diff --git a/picoquic/picoquic_internal.h b/picoquic/picoquic_internal.h
index b75e91dbb8fe65f2b498c4b91a41a39947fc2251..941a8e10acd10c3d02ea2c51429008fe4378ee3f 100644
--- a/picoquic/picoquic_internal.h
+++ b/picoquic/picoquic_internal.h
@@ -949,13 +949,6 @@ int picoquic_prepare_transport_extensions(picoquic_cnx_t* cnx, int extension_mod
int picoquic_receive_transport_extensions(picoquic_cnx_t* cnx, int extension_mode,
uint8_t* bytes, size_t bytes_max, size_t* consumed);
-/* Queue stateless reset */
-void picoquic_queue_stateless_reset(picoquic_cnx_t* cnx,
- picoquic_packet_header* ph, struct sockaddr* addr_from,
- struct sockaddr* addr_to,
- unsigned long if_index_to,
- uint64_t current_time);
-
picoquic_misc_frame_header_t* picoquic_create_misc_frame(const uint8_t* bytes, size_t length);
#define STREAM_RESET_SENT(stream) ((stream->stream_flags & picoquic_stream_flag_reset_sent) != 0)
diff --git a/picoquictest/tls_api_test.c b/picoquictest/tls_api_test.c
index bf92b0d18fd29eb051c19f43dd442dc2d30ffef1..1c656a1fc13701f92a170652a6b96933c2249d0f 100644
--- a/picoquictest/tls_api_test.c
+++ b/picoquictest/tls_api_test.c
@@ -2230,336 +2230,6 @@ int spurious_retransmit_test()
return ret;
}
-#if 0
-
-/*
- * Test whether the server correctly sends an HRR in response to a
- * Client Hello proposing an unsupported key share.
- */
-
-static uint8_t clientHelloWrongKeyShare[] = {
-#if 0
- /* TLs Stream header, including offset and length */
- 0x18, 0x00, 0x41, 0x29,
- /* TLS Record Header, end with 2 bytes length*/
- 0x16, 0x03, 0x03, 0x01, 0x24,
-#else
- /* TLs Stream header, including offset and length */
- 0x18, 0x00, 0x41, 0x24,
-#endif
- /* Handshake protocol header for CH, end with 3 bytes length */
- 0x01, 0x00, 0x01, 0x20,
- /* CH length 73 + extensions 209 = 282, 0x0120 */
- /* Legacy version ID*/
- 0x03, 0x03,
- /* Client random, 32 bytes*/
- 0xc4, 0xe2, 0xea, 0xb7, 0xcc, 0x4b, 0xbb, 0x43, 0x7d, 0xfa,
- 0xb4, 0x7c, 0xa5, 0x6a, 0xf8, 0xa0, 0xdb, 0x07, 0x2b, 0x90,
- 0xa4, 0x9f, 0xac, 0x89, 0x84, 0x9c, 0x10, 0xb2, 0xa5, 0x6a,
- 0x7d, 0xfa,
- /* Legacy session ID l=32 + 32 bytes */
- 0x20,
- 0xf8, 0xa0, 0xdb, 0x07, 0x2b, 0x90, 0xe5, 0x36, 0xf9, 0xc4,
- 0xa4, 0x9f, 0xac, 0x89, 0x84, 0x9c, 0x10, 0xb2, 0xa5, 0x6a,
- 0xb4, 0x7c, 0xa5, 0x6a, 0xf8, 0xa0, 0xdb, 0x07, 0x2b, 0x90,
- 0x7d, 0xfa,
- /* Cipher suites */
- 0x00, 0x06, 0x13, 0x01, 0x13, 0x04, 0x13, 0x02,
- /* Legacy compression methods */
- 0x01, 0x00,
- /* End of CH after extension length */
- 0x00, 0xd1,
- /* Series of extenstion, 2 bytes type + 2 bytes length, total = 209 */
- /* Extension type 0, SNI, 15 bytes */
- 0x00, 0x00, 0x00, 0x0b,
