaintext, 0,
- test_vector_18_ciphertext_and_tag,
- sizeof(test_vector_18_ciphertext_and_tag) / sizeof(uint8_t));
- gsec_test_verify_crypter_on_test_vector(test_vector_18);
- gsec_aead_free_test_vector(test_vector_18);
-
- /* 2.8.1 61-byte crypt */
- gsec_aead_test_vector* test_vector_19;
- const uint8_t test_vector_19_key[] = {0x88, 0xee, 0x08, 0x7f, 0xd9, 0x5d,
- 0xa9, 0xfb, 0xf6, 0x72, 0x5a, 0xa9,
- 0xd7, 0x57, 0xb0, 0xcd};
- const uint8_t test_vector_19_nonce[] = {0x7a, 0xe8, 0xe2, 0xca, 0x4e, 0xc5,
- 0x00, 0x01, 0x2e, 0x58, 0x49, 0x5c};
- const uint8_t test_vector_19_aad[] = {
- 0x68, 0xf2, 0xe7, 0x76, 0x96, 0xce, 0x7a, 0xe8, 0xe2, 0xca,
- 0x4e, 0xc5, 0x88, 0xe5, 0x4d, 0x00, 0x2e, 0x58, 0x49, 0x5c};
- const uint8_t test_vector_19_plaintext[] = {
- 0x08, 0x00, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22,
- 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d,
- 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38,
- 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43,
- 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x00, 0x08};
- const uint8_t test_vector_19_ciphertext_and_tag[] = {
- 0xc3, 0x1f, 0x53, 0xd9, 0x9e, 0x56, 0x87, 0xf7, 0x36, 0x51, 0x19, 0xb8,
- 0x32, 0xd2, 0xaa, 0xe7, 0x07, 0x41, 0xd5, 0x93, 0xf1, 0xf9, 0xe2, 0xab,
- 0x34, 0x55, 0x77, 0x9b, 0x07, 0x8e, 0xb8, 0xfe, 0xac, 0xdf, 0xec, 0x1f,
- 0x8e, 0x3e, 0x52, 0x77, 0xf8, 0x18, 0x0b, 0x43, 0x36, 0x1f, 0x65, 0x12,
- 0xad, 0xb1, 0x6d, 0x2e, 0x38, 0x54, 0x8a, 0x2c, 0x71, 0x9d, 0xba, 0x72,
- 0x28, 0xd8, 0x40, 0x88, 0xf8, 0x75, 0x7a, 0xdb, 0x8a, 0xa7, 0x88, 0xd8,
- 0xf6, 0x5a, 0xd6, 0x68, 0xbe, 0x70, 0xe7};
- gsec_aead_malloc_test_vector(
- &test_vector_19, test_vector_19_key,
- sizeof(test_vector_19_key) / sizeof(uint8_t), test_vector_19_nonce,
- sizeof(test_vector_19_nonce) / sizeof(uint8_t), test_vector_19_aad,
- sizeof(test_vector_19_aad) / sizeof(uint8_t), test_vector_19_plaintext,
- sizeof(test_vector_19_plaintext) / sizeof(uint8_t),
- test_vector_19_ciphertext_and_tag,
- sizeof(test_vector_19_ciphertext_and_tag) / sizeof(uint8_t));
- gsec_test_verify_crypter_on_test_vector(test_vector_19);
- gsec_aead_free_test_vector(test_vector_19);
-
- /* 2.8.2 61-byte crypt */
- gsec_aead_test_vector* test_vector_20;
- const uint8_t test_vector_20_key[] = {
- 0x4c, 0x97, 0x3d, 0xbc, 0x73, 0x64, 0x62, 0x16, 0x74, 0xf8, 0xb5,
- 0xb8, 0x9e, 0x5c, 0x15, 0x51, 0x1f, 0xce, 0xd9, 0x21, 0x64, 0x90,
- 0xfb, 0x1c, 0x1a, 0x2c, 0xaa, 0x0f, 0xfe, 0x04, 0x07, 0xe5};
- const uint8_t test_vector_20_nonce[] = {0x7a, 0xe8, 0xe2, 0xca, 0x4e, 0xc5,
- 0x00, 0x01, 0x2e, 0x58, 0x49, 0x5c};
- const uint8_t test_vector_20_aad[] = {
- 0x68, 0xf2, 0xe7, 0x76, 0x96, 0xce, 0x7a, 0xe8, 0xe2, 0xca,
- 0x4e, 0xc5, 0x88, 0xe5, 0x4d, 0x00, 0x2e, 0x58, 0x49, 0x5c};
- const uint8_t test_vector_20_plaintext[] = {
- 0x08, 0x00, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22,
- 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d,
- 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38,
- 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43,
- 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x00, 0x08};
- const uint8_t test_vector_20_ciphertext_and_tag[] = {
- 0xba, 0x8a, 0xe3, 0x1b, 0xc5, 0x06, 0x48, 0x6d, 0x68, 0x73, 0xe4, 0xfc,
- 0xe4, 0x60, 0xe7, 0xdc, 0x57, 0x59, 0x1f, 0xf0, 0x06, 0x11, 0xf3, 0x1c,
- 0x38, 0x34, 0xfe, 0x1c, 0x04, 0xad, 0x80, 0xb6, 0x68, 0x03, 0xaf, 0xcf,
- 0x5b, 0x27, 0xe6, 0x33, 0x3f, 0xa6, 0x7c, 0x99, 0xda, 0x47, 0xc2, 0xf0,
- 0xce, 0xd6, 0x8d, 0x53, 0x1b, 0xd7, 0x41, 0xa9, 0x43, 0xcf, 0xf7, 0xa6,
- 0x71, 0x3b, 0xd0, 0x26, 0x11, 0xcd, 0x7d, 0xaa, 0x01, 0xd6, 0x1c, 0x5c,
- 0x88, 0x6d, 0xc1, 0xa8, 0x17, 0x01, 0x07};
- gsec_aead_malloc_test_vector(
- &test_vector_20, test_vector_20_key,
- sizeof(test_vector_20_key) / sizeof(uint8_t), test_vector_20_nonce,
- sizeof(test_vector_20_nonce) / sizeof(uint8_t), test_vector_20_aad,
- sizeof(test_vector_20_aad) / sizeof(uint8_t), test_vector_20_plaintext,
- sizeof(test_vector_20_plaintext) / sizeof(uint8_t),
- test_vector_20_ciphertext_and_tag,
- sizeof(test_vector_20_ciphertext_and_tag) / sizeof(uint8_t));
- gsec_test_verify_crypter_on_test_vector(test_vector_20);
- gsec_aead_free_test_vector(test_vector_20);
-}
-
-int main(int argc, char** argv) {
- grpc_init();
- gsec_test_do_generic_crypter_tests();
- gsec_test_do_vector_tests_nist();
- gsec_test_do_vector_tests_ieee();
- gsec_test_do_vector_tests_rekey_nist();
- gsec_test_do_vector_tests_rekey_ieee();
- grpc_shutdown();
- return 0;
-}
diff --git a/test/core/tsi/alts/crypt/gsec_test_util.cc b/test/core/tsi/alts/crypt/gsec_test_util.cc
deleted file mode 100644
index 992c91e6bc..0000000000
--- a/test/core/tsi/alts/crypt/gsec_test_util.cc
+++ /dev/null
@@ -1,87 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include "test/core/tsi/alts/crypt/gsec_test_util.h"
-
-#include <grpc/support/alloc.h>
-
-void gsec_test_random_bytes(uint8_t* bytes, size_t length) {
- if (!RAND_bytes(bytes, static_cast<int>(length))) {
- fprintf(stderr,
- "Random bytes generation failed in gsec_test_random_bytes().");
- abort();
- }
-}
-
-void gsec_test_random_array(uint8_t** bytes, size_t length) {
- if (bytes != nullptr) {
- *bytes = static_cast<uint8_t*>(gpr_malloc(length));
- gsec_test_random_bytes(*bytes, length);
- } else {
- fprintf(stderr, "bytes buffer is nullptr in gsec_test_random_array().");
- abort();
- }
-}
-
-uint32_t gsec_test_bias_random_uint32(uint32_t max_length) {
- uint32_t value;
- gsec_test_random_bytes((uint8_t*)(&value), sizeof(value));
- return value % max_length;
-}
-
-void gsec_test_copy(const uint8_t* src, uint8_t** des, size_t source_len) {
- if (src != nullptr && des != nullptr) {
- *des = static_cast<uint8_t*>(gpr_malloc(source_len));
- memcpy(*des, src, source_len);
- } else {
- fprintf(stderr, "Either src or des buffer is nullptr in gsec_test_copy().");
- abort();
- }
-}
-
-void gsec_test_copy_and_alter_random_byte(const uint8_t* src, uint8_t** des,
- size_t source_len) {
- if (src != nullptr && des != nullptr) {
- *des = static_cast<uint8_t*>(gpr_malloc(source_len));
- memcpy(*des, src, source_len);
- uint32_t offset;
- offset = gsec_test_bias_random_uint32(static_cast<uint32_t>(source_len));
- (*(*des + offset))++;
- } else {
- fprintf(stderr,
- "Either src or des is nullptr in "
- "gsec_test_copy_and_alter_random_byte().");
- abort();
- }
-}
-
-int gsec_test_expect_compare_code_and_substr(grpc_status_code status1,
- grpc_status_code status2,
- const char* msg1,
- const char* msg2) {
- int failure = 1;
- if (status1 != status2) {
- fprintf(stderr, "Status %d does not equal %d.\n", status1, status2);
- failure = 0;
- }
- if (strstr(msg1, msg2) == nullptr) {
- fprintf(stderr, "Status message <%s> does not contain <%s>.\n", msg1, msg2);
- failure = 0;
- }
- return failure;
-}
diff --git a/test/core/tsi/alts/crypt/gsec_test_util.h b/test/core/tsi/alts/crypt/gsec_test_util.h
deleted file mode 100644
index 206ae2fda8..0000000000
--- a/test/core/tsi/alts/crypt/gsec_test_util.h
+++ /dev/null
@@ -1,91 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#ifndef GRPC_TEST_CORE_TSI_ALTS_CRYPT_GSEC_TEST_UTIL_H_
-#define GRPC_TEST_CORE_TSI_ALTS_CRYPT_GSEC_TEST_UTIL_H_
-
-#include <stdint.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <openssl/rand.h>
-
-#include <grpc/grpc.h>
-
-/**
- * This method returns random bytes of certain length.
- *
- * - bytes: buffer to hold random bytes.
- * - length: length of buffer to be populated.
- */
-void gsec_test_random_bytes(uint8_t* bytes, size_t length);
-
-/**
- * This method returns an array of random bytes.
- *
- * - bytes: array to hold random bytes.
- * - length: length of array to be populated.
- */
-void gsec_test_random_array(uint8_t** bytes, size_t length);
-
-/**
- * This method returns a uint32 that's not quite uniformly random, but good
- * enough for tests.
- *
- * - max_length: a max value the returned random number can choose.
- */
-uint32_t gsec_test_bias_random_uint32(uint32_t max_length);
-
-/**
- * This method copies data from a source to a destination buffer.
- *
- * - src: a source buffer.
- * - des: a destination buffer.
- * - length: the length of source buffer to be copied from its beginning.
- */
-void gsec_test_copy(const uint8_t* src, uint8_t** des, size_t length);
-
-/**
- * This method copies data from a source to a destination buffer, and flips one
- * byte in the destination buffer randomly.
- *
- * - src: a source buffer.
- * - des: a destination buffer.
- * - length: the length of source buffer to be copied from its beginning.
- */
-void gsec_test_copy_and_alter_random_byte(const uint8_t* src, uint8_t** des,
- size_t source_len);
-
-/**
- * This method compares two grpc_status_code values, and verifies if one string
- * is a substring of the other.
- *
- * - status1: the first grpc_status_code to be compared.
- * - status2: the second grpc_status_code to be compared.
- * - msg1: a string to be scanned.
- * - msg2: a small string to be searched within msg1.
- *
- * If both checks succeed, the method returns 1 and otherwise, it returns 0.
- */
-int gsec_test_expect_compare_code_and_substr(grpc_status_code status1,
- grpc_status_code status2,
- const char* msg1,
- const char* msg2);
-
-#endif // GRPC_TEST_CORE_TSI_ALTS_CRYPT_GSEC_TEST_UTIL_H_ */
diff --git a/test/core/tsi/alts/frame_protector/BUILD b/test/core/tsi/alts/frame_protector/BUILD
deleted file mode 100644
index 8bbc8c6e5e..0000000000
--- a/test/core/tsi/alts/frame_protector/BUILD
+++ /dev/null
@@ -1,60 +0,0 @@
-# Copyright 2018 gRPC authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-load("//bazel:grpc_build_system.bzl", "grpc_cc_library", "grpc_cc_test", "grpc_package")
-
-licenses(["notice"]) # Apache v2
-
-grpc_package(name = "frame_protector")
-
-grpc_cc_test(
- name = "alts_counter_test",
- srcs = ["alts_counter_test.cc"],
- language = "C++",
- deps = [
- "//:grpc",
- "//test/core/tsi/alts/crypt:alts_crypt_test_util",
- ],
-)
-
-grpc_cc_test(
- name = "alts_crypter_test",
- srcs = ["alts_crypter_test.cc"],
- language = "C++",
- deps = [
- "//:grpc",
- "//test/core/tsi/alts/crypt:alts_crypt_test_util",
- ],
-)
-
-grpc_cc_test(
- name = "alts_frame_protector_test",
- srcs = ["alts_frame_protector_test.cc"],
- language = "C++",
- deps = [
- "//:grpc",
- "//test/core/tsi/alts/crypt:alts_crypt_test_util",
- "//test/core/tsi:transport_security_test_lib",
- ],
-)
-
-grpc_cc_test(
- name = "frame_handler_test",
- srcs = ["frame_handler_test.cc"],
- language = "C++",
- deps = [
- "//:grpc",
- "//test/core/tsi/alts/crypt:alts_crypt_test_util",
- ],
-)
diff --git a/test/core/tsi/alts/frame_protector/alts_counter_test.cc b/test/core/tsi/alts/frame_protector/alts_counter_test.cc
deleted file mode 100644
index 49ff82108b..0000000000
--- a/test/core/tsi/alts/frame_protector/alts_counter_test.cc
+++ /dev/null
@@ -1,180 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <grpc/support/alloc.h>
-#include <grpc/support/log.h>
-
-#include "src/core/tsi/alts/frame_protector/alts_counter.h"
-#include "test/core/tsi/alts/crypt/gsec_test_util.h"
-
-const size_t kSmallCounterSize = 4;
-const size_t kSmallOverflowSize = 1;
-const size_t kGcmCounterSize = 12;
-const size_t kGcmOverflowSize = 5;
-
-static bool do_bytes_represent_client(alts_counter* ctr, unsigned char* counter,
- size_t size) {
- return (ctr->counter[size - 1] & 0x80) == 0x80;
-}
-
-static void alts_counter_test_input_sanity_check(size_t counter_size,
- size_t overflow_size) {
- alts_counter* ctr = nullptr;
- char* error_details = nullptr;
-
- /* Input sanity check on alts_counter_create(). */
- /* Invalid counter size. */
- grpc_status_code status =
- alts_counter_create(true, 0, overflow_size, &ctr, &error_details);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INVALID_ARGUMENT, error_details,
- "counter_size is invalid."));
- gpr_free(error_details);
-
- /* Invalid overflow size. */
- status = alts_counter_create(true, counter_size, 0, &ctr, &error_details);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INVALID_ARGUMENT, error_details,
- "overflow_size is invalid."));
- gpr_free(error_details);
-
- /* alts_counter is nullptr. */
- status = alts_counter_create(true, counter_size, overflow_size, nullptr,
- &error_details);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INVALID_ARGUMENT, error_details,
- "crypter_counter is nullptr."));
- gpr_free(error_details);
-
- status = alts_counter_create(true, counter_size, overflow_size, &ctr,
- &error_details);
- GPR_ASSERT(status == GRPC_STATUS_OK);
-
- /* Input sanity check on alts_counter_increment(). */
- /* crypter_counter is nullptr. */
- bool is_overflow = false;
- status = alts_counter_increment(nullptr, &is_overflow, &error_details);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INVALID_ARGUMENT, error_details,
- "crypter_counter is nullptr."));
- gpr_free(error_details);
- /* is_overflow is nullptr. */
- status = alts_counter_increment(ctr, nullptr, &error_details);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INVALID_ARGUMENT, error_details,
- "is_overflow is nullptr."));
- gpr_free(error_details);
- alts_counter_destroy(ctr);
-}
-
-static void alts_counter_test_overflow_full_range(bool is_client,
- size_t counter_size,
- size_t overflow_size) {
- alts_counter* ctr = nullptr;
- char* error_details = nullptr;
- grpc_status_code status = alts_counter_create(
- is_client, counter_size, overflow_size, &ctr, &error_details);
- GPR_ASSERT(status == GRPC_STATUS_OK);
- unsigned char* expected =
- static_cast<unsigned char*>(gpr_zalloc(counter_size));
- if (is_client) {
- expected[counter_size - 1] = 0x80;
- }
- /* Do a single iteration to ensure the counter is initialized as expected. */
- GPR_ASSERT(do_bytes_represent_client(ctr, alts_counter_get_counter(ctr),
- counter_size) == is_client);
- GPR_ASSERT(memcmp(alts_counter_get_counter(ctr), expected, counter_size) ==
- 0);
- bool is_overflow = false;
- GPR_ASSERT(alts_counter_increment(ctr, &is_overflow, &error_details) ==
- GRPC_STATUS_OK);
- GPR_ASSERT(!is_overflow);
- /**
- * The counter can return 2^{overflow_size * 8} counters. The
- * high-order bit is fixed to the client/server. The last call will yield a
- * useable counter, but overflow the counter object.
- */
- int iterations = 1 << (overflow_size * 8);
- int ind = 1;
- for (ind = 1; ind < iterations - 1; ind++) {
- GPR_ASSERT(do_bytes_represent_client(ctr, alts_counter_get_counter(ctr),
- counter_size) == is_client);
- GPR_ASSERT(alts_counter_increment(ctr, &is_overflow, &error_details) ==
- GRPC_STATUS_OK);
- GPR_ASSERT(!is_overflow);
- }
- GPR_ASSERT(do_bytes_represent_client(ctr, alts_counter_get_counter(ctr),
- counter_size) == is_client);
- GPR_ASSERT(alts_counter_increment(ctr, &is_overflow, &error_details) ==
- GRPC_STATUS_FAILED_PRECONDITION);
- GPR_ASSERT(is_overflow);
- gpr_free(expected);
- alts_counter_destroy(ctr);
-}
-
-/* Set the counter manually and make sure it overflows as expected. */
-static void alts_counter_test_overflow_single_increment(bool is_client,
- size_t counter_size,
- size_t overflow_size) {
- alts_counter* ctr = nullptr;
- char* error_details = nullptr;
- grpc_status_code status = alts_counter_create(
- is_client, counter_size, overflow_size, &ctr, &error_details);
- GPR_ASSERT(status == GRPC_STATUS_OK);
- unsigned char* expected =
- static_cast<unsigned char*>(gpr_zalloc(counter_size));
- memset(expected, 0xFF, overflow_size);
- expected[0] = 0xFE;
-
- if (is_client) {
- expected[counter_size - 1] = 0x80;
- }
- memcpy(ctr->counter, expected, counter_size);
- GPR_ASSERT(do_bytes_represent_client(ctr, alts_counter_get_counter(ctr),
- counter_size) == is_client);
- GPR_ASSERT(memcmp(expected, alts_counter_get_counter(ctr), counter_size) ==
- 0);
- bool is_overflow = false;
- GPR_ASSERT(alts_counter_increment(ctr, &is_overflow, &error_details) ==
- GRPC_STATUS_OK);
- GPR_ASSERT(!is_overflow);
- GPR_ASSERT(do_bytes_represent_client(ctr, alts_counter_get_counter(ctr),
- counter_size) == is_client);
- expected[0] = static_cast<unsigned char>(expected[0] + 1);
- GPR_ASSERT(memcmp(expected, alts_counter_get_counter(ctr), counter_size) ==
- 0);
- GPR_ASSERT(alts_counter_increment(ctr, &is_overflow, &error_details) ==
- GRPC_STATUS_FAILED_PRECONDITION);
- GPR_ASSERT(is_overflow);
- gpr_free(expected);
- alts_counter_destroy(ctr);
-}
-
-int main(int argc, char** argv) {
- alts_counter_test_input_sanity_check(kGcmCounterSize, kGcmOverflowSize);
- alts_counter_test_overflow_full_range(true, kSmallCounterSize,
- kSmallOverflowSize);
- alts_counter_test_overflow_full_range(false, kSmallCounterSize,
- kSmallOverflowSize);
- alts_counter_test_overflow_single_increment(true, kGcmCounterSize,
- kGcmOverflowSize);
- alts_counter_test_overflow_single_increment(false, kGcmCounterSize,
- kGcmOverflowSize);
-
- return 0;
-}
diff --git a/test/core/tsi/alts/frame_protector/alts_crypter_test.cc b/test/core/tsi/alts/frame_protector/alts_crypter_test.cc
deleted file mode 100644
index 0ad616bcd6..0000000000
--- a/test/core/tsi/alts/frame_protector/alts_crypter_test.cc
+++ /dev/null
@@ -1,493 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <grpc/support/alloc.h>
-#include <grpc/support/log.h>
-
-#include "src/core/tsi/alts/frame_protector/alts_crypter.h"
-#include "test/core/tsi/alts/crypt/gsec_test_util.h"
-
-static void alts_crypter_test_random_seal_unseal(alts_crypter* server_seal,
- alts_crypter* server_unseal,
- alts_crypter* client_seal,
- alts_crypter* client_unseal) {
- size_t data_size = gsec_test_bias_random_uint32(1024) + 1;
- size_t num_overhead_bytes = alts_crypter_num_overhead_bytes(server_seal);
- size_t protected_data_size = data_size + num_overhead_bytes;
- uint8_t* data_buffer = static_cast<uint8_t*>(gpr_malloc(protected_data_size));
- gsec_test_random_bytes(data_buffer, data_size);
- uint8_t* duplicate_buffer = nullptr;
- gsec_test_copy(data_buffer, &duplicate_buffer, data_size);
-
- /* Client seal and server unseal */
- size_t size = data_size;
- grpc_status_code status = alts_crypter_process_in_place(
- client_seal, data_buffer, protected_data_size, size, &size, nullptr);
- GPR_ASSERT(status == GRPC_STATUS_OK);
- GPR_ASSERT(size == protected_data_size);
- status = alts_crypter_process_in_place(
- server_unseal, data_buffer, protected_data_size, size, &size, nullptr);
- GPR_ASSERT(status == GRPC_STATUS_OK);
- GPR_ASSERT(memcmp(data_buffer, duplicate_buffer, data_size) == 0);
- GPR_ASSERT(size == data_size);
- /* Server seal and client unseal */
- status = alts_crypter_process_in_place(
- server_seal, data_buffer, protected_data_size, size, &size, nullptr);
- GPR_ASSERT(status == GRPC_STATUS_OK);
- GPR_ASSERT(size == protected_data_size);
- status = alts_crypter_process_in_place(
- client_unseal, data_buffer, protected_data_size, size, &size, nullptr);
- GPR_ASSERT(status == GRPC_STATUS_OK);
- GPR_ASSERT(memcmp(data_buffer, duplicate_buffer, data_size) == 0);
- GPR_ASSERT(size == data_size);
- gpr_free(data_buffer);
- gpr_free(duplicate_buffer);
-}
-
-static void alts_crypter_test_multiple_random_seal_unseal(
- alts_crypter* server_seal, alts_crypter* server_unseal,
- alts_crypter* client_seal, alts_crypter* client_unseal) {
- size_t data_size = gsec_test_bias_random_uint32(1024) + 1;
- size_t num_overhead_bytes = alts_crypter_num_overhead_bytes(server_seal);
- size_t protected_data_size = data_size + num_overhead_bytes;
-
- uint8_t* data_buffer1 =
- static_cast<uint8_t*>(gpr_malloc(protected_data_size));
- uint8_t* data_buffer2 =
- static_cast<uint8_t*>(gpr_malloc(protected_data_size));
- uint8_t* duplicate_buffer1 = nullptr;
- uint8_t* duplicate_buffer2 = nullptr;
- gsec_test_random_bytes(data_buffer1, data_size);
- gsec_test_random_bytes(data_buffer2, data_size);
- gsec_test_copy(data_buffer1, &duplicate_buffer1, data_size);
- gsec_test_copy(data_buffer2, &duplicate_buffer2, data_size);
-
- /* Client seal and server unseal */
- size_t size1 = data_size, size2 = data_size;
- grpc_status_code status = alts_crypter_process_in_place(
- client_seal, data_buffer1, protected_data_size, size1, &size1, nullptr);
- GPR_ASSERT(status == GRPC_STATUS_OK);
- GPR_ASSERT(size1 == protected_data_size);
- status = alts_crypter_process_in_place(
- client_seal, data_buffer2, protected_data_size, size2, &size2, nullptr);
- GPR_ASSERT(status == GRPC_STATUS_OK);
- GPR_ASSERT(size2 == protected_data_size);
- status = alts_crypter_process_in_place(
- server_unseal, data_buffer1, protected_data_size, size1, &size1, nullptr);
- GPR_ASSERT(status == GRPC_STATUS_OK);
- GPR_ASSERT(memcmp(data_buffer1, duplicate_buffer1, data_size) == 0);
- GPR_ASSERT(size1 == data_size);
- status = alts_crypter_process_in_place(
- server_unseal, data_buffer2, protected_data_size, size2, &size2, nullptr);
- GPR_ASSERT(status == GRPC_STATUS_OK);
- GPR_ASSERT(memcmp(data_buffer2, duplicate_buffer2, data_size) == 0);
- GPR_ASSERT(size2 == data_size);
-
- /* Server seal and client unseal */
- status = alts_crypter_process_in_place(
- server_seal, data_buffer1, protected_data_size, size1, &size1, nullptr);
- GPR_ASSERT(status == GRPC_STATUS_OK);
- GPR_ASSERT(size1 == protected_data_size);
- status = alts_crypter_process_in_place(
- server_seal, data_buffer2, protected_data_size, size2, &size2, nullptr);
- GPR_ASSERT(status == GRPC_STATUS_OK);
- GPR_ASSERT(size2 == protected_data_size);
- status = alts_crypter_process_in_place(
- client_unseal, data_buffer1, protected_data_size, size1, &size1, nullptr);
- GPR_ASSERT(status == GRPC_STATUS_OK);
- GPR_ASSERT(memcmp(data_buffer1, duplicate_buffer1, data_size) == 0);
- GPR_ASSERT(size1 == data_size);
- status = alts_crypter_process_in_place(
- client_unseal, data_buffer2, protected_data_size, size2, &size2, nullptr);
- GPR_ASSERT(status == GRPC_STATUS_OK);
- GPR_ASSERT(memcmp(data_buffer2, duplicate_buffer2, data_size) == 0);
- GPR_ASSERT(size2 == data_size);
-
- gpr_free(data_buffer1);
- gpr_free(data_buffer2);
- gpr_free(duplicate_buffer1);
- gpr_free(duplicate_buffer2);
-}
-
-static void alts_crypter_test_corrupted_unseal(alts_crypter* server_seal,
- alts_crypter* server_unseal,
- alts_crypter* client_seal,
- alts_crypter* client_unseal) {
- size_t data_size = gsec_test_bias_random_uint32(1024) + 1;
- size_t num_overhead_bytes = alts_crypter_num_overhead_bytes(server_seal);
- size_t protected_data_size = data_size + num_overhead_bytes;
- auto* data_buffer = static_cast<uint8_t*>(gpr_malloc(protected_data_size));
- auto* zero_buffer = static_cast<uint8_t*>(gpr_zalloc(data_size));
-
- /* Corrupt a random byte in protected data. */
- size_t size = data_size;
- gsec_test_random_bytes(data_buffer, data_size);
- grpc_status_code status = alts_crypter_process_in_place(
- client_seal, data_buffer, protected_data_size, size, &size, nullptr);
- GPR_ASSERT(status == GRPC_STATUS_OK);
- GPR_ASSERT(size == protected_data_size);
- uint8_t* corrupted_data_buffer;
- char* error_message = nullptr;
- gsec_test_copy_and_alter_random_byte(data_buffer, &corrupted_data_buffer,
- protected_data_size);
- status = alts_crypter_process_in_place(server_unseal, corrupted_data_buffer,
- protected_data_size, size, &size,
- &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_FAILED_PRECONDITION, error_message,
- "Checking tag failed"));
- GPR_ASSERT(memcmp(corrupted_data_buffer, zero_buffer, data_size) == 0);
- gpr_free(corrupted_data_buffer);
- gpr_free(error_message);
-
- /* Corrupt the beginning of protected data. */
- size = data_size;
- gsec_test_random_bytes(data_buffer, data_size);
- status = alts_crypter_process_in_place(
- client_seal, data_buffer, protected_data_size, size, &size, nullptr);
- GPR_ASSERT(status == GRPC_STATUS_OK);
- GPR_ASSERT(size == protected_data_size);
- gsec_test_copy(data_buffer, &corrupted_data_buffer, protected_data_size);
- (*corrupted_data_buffer)++;
- status = alts_crypter_process_in_place(server_unseal, corrupted_data_buffer,
- protected_data_size, size, &size,
- &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_FAILED_PRECONDITION, error_message,
- "Checking tag failed"));
- GPR_ASSERT(memcmp(corrupted_data_buffer, zero_buffer, data_size) == 0);
- gpr_free(corrupted_data_buffer);
- gpr_free(error_message);
-
- /* Corrupt the end of protected data. */
- size = data_size;
- gsec_test_random_bytes(data_buffer, data_size);
- status = alts_crypter_process_in_place(
- client_seal, data_buffer, protected_data_size, size, &size, nullptr);
- GPR_ASSERT(status == GRPC_STATUS_OK);
- GPR_ASSERT(size == protected_data_size);
- gsec_test_copy(data_buffer, &corrupted_data_buffer, protected_data_size);
- (*(corrupted_data_buffer + protected_data_size - 1))++;
- status = alts_crypter_process_in_place(server_unseal, corrupted_data_buffer,
- protected_data_size, size, &size,
- &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_FAILED_PRECONDITION, error_message,
- "Checking tag failed"));
- GPR_ASSERT(memcmp(corrupted_data_buffer, zero_buffer, data_size) == 0);
- gpr_free(corrupted_data_buffer);
- gpr_free(error_message);
-
- gpr_free(data_buffer);
- gpr_free(zero_buffer);
-}
-
-static void alts_crypter_test_unsync_seal_unseal(alts_crypter* server_seal,
- alts_crypter* server_unseal,
- alts_crypter* client_seal,
- alts_crypter* client_unseal) {
- size_t data_size = gsec_test_bias_random_uint32(1024) + 1;
- size_t num_overhead_bytes = alts_crypter_num_overhead_bytes(server_seal);
- size_t protected_data_size = data_size + num_overhead_bytes;
- auto* data_buffer = static_cast<uint8_t*>(gpr_malloc(protected_data_size));
- auto* zero_buffer = static_cast<uint8_t*>(gpr_zalloc(data_size));
-
- /* Perform two seals at client, one unseal at server. */
- size_t size = data_size;
- gsec_test_random_bytes(data_buffer, data_size);
- grpc_status_code status = alts_crypter_process_in_place(
- client_seal, data_buffer, protected_data_size, size, &size, nullptr);
- GPR_ASSERT(status == GRPC_STATUS_OK);
- GPR_ASSERT(size == protected_data_size);
-
- size = data_size;
- gsec_test_random_bytes(data_buffer, data_size);
- status = alts_crypter_process_in_place(
- client_seal, data_buffer, protected_data_size, size, &size, nullptr);
- GPR_ASSERT(status == GRPC_STATUS_OK);
- GPR_ASSERT(size == protected_data_size);
-
- char* error_message = nullptr;
- status = alts_crypter_process_in_place(server_unseal, data_buffer,
- protected_data_size, size, &size,
- &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_FAILED_PRECONDITION, error_message,
- "Checking tag failed"));
- GPR_ASSERT(memcmp(data_buffer, zero_buffer, data_size) == 0);
- gpr_free(error_message);
-
- /* Perform two seals at server, one unseal at client. */
- size = data_size;
- gsec_test_random_bytes(data_buffer, data_size);
- status = alts_crypter_process_in_place(
- server_seal, data_buffer, protected_data_size, size, &size, nullptr);
- GPR_ASSERT(status == GRPC_STATUS_OK);
- GPR_ASSERT(size == protected_data_size);
-
- size = data_size;
- gsec_test_random_bytes(data_buffer, data_size);
- status = alts_crypter_process_in_place(
- server_seal, data_buffer, protected_data_size, size, &size, nullptr);
- GPR_ASSERT(status == GRPC_STATUS_OK);
- GPR_ASSERT(size == protected_data_size);
-
- status = alts_crypter_process_in_place(client_unseal, data_buffer,
- protected_data_size, size, &size,
- &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_FAILED_PRECONDITION, error_message,
- "Checking tag failed"));
- GPR_ASSERT(memcmp(data_buffer, zero_buffer, data_size) == 0);
- gpr_free(error_message);
- gpr_free(data_buffer);
- gpr_free(zero_buffer);
-}
-
-static void alts_crypter_test_input_sanity_check(alts_crypter* crypter_seal,
- alts_crypter* crypter_unseal) {
- size_t data_size = gsec_test_bias_random_uint32(1024) + 1;
- size_t num_overhead_bytes = alts_crypter_num_overhead_bytes(crypter_seal);
- size_t protected_data_size = data_size + num_overhead_bytes;
- auto* data_buffer = static_cast<uint8_t*>(gpr_malloc(protected_data_size));
- gsec_test_random_bytes(data_buffer, data_size);
- char* error_message = nullptr;
- size_t size = data_size;
-
- /* Crypter is nullptr. */
- grpc_status_code status = alts_crypter_process_in_place(
- nullptr, data_buffer, protected_data_size, size, &size, &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INVALID_ARGUMENT, error_message,
- "crypter or crypter->vtable has not been initialized properly."));
- gpr_free(error_message);
-
- /* Seal data is nullptr. */
- size = data_size;
- status = alts_crypter_process_in_place(
- crypter_seal, nullptr, protected_data_size, size, &size, &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INVALID_ARGUMENT, error_message, "data is nullptr."));
- gpr_free(error_message);
-
- /* Seal data size is 0. */
- size = 0;
- status = alts_crypter_process_in_place(crypter_seal, data_buffer,
- protected_data_size, size, &size,
- &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INVALID_ARGUMENT, error_message,
- "data_size is zero."));
- gpr_free(error_message);
-
- /* Seal data buffer has a size smaller than the required. */
- size = data_size;
- status = alts_crypter_process_in_place(crypter_seal, data_buffer,
- protected_data_size - 1, size, &size,
- &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INVALID_ARGUMENT, error_message,
- "data_allocated_size is smaller than sum of data_size and "
- "num_overhead_bytes."));
- gpr_free(error_message);
-
- /* Unseal data is nullptr. */
- size = data_size;
- status = alts_crypter_process_in_place(crypter_unseal, nullptr,
- protected_data_size, size, &size,
- &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INVALID_ARGUMENT, error_message, "data is nullptr."));
- gpr_free(error_message);
-
- /* Unseal data size is 0. */
- size = 0;
- status = alts_crypter_process_in_place(crypter_unseal, data_buffer,
- protected_data_size, size, &size,
- &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INVALID_ARGUMENT, error_message,
- "data_size is smaller than num_overhead_bytes."));
- gpr_free(error_message);
-
- /* Unseal data size is smaller than number of overhead bytes. */
- size = num_overhead_bytes - 1;
- status = alts_crypter_process_in_place(crypter_unseal, data_buffer,
- protected_data_size, size, &size,
- &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INVALID_ARGUMENT, error_message,
- "data_size is smaller than num_overhead_bytes."));
- gpr_free(error_message);
- gpr_free(data_buffer);
-}
-
-static void create_random_alts_seal_crypter(
- alts_crypter** server_seal, alts_crypter** server_unseal,
- alts_crypter** client_seal, alts_crypter** client_unseal,
- gsec_aead_crypter** server_crypter_seal,
- gsec_aead_crypter** server_crypter_unseal,
- gsec_aead_crypter** client_crypter_seal,
- gsec_aead_crypter** client_crypter_unseal, bool rekey) {
- size_t key_length = rekey ? kAes128GcmRekeyKeyLength : kAes128GcmKeyLength;
- uint8_t* key;
- gsec_test_random_array(&key, key_length);
- gsec_aes_gcm_aead_crypter_create(key, key_length, kAesGcmNonceLength,
- kAesGcmTagLength, rekey, server_crypter_seal,
- nullptr);
- gsec_aes_gcm_aead_crypter_create(key, key_length, kAesGcmNonceLength,
- kAesGcmTagLength, rekey,
- server_crypter_unseal, nullptr);
- gsec_aes_gcm_aead_crypter_create(key, key_length, kAesGcmNonceLength,
- kAesGcmTagLength, rekey, client_crypter_seal,
- nullptr);
- gsec_aes_gcm_aead_crypter_create(key, key_length, kAesGcmNonceLength,
- kAesGcmTagLength, rekey,
- client_crypter_unseal, nullptr);
-
- size_t overflow_size = rekey ? 8 : 5;
- alts_seal_crypter_create(*client_crypter_seal, /*is_client=*/true,
- overflow_size, client_seal, nullptr);
- alts_unseal_crypter_create(*client_crypter_unseal, /*is_client=*/true,
- overflow_size, client_unseal, nullptr);
- alts_seal_crypter_create(*server_crypter_seal, /*is_client=*/false,
- overflow_size, server_seal, nullptr);
- alts_unseal_crypter_create(*server_crypter_unseal, /*is_client=*/false,
- overflow_size, server_unseal, nullptr);
- gpr_free(key);
-}
-
-static void destroy_random_alts_seal_crypter(alts_crypter* server_seal,
- alts_crypter* server_unseal,
- alts_crypter* client_seal,
- alts_crypter* client_unseal) {
- alts_crypter_destroy(server_seal);
- alts_crypter_destroy(server_unseal);
- alts_crypter_destroy(client_seal);
- alts_crypter_destroy(client_unseal);
-}
-
-static void alts_crypter_do_generic_tests() {
- alts_crypter *server_seal = nullptr, *server_unseal = nullptr,
- *client_seal = nullptr, *client_unseal = nullptr;
- gsec_aead_crypter *server_crypter_seal = nullptr,
- *server_crypter_unseal = nullptr,
- *client_crypter_seal = nullptr,
- *client_crypter_unseal = nullptr;
- /* Random seal and unseal tests */
- create_random_alts_seal_crypter(&server_seal, &server_unseal, &client_seal,
- &client_unseal, &server_crypter_seal,
- &server_crypter_unseal, &client_crypter_seal,
- &client_crypter_unseal, /*rekey=*/false);
- alts_crypter_test_random_seal_unseal(server_seal, server_unseal, client_seal,
- client_unseal);
- destroy_random_alts_seal_crypter(server_seal, server_unseal, client_seal,
- client_unseal);
-
- create_random_alts_seal_crypter(&server_seal, &server_unseal, &client_seal,
- &client_unseal, &server_crypter_seal,
- &server_crypter_unseal, &client_crypter_seal,
- &client_crypter_unseal, /*rekey=*/true);
- alts_crypter_test_random_seal_unseal(server_seal, server_unseal, client_seal,
- client_unseal);
- destroy_random_alts_seal_crypter(server_seal, server_unseal, client_seal,
- client_unseal);
-
- /* Multiple random seal and unseal tests */
- create_random_alts_seal_crypter(&server_seal, &server_unseal, &client_seal,
- &client_unseal, &server_crypter_seal,
- &server_crypter_unseal, &client_crypter_seal,
- &client_crypter_unseal, /*rekey=*/false);
- alts_crypter_test_multiple_random_seal_unseal(server_seal, server_unseal,
- client_seal, client_unseal);
- destroy_random_alts_seal_crypter(server_seal, server_unseal, client_seal,
- client_unseal);
-
- create_random_alts_seal_crypter(&server_seal, &server_unseal, &client_seal,
- &client_unseal, &server_crypter_seal,
- &server_crypter_unseal, &client_crypter_seal,
- &client_crypter_unseal, /*rekey=*/true);
- alts_crypter_test_multiple_random_seal_unseal(server_seal, server_unseal,
- client_seal, client_unseal);
- destroy_random_alts_seal_crypter(server_seal, server_unseal, client_seal,
- client_unseal);
-
- /* Corrupted unseal tests */
- create_random_alts_seal_crypter(&server_seal, &server_unseal, &client_seal,
- &client_unseal, &server_crypter_seal,
- &server_crypter_unseal, &client_crypter_seal,
- &client_crypter_unseal, /*rekey=*/false);
- alts_crypter_test_corrupted_unseal(server_seal, server_unseal, client_seal,
- client_unseal);
- destroy_random_alts_seal_crypter(server_seal, server_unseal, client_seal,
- client_unseal);
-
- create_random_alts_seal_crypter(&server_seal, &server_unseal, &client_seal,
- &client_unseal, &server_crypter_seal,
- &server_crypter_unseal, &client_crypter_seal,
- &client_crypter_unseal, /*rekey=*/true);
- alts_crypter_test_corrupted_unseal(server_seal, server_unseal, client_seal,
- client_unseal);
- destroy_random_alts_seal_crypter(server_seal, server_unseal, client_seal,
- client_unseal);
-
- /* Unsync seal and unseal tests */
- create_random_alts_seal_crypter(&server_seal, &server_unseal, &client_seal,
- &client_unseal, &server_crypter_seal,
- &server_crypter_unseal, &client_crypter_seal,
- &client_crypter_unseal, /*rekey=*/false);
- alts_crypter_test_unsync_seal_unseal(server_seal, server_unseal, client_seal,
- client_unseal);
- destroy_random_alts_seal_crypter(server_seal, server_unseal, client_seal,
- client_unseal);
-
- create_random_alts_seal_crypter(&server_seal, &server_unseal, &client_seal,
- &client_unseal, &server_crypter_seal,
- &server_crypter_unseal, &client_crypter_seal,
- &client_crypter_unseal, /*rekey=*/true);
- alts_crypter_test_unsync_seal_unseal(server_seal, server_unseal, client_seal,
- client_unseal);
- destroy_random_alts_seal_crypter(server_seal, server_unseal, client_seal,
- client_unseal);
-
- /* Input sanity check tests */
- create_random_alts_seal_crypter(&server_seal, &server_unseal, &client_seal,
- &client_unseal, &server_crypter_seal,
- &server_crypter_unseal, &client_crypter_seal,
- &client_crypter_unseal, /*rekey=*/false);
- alts_crypter_test_input_sanity_check(server_seal, server_unseal);
- destroy_random_alts_seal_crypter(server_seal, server_unseal, client_seal,
- client_unseal);
-
- create_random_alts_seal_crypter(&server_seal, &server_unseal, &client_seal,
- &client_unseal, &server_crypter_seal,
- &server_crypter_unseal, &client_crypter_seal,
- &client_crypter_unseal, /*rekey=*/true);
- alts_crypter_test_input_sanity_check(server_seal, server_unseal);
- destroy_random_alts_seal_crypter(server_seal, server_unseal, client_seal,
- client_unseal);
-}
-
-int main(int argc, char** argv) {
- alts_crypter_do_generic_tests();
- return 0;
-}
diff --git a/test/core/tsi/alts/frame_protector/alts_frame_protector_test.cc b/test/core/tsi/alts/frame_protector/alts_frame_protector_test.cc
deleted file mode 100644
index 2bd4958763..0000000000
--- a/test/core/tsi/alts/frame_protector/alts_frame_protector_test.cc
+++ /dev/null
@@ -1,394 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <grpc/support/alloc.h>
-#include <grpc/support/log.h>
-
-#include <stdbool.h>
-
-#include "src/core/tsi/alts/crypt/gsec.h"
-#include "src/core/tsi/alts/frame_protector/alts_frame_protector.h"
-#include "src/core/tsi/transport_security_interface.h"
-#include "test/core/tsi/alts/crypt/gsec_test_util.h"
-#include "test/core/tsi/transport_security_test_lib.h"
-
-const size_t kChannelSize = 32768;
-
-static void alts_test_do_round_trip_check_frames(
- tsi_test_frame_protector_fixture* fixture, const uint8_t* key,
- const size_t key_size, bool rekey, const uint8_t* client_message,
- const size_t client_message_size, const uint8_t* client_expected_frames,
- const size_t client_frame_size, const uint8_t* server_message,
- const size_t server_message_size, const uint8_t* server_expected_frames,
- const size_t server_frame_size) {
- GPR_ASSERT(fixture != nullptr);
- GPR_ASSERT(fixture->config != nullptr);
- tsi_frame_protector* client_frame_protector = nullptr;
- tsi_frame_protector* server_frame_protector = nullptr;
- tsi_test_frame_protector_config* config = fixture->config;
- tsi_test_channel* channel = fixture->channel;
- /* Create a client frame protector. */
- size_t client_max_output_protected_frame_size =
- config->client_max_output_protected_frame_size;
- GPR_ASSERT(
- alts_create_frame_protector(key, key_size, /*is_client=*/true, rekey,
- client_max_output_protected_frame_size == 0
- ? nullptr
- : &client_max_output_protected_frame_size,
- &client_frame_protector) == TSI_OK);
- /* Create a server frame protector. */
- size_t server_max_output_protected_frame_size =
- config->server_max_output_protected_frame_size;
- GPR_ASSERT(
- alts_create_frame_protector(key, key_size, /*is_client=*/false, rekey,
- server_max_output_protected_frame_size == 0
- ? nullptr
- : &server_max_output_protected_frame_size,
- &server_frame_protector) == TSI_OK);
- tsi_test_frame_protector_fixture_init(fixture, client_frame_protector,
- server_frame_protector);
- /* Client sends a message to server. */
- uint8_t* saved_client_message = config->client_message;
- config->client_message = const_cast<uint8_t*>(client_message);
- config->client_message_size = client_message_size;
- tsi_test_frame_protector_send_message_to_peer(config, channel,
- client_frame_protector,
- /*is_client=*/true);
- /* Verify if the generated frame is the same as the expected. */
- GPR_ASSERT(channel->bytes_written_to_server_channel == client_frame_size);
- GPR_ASSERT(memcmp(client_expected_frames, channel->server_channel,
- client_frame_size) == 0);
- unsigned char* server_received_message =
- static_cast<unsigned char*>(gpr_malloc(kChannelSize));
- size_t server_received_message_size = 0;
- tsi_test_frame_protector_receive_message_from_peer(
- config, channel, server_frame_protector, server_received_message,
- &server_received_message_size, /*is_client=*/false);
- GPR_ASSERT(config->client_message_size == server_received_message_size);
- GPR_ASSERT(memcmp(config->client_message, server_received_message,
- server_received_message_size) == 0);
- /* Server sends a message to client. */
- uint8_t* saved_server_message = config->server_message;
- config->server_message = const_cast<uint8_t*>(server_message);
- config->server_message_size = server_message_size;
- tsi_test_frame_protector_send_message_to_peer(config, channel,
- server_frame_protector,
- /*is_client=*/false);
- /* Verify if the generated frame is the same as the expected. */
- GPR_ASSERT(channel->bytes_written_to_client_channel == server_frame_size);
- GPR_ASSERT(memcmp(server_expected_frames, channel->client_channel,
- server_frame_size) == 0);
- unsigned char* client_received_message =
- static_cast<unsigned char*>(gpr_malloc(kChannelSize));
- size_t client_received_message_size = 0;
- tsi_test_frame_protector_receive_message_from_peer(
- config, channel, client_frame_protector, client_received_message,
- &client_received_message_size,
- /*is_client=*/true);
- GPR_ASSERT(config->server_message_size == client_received_message_size);
- GPR_ASSERT(memcmp(config->server_message, client_received_message,
- client_received_message_size) == 0);
- config->client_message = saved_client_message;
- config->server_message = saved_server_message;
- /* Destroy server and client frame protectors. */
- gpr_free(server_received_message);
- gpr_free(client_received_message);
-}
-
-static void alts_test_do_round_trip_vector_tests() {
- const uint8_t key[] = {0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
- 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08};
- const char small_message[] = {'C', 'h', 'a', 'p', 'i', ' ',
- 'C', 'h', 'a', 'p', 'o'};
- const uint8_t large_message[] = {
- 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
- 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
- 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
- 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
- 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39,
- 0x1a, 0xaf, 0xd2, 0x55, 0xd6, 0x09, 0xb1, 0xf0, 0x56, 0x63, 0x7a, 0x0d,
- 0x46, 0xdf, 0x99, 0x8d, 0x88, 0xe5, 0x22, 0x2a, 0xb2, 0xc2, 0x84, 0x65,
- 0x12, 0x15, 0x35, 0x24, 0xc0, 0x89, 0x5e, 0x81, 0x08, 0x06, 0x0f, 0x10,
- 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c,
- 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
- 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30};
- const size_t small_message_size = sizeof(small_message) / sizeof(uint8_t);
- const size_t large_message_size = sizeof(large_message) / sizeof(uint8_t);
- /* Test small client message and large server message. */
- const uint8_t client_expected_frame1[] = {
- 0x1f, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x09, 0xd8, 0xd5, 0x92,
- 0x4d, 0x50, 0x32, 0xb7, 0x1f, 0xb8, 0xf2, 0xbb, 0x43, 0xc7, 0xe2, 0x94,
- 0x3d, 0x3e, 0x9a, 0x78, 0x76, 0xaa, 0x0a, 0x6b, 0xfa, 0x98, 0x3a};
- const uint8_t server_expected_frame1[] = {
- 0x94, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0xa9, 0x4b, 0xf8, 0xc8,
- 0xe7, 0x8f, 0x1a, 0x26, 0x37, 0x44, 0xa2, 0x5c, 0x55, 0x94, 0x30, 0x4e,
- 0x3e, 0x16, 0xe7, 0x9e, 0x96, 0xe8, 0x1b, 0xc0, 0xdd, 0x52, 0x30, 0x06,
- 0xc2, 0x72, 0x9a, 0xa1, 0x0b, 0xdb, 0xdc, 0x19, 0x8c, 0x93, 0x5e, 0x84,
- 0x1f, 0x4b, 0x97, 0x26, 0xf0, 0x73, 0x85, 0x59, 0x00, 0x95, 0xc1, 0xc5,
- 0x22, 0x2f, 0x70, 0x85, 0x68, 0x2c, 0x4f, 0xfe, 0x30, 0x26, 0x91, 0xde,
- 0x62, 0x55, 0x1d, 0x35, 0x01, 0x96, 0x1c, 0xe7, 0xa2, 0x8b, 0x14, 0x8a,
- 0x5e, 0x1b, 0x4a, 0x3b, 0x4f, 0x65, 0x0f, 0xca, 0x79, 0x10, 0xb4, 0xdd,
- 0xf7, 0xa4, 0x8b, 0x64, 0x2f, 0x00, 0x39, 0x60, 0x03, 0xfc, 0xe1, 0x8b,
- 0x5c, 0x19, 0xba, 0xcc, 0x46, 0xba, 0x88, 0xdd, 0x40, 0x42, 0x27, 0x4f,
- 0xe4, 0x1a, 0x6a, 0x31, 0x6c, 0x1c, 0xb0, 0xb6, 0x5c, 0x3e, 0xca, 0x84,
- 0x9b, 0x5f, 0x04, 0x84, 0x11, 0xa9, 0xf8, 0x39, 0xe7, 0xe7, 0xc5, 0xc4,
- 0x33, 0x9f, 0x63, 0x21, 0x9a, 0x7c, 0x9c, 0x64};
- const size_t client_frame_size1 =
- sizeof(client_expected_frame1) / sizeof(uint8_t);
- const size_t server_frame_size1 =
- sizeof(server_expected_frame1) / sizeof(uint8_t);
- tsi_test_frame_protector_fixture* fixture =
- tsi_test_frame_protector_fixture_create();
- alts_test_do_round_trip_check_frames(
- fixture, key, kAes128GcmKeyLength, /*rekey=*/false,
- reinterpret_cast<const uint8_t*>(small_message), small_message_size,
- client_expected_frame1, client_frame_size1, large_message,
- large_message_size, server_expected_frame1, server_frame_size1);
- tsi_test_frame_protector_fixture_destroy(fixture);
- /**
- * Test large client message, small server message, and small
- * message_buffer_allocated_size.
