| // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "quic/core/quic_framer.h" |
| |
| #include <cstddef> |
| #include <cstdint> |
| #include <limits> |
| #include <memory> |
| #include <string> |
| #include <utility> |
| |
| #include "absl/base/attributes.h" |
| #include "absl/base/macros.h" |
| #include "absl/base/optimization.h" |
| #include "absl/strings/escaping.h" |
| #include "absl/strings/numbers.h" |
| #include "absl/strings/str_cat.h" |
| #include "absl/strings/str_split.h" |
| #include "absl/strings/string_view.h" |
| #include "quic/core/crypto/crypto_framer.h" |
| #include "quic/core/crypto/crypto_handshake.h" |
| #include "quic/core/crypto/crypto_handshake_message.h" |
| #include "quic/core/crypto/crypto_protocol.h" |
| #include "quic/core/crypto/crypto_utils.h" |
| #include "quic/core/crypto/null_decrypter.h" |
| #include "quic/core/crypto/null_encrypter.h" |
| #include "quic/core/crypto/quic_decrypter.h" |
| #include "quic/core/crypto/quic_encrypter.h" |
| #include "quic/core/crypto/quic_random.h" |
| #include "quic/core/frames/quic_ack_frequency_frame.h" |
| #include "quic/core/quic_connection_id.h" |
| #include "quic/core/quic_constants.h" |
| #include "quic/core/quic_data_reader.h" |
| #include "quic/core/quic_data_writer.h" |
| #include "quic/core/quic_error_codes.h" |
| #include "quic/core/quic_packets.h" |
| #include "quic/core/quic_socket_address_coder.h" |
| #include "quic/core/quic_stream_frame_data_producer.h" |
| #include "quic/core/quic_time.h" |
| #include "quic/core/quic_types.h" |
| #include "quic/core/quic_utils.h" |
| #include "quic/core/quic_versions.h" |
| #include "quic/platform/api/quic_bug_tracker.h" |
| #include "quic/platform/api/quic_client_stats.h" |
| #include "quic/platform/api/quic_flag_utils.h" |
| #include "quic/platform/api/quic_flags.h" |
| #include "quic/platform/api/quic_logging.h" |
| #include "quic/platform/api/quic_stack_trace.h" |
| #include "common/quiche_text_utils.h" |
| |
| namespace quic { |
| |
| namespace { |
| |
| #define ENDPOINT \ |
| (perspective_ == Perspective::IS_SERVER ? "Server: " : "Client: ") |
| |
| // Number of bits the packet number length bits are shifted from the right |
| // edge of the header. |
| const uint8_t kPublicHeaderSequenceNumberShift = 4; |
| |
| // There are two interpretations for the Frame Type byte in the QUIC protocol, |
| // resulting in two Frame Types: Special Frame Types and Regular Frame Types. |
| // |
| // Regular Frame Types use the Frame Type byte simply. Currently defined |
| // Regular Frame Types are: |
| // Padding : 0b 00000000 (0x00) |
| // ResetStream : 0b 00000001 (0x01) |
| // ConnectionClose : 0b 00000010 (0x02) |
| // GoAway : 0b 00000011 (0x03) |
| // WindowUpdate : 0b 00000100 (0x04) |
| // Blocked : 0b 00000101 (0x05) |
| // |
| // Special Frame Types encode both a Frame Type and corresponding flags |
| // all in the Frame Type byte. Currently defined Special Frame Types |
| // are: |
| // Stream : 0b 1xxxxxxx |
| // Ack : 0b 01xxxxxx |
| // |
| // Semantics of the flag bits above (the x bits) depends on the frame type. |
| |
| // Masks to determine if the frame type is a special use |
| // and for specific special frame types. |
| const uint8_t kQuicFrameTypeBrokenMask = 0xE0; // 0b 11100000 |
| const uint8_t kQuicFrameTypeSpecialMask = 0xC0; // 0b 11000000 |
| const uint8_t kQuicFrameTypeStreamMask = 0x80; |
| const uint8_t kQuicFrameTypeAckMask = 0x40; |
| static_assert(kQuicFrameTypeSpecialMask == |
| (kQuicFrameTypeStreamMask | kQuicFrameTypeAckMask), |
| "Invalid kQuicFrameTypeSpecialMask"); |
| |
| // The stream type format is 1FDOOOSS, where |
| // F is the fin bit. |
| // D is the data length bit (0 or 2 bytes). |
| // OO/OOO are the size of the offset. |
| // SS is the size of the stream ID. |
| // Note that the stream encoding can not be determined by inspection. It can |
| // be determined only by knowing the QUIC Version. |
| // Stream frame relative shifts and masks for interpreting the stream flags. |
| // StreamID may be 1, 2, 3, or 4 bytes. |
| const uint8_t kQuicStreamIdShift = 2; |
| const uint8_t kQuicStreamIDLengthMask = 0x03; |
| |
| // Offset may be 0, 2, 4, or 8 bytes. |
| const uint8_t kQuicStreamShift = 3; |
| const uint8_t kQuicStreamOffsetMask = 0x07; |
| |
| // Data length may be 0 or 2 bytes. |
| const uint8_t kQuicStreamDataLengthShift = 1; |
| const uint8_t kQuicStreamDataLengthMask = 0x01; |
| |
| // Fin bit may be set or not. |
| const uint8_t kQuicStreamFinShift = 1; |
| const uint8_t kQuicStreamFinMask = 0x01; |
| |
| // The format is 01M0LLOO, where |
| // M if set, there are multiple ack blocks in the frame. |
| // LL is the size of the largest ack field. |
| // OO is the size of the ack blocks offset field. |
| // packet number size shift used in AckFrames. |
| const uint8_t kQuicSequenceNumberLengthNumBits = 2; |
| const uint8_t kActBlockLengthOffset = 0; |
| const uint8_t kLargestAckedOffset = 2; |
| |
| // Acks may have only one ack block. |
| const uint8_t kQuicHasMultipleAckBlocksOffset = 5; |
| |
| // Timestamps are 4 bytes followed by 2 bytes. |
| const uint8_t kQuicNumTimestampsLength = 1; |
| const uint8_t kQuicFirstTimestampLength = 4; |
| const uint8_t kQuicTimestampLength = 2; |
| // Gaps between packet numbers are 1 byte. |
| const uint8_t kQuicTimestampPacketNumberGapLength = 1; |
| |
| // Maximum length of encoded error strings. |
| const int kMaxErrorStringLength = 256; |
| |
| const uint8_t kConnectionIdLengthAdjustment = 3; |
| const uint8_t kDestinationConnectionIdLengthMask = 0xF0; |
| const uint8_t kSourceConnectionIdLengthMask = 0x0F; |
| |
| // Returns the absolute value of the difference between |a| and |b|. |
| uint64_t Delta(uint64_t a, uint64_t b) { |
| // Since these are unsigned numbers, we can't just return abs(a - b) |
| if (a < b) { |
| return b - a; |
| } |
| return a - b; |
| } |
| |
| uint64_t ClosestTo(uint64_t target, uint64_t a, uint64_t b) { |
| return (Delta(target, a) < Delta(target, b)) ? a : b; |
| } |
| |
| QuicPacketNumberLength ReadSequenceNumberLength(uint8_t flags) { |
| switch (flags & PACKET_FLAGS_8BYTE_PACKET) { |
| case PACKET_FLAGS_8BYTE_PACKET: |
| return PACKET_6BYTE_PACKET_NUMBER; |
| case PACKET_FLAGS_4BYTE_PACKET: |
| return PACKET_4BYTE_PACKET_NUMBER; |
| case PACKET_FLAGS_2BYTE_PACKET: |
| return PACKET_2BYTE_PACKET_NUMBER; |
| case PACKET_FLAGS_1BYTE_PACKET: |
| return PACKET_1BYTE_PACKET_NUMBER; |
| default: |
| QUIC_BUG(quic_bug_10850_1) << "Unreachable case statement."; |
| return PACKET_6BYTE_PACKET_NUMBER; |
| } |
| } |
| |
| QuicPacketNumberLength ReadAckPacketNumberLength( |
| uint8_t flags) { |
| switch (flags & PACKET_FLAGS_8BYTE_PACKET) { |
| case PACKET_FLAGS_8BYTE_PACKET: |
| return PACKET_6BYTE_PACKET_NUMBER; |
| case PACKET_FLAGS_4BYTE_PACKET: |
| return PACKET_4BYTE_PACKET_NUMBER; |
| case PACKET_FLAGS_2BYTE_PACKET: |
| return PACKET_2BYTE_PACKET_NUMBER; |
| case PACKET_FLAGS_1BYTE_PACKET: |
| return PACKET_1BYTE_PACKET_NUMBER; |
| default: |
| QUIC_BUG(quic_bug_10850_2) << "Unreachable case statement."; |
| return PACKET_6BYTE_PACKET_NUMBER; |
| } |
| } |
| |
| uint8_t PacketNumberLengthToOnWireValue( |
| QuicPacketNumberLength packet_number_length) { |
| return packet_number_length - 1; |
| } |
| |
| QuicPacketNumberLength GetShortHeaderPacketNumberLength(uint8_t type) { |
| QUICHE_DCHECK(!(type & FLAGS_LONG_HEADER)); |
| return static_cast<QuicPacketNumberLength>((type & 0x03) + 1); |
| } |
| |
| uint8_t LongHeaderTypeToOnWireValue(QuicLongHeaderType type) { |
| switch (type) { |
| case INITIAL: |
| return 0; |
| case ZERO_RTT_PROTECTED: |
| return 1 << 4; |
| case HANDSHAKE: |
| return 2 << 4; |
| case RETRY: |
| return 3 << 4; |
| case VERSION_NEGOTIATION: |
| return 0xF0; // Value does not matter |
| default: |
| QUIC_BUG(quic_bug_10850_3) << "Invalid long header type: " << type; |
| return 0xFF; |
| } |
| } |
| |
| bool GetLongHeaderType(uint8_t type, QuicLongHeaderType* long_header_type) { |
| QUICHE_DCHECK((type & FLAGS_LONG_HEADER)); |
| switch ((type & 0x30) >> 4) { |
| case 0: |
| *long_header_type = INITIAL; |
| break; |
| case 1: |
| *long_header_type = ZERO_RTT_PROTECTED; |
| break; |
| case 2: |
| *long_header_type = HANDSHAKE; |
| break; |
| case 3: |
| *long_header_type = RETRY; |
| break; |
| default: |
| QUIC_BUG(quic_bug_10850_4) << "Unreachable statement"; |
| *long_header_type = INVALID_PACKET_TYPE; |
| return false; |
| } |
| return true; |
| } |
| |
| QuicPacketNumberLength GetLongHeaderPacketNumberLength(uint8_t type) { |
| return static_cast<QuicPacketNumberLength>((type & 0x03) + 1); |
| } |
| |
| // Used to get packet number space before packet gets decrypted. |
| PacketNumberSpace GetPacketNumberSpace(const QuicPacketHeader& header) { |
| switch (header.form) { |
| case GOOGLE_QUIC_PACKET: |
| QUIC_BUG(quic_bug_10850_5) |
| << "Try to get packet number space of Google QUIC packet"; |
| break; |
| case IETF_QUIC_SHORT_HEADER_PACKET: |
| return APPLICATION_DATA; |
| case IETF_QUIC_LONG_HEADER_PACKET: |
| switch (header.long_packet_type) { |
| case INITIAL: |
| return INITIAL_DATA; |
| case HANDSHAKE: |
| return HANDSHAKE_DATA; |
| case ZERO_RTT_PROTECTED: |
| return APPLICATION_DATA; |
| case VERSION_NEGOTIATION: |
| case RETRY: |
| case INVALID_PACKET_TYPE: |
| QUIC_BUG(quic_bug_10850_6) |
| << "Try to get packet number space of long header type: " |
| << QuicUtils::QuicLongHeaderTypetoString(header.long_packet_type); |
| break; |
| } |
| } |
| |
| return NUM_PACKET_NUMBER_SPACES; |
| } |
| |
| EncryptionLevel GetEncryptionLevel(const QuicPacketHeader& header) { |