- 0x00, 0x09, 0x00, 0x00, 0x06, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72,
- /* Extension type 16, ALPN, 12 bytes */
- /* TODO: update hq-09 to supported version */
- 0x00, 0x10, 0x00, 0x08,
- 0x00, 0x06, 0x05, 0x68, 0x71, 0x2d, 0x30, 0x39,
- /* Some extended value, 5 bytes */
- 0xff, 0x01, 0x00, 0x01, 0x00,
- /* Extension type 10, Supported groups, 24 bytes */
- 0x00, 0x0a, 0x00, 0x14, 0x00, 0x12,
- 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x01, 0x00, 0x01, 0x01,
- 0x01, 0x02, 0x01, 0x03, 0x01, 0x04,
- /* Extension type 35, 4 bytes. */
- 0x00, 0x23, 0x00, 0x00,
- /* Extension type 51, key share, 42 bytes of random data -- use unspecified code 01FC */
- 0x00, 0x33, 0x00, 0x26, 0x00, 0x24,
- 0x01, 0xfc,
- 0x00, 0x20,
- 0x78, 0xe5, 0x89, 0x74, 0x13, 0xf1, 0x71, 0x53, 0xc7, 0x0c, 0xf3, 0x3f,
- 0xa3, 0x4c, 0x84, 0x97, 0x72, 0x4b, 0xda, 0xb4, 0xf5, 0x7f, 0x9d, 0x01,
- 0xc9, 0x53, 0xf5, 0x88, 0xf0, 0x30, 0x46, 0x61,
- /* Extension type 43, supported_versions, 7 bytes */
- /* (TODO: update from 0x7F-0x17 to next supported draft) */
- 0x00, 0x2b, 0x00, 0x03, 0x02, 0x7f, 0x1c,
- /* Extension type 13, signature_algorithms, 36 bytes */
- 0x00, 0x0d, 0x00, 0x20, 0x00, 0x1e,
- 0x04, 0x03, 0x05, 0x03, 0x06, 0x03, 0x02, 0x03, 0x08, 0x04, 0x08, 0x05,
- 0x08, 0x06, 0x04, 0x01, 0x05, 0x01, 0x06, 0x01, 0x02, 0x01, 0x04, 0x02,
- 0x05, 0x02, 0x06, 0x02, 0x02, 0x02,
- /* Extension type 45, psk_key_exchange_modes, 6 bytes */
- 0x00, 0x2d, 0x00, 0x02, 0x01, 0x01,
- /* Extension type 26, QUIC transport parameters, 58 bytes */
- 0x00, 0x1a, 0x00, 0x36,
- 0xff, 0x00, 0x00, 0x08, 0x00, 0x30, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00,
- 0xff, 0xff, 0x00, 0x01, 0x00, 0x04, 0x00, 0x10, 0x00, 0x00, 0x00, 0x02,
- 0x00, 0x04, 0x00, 0x00, 0xff, 0xfd, 0x00, 0x03, 0x00, 0x02, 0x00, 0x1e,
- 0x00, 0x04, 0x00, 0x00, 0x00, 0x05, 0x00, 0x02, 0x05, 0xc8, 0x00, 0x08,
- 0x00, 0x04, 0x00, 0x00, 0xff, 0xff
-};
-
-int wrong_keyshare_test()
-{
- picoquic_quic_t* qserver = NULL;
- picoquic_cnx_t* cnx;
- test_api_callback_t server_callback;
- uint64_t simulated_time = 0;
- picoquic_connection_id_t cnx_id;
- struct sockaddr_in addr_from;
- int ret = 0;
-
- /* TODO: find a better way to initialize CID from value */
- picoquic_set64_connection_id(&cnx_id,0x0102030405060708ull);
-
- qserver = picoquic_create(8,
- PICOQUIC_TEST_SERVER_CERT, PICOQUIC_TEST_SERVER_KEY, PICOQUIC_TEST_CERT_STORE,
- PICOQUIC_TEST_ALPN, test_api_callback, (void*)&server_callback, NULL, NULL, NULL,
- simulated_time, &simulated_time, NULL,
- test_ticket_encrypt_key, sizeof(test_ticket_encrypt_key));
-
- if (qserver == NULL) {
