| // Copyright (c) 2018 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "quic/core/crypto/transport_parameters.h" |
| |
| #include <cstdint> |
| #include <cstring> |
| #include <forward_list> |
| #include <memory> |
| #include <utility> |
| |
| #include "absl/strings/escaping.h" |
| #include "absl/strings/str_cat.h" |
| #include "absl/strings/string_view.h" |
| #include "third_party/boringssl/src/include/openssl/digest.h" |
| #include "third_party/boringssl/src/include/openssl/sha.h" |
| #include "quic/core/quic_connection_id.h" |
| #include "quic/core/quic_data_reader.h" |
| #include "quic/core/quic_data_writer.h" |
| #include "quic/core/quic_types.h" |
| #include "quic/core/quic_utils.h" |
| #include "quic/core/quic_versions.h" |
| #include "quic/platform/api/quic_bug_tracker.h" |
| #include "quic/platform/api/quic_flag_utils.h" |
| |
| namespace quic { |
| |
| // Values of the TransportParameterId enum as defined in the |
| // "Transport Parameter Encoding" section of draft-ietf-quic-transport. |
| // When parameters are encoded, one of these enum values is used to indicate |
| // which parameter is encoded. The supported draft version is noted in |
| // transport_parameters.h. |
| enum TransportParameters::TransportParameterId : uint64_t { |
| kOriginalDestinationConnectionId = 0, |
| kMaxIdleTimeout = 1, |
| kStatelessResetToken = 2, |
| kMaxPacketSize = 3, |
| kInitialMaxData = 4, |
| kInitialMaxStreamDataBidiLocal = 5, |
| kInitialMaxStreamDataBidiRemote = 6, |
| kInitialMaxStreamDataUni = 7, |
| kInitialMaxStreamsBidi = 8, |
| kInitialMaxStreamsUni = 9, |
| kAckDelayExponent = 0xa, |
| kMaxAckDelay = 0xb, |
| kDisableActiveMigration = 0xc, |
| kPreferredAddress = 0xd, |
| kActiveConnectionIdLimit = 0xe, |
| kInitialSourceConnectionId = 0xf, |
| kRetrySourceConnectionId = 0x10, |
| |
| kMaxDatagramFrameSize = 0x20, |
| |
| kInitialRoundTripTime = 0x3127, |
| kGoogleConnectionOptions = 0x3128, |
| kGoogleUserAgentId = 0x3129, |
| // 0x312A was used only in T050 to indicate support for HANDSHAKE_DONE. |
| kGoogleKeyUpdateNotYetSupported = 0x312B, |
| // 0x4751 was used for non-standard Google-specific parameters encoded as a |
| // Google QUIC_CRYPTO CHLO, it has been replaced by individual parameters. |
| kGoogleQuicVersion = |
| 0x4752, // Used to transmit version and supported_versions. |
| |
| kMinAckDelay = 0xDE1A, // draft-iyengar-quic-delayed-ack. |
| }; |
| |
| namespace { |
| |
| // The following constants define minimum and maximum allowed values for some of |
| // the parameters. These come from the "Transport Parameter Definitions" |
| // section of draft-ietf-quic-transport. |
| constexpr uint64_t kMinMaxPacketSizeTransportParam = 1200; |
| constexpr uint64_t kMaxAckDelayExponentTransportParam = 20; |
| constexpr uint64_t kDefaultAckDelayExponentTransportParam = 3; |
| constexpr uint64_t kMaxMaxAckDelayTransportParam = 16383; |
| constexpr uint64_t kDefaultMaxAckDelayTransportParam = 25; |
| constexpr uint64_t kMinActiveConnectionIdLimitTransportParam = 2; |
| constexpr uint64_t kDefaultActiveConnectionIdLimitTransportParam = 2; |
| |
| std::string TransportParameterIdToString( |
| TransportParameters::TransportParameterId param_id) { |
| switch (param_id) { |
| case TransportParameters::kOriginalDestinationConnectionId: |
| return "original_destination_connection_id"; |
| case TransportParameters::kMaxIdleTimeout: |
| return "max_idle_timeout"; |
| case TransportParameters::kStatelessResetToken: |
| return "stateless_reset_token"; |
| case TransportParameters::kMaxPacketSize: |
| return "max_udp_payload_size"; |
| case TransportParameters::kInitialMaxData: |
| return "initial_max_data"; |
| case TransportParameters::kInitialMaxStreamDataBidiLocal: |
| return "initial_max_stream_data_bidi_local"; |
| case TransportParameters::kInitialMaxStreamDataBidiRemote: |
| return "initial_max_stream_data_bidi_remote"; |
| case TransportParameters::kInitialMaxStreamDataUni: |
| return "initial_max_stream_data_uni"; |
| case TransportParameters::kInitialMaxStreamsBidi: |
| return "initial_max_streams_bidi"; |
| case TransportParameters::kInitialMaxStreamsUni: |
| return "initial_max_streams_uni"; |
| case TransportParameters::kAckDelayExponent: |
| return "ack_delay_exponent"; |
| case TransportParameters::kMaxAckDelay: |
| return "max_ack_delay"; |
| case TransportParameters::kDisableActiveMigration: |
| return "disable_active_migration"; |
| case TransportParameters::kPreferredAddress: |
| return "preferred_address"; |
| case TransportParameters::kActiveConnectionIdLimit: |
| return "active_connection_id_limit"; |
| case TransportParameters::kInitialSourceConnectionId: |
| return "initial_source_connection_id"; |
| case TransportParameters::kRetrySourceConnectionId: |
| return "retry_source_connection_id"; |
| case TransportParameters::kMaxDatagramFrameSize: |
| return "max_datagram_frame_size"; |
| case TransportParameters::kInitialRoundTripTime: |
| return "initial_round_trip_time"; |
| case TransportParameters::kGoogleConnectionOptions: |
| return "google_connection_options"; |
| case TransportParameters::kGoogleUserAgentId: |
| return "user_agent_id"; |
| case TransportParameters::kGoogleKeyUpdateNotYetSupported: |
| return "key_update_not_yet_supported"; |
| case TransportParameters::kGoogleQuicVersion: |
| return "google-version"; |
| case TransportParameters::kMinAckDelay: |
| return "min_ack_delay_us"; |
| } |
| return absl::StrCat("Unknown(", param_id, ")"); |
| } |
| |
| bool TransportParameterIdIsKnown( |
| TransportParameters::TransportParameterId param_id) { |
| switch (param_id) { |
| case TransportParameters::kOriginalDestinationConnectionId: |
| case TransportParameters::kMaxIdleTimeout: |
| case TransportParameters::kStatelessResetToken: |
| case TransportParameters::kMaxPacketSize: |
| case TransportParameters::kInitialMaxData: |
| case TransportParameters::kInitialMaxStreamDataBidiLocal: |
| case TransportParameters::kInitialMaxStreamDataBidiRemote: |
| case TransportParameters::kInitialMaxStreamDataUni: |
| case TransportParameters::kInitialMaxStreamsBidi: |
| case TransportParameters::kInitialMaxStreamsUni: |
| case TransportParameters::kAckDelayExponent: |
| case TransportParameters::kMaxAckDelay: |
| case TransportParameters::kDisableActiveMigration: |
| case TransportParameters::kPreferredAddress: |
| case TransportParameters::kActiveConnectionIdLimit: |
| case TransportParameters::kInitialSourceConnectionId: |
| case TransportParameters::kRetrySourceConnectionId: |
| case TransportParameters::kMaxDatagramFrameSize: |
| case TransportParameters::kInitialRoundTripTime: |
| case TransportParameters::kGoogleConnectionOptions: |
| case TransportParameters::kGoogleQuicVersion: |
| case TransportParameters::kMinAckDelay: |
| return true; |
| case TransportParameters::kGoogleUserAgentId: |
| return !GetQuicReloadableFlag(quic_ignore_user_agent_transport_parameter); |
| case TransportParameters::kGoogleKeyUpdateNotYetSupported: |
| return !GetQuicReloadableFlag(quic_ignore_key_update_not_yet_supported); |
| } |
| return false; |
| } |
| |
| } // namespace |
| |
| TransportParameters::IntegerParameter::IntegerParameter( |
| TransportParameters::TransportParameterId param_id, |
| uint64_t default_value, |
| uint64_t min_value, |
| uint64_t max_value) |
| : param_id_(param_id), |
| value_(default_value), |
| default_value_(default_value), |
| min_value_(min_value), |
| max_value_(max_value), |
| has_been_read_(false) { |
| QUICHE_DCHECK_LE(min_value, default_value); |
| QUICHE_DCHECK_LE(default_value, max_value); |
| QUICHE_DCHECK_LE(max_value, kVarInt62MaxValue); |
