Remove post-quantum experiment signal extension.
The experiment has concluded, so we don't need this anymore.
Change-Id: Id99722394d5d0525f536bddea5df6cde8bb44c94
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/38944
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index b0ee69a..d23d0f2 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -3058,19 +3058,6 @@
OPENSSL_EXPORT const char *SSL_get_psk_identity(const SSL *ssl);
-// Post-quantum experiment signaling extension.
-//
-// *** EXPERIMENTAL ***
-//
-// In order to define a control group in an experiment of post-quantum key
-// agreements, clients and servers may send a non-IANA defined extension as a
-// signaling bit. These functions should not be used without explicit permission
-// from BoringSSL-team.
-
-OPENSSL_EXPORT void SSL_CTX_enable_pq_experiment_signal(SSL_CTX *ctx);
-OPENSSL_EXPORT int SSL_pq_experiment_signal_seen(const SSL *ssl);
-
-
// QUIC transport parameters.
//
// draft-ietf-quic-tls defines a new TLS extension quic_transport_parameters
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index e3209b6..8b61d5a 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -244,9 +244,6 @@
// This is not an IANA defined extension number
#define TLSEXT_TYPE_channel_id 30032
-// This is not an IANA defined extension number
-#define TLSEXT_TYPE_pq_experiment_signal 54538
-
// status request value from RFC 3546
#define TLSEXT_STATUSTYPE_nothing (-1)
#define TLSEXT_STATUSTYPE_ocsp 1
diff --git a/ssl/internal.h b/ssl/internal.h
index dca1b95..41135e3 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -2374,10 +2374,6 @@
// token_binding_negotiated is set if Token Binding was negotiated.
bool token_binding_negotiated : 1;
- // pq_experimental_signal_seen is true if the peer was observed
- // sending/echoing the post-quantum experiment signal.
- bool pq_experiment_signal_seen : 1;
-
// alert_dispatch is true there is an alert in |send_alert| to be sent.
bool alert_dispatch : 1;
@@ -3317,11 +3313,6 @@
// If enable_early_data is true, early data can be sent and accepted.
bool enable_early_data : 1;
- // pq_experiment_signal indicates that an empty extension should be sent
- // (for clients) or echoed (for servers) to indicate participation in an
- // experiment of post-quantum key exchanges.
- bool pq_experiment_signal : 1;
-
private:
~ssl_ctx_st();
friend void SSL_CTX_free(SSL_CTX *);
diff --git a/ssl/s3_lib.cc b/ssl/s3_lib.cc
index 6b0635b..978b108 100644
--- a/ssl/s3_lib.cc
+++ b/ssl/s3_lib.cc
@@ -179,7 +179,6 @@
early_data_accepted(false),
tls13_downgrade(false),
token_binding_negotiated(false),
- pq_experiment_signal_seen(false),
alert_dispatch(false),
renegotiate_pending(false),
used_hello_retry_request(false) {}
diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc
index 1daf03f..0e0a6cb 100644
--- a/ssl/ssl_lib.cc
+++ b/ssl/ssl_lib.cc
@@ -569,8 +569,7 @@
false_start_allowed_without_alpn(false),
ignore_tls13_downgrade(false),
handoff(false),
- enable_early_data(false),
- pq_experiment_signal(false) {
+ enable_early_data(false) {
CRYPTO_MUTEX_init(&lock);
CRYPTO_new_ex_data(&ex_data);
}
@@ -1238,14 +1237,6 @@
return ssl_send_alert_impl(ssl, SSL3_AL_FATAL, alert);
}
-void SSL_CTX_enable_pq_experiment_signal(SSL_CTX *ctx) {
- ctx->pq_experiment_signal = true;
-}
-
-int SSL_pq_experiment_signal_seen(const SSL *ssl) {
- return ssl->s3->pq_experiment_signal_seen;
-}
-
int SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params,
size_t params_len) {
return ssl->config && ssl->config->quic_transport_params.CopyFrom(
diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc
index 298dc9b..0a1cef4 100644
--- a/ssl/t1_lib.cc
+++ b/ssl/t1_lib.cc
@@ -2855,66 +2855,6 @@
}
-// Post-quantum experiment signal
-//
-// This extension may be used in order to identify a control group for
-// experimenting with post-quantum key exchange algorithms.