- */
- const uint8_t client_expected_frame2[] = {
- 0x94, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x93, 0x81, 0x86, 0xc7,
- 0xdc, 0xf4, 0x77, 0x3a, 0xdb, 0x91, 0x94, 0x61, 0xba, 0xed, 0xd5, 0x37,
- 0x47, 0x53, 0x0c, 0xe1, 0xbf, 0x59, 0x23, 0x20, 0xde, 0x8b, 0x25, 0x13,
- 0x72, 0xe7, 0x8a, 0x4f, 0x32, 0x61, 0xc6, 0xda, 0xc3, 0xe9, 0xff, 0x31,
- 0x33, 0x53, 0x4a, 0xf8, 0xc9, 0x98, 0xe4, 0x19, 0x71, 0x9c, 0x5e, 0x72,
- 0xc7, 0x35, 0x97, 0x78, 0x30, 0xf2, 0xc4, 0xd1, 0x53, 0xd5, 0x6e, 0x8f,
- 0x4f, 0xd9, 0x28, 0x5a, 0xfd, 0x22, 0x57, 0x7f, 0x95, 0xb4, 0x8a, 0x5e,
- 0x7c, 0x47, 0xa8, 0xcf, 0x64, 0x3d, 0x83, 0xa5, 0xcf, 0xc3, 0xfe, 0x54,
- 0xc2, 0x6a, 0x40, 0xc4, 0xfb, 0x8e, 0x07, 0x77, 0x70, 0x8f, 0x99, 0x94,
- 0xb1, 0xd5, 0xa7, 0xf9, 0x0d, 0xc7, 0x11, 0xc5, 0x6f, 0x4a, 0x4f, 0x56,
- 0xd5, 0xe2, 0x9c, 0xbb, 0x95, 0x7a, 0xd0, 0x9f, 0x30, 0x54, 0xca, 0x6d,
- 0x5c, 0x8e, 0x83, 0xa0, 0x04, 0x5e, 0xd0, 0x22, 0x8c, 0x2a, 0x7f, 0xdb,
- 0xfe, 0xb3, 0x2e, 0xae, 0x22, 0xe6, 0xf4, 0xb7};
- const uint8_t server_expected_frame2[] = {
- 0x1f, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x33, 0x12, 0xab, 0x9d,
- 0x76, 0x2b, 0x5f, 0xab, 0xf3, 0x6d, 0xc4, 0xaa, 0xe5, 0x1e, 0x63, 0xc1,
- 0x7b, 0x7b, 0x10, 0xd5, 0x63, 0x0f, 0x29, 0xad, 0x17, 0x33, 0x73};
- const size_t client_frame_size2 =
- sizeof(client_expected_frame2) / sizeof(uint8_t);
- const size_t server_frame_size2 =
- sizeof(server_expected_frame2) / sizeof(uint8_t);
- fixture = tsi_test_frame_protector_fixture_create();
- alts_test_do_round_trip_check_frames(
- fixture, key, kAes128GcmKeyLength, /*rekey=*/false, large_message,
- large_message_size, client_expected_frame2, client_frame_size2,
- reinterpret_cast<const uint8_t*>(small_message), small_message_size,
- server_expected_frame2, server_frame_size2);
- tsi_test_frame_protector_fixture_destroy(fixture);
- /**
- * Test large client message, small server message, and small
- * protected_buffer_size.
- */
- const uint8_t client_expected_frame3[] = {
- 0x94, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x93, 0x81, 0x86, 0xc7,
- 0xdc, 0xf4, 0x77, 0x3a, 0xdb, 0x91, 0x94, 0x61, 0xba, 0xed, 0xd5, 0x37,
- 0x47, 0x53, 0x0c, 0xe1, 0xbf, 0x59, 0x23, 0x20, 0xde, 0x8b, 0x25, 0x13,
- 0x72, 0xe7, 0x8a, 0x4f, 0x32, 0x61, 0xc6, 0xda, 0xc3, 0xe9, 0xff, 0x31,
- 0x33, 0x53, 0x4a, 0xf8, 0xc9, 0x98, 0xe4, 0x19, 0x71, 0x9c, 0x5e, 0x72,
- 0xc7, 0x35, 0x97, 0x78, 0x30, 0xf2, 0xc4, 0xd1, 0x53, 0xd5, 0x6e, 0x8f,
- 0x4f, 0xd9, 0x28, 0x5a, 0xfd, 0x22, 0x57, 0x7f, 0x95, 0xb4, 0x8a, 0x5e,
- 0x7c, 0x47, 0xa8, 0xcf, 0x64, 0x3d, 0x83, 0xa5, 0xcf, 0xc3, 0xfe, 0x54,
- 0xc2, 0x6a, 0x40, 0xc4, 0xfb, 0x8e, 0x07, 0x77, 0x70, 0x8f, 0x99, 0x94,
- 0xb1, 0xd5, 0xa7, 0xf9, 0x0d, 0xc7, 0x11, 0xc5, 0x6f, 0x4a, 0x4f, 0x56,
- 0xd5, 0xe2, 0x9c, 0xbb, 0x95, 0x7a, 0xd0, 0x9f, 0x30, 0x54, 0xca, 0x6d,
- 0x5c, 0x8e, 0x83, 0xa0, 0x04, 0x5e, 0xd0, 0x22, 0x8c, 0x2a, 0x7f, 0xdb,
- 0xfe, 0xb3, 0x2e, 0xae, 0x22, 0xe6, 0xf4, 0xb7};
- const uint8_t server_expected_frame3[] = {
- 0x1f, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x33, 0x12, 0xab, 0x9d,
- 0x76, 0x2b, 0x5f, 0xab, 0xf3, 0x6d, 0xc4, 0xaa, 0xe5, 0x1e, 0x63, 0xc1,
- 0x7b, 0x7b, 0x10, 0xd5, 0x63, 0x0f, 0x29, 0xad, 0x17, 0x33, 0x73};
- const size_t client_frame_size3 =
- sizeof(client_expected_frame3) / sizeof(uint8_t);
- const size_t server_frame_size3 =
- sizeof(server_expected_frame3) / sizeof(uint8_t);
- fixture = tsi_test_frame_protector_fixture_create();
- alts_test_do_round_trip_check_frames(
- fixture, key, kAes128GcmKeyLength, /*rekey=*/false, large_message,
- large_message_size, client_expected_frame3, client_frame_size3,
- reinterpret_cast<const uint8_t*>(small_message), small_message_size,
- server_expected_frame3, server_frame_size3);
- tsi_test_frame_protector_fixture_destroy(fixture);
- /**
- * Test large client message, small server message, and small
- * read_buffer_allocated_size.
- */
- const uint8_t client_expected_frame4[] = {
- 0x94, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x93, 0x81, 0x86, 0xc7,
- 0xdc, 0xf4, 0x77, 0x3a, 0xdb, 0x91, 0x94, 0x61, 0xba, 0xed, 0xd5, 0x37,
- 0x47, 0x53, 0x0c, 0xe1, 0xbf, 0x59, 0x23, 0x20, 0xde, 0x8b, 0x25, 0x13,
- 0x72, 0xe7, 0x8a, 0x4f, 0x32, 0x61, 0xc6, 0xda, 0xc3, 0xe9, 0xff, 0x31,
- 0x33, 0x53, 0x4a, 0xf8, 0xc9, 0x98, 0xe4, 0x19, 0x71, 0x9c, 0x5e, 0x72,
- 0xc7, 0x35, 0x97, 0x78, 0x30, 0xf2, 0xc4, 0xd1, 0x53, 0xd5, 0x6e, 0x8f,
- 0x4f, 0xd9, 0x28, 0x5a, 0xfd, 0x22, 0x57, 0x7f, 0x95, 0xb4, 0x8a, 0x5e,
- 0x7c, 0x47, 0xa8, 0xcf, 0x64, 0x3d, 0x83, 0xa5, 0xcf, 0xc3, 0xfe, 0x54,
- 0xc2, 0x6a, 0x40, 0xc4, 0xfb, 0x8e, 0x07, 0x77, 0x70, 0x8f, 0x99, 0x94,
- 0xb1, 0xd5, 0xa7, 0xf9, 0x0d, 0xc7, 0x11, 0xc5, 0x6f, 0x4a, 0x4f, 0x56,
- 0xd5, 0xe2, 0x9c, 0xbb, 0x95, 0x7a, 0xd0, 0x9f, 0x30, 0x54, 0xca, 0x6d,
- 0x5c, 0x8e, 0x83, 0xa0, 0x04, 0x5e, 0xd0, 0x22, 0x8c, 0x2a, 0x7f, 0xdb,
- 0xfe, 0xb3, 0x2e, 0xae, 0x22, 0xe6, 0xf4, 0xb7};
- const uint8_t server_expected_frame4[] = {
- 0x1f, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x33, 0x12, 0xab, 0x9d,
- 0x76, 0x2b, 0x5f, 0xab, 0xf3, 0x6d, 0xc4, 0xaa, 0xe5, 0x1e, 0x63, 0xc1,
- 0x7b, 0x7b, 0x10, 0xd5, 0x63, 0x0f, 0x29, 0xad, 0x17, 0x33, 0x73};
- const size_t client_frame_size4 =
- sizeof(client_expected_frame4) / sizeof(uint8_t);
- const size_t server_frame_size4 =
- sizeof(server_expected_frame4) / sizeof(uint8_t);
- fixture = tsi_test_frame_protector_fixture_create();
- alts_test_do_round_trip_check_frames(
- fixture, key, kAes128GcmKeyLength, /*rekey=*/false, large_message,
- large_message_size, client_expected_frame4, client_frame_size4,
- reinterpret_cast<const uint8_t*>(small_message), small_message_size,
- server_expected_frame4, server_frame_size4);
- tsi_test_frame_protector_fixture_destroy(fixture);
- /**
- * Test large client message, small server message, and small
- * client_max_output_protected_frame_size.
- */
- const uint8_t client_expected_frame5[] = {
- 0x94, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x93, 0x81, 0x86, 0xc7,
- 0xdc, 0xf4, 0x77, 0x3a, 0xdb, 0x91, 0x94, 0x61, 0xba, 0xed, 0xd5, 0x37,
- 0x47, 0x53, 0x0c, 0xe1, 0xbf, 0x59, 0x23, 0x20, 0xde, 0x8b, 0x25, 0x13,
- 0x72, 0xe7, 0x8a, 0x4f, 0x32, 0x61, 0xc6, 0xda, 0xc3, 0xe9, 0xff, 0x31,
- 0x33, 0x53, 0x4a, 0xf8, 0xc9, 0x98, 0xe4, 0x19, 0x71, 0x9c, 0x5e, 0x72,
- 0xc7, 0x35, 0x97, 0x78, 0x30, 0xf2, 0xc4, 0xd1, 0x53, 0xd5, 0x6e, 0x8f,
- 0x4f, 0xd9, 0x28, 0x5a, 0xfd, 0x22, 0x57, 0x7f, 0x95, 0xb4, 0x8a, 0x5e,
- 0x7c, 0x47, 0xa8, 0xcf, 0x64, 0x3d, 0x83, 0xa5, 0xcf, 0xc3, 0xfe, 0x54,
- 0xc2, 0x6a, 0x40, 0xc4, 0xfb, 0x8e, 0x07, 0x77, 0x70, 0x8f, 0x99, 0x94,
- 0xb1, 0xd5, 0xa7, 0xf9, 0x0d, 0xc7, 0x11, 0xc5, 0x6f, 0x4a, 0x4f, 0x56,
- 0xd5, 0xe2, 0x9c, 0xbb, 0x95, 0x7a, 0xd0, 0x9f, 0x30, 0x54, 0xca, 0x6d,
- 0x5c, 0x8e, 0x83, 0xa0, 0x04, 0x5e, 0xd0, 0x22, 0x8c, 0x2a, 0x7f, 0xdb,
- 0xfe, 0xb3, 0x2e, 0xae, 0x22, 0xe6, 0xf4, 0xb7};
- const uint8_t server_expected_frame5[] = {
- 0x1f, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x33, 0x12, 0xab, 0x9d,
- 0x76, 0x2b, 0x5f, 0xab, 0xf3, 0x6d, 0xc4, 0xaa, 0xe5, 0x1e, 0x63, 0xc1,
- 0x7b, 0x7b, 0x10, 0xd5, 0x63, 0x0f, 0x29, 0xad, 0x17, 0x33, 0x73};
- const size_t client_frame_size5 =
- sizeof(client_expected_frame5) / sizeof(uint8_t);
- const size_t server_frame_size5 =
- sizeof(server_expected_frame5) / sizeof(uint8_t);
- fixture = tsi_test_frame_protector_fixture_create();
- alts_test_do_round_trip_check_frames(
- fixture, key, kAes128GcmKeyLength, /*rekey=*/false, large_message,
- large_message_size, client_expected_frame5, client_frame_size5,
- reinterpret_cast<const uint8_t*>(small_message), small_message_size,
- server_expected_frame5, server_frame_size5);
- tsi_test_frame_protector_fixture_destroy(fixture);
- /**
- * Test small client message, large server message, and small
- * server_max_output_protected_frame_size.
- */
- const uint8_t client_expected_frame6[] = {
- 0x1f, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x09, 0xd8, 0xd5, 0x92,
- 0x4d, 0x50, 0x32, 0xb7, 0x1f, 0xb8, 0xf2, 0xbb, 0x43, 0xc7, 0xe2, 0x94,
- 0x3d, 0x3e, 0x9a, 0x78, 0x76, 0xaa, 0x0a, 0x6b, 0xfa, 0x98, 0x3a};
- const uint8_t server_expected_frame6[] = {
- 0x94, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0xa9, 0x4b, 0xf8, 0xc8,
- 0xe7, 0x8f, 0x1a, 0x26, 0x37, 0x44, 0xa2, 0x5c, 0x55, 0x94, 0x30, 0x4e,
- 0x3e, 0x16, 0xe7, 0x9e, 0x96, 0xe8, 0x1b, 0xc0, 0xdd, 0x52, 0x30, 0x06,
- 0xc2, 0x72, 0x9a, 0xa1, 0x0b, 0xdb, 0xdc, 0x19, 0x8c, 0x93, 0x5e, 0x84,
- 0x1f, 0x4b, 0x97, 0x26, 0xf0, 0x73, 0x85, 0x59, 0x00, 0x95, 0xc1, 0xc5,
- 0x22, 0x2f, 0x70, 0x85, 0x68, 0x2c, 0x4f, 0xfe, 0x30, 0x26, 0x91, 0xde,
- 0x62, 0x55, 0x1d, 0x35, 0x01, 0x96, 0x1c, 0xe7, 0xa2, 0x8b, 0x14, 0x8a,
- 0x5e, 0x1b, 0x4a, 0x3b, 0x4f, 0x65, 0x0f, 0xca, 0x79, 0x10, 0xb4, 0xdd,
- 0xf7, 0xa4, 0x8b, 0x64, 0x2f, 0x00, 0x39, 0x60, 0x03, 0xfc, 0xe1, 0x8b,
- 0x5c, 0x19, 0xba, 0xcc, 0x46, 0xba, 0x88, 0xdd, 0x40, 0x42, 0x27, 0x4f,
- 0xe4, 0x1a, 0x6a, 0x31, 0x6c, 0x1c, 0xb0, 0xb6, 0x5c, 0x3e, 0xca, 0x84,
- 0x9b, 0x5f, 0x04, 0x84, 0x11, 0xa9, 0xf8, 0x39, 0xe7, 0xe7, 0xc5, 0xc4,
- 0x33, 0x9f, 0x63, 0x21, 0x9a, 0x7c, 0x9c, 0x64};
- const size_t client_frame_size6 =
- sizeof(client_expected_frame6) / sizeof(uint8_t);
- const size_t server_frame_size6 =
- sizeof(server_expected_frame6) / sizeof(uint8_t);
- fixture = tsi_test_frame_protector_fixture_create();
- alts_test_do_round_trip_check_frames(
- fixture, key, kAes128GcmKeyLength, /*rekey=*/false,
- reinterpret_cast<const uint8_t*>(small_message), small_message_size,
- client_expected_frame6, client_frame_size6, large_message,
- large_message_size, server_expected_frame6, server_frame_size6);
- tsi_test_frame_protector_fixture_destroy(fixture);
-}
-
-static void alts_test_do_round_trip(tsi_test_frame_protector_fixture* fixture,
- bool rekey) {
- GPR_ASSERT(fixture != nullptr);
- GPR_ASSERT(fixture->config != nullptr);
- tsi_frame_protector* client_frame_protector = nullptr;
- tsi_frame_protector* server_frame_protector = nullptr;
- tsi_test_frame_protector_config* config = fixture->config;
- /* Create a key to be used by both client and server. */
- uint8_t* key = nullptr;
- size_t key_length = rekey ? kAes128GcmRekeyKeyLength : kAes128GcmKeyLength;
- gsec_test_random_array(&key, key_length);
- /* Create a client frame protector. */
- size_t client_max_output_protected_frame_size =
- config->client_max_output_protected_frame_size;
- GPR_ASSERT(
- alts_create_frame_protector(key, key_length, /*is_client=*/true, rekey,
- client_max_output_protected_frame_size == 0
- ? nullptr
- : &client_max_output_protected_frame_size,
- &client_frame_protector) == TSI_OK);
- /* Create a server frame protector. */
- size_t server_max_output_protected_frame_size =
- config->server_max_output_protected_frame_size;
- GPR_ASSERT(
- alts_create_frame_protector(key, key_length, /*is_client=*/false, rekey,
- server_max_output_protected_frame_size == 0
- ? nullptr
- : &server_max_output_protected_frame_size,
- &server_frame_protector) == TSI_OK);
- tsi_test_frame_protector_fixture_init(fixture, client_frame_protector,
- server_frame_protector);
- tsi_test_frame_protector_do_round_trip_no_handshake(fixture);
- gpr_free(key);
-}
-
-/* Run all combinations of different arguments of test config. */
-static void alts_test_do_round_trip_all(bool rekey) {
- unsigned int* bit_array = static_cast<unsigned int*>(
- gpr_malloc(sizeof(unsigned int) * TSI_TEST_NUM_OF_ARGUMENTS));
- unsigned int mask = 1U << (TSI_TEST_NUM_OF_ARGUMENTS - 1);
- unsigned int val = 0, ind = 0;
- for (val = 0; val < TSI_TEST_NUM_OF_COMBINATIONS; val++) {
- unsigned int v = val;
- for (ind = 0; ind < TSI_TEST_NUM_OF_ARGUMENTS; ind++) {
- bit_array[ind] = (v & mask) ? 1 : 0;
- v <<= 1;
- }
- tsi_test_frame_protector_fixture* fixture =
- tsi_test_frame_protector_fixture_create();
- tsi_test_frame_protector_config_destroy(fixture->config);
- fixture->config = tsi_test_frame_protector_config_create(
- bit_array[0], bit_array[1], bit_array[2], bit_array[3], bit_array[4],
- bit_array[5], bit_array[6]);
- alts_test_do_round_trip(fixture, rekey);
- tsi_test_frame_protector_fixture_destroy(fixture);
- }
- gpr_free(bit_array);
-}
-
-int main(int argc, char** argv) {
- alts_test_do_round_trip_vector_tests();
- alts_test_do_round_trip_all(/*rekey=*/false);
- alts_test_do_round_trip_all(/*rekey=*/true);
- return 0;
-}
diff --git a/test/core/tsi/alts/frame_protector/frame_handler_test.cc b/test/core/tsi/alts/frame_protector/frame_handler_test.cc
deleted file mode 100644
index 6434ea1d31..0000000000
--- a/test/core/tsi/alts/frame_protector/frame_handler_test.cc
+++ /dev/null
@@ -1,244 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <stdint.h>
-#include <stdio.h>
-#include <string.h>
-
-#include <grpc/support/alloc.h>
-#include <grpc/support/log.h>
-
-#include "src/core/lib/gpr/useful.h"
-#include "src/core/tsi/alts/frame_protector/frame_handler.h"
-#include "test/core/tsi/alts/crypt/gsec_test_util.h"
-
-const size_t kFrameHandlerTestBufferSize = 1024;
-
-typedef struct frame_handler {
- alts_frame_writer* writer;
- alts_frame_reader* reader;
- unsigned char* buffer;
- size_t buffer_size;
-} frame_handler;
-
-static size_t frame_length(size_t payload_length) {
- return payload_length + kFrameHeaderSize;
-}
-
-static frame_handler* create_frame_handler() {
- frame_handler* handler =
- static_cast<frame_handler*>(gpr_malloc(sizeof(frame_handler)));
- handler->writer = alts_create_frame_writer();
- handler->reader = alts_create_frame_reader();
- handler->buffer = nullptr;
- handler->buffer_size = 0;
- return handler;
-}
-
-static void destroy_frame_handler(frame_handler* handler) {
- if (handler != nullptr) {
- alts_destroy_frame_reader(handler->reader);
- alts_destroy_frame_writer(handler->writer);
- if (handler->buffer != nullptr) gpr_free(handler->buffer);
- gpr_free(handler);
- }
-}
-
-static void frame(frame_handler* handler, unsigned char* payload,
- size_t payload_length, size_t write_length) {
- handler->buffer_size = frame_length(payload_length);
- handler->buffer =
- static_cast<unsigned char*>(gpr_malloc(handler->buffer_size));
- GPR_ASSERT(alts_reset_frame_writer(handler->writer, payload, payload_length));
- size_t offset = 0;
- while (offset < handler->buffer_size &&
- !alts_is_frame_writer_done(handler->writer)) {
- size_t bytes_written = GPR_MIN(write_length, handler->buffer_size - offset);
- GPR_ASSERT(alts_write_frame_bytes(handler->writer, handler->buffer + offset,
- &bytes_written));
- offset += bytes_written;
- }
- GPR_ASSERT(alts_is_frame_writer_done(handler->writer));
- GPR_ASSERT(handler->buffer_size == offset);
-}
-
-static size_t deframe(frame_handler* handler, unsigned char* bytes,
- size_t read_length) {
- GPR_ASSERT(alts_reset_frame_reader(handler->reader, bytes));
- size_t offset = 0;
- while (offset < handler->buffer_size &&
- !alts_is_frame_reader_done(handler->reader)) {
- size_t bytes_read = GPR_MIN(read_length, handler->buffer_size - offset);
- GPR_ASSERT(alts_read_frame_bytes(handler->reader, handler->buffer + offset,
- &bytes_read));
- offset += bytes_read;
- }
- GPR_ASSERT(alts_is_frame_reader_done(handler->reader));
- GPR_ASSERT(handler->buffer_size == offset);
- return offset - handler->reader->header_bytes_read;
-}
-
-static void frame_n_deframe(frame_handler* handler, unsigned char* payload,
- size_t payload_length, size_t write_length,
- size_t read_length) {
- frame(handler, payload, payload_length, write_length);
- unsigned char* bytes =
- static_cast<unsigned char*>(gpr_malloc(kFrameHandlerTestBufferSize));
- size_t deframed_payload_length = deframe(handler, bytes, read_length);
- GPR_ASSERT(payload_length == deframed_payload_length);
- GPR_ASSERT(memcmp(payload, bytes, payload_length) == 0);
- gpr_free(bytes);
-}
-
-static void frame_handler_test_frame_deframe() {
- unsigned char payload[] = "hello world";
- size_t payload_length = strlen((char*)payload) + 1;
- frame_handler* handler = create_frame_handler();
- frame_n_deframe(handler, payload, payload_length,
- frame_length(payload_length), frame_length(payload_length));
- destroy_frame_handler(handler);
-}
-
-static void frame_handler_test_small_buffer() {
- unsigned char payload[] = "hello world";
- size_t payload_length = strlen(reinterpret_cast<char*>(payload)) + 1;
- frame_handler* handler = create_frame_handler();
- frame_n_deframe(handler, payload, payload_length, 1, 1);
- destroy_frame_handler(handler);
-}
-
-static void frame_handler_test_null_input_stream() {
- frame_handler* handler = create_frame_handler();
- GPR_ASSERT(!alts_reset_frame_writer(handler->writer, nullptr, 0));
- destroy_frame_handler(handler);
-}
-
-static void frame_handler_test_bad_input_length() {
- unsigned char payload[] = "hello world";
- frame_handler* handler = create_frame_handler();
- GPR_ASSERT(!alts_reset_frame_writer(handler->writer, payload, SIZE_MAX));
- destroy_frame_handler(handler);
-}
-
-static void frame_handler_test_null_writer_byte_length() {
- unsigned char payload[] = "hello world";
- size_t payload_length = strlen(reinterpret_cast<char*>(payload)) + 1;
- frame_handler* handler = create_frame_handler();
- GPR_ASSERT(alts_reset_frame_writer(handler->writer, payload, payload_length));
- GPR_ASSERT(
- !alts_write_frame_bytes(handler->writer, handler->buffer, nullptr));
- destroy_frame_handler(handler);
-}
-
-static void frame_handler_test_null_writer_bytes() {
- unsigned char payload[] = "hello world";
- size_t payload_length = strlen(reinterpret_cast<char*>(payload)) + 1;
- frame_handler* handler = create_frame_handler();
- GPR_ASSERT(alts_reset_frame_writer(handler->writer, payload, payload_length));
- GPR_ASSERT(
- !alts_write_frame_bytes(handler->writer, nullptr, &payload_length));
- destroy_frame_handler(handler);
-}
-
-static void frame_handler_test_bad_frame_length() {
- unsigned char payload[] = "hello world";
- size_t payload_length = strlen(reinterpret_cast<char*>(payload)) + 1;
- frame_handler* handler = create_frame_handler();
- frame(handler, payload, payload_length, payload_length);
- memset(handler->buffer, 0x00, kFrameLengthFieldSize);
- unsigned char* bytes =
- static_cast<unsigned char*>(gpr_malloc(kFrameHandlerTestBufferSize));
- GPR_ASSERT(alts_reset_frame_reader(handler->reader, bytes));
- size_t bytes_read = handler->buffer_size;
- GPR_ASSERT(
- !alts_read_frame_bytes(handler->reader, handler->buffer, &bytes_read));
- GPR_ASSERT(alts_is_frame_reader_done(handler->reader));
- GPR_ASSERT(bytes_read == 0);
- gpr_free(bytes);
- destroy_frame_handler(handler);
-}
-
-static void frame_handler_test_unsupported_message_type() {
- unsigned char payload[] = "hello world";
- size_t payload_length = strlen(reinterpret_cast<char*>(payload)) + 1;
- frame_handler* handler = create_frame_handler();
- frame(handler, payload, payload_length, payload_length);
- memset(handler->buffer + kFrameLengthFieldSize, 0x00,
- kFrameMessageTypeFieldSize);
- unsigned char* bytes =
- static_cast<unsigned char*>(gpr_malloc(kFrameHandlerTestBufferSize));
- GPR_ASSERT(alts_reset_frame_reader(handler->reader, bytes));
- size_t bytes_read = handler->buffer_size;
- GPR_ASSERT(
- !alts_read_frame_bytes(handler->reader, handler->buffer, &bytes_read));
- GPR_ASSERT(alts_is_frame_reader_done(handler->reader));
- GPR_ASSERT(bytes_read == 0);
- gpr_free(bytes);
- destroy_frame_handler(handler);
-}
-
-static void frame_handler_test_null_output_stream() {
- unsigned char payload[] = "hello world";
- size_t payload_length = strlen(reinterpret_cast<char*>(payload)) + 1;
- frame_handler* handler = create_frame_handler();
- frame(handler, payload, payload_length, payload_length);
- GPR_ASSERT(!alts_reset_frame_reader(handler->reader, nullptr));
- destroy_frame_handler(handler);
-}
-
-static void frame_handler_test_null_reader_byte_length() {
- unsigned char payload[] = "hello world";
- size_t payload_length = strlen(reinterpret_cast<char*>(payload)) + 1;
- frame_handler* handler = create_frame_handler();
- frame(handler, payload, payload_length, payload_length);
- unsigned char* bytes =
- static_cast<unsigned char*>(gpr_malloc(kFrameHandlerTestBufferSize));
- GPR_ASSERT(alts_reset_frame_reader(handler->reader, bytes));
- GPR_ASSERT(!alts_read_frame_bytes(handler->reader, handler->buffer, nullptr));
- gpr_free(bytes);
- destroy_frame_handler(handler);
-}
-
-static void frame_handler_test_null_reader_bytes() {
- unsigned char payload[] = "hello world";
- size_t payload_length = strlen(reinterpret_cast<char*>(payload)) + 1;
- frame_handler* handler = create_frame_handler();
- frame(handler, payload, payload_length, payload_length);
- unsigned char* bytes =
- static_cast<unsigned char*>(gpr_malloc(kFrameHandlerTestBufferSize));
- GPR_ASSERT(alts_reset_frame_reader(handler->reader, bytes));
- size_t bytes_read = handler->buffer_size;
- GPR_ASSERT(!alts_read_frame_bytes(handler->reader, nullptr, &bytes_read));
- gpr_free(bytes);
- destroy_frame_handler(handler);
-}
-
-int main(int argc, char** argv) {
- frame_handler_test_frame_deframe();
- frame_handler_test_small_buffer();
- frame_handler_test_null_input_stream();
- frame_handler_test_bad_input_length();
- frame_handler_test_null_writer_byte_length();
- frame_handler_test_null_writer_bytes();
- frame_handler_test_bad_frame_length();
- frame_handler_test_unsupported_message_type();
- frame_handler_test_null_output_stream();
- frame_handler_test_null_reader_byte_length();
- frame_handler_test_null_reader_bytes();
- return 0;
-}
diff --git a/test/core/tsi/alts/handshaker/BUILD b/test/core/tsi/alts/handshaker/BUILD
deleted file mode 100644
index db39732c43..0000000000
--- a/test/core/tsi/alts/handshaker/BUILD
+++ /dev/null
@@ -1,78 +0,0 @@
-# Copyright 2018 gRPC authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-load("//bazel:grpc_build_system.bzl", "grpc_cc_library", "grpc_cc_test", "grpc_package")
-
-licenses(["notice"]) # Apache v2
-
-grpc_package(name = "handshaker")
-
-grpc_cc_library(
- name = "alts_handshaker_service_api_test_lib",
- srcs = ["alts_handshaker_service_api_test_lib.cc"],
- hdrs = ["alts_handshaker_service_api_test_lib.h"],
- deps = [
- "//:grpc",
- ],
-)
-
-grpc_cc_test(
- name = "alts_handshaker_client_test",
- srcs = ["alts_handshaker_client_test.cc"],
- language = "C++",
- deps = [
- ":alts_handshaker_service_api_test_lib",
- "//:grpc",
- ],
-)
-
-grpc_cc_test(
- name = "alts_handshaker_service_api_test",
- srcs = ["alts_handshaker_service_api_test.cc"],
- language = "C++",
- deps = [
- ":alts_handshaker_service_api_test_lib",
- "//:grpc",
- ],
-)
-
-grpc_cc_test(
- name = "alts_tsi_handshaker_test",
- srcs = ["alts_tsi_handshaker_test.cc"],
- language = "C++",
- deps = [
- ":alts_handshaker_service_api_test_lib",
- "//:grpc",
- ],
-)
-
-grpc_cc_test(
- name = "alts_tsi_utils_test",
- srcs = ["alts_tsi_utils_test.cc"],
- language = "C++",
- deps = [
- ":alts_handshaker_service_api_test_lib",
- "//:grpc",
- ],
-)
-
-grpc_cc_test(
- name = "transport_security_common_api_test",
- srcs = ["transport_security_common_api_test.cc"],
- language = "C++",
- deps = [
- "//:grpc",
- ],
-)
-
diff --git a/test/core/tsi/alts/handshaker/alts_handshaker_client_test.cc b/test/core/tsi/alts/handshaker/alts_handshaker_client_test.cc
deleted file mode 100644
index 7072be6e3a..0000000000
--- a/test/core/tsi/alts/handshaker/alts_handshaker_client_test.cc
+++ /dev/null
@@ -1,412 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <grpc/grpc.h>
-
-#include "src/core/tsi/alts/handshaker/alts_handshaker_client.h"
-#include "src/core/tsi/alts/handshaker/alts_tsi_event.h"
-#include "src/core/tsi/alts/handshaker/alts_tsi_handshaker.h"
-#include "src/core/tsi/transport_security.h"
-#include "src/core/tsi/transport_security_interface.h"
-#include "test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.h"
-
-#define ALTS_HANDSHAKER_CLIENT_TEST_OUT_FRAME "Hello Google"
-#define ALTS_HANDSHAKER_CLIENT_TEST_HANDSHAKER_SERVICE_URL "lame"
-#define ALTS_HANDSHAKER_CLIENT_TEST_TARGET_NAME "bigtable.google.api.com"
-#define ALTS_HANDSHAKER_CLIENT_TEST_TARGET_SERVICE_ACCOUNT1 "A@google.com"
-#define ALTS_HANDSHAKER_CLIENT_TEST_TARGET_SERVICE_ACCOUNT2 "B@google.com"
-
-const size_t kHandshakerClientOpNum = 4;
-const size_t kMaxRpcVersionMajor = 3;
-const size_t kMaxRpcVersionMinor = 2;
-const size_t kMinRpcVersionMajor = 2;
-const size_t kMinRpcVersionMinor = 1;
-
-using grpc_core::internal::alts_handshaker_client_set_grpc_caller_for_testing;
-
-typedef struct alts_handshaker_client_test_config {
- grpc_channel* channel;
- grpc_completion_queue* cq;
- alts_handshaker_client* client;
- grpc_slice out_frame;
-} alts_handshaker_client_test_config;
-
-static alts_tsi_event* alts_tsi_event_create_for_testing(bool is_client) {
- alts_tsi_event* e = static_cast<alts_tsi_event*>(gpr_zalloc(sizeof(*e)));
- grpc_metadata_array_init(&e->initial_metadata);
- grpc_metadata_array_init(&e->trailing_metadata);
- e->options = is_client ? grpc_alts_credentials_client_options_create()
- : grpc_alts_credentials_server_options_create();
- if (is_client) {
- grpc_alts_credentials_client_options_add_target_service_account(
- reinterpret_cast<grpc_alts_credentials_client_options*>(e->options),
- ALTS_HANDSHAKER_CLIENT_TEST_TARGET_SERVICE_ACCOUNT1);
- grpc_alts_credentials_client_options_add_target_service_account(
- reinterpret_cast<grpc_alts_credentials_client_options*>(e->options),
- ALTS_HANDSHAKER_CLIENT_TEST_TARGET_SERVICE_ACCOUNT2);
- }
- grpc_gcp_rpc_protocol_versions* versions = &e->options->rpc_versions;
- GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_max(
- versions, kMaxRpcVersionMajor, kMaxRpcVersionMinor));
- GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_min(
- versions, kMinRpcVersionMajor, kMinRpcVersionMinor));
- e->target_name =
- grpc_slice_from_static_string(ALTS_HANDSHAKER_CLIENT_TEST_TARGET_NAME);
- return e;
-}
-
-static void validate_rpc_protocol_versions(
- grpc_gcp_rpc_protocol_versions* versions) {
- GPR_ASSERT(versions != nullptr);
- GPR_ASSERT(versions->max_rpc_version.major == kMaxRpcVersionMajor);
- GPR_ASSERT(versions->max_rpc_version.minor == kMaxRpcVersionMinor);
- GPR_ASSERT(versions->min_rpc_version.major == kMinRpcVersionMajor);
- GPR_ASSERT(versions->min_rpc_version.minor == kMinRpcVersionMinor);
-}
-
-static void validate_target_identities(
- const repeated_field* target_identity_head) {
- grpc_gcp_identity* target_identity1 = static_cast<grpc_gcp_identity*>(
- const_cast<void*>(target_identity_head->next->data));
- grpc_gcp_identity* target_identity2 = static_cast<grpc_gcp_identity*>(
- const_cast<void*>(target_identity_head->data));
- grpc_slice* service_account1 =
- static_cast<grpc_slice*>(target_identity1->service_account.arg);
- grpc_slice* service_account2 =
- static_cast<grpc_slice*>(target_identity2->service_account.arg);
- GPR_ASSERT(memcmp(GRPC_SLICE_START_PTR(*service_account1),
- ALTS_HANDSHAKER_CLIENT_TEST_TARGET_SERVICE_ACCOUNT1,
- GRPC_SLICE_LENGTH(*service_account1)) == 0);
- GPR_ASSERT(strlen(ALTS_HANDSHAKER_CLIENT_TEST_TARGET_SERVICE_ACCOUNT1) ==
- GRPC_SLICE_LENGTH(*service_account1));
- GPR_ASSERT(memcmp(GRPC_SLICE_START_PTR(*service_account2),
- ALTS_HANDSHAKER_CLIENT_TEST_TARGET_SERVICE_ACCOUNT2,
- GRPC_SLICE_LENGTH(*service_account2)) == 0);
- GPR_ASSERT(strlen(ALTS_HANDSHAKER_CLIENT_TEST_TARGET_SERVICE_ACCOUNT2) ==
- GRPC_SLICE_LENGTH(*service_account2));
-}
-
-/**
- * Validate if grpc operation data is correctly populated with the fields of
- * ALTS TSI event.