| } |
| |
| TransportParameters::IntegerParameter::IntegerParameter( |
| TransportParameters::TransportParameterId param_id) |
| : TransportParameters::IntegerParameter::IntegerParameter( |
| param_id, |
| 0, |
| 0, |
| kVarInt62MaxValue) {} |
| |
| void TransportParameters::IntegerParameter::set_value(uint64_t value) { |
| value_ = value; |
| } |
| |
| uint64_t TransportParameters::IntegerParameter::value() const { |
| return value_; |
| } |
| |
| bool TransportParameters::IntegerParameter::IsValid() const { |
| return min_value_ <= value_ && value_ <= max_value_; |
| } |
| |
| bool TransportParameters::IntegerParameter::Write( |
| QuicDataWriter* writer) const { |
| QUICHE_DCHECK(IsValid()); |
| if (value_ == default_value_) { |
| // Do not write if the value is default. |
| return true; |
| } |
| if (!writer->WriteVarInt62(param_id_)) { |
| QUIC_BUG(quic_bug_10743_1) << "Failed to write param_id for " << *this; |
| return false; |
| } |
| const QuicVariableLengthIntegerLength value_length = |
| QuicDataWriter::GetVarInt62Len(value_); |
| if (!writer->WriteVarInt62(value_length)) { |
| QUIC_BUG(quic_bug_10743_2) << "Failed to write value_length for " << *this; |
| return false; |
| } |
| if (!writer->WriteVarInt62(value_, value_length)) { |
| QUIC_BUG(quic_bug_10743_3) << "Failed to write value for " << *this; |
| return false; |
| } |
| return true; |
| } |
| |
| bool TransportParameters::IntegerParameter::Read(QuicDataReader* reader, |
| std::string* error_details) { |
| if (has_been_read_) { |
| *error_details = |
| "Received a second " + TransportParameterIdToString(param_id_); |
| return false; |
| } |
| has_been_read_ = true; |
| |
| if (!reader->ReadVarInt62(&value_)) { |
| *error_details = |
| "Failed to parse value for " + TransportParameterIdToString(param_id_); |
| return false; |
| } |
| if (!reader->IsDoneReading()) { |
| *error_details = |
| absl::StrCat("Received unexpected ", reader->BytesRemaining(), |
| " bytes after parsing ", this->ToString(false)); |
| return false; |
| } |
| return true; |
| } |
| |
| std::string TransportParameters::IntegerParameter::ToString( |
| bool for_use_in_list) const { |
| if (for_use_in_list && value_ == default_value_) { |
| return ""; |
| } |
| std::string rv = for_use_in_list ? " " : ""; |
| absl::StrAppend(&rv, TransportParameterIdToString(param_id_), " ", value_); |
| if (!IsValid()) { |
| rv += " (Invalid)"; |
| } |
| return rv; |
| } |
| |
| std::ostream& operator<<(std::ostream& os, |
| const TransportParameters::IntegerParameter& param) { |
| os << param.ToString(/*for_use_in_list=*/false); |
| return os; |
| } |
| |
| TransportParameters::PreferredAddress::PreferredAddress() |
| : ipv4_socket_address(QuicIpAddress::Any4(), 0), |
| ipv6_socket_address(QuicIpAddress::Any6(), 0), |
| connection_id(EmptyQuicConnectionId()), |
| stateless_reset_token(kStatelessResetTokenLength, 0) {} |
| |
| TransportParameters::PreferredAddress::~PreferredAddress() {} |
| |
| bool TransportParameters::PreferredAddress::operator==( |
| const PreferredAddress& rhs) const { |
| return ipv4_socket_address == rhs.ipv4_socket_address && |
| ipv6_socket_address == rhs.ipv6_socket_address && |
| connection_id == rhs.connection_id && |
| stateless_reset_token == rhs.stateless_reset_token; |
| } |
| |
| bool TransportParameters::PreferredAddress::operator!=( |
| const PreferredAddress& rhs) const { |
| return !(*this == rhs); |
| } |
| |
| std::ostream& operator<<( |
| std::ostream& os, |
| const TransportParameters::PreferredAddress& preferred_address) { |
| os << preferred_address.ToString(); |
| return os; |
| } |
| |
| std::string TransportParameters::PreferredAddress::ToString() const { |
| return "[" + ipv4_socket_address.ToString() + " " + |
| ipv6_socket_address.ToString() + " connection_id " + |
| connection_id.ToString() + " stateless_reset_token " + |
| absl::BytesToHexString(absl::string_view( |
| reinterpret_cast<const char*>(stateless_reset_token.data()), |
| stateless_reset_token.size())) + |
| "]"; |
| } |
| |
| std::ostream& operator<<(std::ostream& os, const TransportParameters& params) { |
| os << params.ToString(); |
| return os; |
| } |
| |
| std::string TransportParameters::ToString() const { |
| std::string rv = "["; |
| if (perspective == Perspective::IS_SERVER) { |
| rv += "Server"; |
| } else { |
| rv += "Client"; |
| } |
| if (version != 0) { |
| rv += " version " + QuicVersionLabelToString(version); |
| } |
| if (!supported_versions.empty()) { |
| rv += " supported_versions " + |
| QuicVersionLabelVectorToString(supported_versions); |
| } |
| if (original_destination_connection_id.has_value()) { |
| rv += " " + TransportParameterIdToString(kOriginalDestinationConnectionId) + |
| " " + original_destination_connection_id.value().ToString(); |
| } |
| rv += max_idle_timeout_ms.ToString(/*for_use_in_list=*/true); |
| if (!stateless_reset_token.empty()) { |
| rv += " " + TransportParameterIdToString(kStatelessResetToken) + " " + |
| absl::BytesToHexString(absl::string_view( |
| reinterpret_cast<const char*>(stateless_reset_token.data()), |
| stateless_reset_token.size())); |
| } |
| rv += max_udp_payload_size.ToString(/*for_use_in_list=*/true); |
| rv += initial_max_data.ToString(/*for_use_in_list=*/true); |
| rv += initial_max_stream_data_bidi_local.ToString(/*for_use_in_list=*/true); |
| rv += initial_max_stream_data_bidi_remote.ToString(/*for_use_in_list=*/true); |
| rv += initial_max_stream_data_uni.ToString(/*for_use_in_list=*/true); |
| rv += initial_max_streams_bidi.ToString(/*for_use_in_list=*/true); |
| rv += initial_max_streams_uni.ToString(/*for_use_in_list=*/true); |
| rv += ack_delay_exponent.ToString(/*for_use_in_list=*/true); |
| rv += max_ack_delay.ToString(/*for_use_in_list=*/true); |
| rv += min_ack_delay_us.ToString(/*for_use_in_list=*/true); |
| if (disable_active_migration) { |
| rv += " " + TransportParameterIdToString(kDisableActiveMigration); |
| } |
| if (preferred_address) { |
| rv += " " + TransportParameterIdToString(kPreferredAddress) + " " + |
| preferred_address->ToString(); |
| } |
| rv += active_connection_id_limit.ToString(/*for_use_in_list=*/true); |
| if (initial_source_connection_id.has_value()) { |
| rv += " " + TransportParameterIdToString(kInitialSourceConnectionId) + " " + |
| initial_source_connection_id.value().ToString(); |
| } |
| if (retry_source_connection_id.has_value()) { |
| rv += " " + TransportParameterIdToString(kRetrySourceConnectionId) + " " + |
| retry_source_connection_id.value().ToString(); |
| } |
| rv += max_datagram_frame_size.ToString(/*for_use_in_list=*/true); |
| rv += initial_round_trip_time_us.ToString(/*for_use_in_list=*/true); |
| if (google_connection_options.has_value()) { |
| rv += " " + TransportParameterIdToString(kGoogleConnectionOptions) + " "; |
| bool first = true; |
| for (const QuicTag& connection_option : google_connection_options.value()) { |
| if (first) { |
| first = false; |
| } else { |
| rv += ","; |
| } |
| rv += QuicTagToString(connection_option); |
| } |
| } |
| if (user_agent_id.has_value()) { |
| rv += " " + TransportParameterIdToString(kGoogleUserAgentId) + " \"" + |
| user_agent_id.value() + "\""; |
| } |
| if (key_update_not_yet_supported) { |
| rv += " " + TransportParameterIdToString(kGoogleKeyUpdateNotYetSupported); |
| } |
| for (const auto& kv : custom_parameters) { |
| absl::StrAppend(&rv, " 0x", absl::Hex(static_cast<uint32_t>(kv.first)), |
| "="); |
| static constexpr size_t kMaxPrintableLength = 32; |
| if (kv.second.length() <= kMaxPrintableLength) { |
| rv += absl::BytesToHexString(kv.second); |