-
-static bool ext_pq_experiment_signal_add_clienthello(SSL_HANDSHAKE *hs,
- CBB *out) {
- if (hs->ssl->ctx->pq_experiment_signal &&
- (!CBB_add_u16(out, TLSEXT_TYPE_pq_experiment_signal) ||
- !CBB_add_u16(out, 0))) {
- return false;
- }
-
- return true;
-}
-
-static bool ext_pq_experiment_signal_parse_serverhello(SSL_HANDSHAKE *hs,
- uint8_t *out_alert,
- CBS *contents) {
- if (contents == nullptr) {
- return true;
- }
-
- if (!hs->ssl->ctx->pq_experiment_signal || CBS_len(contents) != 0) {
- return false;
- }
-
- hs->ssl->s3->pq_experiment_signal_seen = true;
- return true;
-}
-
-static bool ext_pq_experiment_signal_parse_clienthello(SSL_HANDSHAKE *hs,
- uint8_t *out_alert,
- CBS *contents) {
- if (contents == nullptr) {
- return true;
- }
-
- if (CBS_len(contents) != 0) {
- return false;
- }
-
- if (hs->ssl->ctx->pq_experiment_signal) {
- hs->ssl->s3->pq_experiment_signal_seen = true;
- }
-
- return true;
-}
-
-static bool ext_pq_experiment_signal_add_serverhello(SSL_HANDSHAKE *hs,
- CBB *out) {
- if (hs->ssl->s3->pq_experiment_signal_seen &&
- (!CBB_add_u16(out, TLSEXT_TYPE_pq_experiment_signal) ||
- !CBB_add_u16(out, 0))) {
- return false;
- }
-
- return true;
-}
-
// kExtensions contains all the supported extensions.
static const struct tls_extension kExtensions[] = {
{
@@ -3103,14 +3043,6 @@
ext_delegated_credential_parse_clienthello,
dont_add_serverhello,
},
- {
- TLSEXT_TYPE_pq_experiment_signal,
- NULL,
- ext_pq_experiment_signal_add_clienthello,
- ext_pq_experiment_signal_parse_serverhello,
- ext_pq_experiment_signal_parse_clienthello,
- ext_pq_experiment_signal_add_serverhello,
- },
};
#define kNumExtensions (sizeof(kExtensions) / sizeof(struct tls_extension))
diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc
index 5748fb9..acef905 100644
--- a/ssl/test/bssl_shim.cc
+++ b/ssl/test/bssl_shim.cc
@@ -669,13 +669,6 @@
return false;
}
- if (config->expect_pq_experiment_signal !=
- !!SSL_pq_experiment_signal_seen(ssl)) {
- fprintf(stderr, "Got %sPQ experiment signal, but wanted opposite. \n",
- SSL_pq_experiment_signal_seen(ssl) ? "" : "no ");
- return false;
- }
-
if ((config->expect_hrr && !SSL_used_hello_retry_request(ssl)) ||
(config->expect_no_hrr && SSL_used_hello_retry_request(ssl))) {
fprintf(stderr, "Got %sHRR, but wanted opposite.\n",
diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index e78e9a2..14f5886 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go
@@ -126,7 +126,6 @@
extensionQUICTransportParams uint16 = 0xffa5 // draft-ietf-quic-tls-13
extensionChannelID uint16 = 30032 // not IANA assigned
extensionDelegatedCredentials uint16 = 0xff02 // not IANA assigned
- extensionPQExperimentSignal uint16 = 54538
)
// TLS signaling cipher suite values
@@ -500,11 +499,6 @@
CertCompressionAlgs map[uint16]CertCompressionAlg
- // PQExperimentSignal instructs a client to send a non-IANA defined extension
- // that signals participation in an experiment of post-quantum key exchange
- // methods.
- PQExperimentSignal bool
-
// Bugs specifies optional misbehaviour to be used for testing other
// implementations.
Bugs ProtocolBugs
@@ -1648,10 +1642,6 @@
// DisableDelegatedCredentials, if true, disables client support for delegated
// credentials.