| switch (header.form) { |
| case GOOGLE_QUIC_PACKET: |
| QUIC_BUG(quic_bug_10850_7) |
| << "Cannot determine EncryptionLevel from Google QUIC header"; |
| break; |
| case IETF_QUIC_SHORT_HEADER_PACKET: |
| return ENCRYPTION_FORWARD_SECURE; |
| case IETF_QUIC_LONG_HEADER_PACKET: |
| switch (header.long_packet_type) { |
| case INITIAL: |
| return ENCRYPTION_INITIAL; |
| case HANDSHAKE: |
| return ENCRYPTION_HANDSHAKE; |
| case ZERO_RTT_PROTECTED: |
| return ENCRYPTION_ZERO_RTT; |
| case VERSION_NEGOTIATION: |
| case RETRY: |
| case INVALID_PACKET_TYPE: |
| QUIC_BUG(quic_bug_10850_8) |
| << "No encryption used with type " |
| << QuicUtils::QuicLongHeaderTypetoString(header.long_packet_type); |
| } |
| } |
| return NUM_ENCRYPTION_LEVELS; |
| } |
| |
| absl::string_view TruncateErrorString(absl::string_view error) { |
| if (error.length() <= kMaxErrorStringLength) { |
| return error; |
| } |
| return absl::string_view(error.data(), kMaxErrorStringLength); |
| } |
| |
| size_t TruncatedErrorStringSize(const absl::string_view& error) { |
| if (error.length() < kMaxErrorStringLength) { |
| return error.length(); |
| } |
| return kMaxErrorStringLength; |
| } |
| |
| uint8_t GetConnectionIdLengthValue(QuicConnectionIdLength length) { |
| if (length == 0) { |
| return 0; |
| } |
| return static_cast<uint8_t>(length - kConnectionIdLengthAdjustment); |
| } |
| |
| bool IsValidPacketNumberLength(QuicPacketNumberLength packet_number_length) { |
| size_t length = packet_number_length; |
| return length == 1 || length == 2 || length == 4 || length == 6 || |
| length == 8; |
| } |
| |
| bool IsValidFullPacketNumber(uint64_t full_packet_number, |
| ParsedQuicVersion version) { |
| return full_packet_number > 0 || version.HasIetfQuicFrames(); |
| } |
| |
| bool AppendIetfConnectionIds(bool version_flag, |
| bool use_length_prefix, |
| QuicConnectionId destination_connection_id, |
| QuicConnectionId source_connection_id, |
| QuicDataWriter* writer) { |
| if (!version_flag) { |
| return writer->WriteConnectionId(destination_connection_id); |
| } |
| |
| if (use_length_prefix) { |
| return writer->WriteLengthPrefixedConnectionId(destination_connection_id) && |
| writer->WriteLengthPrefixedConnectionId(source_connection_id); |
| } |
| |
| // Compute connection ID length byte. |
| uint8_t dcil = GetConnectionIdLengthValue( |
| static_cast<QuicConnectionIdLength>(destination_connection_id.length())); |
| uint8_t scil = GetConnectionIdLengthValue( |
| static_cast<QuicConnectionIdLength>(source_connection_id.length())); |
| uint8_t connection_id_length = dcil << 4 | scil; |
| |
| return writer->WriteUInt8(connection_id_length) && |
| writer->WriteConnectionId(destination_connection_id) && |
| writer->WriteConnectionId(source_connection_id); |
| } |
| |
| enum class DroppedPacketReason { |
| // General errors |
| INVALID_PUBLIC_HEADER, |
| VERSION_MISMATCH, |
| // Version negotiation packet errors |
| INVALID_VERSION_NEGOTIATION_PACKET, |
| // Public reset packet errors, pre-v44 |
| INVALID_PUBLIC_RESET_PACKET, |
| // Data packet errors |
| INVALID_PACKET_NUMBER, |
| INVALID_DIVERSIFICATION_NONCE, |
| DECRYPTION_FAILURE, |
| NUM_REASONS, |
| }; |
| |
| void RecordDroppedPacketReason(DroppedPacketReason reason) { |
| QUIC_CLIENT_HISTOGRAM_ENUM("QuicDroppedPacketReason", reason, |
| DroppedPacketReason::NUM_REASONS, |
| "The reason a packet was not processed. Recorded " |
| "each time such a packet is dropped"); |
| } |
| |
| PacketHeaderFormat GetIetfPacketHeaderFormat(uint8_t type_byte) { |
| return type_byte & FLAGS_LONG_HEADER ? IETF_QUIC_LONG_HEADER_PACKET |
| : IETF_QUIC_SHORT_HEADER_PACKET; |
| } |
| |
| std::string GenerateErrorString(std::string initial_error_string, |
| QuicErrorCode quic_error_code) { |
| if (quic_error_code == QUIC_IETF_GQUIC_ERROR_MISSING) { |
| // QUIC_IETF_GQUIC_ERROR_MISSING is special -- it means not to encode |
| // the error value in the string. |
| return initial_error_string; |
| } |
| return absl::StrCat(std::to_string(static_cast<unsigned>(quic_error_code)), |
| ":", initial_error_string); |
| } |
| |
| } // namespace |
| |
| QuicFramer::QuicFramer(const ParsedQuicVersionVector& supported_versions, |
| QuicTime creation_time, Perspective perspective, |
| uint8_t expected_server_connection_id_length) |
| : visitor_(nullptr), |
| error_(QUIC_NO_ERROR), |
| last_serialized_server_connection_id_(EmptyQuicConnectionId()), |
| last_serialized_client_connection_id_(EmptyQuicConnectionId()), |
| version_(ParsedQuicVersion::Unsupported()), |
| supported_versions_(supported_versions), |
| decrypter_level_(ENCRYPTION_INITIAL), |
| alternative_decrypter_level_(NUM_ENCRYPTION_LEVELS), |
| alternative_decrypter_latch_(false), |
| perspective_(perspective), |
| validate_flags_(true), |
| process_timestamps_(false), |
| creation_time_(creation_time), |
| last_timestamp_(QuicTime::Delta::Zero()), |
| support_key_update_for_connection_(false), |
| current_key_phase_bit_(false), |
| potential_peer_key_update_attempt_count_(0), |
| first_sending_packet_number_(FirstSendingPacketNumber()), |
| data_producer_(nullptr), |
| infer_packet_header_type_from_version_(perspective == |
| Perspective::IS_CLIENT), |
| expected_server_connection_id_length_( |
| expected_server_connection_id_length), |
| expected_client_connection_id_length_(0), |
| supports_multiple_packet_number_spaces_(false), |
| last_written_packet_number_length_(0), |
| peer_ack_delay_exponent_(kDefaultAckDelayExponent), |
| local_ack_delay_exponent_(kDefaultAckDelayExponent), |
| current_received_frame_type_(0), |
| previously_received_frame_type_(0) { |
| QUICHE_DCHECK(!supported_versions.empty()); |
| version_ = supported_versions_[0]; |
| QUICHE_DCHECK(version_.IsKnown()) |
| << ParsedQuicVersionVectorToString(supported_versions_); |
| } |
| |
| QuicFramer::~QuicFramer() {} |
| |
| // static |
| size_t QuicFramer::GetMinStreamFrameSize(QuicTransportVersion version, |
| QuicStreamId stream_id, |
| QuicStreamOffset offset, |
| bool last_frame_in_packet, |
| size_t data_length) { |
| if (VersionHasIetfQuicFrames(version)) { |
| return kQuicFrameTypeSize + QuicDataWriter::GetVarInt62Len(stream_id) + |
| (last_frame_in_packet |
| ? 0 |
| : QuicDataWriter::GetVarInt62Len(data_length)) + |
| (offset != 0 ? QuicDataWriter::GetVarInt62Len(offset) : 0); |
| } |
| return kQuicFrameTypeSize + GetStreamIdSize(stream_id) + |
| GetStreamOffsetSize(offset) + |
| (last_frame_in_packet ? 0 : kQuicStreamPayloadLengthSize); |
| } |
| |
| // static |
| size_t QuicFramer::GetMinCryptoFrameSize(QuicStreamOffset offset, |
| QuicPacketLength data_length) { |
| return kQuicFrameTypeSize + QuicDataWriter::GetVarInt62Len(offset) + |
| QuicDataWriter::GetVarInt62Len(data_length); |
| } |
| |
| // static |
| size_t QuicFramer::GetMessageFrameSize(QuicTransportVersion version, |
| bool last_frame_in_packet, |
| QuicByteCount length) { |
| QUIC_BUG_IF(quic_bug_12975_1, !VersionSupportsMessageFrames(version)) |
| << "Try to serialize MESSAGE frame in " << version; |
| return kQuicFrameTypeSize + |
| (last_frame_in_packet ? 0 : QuicDataWriter::GetVarInt62Len(length)) + |
| length; |
| } |
| |
| // static |
| size_t QuicFramer::GetMinAckFrameSize(QuicTransportVersion version, |
| const QuicAckFrame& ack_frame, |
| uint32_t local_ack_delay_exponent) { |
| if (VersionHasIetfQuicFrames(version)) { |
| // The minimal ack frame consists of the following fields: Largest |
| // Acknowledged, ACK Delay, 0 ACK Block Count, First ACK Block and ECN |
| // counts. |
| // Type byte + largest acked. |
| size_t min_size = |
| kQuicFrameTypeSize + |
| QuicDataWriter::GetVarInt62Len(LargestAcked(ack_frame).ToUint64()); |
| // Ack delay. |
| min_size += QuicDataWriter::GetVarInt62Len( |
| ack_frame.ack_delay_time.ToMicroseconds() >> local_ack_delay_exponent); |
| // 0 ack block count. |
| min_size += QuicDataWriter::GetVarInt62Len(0); |
| // First ack block. |
| min_size += QuicDataWriter::GetVarInt62Len( |
| ack_frame.packets.Empty() ? 0 |
| : ack_frame.packets.rbegin()->Length() - 1); |
| // ECN counts. |
| if (ack_frame.ecn_counters_populated && |
| (ack_frame.ect_0_count || ack_frame.ect_1_count || |
| ack_frame.ecn_ce_count)) { |
| min_size += (QuicDataWriter::GetVarInt62Len(ack_frame.ect_0_count) + |
| QuicDataWriter::GetVarInt62Len(ack_frame.ect_1_count) + |
| QuicDataWriter::GetVarInt62Len(ack_frame.ecn_ce_count)); |
| } |
| return min_size; |
| } |
| return kQuicFrameTypeSize + |
| GetMinPacketNumberLength(LargestAcked(ack_frame)) + |
| kQuicDeltaTimeLargestObservedSize + kQuicNumTimestampsSize; |
| } |
| |
| // static |
| size_t QuicFramer::GetStopWaitingFrameSize( |
| QuicPacketNumberLength packet_number_length) { |
| size_t min_size = kQuicFrameTypeSize + packet_number_length; |
| return min_size; |
| } |
| |
| // static |
| size_t QuicFramer::GetRstStreamFrameSize(QuicTransportVersion version, |
| const QuicRstStreamFrame& frame) { |
| if (VersionHasIetfQuicFrames(version)) { |
| return QuicDataWriter::GetVarInt62Len(frame.stream_id) + |
| QuicDataWriter::GetVarInt62Len(frame.byte_offset) + |
| kQuicFrameTypeSize + |
| QuicDataWriter::GetVarInt62Len(frame.ietf_error_code); |
| } |
| return kQuicFrameTypeSize + kQuicMaxStreamIdSize + kQuicMaxStreamOffsetSize + |
| kQuicErrorCodeSize; |
| } |
| |
| // static |
| size_t QuicFramer::GetConnectionCloseFrameSize( |
| QuicTransportVersion version, |
| const QuicConnectionCloseFrame& frame) { |
| if (!VersionHasIetfQuicFrames(version)) { |
| // Not IETF QUIC, return Google QUIC CONNECTION CLOSE frame size. |
| return kQuicFrameTypeSize + kQuicErrorCodeSize + |