| } else { |
| absl::string_view truncated(kv.second.data(), kMaxPrintableLength); |
| rv += absl::StrCat(absl::BytesToHexString(truncated), "...(length ", |
| kv.second.length(), ")"); |
| } |
| } |
| rv += "]"; |
| return rv; |
| } |
| |
| TransportParameters::TransportParameters() |
| : version(0), |
| max_idle_timeout_ms(kMaxIdleTimeout), |
| max_udp_payload_size(kMaxPacketSize, |
| kDefaultMaxPacketSizeTransportParam, |
| kMinMaxPacketSizeTransportParam, |
| kVarInt62MaxValue), |
| initial_max_data(kInitialMaxData), |
| initial_max_stream_data_bidi_local(kInitialMaxStreamDataBidiLocal), |
| initial_max_stream_data_bidi_remote(kInitialMaxStreamDataBidiRemote), |
| initial_max_stream_data_uni(kInitialMaxStreamDataUni), |
| initial_max_streams_bidi(kInitialMaxStreamsBidi), |
| initial_max_streams_uni(kInitialMaxStreamsUni), |
| ack_delay_exponent(kAckDelayExponent, |
| kDefaultAckDelayExponentTransportParam, |
| 0, |
| kMaxAckDelayExponentTransportParam), |
| max_ack_delay(kMaxAckDelay, |
| kDefaultMaxAckDelayTransportParam, |
| 0, |
| kMaxMaxAckDelayTransportParam), |
| min_ack_delay_us(kMinAckDelay, |
| 0, |
| 0, |
| kMaxMaxAckDelayTransportParam * kNumMicrosPerMilli), |
| disable_active_migration(false), |
| active_connection_id_limit(kActiveConnectionIdLimit, |
| kDefaultActiveConnectionIdLimitTransportParam, |
| kMinActiveConnectionIdLimitTransportParam, |
| kVarInt62MaxValue), |
| max_datagram_frame_size(kMaxDatagramFrameSize), |
| initial_round_trip_time_us(kInitialRoundTripTime), |
| key_update_not_yet_supported(false) |
| // Important note: any new transport parameters must be added |
| // to TransportParameters::AreValid, SerializeTransportParameters and |
| // ParseTransportParameters, TransportParameters's custom copy constructor, the |
| // operator==, and TransportParametersTest.Comparator. |
| {} |
| |
| TransportParameters::TransportParameters(const TransportParameters& other) |
| : perspective(other.perspective), |
| version(other.version), |
| supported_versions(other.supported_versions), |
| original_destination_connection_id( |
| other.original_destination_connection_id), |
| max_idle_timeout_ms(other.max_idle_timeout_ms), |
| stateless_reset_token(other.stateless_reset_token), |
| max_udp_payload_size(other.max_udp_payload_size), |
| initial_max_data(other.initial_max_data), |
| initial_max_stream_data_bidi_local( |
| other.initial_max_stream_data_bidi_local), |
| initial_max_stream_data_bidi_remote( |
| other.initial_max_stream_data_bidi_remote), |
| initial_max_stream_data_uni(other.initial_max_stream_data_uni), |
| initial_max_streams_bidi(other.initial_max_streams_bidi), |
| initial_max_streams_uni(other.initial_max_streams_uni), |
| ack_delay_exponent(other.ack_delay_exponent), |
| max_ack_delay(other.max_ack_delay), |
| min_ack_delay_us(other.min_ack_delay_us), |
| disable_active_migration(other.disable_active_migration), |
| active_connection_id_limit(other.active_connection_id_limit), |
| initial_source_connection_id(other.initial_source_connection_id), |
| retry_source_connection_id(other.retry_source_connection_id), |
| max_datagram_frame_size(other.max_datagram_frame_size), |
| initial_round_trip_time_us(other.initial_round_trip_time_us), |
| google_connection_options(other.google_connection_options), |
| user_agent_id(other.user_agent_id), |
| key_update_not_yet_supported(other.key_update_not_yet_supported), |
| custom_parameters(other.custom_parameters) { |
| if (other.preferred_address) { |
| preferred_address = std::make_unique<TransportParameters::PreferredAddress>( |
| *other.preferred_address); |
| } |
| } |
| |
| bool TransportParameters::operator==(const TransportParameters& rhs) const { |
| if (!(perspective == rhs.perspective && version == rhs.version && |
| supported_versions == rhs.supported_versions && |
| original_destination_connection_id == |
| rhs.original_destination_connection_id && |
| max_idle_timeout_ms.value() == rhs.max_idle_timeout_ms.value() && |
| stateless_reset_token == rhs.stateless_reset_token && |
| max_udp_payload_size.value() == rhs.max_udp_payload_size.value() && |
| initial_max_data.value() == rhs.initial_max_data.value() && |
| initial_max_stream_data_bidi_local.value() == |
| rhs.initial_max_stream_data_bidi_local.value() && |
| initial_max_stream_data_bidi_remote.value() == |
| rhs.initial_max_stream_data_bidi_remote.value() && |
| initial_max_stream_data_uni.value() == |
| rhs.initial_max_stream_data_uni.value() && |
| initial_max_streams_bidi.value() == |
| rhs.initial_max_streams_bidi.value() && |
| initial_max_streams_uni.value() == |
| rhs.initial_max_streams_uni.value() && |
| ack_delay_exponent.value() == rhs.ack_delay_exponent.value() && |
| max_ack_delay.value() == rhs.max_ack_delay.value() && |
| min_ack_delay_us.value() == rhs.min_ack_delay_us.value() && |
| disable_active_migration == rhs.disable_active_migration && |
| active_connection_id_limit.value() == |
| rhs.active_connection_id_limit.value() && |
| initial_source_connection_id == rhs.initial_source_connection_id && |
| retry_source_connection_id == rhs.retry_source_connection_id && |
| max_datagram_frame_size.value() == |
| rhs.max_datagram_frame_size.value() && |
| initial_round_trip_time_us.value() == |
| rhs.initial_round_trip_time_us.value() && |
| google_connection_options == rhs.google_connection_options && |
| user_agent_id == rhs.user_agent_id && |
| key_update_not_yet_supported == rhs.key_update_not_yet_supported && |
| custom_parameters == rhs.custom_parameters)) { |
| return false; |
| } |
| |
| if ((!preferred_address && rhs.preferred_address) || |
| (preferred_address && !rhs.preferred_address)) { |
| return false; |
| } |
| if (preferred_address && rhs.preferred_address && |
| *preferred_address != *rhs.preferred_address) { |
| return false; |
| } |
| |
| return true; |
| } |
| |
| bool TransportParameters::operator!=(const TransportParameters& rhs) const { |
| return !(*this == rhs); |
| } |
| |
| bool TransportParameters::AreValid(std::string* error_details) const { |
| QUICHE_DCHECK(perspective == Perspective::IS_CLIENT || |
| perspective == Perspective::IS_SERVER); |
| if (perspective == Perspective::IS_CLIENT && !stateless_reset_token.empty()) { |
| *error_details = "Client cannot send stateless reset token"; |
| return false; |
| } |
| if (perspective == Perspective::IS_CLIENT && |
| original_destination_connection_id.has_value()) { |
| *error_details = "Client cannot send original_destination_connection_id"; |
| return false; |
| } |
| if (!stateless_reset_token.empty() && |
| stateless_reset_token.size() != kStatelessResetTokenLength) { |
| *error_details = absl::StrCat("Stateless reset token has bad length ", |
| stateless_reset_token.size()); |
| return false; |
| } |
| if (perspective == Perspective::IS_CLIENT && preferred_address) { |
| *error_details = "Client cannot send preferred address"; |
| return false; |
| } |
| if (preferred_address && preferred_address->stateless_reset_token.size() != |
| kStatelessResetTokenLength) { |
| *error_details = |
| absl::StrCat("Preferred address stateless reset token has bad length ", |
| preferred_address->stateless_reset_token.size()); |
| return false; |
| } |
| if (preferred_address && |
| (!preferred_address->ipv4_socket_address.host().IsIPv4() || |
| !preferred_address->ipv6_socket_address.host().IsIPv6())) { |
| QUIC_BUG(quic_bug_10743_4) << "Preferred address family failure"; |
| *error_details = "Internal preferred address family failure"; |
| return false; |
| } |
| if (perspective == Perspective::IS_CLIENT && |
| retry_source_connection_id.has_value()) { |