- */
-static bool validate_op(alts_tsi_event* event, const grpc_op* op, size_t nops,
- bool is_start) {
- GPR_ASSERT(event != nullptr && op != nullptr && nops != 0);
- bool ok = true;
- grpc_op* start_op = const_cast<grpc_op*>(op);
- if (is_start) {
- ok &= (op->op == GRPC_OP_SEND_INITIAL_METADATA);
- ok &= (op->data.send_initial_metadata.count == 0);
- op++;
- GPR_ASSERT((size_t)(op - start_op) <= kHandshakerClientOpNum);
-
- ok &= (op->op == GRPC_OP_RECV_INITIAL_METADATA);
- ok &= (op->data.recv_initial_metadata.recv_initial_metadata ==
- &event->initial_metadata);
- op++;
- GPR_ASSERT((size_t)(op - start_op) <= kHandshakerClientOpNum);
- }
- ok &= (op->op == GRPC_OP_SEND_MESSAGE);
- ok &= (op->data.send_message.send_message == event->send_buffer);
- op++;
- GPR_ASSERT((size_t)(op - start_op) <= kHandshakerClientOpNum);
-
- ok &= (op->op == GRPC_OP_RECV_MESSAGE);
- ok &= (op->data.recv_message.recv_message == &event->recv_buffer);
- op++;
- GPR_ASSERT((size_t)(op - start_op) <= kHandshakerClientOpNum);
-
- return ok;
-}
-
-static grpc_gcp_handshaker_req* deserialize_handshaker_req(
- grpc_gcp_handshaker_req_type type, grpc_byte_buffer* buffer) {
- GPR_ASSERT(buffer != nullptr);
- grpc_gcp_handshaker_req* req = grpc_gcp_handshaker_decoded_req_create(type);
- grpc_byte_buffer_reader bbr;
- GPR_ASSERT(grpc_byte_buffer_reader_init(&bbr, buffer));
- grpc_slice slice = grpc_byte_buffer_reader_readall(&bbr);
- GPR_ASSERT(grpc_gcp_handshaker_req_decode(slice, req));
- grpc_slice_unref(slice);
- grpc_byte_buffer_reader_destroy(&bbr);
- return req;
-}
-
-/**
- * A mock grpc_caller used to check if client_start, server_start, and next
- * operations correctly handle invalid arguments. It should not be called.
- */
-static grpc_call_error check_must_not_be_called(grpc_call* call,
- const grpc_op* ops, size_t nops,
- void* tag) {
- GPR_ASSERT(0);
-}
-
-/**
- * A mock grpc_caller used to check correct execution of client_start operation.
- * It checks if the client_start handshaker request is populated with correct
- * handshake_security_protocol, application_protocol, and record_protocol, and
- * op is correctly populated.
- */
-static grpc_call_error check_client_start_success(grpc_call* call,
- const grpc_op* op,
- size_t nops, void* tag) {
- alts_tsi_event* event = static_cast<alts_tsi_event*>(tag);
- grpc_gcp_handshaker_req* req =
- deserialize_handshaker_req(CLIENT_START_REQ, event->send_buffer);
- GPR_ASSERT(req->client_start.handshake_security_protocol ==
- grpc_gcp_HandshakeProtocol_ALTS);
- const void* data = (static_cast<repeated_field*>(
- req->client_start.application_protocols.arg))
- ->data;
- GPR_ASSERT(data != nullptr);
- grpc_slice* application_protocol = (grpc_slice*)data;
- data = (static_cast<repeated_field*>(req->client_start.record_protocols.arg))
- ->data;
- grpc_slice* record_protocol = (grpc_slice*)data;
- GPR_ASSERT(memcmp(GRPC_SLICE_START_PTR(*application_protocol),
- ALTS_APPLICATION_PROTOCOL,
- GRPC_SLICE_LENGTH(*application_protocol)) == 0);
- GPR_ASSERT(memcmp(GRPC_SLICE_START_PTR(*record_protocol),
- ALTS_RECORD_PROTOCOL,
- GRPC_SLICE_LENGTH(*record_protocol)) == 0);
- validate_rpc_protocol_versions(&req->client_start.rpc_versions);
- validate_target_identities(
- static_cast<repeated_field*>(req->client_start.target_identities.arg));
- grpc_slice* target_name =
- static_cast<grpc_slice*>(req->client_start.target_name.arg);
- GPR_ASSERT(memcmp(GRPC_SLICE_START_PTR(*target_name),
- ALTS_HANDSHAKER_CLIENT_TEST_TARGET_NAME,
- GRPC_SLICE_LENGTH(*target_name)) == 0);
- GPR_ASSERT(GRPC_SLICE_LENGTH(*target_name) ==
- strlen(ALTS_HANDSHAKER_CLIENT_TEST_TARGET_NAME));
- GPR_ASSERT(validate_op(event, op, nops, true /* is_start */));
- grpc_gcp_handshaker_req_destroy(req);
- return GRPC_CALL_OK;
-}
-
-/**
- * A mock grpc_caller used to check correct execution of server_start operation.
- * It checks if the server_start handshaker request is populated with correct
- * handshake_security_protocol, application_protocol, and record_protocol, and
- * op is correctly populated.
- */
-static grpc_call_error check_server_start_success(grpc_call* call,
- const grpc_op* op,
- size_t nops, void* tag) {
- alts_tsi_event* event = static_cast<alts_tsi_event*>(tag);
- grpc_gcp_handshaker_req* req =
- deserialize_handshaker_req(SERVER_START_REQ, event->send_buffer);
- const void* data = (static_cast<repeated_field*>(
- req->server_start.application_protocols.arg))
- ->data;
- GPR_ASSERT(data != nullptr);
- grpc_slice* application_protocol = (grpc_slice*)data;
- GPR_ASSERT(memcmp(GRPC_SLICE_START_PTR(*application_protocol),
- ALTS_APPLICATION_PROTOCOL,
- GRPC_SLICE_LENGTH(*application_protocol)) == 0);
- GPR_ASSERT(req->server_start.handshake_parameters_count == 1);
- GPR_ASSERT(req->server_start.handshake_parameters[0].key ==
- grpc_gcp_HandshakeProtocol_ALTS);
- data = (static_cast<repeated_field*>(req->server_start.handshake_parameters[0]
- .value.record_protocols.arg))
- ->data;
- GPR_ASSERT(data != nullptr);
- grpc_slice* record_protocol = (grpc_slice*)data;
- GPR_ASSERT(memcmp(GRPC_SLICE_START_PTR(*record_protocol),
- ALTS_RECORD_PROTOCOL,
- GRPC_SLICE_LENGTH(*record_protocol)) == 0);
- validate_rpc_protocol_versions(&req->server_start.rpc_versions);
- GPR_ASSERT(validate_op(event, op, nops, true /* is_start */));
- grpc_gcp_handshaker_req_destroy(req);
- return GRPC_CALL_OK;
-}
-
-/**
- * A mock grpc_caller used to check correct execution of next operation. It
- * checks if the next handshaker request is populated with correct information,
- * and op is correctly populated.
- */
-static grpc_call_error check_next_success(grpc_call* call, const grpc_op* op,
- size_t nops, void* tag) {
- alts_tsi_event* event = static_cast<alts_tsi_event*>(tag);
- grpc_gcp_handshaker_req* req =
- deserialize_handshaker_req(NEXT_REQ, event->send_buffer);
- grpc_slice* in_bytes = static_cast<grpc_slice*>(req->next.in_bytes.arg);
- GPR_ASSERT(in_bytes != nullptr);
- GPR_ASSERT(memcmp(GRPC_SLICE_START_PTR(*in_bytes),
- ALTS_HANDSHAKER_CLIENT_TEST_OUT_FRAME,
- GRPC_SLICE_LENGTH(*in_bytes)) == 0);
- GPR_ASSERT(validate_op(event, op, nops, false /* is_start */));
- grpc_gcp_handshaker_req_destroy(req);
- return GRPC_CALL_OK;
-}
-/**
- * A mock grpc_caller used to check if client_start, server_start, and next
- * operations correctly handle the situation when the grpc call made to the
- * handshaker service fails.
- */
-static grpc_call_error check_grpc_call_failure(grpc_call* call,
- const grpc_op* op, size_t nops,
- void* tag) {
- return GRPC_CALL_ERROR;
-}
-
-static alts_handshaker_client_test_config* create_config() {
- alts_handshaker_client_test_config* config =
- static_cast<alts_handshaker_client_test_config*>(
- gpr_zalloc(sizeof(*config)));
- config->channel = grpc_insecure_channel_create(
- ALTS_HANDSHAKER_CLIENT_TEST_HANDSHAKER_SERVICE_URL, nullptr, nullptr);
- config->cq = grpc_completion_queue_create_for_next(nullptr);
- config->client = alts_grpc_handshaker_client_create(
- config->channel, config->cq,
- ALTS_HANDSHAKER_CLIENT_TEST_HANDSHAKER_SERVICE_URL);
- GPR_ASSERT(config->client != nullptr);
- config->out_frame =
- grpc_slice_from_static_string(ALTS_HANDSHAKER_CLIENT_TEST_OUT_FRAME);
- return config;
-}
-
-static void destroy_config(alts_handshaker_client_test_config* config) {
- if (config == nullptr) {
- return;
- }
- grpc_completion_queue_destroy(config->cq);
- grpc_channel_destroy(config->channel);
- alts_handshaker_client_destroy(config->client);
- grpc_slice_unref(config->out_frame);
- gpr_free(config);
-}
-
-static void schedule_request_invalid_arg_test() {
- /* Initialization. */
- alts_handshaker_client_test_config* config = create_config();
- alts_tsi_event* event = nullptr;
-
- /* Tests. */
- alts_handshaker_client_set_grpc_caller_for_testing(config->client,
- check_must_not_be_called);
- event = alts_tsi_event_create_for_testing(true /* is_client */);
- /* Check client_start. */
- GPR_ASSERT(alts_handshaker_client_start_client(nullptr, event) ==
- TSI_INVALID_ARGUMENT);
- GPR_ASSERT(alts_handshaker_client_start_client(config->client, nullptr) ==
- TSI_INVALID_ARGUMENT);
-
- /* Check server_start. */
- GPR_ASSERT(alts_handshaker_client_start_server(
- config->client, event, nullptr) == TSI_INVALID_ARGUMENT);
- GPR_ASSERT(alts_handshaker_client_start_server(config->client, nullptr,
- &config->out_frame) ==
- TSI_INVALID_ARGUMENT);
- GPR_ASSERT(alts_handshaker_client_start_server(
- nullptr, event, &config->out_frame) == TSI_INVALID_ARGUMENT);
-
- /* Check next. */
- GPR_ASSERT(alts_handshaker_client_next(config->client, event, nullptr) ==
- TSI_INVALID_ARGUMENT);
- GPR_ASSERT(alts_handshaker_client_next(config->client, nullptr,
- &config->out_frame) ==
- TSI_INVALID_ARGUMENT);
- GPR_ASSERT(alts_handshaker_client_next(nullptr, event, &config->out_frame) ==
- TSI_INVALID_ARGUMENT);
-
- /* Cleanup. */
- alts_tsi_event_destroy(event);
- destroy_config(config);
-}
-
-static void schedule_request_success_test() {
- /* Initialization. */
- alts_handshaker_client_test_config* config = create_config();
- alts_tsi_event* event = nullptr;
-
- /* Check client_start success. */
- alts_handshaker_client_set_grpc_caller_for_testing(
- config->client, check_client_start_success);
- event = alts_tsi_event_create_for_testing(true /* is_client. */);
- GPR_ASSERT(alts_handshaker_client_start_client(config->client, event) ==
- TSI_OK);
- alts_tsi_event_destroy(event);
-
- /* Check server_start success. */
- alts_handshaker_client_set_grpc_caller_for_testing(
- config->client, check_server_start_success);
- event = alts_tsi_event_create_for_testing(false /* is_client. */);
- GPR_ASSERT(alts_handshaker_client_start_server(config->client, event,
- &config->out_frame) == TSI_OK);
- alts_tsi_event_destroy(event);
-
- /* Check next success. */
- alts_handshaker_client_set_grpc_caller_for_testing(config->client,
- check_next_success);
- event = alts_tsi_event_create_for_testing(true /* is_client. */);
- GPR_ASSERT(alts_handshaker_client_next(config->client, event,
- &config->out_frame) == TSI_OK);
- alts_tsi_event_destroy(event);
-
- /* Cleanup. */
- destroy_config(config);
-}
-
-static void schedule_request_grpc_call_failure_test() {
- /* Initialization. */
- alts_handshaker_client_test_config* config = create_config();
- alts_tsi_event* event = nullptr;
-
- /* Check client_start failure. */
- alts_handshaker_client_set_grpc_caller_for_testing(config->client,
- check_grpc_call_failure);
- event = alts_tsi_event_create_for_testing(true /* is_client. */);
- GPR_ASSERT(alts_handshaker_client_start_client(config->client, event) ==
- TSI_INTERNAL_ERROR);
- alts_tsi_event_destroy(event);
-
- /* Check server_start failure. */
- event = alts_tsi_event_create_for_testing(false /* is_client. */);
- GPR_ASSERT(alts_handshaker_client_start_server(config->client, event,
- &config->out_frame) ==
- TSI_INTERNAL_ERROR);
- alts_tsi_event_destroy(event);
-
- /* Check next failure. */
- event = alts_tsi_event_create_for_testing(true /* is_cleint. */);
- GPR_ASSERT(
- alts_handshaker_client_next(config->client, event, &config->out_frame) ==
- TSI_INTERNAL_ERROR);
- alts_tsi_event_destroy(event);
-
- /* Cleanup. */
- destroy_config(config);
-}
-
-int main(int argc, char** argv) {
- /* Initialization. */
- grpc_init();
-
- /* Tests. */
- schedule_request_invalid_arg_test();
- schedule_request_success_test();
- schedule_request_grpc_call_failure_test();
-
- /* Cleanup. */
- grpc_shutdown();
- return 0;
-}
diff --git a/test/core/tsi/alts/handshaker/alts_handshaker_service_api_test.cc b/test/core/tsi/alts/handshaker/alts_handshaker_service_api_test.cc
deleted file mode 100644
index 3506264f52..0000000000
--- a/test/core/tsi/alts/handshaker/alts_handshaker_service_api_test.cc
+++ /dev/null
@@ -1,149 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <stdbool.h>
-#include <stdio.h>
-#include <stdlib.h>
-
-#include "test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.h"
-
-int main(int argc, char** argv) {
- const char in_bytes[] = "HELLO GOOGLE!";
- const char out_frames[] = "HELLO WORLD!";
- const char key_data[] = "THIS IS KEY DATA.";
- const char details[] = "DETAILS NEED TO BE POPULATED";
- const uint32_t max_rpc_version_major = 3;
- const uint32_t max_rpc_version_minor = 2;
- const uint32_t min_rpc_version_major = 2;
- const uint32_t min_rpc_version_minor = 1;
-
- /* handshaker_req_next. */
- grpc_gcp_handshaker_req* req = grpc_gcp_handshaker_req_create(NEXT_REQ);
- grpc_gcp_handshaker_req* decoded_req =
- grpc_gcp_handshaker_decoded_req_create(NEXT_REQ);
- GPR_ASSERT(
- grpc_gcp_handshaker_req_set_in_bytes(req, in_bytes, strlen(in_bytes)));
- grpc_slice encoded_req;
- GPR_ASSERT(grpc_gcp_handshaker_req_encode(req, &encoded_req));
- GPR_ASSERT(grpc_gcp_handshaker_req_decode(encoded_req, decoded_req));
- GPR_ASSERT(grpc_gcp_handshaker_req_equals(req, decoded_req));
- grpc_gcp_handshaker_req_destroy(req);
- grpc_gcp_handshaker_req_destroy(decoded_req);
- grpc_slice_unref(encoded_req);
-
- /* handshaker_req_client_start. */
- req = grpc_gcp_handshaker_req_create(CLIENT_START_REQ);
- decoded_req = grpc_gcp_handshaker_decoded_req_create(CLIENT_START_REQ);
- GPR_ASSERT(grpc_gcp_handshaker_req_set_handshake_protocol(
- req, grpc_gcp_HandshakeProtocol_TLS));
- GPR_ASSERT(grpc_gcp_handshaker_req_set_local_identity_hostname(
- req, "www.google.com"));
- GPR_ASSERT(grpc_gcp_handshaker_req_set_local_endpoint(
- req, "2001:db8::8:800:200C:417a", 9876, grpc_gcp_NetworkProtocol_TCP));
- GPR_ASSERT(grpc_gcp_handshaker_req_set_remote_endpoint(
- req, "2001:db8::bac5::fed0:84a2", 1234, grpc_gcp_NetworkProtocol_TCP));
- GPR_ASSERT(grpc_gcp_handshaker_req_add_application_protocol(req, "grpc"));
- GPR_ASSERT(grpc_gcp_handshaker_req_add_application_protocol(req, "http2"));
- GPR_ASSERT(
- grpc_gcp_handshaker_req_add_record_protocol(req, "ALTSRP_GCM_AES256"));
- GPR_ASSERT(
- grpc_gcp_handshaker_req_add_record_protocol(req, "ALTSRP_GCM_AES384"));
- GPR_ASSERT(grpc_gcp_handshaker_req_add_target_identity_service_account(
- req, "foo@google.com"));
- GPR_ASSERT(grpc_gcp_handshaker_req_set_target_name(
- req, "google.example.library.service"));
- GPR_ASSERT(grpc_gcp_handshaker_req_set_rpc_versions(
- req, max_rpc_version_major, max_rpc_version_minor, min_rpc_version_major,
- min_rpc_version_minor));
- GPR_ASSERT(grpc_gcp_handshaker_req_encode(req, &encoded_req));
- GPR_ASSERT(grpc_gcp_handshaker_req_decode(encoded_req, decoded_req));
- GPR_ASSERT(grpc_gcp_handshaker_req_equals(req, decoded_req));
- grpc_gcp_handshaker_req_destroy(req);
- grpc_gcp_handshaker_req_destroy(decoded_req);
- grpc_slice_unref(encoded_req);
-
- /* handshaker_req_server_start. */
- req = grpc_gcp_handshaker_req_create(SERVER_START_REQ);
- decoded_req = grpc_gcp_handshaker_decoded_req_create(SERVER_START_REQ);
- GPR_ASSERT(grpc_gcp_handshaker_req_add_application_protocol(req, "grpc"));
- GPR_ASSERT(grpc_gcp_handshaker_req_add_application_protocol(req, "http2"));
- GPR_ASSERT(grpc_gcp_handshaker_req_set_local_endpoint(
- req, "2001:db8::8:800:200C:417a", 9876, grpc_gcp_NetworkProtocol_TCP));
- GPR_ASSERT(grpc_gcp_handshaker_req_set_remote_endpoint(
- req, "2001:db8::bac5::fed0:84a2", 1234, grpc_gcp_NetworkProtocol_UDP));
- GPR_ASSERT(
- grpc_gcp_handshaker_req_set_in_bytes(req, in_bytes, strlen(in_bytes)));
- GPR_ASSERT(grpc_gcp_handshaker_req_param_add_record_protocol(
- req, grpc_gcp_HandshakeProtocol_TLS, "ALTSRP_GCM_AES128"));
- GPR_ASSERT(grpc_gcp_handshaker_req_param_add_local_identity_service_account(
- req, grpc_gcp_HandshakeProtocol_TLS, "foo@google.com"));
- GPR_ASSERT(grpc_gcp_handshaker_req_param_add_local_identity_hostname(
- req, grpc_gcp_HandshakeProtocol_TLS, "yihuaz0.mtv.corp.google.com"));
- GPR_ASSERT(grpc_gcp_handshaker_req_param_add_record_protocol(
- req, grpc_gcp_HandshakeProtocol_ALTS, "ALTSRP_GCM_AES128"));
- GPR_ASSERT(grpc_gcp_handshaker_req_param_add_local_identity_hostname(
- req, grpc_gcp_HandshakeProtocol_ALTS, "www.amazon.com"));
- GPR_ASSERT(grpc_gcp_handshaker_req_set_rpc_versions(
- req, max_rpc_version_major, max_rpc_version_minor, min_rpc_version_major,
- min_rpc_version_minor));
-
- GPR_ASSERT(grpc_gcp_handshaker_req_encode(req, &encoded_req));
- GPR_ASSERT(grpc_gcp_handshaker_req_decode(encoded_req, decoded_req));
- GPR_ASSERT(grpc_gcp_handshaker_req_equals(req, decoded_req));
- grpc_gcp_handshaker_req_destroy(req);
- grpc_gcp_handshaker_req_destroy(decoded_req);
- grpc_slice_unref(encoded_req);
-
- /* handshaker_resp. */
- grpc_gcp_handshaker_resp* resp = grpc_gcp_handshaker_resp_create();
- grpc_gcp_handshaker_resp* decoded_resp = grpc_gcp_handshaker_resp_create();
- GPR_ASSERT(grpc_gcp_handshaker_resp_set_out_frames(resp, out_frames,
- strlen(out_frames)));
- GPR_ASSERT(grpc_gcp_handshaker_resp_set_bytes_consumed(resp, 1024));
- GPR_ASSERT(grpc_gcp_handshaker_resp_set_application_protocol(resp, "http"));
- GPR_ASSERT(
- grpc_gcp_handshaker_resp_set_record_protocol(resp, "ALTSRP_GCM_AES128"));
- GPR_ASSERT(
- grpc_gcp_handshaker_resp_set_key_data(resp, key_data, strlen(key_data)));
- GPR_ASSERT(grpc_gcp_handshaker_resp_set_local_identity_hostname(
- resp, "www.faceboook.com"));
- GPR_ASSERT(grpc_gcp_handshaker_resp_set_peer_identity_hostname(
- resp, "www.amazon.com"));
- GPR_ASSERT(grpc_gcp_handshaker_resp_set_channel_open(
- resp, false /* channel_open */));
- GPR_ASSERT(grpc_gcp_handshaker_resp_set_code(resp, 1023));
- GPR_ASSERT(grpc_gcp_handshaker_resp_set_details(resp, details));
- GPR_ASSERT(grpc_gcp_handshaker_resp_set_peer_rpc_versions(
- resp, max_rpc_version_major, max_rpc_version_minor, min_rpc_version_major,
- min_rpc_version_minor));
- grpc_slice encoded_resp;
- GPR_ASSERT(grpc_gcp_handshaker_resp_encode(resp, &encoded_resp));
- GPR_ASSERT(grpc_gcp_handshaker_resp_decode(encoded_resp, decoded_resp));
- GPR_ASSERT(grpc_gcp_handshaker_resp_equals(resp, decoded_resp));
- grpc_gcp_handshaker_resp_destroy(resp);
- grpc_gcp_handshaker_resp_destroy(decoded_resp);
- grpc_slice_unref(encoded_resp);
- /* Test invalid arguments. */
- GPR_ASSERT(!grpc_gcp_handshaker_req_set_in_bytes(nullptr, in_bytes,
- strlen(in_bytes)));
- GPR_ASSERT(!grpc_gcp_handshaker_req_param_add_record_protocol(
- req, grpc_gcp_HandshakeProtocol_TLS, nullptr));
- GPR_ASSERT(!grpc_gcp_handshaker_req_param_add_local_identity_service_account(
- nullptr, grpc_gcp_HandshakeProtocol_TLS, nullptr));
- GPR_ASSERT(!grpc_gcp_handshaker_resp_set_record_protocol(nullptr, nullptr));
-}
diff --git a/test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.cc b/test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.cc
deleted file mode 100644
index ecca04defa..0000000000
--- a/test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.cc
+++ /dev/null
@@ -1,642 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include "test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.h"
-
-const size_t kHandshakeProtocolNum = 3;
-
-grpc_gcp_handshaker_req* grpc_gcp_handshaker_decoded_req_create(
- grpc_gcp_handshaker_req_type type) {
- grpc_gcp_handshaker_req* req =
- static_cast<grpc_gcp_handshaker_req*>(gpr_zalloc(sizeof(*req)));
- switch (type) {
- case CLIENT_START_REQ:
- req->has_client_start = true;
- req->client_start.target_identities.funcs.decode =
- decode_repeated_identity_cb;
- req->client_start.application_protocols.funcs.decode =
- decode_repeated_string_cb;
- req->client_start.record_protocols.funcs.decode =
- decode_repeated_string_cb;
- req->client_start.local_identity.hostname.funcs.decode =
- decode_string_or_bytes_cb;
- req->client_start.local_identity.service_account.funcs.decode =
- decode_string_or_bytes_cb;
- req->client_start.local_endpoint.ip_address.funcs.decode =
- decode_string_or_bytes_cb;
- req->client_start.remote_endpoint.ip_address.funcs.decode =
- decode_string_or_bytes_cb;
- req->client_start.target_name.funcs.decode = decode_string_or_bytes_cb;
- break;
- case SERVER_START_REQ:
- req->has_server_start = true;
- req->server_start.application_protocols.funcs.decode =
- &decode_repeated_string_cb;
- for (size_t i = 0; i < kHandshakeProtocolNum; i++) {
- req->server_start.handshake_parameters[i]
- .value.local_identities.funcs.decode = &decode_repeated_identity_cb;
- req->server_start.handshake_parameters[i]
- .value.record_protocols.funcs.decode = &decode_repeated_string_cb;
- }
- req->server_start.in_bytes.funcs.decode = decode_string_or_bytes_cb;
- req->server_start.local_endpoint.ip_address.funcs.decode =
- decode_string_or_bytes_cb;
- req->server_start.remote_endpoint.ip_address.funcs.decode =
- decode_string_or_bytes_cb;
- break;
- case NEXT_REQ:
- req->has_next = true;
- break;
- }
- return req;
-}
-
-bool grpc_gcp_handshaker_resp_set_application_protocol(
- grpc_gcp_handshaker_resp* resp, const char* application_protocol) {
- if (resp == nullptr || application_protocol == nullptr) {
- gpr_log(GPR_ERROR,
- "Invalid nullptr arguments to "
- "handshaker_resp_set_application_protocol().");
- return false;
- }
- resp->has_result = true;
- grpc_slice* slice =
- create_slice(application_protocol, strlen(application_protocol));
- resp->result.application_protocol.arg = slice;
- resp->result.application_protocol.funcs.encode = encode_string_or_bytes_cb;
- return true;
-}
-
-bool grpc_gcp_handshaker_resp_set_record_protocol(
- grpc_gcp_handshaker_resp* resp, const char* record_protocol) {
- if (resp == nullptr || record_protocol == nullptr) {
- gpr_log(GPR_ERROR,
- "Invalid nullptr arguments to "
- "handshaker_resp_set_record_protocol().");
- return false;
- }
- resp->has_result = true;
- grpc_slice* slice = create_slice(record_protocol, strlen(record_protocol));
- resp->result.record_protocol.arg = slice;
- resp->result.record_protocol.funcs.encode = encode_string_or_bytes_cb;
- return true;
-}
-
-bool grpc_gcp_handshaker_resp_set_key_data(grpc_gcp_handshaker_resp* resp,
- const char* key_data, size_t size) {
- if (resp == nullptr || key_data == nullptr) {
- gpr_log(GPR_ERROR,
- "Invalid nullptr arguments to handshaker_resp_set_key_data().");
- return false;
- }
- resp->has_result = true;
- grpc_slice* slice = create_slice(key_data, size);
- resp->result.key_data.arg = slice;
- resp->result.key_data.funcs.encode = encode_string_or_bytes_cb;
- return true;
-}
-
-static void set_identity_hostname(grpc_gcp_identity* identity,
- const char* hostname) {
- grpc_slice* slice = create_slice(hostname, strlen(hostname));
- identity->hostname.arg = slice;
- identity->hostname.funcs.encode = encode_string_or_bytes_cb;
-}
-
-static void set_identity_service_account(grpc_gcp_identity* identity,
- const char* service_account) {
- grpc_slice* slice = create_slice(service_account, strlen(service_account));
- identity->service_account.arg = slice;
- identity->service_account.funcs.encode = encode_string_or_bytes_cb;
-}
-
-bool grpc_gcp_handshaker_resp_set_local_identity_hostname(
- grpc_gcp_handshaker_resp* resp, const char* hostname) {
- if (resp == nullptr || hostname == nullptr) {
- gpr_log(GPR_ERROR,
- "Invalid nullptr arguments to "
- "grpc_gcp_handshaker_resp_set_local_identity_hostname().");
- return false;
- }
- resp->has_result = true;
- resp->result.has_local_identity = true;
- set_identity_hostname(&resp->result.local_identity, hostname);
- return true;
-}
-
-bool grpc_gcp_handshaker_resp_set_local_identity_service_account(
- grpc_gcp_handshaker_resp* resp, const char* service_account) {
- if (resp == nullptr || service_account == nullptr) {
- gpr_log(GPR_ERROR,
- "Invalid nullptr arguments to "
- "grpc_gcp_handshaker_resp_set_local_identity_service_account().");
- return false;
- }
- resp->has_result = true;
- resp->result.has_local_identity = true;
- set_identity_service_account(&resp->result.local_identity, service_account);
- return true;
-}
-
-bool grpc_gcp_handshaker_resp_set_peer_identity_hostname(
- grpc_gcp_handshaker_resp* resp, const char* hostname) {
- if (resp == nullptr || hostname == nullptr) {
- gpr_log(GPR_ERROR,
- "Invalid nullptr arguments to "
- "grpc_gcp_handshaker_resp_set_peer_identity_hostname().");
- return false;
- }
- resp->has_result = true;
- resp->result.has_peer_identity = true;
- set_identity_hostname(&resp->result.peer_identity, hostname);
- return true;
-}
-
-bool grpc_gcp_handshaker_resp_set_peer_identity_service_account(
- grpc_gcp_handshaker_resp* resp, const char* service_account) {
- if (resp == nullptr || service_account == nullptr) {
- gpr_log(GPR_ERROR,
- "Invalid nullptr arguments to "
- "grpc_gcp_handshaker_resp_set_peer_identity_service_account().");
- return false;
- }
- resp->has_result = true;
- resp->result.has_peer_identity = true;
- set_identity_service_account(&resp->result.peer_identity, service_account);
- return true;
-}
-
-bool grpc_gcp_handshaker_resp_set_channel_open(grpc_gcp_handshaker_resp* resp,
- bool keep_channel_open) {
- if (resp == nullptr) {
- gpr_log(GPR_ERROR,
- "Invalid nullptr argument to "
- "grpc_gcp_handshaker_resp_set_channel_open().");
- return false;
- }
- resp->has_result = true;
- resp->result.has_keep_channel_open = true;
- resp->result.keep_channel_open = keep_channel_open;
- return true;
-}
-
-bool grpc_gcp_handshaker_resp_set_code(grpc_gcp_handshaker_resp* resp,
- uint32_t code) {
- if (resp == nullptr) {
- gpr_log(GPR_ERROR,
- "Invalid nullptr argument to grpc_gcp_handshaker_resp_set_code().");
- return false;
- }
- resp->has_status = true;
- resp->status.has_code = true;
- resp->status.code = code;
- return true;
-}
-
-bool grpc_gcp_handshaker_resp_set_details(grpc_gcp_handshaker_resp* resp,
- const char* details) {
- if (resp == nullptr || details == nullptr) {
- gpr_log(
- GPR_ERROR,
- "Invalid nullptr arguments to grpc_gcp_handshaker_resp_set_details().");
- return false;
- }
- resp->has_status = true;
- grpc_slice* slice = create_slice(details, strlen(details));
- resp->status.details.arg = slice;
- resp->status.details.funcs.encode = encode_string_or_bytes_cb;
- return true;
-}
-
-bool grpc_gcp_handshaker_resp_set_out_frames(grpc_gcp_handshaker_resp* resp,
- const char* out_frames,
- size_t size) {
- if (resp == nullptr || out_frames == nullptr) {
- gpr_log(GPR_ERROR,
- "Invalid nullptr arguments to "
- "grpc_gcp_handshaker_resp_set_out_frames().");
- return false;
- }
- grpc_slice* slice = create_slice(out_frames, size);
- resp->out_frames.arg = slice;
- resp->out_frames.funcs.encode = encode_string_or_bytes_cb;
- return true;
-}
-
-bool grpc_gcp_handshaker_resp_set_bytes_consumed(grpc_gcp_handshaker_resp* resp,
- int32_t bytes_consumed) {
- if (resp == nullptr) {
- gpr_log(GPR_ERROR,
- "Invalid nullptr argument to "
- "grpc_gcp_handshaker_resp_set_bytes_consumed().");
- return false;
- }
- resp->has_bytes_consumed = true;
- resp->bytes_consumed = bytes_consumed;
- return true;
-}
-
-bool grpc_gcp_handshaker_resp_set_peer_rpc_versions(
- grpc_gcp_handshaker_resp* resp, uint32_t max_major, uint32_t max_minor,
- uint32_t min_major, uint32_t min_minor) {
- if (resp == nullptr) {
- gpr_log(GPR_ERROR,
- "Invalid nullptr argument to "
- "grpc_gcp_handshaker_resp_set_peer_rpc_versions().");
- return false;
- }
- resp->has_result = true;
- resp->result.has_peer_rpc_versions = true;
- grpc_gcp_rpc_protocol_versions* versions = &resp->result.peer_rpc_versions;
- versions->has_max_rpc_version = true;
- versions->has_min_rpc_version = true;
- versions->max_rpc_version.has_major = true;
- versions->max_rpc_version.has_minor = true;
- versions->min_rpc_version.has_major = true;
- versions->min_rpc_version.has_minor = true;
- versions->max_rpc_version.major = max_major;
- versions->max_rpc_version.minor = max_minor;
- versions->min_rpc_version.major = min_major;
- versions->min_rpc_version.minor = min_minor;
- return true;
-}
-
-bool grpc_gcp_handshaker_resp_encode(grpc_gcp_handshaker_resp* resp,
- grpc_slice* slice) {
- if (resp == nullptr || slice == nullptr) {
- gpr_log(GPR_ERROR,
- "Invalid nullptr arguments to grpc_gcp_handshaker_resp_encode().");
- return false;
- }
- pb_ostream_t size_stream;
- memset(&size_stream, 0, sizeof(pb_ostream_t));
- if (!pb_encode(&size_stream, grpc_gcp_HandshakerResp_fields, resp)) {
- gpr_log(GPR_ERROR, "nanopb error: %s", PB_GET_ERROR(&size_stream));
- return false;
- }
- size_t encoded_length = size_stream.bytes_written;
- *slice = grpc_slice_malloc(encoded_length);
- pb_ostream_t output_stream =
- pb_ostream_from_buffer(GRPC_SLICE_START_PTR(*slice), encoded_length);
- if (!pb_encode(&output_stream, grpc_gcp_HandshakerResp_fields, resp)) {
- gpr_log(GPR_ERROR, "nanopb error: %s", PB_GET_ERROR(&size_stream));
- return false;
- }
- return true;
-}
-
-bool grpc_gcp_handshaker_req_decode(grpc_slice slice,
- grpc_gcp_handshaker_req* req) {
- if (req == nullptr) {
- gpr_log(GPR_ERROR,
- "Invalid nullptr argument to grpc_gcp_handshaker_req_decode().");
- return false;
- }
- pb_istream_t stream = pb_istream_from_buffer(GRPC_SLICE_START_PTR(slice),
- GRPC_SLICE_LENGTH(slice));
- req->next.in_bytes.funcs.decode = decode_string_or_bytes_cb;
- if (!pb_decode(&stream, grpc_gcp_HandshakerReq_fields, req)) {
- gpr_log(GPR_ERROR, "nanopb error: %s", PB_GET_ERROR(&stream));
- return false;
- }
- return true;
-}
-
-/* Check equality of a pair of grpc_slice fields. */
-static bool slice_equals(grpc_slice* l_slice, grpc_slice* r_slice) {
- if (l_slice == nullptr && r_slice == nullptr) {
- return true;
- }
- if (l_slice != nullptr && r_slice != nullptr) {
- return grpc_slice_eq(*l_slice, *r_slice);
- }
- return false;
-}
-
-/* Check equality of a pair of grpc_gcp_identity fields. */
-static bool handshaker_identity_equals(const grpc_gcp_identity* l_id,
- const grpc_gcp_identity* r_id) {
- if (!((l_id->hostname.arg != nullptr) != (r_id->hostname.arg != nullptr))) {
- if (l_id->hostname.arg != nullptr) {
- return slice_equals(static_cast<grpc_slice*>(l_id->hostname.arg),
- static_cast<grpc_slice*>(r_id->hostname.arg));
- }
- } else {
- return false;
- }
- if (!((l_id->service_account.arg != nullptr) !=
- (r_id->service_account.arg != nullptr))) {
- if (l_id->service_account.arg != nullptr) {
- return slice_equals(static_cast<grpc_slice*>(l_id->service_account.arg),
- static_cast<grpc_slice*>(r_id->service_account.arg));
- }
- } else {
- return false;
- }
- return true;
-}
-
-static bool handshaker_rpc_versions_equals(
- const grpc_gcp_rpc_protocol_versions* l_version,
- const grpc_gcp_rpc_protocol_versions* r_version) {
- bool result = true;
- result &=
- (l_version->max_rpc_version.major == r_version->max_rpc_version.major);
- result &=
- (l_version->max_rpc_version.minor == r_version->max_rpc_version.minor);
- result &=
- (l_version->min_rpc_version.major == r_version->min_rpc_version.major);
- result &=
- (l_version->min_rpc_version.minor == r_version->min_rpc_version.minor);
- return result;
-}
-
-/* Check equality of a pair of grpc_gcp_endpoint fields. */
-static bool handshaker_endpoint_equals(const grpc_gcp_endpoint* l_end,
- const grpc_gcp_endpoint* r_end) {
- bool result = true;
- result &= (l_end->port == r_end->port);
- result &= (l_end->protocol == r_end->protocol);
- if (!((l_end->ip_address.arg != nullptr) !=
- (r_end->ip_address.arg != nullptr))) {
- if (l_end->ip_address.arg != nullptr) {
- result &= slice_equals(static_cast<grpc_slice*>(l_end->ip_address.arg),
- static_cast<grpc_slice*>(r_end->ip_address.arg));
- }
- } else {
- return false;
- }
- return result;
-}
-/**
- * Check if a specific repeated field (i.e., target) is contained in a repeated
- * field list (i.e., head).