- DBG_PRINTF("%s", "Could not create Quic Server context.\n");
- ret = -1;
- } else {
- /* Simulate an incoming client initial packet */
- memset(&addr_from, 0, sizeof(struct sockaddr_in));
- addr_from.sin_family = AF_INET;
-#ifdef _WINDOWS
- addr_from.sin_addr.S_un.S_addr = 0x0A000001;
-#else
- addr_from.sin_addr.s_addr = 0x0A000001;
-#endif
- addr_from.sin_port = 4321;
-
- cnx = picoquic_create_cnx(qserver, cnx_id, cnx_id,
- (struct sockaddr*)&addr_from, simulated_time,
- PICOQUIC_INTERNAL_TEST_VERSION_1, NULL, NULL, 0);
-
- if (cnx == NULL) {
- DBG_PRINTF("%s", "Could not create Quic connection context.\n");
- ret = -1;
- }
- }
-
- if (ret == 0) {
- ret = picoquic_decode_frames(cnx,
- clientHelloWrongKeyShare, sizeof(clientHelloWrongKeyShare),
- 0 /* epoch = 0 for CI */, simulated_time);
-
- /* processing of client initial packet */
- if (ret == 0) {
- /* We do expect that the server will be ready to send an HRR */
- ret = picoquic_tls_stream_process(cnx);
-
- if (cnx->cnx_state != picoquic_state_server_send_hrr) {
- DBG_PRINTF("State is %d instead of server_send-hrr\n", cnx->cnx_state);
- ret = -1;
- } else {
- /* check that the message queue on stream 0 is proper HRR */
- if (cnx->tls_stream.send_queue == NULL || cnx->tls_stream.send_queue->length == 0 || cnx->tls_stream.send_queue->bytes == NULL) {
- DBG_PRINTF("%s,", "Empty TLS queue, length or bytes\n");
- ret = -1;
- } else if (cnx->tls_stream.send_queue->length <= 49 || cnx->tls_stream.send_queue->bytes[0] != 0x02 ) {
- DBG_PRINTF("Wrong length (%d <= 49), bytes[0] (0x%02x vs 0x02)\n",
- cnx->tls_stream.send_queue->length, cnx->tls_stream.send_queue->bytes[0], cnx->tls_stream.send_queue->bytes[5]);
- ret = -1;
- }
- }
- }
- else {
- DBG_PRINTF("Could not parse client hello frame, ret = %d\n", ret);
- }
-
- if (ret == 0) {
- /* Simulate preparing an HRR */
- picoquic_packet_header ph;
- picoquic_stateless_packet_t* sp = NULL;
-
- memset(&ph, 0, sizeof(ph));
- ph.dest_cnx_id = cnx_id;
- ph.srce_cnx_id = picoquic_null_connection_id;
- ph.vn = PICOQUIC_INTERNAL_TEST_VERSION_1;
-
- picoquic_queue_stateless_reset(cnx, &ph,
- (struct sockaddr*)&addr_from,
- (struct sockaddr*)&addr_from, 0, simulated_time);
-
- cnx->cnx_state = picoquic_state_disconnected;
-
- sp = picoquic_dequeue_stateless_packet(qserver);
-
- if (sp == NULL) {
- DBG_PRINTF("%s", "Stateless packet queue is empty\n");
- ret = -1;
- } else {
- picoquic_delete_stateless_packet(sp);
- }
- }
- }
-
- if (qserver != NULL) {
- picoquic_free(qserver);
- }
-
- return ret;
-}
-#endif
-
-#if 0
-/*
-* Test whether the server correctly sends an HRR in response to a
-* Client Hello proposing an unsupported key share.