| *error_details = "Client cannot send retry_source_connection_id"; |
| return false; |
| } |
| for (const auto& kv : custom_parameters) { |
| if (TransportParameterIdIsKnown(kv.first)) { |
| *error_details = absl::StrCat("Using custom_parameters with known ID ", |
| TransportParameterIdToString(kv.first), |
| " is not allowed"); |
| return false; |
| } |
| } |
| if (perspective == Perspective::IS_SERVER && |
| initial_round_trip_time_us.value() > 0) { |
| *error_details = "Server cannot send initial round trip time"; |
| return false; |
| } |
| if (perspective == Perspective::IS_SERVER && user_agent_id.has_value()) { |
| *error_details = "Server cannot send user agent ID"; |
| return false; |
| } |
| const bool ok = |
| max_idle_timeout_ms.IsValid() && max_udp_payload_size.IsValid() && |
| initial_max_data.IsValid() && |
| initial_max_stream_data_bidi_local.IsValid() && |
| initial_max_stream_data_bidi_remote.IsValid() && |
| initial_max_stream_data_uni.IsValid() && |
| initial_max_streams_bidi.IsValid() && initial_max_streams_uni.IsValid() && |
| ack_delay_exponent.IsValid() && max_ack_delay.IsValid() && |
| min_ack_delay_us.IsValid() && active_connection_id_limit.IsValid() && |
| max_datagram_frame_size.IsValid() && initial_round_trip_time_us.IsValid(); |
| if (!ok) { |
| *error_details = "Invalid transport parameters " + this->ToString(); |
| } |
| return ok; |
| } |
| |
| TransportParameters::~TransportParameters() = default; |
| |
| bool SerializeTransportParameters(ParsedQuicVersion /*version*/, |
| const TransportParameters& in, |
| std::vector<uint8_t>* out) { |
| std::string error_details; |
| if (!in.AreValid(&error_details)) { |
| QUIC_BUG(invalid transport parameters) |
| << "Not serializing invalid transport parameters: " << error_details; |
| return false; |
| } |
| if (in.version == 0 || (in.perspective == Perspective::IS_SERVER && |
| in.supported_versions.empty())) { |
| QUIC_BUG(missing versions) << "Refusing to serialize without versions"; |
| return false; |
| } |
| TransportParameters::ParameterMap custom_parameters = in.custom_parameters; |
| for (const auto& kv : custom_parameters) { |
| if (kv.first % 31 == 27) { |
| // See the "Reserved Transport Parameters" section of RFC 9000. |
| QUIC_BUG(custom_parameters with GREASE) |
| << "Serializing custom_parameters with GREASE ID " << kv.first |
| << " is not allowed"; |
| return false; |
| } |
| } |
| |
| // Maximum length of the GREASE transport parameter (see below). |
| static constexpr size_t kMaxGreaseLength = 16; |
| |
| // Empirically transport parameters generally fit within 128 bytes, but we |
| // need to allocate the size up front. Integer transport parameters |
| // have a maximum encoded length of 24 bytes (3 variable length integers), |
| // other transport parameters have a length of 16 + the maximum value length. |
| static constexpr size_t kTypeAndValueLength = 2 * sizeof(uint64_t); |
| static constexpr size_t kIntegerParameterLength = |
| kTypeAndValueLength + sizeof(uint64_t); |
| static constexpr size_t kStatelessResetParameterLength = |
| kTypeAndValueLength + 16 /* stateless reset token length */; |
| static constexpr size_t kConnectionIdParameterLength = |
| kTypeAndValueLength + 255 /* maximum connection ID length */; |
| static constexpr size_t kPreferredAddressParameterLength = |
| kTypeAndValueLength + 4 /*IPv4 address */ + 2 /* IPv4 port */ + |
| 16 /* IPv6 address */ + 1 /* Connection ID length */ + |
| 255 /* maximum connection ID length */ + 16 /* stateless reset token */; |
| static constexpr size_t kKnownTransportParamLength = |
| kConnectionIdParameterLength + // original_destination_connection_id |
| kIntegerParameterLength + // max_idle_timeout |
| kStatelessResetParameterLength + // stateless_reset_token |
| kIntegerParameterLength + // max_udp_payload_size |
| kIntegerParameterLength + // initial_max_data |
| kIntegerParameterLength + // initial_max_stream_data_bidi_local |
| kIntegerParameterLength + // initial_max_stream_data_bidi_remote |
| kIntegerParameterLength + // initial_max_stream_data_uni |
| kIntegerParameterLength + // initial_max_streams_bidi |
| kIntegerParameterLength + // initial_max_streams_uni |
| kIntegerParameterLength + // ack_delay_exponent |
| kIntegerParameterLength + // max_ack_delay |
| kIntegerParameterLength + // min_ack_delay_us |
| kTypeAndValueLength + // disable_active_migration |
| kPreferredAddressParameterLength + // preferred_address |
| kIntegerParameterLength + // active_connection_id_limit |
| kConnectionIdParameterLength + // initial_source_connection_id |
| kConnectionIdParameterLength + // retry_source_connection_id |
| kIntegerParameterLength + // max_datagram_frame_size |
| kIntegerParameterLength + // initial_round_trip_time_us |
| kTypeAndValueLength + // google_connection_options |
| kTypeAndValueLength + // user_agent_id |
| kTypeAndValueLength + // key_update_not_yet_supported |
| kTypeAndValueLength; // google-version |
| |
| std::vector<TransportParameters::TransportParameterId> parameter_ids = { |
| TransportParameters::kOriginalDestinationConnectionId, |
| TransportParameters::kMaxIdleTimeout, |
| TransportParameters::kStatelessResetToken, |
| TransportParameters::kMaxPacketSize, |
| TransportParameters::kInitialMaxData, |
| TransportParameters::kInitialMaxStreamDataBidiLocal, |
| TransportParameters::kInitialMaxStreamDataBidiRemote, |
| TransportParameters::kInitialMaxStreamDataUni, |
| TransportParameters::kInitialMaxStreamsBidi, |
| TransportParameters::kInitialMaxStreamsUni, |
| TransportParameters::kAckDelayExponent, |
| TransportParameters::kMaxAckDelay, |
| TransportParameters::kMinAckDelay, |
| TransportParameters::kActiveConnectionIdLimit, |
| TransportParameters::kMaxDatagramFrameSize, |
| TransportParameters::kInitialRoundTripTime, |
| TransportParameters::kDisableActiveMigration, |
| TransportParameters::kPreferredAddress, |
| TransportParameters::kInitialSourceConnectionId, |
| TransportParameters::kRetrySourceConnectionId, |
| TransportParameters::kGoogleConnectionOptions, |
| TransportParameters::kGoogleUserAgentId, |
| TransportParameters::kGoogleKeyUpdateNotYetSupported, |
| TransportParameters::kGoogleQuicVersion, |
| }; |
| |
| size_t max_transport_param_length = kKnownTransportParamLength; |
| // google_connection_options. |
| if (in.google_connection_options.has_value()) { |
| max_transport_param_length += |
| in.google_connection_options.value().size() * sizeof(QuicTag); |
| } |
| // user_agent_id. |
| if (in.user_agent_id.has_value()) { |
| max_transport_param_length += in.user_agent_id.value().length(); |
| } |
| // Google-specific version extension. |
| max_transport_param_length += |
| sizeof(in.version) + 1 /* versions length */ + |
| in.supported_versions.size() * sizeof(QuicVersionLabel); |
| |
| // Add a random GREASE transport parameter, as defined in the |
| // "Reserved Transport Parameters" section of RFC 9000. |
| // This forces receivers to support unexpected input. |
| QuicRandom* random = QuicRandom::GetInstance(); |
| // Transport parameter identifiers are 62 bits long so we need to |
| // ensure that the output of the computation below fits in 62 bits. |
| uint64_t grease_id64 = random->RandUint64() % ((1ULL << 62) - 31); |
| // Make sure grease_id % 31 == 27. Note that this is not uniformely |
| // distributed but is acceptable since no security depends on this |
| // randomness. |
| grease_id64 = (grease_id64 / 31) * 31 + 27; |
| TransportParameters::TransportParameterId grease_id = |
| static_cast<TransportParameters::TransportParameterId>(grease_id64); |