| kQuicErrorDetailsLengthSize + |
| TruncatedErrorStringSize(frame.error_details); |
| } |
| |
| // Prepend the extra error information to the string and get the result's |
| // length. |
| const size_t truncated_error_string_size = TruncatedErrorStringSize( |
| GenerateErrorString(frame.error_details, frame.quic_error_code)); |
| |
| const size_t frame_size = |
| truncated_error_string_size + |
| QuicDataWriter::GetVarInt62Len(truncated_error_string_size) + |
| kQuicFrameTypeSize + |
| QuicDataWriter::GetVarInt62Len(frame.wire_error_code); |
| if (frame.close_type == IETF_QUIC_APPLICATION_CONNECTION_CLOSE) { |
| return frame_size; |
| } |
| // The Transport close frame has the transport_close_frame_type, so include |
| // its length. |
| return frame_size + |
| QuicDataWriter::GetVarInt62Len(frame.transport_close_frame_type); |
| } |
| |
| // static |
| size_t QuicFramer::GetMinGoAwayFrameSize() { |
| return kQuicFrameTypeSize + kQuicErrorCodeSize + kQuicErrorDetailsLengthSize + |
| kQuicMaxStreamIdSize; |
| } |
| |
| // static |
| size_t QuicFramer::GetWindowUpdateFrameSize( |
| QuicTransportVersion version, |
| const QuicWindowUpdateFrame& frame) { |
| if (!VersionHasIetfQuicFrames(version)) { |
| return kQuicFrameTypeSize + kQuicMaxStreamIdSize + kQuicMaxStreamOffsetSize; |
| } |
| if (frame.stream_id == QuicUtils::GetInvalidStreamId(version)) { |
| // Frame would be a MAX DATA frame, which has only a Maximum Data field. |
| return kQuicFrameTypeSize + QuicDataWriter::GetVarInt62Len(frame.max_data); |
| } |
| // Frame would be MAX STREAM DATA, has Maximum Stream Data and Stream ID |
| // fields. |
| return kQuicFrameTypeSize + QuicDataWriter::GetVarInt62Len(frame.max_data) + |
| QuicDataWriter::GetVarInt62Len(frame.stream_id); |
| } |
| |
| // static |
| size_t QuicFramer::GetMaxStreamsFrameSize(QuicTransportVersion version, |
| const QuicMaxStreamsFrame& frame) { |
| if (!VersionHasIetfQuicFrames(version)) { |
| QUIC_BUG(quic_bug_10850_9) |
| << "In version " << version |
| << ", which does not support IETF Frames, and tried to serialize " |
| "MaxStreams Frame."; |
| } |
| return kQuicFrameTypeSize + |
| QuicDataWriter::GetVarInt62Len(frame.stream_count); |
| } |
| |
| // static |
| size_t QuicFramer::GetStreamsBlockedFrameSize( |
| QuicTransportVersion version, |
| const QuicStreamsBlockedFrame& frame) { |
| if (!VersionHasIetfQuicFrames(version)) { |
| QUIC_BUG(quic_bug_10850_10) |
| << "In version " << version |
| << ", which does not support IETF frames, and tried to serialize " |
| "StreamsBlocked Frame."; |
| } |
| |
| return kQuicFrameTypeSize + |
| QuicDataWriter::GetVarInt62Len(frame.stream_count); |
| } |
| |
| // static |
| size_t QuicFramer::GetBlockedFrameSize(QuicTransportVersion version, |
| const QuicBlockedFrame& frame) { |
| if (!VersionHasIetfQuicFrames(version)) { |
| return kQuicFrameTypeSize + kQuicMaxStreamIdSize; |
| } |
| if (frame.stream_id == QuicUtils::GetInvalidStreamId(version)) { |
| // return size of IETF QUIC Blocked frame |
| return kQuicFrameTypeSize + QuicDataWriter::GetVarInt62Len(frame.offset); |
| } |
| // return size of IETF QUIC Stream Blocked frame. |
| return kQuicFrameTypeSize + QuicDataWriter::GetVarInt62Len(frame.offset) + |
| QuicDataWriter::GetVarInt62Len(frame.stream_id); |
| } |
| |
| // static |
| size_t QuicFramer::GetStopSendingFrameSize(const QuicStopSendingFrame& frame) { |
| return kQuicFrameTypeSize + QuicDataWriter::GetVarInt62Len(frame.stream_id) + |
| QuicDataWriter::GetVarInt62Len(frame.ietf_error_code); |
| } |
| |
| // static |
| size_t QuicFramer::GetAckFrequencyFrameSize( |
| const QuicAckFrequencyFrame& frame) { |
| return QuicDataWriter::GetVarInt62Len(IETF_ACK_FREQUENCY) + |
| QuicDataWriter::GetVarInt62Len(frame.sequence_number) + |
| QuicDataWriter::GetVarInt62Len(frame.packet_tolerance) + |
| QuicDataWriter::GetVarInt62Len(frame.max_ack_delay.ToMicroseconds()) + |
| // One byte for encoding boolean |
| 1; |
| } |
| |
| // static |
| size_t QuicFramer::GetPathChallengeFrameSize( |
| const QuicPathChallengeFrame& frame) { |
| return kQuicFrameTypeSize + sizeof(frame.data_buffer); |
| } |
| |
| // static |
| size_t QuicFramer::GetPathResponseFrameSize( |
| const QuicPathResponseFrame& frame) { |
| return kQuicFrameTypeSize + sizeof(frame.data_buffer); |
| } |
| |
| // static |
| size_t QuicFramer::GetRetransmittableControlFrameSize( |
| QuicTransportVersion version, |
| const QuicFrame& frame) { |
| switch (frame.type) { |
| case PING_FRAME: |
| // Ping has no payload. |
| return kQuicFrameTypeSize; |
| case RST_STREAM_FRAME: |
| return GetRstStreamFrameSize(version, *frame.rst_stream_frame); |
| case CONNECTION_CLOSE_FRAME: |
| return GetConnectionCloseFrameSize(version, |
| *frame.connection_close_frame); |
| case GOAWAY_FRAME: |
| return GetMinGoAwayFrameSize() + |
| TruncatedErrorStringSize(frame.goaway_frame->reason_phrase); |
| case WINDOW_UPDATE_FRAME: |
| // For IETF QUIC, this could be either a MAX DATA or MAX STREAM DATA. |
| // GetWindowUpdateFrameSize figures this out and returns the correct |
| // length. |
| return GetWindowUpdateFrameSize(version, *frame.window_update_frame); |
| case BLOCKED_FRAME: |
| return GetBlockedFrameSize(version, *frame.blocked_frame); |
| case NEW_CONNECTION_ID_FRAME: |
| return GetNewConnectionIdFrameSize(*frame.new_connection_id_frame); |
| case RETIRE_CONNECTION_ID_FRAME: |
| return GetRetireConnectionIdFrameSize(*frame.retire_connection_id_frame); |
| case NEW_TOKEN_FRAME: |
| return GetNewTokenFrameSize(*frame.new_token_frame); |
| case MAX_STREAMS_FRAME: |
| return GetMaxStreamsFrameSize(version, frame.max_streams_frame); |
| case STREAMS_BLOCKED_FRAME: |
| return GetStreamsBlockedFrameSize(version, frame.streams_blocked_frame); |
| case PATH_RESPONSE_FRAME: |
| return GetPathResponseFrameSize(*frame.path_response_frame); |
| case PATH_CHALLENGE_FRAME: |
| return GetPathChallengeFrameSize(*frame.path_challenge_frame); |
| case STOP_SENDING_FRAME: |
| return GetStopSendingFrameSize(*frame.stop_sending_frame); |
| case HANDSHAKE_DONE_FRAME: |
| // HANDSHAKE_DONE has no payload. |
| return kQuicFrameTypeSize; |
| case ACK_FREQUENCY_FRAME: |
| return GetAckFrequencyFrameSize(*frame.ack_frequency_frame); |
| case STREAM_FRAME: |
| case ACK_FRAME: |
| case STOP_WAITING_FRAME: |
| case MTU_DISCOVERY_FRAME: |
| case PADDING_FRAME: |
| case MESSAGE_FRAME: |
| case CRYPTO_FRAME: |
| case NUM_FRAME_TYPES: |
| QUICHE_DCHECK(false); |
| return 0; |
| } |
| |
| // Not reachable, but some Chrome compilers can't figure that out. *sigh* |
| QUICHE_DCHECK(false); |
| return 0; |
| } |
| |
| // static |
| size_t QuicFramer::GetStreamIdSize(QuicStreamId stream_id) { |
| // Sizes are 1 through 4 bytes. |
| for (int i = 1; i <= 4; ++i) { |
| stream_id >>= 8; |
| if (stream_id == 0) { |
| return i; |
| } |
| } |
| QUIC_BUG(quic_bug_10850_11) << "Failed to determine StreamIDSize."; |
| return 4; |
| } |
| |
| // static |
| size_t QuicFramer::GetStreamOffsetSize(QuicStreamOffset offset) { |
| // 0 is a special case. |
| if (offset == 0) { |
| return 0; |
| } |
| // 2 through 8 are the remaining sizes. |
| offset >>= 8; |
| for (int i = 2; i <= 8; ++i) { |
| offset >>= 8; |
| if (offset == 0) { |
| return i; |
| } |
| } |
| QUIC_BUG(quic_bug_10850_12) << "Failed to determine StreamOffsetSize."; |
| return 8; |
| } |
| |
| // static |
| size_t QuicFramer::GetNewConnectionIdFrameSize( |
| const QuicNewConnectionIdFrame& frame) { |
| return kQuicFrameTypeSize + |
| QuicDataWriter::GetVarInt62Len(frame.sequence_number) + |
| QuicDataWriter::GetVarInt62Len(frame.retire_prior_to) + |
| kConnectionIdLengthSize + frame.connection_id.length() + |
| sizeof(frame.stateless_reset_token); |
| } |
| |
| // static |
| size_t QuicFramer::GetRetireConnectionIdFrameSize( |
| const QuicRetireConnectionIdFrame& frame) { |
| return kQuicFrameTypeSize + |
| QuicDataWriter::GetVarInt62Len(frame.sequence_number); |
| } |
| |
| // static |
| size_t QuicFramer::GetNewTokenFrameSize(const QuicNewTokenFrame& frame) { |
| return kQuicFrameTypeSize + |
| QuicDataWriter::GetVarInt62Len(frame.token.length()) + |
| frame.token.length(); |
| } |
| |
| // TODO(nharper): Change this method to take a ParsedQuicVersion. |
| bool QuicFramer::IsSupportedTransportVersion( |
| const QuicTransportVersion version) const { |
| for (const ParsedQuicVersion& supported_version : supported_versions_) { |
| if (version == supported_version.transport_version) { |
| return true; |
| } |
| } |
| return false; |
| } |
| |
| bool QuicFramer::IsSupportedVersion(const ParsedQuicVersion version) const { |
| for (const ParsedQuicVersion& supported_version : supported_versions_) { |
| if (version == supported_version) { |
| return true; |
| } |
| } |
| return false; |
| } |
| |
| size_t QuicFramer::GetSerializedFrameLength( |
| const QuicFrame& frame, |
| size_t free_bytes, |
| bool first_frame, |
| bool last_frame, |
| QuicPacketNumberLength packet_number_length) { |
| // Prevent a rare crash reported in b/19458523. |
| if (frame.type == ACK_FRAME && frame.ack_frame == nullptr) { |
| QUIC_BUG(quic_bug_10850_13) |
| << "Cannot compute the length of a null ack frame. free_bytes:" |
| << free_bytes << " first_frame:" << first_frame |
| << " last_frame:" << last_frame |
| << " seq num length:" << packet_number_length; |
| set_error(QUIC_INTERNAL_ERROR); |
| visitor_->OnError(this); |
| return 0; |
| } |
| if (frame.type == PADDING_FRAME) { |
| if (frame.padding_frame.num_padding_bytes == -1) { |
| // Full padding to the end of the packet. |
| return free_bytes; |