- */
-static bool repeated_field_list_contains_identity(
- const repeated_field* head, const repeated_field* target) {
- repeated_field* field = const_cast<repeated_field*>(head);
- while (field != nullptr) {
- if (handshaker_identity_equals(
- static_cast<const grpc_gcp_identity*>(field->data),
- static_cast<const grpc_gcp_identity*>(target->data))) {
- return true;
- }
- field = field->next;
- }
- return false;
-}
-
-static bool repeated_field_list_contains_string(const repeated_field* head,
- const repeated_field* target) {
- repeated_field* field = const_cast<repeated_field*>(head);
- while (field != nullptr) {
- if (slice_equals((grpc_slice*)field->data, (grpc_slice*)target->data)) {
- return true;
- }
- field = field->next;
- }
- return false;
-}
-
-/* Return a length of repeated field list. */
-static size_t repeated_field_list_get_length(const repeated_field* head) {
- repeated_field* field = const_cast<repeated_field*>(head);
- size_t len = 0;
- while (field != nullptr) {
- len++;
- field = field->next;
- }
- return len;
-}
-
-/**
- * Check if a pair of repeated field lists contain the same set of repeated
- * fields.
- */
-static bool repeated_field_list_equals_identity(const repeated_field* l_head,
- const repeated_field* r_head) {
- if (repeated_field_list_get_length(l_head) !=
- repeated_field_list_get_length(r_head)) {
- return false;
- }
- repeated_field* field = const_cast<repeated_field*>(l_head);
- repeated_field* head = const_cast<repeated_field*>(r_head);
- while (field != nullptr) {
- if (!repeated_field_list_contains_identity(head, field)) {
- return false;
- }
- field = field->next;
- }
- return true;
-}
-
-static bool repeated_field_list_equals_string(const repeated_field* l_head,
- const repeated_field* r_head) {
- if (repeated_field_list_get_length(l_head) !=
- repeated_field_list_get_length(r_head)) {
- return false;
- }
- repeated_field* field = const_cast<repeated_field*>(l_head);
- repeated_field* head = const_cast<repeated_field*>(r_head);
- while (field != nullptr) {
- if (!repeated_field_list_contains_string(head, field)) {
- return false;
- }
- field = field->next;
- }
- return true;
-}
-
-/* Check equality of a pair of ALTS client_start handshake requests. */
-bool grpc_gcp_handshaker_client_start_req_equals(
- grpc_gcp_start_client_handshake_req* l_req,
- grpc_gcp_start_client_handshake_req* r_req) {
- bool result = true;
- /* Compare handshake_security_protocol. */
- result &=
- l_req->handshake_security_protocol == r_req->handshake_security_protocol;
- /* Compare application_protocols, record_protocols, and target_identities. */
- result &= repeated_field_list_equals_string(
- static_cast<const repeated_field*>(l_req->application_protocols.arg),
- static_cast<const repeated_field*>(r_req->application_protocols.arg));
- result &= repeated_field_list_equals_string(
- static_cast<const repeated_field*>(l_req->record_protocols.arg),
- static_cast<const repeated_field*>(r_req->record_protocols.arg));
- result &= repeated_field_list_equals_identity(
- static_cast<const repeated_field*>(l_req->target_identities.arg),
- static_cast<const repeated_field*>(r_req->target_identities.arg));
- if ((l_req->has_local_identity ^ r_req->has_local_identity) |
- (l_req->has_local_endpoint ^ r_req->has_local_endpoint) |
- ((l_req->has_remote_endpoint ^ r_req->has_remote_endpoint)) |
- (l_req->has_rpc_versions ^ r_req->has_rpc_versions)) {
- return false;
- }
- /* Compare local_identity, local_endpoint, and remote_endpoint. */
- if (l_req->has_local_identity) {
- result &= handshaker_identity_equals(&l_req->local_identity,
- &r_req->local_identity);
- }
- if (l_req->has_local_endpoint) {
- result &= handshaker_endpoint_equals(&l_req->local_endpoint,
- &r_req->local_endpoint);
- }
- if (l_req->has_remote_endpoint) {
- result &= handshaker_endpoint_equals(&l_req->remote_endpoint,
- &r_req->remote_endpoint);
- }
- if (l_req->has_rpc_versions) {
- result &= handshaker_rpc_versions_equals(&l_req->rpc_versions,
- &r_req->rpc_versions);
- }
- return result;
-}
-
-/* Check equality of a pair of ALTS server_start handshake requests. */
-bool grpc_gcp_handshaker_server_start_req_equals(
- grpc_gcp_start_server_handshake_req* l_req,
- grpc_gcp_start_server_handshake_req* r_req) {
- bool result = true;
- /* Compare application_protocols. */
- result &= repeated_field_list_equals_string(
- static_cast<const repeated_field*>(l_req->application_protocols.arg),
- static_cast<const repeated_field*>(r_req->application_protocols.arg));
- /* Compare handshake_parameters. */
- size_t i = 0, j = 0;
- result &=
- (l_req->handshake_parameters_count == r_req->handshake_parameters_count);
- for (i = 0; i < l_req->handshake_parameters_count; i++) {
- bool found = false;
- for (j = 0; j < r_req->handshake_parameters_count; j++) {
- if (l_req->handshake_parameters[i].key ==
- r_req->handshake_parameters[j].key) {
- found = true;
- result &= repeated_field_list_equals_string(
- static_cast<const repeated_field*>(
- l_req->handshake_parameters[i].value.record_protocols.arg),
- static_cast<const repeated_field*>(
- r_req->handshake_parameters[j].value.record_protocols.arg));
- result &= repeated_field_list_equals_identity(
- static_cast<const repeated_field*>(
- l_req->handshake_parameters[i].value.local_identities.arg),
- static_cast<const repeated_field*>(
- r_req->handshake_parameters[j].value.local_identities.arg));
- }
- }
- if (!found) {
- return false;
- }
- }
- /* Compare in_bytes, local_endpoint, remote_endpoint. */
- result &= slice_equals(static_cast<grpc_slice*>(l_req->in_bytes.arg),
- static_cast<grpc_slice*>(r_req->in_bytes.arg));
- if ((l_req->has_local_endpoint ^ r_req->has_local_endpoint) |
- (l_req->has_remote_endpoint ^ r_req->has_remote_endpoint) |
- (l_req->has_rpc_versions ^ r_req->has_rpc_versions))
- return false;
- if (l_req->has_local_endpoint) {
- result &= handshaker_endpoint_equals(&l_req->local_endpoint,
- &r_req->local_endpoint);
- }
- if (l_req->has_remote_endpoint) {
- result &= handshaker_endpoint_equals(&l_req->remote_endpoint,
- &r_req->remote_endpoint);
- }
- if (l_req->has_rpc_versions) {
- result &= handshaker_rpc_versions_equals(&l_req->rpc_versions,
- &r_req->rpc_versions);
- }
- return result;
-}
-
-/* Check equality of a pair of ALTS handshake requests. */
-bool grpc_gcp_handshaker_req_equals(grpc_gcp_handshaker_req* l_req,
- grpc_gcp_handshaker_req* r_req) {
- if (l_req->has_next && r_req->has_next) {
- return slice_equals(static_cast<grpc_slice*>(l_req->next.in_bytes.arg),
- static_cast<grpc_slice*>(r_req->next.in_bytes.arg));
- } else if (l_req->has_client_start && r_req->has_client_start) {
- return grpc_gcp_handshaker_client_start_req_equals(&l_req->client_start,
- &r_req->client_start);
- } else if (l_req->has_server_start && r_req->has_server_start) {
- return grpc_gcp_handshaker_server_start_req_equals(&l_req->server_start,
- &r_req->server_start);
- }
- return false;
-}
-
-/* Check equality of a pair of ALTS handshake results. */
-bool grpc_gcp_handshaker_resp_result_equals(
- grpc_gcp_handshaker_result* l_result,
- grpc_gcp_handshaker_result* r_result) {
- bool result = true;
- /* Compare application_protocol, record_protocol, and key_data. */
- result &= slice_equals(
- static_cast<grpc_slice*>(l_result->application_protocol.arg),
- static_cast<grpc_slice*>(r_result->application_protocol.arg));
- result &=
- slice_equals(static_cast<grpc_slice*>(l_result->record_protocol.arg),
- static_cast<grpc_slice*>(r_result->record_protocol.arg));
- result &= slice_equals(static_cast<grpc_slice*>(l_result->key_data.arg),
- static_cast<grpc_slice*>(r_result->key_data.arg));
- /* Compare local_identity, peer_identity, and keep_channel_open. */
- if ((l_result->has_local_identity ^ r_result->has_local_identity) |
- (l_result->has_peer_identity ^ r_result->has_peer_identity) |
- (l_result->has_peer_rpc_versions ^ r_result->has_peer_rpc_versions)) {
- return false;
- }
- if (l_result->has_local_identity) {
- result &= handshaker_identity_equals(&l_result->local_identity,
- &r_result->local_identity);
- }
- if (l_result->has_peer_identity) {
- result &= handshaker_identity_equals(&l_result->peer_identity,
- &r_result->peer_identity);
- }
- if (l_result->has_peer_rpc_versions) {
- result &= handshaker_rpc_versions_equals(&l_result->peer_rpc_versions,
- &r_result->peer_rpc_versions);
- }
- result &= (l_result->keep_channel_open == r_result->keep_channel_open);
- return result;
-}
-
-/* Check equality of a pair of ALTS handshake responses. */
-bool grpc_gcp_handshaker_resp_equals(grpc_gcp_handshaker_resp* l_resp,
- grpc_gcp_handshaker_resp* r_resp) {
- bool result = true;
- /* Compare out_frames and bytes_consumed. */
- result &= slice_equals(static_cast<grpc_slice*>(l_resp->out_frames.arg),
- static_cast<grpc_slice*>(r_resp->out_frames.arg));
- result &= (l_resp->bytes_consumed == r_resp->bytes_consumed);
- /* Compare result and status. */
- if ((l_resp->has_result ^ r_resp->has_result) |
- (l_resp->has_status ^ r_resp->has_status)) {
- return false;
- }
- if (l_resp->has_result) {
- result &= grpc_gcp_handshaker_resp_result_equals(&l_resp->result,
- &r_resp->result);
- }
- if (l_resp->has_status) {
- result &= (l_resp->status.code == r_resp->status.code);
- result &=
- slice_equals(static_cast<grpc_slice*>(l_resp->status.details.arg),
- static_cast<grpc_slice*>(r_resp->status.details.arg));
- }
- return result;
-}
diff --git a/test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.h b/test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.h
deleted file mode 100644
index 2fcbb4ea99..0000000000
--- a/test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.h
+++ /dev/null
@@ -1,143 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#ifndef GRPC_TEST_CORE_TSI_ALTS_HANDSHAKER_ALTS_HANDSHAKER_SERVICE_API_TEST_LIB_H
-#define GRPC_TEST_CORE_TSI_ALTS_HANDSHAKER_ALTS_HANDSHAKER_SERVICE_API_TEST_LIB_H
-
-#include "src/core/tsi/alts/handshaker/alts_handshaker_service_api.h"
-#include "src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h"
-#include "src/core/tsi/alts/handshaker/transport_security_common_api.h"
-
-/**
- * The first part of this file contains function signatures for de-serializing
- * ALTS handshake requests and setting/serializing ALTS handshake responses,
- * which simulate the behaviour of grpc server that runs ALTS handshaker
- * service.
- */
-
-/**
- * This method creates a ALTS handshaker request that is used to hold
- * de-serialized result.
- */
-grpc_gcp_handshaker_req* grpc_gcp_handshaker_decoded_req_create(
- grpc_gcp_handshaker_req_type type);
-
-/* This method de-serializes a ALTS handshaker request. */
-bool grpc_gcp_handshaker_req_decode(grpc_slice slice,
- grpc_gcp_handshaker_req* req);
-
-/* This method serializes a ALTS handshaker response. */
-bool grpc_gcp_handshaker_resp_encode(grpc_gcp_handshaker_resp* resp,
- grpc_slice* slice);
-
-/* This method sets application protocol of ALTS handshaker response. */
-bool grpc_gcp_handshaker_resp_set_application_protocol(
- grpc_gcp_handshaker_resp* resp, const char* application_protocol);
-
-/* This method sets record protocol of ALTS handshaker response. */
-bool grpc_gcp_handshaker_resp_set_record_protocol(
- grpc_gcp_handshaker_resp* resp, const char* record_protocol);
-
-/* This method sets key_data of ALTS handshaker response. */
-bool grpc_gcp_handshaker_resp_set_key_data(grpc_gcp_handshaker_resp* resp,
- const char* key_data, size_t size);
-
-/* This method sets local identity's hostname for ALTS handshaker response. */
-bool grpc_gcp_handshaker_resp_set_local_identity_hostname(
- grpc_gcp_handshaker_resp* resp, const char* hostname);
-
-/**
- * This method sets local identity's service account for ALTS handshaker
- * response.
- */
-bool grpc_gcp_handshaker_resp_set_local_identity_service_account(
- grpc_gcp_handshaker_resp* resp, const char* service_account);
-
-/* This method sets peer identity's hostname for ALTS handshaker response. */
-bool grpc_gcp_handshaker_resp_set_peer_identity_hostname(
- grpc_gcp_handshaker_resp* resp, const char* hostname);
-
-/**
- * This method sets peer identity's service account for ALTS handshaker
- * response.
- */
-bool grpc_gcp_handshaker_resp_set_peer_identity_service_account(
- grpc_gcp_handshaker_resp* resp, const char* service_account);
-
-/* This method sets keep_channel_open for ALTS handshaker response. */
-bool grpc_gcp_handshaker_resp_set_channel_open(grpc_gcp_handshaker_resp* resp,
- bool keep_channel_open);
-
-/* This method sets code for ALTS handshaker response. */
-bool grpc_gcp_handshaker_resp_set_code(grpc_gcp_handshaker_resp* resp,
- uint32_t code);
-
-/* This method sets details for ALTS handshaker response. */
-bool grpc_gcp_handshaker_resp_set_details(grpc_gcp_handshaker_resp* resp,
- const char* details);
-
-/* This method sets out_frames for ALTS handshaker response. */
-bool grpc_gcp_handshaker_resp_set_out_frames(grpc_gcp_handshaker_resp* resp,
- const char* out_frames,
- size_t size);
-
-/* This method sets peer_rpc_versions for ALTS handshaker response. */
-bool grpc_gcp_handshaker_resp_set_peer_rpc_versions(
- grpc_gcp_handshaker_resp* resp, uint32_t max_major, uint32_t max_minor,
- uint32_t min_major, uint32_t min_minor);
-
-/* This method sets bytes_consumed for ALTS handshaker response. */
-bool grpc_gcp_handshaker_resp_set_bytes_consumed(grpc_gcp_handshaker_resp* resp,
- int32_t bytes_consumed);
-
-/* This method serializes ALTS handshaker response. */
-bool grpc_gcp_handshaker_resp_encode(grpc_gcp_handshaker_resp* resp,
- grpc_slice* slice);
-
-/* This method de-serializes ALTS handshaker request. */
-bool grpc_gcp_handshaker_req_decode(grpc_slice slice,
- grpc_gcp_handshaker_req* req);
-
-/**
- * The second part contains function signatures for checking equality of a pair
- * of ALTS handshake requests/responses.
- */
-
-/* This method checks equality of two client_start handshaker requests. */
-bool grpc_gcp_handshaker_client_start_req_equals(
- grpc_gcp_start_client_handshake_req* l_req,
- grpc_gcp_start_client_handshake_req* r_req);
-
-/* This method checks equality of two server_start handshaker requests. */
-bool grpc_gcp_handshaker_server_start_req_equals(
- grpc_gcp_start_server_handshake_req* l_req,
- grpc_gcp_start_server_handshake_req* r_req);
-
-/* This method checks equality of two ALTS handshaker requests. */
-bool grpc_gcp_handshaker_req_equals(grpc_gcp_handshaker_req* l_req,
- grpc_gcp_handshaker_req* r_req);
-
-/* This method checks equality of two handshaker response results. */
-bool grpc_gcp_handshaker_resp_result_equals(
- grpc_gcp_handshaker_result* l_result, grpc_gcp_handshaker_result* r_result);
-
-/* This method checks equality of two ALTS handshaker responses. */
-bool grpc_gcp_handshaker_resp_equals(grpc_gcp_handshaker_resp* l_resp,
- grpc_gcp_handshaker_resp* r_resp);
-
-#endif // GRPC_TEST_CORE_TSI_ALTS_HANDSHAKER_ALTS_HANDSHAKER_SERVICE_API_TEST_LIB_H
diff --git a/test/core/tsi/alts/handshaker/alts_tsi_handshaker_test.cc b/test/core/tsi/alts/handshaker/alts_tsi_handshaker_test.cc
deleted file mode 100644
index 95724f84f4..0000000000
--- a/test/core/tsi/alts/handshaker/alts_tsi_handshaker_test.cc
+++ /dev/null
@@ -1,682 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-
-#include <grpc/grpc.h>
-#include <grpc/support/sync.h>
-
-#include "src/core/lib/gprpp/thd.h"
-#include "src/core/tsi/alts/handshaker/alts_handshaker_client.h"
-#include "src/core/tsi/alts/handshaker/alts_tsi_event.h"
-#include "src/core/tsi/alts/handshaker/alts_tsi_handshaker.h"
-#include "src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h"
-#include "test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.h"
-
-#define ALTS_TSI_HANDSHAKER_TEST_RECV_BYTES "Hello World"
-#define ALTS_TSI_HANDSHAKER_TEST_OUT_FRAME "Hello Google"
-#define ALTS_TSI_HANDSHAKER_TEST_CONSUMED_BYTES "Hello "
-#define ALTS_TSI_HANDSHAKER_TEST_REMAIN_BYTES "Google"
-#define ALTS_TSI_HANDSHAKER_TEST_PEER_IDENTITY "chapi@service.google.com"
-#define ALTS_TSI_HANDSHAKER_TEST_KEY_DATA \
- "ABCDEFGHIJKLMNOPABCDEFGHIJKLMNOPABCDEFGHIJKL"
-#define ALTS_TSI_HANDSHAKER_TEST_BUFFER_SIZE 100
-#define ALTS_TSI_HANDSHAKER_TEST_SLEEP_TIME_IN_SECONDS 2
-#define ALTS_TSI_HANDSHAKER_TEST_MAX_RPC_VERSION_MAJOR 3
-#define ALTS_TSI_HANDSHAKER_TEST_MAX_RPC_VERSION_MINOR 2
-#define ALTS_TSI_HANDSHAKER_TEST_MIN_RPC_VERSION_MAJOR 2
-#define ALTS_TSI_HANDSHAKER_TEST_MIN_RPC_VERSION_MINOR 1
-
-using grpc_core::internal::
- alts_tsi_handshaker_get_has_sent_start_message_for_testing;
-using grpc_core::internal::alts_tsi_handshaker_get_is_client_for_testing;
-using grpc_core::internal::alts_tsi_handshaker_get_recv_bytes_for_testing;
-using grpc_core::internal::alts_tsi_handshaker_set_client_for_testing;
-using grpc_core::internal::alts_tsi_handshaker_set_recv_bytes_for_testing;
-
-/* ALTS mock notification. */
-typedef struct notification {
- gpr_cv cv;
- gpr_mu mu;
- bool notified;
-} notification;
-
-/* ALTS mock handshaker client. */
-typedef struct alts_mock_handshaker_client {
- alts_handshaker_client base;
- bool used_for_success_test;
-} alts_mock_handshaker_client;
-
-/* Type of ALTS handshaker response. */
-typedef enum {
- INVALID,
- FAILED,
- CLIENT_START,
- SERVER_START,
- CLIENT_NEXT,
- SERVER_NEXT,
-} alts_handshaker_response_type;
-
-static alts_tsi_event* client_start_event;
-static alts_tsi_event* client_next_event;
-static alts_tsi_event* server_start_event;
-static alts_tsi_event* server_next_event;
-static notification caller_to_tsi_notification;
-static notification tsi_to_caller_notification;
-
-static void notification_init(notification* n) {
- gpr_mu_init(&n->mu);
- gpr_cv_init(&n->cv);
- n->notified = false;
-}
-
-static void notification_destroy(notification* n) {
- gpr_mu_destroy(&n->mu);
- gpr_cv_destroy(&n->cv);
-}
-
-static void signal(notification* n) {
- gpr_mu_lock(&n->mu);
- n->notified = true;
- gpr_cv_signal(&n->cv);
- gpr_mu_unlock(&n->mu);
-}
-
-static void wait(notification* n) {
- gpr_mu_lock(&n->mu);
- while (!n->notified) {
- gpr_cv_wait(&n->cv, &n->mu, gpr_inf_future(GPR_CLOCK_REALTIME));
- }
- n->notified = false;
- gpr_mu_unlock(&n->mu);
-}
-
-/**
- * This method mocks ALTS handshaker service to generate handshaker response
- * for a specific request.
- */
-static grpc_byte_buffer* generate_handshaker_response(
- alts_handshaker_response_type type) {
- grpc_gcp_handshaker_resp* resp = grpc_gcp_handshaker_resp_create();
- GPR_ASSERT(grpc_gcp_handshaker_resp_set_code(resp, 0));
- switch (type) {
- case INVALID:
- break;
- case CLIENT_START:
- case SERVER_START:
- GPR_ASSERT(grpc_gcp_handshaker_resp_set_out_frames(
- resp, ALTS_TSI_HANDSHAKER_TEST_OUT_FRAME,
- strlen(ALTS_TSI_HANDSHAKER_TEST_OUT_FRAME)));
- break;
- case CLIENT_NEXT:
- GPR_ASSERT(grpc_gcp_handshaker_resp_set_out_frames(
- resp, ALTS_TSI_HANDSHAKER_TEST_OUT_FRAME,
- strlen(ALTS_TSI_HANDSHAKER_TEST_OUT_FRAME)));
- GPR_ASSERT(grpc_gcp_handshaker_resp_set_peer_identity_service_account(
- resp, ALTS_TSI_HANDSHAKER_TEST_PEER_IDENTITY));
- GPR_ASSERT(grpc_gcp_handshaker_resp_set_bytes_consumed(
- resp, strlen(ALTS_TSI_HANDSHAKER_TEST_CONSUMED_BYTES)));
- GPR_ASSERT(grpc_gcp_handshaker_resp_set_key_data(
- resp, ALTS_TSI_HANDSHAKER_TEST_KEY_DATA,
- strlen(ALTS_TSI_HANDSHAKER_TEST_KEY_DATA)));
- GPR_ASSERT(grpc_gcp_handshaker_resp_set_peer_rpc_versions(
- resp, ALTS_TSI_HANDSHAKER_TEST_MAX_RPC_VERSION_MAJOR,
- ALTS_TSI_HANDSHAKER_TEST_MAX_RPC_VERSION_MINOR,
- ALTS_TSI_HANDSHAKER_TEST_MIN_RPC_VERSION_MAJOR,
- ALTS_TSI_HANDSHAKER_TEST_MIN_RPC_VERSION_MINOR));
- break;
- case SERVER_NEXT:
- GPR_ASSERT(grpc_gcp_handshaker_resp_set_peer_identity_service_account(
- resp, ALTS_TSI_HANDSHAKER_TEST_PEER_IDENTITY));
- GPR_ASSERT(grpc_gcp_handshaker_resp_set_bytes_consumed(
- resp, strlen(ALTS_TSI_HANDSHAKER_TEST_OUT_FRAME)));
- GPR_ASSERT(grpc_gcp_handshaker_resp_set_key_data(
- resp, ALTS_TSI_HANDSHAKER_TEST_KEY_DATA,
- strlen(ALTS_TSI_HANDSHAKER_TEST_KEY_DATA)));
- GPR_ASSERT(grpc_gcp_handshaker_resp_set_peer_rpc_versions(
- resp, ALTS_TSI_HANDSHAKER_TEST_MAX_RPC_VERSION_MAJOR,
- ALTS_TSI_HANDSHAKER_TEST_MAX_RPC_VERSION_MINOR,
- ALTS_TSI_HANDSHAKER_TEST_MIN_RPC_VERSION_MAJOR,
- ALTS_TSI_HANDSHAKER_TEST_MIN_RPC_VERSION_MINOR));
- break;
- case FAILED:
- GPR_ASSERT(
- grpc_gcp_handshaker_resp_set_code(resp, 3 /* INVALID ARGUMENT */));
- break;
- }
- grpc_slice slice;
- GPR_ASSERT(grpc_gcp_handshaker_resp_encode(resp, &slice));
- if (type == INVALID) {
- grpc_slice bad_slice =
- grpc_slice_split_head(&slice, GRPC_SLICE_LENGTH(slice) - 1);
- grpc_slice_unref(slice);
- slice = grpc_slice_ref(bad_slice);
- grpc_slice_unref(bad_slice);
- }
- grpc_byte_buffer* buffer =
- grpc_raw_byte_buffer_create(&slice, 1 /* number of slices */);
- grpc_slice_unref(slice);
- grpc_gcp_handshaker_resp_destroy(resp);
- return buffer;
-}
-
-static void check_must_not_be_called(tsi_result status, void* user_data,
- const unsigned char* bytes_to_send,
- size_t bytes_to_send_size,
- tsi_handshaker_result* result) {
- GPR_ASSERT(0);
-}
-
-static void on_client_start_success_cb(tsi_result status, void* user_data,
- const unsigned char* bytes_to_send,
- size_t bytes_to_send_size,
- tsi_handshaker_result* result) {
- GPR_ASSERT(status == TSI_OK);
- GPR_ASSERT(user_data == nullptr);
- GPR_ASSERT(bytes_to_send_size == strlen(ALTS_TSI_HANDSHAKER_TEST_OUT_FRAME));
- GPR_ASSERT(memcmp(bytes_to_send, ALTS_TSI_HANDSHAKER_TEST_OUT_FRAME,
- bytes_to_send_size) == 0);
- GPR_ASSERT(result == nullptr);
- /* Validate peer identity. */
- tsi_peer peer;
- GPR_ASSERT(tsi_handshaker_result_extract_peer(result, &peer) ==
- TSI_INVALID_ARGUMENT);
- /* Validate frame protector. */
- tsi_frame_protector* protector = nullptr;
- GPR_ASSERT(tsi_handshaker_result_create_frame_protector(
- result, nullptr, &protector) == TSI_INVALID_ARGUMENT);
- /* Validate unused bytes. */
- const unsigned char* unused_bytes = nullptr;
- size_t unused_bytes_size = 0;
- GPR_ASSERT(tsi_handshaker_result_get_unused_bytes(result, &unused_bytes,
- &unused_bytes_size) ==
- TSI_INVALID_ARGUMENT);
- signal(&tsi_to_caller_notification);
-}
-
-static void on_server_start_success_cb(tsi_result status, void* user_data,
- const unsigned char* bytes_to_send,
- size_t bytes_to_send_size,
- tsi_handshaker_result* result) {
- GPR_ASSERT(status == TSI_OK);
- GPR_ASSERT(user_data == nullptr);
- GPR_ASSERT(bytes_to_send_size == strlen(ALTS_TSI_HANDSHAKER_TEST_OUT_FRAME));
- GPR_ASSERT(memcmp(bytes_to_send, ALTS_TSI_HANDSHAKER_TEST_OUT_FRAME,
- bytes_to_send_size) == 0);
- GPR_ASSERT(result == nullptr);
- /* Validate peer identity. */
- tsi_peer peer;
- GPR_ASSERT(tsi_handshaker_result_extract_peer(result, &peer) ==
- TSI_INVALID_ARGUMENT);
- /* Validate frame protector. */
- tsi_frame_protector* protector = nullptr;
- GPR_ASSERT(tsi_handshaker_result_create_frame_protector(
- result, nullptr, &protector) == TSI_INVALID_ARGUMENT);
- /* Validate unused bytes. */
- const unsigned char* unused_bytes = nullptr;
- size_t unused_bytes_size = 0;
- GPR_ASSERT(tsi_handshaker_result_get_unused_bytes(result, &unused_bytes,
- &unused_bytes_size) ==
- TSI_INVALID_ARGUMENT);
- signal(&tsi_to_caller_notification);
-}
-
-static void on_client_next_success_cb(tsi_result status, void* user_data,
- const unsigned char* bytes_to_send,
- size_t bytes_to_send_size,
- tsi_handshaker_result* result) {
- GPR_ASSERT(status == TSI_OK);
- GPR_ASSERT(user_data == nullptr);
- GPR_ASSERT(bytes_to_send_size == strlen(ALTS_TSI_HANDSHAKER_TEST_OUT_FRAME));
- GPR_ASSERT(memcmp(bytes_to_send, ALTS_TSI_HANDSHAKER_TEST_OUT_FRAME,
- bytes_to_send_size) == 0);
- GPR_ASSERT(result != nullptr);
- /* Validate peer identity. */
- tsi_peer peer;
- GPR_ASSERT(tsi_handshaker_result_extract_peer(result, &peer) == TSI_OK);
- GPR_ASSERT(peer.property_count == kTsiAltsNumOfPeerProperties);
- GPR_ASSERT(memcmp(TSI_ALTS_CERTIFICATE_TYPE, peer.properties[0].value.data,
- peer.properties[0].value.length) == 0);
- GPR_ASSERT(memcmp(ALTS_TSI_HANDSHAKER_TEST_PEER_IDENTITY,
- peer.properties[1].value.data,
- peer.properties[1].value.length) == 0);
- tsi_peer_destruct(&peer);
- /* Validate unused bytes. */
- const unsigned char* bytes = nullptr;
- size_t bytes_size = 0;
- GPR_ASSERT(tsi_handshaker_result_get_unused_bytes(result, &bytes,
- &bytes_size) == TSI_OK);
- GPR_ASSERT(bytes_size == strlen(ALTS_TSI_HANDSHAKER_TEST_REMAIN_BYTES));
- GPR_ASSERT(memcmp(bytes, ALTS_TSI_HANDSHAKER_TEST_REMAIN_BYTES, bytes_size) ==
- 0);
- /* Validate frame protector. */
- tsi_frame_protector* protector = nullptr;
- GPR_ASSERT(tsi_handshaker_result_create_frame_protector(
- result, nullptr, &protector) == TSI_OK);
- GPR_ASSERT(protector != nullptr);
- tsi_frame_protector_destroy(protector);
- tsi_handshaker_result_destroy(result);
- signal(&tsi_to_caller_notification);
-}
-
-static void on_server_next_success_cb(tsi_result status, void* user_data,
- const unsigned char* bytes_to_send,
- size_t bytes_to_send_size,
- tsi_handshaker_result* result) {
- GPR_ASSERT(status == TSI_OK);
- GPR_ASSERT(user_data == nullptr);
- GPR_ASSERT(bytes_to_send_size == 0);
- GPR_ASSERT(bytes_to_send == nullptr);
- GPR_ASSERT(result != nullptr);
- /* Validate peer identity. */
- tsi_peer peer;
- GPR_ASSERT(tsi_handshaker_result_extract_peer(result, &peer) == TSI_OK);
- GPR_ASSERT(peer.property_count == kTsiAltsNumOfPeerProperties);
- GPR_ASSERT(memcmp(TSI_ALTS_CERTIFICATE_TYPE, peer.properties[0].value.data,
- peer.properties[0].value.length) == 0);
- GPR_ASSERT(memcmp(ALTS_TSI_HANDSHAKER_TEST_PEER_IDENTITY,
- peer.properties[1].value.data,
- peer.properties[1].value.length) == 0);
- tsi_peer_destruct(&peer);
- /* Validate unused bytes. */
- const unsigned char* bytes = nullptr;
- size_t bytes_size = 0;
- GPR_ASSERT(tsi_handshaker_result_get_unused_bytes(result, &bytes,
- &bytes_size) == TSI_OK);
- GPR_ASSERT(bytes_size == 0);
- GPR_ASSERT(bytes == nullptr);
- /* Validate frame protector. */
- tsi_frame_protector* protector = nullptr;
- GPR_ASSERT(tsi_handshaker_result_create_frame_protector(
- result, nullptr, &protector) == TSI_OK);
- GPR_ASSERT(protector != nullptr);
- tsi_frame_protector_destroy(protector);
- tsi_handshaker_result_destroy(result);
- signal(&tsi_to_caller_notification);
-}
-
-static tsi_result mock_client_start(alts_handshaker_client* self,
- alts_tsi_event* event) {
- alts_mock_handshaker_client* client =
- reinterpret_cast<alts_mock_handshaker_client*>(self);
- if (!client->used_for_success_test) {
- alts_tsi_event_destroy(event);
- return TSI_INTERNAL_ERROR;
- }
- GPR_ASSERT(event->cb == on_client_start_success_cb);
- GPR_ASSERT(event->user_data == nullptr);
- GPR_ASSERT(!alts_tsi_handshaker_get_has_sent_start_message_for_testing(
- event->handshaker));
- /* Populate handshaker response for client_start request. */
- event->recv_buffer = generate_handshaker_response(CLIENT_START);
- client_start_event = event;
- signal(&caller_to_tsi_notification);
- return TSI_OK;
-}
-
-static tsi_result mock_server_start(alts_handshaker_client* self,
- alts_tsi_event* event,
- grpc_slice* bytes_received) {
- alts_mock_handshaker_client* client =
- reinterpret_cast<alts_mock_handshaker_client*>(self);
- if (!client->used_for_success_test) {
- alts_tsi_event_destroy(event);
- return TSI_INTERNAL_ERROR;
- }
- GPR_ASSERT(event->cb == on_server_start_success_cb);
- GPR_ASSERT(event->user_data == nullptr);
- grpc_slice slice = grpc_empty_slice();
- GPR_ASSERT(grpc_slice_cmp(*bytes_received, slice) == 0);
- GPR_ASSERT(!alts_tsi_handshaker_get_has_sent_start_message_for_testing(
- event->handshaker));
- /* Populate handshaker response for server_start request. */
- event->recv_buffer = generate_handshaker_response(SERVER_START);
- server_start_event = event;
- grpc_slice_unref(slice);
- signal(&caller_to_tsi_notification);
- return TSI_OK;
-}
-
-static tsi_result mock_next(alts_handshaker_client* self, alts_tsi_event* event,
- grpc_slice* bytes_received) {
- alts_mock_handshaker_client* client =
- reinterpret_cast<alts_mock_handshaker_client*>(self);
- if (!client->used_for_success_test) {
- alts_tsi_event_destroy(event);
- return TSI_INTERNAL_ERROR;
- }
- bool is_client =
- alts_tsi_handshaker_get_is_client_for_testing(event->handshaker);
- if (is_client) {
- GPR_ASSERT(event->cb == on_client_next_success_cb);
- } else {
- GPR_ASSERT(event->cb == on_server_next_success_cb);
- }
- GPR_ASSERT(event->user_data == nullptr);
- GPR_ASSERT(bytes_received != nullptr);
- GPR_ASSERT(memcmp(GRPC_SLICE_START_PTR(*bytes_received),
- ALTS_TSI_HANDSHAKER_TEST_RECV_BYTES,
- GRPC_SLICE_LENGTH(*bytes_received)) == 0);
- GPR_ASSERT(grpc_slice_cmp(alts_tsi_handshaker_get_recv_bytes_for_testing(
- event->handshaker),
- *bytes_received) == 0);
- GPR_ASSERT(alts_tsi_handshaker_get_has_sent_start_message_for_testing(
- event->handshaker));
- /* Populate handshaker response for next request. */
- grpc_slice out_frame =
- grpc_slice_from_static_string(ALTS_TSI_HANDSHAKER_TEST_OUT_FRAME);
- if (is_client) {
- event->recv_buffer = generate_handshaker_response(CLIENT_NEXT);
- } else {
- event->recv_buffer = generate_handshaker_response(SERVER_NEXT);
- }
- alts_tsi_handshaker_set_recv_bytes_for_testing(event->handshaker, &out_frame);
- if (is_client) {
- client_next_event = event;
- } else {
- server_next_event = event;
- }
- signal(&caller_to_tsi_notification);
- grpc_slice_unref(out_frame);
- return TSI_OK;
-}
-
-static void mock_destruct(alts_handshaker_client* client) {}
-
-static const alts_handshaker_client_vtable vtable = {
- mock_client_start, mock_server_start, mock_next, mock_destruct};
-
-static alts_handshaker_client* alts_mock_handshaker_client_create(
- bool used_for_success_test) {
- alts_mock_handshaker_client* client =
- static_cast<alts_mock_handshaker_client*>(gpr_zalloc(sizeof(*client)));
- client->base.vtable = &vtable;
- client->used_for_success_test = used_for_success_test;
- return &client->base;
-}
-
-static tsi_handshaker* create_test_handshaker(bool used_for_success_test,
- bool is_client) {
- tsi_handshaker* handshaker = nullptr;
- alts_handshaker_client* client =
- alts_mock_handshaker_client_create(used_for_success_test);
- grpc_alts_credentials_options* options =
- grpc_alts_credentials_client_options_create();
- alts_tsi_handshaker_create(options, "target_name", "lame", is_client,
- &handshaker);
- alts_tsi_handshaker* alts_handshaker =
- reinterpret_cast<alts_tsi_handshaker*>(handshaker);
- alts_tsi_handshaker_set_client_for_testing(alts_handshaker, client);
- grpc_alts_credentials_options_destroy(options);
- return handshaker;
-}
-
-static void check_handshaker_next_invalid_input() {
- /* Initialization. */
- tsi_handshaker* handshaker = create_test_handshaker(true, true);
- /* Check nullptr handshaker. */
- GPR_ASSERT(tsi_handshaker_next(nullptr, nullptr, 0, nullptr, nullptr, nullptr,
- check_must_not_be_called,
- nullptr) == TSI_INVALID_ARGUMENT);
- /* Check nullptr callback. */
- GPR_ASSERT(tsi_handshaker_next(handshaker, nullptr, 0, nullptr, nullptr,
- nullptr, nullptr,
- nullptr) == TSI_INVALID_ARGUMENT);
- /* Cleanup. */
- tsi_handshaker_destroy(handshaker);
-}
-
-static void check_handshaker_next_success() {
- /**
- * Create handshakers for which internal mock client is going to do
- * correctness check.