-*/
-
-static uint8_t clientHelloWrongTls[] = {
- /* TLS Stream header, including length */
- 0x18, 0x00, 0x41, 0x24,
- /* Handshake protocol header for CH, end with 3 bytes length */
- 0x01, 0x00, 0x01, 0x20,
- /* CH length 73 + extensions 209 = 282, 0x0120 */
- /* Legacy version ID*/
- 0x03, 0x03,
- /* Client random, 32 bytes*/
- 0xc4, 0xe2, 0xea, 0xb7, 0xcc, 0x4b, 0xbb, 0x43, 0x7d, 0xfa,
- 0xb4, 0x7c, 0xa5, 0x6a, 0xf8, 0xa0, 0xdb, 0x07, 0x2b, 0x90,
- 0xa4, 0x9f, 0xac, 0x89, 0x84, 0x9c, 0x10, 0xb2, 0xa5, 0x6a,
- 0x7d, 0xfa,
- /* Legacy session ID l=32 + 32 bytes */
- 0x20,
- 0xf8, 0xa0, 0xdb, 0x07, 0x2b, 0x90, 0xe5, 0x36, 0xf9, 0xc4,
- 0xa4, 0x9f, 0xac, 0x89, 0x84, 0x9c, 0x10, 0xb2, 0xa5, 0x6a,
- 0xb4, 0x7c, 0xa5, 0x6a, 0xf8, 0xa0, 0xdb, 0x07, 0x2b, 0x90,
- 0x7d, 0xfa,
- /* Cipher suites */
- 0x00, 0x06, 0x13, 0x01, 0x13, 0x03, 0x13, 0x02,
- /* Legacy compression methods */
- 0x01, 0x00,
- /* End of CH after extension length */
- 0x00, 0xd1,
- /* Series of extenstion, 2 bytes type + 2 bytes length, total = 209 */
- /* Extension type 0, SNI, 15 bytes */
- 0x00, 0x00, 0x00, 0x0b,
- 0x00, 0x09, 0x00, 0x00, 0x06, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72,
- /* Extension type 16, ALPN, 12 bytes */
- /* TODO: update hq-09 to supported version */
- 0x00, 0x10, 0x00, 0x08,
- 0x00, 0x06, 0x05, 0x68, 0x71, 0x2d, 0x30, 0x39,
- /* Some extended value, 5 bytes */
- 0xff, 0x01, 0x00, 0x01, 0x00,
- /* Extension type 10, Supported groups, 24 bytes */
- 0x00, 0x0a, 0x00, 0x14, 0x00, 0x12,
- 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x01, 0x00, 0x01, 0x01,
- 0x01, 0x02, 0x01, 0x03, 0x01, 0x04,
- /* Extension type 35, 4 bytes. */
- 0x00, 0x23, 0x00, 0x00,
- /* Extension type 51, key share, 42 bytes for X25519 */
- 0x00, 0x33, 0x00, 0x26, 0x00, 0x24,
- 0x00, 0x1d,
- 0x00, 0x20,
- 0x78, 0xe5, 0x89, 0x74, 0x13, 0xf1, 0x71, 0x53, 0xc7, 0x0c, 0xf3, 0x3f,
- 0xa3, 0x4c, 0x84, 0x97, 0x72, 0x4b, 0xda, 0xb4, 0xf5, 0x7f, 0x9d, 0x01,
- 0xc9, 0x53, 0xf5, 0x88, 0xf0, 0x30, 0x46, 0x61,
- /* Extension type 43, supported_versions, 7 bytes */
- /* (TODO: update from 0x7F-0x17 to next supported draft) */
- 0x00, 0x2b, 0x00, 0x03, 0x02, 0x7f, 0x11,
- /* Extension type 13, signature_algorithms, 36 bytes */
- 0x00, 0x0d, 0x00, 0x20, 0x00, 0x1e,
- 0x04, 0x03, 0x05, 0x03, 0x06, 0x03, 0x02, 0x03, 0x08, 0x04, 0x08, 0x05,
- 0x08, 0x06, 0x04, 0x01, 0x05, 0x01, 0x06, 0x01, 0x02, 0x01, 0x04, 0x02,
- 0x05, 0x02, 0x06, 0x02, 0x02, 0x02,
- /* Extension type 45, psk_key_exchange_modes, 6 bytes */