| } else { |
| // Lite padding. |
| return free_bytes < |
| static_cast<size_t>(frame.padding_frame.num_padding_bytes) |
| ? free_bytes |
| : frame.padding_frame.num_padding_bytes; |
| } |
| } |
| |
| size_t frame_len = |
| ComputeFrameLength(frame, last_frame, packet_number_length); |
| if (frame_len <= free_bytes) { |
| // Frame fits within packet. Note that acks may be truncated. |
| return frame_len; |
| } |
| // Only truncate the first frame in a packet, so if subsequent ones go |
| // over, stop including more frames. |
| if (!first_frame) { |
| return 0; |
| } |
| bool can_truncate = |
| frame.type == ACK_FRAME && |
| free_bytes >= GetMinAckFrameSize(version_.transport_version, |
| *frame.ack_frame, |
| local_ack_delay_exponent_); |
| if (can_truncate) { |
| // Truncate the frame so the packet will not exceed kMaxOutgoingPacketSize. |
| // Note that we may not use every byte of the writer in this case. |
| QUIC_DLOG(INFO) << ENDPOINT |
| << "Truncating large frame, free bytes: " << free_bytes; |
| return free_bytes; |
| } |
| return 0; |
| } |
| |
| QuicFramer::AckFrameInfo::AckFrameInfo() |
| : max_block_length(0), first_block_length(0), num_ack_blocks(0) {} |
| |
| QuicFramer::AckFrameInfo::AckFrameInfo(const AckFrameInfo& other) = default; |
| |
| QuicFramer::AckFrameInfo::~AckFrameInfo() {} |
| |
| bool QuicFramer::WriteIetfLongHeaderLength(const QuicPacketHeader& header, |
| QuicDataWriter* writer, |
| size_t length_field_offset, |
| EncryptionLevel level) { |
| if (!QuicVersionHasLongHeaderLengths(transport_version()) || |
| !header.version_flag || length_field_offset == 0) { |
| return true; |
| } |
| if (writer->length() < length_field_offset || |
| writer->length() - length_field_offset < |
| kQuicDefaultLongHeaderLengthLength) { |
| set_detailed_error("Invalid length_field_offset."); |
| QUIC_BUG(quic_bug_10850_14) << "Invalid length_field_offset."; |
| return false; |
| } |
| size_t length_to_write = writer->length() - length_field_offset - |
| kQuicDefaultLongHeaderLengthLength; |
| // Add length of auth tag. |
| length_to_write = GetCiphertextSize(level, length_to_write); |
| |
| QuicDataWriter length_writer(writer->length() - length_field_offset, |
| writer->data() + length_field_offset); |
| if (!length_writer.WriteVarInt62(length_to_write, |
| kQuicDefaultLongHeaderLengthLength)) { |
| set_detailed_error("Failed to overwrite long header length."); |
| QUIC_BUG(quic_bug_10850_15) << "Failed to overwrite long header length."; |
| return false; |
| } |
| return true; |
| } |
| |
| size_t QuicFramer::BuildDataPacket(const QuicPacketHeader& header, |
| const QuicFrames& frames, |
| char* buffer, |
| size_t packet_length, |
| EncryptionLevel level) { |
| QUIC_BUG_IF(quic_bug_12975_2, |
| header.version_flag && version().HasIetfInvariantHeader() && |
| header.long_packet_type == RETRY && !frames.empty()) |
| << "IETF RETRY packets cannot contain frames " << header; |
| QuicDataWriter writer(packet_length, buffer); |
| size_t length_field_offset = 0; |
| if (!AppendPacketHeader(header, &writer, &length_field_offset)) { |
| QUIC_BUG(quic_bug_10850_16) << "AppendPacketHeader failed"; |
| return 0; |
| } |
| |
| if (VersionHasIetfQuicFrames(transport_version())) { |
| if (AppendIetfFrames(frames, &writer) == 0) { |
| return 0; |
| } |
| if (!WriteIetfLongHeaderLength(header, &writer, length_field_offset, |
| level)) { |
| return 0; |
| } |
| return writer.length(); |
| } |
| |
| size_t i = 0; |
| for (const QuicFrame& frame : frames) { |
| // Determine if we should write stream frame length in header. |
| const bool last_frame_in_packet = i == frames.size() - 1; |
| if (!AppendTypeByte(frame, last_frame_in_packet, &writer)) { |
| QUIC_BUG(quic_bug_10850_17) << "AppendTypeByte failed"; |
| return 0; |
| } |
| |
| switch (frame.type) { |
| case PADDING_FRAME: |
| if (!AppendPaddingFrame(frame.padding_frame, &writer)) { |
| QUIC_BUG(quic_bug_10850_18) |
| << "AppendPaddingFrame of " |
| << frame.padding_frame.num_padding_bytes << " failed"; |
| return 0; |
| } |
| break; |
| case STREAM_FRAME: |
| if (!AppendStreamFrame(frame.stream_frame, last_frame_in_packet, |
| &writer)) { |
| QUIC_BUG(quic_bug_10850_19) << "AppendStreamFrame failed"; |
| return 0; |
| } |
| break; |
| case ACK_FRAME: |
| if (!AppendAckFrameAndTypeByte(*frame.ack_frame, &writer)) { |
| QUIC_BUG(quic_bug_10850_20) |
| << "AppendAckFrameAndTypeByte failed: " << detailed_error_; |
| return 0; |
| } |
| break; |
| case STOP_WAITING_FRAME: |
| if (!AppendStopWaitingFrame(header, frame.stop_waiting_frame, |
| &writer)) { |
| QUIC_BUG(quic_bug_10850_21) << "AppendStopWaitingFrame failed"; |
| return 0; |
| } |
| break; |
| case MTU_DISCOVERY_FRAME: |
| // MTU discovery frames are serialized as ping frames. |
| ABSL_FALLTHROUGH_INTENDED; |
| case PING_FRAME: |
| // Ping has no payload. |
| break; |
| case RST_STREAM_FRAME: |
| if (!AppendRstStreamFrame(*frame.rst_stream_frame, &writer)) { |
| QUIC_BUG(quic_bug_10850_22) << "AppendRstStreamFrame failed"; |
| return 0; |
| } |
| break; |
| case CONNECTION_CLOSE_FRAME: |
| if (!AppendConnectionCloseFrame(*frame.connection_close_frame, |
| &writer)) { |
| QUIC_BUG(quic_bug_10850_23) << "AppendConnectionCloseFrame failed"; |
| return 0; |
| } |
| break; |
| case GOAWAY_FRAME: |
| if (!AppendGoAwayFrame(*frame.goaway_frame, &writer)) { |
| QUIC_BUG(quic_bug_10850_24) << "AppendGoAwayFrame failed"; |
| return 0; |
| } |
| break; |
| case WINDOW_UPDATE_FRAME: |
| if (!AppendWindowUpdateFrame(*frame.window_update_frame, &writer)) { |
| QUIC_BUG(quic_bug_10850_25) << "AppendWindowUpdateFrame failed"; |
| return 0; |
| } |
| break; |
| case BLOCKED_FRAME: |
| if (!AppendBlockedFrame(*frame.blocked_frame, &writer)) { |
| QUIC_BUG(quic_bug_10850_26) << "AppendBlockedFrame failed"; |
| return 0; |
| } |
| break; |
| case NEW_CONNECTION_ID_FRAME: |
| set_detailed_error( |
| "Attempt to append NEW_CONNECTION_ID frame and not in IETF QUIC."); |
| return RaiseError(QUIC_INTERNAL_ERROR); |
| case RETIRE_CONNECTION_ID_FRAME: |
| set_detailed_error( |
| "Attempt to append RETIRE_CONNECTION_ID frame and not in IETF " |
| "QUIC."); |
| return RaiseError(QUIC_INTERNAL_ERROR); |
| case NEW_TOKEN_FRAME: |
| set_detailed_error( |
| "Attempt to append NEW_TOKEN_ID frame and not in IETF QUIC."); |
| return RaiseError(QUIC_INTERNAL_ERROR); |
| case MAX_STREAMS_FRAME: |
| set_detailed_error( |
| "Attempt to append MAX_STREAMS frame and not in IETF QUIC."); |
| return RaiseError(QUIC_INTERNAL_ERROR); |
| case STREAMS_BLOCKED_FRAME: |
| set_detailed_error( |
| "Attempt to append STREAMS_BLOCKED frame and not in IETF QUIC."); |
| return RaiseError(QUIC_INTERNAL_ERROR); |
| case PATH_RESPONSE_FRAME: |
| set_detailed_error( |
| "Attempt to append PATH_RESPONSE frame and not in IETF QUIC."); |
| return RaiseError(QUIC_INTERNAL_ERROR); |
| case PATH_CHALLENGE_FRAME: |
| set_detailed_error( |
| "Attempt to append PATH_CHALLENGE frame and not in IETF QUIC."); |
| return RaiseError(QUIC_INTERNAL_ERROR); |
| case STOP_SENDING_FRAME: |
| set_detailed_error( |
| "Attempt to append STOP_SENDING frame and not in IETF QUIC."); |
| return RaiseError(QUIC_INTERNAL_ERROR); |
| case MESSAGE_FRAME: |
| if (!AppendMessageFrameAndTypeByte(*frame.message_frame, |
| last_frame_in_packet, &writer)) { |
| QUIC_BUG(quic_bug_10850_27) << "AppendMessageFrame failed"; |
| return 0; |
| } |
| break; |
| case CRYPTO_FRAME: |
| if (!QuicVersionUsesCryptoFrames(version_.transport_version)) { |
| set_detailed_error( |
| "Attempt to append CRYPTO frame in version prior to 47."); |
| return RaiseError(QUIC_INTERNAL_ERROR); |
| } |
| if (!AppendCryptoFrame(*frame.crypto_frame, &writer)) { |
| QUIC_BUG(quic_bug_10850_28) << "AppendCryptoFrame failed"; |
| return 0; |
| } |
| break; |
| case HANDSHAKE_DONE_FRAME: |
| // HANDSHAKE_DONE has no payload. |
| break; |
| default: |
| RaiseError(QUIC_INVALID_FRAME_DATA); |
| QUIC_BUG(quic_bug_10850_29) << "QUIC_INVALID_FRAME_DATA"; |
| return 0; |
| } |
| ++i; |
| } |
| |
| if (!WriteIetfLongHeaderLength(header, &writer, length_field_offset, level)) { |
| return 0; |
| } |
| |
| return writer.length(); |
| } |
| |
| size_t QuicFramer::AppendIetfFrames(const QuicFrames& frames, |
| QuicDataWriter* writer) { |
| size_t i = 0; |
| for (const QuicFrame& frame : frames) { |
| // Determine if we should write stream frame length in header. |
| const bool last_frame_in_packet = i == frames.size() - 1; |
| if (!AppendIetfFrameType(frame, last_frame_in_packet, writer)) { |
| QUIC_BUG(quic_bug_10850_30) |
| << "AppendIetfFrameType failed: " << detailed_error(); |
| return 0; |
| } |
| |
| switch (frame.type) { |
| case PADDING_FRAME: |
| if (!AppendPaddingFrame(frame.padding_frame, writer)) { |
| QUIC_BUG(quic_bug_10850_31) << "AppendPaddingFrame of " |
| << frame.padding_frame.num_padding_bytes |
| << " failed: " << detailed_error(); |
| return 0; |
| } |
| break; |
| case STREAM_FRAME: |
| if (!AppendStreamFrame(frame.stream_frame, last_frame_in_packet, |
| writer)) { |
| QUIC_BUG(quic_bug_10850_32) |
| << "AppendStreamFrame " << frame.stream_frame |
| << " failed: " << detailed_error(); |
| return 0; |
| } |
| break; |
| case ACK_FRAME: |
| if (!AppendIetfAckFrameAndTypeByte(*frame.ack_frame, writer)) { |
| QUIC_BUG(quic_bug_10850_33) |
| << "AppendIetfAckFrameAndTypeByte failed: " << detailed_error(); |
| return 0; |
| } |
| break; |
| case STOP_WAITING_FRAME: |
| set_detailed_error( |
| "Attempt to append STOP WAITING frame in IETF QUIC."); |
| RaiseError(QUIC_INTERNAL_ERROR); |
| QUIC_BUG(quic_bug_10850_34) << detailed_error(); |