DisableDelegatedCredentials bool
-
- // ExpectPQExperimentSignal specifies whether or not the post-quantum
- // experiment signal should be received by a client or server.
- ExpectPQExperimentSignal bool
}
func (c *Config) serverInit() {
diff --git a/ssl/test/runner/handshake_client.go b/ssl/test/runner/handshake_client.go
index 9ae45c2..09e08a8 100644
--- a/ssl/test/runner/handshake_client.go
+++ b/ssl/test/runner/handshake_client.go
@@ -128,7 +128,6 @@
omitExtensions: c.config.Bugs.OmitExtensions,
emptyExtensions: c.config.Bugs.EmptyExtensions,
delegatedCredentials: !c.config.Bugs.DisableDelegatedCredentials,
- pqExperimentSignal: c.config.PQExperimentSignal,
}
if maxVersion >= VersionTLS13 {
@@ -1672,10 +1671,6 @@
c.quicTransportParams = serverExtensions.quicTransportParams
}
- if c.config.Bugs.ExpectPQExperimentSignal != serverExtensions.pqExperimentSignal {
- return fmt.Errorf("tls: PQ experiment signal presence (%t) was not what was expected", serverExtensions.pqExperimentSignal)
- }
-
return nil
}
diff --git a/ssl/test/runner/handshake_messages.go b/ssl/test/runner/handshake_messages.go
index ac52eed..a1ce421 100644
--- a/ssl/test/runner/handshake_messages.go
+++ b/ssl/test/runner/handshake_messages.go
@@ -298,7 +298,6 @@
pad int
compressedCertAlgs []uint16
delegatedCredentials bool
- pqExperimentSignal bool
}
func (m *clientHelloMsg) equal(i interface{}) bool {
@@ -353,8 +352,7 @@
m.emptyExtensions == m1.emptyExtensions &&
m.pad == m1.pad &&
eqUint16s(m.compressedCertAlgs, m1.compressedCertAlgs) &&
- m.delegatedCredentials == m1.delegatedCredentials &&
- m.pqExperimentSignal == m1.pqExperimentSignal
+ m.delegatedCredentials == m1.delegatedCredentials
}
func (m *clientHelloMsg) marshalKeyShares(bb *byteBuilder) {
@@ -600,10 +598,6 @@
extensions.addU16(extensionDelegatedCredentials)
extensions.addU16(0) // Length is always 0
}
- if m.pqExperimentSignal {
- extensions.addU16(extensionPQExperimentSignal)
- extensions.addU16(0) // Length is always 0
- }
// The PSK extension must be last. See https://tools.ietf.org/html/rfc8446#section-4.2.11
if len(m.pskIdentities) > 0 && !m.pskBinderFirst {
@@ -731,7 +725,6 @@
m.extendedMasterSecret = false
m.customExtension = ""
m.delegatedCredentials = false
- m.pqExperimentSignal = false
if len(reader) == 0 {
// ClientHello is optionally followed by extension data
@@ -967,11 +960,6 @@
return false
}
m.delegatedCredentials = true
- case extensionPQExperimentSignal:
- if len(body) != 0 {
- return false
- }
- m.pqExperimentSignal = true
}
if isGREASEValue(extension) {
@@ -1239,7 +1227,6 @@
supportedCurves []CurveID
quicTransportParams []byte
serverNameAck bool
- pqExperimentSignal bool
}
func (m *serverExtensions) marshal(extensions *byteBuilder) {
@@ -1374,10 +1361,6 @@
extensions.addU16(extensionServerName)
extensions.addU16(0) // zero length
}
- if m.pqExperimentSignal {
- extensions.addU16(extensionPQExperimentSignal)
- extensions.addU16(0) // zero length
- }
}
func (m *serverExtensions) unmarshal(data byteReader, version uint16) bool {
@@ -1486,11 +1469,6 @@
return false
}
m.hasEarlyData = true
- case extensionPQExperimentSignal:
- if len(body) != 0 {
- return false
- }
- m.pqExperimentSignal = true
default:
// Unknown extensions are illegal from the server.
return false
diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go
index 2427856..47011d2 100644
--- a/ssl/test/runner/handshake_server.go
+++ b/ssl/test/runner/handshake_server.go
@@ -227,10 +227,6 @@
}
}
- if c.config.Bugs.ExpectPQExperimentSignal != hs.clientHello.pqExperimentSignal {
- return fmt.Errorf("tls: PQ experiment signal presence (%t) was not what was expected", hs.clientHello.pqExperimentSignal)
- }
-
c.clientVersion = hs.clientHello.vers
// Use the versions extension if supplied, otherwise use the legacy ClientHello version.