- 0x00, 0x2d, 0x00, 0x02, 0x01, 0x01,
- /* Extension type 26, QUIC transport parameters, 58 bytes */
- 0x00, 0x1a, 0x00, 0x36,
- 0xff, 0x00, 0x00, 0x08, 0x00, 0x30, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00,
- 0xff, 0xff, 0x00, 0x01, 0x00, 0x04, 0x00, 0x10, 0x00, 0x00, 0x00, 0x02,
- 0x00, 0x04, 0x00, 0x00, 0xff, 0xfd, 0x00, 0x03, 0x00, 0x02, 0x00, 0x1e,
- 0x00, 0x04, 0x00, 0x00, 0x00, 0x05, 0x00, 0x02, 0x05, 0xc8, 0x00, 0x08,
- 0x00, 0x04, 0x00, 0x00, 0xff, 0xff
-};
-
-int wrong_tls_version_test()
-{
- picoquic_quic_t* qserver = NULL;
- picoquic_cnx_t* cnx;
- test_api_callback_t server_callback;
- uint64_t simulated_time = 0;
- picoquic_connection_id_t cnx_id;
- struct sockaddr_in addr_from;
- int ret = 0;
-
- /* TODO: find a better way to initialize CID from value */
- picoquic_set64_connection_id(&cnx_id, 0x0102030405060708ull);
-
- qserver = picoquic_create(8,
- PICOQUIC_TEST_SERVER_CERT, PICOQUIC_TEST_SERVER_KEY, PICOQUIC_TEST_CERT_STORE,
- PICOQUIC_TEST_ALPN, test_api_callback, (void*)&server_callback, NULL, NULL, NULL,
- simulated_time, &simulated_time, NULL,
- test_ticket_encrypt_key, sizeof(test_ticket_encrypt_key));
-
- if (qserver == NULL) {
- ret = -1;
- }
- else {
- /* Simulate an incoming client initial packet */
- memset(&addr_from, 0, sizeof(struct sockaddr_in));
- addr_from.sin_family = AF_INET;
-#ifdef _WINDOWS
- addr_from.sin_addr.S_un.S_addr = 0x0A000001;
-#else
- addr_from.sin_addr.s_addr = 0x0A000001;
-#endif
- addr_from.sin_port = 4321;
-
- cnx = picoquic_create_cnx(qserver, cnx_id, cnx_id,
- (struct sockaddr*)&addr_from, simulated_time,
- PICOQUIC_INTERNAL_TEST_VERSION_1, NULL, NULL, 0);
-
- if (cnx == NULL) {
- ret = -1;
- }
- }
-
- if (ret == 0) {
- ret = picoquic_decode_frames(cnx,
- clientHelloWrongTls, sizeof(clientHelloWrongTls), 0 /* epoch = 0 for CI */, simulated_time);
-
- /* processing of client initial packet */
- if (ret == 0) {
- /* We do expect that the server will be ready to send an HRR */
- ret = picoquic_tls_stream_process(cnx);
-
- if (ret != 0) {
- DBG_PRINTF("Wrong TLS Hello process return code %x\n", ret);
- ret = -1;
- } else if (cnx->cnx_state != picoquic_state_handshake_failure) {
- DBG_PRINTF("Unexpected state %d after wrong TLS Hello process return code %x\n", cnx->cnx_state);
- ret = -1;
- }
- }
- }
-
- if (qserver != NULL) {
- picoquic_free(qserver);
- }
-
- return ret;
-}
-#endif
-
/*
* Set up a connection, and verify
* that the key generated for PN encryption on