| return 0; |
| case MTU_DISCOVERY_FRAME: |
| // MTU discovery frames are serialized as ping frames. |
| ABSL_FALLTHROUGH_INTENDED; |
| case PING_FRAME: |
| // Ping has no payload. |
| break; |
| case RST_STREAM_FRAME: |
| if (!AppendRstStreamFrame(*frame.rst_stream_frame, writer)) { |
| QUIC_BUG(quic_bug_10850_35) |
| << "AppendRstStreamFrame failed: " << detailed_error(); |
| return 0; |
| } |
| break; |
| case CONNECTION_CLOSE_FRAME: |
| if (!AppendIetfConnectionCloseFrame(*frame.connection_close_frame, |
| writer)) { |
| QUIC_BUG(quic_bug_10850_36) |
| << "AppendIetfConnectionCloseFrame failed: " << detailed_error(); |
| return 0; |
| } |
| break; |
| case GOAWAY_FRAME: |
| set_detailed_error("Attempt to append GOAWAY frame in IETF QUIC."); |
| RaiseError(QUIC_INTERNAL_ERROR); |
| QUIC_BUG(quic_bug_10850_37) << detailed_error(); |
| return 0; |
| case WINDOW_UPDATE_FRAME: |
| // Depending on whether there is a stream ID or not, will be either a |
| // MAX STREAM DATA frame or a MAX DATA frame. |
| if (frame.window_update_frame->stream_id == |
| QuicUtils::GetInvalidStreamId(transport_version())) { |
| if (!AppendMaxDataFrame(*frame.window_update_frame, writer)) { |
| QUIC_BUG(quic_bug_10850_38) |
| << "AppendMaxDataFrame failed: " << detailed_error(); |
| return 0; |
| } |
| } else { |
| if (!AppendMaxStreamDataFrame(*frame.window_update_frame, writer)) { |
| QUIC_BUG(quic_bug_10850_39) |
| << "AppendMaxStreamDataFrame failed: " << detailed_error(); |
| return 0; |
| } |
| } |
| break; |
| case BLOCKED_FRAME: |
| if (!AppendBlockedFrame(*frame.blocked_frame, writer)) { |
| QUIC_BUG(quic_bug_10850_40) |
| << "AppendBlockedFrame failed: " << detailed_error(); |
| return 0; |
| } |
| break; |
| case MAX_STREAMS_FRAME: |
| if (!AppendMaxStreamsFrame(frame.max_streams_frame, writer)) { |
| QUIC_BUG(quic_bug_10850_41) |
| << "AppendMaxStreamsFrame failed: " << detailed_error(); |
| return 0; |
| } |
| break; |
| case STREAMS_BLOCKED_FRAME: |
| if (!AppendStreamsBlockedFrame(frame.streams_blocked_frame, writer)) { |
| QUIC_BUG(quic_bug_10850_42) |
| << "AppendStreamsBlockedFrame failed: " << detailed_error(); |
| return 0; |
| } |
| break; |
| case NEW_CONNECTION_ID_FRAME: |
| if (!AppendNewConnectionIdFrame(*frame.new_connection_id_frame, |
| writer)) { |
| QUIC_BUG(quic_bug_10850_43) |
| << "AppendNewConnectionIdFrame failed: " << detailed_error(); |
| return 0; |
| } |
| break; |
| case RETIRE_CONNECTION_ID_FRAME: |
| if (!AppendRetireConnectionIdFrame(*frame.retire_connection_id_frame, |
| writer)) { |
| QUIC_BUG(quic_bug_10850_44) |
| << "AppendRetireConnectionIdFrame failed: " << detailed_error(); |
| return 0; |
| } |
| break; |
| case NEW_TOKEN_FRAME: |
| if (!AppendNewTokenFrame(*frame.new_token_frame, writer)) { |
| QUIC_BUG(quic_bug_10850_45) |
| << "AppendNewTokenFrame failed: " << detailed_error(); |
| return 0; |
| } |
| break; |
| case STOP_SENDING_FRAME: |
| if (!AppendStopSendingFrame(*frame.stop_sending_frame, writer)) { |
| QUIC_BUG(quic_bug_10850_46) |
| << "AppendStopSendingFrame failed: " << detailed_error(); |
| return 0; |
| } |
| break; |
| case PATH_CHALLENGE_FRAME: |
| if (!AppendPathChallengeFrame(*frame.path_challenge_frame, writer)) { |
| QUIC_BUG(quic_bug_10850_47) |
| << "AppendPathChallengeFrame failed: " << detailed_error(); |
| return 0; |
| } |
| break; |
| case PATH_RESPONSE_FRAME: |
| if (!AppendPathResponseFrame(*frame.path_response_frame, writer)) { |
| QUIC_BUG(quic_bug_10850_48) |
| << "AppendPathResponseFrame failed: " << detailed_error(); |
| return 0; |
| } |
| break; |
| case MESSAGE_FRAME: |
| if (!AppendMessageFrameAndTypeByte(*frame.message_frame, |
| last_frame_in_packet, writer)) { |
| QUIC_BUG(quic_bug_10850_49) |
| << "AppendMessageFrame failed: " << detailed_error(); |
| return 0; |
| } |
| break; |
| case CRYPTO_FRAME: |
| if (!AppendCryptoFrame(*frame.crypto_frame, writer)) { |
| QUIC_BUG(quic_bug_10850_50) |
| << "AppendCryptoFrame failed: " << detailed_error(); |
| return 0; |
| } |
| break; |
| case HANDSHAKE_DONE_FRAME: |
| // HANDSHAKE_DONE has no payload. |
| break; |
| case ACK_FREQUENCY_FRAME: |
| if (!AppendAckFrequencyFrame(*frame.ack_frequency_frame, writer)) { |
| QUIC_BUG(quic_bug_10850_51) |
| << "AppendAckFrequencyFrame failed: " << detailed_error(); |
| return 0; |
| } |
| break; |
| default: |
| set_detailed_error("Tried to append unknown frame type."); |
| RaiseError(QUIC_INVALID_FRAME_DATA); |
| QUIC_BUG(quic_bug_10850_52) |
| << "QUIC_INVALID_FRAME_DATA: " << frame.type; |
| return 0; |
| } |
| ++i; |
| } |
| |
| return writer->length(); |
| } |
| |
| // static |
| std::unique_ptr<QuicEncryptedPacket> QuicFramer::BuildPublicResetPacket( |
| const QuicPublicResetPacket& packet) { |
| CryptoHandshakeMessage reset; |
| reset.set_tag(kPRST); |
| reset.SetValue(kRNON, packet.nonce_proof); |
| if (packet.client_address.host().address_family() != |
| IpAddressFamily::IP_UNSPEC) { |
| // packet.client_address is non-empty. |
| QuicSocketAddressCoder address_coder(packet.client_address); |
| std::string serialized_address = address_coder.Encode(); |
| if (serialized_address.empty()) { |
| return nullptr; |
| } |
| reset.SetStringPiece(kCADR, serialized_address); |
| } |
| if (!packet.endpoint_id.empty()) { |
| reset.SetStringPiece(kEPID, packet.endpoint_id); |
| } |
| const QuicData& reset_serialized = reset.GetSerialized(); |
| |
| size_t len = kPublicFlagsSize + packet.connection_id.length() + |
| reset_serialized.length(); |
| std::unique_ptr<char[]> buffer(new char[len]); |
| QuicDataWriter writer(len, buffer.get()); |
| |
| uint8_t flags = static_cast<uint8_t>(PACKET_PUBLIC_FLAGS_RST | |
| PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID); |
| // This hack makes post-v33 public reset packet look like pre-v33 packets. |
| flags |= static_cast<uint8_t>(PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID_OLD); |
| if (!writer.WriteUInt8(flags)) { |
| return nullptr; |
| } |
| |
| if (!writer.WriteConnectionId(packet.connection_id)) { |
| return nullptr; |
| } |
| |
| if (!writer.WriteBytes(reset_serialized.data(), reset_serialized.length())) { |
| return nullptr; |
| } |
| |
| return std::make_unique<QuicEncryptedPacket>(buffer.release(), len, true); |
| } |
| |
| // static |
| size_t QuicFramer::GetMinStatelessResetPacketLength() { |
| // 5 bytes (40 bits) = 2 Fixed Bits (01) + 38 Unpredictable bits |
| return 5 + kStatelessResetTokenLength; |
| } |
| |
| // static |
| std::unique_ptr<QuicEncryptedPacket> QuicFramer::BuildIetfStatelessResetPacket( |
| QuicConnectionId /*connection_id*/, |
| size_t received_packet_length, |
| StatelessResetToken stateless_reset_token) { |
| QUIC_DVLOG(1) << "Building IETF stateless reset packet."; |
| if (GetQuicRestartFlag(quic_fix_stateless_reset2)) { |
| if (received_packet_length <= GetMinStatelessResetPacketLength()) { |
| QUICHE_DLOG(ERROR) |
| << "Tried to build stateless reset packet with received packet " |
| "length " |
| << received_packet_length; |
| return nullptr; |
| } |
| // To ensure stateless reset is indistinguishable from a valid packet, |
| // include the max connection ID length. |
| size_t len = std::min(received_packet_length - 1, |
| GetMinStatelessResetPacketLength() + 1 + |
| kQuicMaxConnectionIdWithLengthPrefixLength); |
| std::unique_ptr<char[]> buffer(new char[len]); |
| QuicDataWriter writer(len, buffer.get()); |
| // Append random bytes. This randomness only exists to prevent middleboxes |
| // from comparing the entire packet to a known value. Therefore it has no |
| // cryptographic use, and does not need a secure cryptographic pseudo-random |
| // number generator. It's therefore safe to use WriteInsecureRandomBytes. |
| if (!writer.WriteInsecureRandomBytes(QuicRandom::GetInstance(), |
| len - kStatelessResetTokenLength)) { |
| QUIC_BUG(362045737_2) << "Failed to append random bytes of length: " |
| << len - kStatelessResetTokenLength; |
| return nullptr; |
| } |
| // Change first 2 fixed bits to 01. |
| buffer[0] &= ~FLAGS_LONG_HEADER; |
| buffer[0] |= FLAGS_FIXED_BIT; |
| |
| // Append stateless reset token. |
| if (!writer.WriteBytes(&stateless_reset_token, |
| sizeof(stateless_reset_token))) { |
| QUIC_BUG(362045737_3) << "Failed to write stateless reset token"; |
| return nullptr; |
| } |
| QUIC_RESTART_FLAG_COUNT(quic_fix_stateless_reset2); |
| return std::make_unique<QuicEncryptedPacket>(buffer.release(), len, |
| /*owns_buffer=*/true); |
| } |
| |
| size_t len = kPacketHeaderTypeSize + kMinRandomBytesLengthInStatelessReset + |
| sizeof(stateless_reset_token); |
| std::unique_ptr<char[]> buffer(new char[len]); |
| QuicDataWriter writer(len, buffer.get()); |
| |
| uint8_t type = 0; |
| type |= FLAGS_FIXED_BIT; |
| type |= FLAGS_SHORT_HEADER_RESERVED_1; |
| type |= FLAGS_SHORT_HEADER_RESERVED_2; |
| type |= PacketNumberLengthToOnWireValue(PACKET_1BYTE_PACKET_NUMBER); |
| |
| // Append type byte. |
| if (!writer.WriteUInt8(type)) { |
| return nullptr; |
| } |
| |
| // Append random bytes. This randomness only exists to prevent middleboxes |
| // from comparing the entire packet to a known value. Therefore it has no |
| // cryptographic use, and does not need a secure cryptographic pseudo-random |
| // number generator. It's therefore safe to use WriteInsecureRandomBytes. |
| if (!writer.WriteInsecureRandomBytes(QuicRandom::GetInstance(), |
| kMinRandomBytesLengthInStatelessReset)) { |
| return nullptr; |
| } |
| |
| // Append stateless reset token. |
| if (!writer.WriteBytes(&stateless_reset_token, |
| sizeof(stateless_reset_token))) { |