- */
- tsi_handshaker* client_handshaker = create_test_handshaker(
- true /* used_for_success_test */, true /* is_client */);
- tsi_handshaker* server_handshaker = create_test_handshaker(
- true /* used_for_success_test */, false /* is_client */);
- /* Client start. */
- GPR_ASSERT(tsi_handshaker_next(client_handshaker, nullptr, 0, nullptr,
- nullptr, nullptr, on_client_start_success_cb,
- nullptr) == TSI_ASYNC);
- wait(&tsi_to_caller_notification);
- /* Client next. */
- GPR_ASSERT(tsi_handshaker_next(
- client_handshaker,
- (const unsigned char*)ALTS_TSI_HANDSHAKER_TEST_RECV_BYTES,
- strlen(ALTS_TSI_HANDSHAKER_TEST_RECV_BYTES), nullptr, nullptr,
- nullptr, on_client_next_success_cb, nullptr) == TSI_ASYNC);
- wait(&tsi_to_caller_notification);
- /* Server start. */
- GPR_ASSERT(tsi_handshaker_next(server_handshaker, nullptr, 0, nullptr,
- nullptr, nullptr, on_server_start_success_cb,
- nullptr) == TSI_ASYNC);
- wait(&tsi_to_caller_notification);
- /* Server next. */
- GPR_ASSERT(tsi_handshaker_next(
- server_handshaker,
- (const unsigned char*)ALTS_TSI_HANDSHAKER_TEST_RECV_BYTES,
- strlen(ALTS_TSI_HANDSHAKER_TEST_RECV_BYTES), nullptr, nullptr,
- nullptr, on_server_next_success_cb, nullptr) == TSI_ASYNC);
- wait(&tsi_to_caller_notification);
- /* Cleanup. */
- tsi_handshaker_destroy(server_handshaker);
- tsi_handshaker_destroy(client_handshaker);
-}
-
-static void check_handshaker_next_failure() {
- /**
- * Create handshakers for which internal mock client is always going to fail.
- */
- tsi_handshaker* client_handshaker = create_test_handshaker(
- false /* used_for_success_test */, true /* is_client */);
- tsi_handshaker* server_handshaker = create_test_handshaker(
- false /* used_for_success_test */, false /* is_client */);
- /* Client start. */
- GPR_ASSERT(tsi_handshaker_next(client_handshaker, nullptr, 0, nullptr,
- nullptr, nullptr, check_must_not_be_called,
- nullptr) == TSI_INTERNAL_ERROR);
- /* Server start. */
- GPR_ASSERT(tsi_handshaker_next(server_handshaker, nullptr, 0, nullptr,
- nullptr, nullptr, check_must_not_be_called,
- nullptr) == TSI_INTERNAL_ERROR);
- /* Server next. */
- GPR_ASSERT(tsi_handshaker_next(
- server_handshaker,
- (const unsigned char*)ALTS_TSI_HANDSHAKER_TEST_RECV_BYTES,
- strlen(ALTS_TSI_HANDSHAKER_TEST_RECV_BYTES), nullptr, nullptr,
- nullptr, check_must_not_be_called,
- nullptr) == TSI_INTERNAL_ERROR);
- /* Client next. */
- GPR_ASSERT(tsi_handshaker_next(
- client_handshaker,
- (const unsigned char*)ALTS_TSI_HANDSHAKER_TEST_RECV_BYTES,
- strlen(ALTS_TSI_HANDSHAKER_TEST_RECV_BYTES), nullptr, nullptr,
- nullptr, check_must_not_be_called,
- nullptr) == TSI_INTERNAL_ERROR);
- /* Cleanup. */
- tsi_handshaker_destroy(server_handshaker);
- tsi_handshaker_destroy(client_handshaker);
-}
-
-static void on_invalid_input_cb(tsi_result status, void* user_data,
- const unsigned char* bytes_to_send,
- size_t bytes_to_send_size,
- tsi_handshaker_result* result) {
- GPR_ASSERT(status == TSI_INTERNAL_ERROR);
- GPR_ASSERT(user_data == nullptr);
- GPR_ASSERT(bytes_to_send == nullptr);
- GPR_ASSERT(bytes_to_send_size == 0);
- GPR_ASSERT(result == nullptr);
-}
-
-static void on_failed_grpc_call_cb(tsi_result status, void* user_data,
- const unsigned char* bytes_to_send,
- size_t bytes_to_send_size,
- tsi_handshaker_result* result) {
- GPR_ASSERT(status == TSI_INTERNAL_ERROR);
- GPR_ASSERT(user_data == nullptr);
- GPR_ASSERT(bytes_to_send == nullptr);
- GPR_ASSERT(bytes_to_send_size == 0);
- GPR_ASSERT(result == nullptr);
-}
-
-static void check_handle_response_invalid_input() {
- /**
- * Create a handshaker at the client side, for which internal mock client is
- * always going to fail.
- */
- tsi_handshaker* handshaker = create_test_handshaker(
- false /* used_for_success_test */, true /* is_client */);
- alts_tsi_handshaker* alts_handshaker =
- reinterpret_cast<alts_tsi_handshaker*>(handshaker);
- grpc_byte_buffer recv_buffer;
- /* Check nullptr handshaker. */
- alts_tsi_handshaker_handle_response(nullptr, &recv_buffer, GRPC_STATUS_OK,
- nullptr, on_invalid_input_cb, nullptr,
- true);
- /* Check nullptr recv_bytes. */
- alts_tsi_handshaker_handle_response(alts_handshaker, nullptr, GRPC_STATUS_OK,
- nullptr, on_invalid_input_cb, nullptr,
- true);
- /* Check failed grpc call made to handshaker service. */
- alts_tsi_handshaker_handle_response(alts_handshaker, &recv_buffer,
- GRPC_STATUS_UNKNOWN, nullptr,
- on_failed_grpc_call_cb, nullptr, true);
-
- alts_tsi_handshaker_handle_response(alts_handshaker, &recv_buffer,
- GRPC_STATUS_OK, nullptr,
- on_failed_grpc_call_cb, nullptr, false);
-
- /* Cleanup. */
- tsi_handshaker_destroy(handshaker);
-}
-
-static void on_invalid_resp_cb(tsi_result status, void* user_data,
- const unsigned char* bytes_to_send,
- size_t bytes_to_send_size,
- tsi_handshaker_result* result) {
- GPR_ASSERT(status == TSI_DATA_CORRUPTED);
- GPR_ASSERT(user_data == nullptr);
- GPR_ASSERT(bytes_to_send == nullptr);
- GPR_ASSERT(bytes_to_send_size == 0);
- GPR_ASSERT(result == nullptr);
-}
-
-static void check_handle_response_invalid_resp() {
- /**
- * Create a handshaker at the client side, for which internal mock client is
- * always going to fail.
- */
- tsi_handshaker* handshaker = create_test_handshaker(
- false /* used_for_success_test */, true /* is_client */);
- alts_tsi_handshaker* alts_handshaker =
- reinterpret_cast<alts_tsi_handshaker*>(handshaker);
- /* Tests. */
- grpc_byte_buffer* recv_buffer = generate_handshaker_response(INVALID);
- alts_tsi_handshaker_handle_response(alts_handshaker, recv_buffer,
- GRPC_STATUS_OK, nullptr,
- on_invalid_resp_cb, nullptr, true);
- /* Cleanup. */
- grpc_byte_buffer_destroy(recv_buffer);
- tsi_handshaker_destroy(handshaker);
-}
-
-static void check_handle_response_success(void* unused) {
- /* Client start. */
- wait(&caller_to_tsi_notification);
- alts_tsi_event_dispatch_to_handshaker(client_start_event, true /* is_ok */);
- alts_tsi_event_destroy(client_start_event);
- /* Client next. */
- wait(&caller_to_tsi_notification);
- alts_tsi_event_dispatch_to_handshaker(client_next_event, true /* is_ok */);
- alts_tsi_event_destroy(client_next_event);
- /* Server start. */
- wait(&caller_to_tsi_notification);
- alts_tsi_event_dispatch_to_handshaker(server_start_event, true /* is_ok */);
- alts_tsi_event_destroy(server_start_event);
- /* Server next. */
- wait(&caller_to_tsi_notification);
- alts_tsi_event_dispatch_to_handshaker(server_next_event, true /* is_ok */);
- alts_tsi_event_destroy(server_next_event);
-}
-
-static void on_failed_resp_cb(tsi_result status, void* user_data,
- const unsigned char* bytes_to_send,
- size_t bytes_to_send_size,
- tsi_handshaker_result* result) {
- GPR_ASSERT(status == TSI_INVALID_ARGUMENT);
- GPR_ASSERT(user_data == nullptr);
- GPR_ASSERT(bytes_to_send == nullptr);
- GPR_ASSERT(bytes_to_send_size == 0);
- GPR_ASSERT(result == nullptr);
-}
-
-static void check_handle_response_failure() {
- /**
- * Create a handshaker at the client side, for which internal mock client is
- * always going to fail.
- */
- tsi_handshaker* handshaker = create_test_handshaker(
- false /* used_for_success_test */, true /* is_client */);
- alts_tsi_handshaker* alts_handshaker =
- reinterpret_cast<alts_tsi_handshaker*>(handshaker);
- /* Tests. */
- grpc_byte_buffer* recv_buffer = generate_handshaker_response(FAILED);
- alts_tsi_handshaker_handle_response(alts_handshaker, recv_buffer,
- GRPC_STATUS_OK, nullptr,
- on_failed_resp_cb, nullptr, true);
- grpc_byte_buffer_destroy(recv_buffer);
- /* Cleanup. */
- tsi_handshaker_destroy(handshaker);
-}
-
-void check_handshaker_success() {
- /* Initialization. */
- notification_init(&caller_to_tsi_notification);
- notification_init(&tsi_to_caller_notification);
- client_start_event = nullptr;
- client_next_event = nullptr;
- server_start_event = nullptr;
- server_next_event = nullptr;
- /* Tests. */
- grpc_core::Thread thd("alts_tsi_handshaker_test",
- &check_handle_response_success, nullptr);
- thd.Start();
- check_handshaker_next_success();
- thd.Join();
- /* Cleanup. */
- notification_destroy(&caller_to_tsi_notification);
- notification_destroy(&tsi_to_caller_notification);
-}
-
-int main(int argc, char** argv) {
- /* Initialization. */
- grpc_init();
- /* Tests. */
- check_handshaker_success();
- check_handshaker_next_invalid_input();
- check_handshaker_next_failure();
- check_handle_response_invalid_input();
- check_handle_response_invalid_resp();
- check_handle_response_failure();
- /* Cleanup. */
- grpc_shutdown();
- return 0;
-}
diff --git a/test/core/tsi/alts/handshaker/alts_tsi_utils_test.cc b/test/core/tsi/alts/handshaker/alts_tsi_utils_test.cc
deleted file mode 100644
index 98c5d23641..0000000000
--- a/test/core/tsi/alts/handshaker/alts_tsi_utils_test.cc
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include "src/core/tsi/alts/handshaker/alts_tsi_utils.h"
-#include "test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.h"
-
-#define ALTS_TSI_UTILS_TEST_OUT_FRAME "Hello Google"
-
-static void convert_to_tsi_result_test() {
- GPR_ASSERT(alts_tsi_utils_convert_to_tsi_result(GRPC_STATUS_OK) == TSI_OK);
- GPR_ASSERT(alts_tsi_utils_convert_to_tsi_result(GRPC_STATUS_UNKNOWN) ==
- TSI_UNKNOWN_ERROR);
- GPR_ASSERT(alts_tsi_utils_convert_to_tsi_result(
- GRPC_STATUS_INVALID_ARGUMENT) == TSI_INVALID_ARGUMENT);
- GPR_ASSERT(alts_tsi_utils_convert_to_tsi_result(GRPC_STATUS_OUT_OF_RANGE) ==
- TSI_UNKNOWN_ERROR);
- GPR_ASSERT(alts_tsi_utils_convert_to_tsi_result(GRPC_STATUS_INTERNAL) ==
- TSI_INTERNAL_ERROR);
- GPR_ASSERT(alts_tsi_utils_convert_to_tsi_result(GRPC_STATUS_NOT_FOUND) ==
- TSI_NOT_FOUND);
-}
-
-static void deserialize_response_test() {
- grpc_gcp_handshaker_resp* resp = grpc_gcp_handshaker_resp_create();
- GPR_ASSERT(grpc_gcp_handshaker_resp_set_out_frames(
- resp, ALTS_TSI_UTILS_TEST_OUT_FRAME,
- strlen(ALTS_TSI_UTILS_TEST_OUT_FRAME)));
- grpc_slice slice;
- GPR_ASSERT(grpc_gcp_handshaker_resp_encode(resp, &slice));
-
- /* Valid serialization. */
- grpc_byte_buffer* buffer =
- grpc_raw_byte_buffer_create(&slice, 1 /* number of slices */);
- grpc_gcp_handshaker_resp* decoded_resp =
- alts_tsi_utils_deserialize_response(buffer);
- GPR_ASSERT(grpc_gcp_handshaker_resp_equals(resp, decoded_resp));
- grpc_byte_buffer_destroy(buffer);
-
- /* Invalid serializaiton. */
- grpc_slice bad_slice =
- grpc_slice_split_head(&slice, GRPC_SLICE_LENGTH(slice) - 1);
- buffer = grpc_raw_byte_buffer_create(&bad_slice, 1 /* number of slices */);
- GPR_ASSERT(alts_tsi_utils_deserialize_response(buffer) == nullptr);
-
- /* Clean up. */
- grpc_slice_unref(slice);
- grpc_slice_unref(bad_slice);
- grpc_byte_buffer_destroy(buffer);
- grpc_gcp_handshaker_resp_destroy(resp);
- grpc_gcp_handshaker_resp_destroy(decoded_resp);
-}
-
-int main(int argc, char** argv) {
- /* Tests. */
- deserialize_response_test();
- convert_to_tsi_result_test();
- return 0;
-}
diff --git a/test/core/tsi/alts/handshaker/transport_security_common_api_test.cc b/test/core/tsi/alts/handshaker/transport_security_common_api_test.cc
deleted file mode 100644
index 6ff1357c27..0000000000
--- a/test/core/tsi/alts/handshaker/transport_security_common_api_test.cc
+++ /dev/null
@@ -1,196 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <stdbool.h>
-#include <stdio.h>
-#include <stdlib.h>
-
-#include "src/core/tsi/alts/handshaker/transport_security_common_api.h"
-
-const size_t kMaxRpcVersionMajor = 3;
-const size_t kMaxRpcVersionMinor = 2;
-const size_t kMinRpcVersionMajor = 2;
-const size_t kMinRpcVersionMinor = 1;
-
-static bool grpc_gcp_rpc_protocol_versions_equal(
- grpc_gcp_rpc_protocol_versions* l_versions,
- grpc_gcp_rpc_protocol_versions* r_versions) {
- GPR_ASSERT(l_versions != nullptr && r_versions != nullptr);
- if ((l_versions->has_max_rpc_version ^ r_versions->has_max_rpc_version) |
- (l_versions->has_min_rpc_version ^ r_versions->has_min_rpc_version)) {
- return false;
- }
- if (l_versions->has_max_rpc_version) {
- if ((l_versions->max_rpc_version.major !=
- r_versions->max_rpc_version.major) ||
- (l_versions->max_rpc_version.minor !=
- r_versions->max_rpc_version.minor)) {
- return false;
- }
- }
- if (l_versions->has_min_rpc_version) {
- if ((l_versions->min_rpc_version.major !=
- r_versions->min_rpc_version.major) ||
- (l_versions->min_rpc_version.minor !=
- r_versions->min_rpc_version.minor)) {
- return false;
- }
- }
- return true;
-}
-
-static void test_success() {
- grpc_gcp_rpc_protocol_versions version;
- grpc_gcp_rpc_protocol_versions decoded_version;
- GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_max(
- &version, kMaxRpcVersionMajor, kMaxRpcVersionMinor));
- GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_min(
- &version, kMinRpcVersionMajor, kMinRpcVersionMinor));
- /* Serializes to raw bytes. */
- size_t encoded_length =
- grpc_gcp_rpc_protocol_versions_encode_length(&version);
- uint8_t* encoded_bytes = static_cast<uint8_t*>(gpr_malloc(encoded_length));
- GPR_ASSERT(grpc_gcp_rpc_protocol_versions_encode_to_raw_bytes(
- &version, encoded_bytes, encoded_length));
- grpc_slice encoded_slice;
- /* Serializes to grpc slice. */
- GPR_ASSERT(grpc_gcp_rpc_protocol_versions_encode(&version, &encoded_slice));
- /* Checks serialized raw bytes and serialized grpc slice have same content. */
- GPR_ASSERT(encoded_length == GRPC_SLICE_LENGTH(encoded_slice));
- GPR_ASSERT(memcmp(encoded_bytes, GRPC_SLICE_START_PTR(encoded_slice),
- encoded_length) == 0);
- /* Deserializes and compares with the original version. */
- GPR_ASSERT(
- grpc_gcp_rpc_protocol_versions_decode(encoded_slice, &decoded_version));
- GPR_ASSERT(grpc_gcp_rpc_protocol_versions_equal(&version, &decoded_version));
- grpc_slice_unref(encoded_slice);
- gpr_free(encoded_bytes);
-}
-
-static void test_failure() {
- grpc_gcp_rpc_protocol_versions version, decoded_version;
- grpc_slice encoded_slice;
- /* Test for invalid arguments. */
- GPR_ASSERT(!grpc_gcp_rpc_protocol_versions_set_max(
- nullptr, kMaxRpcVersionMajor, kMaxRpcVersionMinor));
- GPR_ASSERT(!grpc_gcp_rpc_protocol_versions_set_min(
- nullptr, kMinRpcVersionMajor, kMinRpcVersionMinor));
- GPR_ASSERT(grpc_gcp_rpc_protocol_versions_encode_length(nullptr) == 0);
- GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_max(
- &version, kMaxRpcVersionMajor, kMaxRpcVersionMinor));
- GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_min(
- &version, kMinRpcVersionMajor, kMinRpcVersionMinor));
- size_t encoded_length =
- grpc_gcp_rpc_protocol_versions_encode_length(&version);
- uint8_t* encoded_bytes = static_cast<uint8_t*>(gpr_malloc(encoded_length));
- GPR_ASSERT(!grpc_gcp_rpc_protocol_versions_encode_to_raw_bytes(
- nullptr, encoded_bytes, encoded_length));
- GPR_ASSERT(!grpc_gcp_rpc_protocol_versions_encode_to_raw_bytes(
- &version, nullptr, encoded_length));
- GPR_ASSERT(!grpc_gcp_rpc_protocol_versions_encode_to_raw_bytes(
- &version, encoded_bytes, 0));
- GPR_ASSERT(!grpc_gcp_rpc_protocol_versions_encode(nullptr, &encoded_slice));
- GPR_ASSERT(!grpc_gcp_rpc_protocol_versions_encode(&version, nullptr));
- GPR_ASSERT(!grpc_gcp_rpc_protocol_versions_decode(encoded_slice, nullptr));
- /* Test for nanopb decode. */
- GPR_ASSERT(grpc_gcp_rpc_protocol_versions_encode(&version, &encoded_slice));
- grpc_slice bad_slice = grpc_slice_split_head(
- &encoded_slice, GRPC_SLICE_LENGTH(encoded_slice) - 1);
- grpc_slice_unref(encoded_slice);
- GPR_ASSERT(
- !grpc_gcp_rpc_protocol_versions_decode(bad_slice, &decoded_version));
- grpc_slice_unref(bad_slice);
- gpr_free(encoded_bytes);
-}
-
-static void test_copy() {
- grpc_gcp_rpc_protocol_versions src;
- grpc_gcp_rpc_protocol_versions des;
- GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_max(&src, kMaxRpcVersionMajor,
- kMaxRpcVersionMinor));
- GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_min(&src, kMinRpcVersionMajor,
- kMinRpcVersionMinor));
- GPR_ASSERT(grpc_gcp_rpc_protocol_versions_copy(&src, &des));
- GPR_ASSERT(grpc_gcp_rpc_protocol_versions_equal(&src, &des));
-}
-
-static void test_check_success() {
- grpc_gcp_rpc_protocol_versions v1;
- grpc_gcp_rpc_protocol_versions v2;
- grpc_gcp_rpc_protocol_versions_version highest_common_version;
- /* test equality. */
- GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_max(&v1, kMaxRpcVersionMajor,
- kMaxRpcVersionMinor));
- GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_min(&v1, kMaxRpcVersionMajor,
- kMaxRpcVersionMinor));
- GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_max(&v2, kMaxRpcVersionMajor,
- kMaxRpcVersionMinor));
- GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_min(&v2, kMaxRpcVersionMajor,
- kMaxRpcVersionMinor));
- GPR_ASSERT(grpc_gcp_rpc_protocol_versions_check(
- (const grpc_gcp_rpc_protocol_versions*)&v1,
- (const grpc_gcp_rpc_protocol_versions*)&v2,
- &highest_common_version) == 1);
- GPR_ASSERT(grpc_core::internal::grpc_gcp_rpc_protocol_version_compare(
- &highest_common_version, &v1.max_rpc_version) == 0);
-
- /* test inequality. */
- GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_max(&v1, kMaxRpcVersionMajor,
- kMaxRpcVersionMinor));
- GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_min(&v1, kMinRpcVersionMinor,
- kMinRpcVersionMinor));
- GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_max(&v2, kMaxRpcVersionMajor,
- kMinRpcVersionMinor));
- GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_min(&v2, kMinRpcVersionMajor,
- kMaxRpcVersionMinor));
- GPR_ASSERT(grpc_gcp_rpc_protocol_versions_check(
- (const grpc_gcp_rpc_protocol_versions*)&v1,
- (const grpc_gcp_rpc_protocol_versions*)&v2,
- &highest_common_version) == 1);
- GPR_ASSERT(grpc_core::internal::grpc_gcp_rpc_protocol_version_compare(
- &highest_common_version, &v2.max_rpc_version) == 0);
-}
-
-static void test_check_failure() {
- grpc_gcp_rpc_protocol_versions v1;
- grpc_gcp_rpc_protocol_versions v2;
- grpc_gcp_rpc_protocol_versions_version highest_common_version;
-
- GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_max(&v1, kMinRpcVersionMajor,
- kMinRpcVersionMinor));
- GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_min(&v1, kMinRpcVersionMajor,
- kMinRpcVersionMinor));
- GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_max(&v2, kMaxRpcVersionMajor,
- kMaxRpcVersionMinor));
- GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_min(&v2, kMaxRpcVersionMajor,
- kMaxRpcVersionMinor));
- GPR_ASSERT(grpc_gcp_rpc_protocol_versions_check(
- (const grpc_gcp_rpc_protocol_versions*)&v1,
- (const grpc_gcp_rpc_protocol_versions*)&v2,
- &highest_common_version) == 0);
-}
-
-int main(int argc, char** argv) {
- /* Run tests. */
- test_success();
- test_failure();
- test_copy();
- test_check_success();
- test_check_failure();
- return 0;
-}
diff --git a/test/core/tsi/alts/zero_copy_frame_protector/BUILD b/test/core/tsi/alts/zero_copy_frame_protector/BUILD
deleted file mode 100644
index 80f4572d94..0000000000
--- a/test/core/tsi/alts/zero_copy_frame_protector/BUILD
+++ /dev/null
@@ -1,49 +0,0 @@
-# Copyright 2018 gRPC authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-load("//bazel:grpc_build_system.bzl", "grpc_cc_test", "grpc_package")
-
-licenses(["notice"]) # Apache v2
-
-grpc_package(name = "zero_copy_frame_protector")
-
-grpc_cc_test(
- name = "alts_grpc_record_protocol_test",
- srcs = ["alts_grpc_record_protocol_test.cc"],
- language = "C++",
- deps = [
- "//:grpc",
- "//test/core/tsi/alts/crypt:alts_crypt_test_util",
- ],
-)
-
-grpc_cc_test(
- name = "alts_iovec_record_protocol_test",
- srcs = ["alts_iovec_record_protocol_test.cc"],
- language = "C++",
- deps = [
- "//:grpc",
- "//test/core/tsi/alts/crypt:alts_crypt_test_util",
- ],
-)
-
-grpc_cc_test(
- name = "alts_zero_copy_grpc_protector_test",
- srcs = ["alts_zero_copy_grpc_protector_test.cc"],
- language = "C++",
- deps = [
- "//:grpc",
- "//test/core/tsi/alts/crypt:alts_crypt_test_util",
- ],
-)
diff --git a/test/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_test.cc b/test/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_test.cc
deleted file mode 100644
index fbbea71cb7..0000000000
--- a/test/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_test.cc
+++ /dev/null
@@ -1,449 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <grpc/support/alloc.h>
-#include <grpc/support/log.h>
-
-#include "src/core/lib/slice/slice_internal.h"
-#include "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h"
-#include "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h"
-#include "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h"
-#include "src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h"
-#include "test/core/tsi/alts/crypt/gsec_test_util.h"
-
-constexpr size_t kMaxSliceLength = 256;
-constexpr size_t kMaxSlices = 10;
-constexpr size_t kSealRepeatTimes = 5;
-constexpr size_t kTagLength = 16;
-
-/* Test fixtures for each test cases. */
-struct alts_grpc_record_protocol_test_fixture {
- alts_grpc_record_protocol* client_protect;
- alts_grpc_record_protocol* client_unprotect;
- alts_grpc_record_protocol* server_protect;
- alts_grpc_record_protocol* server_unprotect;
-};
-
-/* Test input variables for protect/unprotect operations. */
-struct alts_grpc_record_protocol_test_var {
- size_t header_length;
- size_t tag_length;
- grpc_slice_buffer original_sb;
- grpc_slice_buffer duplicate_sb;
- grpc_slice_buffer protected_sb;
- grpc_slice_buffer unprotected_sb;
-};
-
-/* --- Test utility functions. --- */
-
-static void create_random_slice_buffer(grpc_slice_buffer* sb) {
- GPR_ASSERT(sb != nullptr);
- size_t slice_count = gsec_test_bias_random_uint32(kMaxSlices) + 1;
- for (size_t i = 0; i < slice_count; i++) {
- size_t slice_length = gsec_test_bias_random_uint32(kMaxSliceLength) + 1;
- grpc_slice slice = GRPC_SLICE_MALLOC(slice_length);
- gsec_test_random_bytes(GRPC_SLICE_START_PTR(slice), slice_length);
- grpc_slice_buffer_add(sb, slice);
- }
-}
-
-static uint8_t* pointer_to_nth_byte(grpc_slice_buffer* sb, size_t index) {
- GPR_ASSERT(sb != nullptr);
- GPR_ASSERT(index < sb->length);
- for (size_t i = 0; i < sb->count; i++) {
- if (index < GRPC_SLICE_LENGTH(sb->slices[i])) {
- return GRPC_SLICE_START_PTR(sb->slices[i]) + index;
- } else {
- index -= GRPC_SLICE_LENGTH(sb->slices[i]);
- }
- }
- return nullptr;
-}
-
-/* Checks if two slice buffer contents are the same. It is not super efficient,
- * but OK for testing. */
-static bool are_slice_buffers_equal(grpc_slice_buffer* first,
- grpc_slice_buffer* second) {
- GPR_ASSERT(first != nullptr);
- GPR_ASSERT(second != nullptr);
- if (first->length != second->length) {
- return false;
- }
- for (size_t i = 0; i < first->length; i++) {
- uint8_t* first_ptr = pointer_to_nth_byte(first, i);
- uint8_t* second_ptr = pointer_to_nth_byte(second, i);
- GPR_ASSERT(first_ptr != nullptr);
- GPR_ASSERT(second_ptr != nullptr);
- if ((*first_ptr) != (*second_ptr)) {
- return false;
- }
- }
- return true;
-}
-
-static void alter_random_byte(grpc_slice_buffer* sb) {
- GPR_ASSERT(sb != nullptr);
- if (sb->length == 0) {
- return;
- }
- uint32_t offset =
- gsec_test_bias_random_uint32(static_cast<uint32_t>(sb->length));
- uint8_t* ptr = pointer_to_nth_byte(sb, offset);
- (*ptr)++;
-}
-
-static alts_grpc_record_protocol_test_fixture*
-test_fixture_integrity_only_create(bool rekey) {
- alts_grpc_record_protocol_test_fixture* fixture =
- static_cast<alts_grpc_record_protocol_test_fixture*>(
- gpr_zalloc(sizeof(alts_grpc_record_protocol_test_fixture)));
- size_t key_length = rekey ? kAes128GcmRekeyKeyLength : kAes128GcmKeyLength;
- uint8_t* key;
- gsec_test_random_array(&key, key_length);
- gsec_aead_crypter* crypter = nullptr;
-
- /* Create client record protocol for protect. */
- GPR_ASSERT(gsec_aes_gcm_aead_crypter_create(
- key, key_length, kAesGcmNonceLength, kAesGcmTagLength, rekey,
- &crypter, nullptr) == GRPC_STATUS_OK);
- GPR_ASSERT(alts_grpc_integrity_only_record_protocol_create(
- crypter, 8, /*is_client=*/true, /*is_protect=*/true,
- &fixture->client_protect) == TSI_OK);
- /* Create client record protocol for unprotect. */
- GPR_ASSERT(gsec_aes_gcm_aead_crypter_create(
- key, key_length, kAesGcmNonceLength, kAesGcmTagLength, rekey,
- &crypter, nullptr) == GRPC_STATUS_OK);
- GPR_ASSERT(alts_grpc_integrity_only_record_protocol_create(
- crypter, 8, /*is_client=*/true, /*is_protect=*/false,
- &fixture->client_unprotect) == TSI_OK);
- /* Create server record protocol for protect. */
- GPR_ASSERT(gsec_aes_gcm_aead_crypter_create(
- key, key_length, kAesGcmNonceLength, kAesGcmTagLength, rekey,
- &crypter, nullptr) == GRPC_STATUS_OK);
- GPR_ASSERT(alts_grpc_integrity_only_record_protocol_create(
- crypter, 8, /*is_client=*/false, /*is_protect=*/true,
- &fixture->server_protect) == TSI_OK);
- /* Create server record protocol for unprotect. */
- GPR_ASSERT(gsec_aes_gcm_aead_crypter_create(
- key, key_length, kAesGcmNonceLength, kAesGcmTagLength, rekey,
- &crypter, nullptr) == GRPC_STATUS_OK);
- GPR_ASSERT(alts_grpc_integrity_only_record_protocol_create(
- crypter, 8, /*is_client=*/false, /*is_protect=*/false,
- &fixture->server_unprotect) == TSI_OK);
-
- gpr_free(key);
- return fixture;
-}
-
-static alts_grpc_record_protocol_test_fixture*
-test_fixture_integrity_only_no_rekey_create() {
- return test_fixture_integrity_only_create(false);
-}
-
-static alts_grpc_record_protocol_test_fixture*
-test_fixture_integrity_only_rekey_create() {
- return test_fixture_integrity_only_create(true);
-}
-
-static alts_grpc_record_protocol_test_fixture*
-test_fixture_privacy_integrity_create(bool rekey) {
- alts_grpc_record_protocol_test_fixture* fixture =
- static_cast<alts_grpc_record_protocol_test_fixture*>(
- gpr_zalloc(sizeof(alts_grpc_record_protocol_test_fixture)));
- size_t key_length = rekey ? kAes128GcmRekeyKeyLength : kAes128GcmKeyLength;
- uint8_t* key;
- gsec_test_random_array(&key, key_length);
- gsec_aead_crypter* crypter = nullptr;
-
- /* Create client record protocol for protect. */
- GPR_ASSERT(gsec_aes_gcm_aead_crypter_create(
- key, key_length, kAesGcmNonceLength, kAesGcmTagLength, rekey,
- &crypter, nullptr) == GRPC_STATUS_OK);
- GPR_ASSERT(alts_grpc_privacy_integrity_record_protocol_create(
- crypter, 8, /*is_client=*/true, /*is_protect=*/true,
- &fixture->client_protect) == TSI_OK);
- /* Create client record protocol for unprotect. */
- GPR_ASSERT(gsec_aes_gcm_aead_crypter_create(
- key, key_length, kAesGcmNonceLength, kAesGcmTagLength, rekey,
- &crypter, nullptr) == GRPC_STATUS_OK);
- GPR_ASSERT(alts_grpc_privacy_integrity_record_protocol_create(
- crypter, 8, /*is_client=*/true, /*is_protect=*/false,
- &fixture->client_unprotect) == TSI_OK);
- /* Create server record protocol for protect. */
- GPR_ASSERT(gsec_aes_gcm_aead_crypter_create(
- key, key_length, kAesGcmNonceLength, kAesGcmTagLength, rekey,
- &crypter, nullptr) == GRPC_STATUS_OK);
- GPR_ASSERT(alts_grpc_privacy_integrity_record_protocol_create(
- crypter, 8, /*is_client=*/false, /*is_protect=*/true,
- &fixture->server_protect) == TSI_OK);
- /* Create server record protocol for unprotect. */
- GPR_ASSERT(gsec_aes_gcm_aead_crypter_create(
- key, key_length, kAesGcmNonceLength, kAesGcmTagLength, rekey,
- &crypter, nullptr) == GRPC_STATUS_OK);
- GPR_ASSERT(alts_grpc_privacy_integrity_record_protocol_create(
- crypter, 8, /*is_client=*/false, /*is_protect=*/false,
- &fixture->server_unprotect) == TSI_OK);
-
- gpr_free(key);
- return fixture;
-}
-
-static alts_grpc_record_protocol_test_fixture*
-test_fixture_privacy_integrity_no_rekey_create() {
- return test_fixture_privacy_integrity_create(false);
-}
-
-static alts_grpc_record_protocol_test_fixture*
-test_fixture_privacy_integrity_rekey_create() {
- return test_fixture_privacy_integrity_create(true);
-}
-
-static void alts_grpc_record_protocol_test_fixture_destroy(
- alts_grpc_record_protocol_test_fixture* fixture) {
- if (fixture == nullptr) {
- return;
- }
- grpc_core::ExecCtx exec_ctx;
- alts_grpc_record_protocol_destroy(fixture->client_protect);
- alts_grpc_record_protocol_destroy(fixture->client_unprotect);
- alts_grpc_record_protocol_destroy(fixture->server_protect);
- alts_grpc_record_protocol_destroy(fixture->server_unprotect);
- grpc_core::ExecCtx::Get()->Flush();
- gpr_free(fixture);
-}
-
-static alts_grpc_record_protocol_test_var*
-alts_grpc_record_protocol_test_var_create() {
- alts_grpc_record_protocol_test_var* var =
- static_cast<alts_grpc_record_protocol_test_var*>(
- gpr_zalloc(sizeof(alts_grpc_record_protocol_test_var)));
- var->header_length = alts_iovec_record_protocol_get_header_length();
- var->tag_length = kTagLength;
- /* Initialized slice buffers. */
- grpc_slice_buffer_init(&var->original_sb);
- grpc_slice_buffer_init(&var->duplicate_sb);
- grpc_slice_buffer_init(&var->protected_sb);
- grpc_slice_buffer_init(&var->unprotected_sb);
- /* Randomly sets content of original_sb, and copies into duplicate_sb. */
- create_random_slice_buffer(&var->original_sb);
- for (size_t i = 0; i < var->original_sb.count; i++) {
- grpc_slice_buffer_add(&var->duplicate_sb,
- grpc_slice_ref(var->original_sb.slices[i]));
- }
- return var;
-}
-
-static void alts_grpc_record_protocol_test_var_destroy(
- alts_grpc_record_protocol_test_var* var) {
- if (var == nullptr) {
- return;
- }
- grpc_slice_buffer_destroy_internal(&var->original_sb);
- grpc_slice_buffer_destroy_internal(&var->duplicate_sb);
- grpc_slice_buffer_destroy_internal(&var->protected_sb);
- grpc_slice_buffer_destroy_internal(&var->unprotected_sb);
- gpr_free(var);
-}
-
-/* --- alts grpc record protocol tests. --- */
-
-static void random_seal_unseal(alts_grpc_record_protocol* sender,
- alts_grpc_record_protocol* receiver) {
- grpc_core::ExecCtx exec_ctx;
- for (size_t i = 0; i < kSealRepeatTimes; i++) {
- alts_grpc_record_protocol_test_var* var =
- alts_grpc_record_protocol_test_var_create();
- /* Seals and then unseals. */
- size_t data_length = var->original_sb.length;
- tsi_result status = alts_grpc_record_protocol_protect(
- sender, &var->original_sb, &var->protected_sb);
- GPR_ASSERT(status == TSI_OK);
- GPR_ASSERT(var->protected_sb.length ==
- data_length + var->header_length + var->tag_length);
- status = alts_grpc_record_protocol_unprotect(receiver, &var->protected_sb,
- &var->unprotected_sb);
- GPR_ASSERT(status == TSI_OK);
- GPR_ASSERT(
- are_slice_buffers_equal(&var->unprotected_sb, &var->duplicate_sb));
- alts_grpc_record_protocol_test_var_destroy(var);
- }
- grpc_core::ExecCtx::Get()->Flush();
-}
-
-static void empty_seal_unseal(alts_grpc_record_protocol* sender,
- alts_grpc_record_protocol* receiver) {
- grpc_core::ExecCtx exec_ctx;
- for (size_t i = 0; i < kSealRepeatTimes; i++) {
- alts_grpc_record_protocol_test_var* var =
- alts_grpc_record_protocol_test_var_create();
- /* Seals and then unseals empty payload. */
- grpc_slice_buffer_reset_and_unref_internal(&var->original_sb);
- grpc_slice_buffer_reset_and_unref_internal(&var->duplicate_sb);
- tsi_result status = alts_grpc_record_protocol_protect(
- sender, &var->original_sb, &var->protected_sb);
- GPR_ASSERT(status == TSI_OK);
- GPR_ASSERT(var->protected_sb.length ==
- var->header_length + var->tag_length);
- status = alts_grpc_record_protocol_unprotect(receiver, &var->protected_sb,
- &var->unprotected_sb);
- GPR_ASSERT(status == TSI_OK);
- GPR_ASSERT(
- are_slice_buffers_equal(&var->unprotected_sb, &var->duplicate_sb));
- alts_grpc_record_protocol_test_var_destroy(var);
- }
- grpc_core::ExecCtx::Get()->Flush();
-}
-
-static void unsync_seal_unseal(alts_grpc_record_protocol* sender,
- alts_grpc_record_protocol* receiver) {
- grpc_core::ExecCtx exec_ctx;
- tsi_result status;
- alts_grpc_record_protocol_test_var* var =
- alts_grpc_record_protocol_test_var_create();
- /* Seals once. */
- status = alts_grpc_record_protocol_protect(sender, &var->original_sb,
- &var->protected_sb);
- GPR_ASSERT(status == TSI_OK);
- grpc_slice_buffer_reset_and_unref_internal(&var->protected_sb);
- /* Seals again. */
- status = alts_grpc_record_protocol_protect(sender, &var->duplicate_sb,
- &var->protected_sb);
- GPR_ASSERT(status == TSI_OK);
- /* Unseals the second frame. */
- status = alts_grpc_record_protocol_unprotect(receiver, &var->protected_sb,
- &var->unprotected_sb);
- GPR_ASSERT(status == TSI_INTERNAL_ERROR);
- alts_grpc_record_protocol_test_var_destroy(var);
- grpc_core::ExecCtx::Get()->Flush();
-}
-
-static void corrupted_data(alts_grpc_record_protocol* sender,
- alts_grpc_record_protocol* receiver) {
- grpc_core::ExecCtx exec_ctx;
- tsi_result status;
- alts_grpc_record_protocol_test_var* var =
- alts_grpc_record_protocol_test_var_create();
- /* Seals once. */
- status = alts_grpc_record_protocol_protect(sender, &var->original_sb,
- &var->protected_sb);
- GPR_ASSERT(status == TSI_OK);
- /* Corrupts one byte in protected_sb and tries to unprotect. */
- alter_random_byte(&var->protected_sb);
- status = alts_grpc_record_protocol_unprotect(receiver, &var->protected_sb,
- &var->unprotected_sb);
- GPR_ASSERT(status == TSI_INTERNAL_ERROR);
- alts_grpc_record_protocol_test_var_destroy(var);
- grpc_core::ExecCtx::Get()->Flush();
-}
-
-static void input_check(alts_grpc_record_protocol* rp) {
- grpc_core::ExecCtx exec_ctx;
- tsi_result status;
- alts_grpc_record_protocol_test_var* var =
- alts_grpc_record_protocol_test_var_create();
- /* Protects with nullptr input. */
- status = alts_grpc_record_protocol_protect(rp, nullptr, &var->protected_sb);
- GPR_ASSERT(status == TSI_INVALID_ARGUMENT);
- status = alts_grpc_record_protocol_protect(rp, &var->original_sb, nullptr);
- GPR_ASSERT(status == TSI_INVALID_ARGUMENT);
- /* Unprotects with nullptr input. */
- status = alts_grpc_record_protocol_protect(rp, &var->original_sb,
- &var->protected_sb);
- GPR_ASSERT(status == TSI_OK);
- status =
- alts_grpc_record_protocol_unprotect(rp, nullptr, &var->unprotected_sb);
- GPR_ASSERT(status == TSI_INVALID_ARGUMENT);
- status = alts_grpc_record_protocol_unprotect(rp, &var->protected_sb, nullptr);
- GPR_ASSERT(status == TSI_INVALID_ARGUMENT);
- /* Unprotects on a temporary slice buffer which length is smaller than header
- * length plus tag length. */
- grpc_slice_buffer temp_sb;
- grpc_slice_buffer_init(&temp_sb);
- grpc_slice_buffer_move_first(
- &var->protected_sb, var->header_length + var->tag_length - 1, &temp_sb);
- status =
- alts_grpc_record_protocol_unprotect(rp, &temp_sb, &var->unprotected_sb);
- GPR_ASSERT(status == TSI_INVALID_ARGUMENT);
- grpc_slice_buffer_destroy_internal(&temp_sb);
- alts_grpc_record_protocol_test_var_destroy(var);
- grpc_core::ExecCtx::Get()->Flush();
-}
-
-/* --- Test cases. --- */
-
-static void alts_grpc_record_protocol_random_seal_unseal_tests(
- alts_grpc_record_protocol_test_fixture* fixture) {
- random_seal_unseal(fixture->client_protect, fixture->server_unprotect);
- random_seal_unseal(fixture->server_protect, fixture->client_unprotect);
-}
-
-static void alts_grpc_record_protocol_empty_seal_unseal_tests(
- alts_grpc_record_protocol_test_fixture* fixture) {
- empty_seal_unseal(fixture->client_protect, fixture->server_unprotect);
- empty_seal_unseal(fixture->server_protect, fixture->client_unprotect);
-}
-
-static void alts_grpc_record_protocol_unsync_seal_unseal_tests(
- alts_grpc_record_protocol_test_fixture* fixture) {
- unsync_seal_unseal(fixture->client_protect, fixture->server_unprotect);
- unsync_seal_unseal(fixture->server_protect, fixture->client_unprotect);
-}
-
-static void alts_grpc_record_protocol_corrupted_data_tests(
- alts_grpc_record_protocol_test_fixture* fixture) {
- corrupted_data(fixture->client_protect, fixture->server_unprotect);
- corrupted_data(fixture->server_protect, fixture->client_unprotect);
-}
-
-static void alts_grpc_record_protocol_input_check_tests(
- alts_grpc_record_protocol_test_fixture* fixture) {
- input_check(fixture->client_protect);
-}
-
-static void alts_grpc_record_protocol_tests(
- alts_grpc_record_protocol_test_fixture* (*fixture_create)()) {
- auto* fixture_1 = fixture_create();
- alts_grpc_record_protocol_random_seal_unseal_tests(fixture_1);
- alts_grpc_record_protocol_test_fixture_destroy(fixture_1);
-
- auto* fixture_2 = fixture_create();
- alts_grpc_record_protocol_empty_seal_unseal_tests(fixture_2);
- alts_grpc_record_protocol_test_fixture_destroy(fixture_2);
-
- auto* fixture_3 = fixture_create();
- alts_grpc_record_protocol_unsync_seal_unseal_tests(fixture_3);
- alts_grpc_record_protocol_test_fixture_destroy(fixture_3);