@@ -1450,7 +1446,6 @@
}
serverExtensions.serverNameAck = c.config.Bugs.SendServerNameAck
- serverExtensions.pqExperimentSignal = hs.clientHello.pqExperimentSignal
return nil
}
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index fc68ce9..ba0d307 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -15235,67 +15235,6 @@
})
}
-func addPQExperimentSignalTests() {
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "PQExperimentSignal-Server-NoEchoIfNotConfigured",
- config: Config{
- MinVersion: VersionTLS13,
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- ExpectPQExperimentSignal: false,
- },
- PQExperimentSignal: true,
- },
- })
-
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "PQExperimentSignal-Server-Echo",
- config: Config{
- MinVersion: VersionTLS13,
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- ExpectPQExperimentSignal: true,
- },
- PQExperimentSignal: true,
- },
- flags: []string{
- "-enable-pq-experiment-signal",
- "-expect-pq-experiment-signal",
- },
- })
-
- testCases = append(testCases, testCase{
- testType: clientTest,
- name: "PQExperimentSignal-Client-NotDefault",
- config: Config{
- MinVersion: VersionTLS13,
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- ExpectPQExperimentSignal: false,
- },
- PQExperimentSignal: true,
- },
- })
-
- testCases = append(testCases, testCase{
- testType: clientTest,
- name: "PQExperimentSignal-Client",
- config: Config{
- MinVersion: VersionTLS13,
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- ExpectPQExperimentSignal: true,
- },
- },
- flags: []string{
- "-enable-pq-experiment-signal",
- "-expect-pq-experiment-signal",
- },
- })
-}
-
func worker(statusChan chan statusMsg, c chan *testCase, shimPath string, wg *sync.WaitGroup) {
defer wg.Done()
@@ -15433,7 +15372,6 @@
addCertCompressionTests()
addJDK11WorkaroundTests()
addDelegatedCredentialTests()
- addPQExperimentSignalTests()
testCases = append(testCases, convertToSplitHandshakeTests(testCases)...)
diff --git a/ssl/test/test_config.cc b/ssl/test/test_config.cc
index 585e3fd..2a84810 100644
--- a/ssl/test/test_config.cc
+++ b/ssl/test/test_config.cc
@@ -151,8 +151,6 @@
{"-key-update", &TestConfig::key_update},
{"-expect-delegated-credential-used",
&TestConfig::expect_delegated_credential_used},
- {"-enable-pq-experiment-signal", &TestConfig::enable_pq_experiment_signal},
- {"-expect-pq-experiment-signal", &TestConfig::expect_pq_experiment_signal},
{"-expect-hrr", &TestConfig::expect_hrr},
{"-expect-no-hrr", &TestConfig::expect_no_hrr},
};
@@ -1322,10 +1320,6 @@
SSL_CTX_set_options(ssl_ctx.get(), SSL_OP_CIPHER_SERVER_PREFERENCE);
}
- if (enable_pq_experiment_signal) {
- SSL_CTX_enable_pq_experiment_signal(ssl_ctx.get());
- }
-
return ssl_ctx;
}
diff --git a/ssl/test/test_config.h b/ssl/test/test_config.h
index b94ca10..24011a8 100644
--- a/ssl/test/test_config.h
+++ b/ssl/test/test_config.h
@@ -176,8 +176,6 @@
bool expect_delegated_credential_used = false;
std::string delegated_credential;
std::string expect_early_data_reason;
- bool enable_pq_experiment_signal = false;
- bool expect_pq_experiment_signal = false;
bool expect_hrr = false;
bool expect_no_hrr = false;