| return nullptr; |
| } |
| return std::make_unique<QuicEncryptedPacket>(buffer.release(), len, true); |
| } |
| |
| // static |
| std::unique_ptr<QuicEncryptedPacket> QuicFramer::BuildVersionNegotiationPacket( |
| QuicConnectionId server_connection_id, |
| QuicConnectionId client_connection_id, |
| bool ietf_quic, |
| bool use_length_prefix, |
| const ParsedQuicVersionVector& versions) { |
| QUIC_CODE_COUNT(quic_build_version_negotiation); |
| if (use_length_prefix) { |
| QUICHE_DCHECK(ietf_quic); |
| QUIC_CODE_COUNT(quic_build_version_negotiation_ietf); |
| } else if (ietf_quic) { |
| QUIC_CODE_COUNT(quic_build_version_negotiation_old_ietf); |
| } else { |
| QUIC_CODE_COUNT(quic_build_version_negotiation_old_gquic); |
| } |
| ParsedQuicVersionVector wire_versions = versions; |
| // Add a version reserved for negotiation as suggested by the |
| // "Using Reserved Versions" section of draft-ietf-quic-transport. |
| if (wire_versions.empty()) { |
| // Ensure that version negotiation packets we send have at least two |
| // versions. This guarantees that, under all circumstances, all QUIC |
| // packets we send are at least 14 bytes long. |
| wire_versions = {QuicVersionReservedForNegotiation(), |
| QuicVersionReservedForNegotiation()}; |
| } else { |
| // This is not uniformely distributed but is acceptable since no security |
| // depends on this randomness. |
| size_t version_index = 0; |
| const bool disable_randomness = |
| GetQuicFlag(FLAGS_quic_disable_version_negotiation_grease_randomness); |
| if (!disable_randomness) { |
| version_index = |
| QuicRandom::GetInstance()->RandUint64() % (wire_versions.size() + 1); |
| } |
| wire_versions.insert(wire_versions.begin() + version_index, |
| QuicVersionReservedForNegotiation()); |
| } |
| if (ietf_quic) { |
| return BuildIetfVersionNegotiationPacket( |
| use_length_prefix, server_connection_id, client_connection_id, |
| wire_versions); |
| } |
| |
| // The GQUIC encoding does not support encoding client connection IDs. |
| QUICHE_DCHECK(client_connection_id.IsEmpty()); |
| // The GQUIC encoding does not support length-prefixed connection IDs. |
| QUICHE_DCHECK(!use_length_prefix); |
| |
| QUICHE_DCHECK(!wire_versions.empty()); |
| size_t len = kPublicFlagsSize + server_connection_id.length() + |
| wire_versions.size() * kQuicVersionSize; |
| std::unique_ptr<char[]> buffer(new char[len]); |
| QuicDataWriter writer(len, buffer.get()); |
| |
| uint8_t flags = static_cast<uint8_t>( |
| PACKET_PUBLIC_FLAGS_VERSION | PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID | |
| PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID_OLD); |
| if (!writer.WriteUInt8(flags)) { |
| return nullptr; |
| } |
| |
| if (!writer.WriteConnectionId(server_connection_id)) { |
| return nullptr; |
| } |
| |
| for (const ParsedQuicVersion& version : wire_versions) { |
| if (!writer.WriteUInt32(CreateQuicVersionLabel(version))) { |
| return nullptr; |
| } |
| } |
| |
| return std::make_unique<QuicEncryptedPacket>(buffer.release(), len, true); |
| } |
| |
| // static |
| std::unique_ptr<QuicEncryptedPacket> |
| QuicFramer::BuildIetfVersionNegotiationPacket( |
| bool use_length_prefix, |
| QuicConnectionId server_connection_id, |
| QuicConnectionId client_connection_id, |
| const ParsedQuicVersionVector& versions) { |
| QUIC_DVLOG(1) << "Building IETF version negotiation packet with" |
| << (use_length_prefix ? "" : "out") |
| << " length prefix, server_connection_id " |
| << server_connection_id << " client_connection_id " |
| << client_connection_id << " versions " |
| << ParsedQuicVersionVectorToString(versions); |
| QUICHE_DCHECK(!versions.empty()); |
| size_t len = kPacketHeaderTypeSize + kConnectionIdLengthSize + |
| client_connection_id.length() + server_connection_id.length() + |
| (versions.size() + 1) * kQuicVersionSize; |
| if (use_length_prefix) { |
| // When using length-prefixed connection IDs, packets carry two lengths |
| // instead of one. |
| len += kConnectionIdLengthSize; |
| } |
| std::unique_ptr<char[]> buffer(new char[len]); |
| QuicDataWriter writer(len, buffer.get()); |
| |
| // TODO(fayang): Randomly select a value for the type. |
| uint8_t type = static_cast<uint8_t>(FLAGS_LONG_HEADER | FLAGS_FIXED_BIT); |
| if (!writer.WriteUInt8(type)) { |
| return nullptr; |
| } |
| |
| if (!writer.WriteUInt32(0)) { |
| return nullptr; |
| } |
| |
| if (!AppendIetfConnectionIds(true, use_length_prefix, client_connection_id, |
| server_connection_id, &writer)) { |
| return nullptr; |
| } |
| |
| for (const ParsedQuicVersion& version : versions) { |
| if (!writer.WriteUInt32(CreateQuicVersionLabel(version))) { |
| return nullptr; |
| } |
| } |
| |
| return std::make_unique<QuicEncryptedPacket>(buffer.release(), len, true); |
| } |
| |
| bool QuicFramer::ProcessPacket(const QuicEncryptedPacket& packet) { |
| QUICHE_DCHECK(!is_processing_packet_) << ENDPOINT << "Nested ProcessPacket"; |
| is_processing_packet_ = true; |
| bool result = ProcessPacketInternal(packet); |
| is_processing_packet_ = false; |
| return result; |
| } |
| |
| bool QuicFramer::ProcessPacketInternal(const QuicEncryptedPacket& packet) { |
| QuicDataReader reader(packet.data(), packet.length()); |
| |
| bool packet_has_ietf_packet_header = false; |
| if (infer_packet_header_type_from_version_) { |
| packet_has_ietf_packet_header = version_.HasIetfInvariantHeader(); |
| } else if (!reader.IsDoneReading()) { |
| uint8_t type = reader.PeekByte(); |
| packet_has_ietf_packet_header = QuicUtils::IsIetfPacketHeader(type); |
| } |
| if (packet_has_ietf_packet_header) { |
| QUIC_DVLOG(1) << ENDPOINT << "Processing IETF QUIC packet."; |
| } |
| |
| visitor_->OnPacket(); |
| |
| QuicPacketHeader header; |
| if (!ProcessPublicHeader(&reader, packet_has_ietf_packet_header, &header)) { |
| QUICHE_DCHECK_NE("", detailed_error_); |
| QUIC_DVLOG(1) << ENDPOINT << "Unable to process public header. Error: " |
| << detailed_error_; |
| QUICHE_DCHECK_NE("", detailed_error_); |
| RecordDroppedPacketReason(DroppedPacketReason::INVALID_PUBLIC_HEADER); |
| return RaiseError(QUIC_INVALID_PACKET_HEADER); |
| } |
| |
| if (!visitor_->OnUnauthenticatedPublicHeader(header)) { |
| // The visitor suppresses further processing of the packet. |
| return true; |
| } |
| |
| if (IsVersionNegotiation(header, packet_has_ietf_packet_header)) { |
| if (perspective_ == Perspective::IS_CLIENT) { |
| QUIC_DVLOG(1) << "Client received version negotiation packet"; |
| return ProcessVersionNegotiationPacket(&reader, header); |
| } else { |
| QUIC_DLOG(ERROR) << "Server received version negotiation packet"; |
| set_detailed_error("Server received version negotiation packet."); |
| return RaiseError(QUIC_INVALID_VERSION_NEGOTIATION_PACKET); |
| } |
| } |
| |
| if (header.version_flag && header.version != version_) { |
| if (perspective_ == Perspective::IS_SERVER) { |
| if (!visitor_->OnProtocolVersionMismatch(header.version)) { |
| RecordDroppedPacketReason(DroppedPacketReason::VERSION_MISMATCH); |
| return true; |
| } |
| } else { |
| // A client received a packet of a different version but that packet is |
| // not a version negotiation packet. It is therefore invalid and dropped. |
| QUIC_DLOG(ERROR) << "Client received unexpected version " |
| << ParsedQuicVersionToString(header.version) |
| << " instead of " << ParsedQuicVersionToString(version_); |
| set_detailed_error("Client received unexpected version."); |
| return RaiseError(QUIC_INVALID_VERSION); |
| } |
| } |
| |
| bool rv; |
| if (header.long_packet_type == RETRY) { |
| rv = ProcessRetryPacket(&reader, header); |
| } else if (header.reset_flag) { |
| rv = ProcessPublicResetPacket(&reader, header); |
| } else if (packet.length() <= kMaxIncomingPacketSize) { |
| // The optimized decryption algorithm implementations run faster when |
| // operating on aligned memory. |
| ABSL_CACHELINE_ALIGNED char buffer[kMaxIncomingPacketSize]; |
| if (packet_has_ietf_packet_header) { |
| rv = ProcessIetfDataPacket(&reader, &header, packet, buffer, |
| ABSL_ARRAYSIZE(buffer)); |
| } else { |
| rv = ProcessDataPacket(&reader, &header, packet, buffer, |
| ABSL_ARRAYSIZE(buffer)); |
| } |
| } else { |
| std::unique_ptr<char[]> large_buffer(new char[packet.length()]); |
| if (packet_has_ietf_packet_header) { |
| rv = ProcessIetfDataPacket(&reader, &header, packet, large_buffer.get(), |
| packet.length()); |
| } else { |
| rv = ProcessDataPacket(&reader, &header, packet, large_buffer.get(), |
| packet.length()); |
| } |
| QUIC_BUG_IF(quic_bug_10850_53, rv) |
| << "QUIC should never successfully process packets larger" |
| << "than kMaxIncomingPacketSize. packet size:" << packet.length(); |
| } |
| return rv; |
| } |
| |
| bool QuicFramer::ProcessVersionNegotiationPacket( |
| QuicDataReader* reader, |
| const QuicPacketHeader& header) { |
| QUICHE_DCHECK_EQ(Perspective::IS_CLIENT, perspective_); |
| |
| QuicVersionNegotiationPacket packet( |
| GetServerConnectionIdAsRecipient(header, perspective_)); |
| // Try reading at least once to raise error if the packet is invalid. |
| do { |
| QuicVersionLabel version_label; |
| if (!ProcessVersionLabel(reader, &version_label)) { |
| set_detailed_error("Unable to read supported version in negotiation."); |
| RecordDroppedPacketReason( |
| DroppedPacketReason::INVALID_VERSION_NEGOTIATION_PACKET); |
| return RaiseError(QUIC_INVALID_VERSION_NEGOTIATION_PACKET); |
| } |
| ParsedQuicVersion parsed_version = ParseQuicVersionLabel(version_label); |
| if (parsed_version != UnsupportedQuicVersion()) { |
| packet.versions.push_back(parsed_version); |
| } |
| } while (!reader->IsDoneReading()); |