-
- auto* fixture_4 = fixture_create();
- alts_grpc_record_protocol_corrupted_data_tests(fixture_4);
- alts_grpc_record_protocol_test_fixture_destroy(fixture_4);
-
- auto* fixture_5 = fixture_create();
- alts_grpc_record_protocol_input_check_tests(fixture_5);
- alts_grpc_record_protocol_test_fixture_destroy(fixture_5);
-}
-
-int main(int argc, char** argv) {
- alts_grpc_record_protocol_tests(&test_fixture_integrity_only_no_rekey_create);
- alts_grpc_record_protocol_tests(&test_fixture_integrity_only_rekey_create);
- alts_grpc_record_protocol_tests(
- &test_fixture_privacy_integrity_no_rekey_create);
- alts_grpc_record_protocol_tests(&test_fixture_privacy_integrity_rekey_create);
-
- return 0;
-}
diff --git a/test/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol_test.cc b/test/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol_test.cc
deleted file mode 100644
index db1934bbae..0000000000
--- a/test/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol_test.cc
+++ /dev/null
@@ -1,928 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <grpc/support/alloc.h>
-#include <grpc/support/log.h>
-
-#include "src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h"
-#include "test/core/tsi/alts/crypt/gsec_test_util.h"
-
-constexpr size_t kMaxDataSize = 1024;
-constexpr size_t kMaxSlices = 10;
-constexpr size_t kSealRepeatTimes = 5;
-constexpr size_t kTagLength = 16;
-
-/* Test fixtures for each test cases. */
-struct alts_iovec_record_protocol_test_fixture {
- alts_iovec_record_protocol* client_protect;
- alts_iovec_record_protocol* client_unprotect;
- alts_iovec_record_protocol* server_protect;
- alts_iovec_record_protocol* server_unprotect;
-};
-
-/* Test variables for protect/unprotect operations. */
-struct alts_iovec_record_protocol_test_var {
- uint8_t* header_buf;
- size_t header_length;
- iovec_t header_iovec;
- uint8_t* tag_buf;
- size_t tag_length;
- iovec_t tag_iovec;
- uint8_t* data_buf;
- uint8_t* dup_buf;
- size_t data_length;
- iovec_t* data_iovec;
- size_t data_iovec_length;
- uint8_t* protected_buf;
- iovec_t protected_iovec;
- iovec_t unprotected_iovec;
-};
-
-/* --- Test utility functions. --- */
-
-static void randomly_slice(uint8_t* input, size_t input_length,
- iovec_t** output, size_t* output_length) {
- if (input_length == 0) {
- *output = nullptr;
- *output_length = 0;
- return;
- }
- *output_length = gsec_test_bias_random_uint32(kMaxSlices) + 1;
- *output = static_cast<iovec_t*>(gpr_malloc(*output_length * sizeof(iovec_t)));
- for (size_t i = 0; i < *output_length - 1; i++) {
- size_t slice_length =
- gsec_test_bias_random_uint32(static_cast<uint32_t>(input_length));
- iovec_t slice = {input, slice_length};
- (*output)[i] = slice;
- input += slice_length;
- input_length -= slice_length;
- }
- iovec_t slice = {input, input_length};
- (*output)[*output_length - 1] = slice;
-}
-
-static size_t alter_random_byte(uint8_t* buf, size_t buf_length) {
- GPR_ASSERT(buf != nullptr);
- uint32_t offset =
- gsec_test_bias_random_uint32(static_cast<uint32_t>(buf_length));
- (*(buf + offset))++;
- return offset;
-}
-
-static void revert_back_alter(uint8_t* buf, size_t offset) {
- GPR_ASSERT(buf != nullptr);
- (*(buf + offset))--;
-}
-
-static alts_iovec_record_protocol_test_fixture*
-alts_iovec_record_protocol_test_fixture_create(bool rekey,
- bool integrity_only) {
- alts_iovec_record_protocol_test_fixture* fixture =
- static_cast<alts_iovec_record_protocol_test_fixture*>(
- gpr_malloc(sizeof(alts_iovec_record_protocol_test_fixture)));
- size_t overflow_size = 8;
- size_t key_length = rekey ? kAes128GcmRekeyKeyLength : kAes128GcmKeyLength;
- uint8_t* key;
- gsec_test_random_array(&key, key_length);
- gsec_aead_crypter* crypter = nullptr;
- /* Create client record protocol for protect. */
- GPR_ASSERT(gsec_aes_gcm_aead_crypter_create(
- key, key_length, kAesGcmNonceLength, kAesGcmTagLength, rekey,
- &crypter, nullptr) == GRPC_STATUS_OK);
- GPR_ASSERT(alts_iovec_record_protocol_create(
- crypter, overflow_size, /*is_client=*/true, integrity_only,
- /*is_protect=*/true, &fixture->client_protect,
- nullptr) == GRPC_STATUS_OK);
- /* Create client record protocol for unprotect. */
- GPR_ASSERT(gsec_aes_gcm_aead_crypter_create(
- key, key_length, kAesGcmNonceLength, kAesGcmTagLength, rekey,
- &crypter, nullptr) == GRPC_STATUS_OK);
- GPR_ASSERT(alts_iovec_record_protocol_create(
- crypter, overflow_size, /*is_client=*/true, integrity_only,
- /*is_protect=*/false, &fixture->client_unprotect,
- nullptr) == GRPC_STATUS_OK);
- /* Create server record protocol for protect. */
- GPR_ASSERT(gsec_aes_gcm_aead_crypter_create(
- key, key_length, kAesGcmNonceLength, kAesGcmTagLength, rekey,
- &crypter, nullptr) == GRPC_STATUS_OK);
- GPR_ASSERT(alts_iovec_record_protocol_create(
- crypter, overflow_size, /*is_client=*/false, integrity_only,
- /*is_protect=*/true, &fixture->server_protect,
- nullptr) == GRPC_STATUS_OK);
- /* Create server record protocol for unprotect. */
- GPR_ASSERT(gsec_aes_gcm_aead_crypter_create(
- key, key_length, kAesGcmNonceLength, kAesGcmTagLength, rekey,
- &crypter, nullptr) == GRPC_STATUS_OK);
- GPR_ASSERT(alts_iovec_record_protocol_create(
- crypter, overflow_size, /*is_client=*/false, integrity_only,
- /*is_protect=*/false, &fixture->server_unprotect,
- nullptr) == GRPC_STATUS_OK);
-
- gpr_free(key);
- return fixture;
-}
-
-static void alts_iovec_record_protocol_test_fixture_destroy(
- alts_iovec_record_protocol_test_fixture* fixture) {
- if (fixture == nullptr) {
- return;
- }
- alts_iovec_record_protocol_destroy(fixture->client_protect);
- alts_iovec_record_protocol_destroy(fixture->client_unprotect);
- alts_iovec_record_protocol_destroy(fixture->server_protect);
- alts_iovec_record_protocol_destroy(fixture->server_unprotect);
- gpr_free(fixture);
-}
-
-static alts_iovec_record_protocol_test_var*
-alts_iovec_record_protocol_test_var_create() {
- auto* var = static_cast<alts_iovec_record_protocol_test_var*>(
- gpr_zalloc(sizeof(alts_iovec_record_protocol_test_var)));
- /* Sets header buffer. */
- var->header_length = alts_iovec_record_protocol_get_header_length();
- var->header_buf = static_cast<uint8_t*>(gpr_malloc(var->header_length));
- var->header_iovec.iov_base = var->header_buf;
- var->header_iovec.iov_len = var->header_length;
- /* Sets tag buffer. */
- var->tag_length = kTagLength;
- var->tag_buf = static_cast<uint8_t*>(gpr_malloc(var->tag_length));
- var->tag_iovec.iov_base = var->tag_buf;
- var->tag_iovec.iov_len = var->tag_length;
- /* Randomly sets data buffer and duplicates to dup_buf. */
- var->data_length = gsec_test_bias_random_uint32(kMaxDataSize) + 1;
- var->data_buf = static_cast<uint8_t*>(gpr_malloc(var->data_length));
- gsec_test_random_bytes(var->data_buf, var->data_length);
- gsec_test_copy(var->data_buf, &var->dup_buf, var->data_length);
- var->data_iovec = nullptr;
- var->data_iovec_length = 0;
- randomly_slice(var->data_buf, var->data_length, &var->data_iovec,
- &var->data_iovec_length);
- /* Sets protected iovec. */
- size_t protected_buf_length =
- var->header_length + var->data_length + var->tag_length;
- var->protected_buf = static_cast<uint8_t*>(gpr_malloc(protected_buf_length));
- var->protected_iovec.iov_base = var->protected_buf;
- var->protected_iovec.iov_len = protected_buf_length;
- /* Unprotected iovec points to data_buf. */
- var->unprotected_iovec.iov_base = var->data_buf;
- var->unprotected_iovec.iov_len = var->data_length;
- return var;
-}
-
-static void alts_iovec_record_protocol_test_var_destroy(
- alts_iovec_record_protocol_test_var* var) {
- if (var == nullptr) {
- return;
- }
- gpr_free(var->header_buf);
- gpr_free(var->tag_buf);
- gpr_free(var->data_buf);
- gpr_free(var->dup_buf);
- gpr_free(var->data_iovec);
- gpr_free(var->protected_buf);
- gpr_free(var);
-}
-
-/* --- Integrity-only protect/unprotect tests. --- */
-
-static void integrity_only_random_seal_unseal(
- alts_iovec_record_protocol* sender, alts_iovec_record_protocol* receiver) {
- for (size_t i = 0; i < kSealRepeatTimes; i++) {
- alts_iovec_record_protocol_test_var* var =
- alts_iovec_record_protocol_test_var_create();
- /* Seals and then unseals. */
- grpc_status_code status = alts_iovec_record_protocol_integrity_only_protect(
- sender, var->data_iovec, var->data_iovec_length, var->header_iovec,
- var->tag_iovec, nullptr);
- GPR_ASSERT(status == GRPC_STATUS_OK);
- gpr_free(var->data_iovec);
- /* Randomly slices data buffer again. */
- randomly_slice(var->data_buf, var->data_length, &var->data_iovec,
- &var->data_iovec_length);
- status = alts_iovec_record_protocol_integrity_only_unprotect(
- receiver, var->data_iovec, var->data_iovec_length, var->header_iovec,
- var->tag_iovec, nullptr);
- GPR_ASSERT(status == GRPC_STATUS_OK);
- /* Makes sure data buffer has not been modified during
- * seal/unseal. */
- GPR_ASSERT(memcmp(var->data_buf, var->dup_buf, var->data_length) == 0);
- alts_iovec_record_protocol_test_var_destroy(var);
- }
-}
-
-static void integrity_only_empty_seal_unseal(
- alts_iovec_record_protocol* sender, alts_iovec_record_protocol* receiver) {
- for (size_t i = 0; i < kSealRepeatTimes; i++) {
- alts_iovec_record_protocol_test_var* var =
- alts_iovec_record_protocol_test_var_create();
- /* Seals and then unseals empty payload. */
- grpc_status_code status = alts_iovec_record_protocol_integrity_only_protect(
- sender, nullptr, 0, var->header_iovec, var->tag_iovec, nullptr);
- GPR_ASSERT(status == GRPC_STATUS_OK);
- status = alts_iovec_record_protocol_integrity_only_unprotect(
- receiver, nullptr, 0, var->header_iovec, var->tag_iovec, nullptr);
- GPR_ASSERT(status == GRPC_STATUS_OK);
- alts_iovec_record_protocol_test_var_destroy(var);
- }
-}
-
-static void integrity_only_unsync_seal_unseal(
- alts_iovec_record_protocol* sender, alts_iovec_record_protocol* receiver) {
- /* Seals once. */
- alts_iovec_record_protocol_test_var* var =
- alts_iovec_record_protocol_test_var_create();
- grpc_status_code status = alts_iovec_record_protocol_integrity_only_protect(
- sender, var->data_iovec, var->data_iovec_length, var->header_iovec,
- var->tag_iovec, nullptr);
- GPR_ASSERT(status == GRPC_STATUS_OK);
- alts_iovec_record_protocol_test_var_destroy(var);
- /* Seals again. */
- var = alts_iovec_record_protocol_test_var_create();
- status = alts_iovec_record_protocol_integrity_only_protect(
- sender, var->data_iovec, var->data_iovec_length, var->header_iovec,
- var->tag_iovec, nullptr);
- GPR_ASSERT(status == GRPC_STATUS_OK);
- /* Unseals the second frame. */
- char* error_message = nullptr;
- status = alts_iovec_record_protocol_integrity_only_unprotect(
- receiver, var->data_iovec, var->data_iovec_length, var->header_iovec,
- var->tag_iovec, &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INTERNAL, error_message,
- "Frame tag verification failed."));
- gpr_free(error_message);
- alts_iovec_record_protocol_test_var_destroy(var);
-}
-
-static void integrity_only_corrupted_data(
- alts_iovec_record_protocol* sender, alts_iovec_record_protocol* receiver) {
- /* Seals the data first. */
- alts_iovec_record_protocol_test_var* var =
- alts_iovec_record_protocol_test_var_create();
- grpc_status_code status = alts_iovec_record_protocol_integrity_only_protect(
- sender, var->data_iovec, var->data_iovec_length, var->header_iovec,
- var->tag_iovec, nullptr);
- GPR_ASSERT(status == GRPC_STATUS_OK);
- /* Alter frame length field. */
- char* error_message = nullptr;
- size_t offset =
- alter_random_byte(var->header_buf, kZeroCopyFrameLengthFieldSize);
- status = alts_iovec_record_protocol_integrity_only_unprotect(
- receiver, var->data_iovec, var->data_iovec_length, var->header_iovec,
- var->tag_iovec, &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INTERNAL, error_message, "Bad frame length."));
- gpr_free(error_message);
- revert_back_alter(var->header_buf, offset);
- /* Alter message type field. */
- offset = alter_random_byte(var->header_buf + kZeroCopyFrameLengthFieldSize,
- kZeroCopyFrameMessageTypeFieldSize);
- status = alts_iovec_record_protocol_integrity_only_unprotect(
- receiver, var->data_iovec, var->data_iovec_length, var->header_iovec,
- var->tag_iovec, &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INTERNAL, error_message,
- "Unsupported message type."));
- gpr_free(error_message);
- revert_back_alter(var->header_buf + kZeroCopyFrameLengthFieldSize, offset);
- /* Alter data. */
- offset = alter_random_byte(var->data_buf, var->data_length);
- status = alts_iovec_record_protocol_integrity_only_unprotect(
- receiver, var->data_iovec, var->data_iovec_length, var->header_iovec,
- var->tag_iovec, &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INTERNAL, error_message,
- "Frame tag verification failed."));
- gpr_free(error_message);
- revert_back_alter(var->data_buf, offset);
- /* Alter tag. */
- offset = alter_random_byte(var->tag_buf, var->tag_length);
- status = alts_iovec_record_protocol_integrity_only_unprotect(
- receiver, var->data_iovec, var->data_iovec_length, var->header_iovec,
- var->tag_iovec, &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INTERNAL, error_message,
- "Frame tag verification failed."));
- gpr_free(error_message);
- revert_back_alter(var->tag_buf, offset);
- /* Reverted protected data should be verified correctly. */
- status = alts_iovec_record_protocol_integrity_only_unprotect(
- receiver, var->data_iovec, var->data_iovec_length, var->header_iovec,
- var->tag_iovec, nullptr);
- GPR_ASSERT(status == GRPC_STATUS_OK);
- GPR_ASSERT(memcmp(var->data_buf, var->dup_buf, var->data_length) == 0);
- alts_iovec_record_protocol_test_var_destroy(var);
-}
-
-static void integrity_only_protect_input_check(alts_iovec_record_protocol* rp) {
- alts_iovec_record_protocol_test_var* var =
- alts_iovec_record_protocol_test_var_create();
- char* error_message = nullptr;
- /* Header buffer is nullptr. */
- iovec_t header_iovec = {nullptr, var->header_length};
- grpc_status_code status = alts_iovec_record_protocol_integrity_only_protect(
- rp, var->data_iovec, var->data_iovec_length, header_iovec, var->tag_iovec,
- &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INVALID_ARGUMENT, error_message,
- "Header is nullptr."));
- gpr_free(error_message);
- /* Header buffer length is 0. */
- header_iovec.iov_base = var->header_buf;
- header_iovec.iov_len = 0;
- status = alts_iovec_record_protocol_integrity_only_protect(
- rp, var->data_iovec, var->data_iovec_length, header_iovec, var->tag_iovec,
- &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INVALID_ARGUMENT, error_message,
- "Header length is incorrect."));
- gpr_free(error_message);
- /* Tag buffer is nullptr. */
- iovec_t tag_iovec = {nullptr, var->tag_length};
- status = alts_iovec_record_protocol_integrity_only_protect(
- rp, var->data_iovec, var->data_iovec_length, var->header_iovec, tag_iovec,
- &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INVALID_ARGUMENT, error_message, "Tag is nullptr."));
- gpr_free(error_message);
- /* Tag buffer length is 0. */
- tag_iovec.iov_base = var->tag_buf;
- tag_iovec.iov_len = 0;
- status = alts_iovec_record_protocol_integrity_only_protect(
- rp, var->data_iovec, var->data_iovec_length, var->header_iovec, tag_iovec,
- &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INVALID_ARGUMENT, error_message,
- "Tag length is incorrect."));
- gpr_free(error_message);
- alts_iovec_record_protocol_test_var_destroy(var);
-}
-
-static void integrity_only_unprotect_input_check(
- alts_iovec_record_protocol* rp) {
- alts_iovec_record_protocol_test_var* var =
- alts_iovec_record_protocol_test_var_create();
- char* error_message = nullptr;
- /* Header buffer is nullptr. */
- iovec_t header_iovec = {nullptr, var->header_length};
- grpc_status_code status = alts_iovec_record_protocol_integrity_only_unprotect(
- rp, var->data_iovec, var->data_iovec_length, header_iovec, var->tag_iovec,
- &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INVALID_ARGUMENT, error_message,
- "Header is nullptr."));
- gpr_free(error_message);
- /* Header buffer length is 0. */
- header_iovec.iov_base = var->header_buf;
- header_iovec.iov_len = 0;
- status = alts_iovec_record_protocol_integrity_only_unprotect(
- rp, var->data_iovec, var->data_iovec_length, header_iovec, var->tag_iovec,
- &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INVALID_ARGUMENT, error_message,
- "Header length is incorrect."));
- gpr_free(error_message);
- /* Tag buffer is nullptr. */
- iovec_t tag_iovec = {nullptr, var->tag_length};
- status = alts_iovec_record_protocol_integrity_only_unprotect(
- rp, var->data_iovec, var->data_iovec_length, var->header_iovec, tag_iovec,
- &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INVALID_ARGUMENT, error_message, "Tag is nullptr."));
- gpr_free(error_message);
- /* Tag buffer length is 0. */
- tag_iovec.iov_base = var->tag_buf;
- tag_iovec.iov_len = 0;
- status = alts_iovec_record_protocol_integrity_only_unprotect(
- rp, var->data_iovec, var->data_iovec_length, var->header_iovec, tag_iovec,
- &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INVALID_ARGUMENT, error_message,
- "Tag length is incorrect."));
- gpr_free(error_message);
- alts_iovec_record_protocol_test_var_destroy(var);
-}
-
-/* --- Privacy-integrity protect/unprotect tests. --- */
-
-static void privacy_integrity_random_seal_unseal(
- alts_iovec_record_protocol* sender, alts_iovec_record_protocol* receiver) {
- for (size_t i = 0; i < kSealRepeatTimes; i++) {
- alts_iovec_record_protocol_test_var* var =
- alts_iovec_record_protocol_test_var_create();
- /* Seals and then unseals. */
- grpc_status_code status =
- alts_iovec_record_protocol_privacy_integrity_protect(
- sender, var->data_iovec, var->data_iovec_length,
- var->protected_iovec, nullptr);
- GPR_ASSERT(status == GRPC_STATUS_OK);
- iovec_t header_iovec = {var->protected_buf, var->header_length};
- gpr_free(var->data_iovec);
- /* Randomly slices protected buffer, excluding the header. */
- randomly_slice(var->protected_buf + var->header_length,
- var->data_length + var->tag_length, &var->data_iovec,
- &var->data_iovec_length);
- status = alts_iovec_record_protocol_privacy_integrity_unprotect(
- receiver, header_iovec, var->data_iovec, var->data_iovec_length,
- var->unprotected_iovec, nullptr);
- GPR_ASSERT(status == GRPC_STATUS_OK);
- /* Makes sure unprotected data are the same as the original. */
- GPR_ASSERT(memcmp(var->data_buf, var->dup_buf, var->data_length) == 0);
- alts_iovec_record_protocol_test_var_destroy(var);
- }
-}
-
-static void privacy_integrity_empty_seal_unseal(
- alts_iovec_record_protocol* sender, alts_iovec_record_protocol* receiver) {
- alts_iovec_record_protocol_test_var* var =
- alts_iovec_record_protocol_test_var_create();
- size_t empty_payload_frame_size = var->header_length + var->tag_length;
- auto* protected_buf =
- static_cast<uint8_t*>(gpr_malloc(empty_payload_frame_size));
- for (size_t i = 0; i < kSealRepeatTimes; i++) {
- iovec_t protected_iovec = {protected_buf, empty_payload_frame_size};
- iovec_t unprotected_iovec = {nullptr, 0};
- iovec_t data_iovec = {protected_buf + var->header_length, var->tag_length};
- /* Seals and then unseals empty payload. */
- grpc_status_code status =
- alts_iovec_record_protocol_privacy_integrity_protect(
- sender, nullptr, 0, protected_iovec, nullptr);
- GPR_ASSERT(status == GRPC_STATUS_OK);
- iovec_t header_iovec = {protected_buf, var->header_length};
- status = alts_iovec_record_protocol_privacy_integrity_unprotect(
- receiver, header_iovec, &data_iovec, 1, unprotected_iovec, nullptr);
- GPR_ASSERT(status == GRPC_STATUS_OK);
- }
- gpr_free(protected_buf);
- alts_iovec_record_protocol_test_var_destroy(var);
-}
-
-static void privacy_integrity_unsync_seal_unseal(
- alts_iovec_record_protocol* sender, alts_iovec_record_protocol* receiver) {
- /* Seals once. */
- alts_iovec_record_protocol_test_var* var =
- alts_iovec_record_protocol_test_var_create();
- grpc_status_code status =
- alts_iovec_record_protocol_privacy_integrity_protect(
- sender, var->data_iovec, var->data_iovec_length, var->protected_iovec,
- nullptr);
- GPR_ASSERT(status == GRPC_STATUS_OK);
- alts_iovec_record_protocol_test_var_destroy(var);
- /* Seals again. */
- var = alts_iovec_record_protocol_test_var_create();
- status = alts_iovec_record_protocol_privacy_integrity_protect(
- sender, var->data_iovec, var->data_iovec_length, var->protected_iovec,
- nullptr);
- GPR_ASSERT(status == GRPC_STATUS_OK);
- /* Unseals the second frame. */
- char* error_message = nullptr;
- iovec_t header_iovec = {var->protected_buf, var->header_length};
- iovec_t protected_iovec = {var->protected_buf + var->header_length,
- var->data_length + var->tag_length};
- status = alts_iovec_record_protocol_privacy_integrity_unprotect(
- receiver, header_iovec, &protected_iovec, 1, var->unprotected_iovec,
- &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INTERNAL, error_message, "Frame decryption failed."));
- gpr_free(error_message);
- alts_iovec_record_protocol_test_var_destroy(var);
-}
-
-static void privacy_integrity_corrupted_data(
- alts_iovec_record_protocol* sender, alts_iovec_record_protocol* receiver) {
- /* Seals the data first. */
- alts_iovec_record_protocol_test_var* var =
- alts_iovec_record_protocol_test_var_create();
- grpc_status_code status =
- alts_iovec_record_protocol_privacy_integrity_protect(
- sender, var->data_iovec, var->data_iovec_length, var->protected_iovec,
- nullptr);
- GPR_ASSERT(status == GRPC_STATUS_OK);
- char* error_message = nullptr;
- uint8_t* header_buf = var->protected_buf;
- size_t header_length = var->header_length;
- iovec_t header_iovec = {header_buf, header_length};
- /* The following protected_buf and protected_length excludes header. */
- uint8_t* protected_buf = var->protected_buf + var->header_length;
- size_t protected_length = var->data_length + var->tag_length;
- iovec_t protected_iovec = {protected_buf, protected_length};
- /* Alter frame length field. */
- size_t offset = alter_random_byte(header_buf, kZeroCopyFrameLengthFieldSize);
- status = alts_iovec_record_protocol_privacy_integrity_unprotect(
- receiver, header_iovec, &protected_iovec, 1, var->unprotected_iovec,
- &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INTERNAL, error_message, "Bad frame length."));
- gpr_free(error_message);
- revert_back_alter(header_buf, offset);
- /* Alter message type field. */
- offset = alter_random_byte(header_buf + kZeroCopyFrameLengthFieldSize,
- kZeroCopyFrameMessageTypeFieldSize);
- status = alts_iovec_record_protocol_privacy_integrity_unprotect(
- receiver, header_iovec, &protected_iovec, 1, var->unprotected_iovec,
- &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INTERNAL, error_message,
- "Unsupported message type."));
- gpr_free(error_message);
- revert_back_alter(header_buf + kZeroCopyFrameLengthFieldSize, offset);
- /* Alter protected data. */
- offset = alter_random_byte(protected_buf, protected_length);
- status = alts_iovec_record_protocol_privacy_integrity_unprotect(
- receiver, header_iovec, &protected_iovec, 1, var->unprotected_iovec,
- &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INTERNAL, error_message, "Frame decryption failed."));
- gpr_free(error_message);
- revert_back_alter(protected_buf, offset);
- /* Reverted protected data should be verified correctly. */
- status = alts_iovec_record_protocol_privacy_integrity_unprotect(
- receiver, header_iovec, &protected_iovec, 1, var->unprotected_iovec,
- nullptr);
- GPR_ASSERT(status == GRPC_STATUS_OK);
- GPR_ASSERT(memcmp(var->data_buf, var->dup_buf, var->data_length) == 0);
- alts_iovec_record_protocol_test_var_destroy(var);
-}
-
-static void privacy_integrity_protect_input_check(
- alts_iovec_record_protocol* rp) {
- alts_iovec_record_protocol_test_var* var =
- alts_iovec_record_protocol_test_var_create();
- char* error_message = nullptr;
- /* Protected output buffer is nullptr. */
- iovec_t protected_iovec = {nullptr, var->protected_iovec.iov_len};
- grpc_status_code status =
- alts_iovec_record_protocol_privacy_integrity_protect(
- rp, var->data_iovec, var->data_iovec_length, protected_iovec,
- &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INVALID_ARGUMENT, error_message,
- "Protected frame is nullptr."));
- gpr_free(error_message);
- /* Protected output buffer length incorrect. */
- protected_iovec.iov_base = var->protected_buf;
- protected_iovec.iov_len = var->header_length + var->data_length;
- status = alts_iovec_record_protocol_privacy_integrity_protect(
- rp, var->data_iovec, var->data_iovec_length, protected_iovec,
- &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INVALID_ARGUMENT, error_message,
- "Protected frame size is incorrect."));
- gpr_free(error_message);
- alts_iovec_record_protocol_test_var_destroy(var);
-}
-
-static void privacy_integrity_unprotect_input_check(
- alts_iovec_record_protocol* rp) {
- alts_iovec_record_protocol_test_var* var =
- alts_iovec_record_protocol_test_var_create();
- char* error_message = nullptr;
- /* Header buffer is nullptr. */
- iovec_t header_iovec = {var->protected_buf, var->header_length};
- iovec_t protected_iovec = {var->protected_buf + var->header_length,
- var->data_length + var->tag_length};
- header_iovec.iov_base = nullptr;
- grpc_status_code status =
- alts_iovec_record_protocol_privacy_integrity_unprotect(
- rp, header_iovec, &protected_iovec, 1, var->unprotected_iovec,
- &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INVALID_ARGUMENT, error_message,
- "Header is nullptr."));
- gpr_free(error_message);
- header_iovec.iov_base = var->protected_buf;
- /* Header buffer length is 0. */
- header_iovec.iov_len = 0;
- status = alts_iovec_record_protocol_privacy_integrity_unprotect(
- rp, header_iovec, &protected_iovec, 1, var->unprotected_iovec,
- &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INVALID_ARGUMENT, error_message,
- "Header length is incorrect."));
- gpr_free(error_message);
- header_iovec.iov_len = var->header_length;
- /* Unprotected output buffer length is incorrect. */
- iovec_t unprotected_iovec = {var->data_buf, var->data_length - 1};
- status = alts_iovec_record_protocol_privacy_integrity_unprotect(
- rp, header_iovec, &protected_iovec, 1, unprotected_iovec, &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INVALID_ARGUMENT, error_message,
- "Unprotected data size is incorrect."));
- gpr_free(error_message);
- alts_iovec_record_protocol_test_var_destroy(var);
-}
-
-/* --- Integrity-only and privacy-integrity mixed. --- */
-
-static void record_protocol_wrong_mode(
- alts_iovec_record_protocol* integrity_only_protect_rp,
- alts_iovec_record_protocol* integrity_only_unprotect_rp,
- alts_iovec_record_protocol* privacy_integrity_protect_rp,
- alts_iovec_record_protocol* privacy_integrity_unprotect_rp) {
- alts_iovec_record_protocol_test_var* var =
- alts_iovec_record_protocol_test_var_create();
- grpc_status_code status;
- char* error_message = nullptr;
- /* Call integrity-only protect on privacy-integrity record protocol. */
- status = alts_iovec_record_protocol_integrity_only_protect(
- privacy_integrity_protect_rp, var->data_iovec, var->data_iovec_length,
- var->header_iovec, var->tag_iovec, &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_FAILED_PRECONDITION, error_message,
- "Integrity-only operations are not allowed for this object."));
- gpr_free(error_message);
- /* Call integrity-only unprotect on privacy-integrity record protocol. */
- status = alts_iovec_record_protocol_integrity_only_unprotect(
- privacy_integrity_unprotect_rp, var->data_iovec, var->data_iovec_length,
- var->header_iovec, var->tag_iovec, &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_FAILED_PRECONDITION, error_message,
- "Integrity-only operations are not allowed for this object."));
- gpr_free(error_message);
- /* Call privacy-integrity protect on integrity-only record protocol. */
- status = alts_iovec_record_protocol_privacy_integrity_protect(
- integrity_only_protect_rp, var->data_iovec, var->data_iovec_length,
- var->protected_iovec, &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_FAILED_PRECONDITION, error_message,
- "Privacy-integrity operations are not allowed for this object."));
- gpr_free(error_message);
- /* Call privacy-integrity unprotect on integrity-only record protocol. */
- status = alts_iovec_record_protocol_privacy_integrity_unprotect(
- integrity_only_unprotect_rp, var->header_iovec, var->data_iovec,
- var->data_iovec_length, var->unprotected_iovec, &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_FAILED_PRECONDITION, error_message,
- "Privacy-integrity operations are not allowed for this object."));
- gpr_free(error_message);
- alts_iovec_record_protocol_test_var_destroy(var);
-}
-
-static void integrity_seal_privacy_unseal(
- alts_iovec_record_protocol* integrity_only_sender,
- alts_iovec_record_protocol* privacy_integrity_receiver) {
- alts_iovec_record_protocol_test_var* var =
- alts_iovec_record_protocol_test_var_create();
- grpc_status_code status;
- char* error_message = nullptr;
- /* Seals with integrity-only protect. */
- status = alts_iovec_record_protocol_integrity_only_protect(
- integrity_only_sender, var->data_iovec, var->data_iovec_length,
- var->header_iovec, var->tag_iovec, nullptr);
- GPR_ASSERT(status == GRPC_STATUS_OK);
- /* Unseal with privacy-integrity unprotect. */
- memcpy(var->protected_buf, var->data_buf, var->data_length);
- memcpy(var->protected_buf + var->data_length, var->tag_buf, var->tag_length);
- iovec_t protected_iovec = {var->protected_buf,
- var->data_length + var->tag_length};
- status = alts_iovec_record_protocol_privacy_integrity_unprotect(
- privacy_integrity_receiver, var->header_iovec, &protected_iovec, 1,
- var->unprotected_iovec, &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INTERNAL, error_message, "Frame decryption failed."));
- gpr_free(error_message);
- alts_iovec_record_protocol_test_var_destroy(var);
-}
-
-static void privacy_seal_integrity_unseal(
- alts_iovec_record_protocol* privacy_integrity_sender,
- alts_iovec_record_protocol* integrity_only_receiver) {
- alts_iovec_record_protocol_test_var* var =
- alts_iovec_record_protocol_test_var_create();
- grpc_status_code status;
- char* error_message = nullptr;
- /* Seals with privacy-integrity protect. */
- status = alts_iovec_record_protocol_privacy_integrity_protect(
- privacy_integrity_sender, var->data_iovec, var->data_iovec_length,
- var->protected_iovec, nullptr);
- GPR_ASSERT(status == GRPC_STATUS_OK);
- /* Unseal with integrity-only unprotect. */
- iovec_t header_iovec = {var->protected_buf, var->header_length};
- iovec_t data_iovec = {var->protected_buf + var->header_length,
- var->data_length};
- iovec_t tag_iovec = {
- var->protected_buf + var->header_length + var->data_length,
- var->tag_length};
- status = alts_iovec_record_protocol_integrity_only_unprotect(
- integrity_only_receiver, &data_iovec, 1, header_iovec, tag_iovec,
- &error_message);
- GPR_ASSERT(gsec_test_expect_compare_code_and_substr(
- status, GRPC_STATUS_INTERNAL, error_message,
- "Frame tag verification failed."));
- gpr_free(error_message);
- alts_iovec_record_protocol_test_var_destroy(var);
-}
-
-/* --- Test cases. --- */
-
-static void alts_iovec_record_protocol_random_seal_unseal_tests() {
- alts_iovec_record_protocol_test_fixture* fixture =
- alts_iovec_record_protocol_test_fixture_create(
- /*rekey=*/false, /*integrity_only=*/true);
- integrity_only_random_seal_unseal(fixture->client_protect,
- fixture->server_unprotect);
- integrity_only_random_seal_unseal(fixture->server_protect,
- fixture->client_unprotect);
- alts_iovec_record_protocol_test_fixture_destroy(fixture);
-
- fixture = alts_iovec_record_protocol_test_fixture_create(
- /*rekey=*/true, /*integrity_only=*/true);
- integrity_only_random_seal_unseal(fixture->client_protect,
- fixture->server_unprotect);
- integrity_only_random_seal_unseal(fixture->server_protect,
- fixture->client_unprotect);
- alts_iovec_record_protocol_test_fixture_destroy(fixture);
-
- fixture = alts_iovec_record_protocol_test_fixture_create(
- /*rekey=*/false, /*integrity_only=*/false);
- privacy_integrity_random_seal_unseal(fixture->client_protect,
- fixture->server_unprotect);
- privacy_integrity_random_seal_unseal(fixture->server_protect,
- fixture->client_unprotect);
- alts_iovec_record_protocol_test_fixture_destroy(fixture);
-
- fixture = alts_iovec_record_protocol_test_fixture_create(
- /*rekey=*/true, /*integrity_only=*/false);
- privacy_integrity_random_seal_unseal(fixture->client_protect,
- fixture->server_unprotect);
- privacy_integrity_random_seal_unseal(fixture->server_protect,
- fixture->client_unprotect);
- alts_iovec_record_protocol_test_fixture_destroy(fixture);
-}
-
-static void alts_iovec_record_protocol_empty_seal_unseal_tests() {
- alts_iovec_record_protocol_test_fixture* fixture =
- alts_iovec_record_protocol_test_fixture_create(
- /*rekey=*/false, /*integrity_only=*/true);
- integrity_only_empty_seal_unseal(fixture->client_protect,
- fixture->server_unprotect);
- integrity_only_empty_seal_unseal(fixture->server_protect,
- fixture->client_unprotect);
- alts_iovec_record_protocol_test_fixture_destroy(fixture);
-
- fixture = alts_iovec_record_protocol_test_fixture_create(
- /*rekey=*/true, /*integrity_only=*/true);
- integrity_only_empty_seal_unseal(fixture->client_protect,
- fixture->server_unprotect);
- integrity_only_empty_seal_unseal(fixture->server_protect,
- fixture->client_unprotect);
- alts_iovec_record_protocol_test_fixture_destroy(fixture);
-
- fixture = alts_iovec_record_protocol_test_fixture_create(
- /*rekey=*/false, /*integrity_only=*/false);
- privacy_integrity_empty_seal_unseal(fixture->client_protect,
- fixture->server_unprotect);
- privacy_integrity_empty_seal_unseal(fixture->server_protect,
- fixture->client_unprotect);
- alts_iovec_record_protocol_test_fixture_destroy(fixture);
-
- fixture = alts_iovec_record_protocol_test_fixture_create(
- /*rekey=*/true, /*integrity_only=*/false);
- privacy_integrity_empty_seal_unseal(fixture->client_protect,
- fixture->server_unprotect);
- privacy_integrity_empty_seal_unseal(fixture->server_protect,
- fixture->client_unprotect);
- alts_iovec_record_protocol_test_fixture_destroy(fixture);
-}
-
-static void alts_iovec_record_protocol_unsync_seal_unseal_tests() {
- alts_iovec_record_protocol_test_fixture* fixture =
- alts_iovec_record_protocol_test_fixture_create(
- /*rekey=*/false, /*integrity_only=*/true);
- integrity_only_unsync_seal_unseal(fixture->client_protect,
- fixture->server_unprotect);
- integrity_only_unsync_seal_unseal(fixture->server_protect,
- fixture->client_unprotect);
- alts_iovec_record_protocol_test_fixture_destroy(fixture);
-
- fixture = alts_iovec_record_protocol_test_fixture_create(
- /*rekey=*/true, /*integrity_only=*/true);
- integrity_only_unsync_seal_unseal(fixture->client_protect,
- fixture->server_unprotect);
- integrity_only_unsync_seal_unseal(fixture->server_protect,
- fixture->client_unprotect);
- alts_iovec_record_protocol_test_fixture_destroy(fixture);
-
- fixture = alts_iovec_record_protocol_test_fixture_create(
- /*rekey=*/false, /*integrity_only=*/false);
- privacy_integrity_unsync_seal_unseal(fixture->client_protect,
- fixture->server_unprotect);
- privacy_integrity_unsync_seal_unseal(fixture->server_protect,
- fixture->client_unprotect);
- alts_iovec_record_protocol_test_fixture_destroy(fixture);
-
- fixture = alts_iovec_record_protocol_test_fixture_create(
- /*rekey=*/true, /*integrity_only=*/false);
- privacy_integrity_unsync_seal_unseal(fixture->client_protect,
- fixture->server_unprotect);
- privacy_integrity_unsync_seal_unseal(fixture->server_protect,
- fixture->client_unprotect);
- alts_iovec_record_protocol_test_fixture_destroy(fixture);
-}
-
-static void alts_iovec_record_protocol_corrupted_data_tests() {
- alts_iovec_record_protocol_test_fixture* fixture =
- alts_iovec_record_protocol_test_fixture_create(
- /*rekey=*/false, /*integrity_only=*/true);
- integrity_only_corrupted_data(fixture->client_protect,
- fixture->server_unprotect);
- integrity_only_corrupted_data(fixture->server_protect,
- fixture->client_unprotect);
- alts_iovec_record_protocol_test_fixture_destroy(fixture);
-
- fixture = alts_iovec_record_protocol_test_fixture_create(
- /*rekey=*/true, /*integrity_only=*/true);