| const size_t grease_length = random->RandUint64() % kMaxGreaseLength; |
| QUICHE_DCHECK_GE(kMaxGreaseLength, grease_length); |
| char grease_contents[kMaxGreaseLength]; |
| random->RandBytes(grease_contents, grease_length); |
| custom_parameters[grease_id] = std::string(grease_contents, grease_length); |
| |
| // Custom parameters. |
| for (const auto& kv : custom_parameters) { |
| max_transport_param_length += kTypeAndValueLength + kv.second.length(); |
| parameter_ids.push_back(kv.first); |
| } |
| |
| // Randomize order of sent transport parameters by walking the array |
| // backwards and swapping each element with a random earlier one. |
| for (size_t i = parameter_ids.size() - 1; i > 0; i--) { |
| std::swap(parameter_ids[i], |
| parameter_ids[random->InsecureRandUint64() % (i + 1)]); |
| } |
| |
| out->resize(max_transport_param_length); |
| QuicDataWriter writer(out->size(), reinterpret_cast<char*>(out->data())); |
| |
| for (TransportParameters::TransportParameterId parameter_id : parameter_ids) { |
| switch (parameter_id) { |
| // original_destination_connection_id |
| case TransportParameters::kOriginalDestinationConnectionId: { |
| if (in.original_destination_connection_id.has_value()) { |
| QUICHE_DCHECK_EQ(Perspective::IS_SERVER, in.perspective); |
| QuicConnectionId original_destination_connection_id = |
| in.original_destination_connection_id.value(); |
| if (!writer.WriteVarInt62( |
| TransportParameters::kOriginalDestinationConnectionId) || |
| !writer.WriteStringPieceVarInt62(absl::string_view( |
| original_destination_connection_id.data(), |
| original_destination_connection_id.length()))) { |
| QUIC_BUG(Failed to write original_destination_connection_id) |
| << "Failed to write original_destination_connection_id " |
| << original_destination_connection_id << " for " << in; |
| return false; |
| } |
| } |
| } break; |
| // max_idle_timeout |
| case TransportParameters::kMaxIdleTimeout: { |
| if (!in.max_idle_timeout_ms.Write(&writer)) { |
| QUIC_BUG(Failed to write idle_timeout) |
| << "Failed to write idle_timeout for " << in; |
| return false; |
| } |
| } break; |
| // stateless_reset_token |
| case TransportParameters::kStatelessResetToken: { |
| if (!in.stateless_reset_token.empty()) { |
| QUICHE_DCHECK_EQ(kStatelessResetTokenLength, |
| in.stateless_reset_token.size()); |
| QUICHE_DCHECK_EQ(Perspective::IS_SERVER, in.perspective); |
| if (!writer.WriteVarInt62( |
| TransportParameters::kStatelessResetToken) || |
| !writer.WriteStringPieceVarInt62( |
| absl::string_view(reinterpret_cast<const char*>( |
| in.stateless_reset_token.data()), |
| in.stateless_reset_token.size()))) { |
| QUIC_BUG(Failed to write stateless_reset_token) |
| << "Failed to write stateless_reset_token of length " |
| << in.stateless_reset_token.size() << " for " << in; |
| return false; |
| } |
| } |
| } break; |
| // max_udp_payload_size |
| case TransportParameters::kMaxPacketSize: { |
| if (!in.max_udp_payload_size.Write(&writer)) { |
| QUIC_BUG(Failed to write max_udp_payload_size) |
| << "Failed to write max_udp_payload_size for " << in; |
| return false; |
| } |
| } break; |
| // initial_max_data |
| case TransportParameters::kInitialMaxData: { |
| if (!in.initial_max_data.Write(&writer)) { |
| QUIC_BUG(Failed to write initial_max_data) |
| << "Failed to write initial_max_data for " << in; |
| return false; |
| } |
| } break; |
| // initial_max_stream_data_bidi_local |
| case TransportParameters::kInitialMaxStreamDataBidiLocal: { |
| if (!in.initial_max_stream_data_bidi_local.Write(&writer)) { |
| QUIC_BUG(Failed to write initial_max_stream_data_bidi_local) |
| << "Failed to write initial_max_stream_data_bidi_local for " |
| << in; |
| return false; |
| } |
| } break; |
| // initial_max_stream_data_bidi_remote |
| case TransportParameters::kInitialMaxStreamDataBidiRemote: { |
| if (!in.initial_max_stream_data_bidi_remote.Write(&writer)) { |
| QUIC_BUG(Failed to write initial_max_stream_data_bidi_remote) |
| << "Failed to write initial_max_stream_data_bidi_remote for " |
| << in; |
| return false; |
| } |
| } break; |
| // initial_max_stream_data_uni |
| case TransportParameters::kInitialMaxStreamDataUni: { |
| if (!in.initial_max_stream_data_uni.Write(&writer)) { |
| QUIC_BUG(Failed to write initial_max_stream_data_uni) |
| << "Failed to write initial_max_stream_data_uni for " << in; |
| return false; |
| } |
| } break; |
| // initial_max_streams_bidi |
| case TransportParameters::kInitialMaxStreamsBidi: { |
| if (!in.initial_max_streams_bidi.Write(&writer)) { |
| QUIC_BUG(Failed to write initial_max_streams_bidi) |
| << "Failed to write initial_max_streams_bidi for " << in; |
| return false; |
| } |
| } break; |
| // initial_max_streams_uni |
| case TransportParameters::kInitialMaxStreamsUni: { |
| if (!in.initial_max_streams_uni.Write(&writer)) { |
| QUIC_BUG(Failed to write initial_max_streams_uni) |
| << "Failed to write initial_max_streams_uni for " << in; |
| return false; |
| } |
| } break; |
| // ack_delay_exponent |
| case TransportParameters::kAckDelayExponent: { |
| if (!in.ack_delay_exponent.Write(&writer)) { |
| QUIC_BUG(Failed to write ack_delay_exponent) |
| << "Failed to write ack_delay_exponent for " << in; |
| return false; |
| } |
| } break; |
| // max_ack_delay |
| case TransportParameters::kMaxAckDelay: { |
| if (!in.max_ack_delay.Write(&writer)) { |
| QUIC_BUG(Failed to write max_ack_delay) |
| << "Failed to write max_ack_delay for " << in; |
| return false; |
| } |
| } break; |
| // min_ack_delay_us |
| case TransportParameters::kMinAckDelay: { |
| if (!in.min_ack_delay_us.Write(&writer)) { |
| QUIC_BUG(Failed to write min_ack_delay_us) |
| << "Failed to write min_ack_delay_us for " << in; |
| return false; |
| } |
| } break; |
| // active_connection_id_limit |
| case TransportParameters::kActiveConnectionIdLimit: { |
| if (!in.active_connection_id_limit.Write(&writer)) { |
| QUIC_BUG(Failed to write active_connection_id_limit) |
| << "Failed to write active_connection_id_limit for " << in; |
| return false; |
| } |
| } break; |
| // max_datagram_frame_size |
| case TransportParameters::kMaxDatagramFrameSize: { |
| if (!in.max_datagram_frame_size.Write(&writer)) { |
| QUIC_BUG(Failed to write max_datagram_frame_size) |
| << "Failed to write max_datagram_frame_size for " << in; |
| return false; |
| } |
| } break; |
| // initial_round_trip_time_us |
| case TransportParameters::kInitialRoundTripTime: { |
| if (!in.initial_round_trip_time_us.Write(&writer)) { |
| QUIC_BUG(Failed to write initial_round_trip_time_us) |
| << "Failed to write initial_round_trip_time_us for " << in; |
| return false; |
| } |
| } break; |
| // disable_active_migration |
| case TransportParameters::kDisableActiveMigration: { |
| if (in.disable_active_migration) { |
| if (!writer.WriteVarInt62( |
| TransportParameters::kDisableActiveMigration) || |
| !writer.WriteVarInt62(/* transport parameter length */ 0)) { |
| QUIC_BUG(Failed to write disable_active_migration) |
| << "Failed to write disable_active_migration for " << in; |
| return false; |
| } |
| } |
| } break; |
| // preferred_address |
| case TransportParameters::kPreferredAddress: { |
| if (in.preferred_address) { |
| std::string v4_address_bytes = |
| in.preferred_address->ipv4_socket_address.host().ToPackedString(); |
| std::string v6_address_bytes = |
| in.preferred_address->ipv6_socket_address.host().ToPackedString(); |
| if (v4_address_bytes.length() != 4 || |
| v6_address_bytes.length() != 16 || |
| in.preferred_address->stateless_reset_token.size() != |
| kStatelessResetTokenLength) { |