| |
| QUIC_DLOG(INFO) << ENDPOINT << "parsed version negotiation: " |
| << ParsedQuicVersionVectorToString(packet.versions); |
| |
| visitor_->OnVersionNegotiationPacket(packet); |
| return true; |
| } |
| |
| bool QuicFramer::ProcessRetryPacket(QuicDataReader* reader, |
| const QuicPacketHeader& header) { |
| QUICHE_DCHECK_EQ(Perspective::IS_CLIENT, perspective_); |
| if (drop_incoming_retry_packets_) { |
| QUIC_DLOG(INFO) << "Ignoring received RETRY packet"; |
| return true; |
| } |
| |
| if (version_.UsesTls()) { |
| QUICHE_DCHECK(version_.HasLengthPrefixedConnectionIds()) << version_; |
| const size_t bytes_remaining = reader->BytesRemaining(); |
| if (bytes_remaining <= kRetryIntegrityTagLength) { |
| set_detailed_error("Retry packet too short to parse integrity tag."); |
| return false; |
| } |
| const size_t retry_token_length = |
| bytes_remaining - kRetryIntegrityTagLength; |
| QUICHE_DCHECK_GT(retry_token_length, 0u); |
| absl::string_view retry_token; |
| if (!reader->ReadStringPiece(&retry_token, retry_token_length)) { |
| set_detailed_error("Failed to read retry token."); |
| return false; |
| } |
| absl::string_view retry_without_tag = reader->PreviouslyReadPayload(); |
| absl::string_view integrity_tag = reader->ReadRemainingPayload(); |
| QUICHE_DCHECK_EQ(integrity_tag.length(), kRetryIntegrityTagLength); |
| visitor_->OnRetryPacket(EmptyQuicConnectionId(), |
| header.source_connection_id, retry_token, |
| integrity_tag, retry_without_tag); |
| return true; |
| } |
| |
| QuicConnectionId original_destination_connection_id; |
| if (version_.HasLengthPrefixedConnectionIds()) { |
| // Parse Original Destination Connection ID. |
| if (!reader->ReadLengthPrefixedConnectionId( |
| &original_destination_connection_id)) { |
| set_detailed_error("Unable to read Original Destination ConnectionId."); |
| return false; |
| } |
| } else { |
| // Parse Original Destination Connection ID Length. |
| uint8_t odcil = header.type_byte & 0xf; |
| if (odcil != 0) { |
| odcil += kConnectionIdLengthAdjustment; |
| } |
| |
| // Parse Original Destination Connection ID. |
| if (!reader->ReadConnectionId(&original_destination_connection_id, odcil)) { |
| set_detailed_error("Unable to read Original Destination ConnectionId."); |
| return false; |
| } |
| } |
| |
| if (!QuicUtils::IsConnectionIdValidForVersion( |
| original_destination_connection_id, transport_version())) { |
| set_detailed_error( |
| "Received Original Destination ConnectionId with invalid length."); |
| return false; |
| } |
| |
| absl::string_view retry_token = reader->ReadRemainingPayload(); |
| visitor_->OnRetryPacket(original_destination_connection_id, |
| header.source_connection_id, retry_token, |
| /*retry_integrity_tag=*/absl::string_view(), |
| /*retry_without_tag=*/absl::string_view()); |
| return true; |
| } |
| |
| // Seeks the current packet to check for a coalesced packet at the end. |
| // If the IETF length field only spans part of the outer packet, |
| // then there is a coalesced packet after this one. |
| void QuicFramer::MaybeProcessCoalescedPacket( |
| const QuicDataReader& encrypted_reader, |
| uint64_t remaining_bytes_length, |
| const QuicPacketHeader& header) { |
| if (header.remaining_packet_length >= remaining_bytes_length) { |
| // There is no coalesced packet. |
| return; |
| } |
| |
| absl::string_view remaining_data = encrypted_reader.PeekRemainingPayload(); |
| QUICHE_DCHECK_EQ(remaining_data.length(), remaining_bytes_length); |
| |
| const char* coalesced_data = |
| remaining_data.data() + header.remaining_packet_length; |
| uint64_t coalesced_data_length = |
| remaining_bytes_length - header.remaining_packet_length; |
| QuicDataReader coalesced_reader(coalesced_data, coalesced_data_length); |
| |
| QuicPacketHeader coalesced_header; |
| if (!ProcessIetfPacketHeader(&coalesced_reader, &coalesced_header)) { |
| // Some implementations pad their INITIAL packets by sending random invalid |
| // data after the INITIAL, and that is allowed by the specification. If we |
| // fail to parse a subsequent coalesced packet, simply ignore it. |
| QUIC_DLOG(INFO) << ENDPOINT |
| << "Failed to parse received coalesced header of length " |
| << coalesced_data_length |
| << " with error: " << detailed_error_ << ": " |
| << absl::BytesToHexString(absl::string_view( |
| coalesced_data, coalesced_data_length)) |
| << " previous header was " << header; |
| return; |
| } |
| |
| if (coalesced_header.destination_connection_id != |
| header.destination_connection_id) { |
| // Drop coalesced packets with mismatched connection IDs. |
| QUIC_DLOG(INFO) << ENDPOINT << "Received mismatched coalesced header " |
| << coalesced_header << " previous header was " << header; |
| QUIC_CODE_COUNT( |
| quic_received_coalesced_packets_with_mismatched_connection_id); |
| return; |
| } |
| |
| QuicEncryptedPacket coalesced_packet(coalesced_data, coalesced_data_length, |
| /*owns_buffer=*/false); |
| visitor_->OnCoalescedPacket(coalesced_packet); |
| } |
| |
| bool QuicFramer::MaybeProcessIetfLength(QuicDataReader* encrypted_reader, |
| QuicPacketHeader* header) { |
| if (!QuicVersionHasLongHeaderLengths(header->version.transport_version) || |
| header->form != IETF_QUIC_LONG_HEADER_PACKET || |
| (header->long_packet_type != INITIAL && |
| header->long_packet_type != HANDSHAKE && |
| header->long_packet_type != ZERO_RTT_PROTECTED)) { |
| return true; |
| } |
| header->length_length = encrypted_reader->PeekVarInt62Length(); |
| if (!encrypted_reader->ReadVarInt62(&header->remaining_packet_length)) { |
| set_detailed_error("Unable to read long header payload length."); |
| return RaiseError(QUIC_INVALID_PACKET_HEADER); |
| } |
| uint64_t remaining_bytes_length = encrypted_reader->BytesRemaining(); |
| if (header->remaining_packet_length > remaining_bytes_length) { |
| set_detailed_error("Long header payload length longer than packet."); |
| return RaiseError(QUIC_INVALID_PACKET_HEADER); |
| } |
| |
| MaybeProcessCoalescedPacket(*encrypted_reader, remaining_bytes_length, |
| *header); |
| |
| if (!encrypted_reader->TruncateRemaining(header->remaining_packet_length)) { |
| set_detailed_error("Length TruncateRemaining failed."); |
| QUIC_BUG(quic_bug_10850_54) << "Length TruncateRemaining failed."; |
| return RaiseError(QUIC_INVALID_PACKET_HEADER); |
| } |
| return true; |
| } |
| |
| bool QuicFramer::ProcessIetfDataPacket(QuicDataReader* encrypted_reader, |
| QuicPacketHeader* header, |
| const QuicEncryptedPacket& packet, |
| char* decrypted_buffer, |
| size_t buffer_length) { |
| QUICHE_DCHECK_NE(GOOGLE_QUIC_PACKET, header->form); |
| QUICHE_DCHECK(!header->has_possible_stateless_reset_token); |
| header->length_length = VARIABLE_LENGTH_INTEGER_LENGTH_0; |
| header->remaining_packet_length = 0; |
| if (header->form == IETF_QUIC_SHORT_HEADER_PACKET && |
| perspective_ == Perspective::IS_CLIENT) { |
| // Peek possible stateless reset token. Will only be used on decryption |
| // failure. |
| absl::string_view remaining = encrypted_reader->PeekRemainingPayload(); |
| if (remaining.length() >= sizeof(header->possible_stateless_reset_token)) { |
| header->has_possible_stateless_reset_token = true; |
| memcpy(&header->possible_stateless_reset_token, |
| &remaining.data()[remaining.length() - |
| sizeof(header->possible_stateless_reset_token)], |
| sizeof(header->possible_stateless_reset_token)); |
| } |
| } |
| |
| if (!MaybeProcessIetfLength(encrypted_reader, header)) { |
| return false; |
| } |
| |
| absl::string_view associated_data; |
| std::vector<char> ad_storage; |
| QuicPacketNumber base_packet_number; |
| if (header->form == IETF_QUIC_SHORT_HEADER_PACKET || |
| header->long_packet_type != VERSION_NEGOTIATION) { |
| QUICHE_DCHECK(header->form == IETF_QUIC_SHORT_HEADER_PACKET || |
| header->long_packet_type == INITIAL || |
| header->long_packet_type == HANDSHAKE || |
| header->long_packet_type == ZERO_RTT_PROTECTED); |
| // Process packet number. |
| if (supports_multiple_packet_number_spaces_) { |
| PacketNumberSpace pn_space = GetPacketNumberSpace(*header); |
| if (pn_space == NUM_PACKET_NUMBER_SPACES) { |
| return RaiseError(QUIC_INVALID_PACKET_HEADER); |
| } |
| base_packet_number = largest_decrypted_packet_numbers_[pn_space]; |
| } else { |
| base_packet_number = largest_packet_number_; |
| } |
| uint64_t full_packet_number; |
| bool hp_removal_failed = false; |
| if (version_.HasHeaderProtection()) { |
| if (!RemoveHeaderProtection(encrypted_reader, packet, header, |
| &full_packet_number, &ad_storage)) { |
| hp_removal_failed = true; |
| } |
| associated_data = absl::string_view(ad_storage.data(), ad_storage.size()); |
| } else if (!ProcessAndCalculatePacketNumber( |
| encrypted_reader, header->packet_number_length, |
| base_packet_number, &full_packet_number)) { |
| set_detailed_error("Unable to read packet number."); |
| RecordDroppedPacketReason(DroppedPacketReason::INVALID_PACKET_NUMBER); |
| return RaiseError(QUIC_INVALID_PACKET_HEADER); |
| } |
| |
| if (hp_removal_failed || |
| !IsValidFullPacketNumber(full_packet_number, version())) { |
| if (IsIetfStatelessResetPacket(*header)) { |
| // This is a stateless reset packet. |
| QuicIetfStatelessResetPacket packet( |
| *header, header->possible_stateless_reset_token); |
| visitor_->OnAuthenticatedIetfStatelessResetPacket(packet); |
| return true; |
| } |
| if (hp_removal_failed) { |
| const EncryptionLevel decryption_level = GetEncryptionLevel(*header); |
| const bool has_decryption_key = decrypter_[decryption_level] != nullptr; |
| visitor_->OnUndecryptablePacket( |