- integrity_only_corrupted_data(fixture->client_protect,
- fixture->server_unprotect);
- integrity_only_corrupted_data(fixture->server_protect,
- fixture->client_unprotect);
- alts_iovec_record_protocol_test_fixture_destroy(fixture);
-
- fixture = alts_iovec_record_protocol_test_fixture_create(
- /*rekey=*/false, /*integrity_only=*/false);
- privacy_integrity_corrupted_data(fixture->client_protect,
- fixture->server_unprotect);
- privacy_integrity_corrupted_data(fixture->server_protect,
- fixture->client_unprotect);
- alts_iovec_record_protocol_test_fixture_destroy(fixture);
-
- fixture = alts_iovec_record_protocol_test_fixture_create(
- /*rekey=*/true, /*integrity_only=*/false);
- privacy_integrity_corrupted_data(fixture->client_protect,
- fixture->server_unprotect);
- privacy_integrity_corrupted_data(fixture->server_protect,
- fixture->client_unprotect);
- alts_iovec_record_protocol_test_fixture_destroy(fixture);
-}
-
-static void alts_iovec_record_protocol_input_check_tests() {
- alts_iovec_record_protocol_test_fixture* fixture =
- alts_iovec_record_protocol_test_fixture_create(
- /*rekey=*/false, /*integrity_only=*/true);
- integrity_only_protect_input_check(fixture->client_protect);
- integrity_only_unprotect_input_check(fixture->client_unprotect);
- alts_iovec_record_protocol_test_fixture_destroy(fixture);
-
- fixture = alts_iovec_record_protocol_test_fixture_create(
- /*rekey=*/true, /*integrity_only=*/true);
- integrity_only_protect_input_check(fixture->client_protect);
- integrity_only_unprotect_input_check(fixture->client_unprotect);
- alts_iovec_record_protocol_test_fixture_destroy(fixture);
-
- fixture = alts_iovec_record_protocol_test_fixture_create(
- /*rekey=*/false, /*integrity_only=*/false);
- privacy_integrity_protect_input_check(fixture->client_protect);
- privacy_integrity_unprotect_input_check(fixture->client_unprotect);
- alts_iovec_record_protocol_test_fixture_destroy(fixture);
-
- fixture = alts_iovec_record_protocol_test_fixture_create(
- /*rekey=*/true, /*integrity_only=*/false);
- privacy_integrity_protect_input_check(fixture->client_protect);
- privacy_integrity_unprotect_input_check(fixture->client_unprotect);
- alts_iovec_record_protocol_test_fixture_destroy(fixture);
-}
-
-static void alts_iovec_record_protocol_mix_operations_tests() {
- alts_iovec_record_protocol_test_fixture* fixture_1 =
- alts_iovec_record_protocol_test_fixture_create(
- /*rekey=*/false, /*integrity_only=*/true);
- alts_iovec_record_protocol_test_fixture* fixture_2 =
- alts_iovec_record_protocol_test_fixture_create(
- /*rekey=*/false, /*integrity_only=*/false);
-
- record_protocol_wrong_mode(
- fixture_1->client_protect, fixture_1->client_unprotect,
- fixture_2->client_protect, fixture_2->client_unprotect);
- integrity_seal_privacy_unseal(fixture_1->client_protect,
- fixture_2->server_unprotect);
- privacy_seal_integrity_unseal(fixture_2->client_protect,
- fixture_1->server_unprotect);
-
- alts_iovec_record_protocol_test_fixture_destroy(fixture_1);
- alts_iovec_record_protocol_test_fixture_destroy(fixture_2);
-}
-
-int main(int argc, char** argv) {
- alts_iovec_record_protocol_random_seal_unseal_tests();
- alts_iovec_record_protocol_empty_seal_unseal_tests();
- alts_iovec_record_protocol_unsync_seal_unseal_tests();
- alts_iovec_record_protocol_corrupted_data_tests();
- alts_iovec_record_protocol_input_check_tests();
- alts_iovec_record_protocol_mix_operations_tests();
- return 0;
-}
diff --git a/test/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector_test.cc b/test/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector_test.cc
deleted file mode 100644
index 2388be95cd..0000000000
--- a/test/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector_test.cc
+++ /dev/null
@@ -1,289 +0,0 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <grpc/slice_buffer.h>
-#include <grpc/support/alloc.h>
-#include <grpc/support/log.h>
-
-#include "src/core/lib/slice/slice_internal.h"
-#include "src/core/tsi/alts/crypt/gsec.h"
-#include "src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h"
-#include "src/core/tsi/transport_security_grpc.h"
-#include "test/core/tsi/alts/crypt/gsec_test_util.h"
-
-/* TODO: tests zero_copy_grpc_protector under TSI test library, which
- * has more comprehensive tests. */
-
-constexpr size_t kSealRepeatTimes = 50;
-constexpr size_t kSmallBufferSize = 16;
-constexpr size_t kLargeBufferSize = 16384;
-constexpr size_t kChannelMaxSize = 2048;
-constexpr size_t kChannelMinSize = 128;
-
-/* Test fixtures for each test cases. */
-struct alts_zero_copy_grpc_protector_test_fixture {
- tsi_zero_copy_grpc_protector* client;
- tsi_zero_copy_grpc_protector* server;
-};
-
-/* Test input variables for protect/unprotect operations. */
-struct alts_zero_copy_grpc_protector_test_var {
- grpc_slice_buffer original_sb;
- grpc_slice_buffer duplicate_sb;
- grpc_slice_buffer staging_sb;
- grpc_slice_buffer protected_sb;
- grpc_slice_buffer unprotected_sb;
-};
-
-/* --- Test utility functions. --- */
-
-static void create_random_slice_buffer(grpc_slice_buffer* sb,
- grpc_slice_buffer* dup_sb,
- size_t length) {
- GPR_ASSERT(sb != nullptr);
- GPR_ASSERT(dup_sb != nullptr);
- GPR_ASSERT(length > 0);
- grpc_slice slice = GRPC_SLICE_MALLOC(length);
- gsec_test_random_bytes(GRPC_SLICE_START_PTR(slice), length);
- grpc_slice_buffer_add(sb, grpc_slice_ref(slice));
- grpc_slice_buffer_add(dup_sb, slice);
-}
-
-static uint8_t* pointer_to_nth_byte(grpc_slice_buffer* sb, size_t index) {
- GPR_ASSERT(sb != nullptr);
- GPR_ASSERT(index < sb->length);
- for (size_t i = 0; i < sb->count; i++) {
- if (index < GRPC_SLICE_LENGTH(sb->slices[i])) {
- return GRPC_SLICE_START_PTR(sb->slices[i]) + index;
- } else {
- index -= GRPC_SLICE_LENGTH(sb->slices[i]);
- }
- }
- return nullptr;
-}
-
-/* Checks if two slice buffer contents are the same. It is not super efficient,
- * but OK for testing. */
-static bool are_slice_buffers_equal(grpc_slice_buffer* first,
- grpc_slice_buffer* second) {
- GPR_ASSERT(first != nullptr);
- GPR_ASSERT(second != nullptr);
- if (first->length != second->length) {
- return false;
- }
- for (size_t i = 0; i < first->length; i++) {
- uint8_t* first_ptr = pointer_to_nth_byte(first, i);
- uint8_t* second_ptr = pointer_to_nth_byte(second, i);
- GPR_ASSERT(first_ptr != nullptr && second_ptr != nullptr);
- if ((*first_ptr) != (*second_ptr)) {
- return false;
- }
- }
- return true;
-}
-
-static alts_zero_copy_grpc_protector_test_fixture*
-alts_zero_copy_grpc_protector_test_fixture_create(bool rekey,
- bool integrity_only) {
- alts_zero_copy_grpc_protector_test_fixture* fixture =
- static_cast<alts_zero_copy_grpc_protector_test_fixture*>(
- gpr_zalloc(sizeof(alts_zero_copy_grpc_protector_test_fixture)));
- grpc_core::ExecCtx exec_ctx;
- size_t key_length = rekey ? kAes128GcmRekeyKeyLength : kAes128GcmKeyLength;
- uint8_t* key;
- size_t max_protected_frame_size = 1024;
- gsec_test_random_array(&key, key_length);
- GPR_ASSERT(alts_zero_copy_grpc_protector_create(
- key, key_length, rekey, /*is_client=*/true, integrity_only,
- &max_protected_frame_size, &fixture->client) == TSI_OK);
- GPR_ASSERT(alts_zero_copy_grpc_protector_create(
- key, key_length, rekey, /*is_client=*/false, integrity_only,
- &max_protected_frame_size, &fixture->server) == TSI_OK);
- gpr_free(key);
- grpc_core::ExecCtx::Get()->Flush();
- return fixture;
-}
-
-static void alts_zero_copy_grpc_protector_test_fixture_destroy(
- alts_zero_copy_grpc_protector_test_fixture* fixture) {
- if (fixture == nullptr) {
- return;
- }
- grpc_core::ExecCtx exec_ctx;
- tsi_zero_copy_grpc_protector_destroy(fixture->client);
- tsi_zero_copy_grpc_protector_destroy(fixture->server);
- grpc_core::ExecCtx::Get()->Flush();
- gpr_free(fixture);
-}
-
-static alts_zero_copy_grpc_protector_test_var*
-alts_zero_copy_grpc_protector_test_var_create() {
- alts_zero_copy_grpc_protector_test_var* var =
- static_cast<alts_zero_copy_grpc_protector_test_var*>(
- gpr_zalloc(sizeof(alts_zero_copy_grpc_protector_test_var)));
- grpc_slice_buffer_init(&var->original_sb);
- grpc_slice_buffer_init(&var->duplicate_sb);
- grpc_slice_buffer_init(&var->staging_sb);
- grpc_slice_buffer_init(&var->protected_sb);
- grpc_slice_buffer_init(&var->unprotected_sb);
- return var;
-}
-
-static void alts_zero_copy_grpc_protector_test_var_destroy(
- alts_zero_copy_grpc_protector_test_var* var) {
- if (var == nullptr) {
- return;
- }
- grpc_slice_buffer_destroy_internal(&var->original_sb);
- grpc_slice_buffer_destroy_internal(&var->duplicate_sb);
- grpc_slice_buffer_destroy_internal(&var->staging_sb);
- grpc_slice_buffer_destroy_internal(&var->protected_sb);
- grpc_slice_buffer_destroy_internal(&var->unprotected_sb);
- gpr_free(var);
-}
-
-/* --- ALTS zero-copy protector tests. --- */
-
-static void seal_unseal_small_buffer(tsi_zero_copy_grpc_protector* sender,
- tsi_zero_copy_grpc_protector* receiver) {
- grpc_core::ExecCtx exec_ctx;
- for (size_t i = 0; i < kSealRepeatTimes; i++) {
- alts_zero_copy_grpc_protector_test_var* var =
- alts_zero_copy_grpc_protector_test_var_create();
- /* Creates a random small slice buffer and calls protect(). */
- create_random_slice_buffer(&var->original_sb, &var->duplicate_sb,
- kSmallBufferSize);
- GPR_ASSERT(tsi_zero_copy_grpc_protector_protect(
- sender, &var->original_sb, &var->protected_sb) == TSI_OK);
- /* Splits protected slice buffer into two: first one is staging_sb, and
- * second one is is protected_sb. */
- uint32_t staging_sb_size =
- gsec_test_bias_random_uint32(
- static_cast<uint32_t>(var->protected_sb.length - 1)) +
- 1;
- grpc_slice_buffer_move_first(&var->protected_sb, staging_sb_size,
- &var->staging_sb);
- /* Unprotects one by one. */
- GPR_ASSERT(tsi_zero_copy_grpc_protector_unprotect(
- receiver, &var->staging_sb, &var->unprotected_sb) == TSI_OK);
- GPR_ASSERT(var->unprotected_sb.length == 0);
- GPR_ASSERT(tsi_zero_copy_grpc_protector_unprotect(
- receiver, &var->protected_sb, &var->unprotected_sb) ==
- TSI_OK);
- GPR_ASSERT(
- are_slice_buffers_equal(&var->unprotected_sb, &var->duplicate_sb));
- alts_zero_copy_grpc_protector_test_var_destroy(var);
- }
- grpc_core::ExecCtx::Get()->Flush();
-}
-
-static void seal_unseal_large_buffer(tsi_zero_copy_grpc_protector* sender,
- tsi_zero_copy_grpc_protector* receiver) {
- grpc_core::ExecCtx exec_ctx;
- for (size_t i = 0; i < kSealRepeatTimes; i++) {
- alts_zero_copy_grpc_protector_test_var* var =
- alts_zero_copy_grpc_protector_test_var_create();
- /* Creates a random large slice buffer and calls protect(). */
- create_random_slice_buffer(&var->original_sb, &var->duplicate_sb,
- kLargeBufferSize);
- GPR_ASSERT(tsi_zero_copy_grpc_protector_protect(
- sender, &var->original_sb, &var->protected_sb) == TSI_OK);
- /* Splits protected slice buffer into multiple pieces. Receiver unprotects
- * each slice buffer one by one. */
- uint32_t channel_size = gsec_test_bias_random_uint32(static_cast<uint32_t>(
- kChannelMaxSize + 1 - kChannelMinSize)) +
- static_cast<uint32_t>(kChannelMinSize);
- while (var->protected_sb.length > channel_size) {
- grpc_slice_buffer_reset_and_unref_internal(&var->staging_sb);
- grpc_slice_buffer_move_first(&var->protected_sb, channel_size,
- &var->staging_sb);
- GPR_ASSERT(tsi_zero_copy_grpc_protector_unprotect(
- receiver, &var->staging_sb, &var->unprotected_sb) ==
- TSI_OK);
- }
- GPR_ASSERT(tsi_zero_copy_grpc_protector_unprotect(
- receiver, &var->protected_sb, &var->unprotected_sb) ==
- TSI_OK);
- GPR_ASSERT(
- are_slice_buffers_equal(&var->unprotected_sb, &var->duplicate_sb));
- alts_zero_copy_grpc_protector_test_var_destroy(var);
- }
- grpc_core::ExecCtx::Get()->Flush();
-}
-
-/* --- Test cases. --- */
-
-static void alts_zero_copy_protector_seal_unseal_small_buffer_tests() {
- alts_zero_copy_grpc_protector_test_fixture* fixture =
- alts_zero_copy_grpc_protector_test_fixture_create(
- /*rekey=*/false, /*integrity_only=*/true);
- seal_unseal_small_buffer(fixture->client, fixture->server);
- seal_unseal_small_buffer(fixture->server, fixture->client);
- alts_zero_copy_grpc_protector_test_fixture_destroy(fixture);
-
- fixture = alts_zero_copy_grpc_protector_test_fixture_create(
- /*rekey=*/false, /*integrity_only=*/false);
- seal_unseal_small_buffer(fixture->client, fixture->server);
- seal_unseal_small_buffer(fixture->server, fixture->client);
- alts_zero_copy_grpc_protector_test_fixture_destroy(fixture);
-
- fixture = alts_zero_copy_grpc_protector_test_fixture_create(
- /*rekey=*/true, /*integrity_only=*/true);
- seal_unseal_small_buffer(fixture->client, fixture->server);
- seal_unseal_small_buffer(fixture->server, fixture->client);
- alts_zero_copy_grpc_protector_test_fixture_destroy(fixture);
-
- fixture = alts_zero_copy_grpc_protector_test_fixture_create(
- /*rekey=*/true, /*integrity_only=*/false);
- seal_unseal_small_buffer(fixture->client, fixture->server);
- seal_unseal_small_buffer(fixture->server, fixture->client);
- alts_zero_copy_grpc_protector_test_fixture_destroy(fixture);
-}
-
-static void alts_zero_copy_protector_seal_unseal_large_buffer_tests() {
- alts_zero_copy_grpc_protector_test_fixture* fixture =
- alts_zero_copy_grpc_protector_test_fixture_create(
- /*rekey=*/false, /*integrity_only=*/true);
- seal_unseal_large_buffer(fixture->client, fixture->server);
- seal_unseal_large_buffer(fixture->server, fixture->client);
- alts_zero_copy_grpc_protector_test_fixture_destroy(fixture);
-
- fixture = alts_zero_copy_grpc_protector_test_fixture_create(
- /*rekey=*/false, /*integrity_only=*/false);
- seal_unseal_large_buffer(fixture->client, fixture->server);
- seal_unseal_large_buffer(fixture->server, fixture->client);
- alts_zero_copy_grpc_protector_test_fixture_destroy(fixture);
-
- fixture = alts_zero_copy_grpc_protector_test_fixture_create(
- /*rekey=*/true, /*integrity_only=*/true);
- seal_unseal_large_buffer(fixture->client, fixture->server);
- seal_unseal_large_buffer(fixture->server, fixture->client);
- alts_zero_copy_grpc_protector_test_fixture_destroy(fixture);
-
- fixture = alts_zero_copy_grpc_protector_test_fixture_create(
- /*rekey=*/true, /*integrity_only=*/false);
- seal_unseal_large_buffer(fixture->client, fixture->server);
- seal_unseal_large_buffer(fixture->server, fixture->client);
- alts_zero_copy_grpc_protector_test_fixture_destroy(fixture);
-}
-
-int main(int argc, char** argv) {
- alts_zero_copy_protector_seal_unseal_small_buffer_tests();
- alts_zero_copy_protector_seal_unseal_large_buffer_tests();
- return 0;
-}
diff --git a/test/core/tsi/fake_transport_security_test.cc b/test/core/tsi/fake_transport_security_test.cc
index 5e6671965d..bec81ed42f 100644
--- a/test/core/tsi/fake_transport_security_test.cc
+++ b/test/core/tsi/fake_transport_security_test.cc
@@ -107,7 +107,7 @@ void fake_tsi_test_do_round_trip_for_all_configs() {
tsi_test_frame_protector_config_destroy(fake_fixture->base.config);
fake_fixture->base.config = tsi_test_frame_protector_config_create(
bit_array[0], bit_array[1], bit_array[2], bit_array[3], bit_array[4],
- bit_array[5], bit_array[6]);
+ bit_array[5], bit_array[6], bit_array[7]);
tsi_test_do_round_trip(&fake_fixture->base);
tsi_test_fixture_destroy(fixture);
}
diff --git a/test/core/tsi/ssl_transport_security_test.cc b/test/core/tsi/ssl_transport_security_test.cc
index d9eb7470d5..8f255a3d35 100644
--- a/test/core/tsi/ssl_transport_security_test.cc
+++ b/test/core/tsi/ssl_transport_security_test.cc
@@ -528,7 +528,7 @@ void ssl_tsi_test_do_round_trip_for_all_configs() {
tsi_test_frame_protector_config_destroy(ssl_fixture->base.config);
ssl_fixture->base.config = tsi_test_frame_protector_config_create(
bit_array[0], bit_array[1], bit_array[2], bit_array[3], bit_array[4],
- bit_array[5], bit_array[6]);
+ bit_array[5], bit_array[6], bit_array[7]);
tsi_test_do_round_trip(&ssl_fixture->base);
tsi_test_fixture_destroy(fixture);
}
diff --git a/test/core/tsi/transport_security_test_lib.cc b/test/core/tsi/transport_security_test_lib.cc
index 26349dbfca..8ea83f7088 100644
--- a/test/core/tsi/transport_security_test_lib.cc
+++ b/test/core/tsi/transport_security_test_lib.cc
@@ -110,29 +110,27 @@ static void check_handshake_results(tsi_test_fixture* fixture) {
fixture->vtable->check_handshaker_peers(fixture);
/* Check unused bytes. */
if (fixture->test_unused_bytes) {
- tsi_test_channel* channel = fixture->channel;
if (fixture->server_result != nullptr &&
fixture->client_result != nullptr) {
check_unused_bytes(fixture);
}
- channel->bytes_written_to_server_channel = 0;
- channel->bytes_written_to_client_channel = 0;
- channel->bytes_read_from_client_channel = 0;
- channel->bytes_read_from_server_channel = 0;
+ fixture->bytes_written_to_server_channel = 0;
+ fixture->bytes_written_to_client_channel = 0;
+ fixture->bytes_read_from_client_channel = 0;
+ fixture->bytes_read_from_server_channel = 0;
}
}
-static void send_bytes_to_peer(tsi_test_channel* test_channel,
+static void send_bytes_to_peer(tsi_test_fixture* fixture,
const unsigned char* buf, size_t buf_size,
bool is_client) {
- GPR_ASSERT(test_channel != nullptr);
+ GPR_ASSERT(fixture != nullptr);
GPR_ASSERT(buf != nullptr);
uint8_t* channel =
- is_client ? test_channel->server_channel : test_channel->client_channel;
+ is_client ? fixture->server_channel : fixture->client_channel;
GPR_ASSERT(channel != nullptr);
- size_t* bytes_written = is_client
- ? &test_channel->bytes_written_to_server_channel
- : &test_channel->bytes_written_to_client_channel;
+ size_t* bytes_written = is_client ? &fixture->bytes_written_to_server_channel
+ : &fixture->bytes_written_to_client_channel;
GPR_ASSERT(bytes_written != nullptr);
GPR_ASSERT(*bytes_written + buf_size <= TSI_TEST_DEFAULT_CHANNEL_SIZE);
/* Write data to channel. */
@@ -147,8 +145,7 @@ static void maybe_append_unused_bytes(handshaker_args* args) {
if (fixture->test_unused_bytes && !args->appended_unused_bytes) {
args->appended_unused_bytes = true;
send_bytes_to_peer(
- fixture->channel,
- reinterpret_cast<const unsigned char*>(TSI_TEST_UNUSED_BYTES),
+ fixture, reinterpret_cast<const unsigned char*>(TSI_TEST_UNUSED_BYTES),
strlen(TSI_TEST_UNUSED_BYTES), args->is_client);
if (fixture->client_result != nullptr &&
fixture->server_result == nullptr) {
@@ -157,21 +154,19 @@ static void maybe_append_unused_bytes(handshaker_args* args) {
}
}
-static void receive_bytes_from_peer(tsi_test_channel* test_channel,
+static void receive_bytes_from_peer(tsi_test_fixture* fixture,
unsigned char** buf, size_t* buf_size,
bool is_client) {
- GPR_ASSERT(test_channel != nullptr);
+ GPR_ASSERT(fixture != nullptr);
GPR_ASSERT(*buf != nullptr);
GPR_ASSERT(buf_size != nullptr);
uint8_t* channel =
- is_client ? test_channel->client_channel : test_channel->server_channel;
+ is_client ? fixture->client_channel : fixture->server_channel;
GPR_ASSERT(channel != nullptr);
- size_t* bytes_read = is_client
- ? &test_channel->bytes_read_from_client_channel
- : &test_channel->bytes_read_from_server_channel;
- size_t* bytes_written = is_client
- ? &test_channel->bytes_written_to_client_channel
- : &test_channel->bytes_written_to_server_channel;
+ size_t* bytes_read = is_client ? &fixture->bytes_read_from_client_channel
+ : &fixture->bytes_read_from_server_channel;
+ size_t* bytes_written = is_client ? &fixture->bytes_written_to_client_channel
+ : &fixture->bytes_written_to_server_channel;
GPR_ASSERT(bytes_read != nullptr);
GPR_ASSERT(bytes_written != nullptr);
size_t to_read = *buf_size < *bytes_written - *bytes_read
@@ -183,13 +178,14 @@ static void receive_bytes_from_peer(tsi_test_channel* test_channel,
*bytes_read += to_read;
}
-void tsi_test_frame_protector_send_message_to_peer(
- tsi_test_frame_protector_config* config, tsi_test_channel* channel,
- tsi_frame_protector* protector, bool is_client) {
+static void send_message_to_peer(tsi_test_fixture* fixture,
+ tsi_frame_protector* protector,
+ bool is_client) {
/* Initialization. */
- GPR_ASSERT(config != nullptr);
- GPR_ASSERT(channel != nullptr);
+ GPR_ASSERT(fixture != nullptr);
+ GPR_ASSERT(fixture->config != nullptr);
GPR_ASSERT(protector != nullptr);
+ tsi_test_frame_protector_config* config = fixture->config;
unsigned char* protected_buffer =
static_cast<unsigned char*>(gpr_zalloc(config->protected_buffer_size));
size_t message_size =
@@ -209,7 +205,7 @@ void tsi_test_frame_protector_send_message_to_peer(
&protected_buffer_size_to_send);
GPR_ASSERT(result == TSI_OK);
/* Send protected data to peer. */
- send_bytes_to_peer(channel, protected_buffer, protected_buffer_size_to_send,
+ send_bytes_to_peer(fixture, protected_buffer, protected_buffer_size_to_send,
is_client);
message_bytes += processed_message_size;
message_size -= processed_message_size;
@@ -222,7 +218,7 @@ void tsi_test_frame_protector_send_message_to_peer(
protector, protected_buffer, &protected_buffer_size_to_send,
&still_pending_size);
GPR_ASSERT(result == TSI_OK);
- send_bytes_to_peer(channel, protected_buffer,
+ send_bytes_to_peer(fixture, protected_buffer,
protected_buffer_size_to_send, is_client);
} while (still_pending_size > 0 && result == TSI_OK);
GPR_ASSERT(result == TSI_OK);
@@ -232,16 +228,17 @@ void tsi_test_frame_protector_send_message_to_peer(
gpr_free(protected_buffer);
}
-void tsi_test_frame_protector_receive_message_from_peer(
- tsi_test_frame_protector_config* config, tsi_test_channel* channel,
- tsi_frame_protector* protector, unsigned char* message,
- size_t* bytes_received, bool is_client) {
+static void receive_message_from_peer(tsi_test_fixture* fixture,
+ tsi_frame_protector* protector,
+ unsigned char* message,
+ size_t* bytes_received, bool is_client) {
/* Initialization. */
- GPR_ASSERT(config != nullptr);
- GPR_ASSERT(channel != nullptr);
+ GPR_ASSERT(fixture != nullptr);
GPR_ASSERT(protector != nullptr);
GPR_ASSERT(message != nullptr);
GPR_ASSERT(bytes_received != nullptr);
+ GPR_ASSERT(fixture->config != nullptr);
+ tsi_test_frame_protector_config* config = fixture->config;
size_t read_offset = 0;
size_t message_offset = 0;
size_t read_from_peer_size = 0;
@@ -256,7 +253,7 @@ void tsi_test_frame_protector_receive_message_from_peer(
/* Receive data from peer. */
if (read_from_peer_size == 0) {
read_from_peer_size = config->read_buffer_allocated_size;
- receive_bytes_from_peer(channel, &read_buffer, &read_from_peer_size,
+ receive_bytes_from_peer(fixture, &read_buffer, &read_from_peer_size,
is_client);
read_offset = 0;
}
@@ -317,7 +314,7 @@ grpc_error* on_handshake_next_done(tsi_result result, void* user_data,
}
/* Send data to peer, if needed. */
if (bytes_to_send_size > 0) {
- send_bytes_to_peer(fixture->channel, bytes_to_send, bytes_to_send_size,
+ send_bytes_to_peer(args->fixture, bytes_to_send, bytes_to_send_size,
args->is_client);
args->transferred_data = true;
}
@@ -364,8 +361,8 @@ static void do_handshaker_next(handshaker_args* args) {
/* Receive data from peer, if available. */
do {
size_t buf_size = args->handshake_buffer_size;
- receive_bytes_from_peer(fixture->channel, &args->handshake_buffer,
- &buf_size, args->is_client);
+ receive_bytes_from_peer(args->fixture, &args->handshake_buffer, &buf_size,
+ args->is_client);
if (buf_size > 0) {
args->transferred_data = true;
}
@@ -414,50 +411,6 @@ void tsi_test_do_handshake(tsi_test_fixture* fixture) {
handshaker_args_destroy(server_args);
}
-static void tsi_test_do_ping_pong(tsi_test_frame_protector_config* config,
- tsi_test_channel* channel,
- tsi_frame_protector* client_frame_protector,
- tsi_frame_protector* server_frame_protector) {
- GPR_ASSERT(config != nullptr);
- GPR_ASSERT(channel != nullptr);
- GPR_ASSERT(client_frame_protector != nullptr);
- GPR_ASSERT(server_frame_protector != nullptr);
- /* Client sends a message to server. */
- tsi_test_frame_protector_send_message_to_peer(
- config, channel, client_frame_protector, true /* is_client */);
- unsigned char* server_received_message =
- static_cast<unsigned char*>(gpr_zalloc(TSI_TEST_DEFAULT_CHANNEL_SIZE));
- size_t server_received_message_size = 0;
- tsi_test_frame_protector_receive_message_from_peer(
- config, channel, server_frame_protector, server_received_message,
- &server_received_message_size, false /* is_client */);
- GPR_ASSERT(config->client_message_size == server_received_message_size);
- GPR_ASSERT(memcmp(config->client_message, server_received_message,
- server_received_message_size) == 0);
- /* Server sends a message to client. */
- tsi_test_frame_protector_send_message_to_peer(
- config, channel, server_frame_protector, false /* is_client */);
- unsigned char* client_received_message =
- static_cast<unsigned char*>(gpr_zalloc(TSI_TEST_DEFAULT_CHANNEL_SIZE));
- size_t client_received_message_size = 0;
- tsi_test_frame_protector_receive_message_from_peer(
- config, channel, client_frame_protector, client_received_message,
- &client_received_message_size, true /* is_client */);
- GPR_ASSERT(config->server_message_size == client_received_message_size);
- GPR_ASSERT(memcmp(config->server_message, client_received_message,
- client_received_message_size) == 0);
- gpr_free(server_received_message);
- gpr_free(client_received_message);
-}
-
-void tsi_test_frame_protector_do_round_trip_no_handshake(
- tsi_test_frame_protector_fixture* fixture) {
- GPR_ASSERT(fixture != nullptr);
- tsi_test_do_ping_pong(fixture->config, fixture->channel,
- fixture->client_frame_protector,
- fixture->server_frame_protector);
-}
-
void tsi_test_do_round_trip(tsi_test_fixture* fixture) {
/* Initialization. */
GPR_ASSERT(fixture != nullptr);
@@ -484,11 +437,33 @@ void tsi_test_do_round_trip(tsi_test_fixture* fixture) {
? nullptr
: &server_max_output_protected_frame_size,
&server_frame_protector) == TSI_OK);
- tsi_test_do_ping_pong(config, fixture->channel, client_frame_protector,
- server_frame_protector);
+ /* Client sends a message to server. */
+ send_message_to_peer(fixture, client_frame_protector, true /* is_client */);
+ unsigned char* server_received_message =
+ static_cast<unsigned char*>(gpr_zalloc(TSI_TEST_DEFAULT_CHANNEL_SIZE));
+ size_t server_received_message_size = 0;
+ receive_message_from_peer(
+ fixture, server_frame_protector, server_received_message,
+ &server_received_message_size, false /* is_client */);
+ GPR_ASSERT(config->client_message_size == server_received_message_size);
+ GPR_ASSERT(memcmp(config->client_message, server_received_message,
+ server_received_message_size) == 0);
+ /* Server sends a message to client. */
+ send_message_to_peer(fixture, server_frame_protector, false /* is_client */);
+ unsigned char* client_received_message =
+ static_cast<unsigned char*>(gpr_zalloc(TSI_TEST_DEFAULT_CHANNEL_SIZE));
+ size_t client_received_message_size = 0;
+ receive_message_from_peer(
+ fixture, client_frame_protector, client_received_message,
+ &client_received_message_size, true /* is_client */);
+ GPR_ASSERT(config->server_message_size == client_received_message_size);
+ GPR_ASSERT(memcmp(config->server_message, client_received_message,
+ client_received_message_size) == 0);
/* Destroy server and client frame protectors. */
tsi_frame_protector_destroy(client_frame_protector);
tsi_frame_protector_destroy(server_frame_protector);
+ gpr_free(server_received_message);
+ gpr_free(client_received_message);
}
static unsigned char* generate_random_message(size_t size) {
@@ -508,7 +483,8 @@ tsi_test_frame_protector_config* tsi_test_frame_protector_config_create(
bool use_default_protected_buffer_size, bool use_default_client_message,
bool use_default_server_message,
bool use_default_client_max_output_protected_frame_size,
- bool use_default_server_max_output_protected_frame_size) {
+ bool use_default_server_max_output_protected_frame_size,
+ bool use_default_handshake_buffer_size) {
tsi_test_frame_protector_config* config =
static_cast<tsi_test_frame_protector_config*>(
gpr_zalloc(sizeof(*config)));
@@ -576,42 +552,24 @@ void tsi_test_frame_protector_config_set_buffer_size(
void tsi_test_frame_protector_config_destroy(
tsi_test_frame_protector_config* config) {
- if (config == nullptr) {
- return;
- }
+ GPR_ASSERT(config != nullptr);
gpr_free(config->client_message);
gpr_free(config->server_message);
gpr_free(config);
}
-static tsi_test_channel* tsi_test_channel_create() {
- tsi_test_channel* channel =
- static_cast<tsi_test_channel*>(gpr_zalloc(sizeof(*channel)));
- channel->client_channel =
- static_cast<uint8_t*>(gpr_zalloc(TSI_TEST_DEFAULT_CHANNEL_SIZE));
- channel->server_channel =
- static_cast<uint8_t*>(gpr_zalloc(TSI_TEST_DEFAULT_CHANNEL_SIZE));
- channel->bytes_written_to_client_channel = 0;
- channel->bytes_written_to_server_channel = 0;
- channel->bytes_read_from_client_channel = 0;
- channel->bytes_read_from_server_channel = 0;
- return channel;
-}
-
-static void tsi_test_channel_destroy(tsi_test_channel* channel) {
- if (channel == nullptr) {
- return;
- }
- gpr_free(channel->client_channel);
- gpr_free(channel->server_channel);
- gpr_free(channel);
-}
-
void tsi_test_fixture_init(tsi_test_fixture* fixture) {
fixture->config = tsi_test_frame_protector_config_create(
- true, true, true, true, true, true, true);
+ true, true, true, true, true, true, true, true);
fixture->handshake_buffer_size = TSI_TEST_DEFAULT_BUFFER_SIZE;
- fixture->channel = tsi_test_channel_create();
+ fixture->client_channel =
+ static_cast<uint8_t*>(gpr_zalloc(TSI_TEST_DEFAULT_CHANNEL_SIZE));
+ fixture->server_channel =
+ static_cast<uint8_t*>(gpr_zalloc(TSI_TEST_DEFAULT_CHANNEL_SIZE));
+ fixture->bytes_written_to_client_channel = 0;
+ fixture->bytes_written_to_server_channel = 0;
+ fixture->bytes_read_from_client_channel = 0;
+ fixture->bytes_read_from_server_channel = 0;
fixture->test_unused_bytes = true;
fixture->has_client_finished_first = false;
gpr_mu_init(&fixture->mu);
@@ -620,15 +578,14 @@ void tsi_test_fixture_init(tsi_test_fixture* fixture) {
}
void tsi_test_fixture_destroy(tsi_test_fixture* fixture) {
- if (fixture == nullptr) {
- return;
- }
+ GPR_ASSERT(fixture != nullptr);
tsi_test_frame_protector_config_destroy(fixture->config);
tsi_handshaker_destroy(fixture->client_handshaker);
tsi_handshaker_destroy(fixture->server_handshaker);
tsi_handshaker_result_destroy(fixture->client_result);
tsi_handshaker_result_destroy(fixture->server_result);
- tsi_test_channel_destroy(fixture->channel);
+ gpr_free(fixture->client_channel);
+ gpr_free(fixture->server_channel);
GPR_ASSERT(fixture->vtable != nullptr);
GPR_ASSERT(fixture->vtable->destruct != nullptr);
fixture->vtable->destruct(fixture);
@@ -636,34 +593,3 @@ void tsi_test_fixture_destroy(tsi_test_fixture* fixture) {
gpr_cv_destroy(&fixture->cv);
gpr_free(fixture);
}
-
-tsi_test_frame_protector_fixture* tsi_test_frame_protector_fixture_create() {
- tsi_test_frame_protector_fixture* fixture =
- static_cast<tsi_test_frame_protector_fixture*>(
- gpr_zalloc(sizeof(*fixture)));
- fixture->config = tsi_test_frame_protector_config_create(
- true, true, true, true, true, true, true);
- fixture->channel = tsi_test_channel_create();
- return fixture;
-}
-
-void tsi_test_frame_protector_fixture_init(
- tsi_test_frame_protector_fixture* fixture,
- tsi_frame_protector* client_frame_protector,
- tsi_frame_protector* server_frame_protector) {
- GPR_ASSERT(fixture != nullptr);
- fixture->client_frame_protector = client_frame_protector;
- fixture->server_frame_protector = server_frame_protector;
-}
-
-void tsi_test_frame_protector_fixture_destroy(
- tsi_test_frame_protector_fixture* fixture) {
- if (fixture == nullptr) {
- return;
- }
- tsi_test_frame_protector_config_destroy(fixture->config);
- tsi_test_channel_destroy(fixture->channel);
- tsi_frame_protector_destroy(fixture->client_frame_protector);
- tsi_frame_protector_destroy(fixture->server_frame_protector);
- gpr_free(fixture);
-}
diff --git a/test/core/tsi/transport_security_test_lib.h b/test/core/tsi/transport_security_test_lib.h
index b6a431f5a0..9b07448cc5 100644
--- a/test/core/tsi/transport_security_test_lib.h
+++ b/test/core/tsi/transport_security_test_lib.h
@@ -35,8 +35,8 @@
#define TSI_TEST_DEFAULT_CHANNEL_SIZE 32768
#define TSI_TEST_BIG_MESSAGE_SIZE 17000
#define TSI_TEST_SMALL_MESSAGE_SIZE 10
-#define TSI_TEST_NUM_OF_ARGUMENTS 7
-#define TSI_TEST_NUM_OF_COMBINATIONS 128
+#define TSI_TEST_NUM_OF_ARGUMENTS 8
+#define TSI_TEST_NUM_OF_COMBINATIONS 256
#define TSI_TEST_UNUSED_BYTES "HELLO GOOGLE"
/* --- tsi_test_fixture object ---
@@ -46,22 +46,12 @@
protect/unprotect operations with respect to TSI implementations. */
typedef struct tsi_test_fixture tsi_test_fixture;
-/* --- tsi_test_frame_protector_fixture object ---
- The object wraps all necessary information used to test correctness of TSI
- frame protector implementations. */
-typedef struct tsi_test_frame_protector_fixture
- tsi_test_frame_protector_fixture;
-
/* --- tsi_test_frame_protector_config object ---
+
This object is used to configure different parameters of TSI frame protector
APIs. */
typedef struct tsi_test_frame_protector_config tsi_test_frame_protector_config;
-/* --- tsi_test_channel object ---
- This object represents simulated channels between the client and server
- from/to which they could read/write the exchanged information. */
-typedef struct tsi_test_channel tsi_test_channel;
-
/* V-table for tsi_test_fixture operations that are implemented differently in
different TSI implementations. */
typedef struct tsi_test_fixture_vtable {
@@ -83,8 +73,17 @@ struct tsi_test_fixture {
tsi_handshaker_result* server_result;
/* size of buffer used to store data received from the peer. */
size_t handshake_buffer_size;
- /* tsi_test_channel instance. */
- tsi_test_channel* channel;
+ /* simulated channels between client and server. If the server (client)
+ wants to send data to the client (server), he will write data to
+ client_channel (server_channel), which will be read by client (server). */
+ uint8_t* client_channel;
+ uint8_t* server_channel;
+ /* size of data written to the client/server channel. */
+ size_t bytes_written_to_client_channel;
+ size_t bytes_written_to_server_channel;
+ /* size of data read from the client/server channel */
+ size_t bytes_read_from_client_channel;
+ size_t bytes_read_from_server_channel;
/* tsi_test_frame_protector_config instance */
tsi_test_frame_protector_config* config;
/* a flag indicating if client has finished TSI handshake first (i.e., before
@@ -107,30 +106,6 @@ struct tsi_test_fixture {
bool notified;
};
-struct tsi_test_frame_protector_fixture {
- /* client/server TSI frame protectors whose ownership are transferred. */
- tsi_frame_protector* client_frame_protector;
- tsi_frame_protector* server_frame_protector;
- /* tsi_test_channel instance. */
- tsi_test_channel* channel;
- /* tsi_test_frame_protector_config instance */
- tsi_test_frame_protector_config* config;
-};
-
-struct tsi_test_channel {
- /* simulated channels between client and server. If the server (client)
- wants to send data to the client (server), he will write data to
- client_channel (server_channel), which will be read by client (server). */
- uint8_t* client_channel;
- uint8_t* server_channel;
- /* size of data written to the client/server channel. */
- size_t bytes_written_to_client_channel;
- size_t bytes_written_to_server_channel;
- /* size of data read from the client/server channel */
- size_t bytes_read_from_client_channel;
- size_t bytes_read_from_server_channel;
-};
-
struct tsi_test_frame_protector_config {
/* size of buffer used to store protected frames to be unprotected. */
size_t read_buffer_allocated_size;
@@ -160,7 +135,8 @@ tsi_test_frame_protector_config* tsi_test_frame_protector_config_create(
bool use_default_protected_buffer_size, bool use_default_client_message,
bool use_default_server_message,
bool use_default_client_max_output_protected_frame_size,
- bool use_default_server_max_output_protected_frame_size);
+ bool use_default_server_max_output_protected_frame_size,
+ bool use_default_handshake_buffer_size);
/* This method sets different buffer and frame sizes of a
tsi_test_frame_protector_config instance with user provided values. */
@@ -184,35 +160,6 @@ void tsi_test_fixture_init(tsi_test_fixture* fixture);
this function. */
void tsi_test_fixture_destroy(tsi_test_fixture* fixture);
-/* This method creates a tsi_test_frame_protector_fixture instance. */
-tsi_test_frame_protector_fixture* tsi_test_frame_protector_fixture_create();
-
-/* This method initializes members of tsi_test_frame_protector_fixture instance.