| QUIC_BUG(quic_bug_10743_12) |
| << "Bad lengths " << *in.preferred_address; |
| return false; |
| } |
| const uint64_t preferred_address_length = |
| v4_address_bytes.length() + /* IPv4 port */ sizeof(uint16_t) + |
| v6_address_bytes.length() + /* IPv6 port */ sizeof(uint16_t) + |
| /* connection ID length byte */ sizeof(uint8_t) + |
| in.preferred_address->connection_id.length() + |
| in.preferred_address->stateless_reset_token.size(); |
| if (!writer.WriteVarInt62(TransportParameters::kPreferredAddress) || |
| !writer.WriteVarInt62( |
| /* transport parameter length */ preferred_address_length) || |
| !writer.WriteStringPiece(v4_address_bytes) || |
| !writer.WriteUInt16( |
| in.preferred_address->ipv4_socket_address.port()) || |
| !writer.WriteStringPiece(v6_address_bytes) || |
| !writer.WriteUInt16( |
| in.preferred_address->ipv6_socket_address.port()) || |
| !writer.WriteUInt8( |
| in.preferred_address->connection_id.length()) || |
| !writer.WriteBytes( |
| in.preferred_address->connection_id.data(), |
| in.preferred_address->connection_id.length()) || |
| !writer.WriteBytes( |
| in.preferred_address->stateless_reset_token.data(), |
| in.preferred_address->stateless_reset_token.size())) { |
| QUIC_BUG(Failed to write preferred_address) |
| << "Failed to write preferred_address for " << in; |
| return false; |
| } |
| } |
| } break; |
| // initial_source_connection_id |
| case TransportParameters::kInitialSourceConnectionId: { |
| if (in.initial_source_connection_id.has_value()) { |
| QuicConnectionId initial_source_connection_id = |
| in.initial_source_connection_id.value(); |
| if (!writer.WriteVarInt62( |
| TransportParameters::kInitialSourceConnectionId) || |
| !writer.WriteStringPieceVarInt62( |
| absl::string_view(initial_source_connection_id.data(), |
| initial_source_connection_id.length()))) { |
| QUIC_BUG(Failed to write initial_source_connection_id) |
| << "Failed to write initial_source_connection_id " |
| << initial_source_connection_id << " for " << in; |
| return false; |
| } |
| } |
| } break; |
| // retry_source_connection_id |
| case TransportParameters::kRetrySourceConnectionId: { |
| if (in.retry_source_connection_id.has_value()) { |
| QUICHE_DCHECK_EQ(Perspective::IS_SERVER, in.perspective); |
| QuicConnectionId retry_source_connection_id = |
| in.retry_source_connection_id.value(); |
| if (!writer.WriteVarInt62( |
| TransportParameters::kRetrySourceConnectionId) || |
| !writer.WriteStringPieceVarInt62( |
| absl::string_view(retry_source_connection_id.data(), |
| retry_source_connection_id.length()))) { |
| QUIC_BUG(Failed to write retry_source_connection_id) |
| << "Failed to write retry_source_connection_id " |
| << retry_source_connection_id << " for " << in; |
| return false; |
| } |
| } |
| } break; |
| // Google-specific connection options. |
| case TransportParameters::kGoogleConnectionOptions: { |
| if (in.google_connection_options.has_value()) { |
| static_assert( |
| sizeof(in.google_connection_options.value().front()) == 4, |
| "bad size"); |
| uint64_t connection_options_length = |
| in.google_connection_options.value().size() * 4; |
| if (!writer.WriteVarInt62( |
| TransportParameters::kGoogleConnectionOptions) || |
| !writer.WriteVarInt62( |
| /* transport parameter length */ connection_options_length)) { |
| QUIC_BUG(Failed to write google_connection_options) |
| << "Failed to write google_connection_options of length " |
| << connection_options_length << " for " << in; |
| return false; |
| } |
| for (const QuicTag& connection_option : |
| in.google_connection_options.value()) { |
| if (!writer.WriteTag(connection_option)) { |
| QUIC_BUG(Failed to write google_connection_option) |
| << "Failed to write google_connection_option " |
| << QuicTagToString(connection_option) << " for " << in; |
| return false; |
| } |
| } |
| } |
| } break; |
| // Google-specific user agent identifier. |
| case TransportParameters::kGoogleUserAgentId: { |
| if (in.user_agent_id.has_value()) { |
| if (!writer.WriteVarInt62(TransportParameters::kGoogleUserAgentId) || |
| !writer.WriteStringPieceVarInt62(in.user_agent_id.value())) { |
| QUIC_BUG(Failed to write Google user agent ID) |
| << "Failed to write Google user agent ID \"" |
| << in.user_agent_id.value() << "\" for " << in; |
| return false; |
| } |
| } |
| } break; |
| // Google-specific indicator for key update not yet supported. |
| case TransportParameters::kGoogleKeyUpdateNotYetSupported: { |
| if (in.key_update_not_yet_supported) { |
| if (!writer.WriteVarInt62( |
| TransportParameters::kGoogleKeyUpdateNotYetSupported) || |
| !writer.WriteVarInt62(/* transport parameter length */ 0)) { |
| QUIC_BUG(Failed to write key_update_not_yet_supported) |
| << "Failed to write key_update_not_yet_supported for " << in; |
| return false; |
| } |
| } |
| } break; |
| // Google-specific version extension. |
| case TransportParameters::kGoogleQuicVersion: { |
| static_assert(sizeof(QuicVersionLabel) == sizeof(uint32_t), |
| "bad length"); |
| uint64_t google_version_length = sizeof(in.version); |
| if (in.perspective == Perspective::IS_SERVER) { |
| google_version_length += |
| /* versions length */ sizeof(uint8_t) + |
| sizeof(QuicVersionLabel) * in.supported_versions.size(); |
| } |
| if (!writer.WriteVarInt62(TransportParameters::kGoogleQuicVersion) || |
| !writer.WriteVarInt62( |
| /* transport parameter length */ google_version_length) || |
| !writer.WriteUInt32(in.version)) { |
| QUIC_BUG(Failed to write Google version extension) |
| << "Failed to write Google version extension for " << in; |
| return false; |
| } |
| if (in.perspective == Perspective::IS_SERVER) { |
| if (!writer.WriteUInt8(sizeof(QuicVersionLabel) * |
| in.supported_versions.size())) { |
| QUIC_BUG(Failed to write versions length) |
| << "Failed to write versions length for " << in; |
| return false; |
| } |
| for (QuicVersionLabel version_label : in.supported_versions) { |
| if (!writer.WriteUInt32(version_label)) { |
| QUIC_BUG(Failed to write supported version) |
| << "Failed to write supported version for " << in; |
| return false; |
| } |
| } |
| } |
| } break; |
| // Custom parameters and GREASE. |
| default: { |
| auto it = custom_parameters.find(parameter_id); |
| if (it == custom_parameters.end()) { |
| QUIC_BUG(Unknown parameter) << "Unknown parameter " << parameter_id; |
| return false; |
| } |
| if (!writer.WriteVarInt62(parameter_id) || |
| !writer.WriteStringPieceVarInt62(it->second)) { |
| QUIC_BUG(Failed to write custom parameter) |
| << "Failed to write custom parameter " << parameter_id; |
| return false; |
| } |
| } break; |
| } |
| } |
| |
| out->resize(writer.length()); |
| |
| QUIC_DLOG(INFO) << "Serialized " << in << " as " << writer.length() |
| << " bytes"; |
| |
| return true; |
| } |
| |
| bool ParseTransportParameters(ParsedQuicVersion version, |
| Perspective perspective, |
| const uint8_t* in, |
| size_t in_len, |
| TransportParameters* out, |
| std::string* error_details) { |
| out->perspective = perspective; |
| QuicDataReader reader(reinterpret_cast<const char*>(in), in_len); |
| |
| while (!reader.IsDoneReading()) { |
| uint64_t param_id64; |
| if (!reader.ReadVarInt62(¶m_id64)) { |
| *error_details = "Failed to parse transport parameter ID"; |
| return false; |
| } |
| TransportParameters::TransportParameterId param_id = |
| static_cast<TransportParameters::TransportParameterId>(param_id64); |
| absl::string_view value; |
| if (!reader.ReadStringPieceVarInt62(&value)) { |
| *error_details = |
| "Failed to read length and value of transport parameter " + |
| TransportParameterIdToString(param_id); |