- Note that the struct instance should be allocated before making
- this call. */
-void tsi_test_frame_protector_fixture_init(
- tsi_test_frame_protector_fixture* fixture,
- tsi_frame_protector* client_frame_protector,
- tsi_frame_protector* server_frame_protector);
-
-/* This method destroys a tsi_test_frame_protector_fixture instance. Note that
- the fixture intance must be dynamically allocated and will be freed by this
- function. */
-void tsi_test_frame_protector_fixture_destroy(
- tsi_test_frame_protector_fixture* fixture);
-
-/* This method performs a protect opeation on raw data and sends the result to
- peer. */
-void tsi_test_frame_protector_send_message_to_peer(
- tsi_test_frame_protector_config* config, tsi_test_channel* channel,
- tsi_frame_protector* protector, bool is_client);
-
-/* This method receives message from peer and unprotects it. */
-void tsi_test_frame_protector_receive_message_from_peer(
- tsi_test_frame_protector_config* config, tsi_test_channel* channel,
- tsi_frame_protector* protector, unsigned char* message,
- size_t* bytes_received, bool is_client);
-
/* This method performs a full TSI handshake between a client and a server.
Note that the test library will implement the new TSI handshaker API to
perform handshakes. */
@@ -224,8 +171,4 @@ void tsi_test_do_handshake(tsi_test_fixture* fixture);
the client and server switching its role. */
void tsi_test_do_round_trip(tsi_test_fixture* fixture);
-/* This method performs the above round trip test without doing handshakes. */
-void tsi_test_frame_protector_do_round_trip_no_handshake(
- tsi_test_frame_protector_fixture* fixture);
-
#endif // GRPC_TEST_CORE_TSI_TRANSPORT_SECURITY_TEST_LIB_H_
diff --git a/third_party/nanopb/pb.h b/third_party/nanopb/pb.h
index 62dca73f4f..4576f79abc 100644
--- a/third_party/nanopb/pb.h
+++ b/third_party/nanopb/pb.h
@@ -25,7 +25,7 @@
/* #define PB_FIELD_16BIT 1 */
/* Add support for tag numbers > 65536 and fields larger than 65536 bytes. */
-/* #define PB_FIELD_32BIT 1 */
+/* #define PB_FIELD_32BIT 1 */
/* Disable support for error messages in order to save some code space. */
/* #define PB_NO_ERRMSG 1 */
diff --git a/tools/codegen/core/gen_nano_proto.sh b/tools/codegen/core/gen_nano_proto.sh
index 6ce15178bd..4246840173 100755
--- a/tools/codegen/core/gen_nano_proto.sh
+++ b/tools/codegen/core/gen_nano_proto.sh
@@ -43,9 +43,9 @@ if [[ ! -f "$INPUT_PROTO" ]]; then
echo "Input proto file '$INPUT_PROTO' doesn't exist."
exit 2
fi
-
if [[ ! -f "${EXPECTED_OPTIONS_FILE_PATH}" ]]; then
- echo "Input proto file may need .options file to be correctly compiled."
+ echo "Expected nanopb options file '${EXPECTED_OPTIONS_FILE_PATH}' missing"
+ exit 3
fi
if [[ "${OUTPUT_DIR:0:1}" != '/' ]]; then
@@ -81,11 +81,6 @@ readonly PROTO_BASENAME=$(basename $INPUT_PROTO .proto)
sed -i "s:$PROTO_BASENAME.pb.h:${GRPC_OUTPUT_DIR}/$PROTO_BASENAME.pb.h:g" \
"$OUTPUT_DIR/$PROTO_BASENAME.pb.c"
-if [ $PROTO_BASENAME == "handshaker" ] || [ $PROTO_BASENAME == "altscontext" ]; then
- sed -i "s:transport_security_common.pb.h:${GRPC_OUTPUT_DIR}/transport_security_common.pb.h:g" \
- "$OUTPUT_DIR/$PROTO_BASENAME.pb.h"
-fi
-
# Fix up the include guards such that they pass the check_include_guards.py
# test. Assumes that the generated files are being placed in gRPC src dir.
readonly INCLUDE_GUARD_BASE=`echo $GRPC_OUTPUT_DIR | tr [a-z/] [A-Z_] | sed s:^.*SRC_::`
diff --git a/tools/distrib/check_copyright.py b/tools/distrib/check_copyright.py
index e7893a1fd5..6e1a303fb0 100755
--- a/tools/distrib/check_copyright.py
+++ b/tools/distrib/check_copyright.py
@@ -77,12 +77,6 @@ _EXEMPT = frozenset((
'examples/python/route_guide/route_guide_pb2_grpc.py',
'src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.h',
'src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c',
- 'src/core/tsi/alts/handshaker/altscontext.pb.h',
- 'src/core/tsi/alts/handshaker/altscontext.pb.c',
- 'src/core/tsi/alts/handshaker/handshaker.pb.h',
- 'src/core/tsi/alts/handshaker/handshaker.pb.c',
- 'src/core/tsi/alts/handshaker/transport_security_common.pb.h',
- 'src/core/tsi/alts/handshaker/transport_security_common.pb.c',
'src/cpp/server/health/health.pb.h',
'src/cpp/server/health/health.pb.c',
diff --git a/tools/distrib/check_include_guards.py b/tools/distrib/check_include_guards.py
index b356a74d2d..05d34c2b28 100755
--- a/tools/distrib/check_include_guards.py
+++ b/tools/distrib/check_include_guards.py
@@ -157,9 +157,6 @@ args = argp.parse_args()
KNOWN_BAD = set([
'src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.h',
- 'src/core/tsi/alts/handshaker/altscontext.pb.h',
- 'src/core/tsi/alts/handshaker/handshaker.pb.h',
- 'src/core/tsi/alts/handshaker/transport_security_common.pb.h',
'include/grpc++/ext/reflection.grpc.pb.h',
'include/grpc++/ext/reflection.pb.h',
])
diff --git a/tools/distrib/check_nanopb_output.sh b/tools/distrib/check_nanopb_output.sh
index 8b5823b938..a30b73f689 100755
--- a/tools/distrib/check_nanopb_output.sh
+++ b/tools/distrib/check_nanopb_output.sh
@@ -15,7 +15,6 @@
set -ex
-readonly NANOPB_ALTS_TMP_OUTPUT="$(mktemp -d)"
readonly NANOPB_TMP_OUTPUT="$(mktemp -d)"
readonly PROTOBUF_INSTALL_PREFIX="$(mktemp -d)"
@@ -56,29 +55,3 @@ if ! diff -r "$NANOPB_TMP_OUTPUT" src/core/ext/filters/client_channel/lb_policy/
echo "Outputs differ: $NANOPB_TMP_OUTPUT vs $LOAD_BALANCER_GRPC_OUTPUT_PATH"
exit 2
fi
-
-#
-# Checks for handshaker.proto and transport_security_common.proto
-#
-readonly HANDSHAKER_GRPC_OUTPUT_PATH='src/core/tsi/alts/handshaker'
-# nanopb-compile the proto to a temp location
-./tools/codegen/core/gen_nano_proto.sh \
- src/core/tsi/alts/handshaker/proto/handshaker.proto \
- "$NANOPB_ALTS_TMP_OUTPUT" \
- "$HANDSHAKER_GRPC_OUTPUT_PATH"
-./tools/codegen/core/gen_nano_proto.sh \
- src/core/tsi/alts/handshaker/proto/transport_security_common.proto \
- "$NANOPB_ALTS_TMP_OUTPUT" \
- "$HANDSHAKER_GRPC_OUTPUT_PATH"
-./tools/codegen/core/gen_nano_proto.sh \
- src/core/tsi/alts/handshaker/proto/altscontext.proto \
- "$NANOPB_ALTS_TMP_OUTPUT" \
- "$HANDSHAKER_GRPC_OUTPUT_PATH"
-
-# compare outputs to checked compiled code
-for NANOPB_OUTPUT_FILE in $NANOPB_ALTS_TMP_OUTPUT/*.pb.*; do
- if ! diff "$NANOPB_OUTPUT_FILE" "src/core/tsi/alts/handshaker/$(basename $NANOPB_OUTPUT_FILE)"; then
- echo "Outputs differ: $NANOPB_ALTS_TMP_OUTPUT vs $HANDSHAKER_GRPC_OUTPUT_PATH"
- exit 2
- fi
-done
diff --git a/tools/doxygen/Doxyfile.core.internal b/tools/doxygen/Doxyfile.core.internal
index e7e9e04979..57f9147f44 100644
--- a/tools/doxygen/Doxyfile.core.internal
+++ b/tools/doxygen/Doxyfile.core.internal
@@ -1284,17 +1284,6 @@ src/core/lib/profiling/stap_timers.cc \
src/core/lib/profiling/timers.h \
src/core/lib/security/context/security_context.cc \
src/core/lib/security/context/security_context.h \
-src/core/lib/security/credentials/alts/alts_credentials.cc \
-src/core/lib/security/credentials/alts/alts_credentials.h \
-src/core/lib/security/credentials/alts/check_gcp_environment.cc \
-src/core/lib/security/credentials/alts/check_gcp_environment.h \
-src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc \
-src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc \
-src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc \
-src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc \
-src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc \
-src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h \
-src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc \
src/core/lib/security/credentials/composite/composite_credentials.cc \
src/core/lib/security/credentials/composite/composite_credentials.h \
src/core/lib/security/credentials/credentials.cc \
@@ -1319,8 +1308,6 @@ src/core/lib/security/credentials/plugin/plugin_credentials.cc \
src/core/lib/security/credentials/plugin/plugin_credentials.h \
src/core/lib/security/credentials/ssl/ssl_credentials.cc \
src/core/lib/security/credentials/ssl/ssl_credentials.h \
-src/core/lib/security/security_connector/alts_security_connector.cc \
-src/core/lib/security/security_connector/alts_security_connector.h \
src/core/lib/security/security_connector/security_connector.cc \
src/core/lib/security/security_connector/security_connector.h \
src/core/lib/security/transport/auth_filters.h \
@@ -1414,53 +1401,6 @@ src/core/lib/transport/transport_impl.h \
src/core/lib/transport/transport_op_string.cc \
src/core/plugin_registry/grpc_plugin_registry.cc \
src/core/tsi/README.md \
-src/core/tsi/alts/crypt/aes_gcm.cc \
-src/core/tsi/alts/crypt/gsec.cc \
-src/core/tsi/alts/crypt/gsec.h \
-src/core/tsi/alts/frame_protector/alts_counter.cc \
-src/core/tsi/alts/frame_protector/alts_counter.h \
-src/core/tsi/alts/frame_protector/alts_crypter.cc \
-src/core/tsi/alts/frame_protector/alts_crypter.h \
-src/core/tsi/alts/frame_protector/alts_frame_protector.cc \
-src/core/tsi/alts/frame_protector/alts_frame_protector.h \
-src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc \
-src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h \
-src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc \
-src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc \
-src/core/tsi/alts/frame_protector/frame_handler.cc \
-src/core/tsi/alts/frame_protector/frame_handler.h \
-src/core/tsi/alts/handshaker/alts_handshaker_client.cc \
-src/core/tsi/alts/handshaker/alts_handshaker_client.h \
-src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc \
-src/core/tsi/alts/handshaker/alts_handshaker_service_api.h \
-src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc \
-src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h \
-src/core/tsi/alts/handshaker/alts_tsi_event.cc \
-src/core/tsi/alts/handshaker/alts_tsi_event.h \
-src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc \
-src/core/tsi/alts/handshaker/alts_tsi_handshaker.h \
-src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h \
-src/core/tsi/alts/handshaker/alts_tsi_utils.cc \
-src/core/tsi/alts/handshaker/alts_tsi_utils.h \
-src/core/tsi/alts/handshaker/altscontext.pb.c \
-src/core/tsi/alts/handshaker/altscontext.pb.h \
-src/core/tsi/alts/handshaker/handshaker.pb.c \
-src/core/tsi/alts/handshaker/handshaker.pb.h \
-src/core/tsi/alts/handshaker/transport_security_common.pb.c \
-src/core/tsi/alts/handshaker/transport_security_common.pb.h \
-src/core/tsi/alts/handshaker/transport_security_common_api.cc \
-src/core/tsi/alts/handshaker/transport_security_common_api.h \
-src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc \
-src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h \
-src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc \
-src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h \
-src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h \
-src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc \
-src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h \
-src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc \
-src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h \
-src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc \
-src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h \
src/core/tsi/alts_transport_security.cc \
src/core/tsi/alts_transport_security.h \
src/core/tsi/fake_transport_security.cc \
diff --git a/tools/run_tests/generated/sources_and_headers.json b/tools/run_tests/generated/sources_and_headers.json
index 724967145e..6b8b26f41b 100644
--- a/tools/run_tests/generated/sources_and_headers.json
+++ b/tools/run_tests/generated/sources_and_headers.json
@@ -2417,215 +2417,6 @@
},
{
"deps": [
- "alts_test_util",
- "gpr",
- "grpc"
- ],
- "headers": [],
- "is_filegroup": false,
- "language": "c++",
- "name": "alts_counter_test",
- "src": [
- "test/core/tsi/alts/frame_protector/alts_counter_test.cc"
- ],
- "third_party": false,
- "type": "target"
- },
- {
- "deps": [
- "alts_test_util",
- "gpr",
- "gpr_test_util",
- "grpc"
- ],
- "headers": [],
- "is_filegroup": false,
- "language": "c++",
- "name": "alts_crypt_test",
- "src": [
- "test/core/tsi/alts/crypt/aes_gcm_test.cc"
- ],
- "third_party": false,
- "type": "target"
- },
- {
- "deps": [
- "alts_test_util",
- "gpr",
- "grpc"
- ],
- "headers": [],
- "is_filegroup": false,
- "language": "c++",
- "name": "alts_crypter_test",
- "src": [
- "test/core/tsi/alts/frame_protector/alts_crypter_test.cc"
- ],
- "third_party": false,
- "type": "target"
- },
- {
- "deps": [
- "alts_test_util",
- "gpr",
- "grpc"
- ],
- "headers": [],
- "is_filegroup": false,
- "language": "c++",
- "name": "alts_frame_handler_test",
- "src": [
- "test/core/tsi/alts/frame_protector/frame_handler_test.cc"
- ],
- "third_party": false,
- "type": "target"
- },
- {
- "deps": [
- "alts_test_util",
- "gpr",
- "grpc",
- "transport_security_test_lib"
- ],
- "headers": [],
- "is_filegroup": false,
- "language": "c++",
- "name": "alts_frame_protector_test",
- "src": [
- "test/core/tsi/alts/frame_protector/alts_frame_protector_test.cc"
- ],
- "third_party": false,
- "type": "target"
- },
- {
- "deps": [
- "alts_test_util",
- "gpr",
- "grpc"
- ],
- "headers": [],
- "is_filegroup": false,
- "language": "c++",
- "name": "alts_grpc_record_protocol_test",
- "src": [
- "test/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_test.cc"
- ],
- "third_party": false,
- "type": "target"
- },
- {
- "deps": [
- "alts_test_util",
- "gpr",
- "grpc"
- ],
- "headers": [],
- "is_filegroup": false,
- "language": "c++",
- "name": "alts_handshaker_client_test",
- "src": [
- "test/core/tsi/alts/handshaker/alts_handshaker_client_test.cc"
- ],
- "third_party": false,
- "type": "target"
- },
- {
- "deps": [
- "alts_test_util",
- "gpr",
- "grpc"
- ],
- "headers": [],
- "is_filegroup": false,
- "language": "c++",
- "name": "alts_handshaker_service_api_test",
- "src": [
- "test/core/tsi/alts/handshaker/alts_handshaker_service_api_test.cc"
- ],
- "third_party": false,
- "type": "target"
- },
- {
- "deps": [
- "alts_test_util",
- "gpr",
- "grpc"
- ],
- "headers": [],
- "is_filegroup": false,
- "language": "c++",
- "name": "alts_iovec_record_protocol_test",
- "src": [
- "test/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol_test.cc"
- ],
- "third_party": false,
- "type": "target"
- },
- {
- "deps": [
- "gpr",
- "grpc"
- ],
- "headers": [],
- "is_filegroup": false,
- "language": "c++",
- "name": "alts_security_connector_test",
- "src": [
- "test/core/security/alts_security_connector_test.cc"
- ],
- "third_party": false,
- "type": "target"
- },
- {
- "deps": [
- "alts_test_util",
- "gpr",
- "grpc"
- ],
- "headers": [],
- "is_filegroup": false,
- "language": "c++",
- "name": "alts_tsi_handshaker_test",
- "src": [
- "test/core/tsi/alts/handshaker/alts_tsi_handshaker_test.cc"
- ],
- "third_party": false,
- "type": "target"
- },
- {
- "deps": [
- "alts_test_util",
- "gpr",
- "grpc"
- ],
- "headers": [],
- "is_filegroup": false,
- "language": "c++",
- "name": "alts_tsi_utils_test",
- "src": [
- "test/core/tsi/alts/handshaker/alts_tsi_utils_test.cc"
- ],
- "third_party": false,
- "type": "target"
- },
- {
- "deps": [
- "alts_test_util",
- "gpr",
- "grpc"
- ],
- "headers": [],
- "is_filegroup": false,
- "language": "c++",
- "name": "alts_zero_copy_grpc_protector_test",
- "src": [
- "test/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector_test.cc"
- ],
- "third_party": false,
- "type": "target"
- },
- {
- "deps": [
"gpr",
"gpr_test_util",
"grpc",
@@ -3037,36 +2828,6 @@
{
"deps": [
"gpr",
- "grpc"
- ],
- "headers": [],
- "is_filegroup": false,
- "language": "c++",
- "name": "check_gcp_environment_linux_test",
- "src": [
- "test/core/security/check_gcp_environment_linux_test.cc"
- ],
- "third_party": false,
- "type": "target"
- },
- {
- "deps": [
- "gpr",
- "grpc"
- ],
- "headers": [],
- "is_filegroup": false,
- "language": "c++",
- "name": "check_gcp_environment_windows_test",
- "src": [
- "test/core/security/check_gcp_environment_windows_test.cc"
- ],
- "third_party": false,
- "type": "target"
- },
- {
- "deps": [
- "gpr",
"gpr_test_util",
"grpc",
"grpc_test_util"
@@ -3452,21 +3213,6 @@
{
"deps": [
"gpr",
- "grpc"
- ],
- "headers": [],
- "is_filegroup": false,
- "language": "c++",
- "name": "grpc_alts_credentials_options_test",
- "src": [
- "test/core/security/grpc_alts_credentials_options_test.cc"
- ],
- "third_party": false,
- "type": "target"
- },
- {
- "deps": [
- "gpr",
"grpc",
"grpc++",
"grpc++_proto_reflection_desc_db",
@@ -4627,22 +4373,6 @@
},
{
"deps": [
- "alts_test_util",
- "gpr",
- "grpc"
- ],
- "headers": [],
- "is_filegroup": false,
- "language": "c++",
- "name": "transport_security_common_api_test",
- "src": [
- "test/core/tsi/alts/handshaker/transport_security_common_api_test.cc"
- ],
- "third_party": false,
- "type": "target"
- },
- {
- "deps": [
"gpr",
"gpr_test_util",
"grpc",
@@ -6561,26 +6291,6 @@
},
{
"deps": [
- "grpc"
- ],
- "headers": [
- "test/core/tsi/alts/crypt/gsec_test_util.h",
- "test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.h"
- ],
- "is_filegroup": false,
- "language": "c",
- "name": "alts_test_util",
- "src": [
- "test/core/tsi/alts/crypt/gsec_test_util.cc",
- "test/core/tsi/alts/crypt/gsec_test_util.h",
- "test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.cc",
- "test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.h"
- ],
- "third_party": false,
- "type": "lib"
- },
- {
- "deps": [
"gpr_base"
],
"headers": [],
@@ -8579,138 +8289,6 @@
},
{
"deps": [
- "nanopb"
- ],
- "headers": [
- "src/core/tsi/alts/handshaker/altscontext.pb.h",
- "src/core/tsi/alts/handshaker/handshaker.pb.h",
- "src/core/tsi/alts/handshaker/transport_security_common.pb.h"
- ],
- "is_filegroup": true,
- "language": "c",
- "name": "alts_proto",
- "src": [
- "src/core/tsi/alts/handshaker/altscontext.pb.c",
- "src/core/tsi/alts/handshaker/altscontext.pb.h",
- "src/core/tsi/alts/handshaker/handshaker.pb.c",
- "src/core/tsi/alts/handshaker/handshaker.pb.h",
- "src/core/tsi/alts/handshaker/transport_security_common.pb.c",
- "src/core/tsi/alts/handshaker/transport_security_common.pb.h"
- ],
- "third_party": false,
- "type": "filegroup"
- },
- {
- "deps": [
- "alts_util",
- "gpr",
- "grpc_base",
- "grpc_transport_chttp2_client_insecure",
- "tsi",
- "tsi_interface"
- ],
- "headers": [
- "src/core/tsi/alts/crypt/gsec.h",
- "src/core/tsi/alts/frame_protector/alts_counter.h",
- "src/core/tsi/alts/frame_protector/alts_crypter.h",
- "src/core/tsi/alts/frame_protector/alts_frame_protector.h",
- "src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h",
- "src/core/tsi/alts/frame_protector/frame_handler.h",
- "src/core/tsi/alts/handshaker/alts_handshaker_client.h",
- "src/core/tsi/alts/handshaker/alts_tsi_event.h",
- "src/core/tsi/alts/handshaker/alts_tsi_handshaker.h",
- "src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h",
- "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h",
- "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h",
- "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h",
- "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h",
- "src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h",
- "src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h"
- ],
- "is_filegroup": true,
- "language": "c",
- "name": "alts_tsi",
- "src": [
- "src/core/tsi/alts/crypt/aes_gcm.cc",
- "src/core/tsi/alts/crypt/gsec.cc",
- "src/core/tsi/alts/crypt/gsec.h",
- "src/core/tsi/alts/frame_protector/alts_counter.cc",
- "src/core/tsi/alts/frame_protector/alts_counter.h",
- "src/core/tsi/alts/frame_protector/alts_crypter.cc",
- "src/core/tsi/alts/frame_protector/alts_crypter.h",
- "src/core/tsi/alts/frame_protector/alts_frame_protector.cc",
- "src/core/tsi/alts/frame_protector/alts_frame_protector.h",
- "src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc",
- "src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h",
- "src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc",
- "src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc",
- "src/core/tsi/alts/frame_protector/frame_handler.cc",
- "src/core/tsi/alts/frame_protector/frame_handler.h",
- "src/core/tsi/alts/handshaker/alts_handshaker_client.cc",
- "src/core/tsi/alts/handshaker/alts_handshaker_client.h",
- "src/core/tsi/alts/handshaker/alts_tsi_event.cc",
- "src/core/tsi/alts/handshaker/alts_tsi_event.h",
- "src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc",
- "src/core/tsi/alts/handshaker/alts_tsi_handshaker.h",
- "src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h",
- "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc",
- "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h",
- "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc",
- "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h",
- "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h",
- "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc",
- "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h",
- "src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc",
- "src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h",
- "src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc",
- "src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h"
- ],
- "third_party": false,
- "type": "filegroup"
- },
- {
- "deps": [
- "alts_proto",
- "gpr",
- "grpc_base",
- "nanopb",
- "tsi_interface"
- ],
- "headers": [
- "src/core/lib/security/credentials/alts/check_gcp_environment.h",
- "src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h",
- "src/core/tsi/alts/handshaker/alts_handshaker_service_api.h",
- "src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h",
- "src/core/tsi/alts/handshaker/alts_tsi_utils.h",
- "src/core/tsi/alts/handshaker/transport_security_common_api.h"
- ],
- "is_filegroup": true,
- "language": "c",
- "name": "alts_util",
- "src": [
- "src/core/lib/security/credentials/alts/check_gcp_environment.cc",
- "src/core/lib/security/credentials/alts/check_gcp_environment.h",
- "src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc",
- "src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc",
- "src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc",
- "src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc",
- "src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc",
- "src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h",
- "src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc",
- "src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc",
- "src/core/tsi/alts/handshaker/alts_handshaker_service_api.h",
- "src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc",
- "src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h",
- "src/core/tsi/alts/handshaker/alts_tsi_utils.cc",
- "src/core/tsi/alts/handshaker/alts_tsi_utils.h",
- "src/core/tsi/alts/handshaker/transport_security_common_api.cc",
- "src/core/tsi/alts/handshaker/transport_security_common_api.h"
- ],
- "third_party": false,
- "type": "filegroup"
- },
- {
- "deps": [
"gpr",
"grpc_base",
"nanopb"
@@ -9793,7 +9371,6 @@
},
{
"deps": [
- "alts_tsi",
"gpr",
"grpc_base",
"grpc_transport_chttp2_alpn",
@@ -9802,7 +9379,6 @@
"headers": [
"include/grpc/grpc_security.h",
"src/core/lib/security/context/security_context.h",
- "src/core/lib/security/credentials/alts/alts_credentials.h",
"src/core/lib/security/credentials/composite/composite_credentials.h",
"src/core/lib/security/credentials/credentials.h",
"src/core/lib/security/credentials/fake/fake_credentials.h",
@@ -9814,7 +9390,6 @@
"src/core/lib/security/credentials/oauth2/oauth2_credentials.h",
"src/core/lib/security/credentials/plugin/plugin_credentials.h",
"src/core/lib/security/credentials/ssl/ssl_credentials.h",
- "src/core/lib/security/security_connector/alts_security_connector.h",
"src/core/lib/security/security_connector/security_connector.h",
"src/core/lib/security/transport/auth_filters.h",
"src/core/lib/security/transport/secure_endpoint.h",
@@ -9831,8 +9406,6 @@
"src/core/lib/http/httpcli_security_connector.cc",
"src/core/lib/security/context/security_context.cc",
"src/core/lib/security/context/security_context.h",
- "src/core/lib/security/credentials/alts/alts_credentials.cc",
- "src/core/lib/security/credentials/alts/alts_credentials.h",
"src/core/lib/security/credentials/composite/composite_credentials.cc",
"src/core/lib/security/credentials/composite/composite_credentials.h",
"src/core/lib/security/credentials/credentials.cc",
@@ -9857,8 +9430,6 @@
"src/core/lib/security/credentials/plugin/plugin_credentials.h",
"src/core/lib/security/credentials/ssl/ssl_credentials.cc",
"src/core/lib/security/credentials/ssl/ssl_credentials.h",
- "src/core/lib/security/security_connector/alts_security_connector.cc",
- "src/core/lib/security/security_connector/alts_security_connector.h",
"src/core/lib/security/security_connector/security_connector.cc",
"src/core/lib/security/security_connector/security_connector.h",
"src/core/lib/security/transport/auth_filters.h",
diff --git a/tools/run_tests/generated/tests.json b/tools/run_tests/generated/tests.json
index b7fdb6f579..6ce7ec28c4 100644
--- a/tools/run_tests/generated/tests.json
+++ b/tools/run_tests/generated/tests.json
@@ -2876,318 +2876,6 @@
"exclude_configs": [],
"exclude_iomgrs": [],
"flaky": false,
- "gtest": false,
- "language": "c++",
- "name": "alts_counter_test",
- "platforms": [
- "linux",
- "mac",
- "posix",
- "windows"
- ],
- "uses_polling": true
- },
- {
- "args": [],
- "benchmark": false,
- "ci_platforms": [
- "linux",
- "mac",
- "posix",
- "windows"
- ],
- "cpu_cost": 1.0,
- "exclude_configs": [],
- "exclude_iomgrs": [],
- "flaky": false,
- "gtest": false,
- "language": "c++",
- "name": "alts_crypt_test",
- "platforms": [
- "linux",
- "mac",
- "posix",
- "windows"
- ],
- "uses_polling": true
- },
- {
- "args": [],
- "benchmark": false,
- "ci_platforms": [
- "linux",
- "mac",
- "posix",
- "windows"
- ],
- "cpu_cost": 1.0,
- "exclude_configs": [],
- "exclude_iomgrs": [],
- "flaky": false,
- "gtest": false,
- "language": "c++",
- "name": "alts_crypter_test",
- "platforms": [
- "linux",
- "mac",
- "posix",
- "windows"
- ],
- "uses_polling": true
- },
- {
- "args": [],
- "benchmark": false,
- "ci_platforms": [
- "linux",
- "mac",
- "posix",
- "windows"
- ],
- "cpu_cost": 1.0,
- "exclude_configs": [],
- "exclude_iomgrs": [],
- "flaky": false,
- "gtest": false,
- "language": "c++",
- "name": "alts_frame_handler_test",
- "platforms": [
- "linux",
- "mac",
- "posix",
- "windows"
- ],
- "uses_polling": true
- },
- {
- "args": [],
- "benchmark": false,
- "ci_platforms": [
- "linux",
- "mac",
- "posix",
- "windows"
- ],
- "cpu_cost": 1.0,
- "exclude_configs": [],
- "exclude_iomgrs": [],
- "flaky": false,
- "gtest": false,
- "language": "c++",
- "name": "alts_frame_protector_test",
- "platforms": [
- "linux",
- "mac",
- "posix",
- "windows"
- ],
- "uses_polling": true
- },
- {
- "args": [],
- "benchmark": false,
- "ci_platforms": [
- "linux",
- "mac",
- "posix",
- "windows"
- ],
- "cpu_cost": 1.0,
- "exclude_configs": [],
- "exclude_iomgrs": [],
- "flaky": false,
- "gtest": false,
- "language": "c++",
- "name": "alts_grpc_record_protocol_test",
- "platforms": [
- "linux",
- "mac",
- "posix",
- "windows"
- ],
- "uses_polling": true
- },
- {
- "args": [],
- "benchmark": false,
- "ci_platforms": [
- "linux",
- "mac",
- "posix",
- "windows"
- ],
- "cpu_cost": 1.0,
- "exclude_configs": [],
- "exclude_iomgrs": [],
- "flaky": false,
- "gtest": false,
- "language": "c++",
- "name": "alts_handshaker_client_test",
- "platforms": [
- "linux",
- "mac",
- "posix",
- "windows"
- ],
- "uses_polling": true
- },
- {
- "args": [],
- "benchmark": false,
- "ci_platforms": [
- "linux",
- "mac",
- "posix",
- "windows"
- ],
- "cpu_cost": 1.0,
- "exclude_configs": [],
- "exclude_iomgrs": [],
- "flaky": false,
- "gtest": false,
- "language": "c++",
- "name": "alts_handshaker_service_api_test",
- "platforms": [
- "linux",
- "mac",
- "posix",
- "windows"
- ],
- "uses_polling": true
- },
- {
- "args": [],
- "benchmark": false,
- "ci_platforms": [
- "linux",
- "mac",
- "posix",
- "windows"
- ],
- "cpu_cost": 1.0,
- "exclude_configs": [],
- "exclude_iomgrs": [],
- "flaky": false,
- "gtest": false,
- "language": "c++",
- "name": "alts_iovec_record_protocol_test",
- "platforms": [
- "linux",
- "mac",
- "posix",
- "windows"
- ],
- "uses_polling": true
- },
- {
- "args": [],
- "benchmark": false,
- "ci_platforms": [
- "linux",
- "mac",
- "posix",
- "windows"
- ],
- "cpu_cost": 1.0,
- "exclude_configs": [],
- "exclude_iomgrs": [],
- "flaky": false,
- "gtest": false,
- "language": "c++",
- "name": "alts_security_connector_test",
- "platforms": [
- "linux",
- "mac",
- "posix",
- "windows"
- ],
- "uses_polling": true
- },
- {
- "args": [],
- "benchmark": false,
- "ci_platforms": [
- "linux",
- "mac",
- "posix",
- "windows"
- ],
- "cpu_cost": 1.0,
- "exclude_configs": [],
- "exclude_iomgrs": [],
- "flaky": false,
- "gtest": false,
- "language": "c++",
- "name": "alts_tsi_handshaker_test",
- "platforms": [
- "linux",
- "mac",
- "posix",
- "windows"
- ],
- "uses_polling": true
- },
- {
- "args": [],
- "benchmark": false,
- "ci_platforms": [
- "linux",
- "mac",
- "posix",
- "windows"
- ],
- "cpu_cost": 1.0,
- "exclude_configs": [],
- "exclude_iomgrs": [],
- "flaky": false,
- "gtest": false,
- "language": "c++",
- "name": "alts_tsi_utils_test",
- "platforms": [
- "linux",
- "mac",
- "posix",
- "windows"
- ],
- "uses_polling": true
- },
- {
- "args": [],
- "benchmark": false,
- "ci_platforms": [
- "linux",
- "mac",
- "posix",
- "windows"
- ],
- "cpu_cost": 1.0,
- "exclude_configs": [],
- "exclude_iomgrs": [],
- "flaky": false,
- "gtest": false,
- "language": "c++",
- "name": "alts_zero_copy_grpc_protector_test",
- "platforms": [
- "linux",
- "mac",
- "posix",
- "windows"
- ],
- "uses_polling": true
- },
- {
- "args": [],
- "benchmark": false,
- "ci_platforms": [
- "linux",
- "mac",
- "posix",
- "windows"
- ],
- "cpu_cost": 1.0,
- "exclude_configs": [],
- "exclude_iomgrs": [],
- "flaky": false,
"gtest": true,
"language": "c++",
"name": "async_end2end_test",
@@ -3662,54 +3350,6 @@
"exclude_configs": [],
"exclude_iomgrs": [],
"flaky": false,
- "gtest": false,
- "language": "c++",
- "name": "check_gcp_environment_linux_test",
- "platforms": [
- "linux",
- "mac",
- "posix",
- "windows"
- ],
- "uses_polling": true
- },
- {
- "args": [],
- "benchmark": false,
- "ci_platforms": [
- "linux",
- "mac",
- "posix",
- "windows"
- ],
- "cpu_cost": 1.0,
- "exclude_configs": [],
- "exclude_iomgrs": [],
- "flaky": false,
- "gtest": false,
- "language": "c++",
- "name": "check_gcp_environment_windows_test",
- "platforms": [
- "linux",
- "mac",
- "posix",
- "windows"
- ],
- "uses_polling": true
- },
- {
- "args": [],
- "benchmark": false,
- "ci_platforms": [
- "linux",
- "mac",
- "posix",
- "windows"
- ],
- "cpu_cost": 1.0,
- "exclude_configs": [],
- "exclude_iomgrs": [],
- "flaky": false,
"gtest": true,
"language": "c++",
"name": "chttp2_settings_timeout_test",
@@ -4142,30 +3782,6 @@
"exclude_configs": [],
"exclude_iomgrs": [],
"flaky": false,
- "gtest": false,
- "language": "c++",
- "name": "grpc_alts_credentials_options_test",
- "platforms": [
- "linux",
- "mac",
- "posix",
- "windows"
- ],
- "uses_polling": true
- },
- {
- "args": [],
- "benchmark": false,
- "ci_platforms": [
- "linux",
- "mac",
- "posix",
- "windows"
- ],
- "cpu_cost": 1.0,
- "exclude_configs": [],
- "exclude_iomgrs": [],
- "flaky": false,
"gtest": true,
"language": "c++",
"name": "grpc_tool_test",
@@ -5062,30 +4678,6 @@
"ci_platforms": [
"linux",
"mac",
- "posix",
- "windows"
- ],
- "cpu_cost": 1.0,
- "exclude_configs": [],
- "exclude_iomgrs": [],
- "flaky": false,
- "gtest": false,
- "language": "c++",
- "name": "transport_security_common_api_test",
- "platforms": [
- "linux",
- "mac",
- "posix",
- "windows"
- ],
- "uses_polling": true
- },
- {
- "args": [],
- "benchmark": false,
- "ci_platforms": [
- "linux",
- "mac",
"posix"
],
"cpu_cost": 0.5,