| return false; |
| } |
| QuicDataReader value_reader(value); |
| bool parse_success = true; |
| switch (param_id) { |
| case TransportParameters::kOriginalDestinationConnectionId: { |
| if (out->original_destination_connection_id.has_value()) { |
| *error_details = |
| "Received a second original_destination_connection_id"; |
| return false; |
| } |
| const size_t connection_id_length = value_reader.BytesRemaining(); |
| if (!QuicUtils::IsConnectionIdLengthValidForVersion( |
| connection_id_length, version.transport_version)) { |
| *error_details = absl::StrCat( |
| "Received original_destination_connection_id of invalid length ", |
| connection_id_length); |
| return false; |
| } |
| QuicConnectionId original_destination_connection_id; |
| if (!value_reader.ReadConnectionId(&original_destination_connection_id, |
| connection_id_length)) { |
| *error_details = "Failed to read original_destination_connection_id"; |
| return false; |
| } |
| out->original_destination_connection_id = |
| original_destination_connection_id; |
| } break; |
| case TransportParameters::kMaxIdleTimeout: |
| parse_success = |
| out->max_idle_timeout_ms.Read(&value_reader, error_details); |
| break; |
| case TransportParameters::kStatelessResetToken: { |
| if (!out->stateless_reset_token.empty()) { |
| *error_details = "Received a second stateless_reset_token"; |
| return false; |
| } |
| absl::string_view stateless_reset_token = |
| value_reader.ReadRemainingPayload(); |
| if (stateless_reset_token.length() != kStatelessResetTokenLength) { |
| *error_details = |
| absl::StrCat("Received stateless_reset_token of invalid length ", |
| stateless_reset_token.length()); |
| return false; |
| } |
| out->stateless_reset_token.assign( |
| stateless_reset_token.data(), |
| stateless_reset_token.data() + stateless_reset_token.length()); |
| } break; |
| case TransportParameters::kMaxPacketSize: |
| parse_success = |
| out->max_udp_payload_size.Read(&value_reader, error_details); |
| break; |
| case TransportParameters::kInitialMaxData: |
| parse_success = |
| out->initial_max_data.Read(&value_reader, error_details); |
| break; |
| case TransportParameters::kInitialMaxStreamDataBidiLocal: |
| parse_success = out->initial_max_stream_data_bidi_local.Read( |
| &value_reader, error_details); |
| break; |
| case TransportParameters::kInitialMaxStreamDataBidiRemote: |
| parse_success = out->initial_max_stream_data_bidi_remote.Read( |
| &value_reader, error_details); |
| break; |
| case TransportParameters::kInitialMaxStreamDataUni: |
| parse_success = |
| out->initial_max_stream_data_uni.Read(&value_reader, error_details); |
| break; |
| case TransportParameters::kInitialMaxStreamsBidi: |
| parse_success = |
| out->initial_max_streams_bidi.Read(&value_reader, error_details); |
| break; |
| case TransportParameters::kInitialMaxStreamsUni: |
| parse_success = |
| out->initial_max_streams_uni.Read(&value_reader, error_details); |
| break; |
| case TransportParameters::kAckDelayExponent: |
| parse_success = |
| out->ack_delay_exponent.Read(&value_reader, error_details); |
| break; |
| case TransportParameters::kMaxAckDelay: |
| parse_success = out->max_ack_delay.Read(&value_reader, error_details); |
| break; |
| case TransportParameters::kDisableActiveMigration: |
| if (out->disable_active_migration) { |
| *error_details = "Received a second disable_active_migration"; |
| return false; |
| } |
| out->disable_active_migration = true; |
| break; |
| case TransportParameters::kPreferredAddress: { |
| TransportParameters::PreferredAddress preferred_address; |
| uint16_t ipv4_port, ipv6_port; |
| in_addr ipv4_address; |
| in6_addr ipv6_address; |
| preferred_address.stateless_reset_token.resize( |
| kStatelessResetTokenLength); |
| if (!value_reader.ReadBytes(&ipv4_address, sizeof(ipv4_address)) || |
| !value_reader.ReadUInt16(&ipv4_port) || |
| !value_reader.ReadBytes(&ipv6_address, sizeof(ipv6_address)) || |
| !value_reader.ReadUInt16(&ipv6_port) || |
| !value_reader.ReadLengthPrefixedConnectionId( |
| &preferred_address.connection_id) || |
| !value_reader.ReadBytes(&preferred_address.stateless_reset_token[0], |
| kStatelessResetTokenLength)) { |
| *error_details = "Failed to read preferred_address"; |
| return false; |
| } |
| preferred_address.ipv4_socket_address = |
| QuicSocketAddress(QuicIpAddress(ipv4_address), ipv4_port); |
| preferred_address.ipv6_socket_address = |
| QuicSocketAddress(QuicIpAddress(ipv6_address), ipv6_port); |
| if (!preferred_address.ipv4_socket_address.host().IsIPv4() || |
| !preferred_address.ipv6_socket_address.host().IsIPv6()) { |
| *error_details = "Received preferred_address of bad families " + |
| preferred_address.ToString(); |
| return false; |
| } |
| if (!QuicUtils::IsConnectionIdValidForVersion( |
| preferred_address.connection_id, version.transport_version)) { |
| *error_details = "Received invalid preferred_address connection ID " + |
| preferred_address.ToString(); |
| return false; |
| } |
| out->preferred_address = |
| std::make_unique<TransportParameters::PreferredAddress>( |
| preferred_address); |
| } break; |
| case TransportParameters::kActiveConnectionIdLimit: |
| parse_success = |
| out->active_connection_id_limit.Read(&value_reader, error_details); |
| break; |
| case TransportParameters::kInitialSourceConnectionId: { |
| if (out->initial_source_connection_id.has_value()) { |
| *error_details = "Received a second initial_source_connection_id"; |
| return false; |
| } |
| const size_t connection_id_length = value_reader.BytesRemaining(); |
| if (!QuicUtils::IsConnectionIdLengthValidForVersion( |
| connection_id_length, version.transport_version)) { |
| *error_details = absl::StrCat( |
| "Received initial_source_connection_id of invalid length ", |
| connection_id_length); |
| return false; |
| } |
| QuicConnectionId initial_source_connection_id; |
| if (!value_reader.ReadConnectionId(&initial_source_connection_id, |
| connection_id_length)) { |
| *error_details = "Failed to read initial_source_connection_id"; |
| return false; |
| } |
| out->initial_source_connection_id = initial_source_connection_id; |
| } break; |
| case TransportParameters::kRetrySourceConnectionId: { |
| if (out->retry_source_connection_id.has_value()) { |
| *error_details = "Received a second retry_source_connection_id"; |
| return false; |
| } |
| const size_t connection_id_length = value_reader.BytesRemaining(); |
| if (!QuicUtils::IsConnectionIdLengthValidForVersion( |
| connection_id_length, version.transport_version)) { |
| *error_details = absl::StrCat( |
| "Received retry_source_connection_id of invalid length ", |
| connection_id_length); |
| return false; |
| } |
| QuicConnectionId retry_source_connection_id; |
| if (!value_reader.ReadConnectionId(&retry_source_connection_id, |
| connection_id_length)) { |
| *error_details = "Failed to read retry_source_connection_id"; |
| return false; |
| } |
| out->retry_source_connection_id = retry_source_connection_id; |
| } break; |
| case TransportParameters::kMaxDatagramFrameSize: |
| parse_success = |
| out->max_datagram_frame_size.Read(&value_reader, error_details); |
| break; |
| case TransportParameters::kInitialRoundTripTime: |
| parse_success = |
| out->initial_round_trip_time_us.Read(&value_reader, error_details); |
| break; |
| case TransportParameters::kGoogleConnectionOptions: { |
| if (out->google_connection_options.has_value()) { |
| *error_details = "Received a second google_connection_options"; |
| return false; |
| } |
| out->google_connection_options = QuicTagVector{}; |
| while (!value_reader.IsDoneReading()) { |
| QuicTag connection_option; |
| if (!value_reader.ReadTag(&connection_option)) { |
| *error_details = "Failed to read a google_connection_options"; |
| return false; |
| } |
| out->google_connection_options.value().push_back(connection_option); |
| } |
| } break; |
| case TransportParameters::kGoogleUserAgentId: |
| if (GetQuicReloadableFlag(quic_ignore_user_agent_transport_parameter)) { |
| QUIC_RELOADABLE_FLAG_COUNT( |
| quic_ignore_user_agent_transport_parameter); |
| // This is a copy of the default switch statement below. |
| // TODO(dschinazi) remove this case entirely when deprecating the |
| // quic_ignore_user_agent_transport_parameter flag. |
| if (out->custom_parameters.find(param_id) != |
| out->custom_parameters.end()) { |
| *error_details = "Received a second unknown parameter" + |
| TransportParameterIdToString(param_id); |
| return false; |
| } |
| out->custom_parameters[param_id] = |
| std::string(value_reader.ReadRemainingPayload()); |
| break; |
| } |
| if (out->user_agent_id.has_value()) { |
| *error_details = "Received a second user_agent_id"; |
| return false; |
| } |
| out->user_agent_id = std::string(value_reader.ReadRemainingPayload()); |
| break; |
| case TransportParameters::kGoogleKeyUpdateNotYetSupported: |
| if (GetQuicReloadableFlag(quic_ignore_key_update_not_yet_supported)) { |
| QUIC_RELOADABLE_FLAG_COUNT_N(quic_ignore_key_update_not_yet_supported, |
| 1, 2); |
| QUIC_CODE_COUNT(quic_ignore_key_update_not_yet_supported_ignored); |
| // This is a copy of the default switch statement below. |
| // TODO(dschinazi) remove this case entirely when deprecating the |
| // quic_ignore_key_update_not_yet_supported flag. |
| if (out->custom_parameters.find(param_id) != |
| out->custom_parameters.end()) { |
| *error_details = "Received a second unknown parameter" + |
| TransportParameterIdToString(param_id); |
| return false; |
| } |
| out->custom_parameters[param_id] = |
| std::string(value_reader.ReadRemainingPayload()); |
| break; |
| } |
| QUIC_CODE_COUNT(quic_ignore_key_update_not_yet_supported_received); |
| if (out->key_update_not_yet_supported) { |
| *error_details = "Received a second key_update_not_yet_supported"; |
| return false; |
| } |
| out->key_update_not_yet_supported = true; |
| break; |
| case TransportParameters::kGoogleQuicVersion: { |
| if (!value_reader.ReadUInt32(&out->version)) { |
| *error_details = "Failed to read Google version extension version"; |
| return false; |
| } |
| if (perspective == Perspective::IS_SERVER) { |
| uint8_t versions_length; |
| if (!value_reader.ReadUInt8(&versions_length)) { |
| *error_details = "Failed to parse Google supported versions length"; |
| return false; |
| } |
| const uint8_t num_versions = versions_length / sizeof(uint32_t); |
| for (uint8_t i = 0; i < num_versions; ++i) { |
| QuicVersionLabel version; |
| if (!value_reader.ReadUInt32(&version)) { |
| *error_details = "Failed to parse Google supported version"; |
| return false; |
| } |
| out->supported_versions.push_back(version); |
| } |
| } |
| } break; |
| case TransportParameters::kMinAckDelay: |
| parse_success = |
| out->min_ack_delay_us.Read(&value_reader, error_details); |
| break; |
| default: |
| if (out->custom_parameters.find(param_id) != |
| out->custom_parameters.end()) { |
| *error_details = "Received a second unknown parameter" + |
| TransportParameterIdToString(param_id); |
| return false; |
| } |
| out->custom_parameters[param_id] = |
| std::string(value_reader.ReadRemainingPayload()); |
| break; |
| } |
| if (!parse_success) { |
| QUICHE_DCHECK(!error_details->empty()); |
| return false; |
| } |
| if (!value_reader.IsDoneReading()) { |
| *error_details = absl::StrCat( |
| "Received unexpected ", value_reader.BytesRemaining(), |
| " bytes after parsing ", TransportParameterIdToString(param_id)); |
| return false; |
| } |
| } |
| |
| if (!out->AreValid(error_details)) { |
| QUICHE_DCHECK(!error_details->empty()); |
| return false; |
| } |
| |
| QUIC_DLOG(INFO) << "Parsed transport parameters " << *out << " from " |
| << in_len << " bytes"; |
| |
| return true; |
| } |
| |
| namespace { |
| |
| bool DigestUpdateIntegerParam( |
| EVP_MD_CTX* hash_ctx, |
| const TransportParameters::IntegerParameter& param) { |
| uint64_t value = param.value(); |
| return EVP_DigestUpdate(hash_ctx, &value, sizeof(value)); |
| } |
| |
| } // namespace |
| |
| bool SerializeTransportParametersForTicket( |
| const TransportParameters& in, |
| const std::vector<uint8_t>& application_data, |
| std::vector<uint8_t>* out) { |
| std::string error_details; |
| if (!in.AreValid(&error_details)) { |
| QUIC_BUG(quic_bug_10743_26) |
| << "Not serializing invalid transport parameters: " << error_details; |
| return false; |
| } |
| |
| out->resize(SHA256_DIGEST_LENGTH + 1); |
| const uint8_t serialization_version = 0; |
| (*out)[0] = serialization_version; |
| |
| bssl::ScopedEVP_MD_CTX hash_ctx; |
| // Write application data: |
| uint64_t app_data_len = application_data.size(); |
| const uint64_t parameter_version = 0; |
| // The format of the input to the hash function is as follows: |
| // - The application data, prefixed with a 64-bit length field. |
| // - Transport parameters: |
| // - A 64-bit version field indicating which version of encoding is used |
| // for transport parameters. |
| // - A list of 64-bit integers representing the relevant parameters. |
| // |
| // When changing which parameters are included, additional parameters can be |
| // added to the end of the list without changing the version field. New |
| // parameters that are variable length must be length prefixed. If |
| // parameters are removed from the list, the version field must be |
| // incremented. |
| // |
| // Integers happen to be written in host byte order, not network byte order. |
| if (!EVP_DigestInit(hash_ctx.get(), EVP_sha256()) || |
| !EVP_DigestUpdate(hash_ctx.get(), &app_data_len, sizeof(app_data_len)) || |
| !EVP_DigestUpdate(hash_ctx.get(), application_data.data(), |
| application_data.size()) || |
| !EVP_DigestUpdate(hash_ctx.get(), ¶meter_version, |
| sizeof(parameter_version))) { |
| QUIC_BUG(quic_bug_10743_27) |
| << "Unexpected failure of EVP_Digest functions when hashing " |
| "Transport Parameters for ticket"; |
| return false; |
| } |
| |
| // Write transport parameters specified by draft-ietf-quic-transport-28, |
| // section 7.4.1, that are remembered for 0-RTT. |
| if (!DigestUpdateIntegerParam(hash_ctx.get(), in.initial_max_data) || |
| !DigestUpdateIntegerParam(hash_ctx.get(), |
| in.initial_max_stream_data_bidi_local) || |
| !DigestUpdateIntegerParam(hash_ctx.get(), |
| in.initial_max_stream_data_bidi_remote) || |
| !DigestUpdateIntegerParam(hash_ctx.get(), |
| in.initial_max_stream_data_uni) || |
| !DigestUpdateIntegerParam(hash_ctx.get(), in.initial_max_streams_bidi) || |
| !DigestUpdateIntegerParam(hash_ctx.get(), in.initial_max_streams_uni) || |
| !DigestUpdateIntegerParam(hash_ctx.get(), |
| in.active_connection_id_limit)) { |
| QUIC_BUG(quic_bug_10743_28) |
| << "Unexpected failure of EVP_Digest functions when hashing " |
| "Transport Parameters for ticket"; |
| return false; |
| } |
| uint8_t disable_active_migration = in.disable_active_migration ? 1 : 0; |
| if (!EVP_DigestUpdate(hash_ctx.get(), &disable_active_migration, |
| sizeof(disable_active_migration)) || |
| !EVP_DigestFinal(hash_ctx.get(), out->data() + 1, nullptr)) { |
| QUIC_BUG(quic_bug_10743_29) |
| << "Unexpected failure of EVP_Digest functions when hashing " |
| "Transport Parameters for ticket"; |
| return false; |
| } |
| return true; |
| } |
| |
| } // namespace quic |