| QuicEncryptedPacket(encrypted_reader->FullPayload()), |
| decryption_level, has_decryption_key); |
| RecordDroppedPacketReason(DroppedPacketReason::DECRYPTION_FAILURE); |
| set_detailed_error(absl::StrCat( |
| "Unable to decrypt ", EncryptionLevelToString(decryption_level), |
| " header protection", has_decryption_key ? "" : " (missing key)", |
| ".")); |
| return RaiseError(QUIC_DECRYPTION_FAILURE); |
| } |
| RecordDroppedPacketReason(DroppedPacketReason::INVALID_PACKET_NUMBER); |
| set_detailed_error("packet numbers cannot be 0."); |
| return RaiseError(QUIC_INVALID_PACKET_HEADER); |
| } |
| header->packet_number = QuicPacketNumber(full_packet_number); |
| } |
| |
| // A nonce should only present in SHLO from the server to the client when |
| // using QUIC crypto. |
| if (header->form == IETF_QUIC_LONG_HEADER_PACKET && |
| header->long_packet_type == ZERO_RTT_PROTECTED && |
| perspective_ == Perspective::IS_CLIENT && |
| version_.handshake_protocol == PROTOCOL_QUIC_CRYPTO) { |
| if (!encrypted_reader->ReadBytes( |
| reinterpret_cast<uint8_t*>(last_nonce_.data()), |
| last_nonce_.size())) { |
| set_detailed_error("Unable to read nonce."); |
| RecordDroppedPacketReason( |
| DroppedPacketReason::INVALID_DIVERSIFICATION_NONCE); |
| return RaiseError(QUIC_INVALID_PACKET_HEADER); |
| } |
| |
| header->nonce = &last_nonce_; |
| } else { |
| header->nonce = nullptr; |
| } |
| |
| if (!visitor_->OnUnauthenticatedHeader(*header)) { |
| set_detailed_error( |
| "Visitor asked to stop processing of unauthenticated header."); |
| return false; |
| } |
| |
| absl::string_view encrypted = encrypted_reader->ReadRemainingPayload(); |
| if (!version_.HasHeaderProtection()) { |
| associated_data = GetAssociatedDataFromEncryptedPacket( |
| version_.transport_version, packet, |
| GetIncludedDestinationConnectionIdLength(*header), |
| GetIncludedSourceConnectionIdLength(*header), header->version_flag, |
| header->nonce != nullptr, header->packet_number_length, |
| header->retry_token_length_length, header->retry_token.length(), |
| header->length_length); |
| } |
| |
| size_t decrypted_length = 0; |
| EncryptionLevel decrypted_level; |
| if (!DecryptPayload(packet.length(), encrypted, associated_data, *header, |
| decrypted_buffer, buffer_length, &decrypted_length, |
| &decrypted_level)) { |
| if (IsIetfStatelessResetPacket(*header)) { |
| // This is a stateless reset packet. |
| QuicIetfStatelessResetPacket packet( |
| *header, header->possible_stateless_reset_token); |
| visitor_->OnAuthenticatedIetfStatelessResetPacket(packet); |
| return true; |
| } |
| const EncryptionLevel decryption_level = GetEncryptionLevel(*header); |
| const bool has_decryption_key = version_.KnowsWhichDecrypterToUse() && |
| decrypter_[decryption_level] != nullptr; |
| visitor_->OnUndecryptablePacket( |
| QuicEncryptedPacket(encrypted_reader->FullPayload()), decryption_level, |
| has_decryption_key); |
| set_detailed_error(absl::StrCat( |
| "Unable to decrypt ", EncryptionLevelToString(decryption_level), |
| " payload with reconstructed packet number ", |
| header->packet_number.ToString(), " (largest decrypted was ", |
| base_packet_number.ToString(), ")", |
| has_decryption_key || !version_.KnowsWhichDecrypterToUse() |
| ? "" |
| : " (missing key)", |
| ".")); |
| RecordDroppedPacketReason(DroppedPacketReason::DECRYPTION_FAILURE); |
| return RaiseError(QUIC_DECRYPTION_FAILURE); |
| } |
| QuicDataReader reader(decrypted_buffer, decrypted_length); |
| |
| // Update the largest packet number after we have decrypted the packet |
| // so we are confident is not attacker controlled. |
| if (supports_multiple_packet_number_spaces_) { |
| largest_decrypted_packet_numbers_[QuicUtils::GetPacketNumberSpace( |
| decrypted_level)] |
| .UpdateMax(header->packet_number); |
| } else { |
| largest_packet_number_.UpdateMax(header->packet_number); |
| } |
| |
| if (!visitor_->OnPacketHeader(*header)) { |
| RecordDroppedPacketReason(DroppedPacketReason::INVALID_PACKET_NUMBER); |
| // The visitor suppresses further processing of the packet. |
| return true; |
| } |
| |
| if (packet.length() > kMaxIncomingPacketSize) { |
| set_detailed_error("Packet too large."); |
| return RaiseError(QUIC_PACKET_TOO_LARGE); |
| } |
| |
| // Handle the payload. |
| if (VersionHasIetfQuicFrames(version_.transport_version)) { |
| current_received_frame_type_ = 0; |
| previously_received_frame_type_ = 0; |
| if (!ProcessIetfFrameData(&reader, *header, decrypted_level)) { |
| current_received_frame_type_ = 0; |
| previously_received_frame_type_ = 0; |
| QUICHE_DCHECK_NE(QUIC_NO_ERROR, |
| error_); // ProcessIetfFrameData sets the error. |
| QUICHE_DCHECK_NE("", detailed_error_); |
| QUIC_DLOG(WARNING) << ENDPOINT << "Unable to process frame data. Error: " |
| << detailed_error_; |
| return false; |
| } |
| current_received_frame_type_ = 0; |
| previously_received_frame_type_ = 0; |
| } else { |
| if (!ProcessFrameData(&reader, *header)) { |
| QUICHE_DCHECK_NE(QUIC_NO_ERROR, |
| error_); // ProcessFrameData sets the error. |
| QUICHE_DCHECK_NE("", detailed_error_); |
| QUIC_DLOG(WARNING) << ENDPOINT << "Unable to process frame data. Error: " |
| << detailed_error_; |
| return false; |
| } |
| } |
| |
| visitor_->OnPacketComplete(); |
| return true; |
| } |
| |
| bool QuicFramer::ProcessDataPacket(QuicDataReader* encrypted_reader, |
| QuicPacketHeader* header, |
| const QuicEncryptedPacket& packet, |
| char* decrypted_buffer, |
| size_t buffer_length) { |
| if (!ProcessUnauthenticatedHeader(encrypted_reader, header)) { |
| QUICHE_DCHECK_NE("", detailed_error_); |
| QUIC_DVLOG(1) |
| << ENDPOINT |
| << "Unable to process packet header. Stopping parsing. Error: " |
| << detailed_error_; |
| RecordDroppedPacketReason(DroppedPacketReason::INVALID_PACKET_NUMBER); |
| return false; |
| } |
| |
| absl::string_view encrypted = encrypted_reader->ReadRemainingPayload(); |
| absl::string_view associated_data = GetAssociatedDataFromEncryptedPacket( |
| version_.transport_version, packet, |
| GetIncludedDestinationConnectionIdLength(*header), |
| GetIncludedSourceConnectionIdLength(*header), header->version_flag, |
| header->nonce != nullptr, header->packet_number_length, |
| header->retry_token_length_length, header->retry_token.length(), |
| header->length_length); |
| |
| size_t decrypted_length = 0; |
| EncryptionLevel decrypted_level; |
| if (!DecryptPayload(packet.length(), encrypted, associated_data, *header, |
| decrypted_buffer, buffer_length, &decrypted_length, |
| &decrypted_level)) { |
| const EncryptionLevel decryption_level = decrypter_level_; |
| // This version uses trial decryption so we always report to our visitor |
| // that we are not certain we have the correct decryption key. |
| const bool has_decryption_key = false; |
| visitor_->OnUndecryptablePacket( |
| QuicEncryptedPacket(encrypted_reader->FullPayload()), decryption_level, |
| has_decryption_key); |
| RecordDroppedPacketReason(DroppedPacketReason::DECRYPTION_FAILURE); |
| set_detailed_error(absl::StrCat("Unable to decrypt ", |
| EncryptionLevelToString(decryption_level), |
| " payload.")); |
| return RaiseError(QUIC_DECRYPTION_FAILURE); |
| } |
| |
| QuicDataReader reader(decrypted_buffer, decrypted_length); |
| |
| // Update the largest packet number after we have decrypted the packet |
| // so we are confident is not attacker controlled. |
| if (supports_multiple_packet_number_spaces_) { |
| largest_decrypted_packet_numbers_[QuicUtils::GetPacketNumberSpace( |
| decrypted_level)] |
| .UpdateMax(header->packet_number); |
| } else { |
| largest_packet_number_.UpdateMax(header->packet_number); |
| } |
| |
| if (!visitor_->OnPacketHeader(*header)) { |
| // The visitor suppresses further processing of the packet. |
| return true; |
| } |
| |
| if (packet.length() > kMaxIncomingPacketSize) { |
| set_detailed_error("Packet too large."); |
| return RaiseError(QUIC_PACKET_TOO_LARGE); |
| } |
| |
| // Handle the payload. |
| if (!ProcessFrameData(&reader, *header)) { |
| QUICHE_DCHECK_NE(QUIC_NO_ERROR, |
| error_); // ProcessFrameData sets the error. |
| QUICHE_DCHECK_NE("", detailed_error_); |
| QUIC_DLOG(WARNING) << ENDPOINT << "Unable to process frame data. Error: " |
| << detailed_error_; |
| return false; |
| } |
| |
| visitor_->OnPacketComplete(); |
| return true; |
| } |
| |
| bool QuicFramer::ProcessPublicResetPacket(QuicDataReader* reader, |
| const QuicPacketHeader& header) { |
| QuicPublicResetPacket packet( |
| GetServerConnectionIdAsRecipient(header, perspective_)); |
| |
| std::unique_ptr<CryptoHandshakeMessage> reset( |
| CryptoFramer::ParseMessage(reader->ReadRemainingPayload())); |
| if (!reset) { |
| set_detailed_error("Unable to read reset message."); |
| RecordDroppedPacketReason(DroppedPacketReason::INVALID_PUBLIC_RESET_PACKET); |
| return RaiseError(QUIC_INVALID_PUBLIC_RST_PACKET); |
| } |
| if (reset->tag() != kPRST) { |
| set_detailed_error("Incorrect message tag."); |
| RecordDroppedPacketReason(DroppedPacketReason::INVALID_PUBLIC_RESET_PACKET); |
| return RaiseError(QUIC_INVALID_PUBLIC_RST_PACKET); |
| } |
| |
| if (reset->GetUint64(kRNON, &packet.nonce_proof) != QUIC_NO_ERROR) { |
| set_detailed_error("Unable to read nonce proof."); |
| RecordDroppedPacketReason(DroppedPacketReason::INVALID_PUBLIC_RESET_PACKET); |
| return RaiseError(QUIC_INVALID_PUBLIC_RST_PACKET); |
| } |
| // TODO(satyamshekhar): validate nonce to protect against DoS. |
| |
| absl::string_view address; |
| if (reset->GetStringPiece(kCADR, &address)) { |
| QuicSocketAddressCoder address_coder; |
| if (address_coder.Decode(address.data(), address.length())) { |
| packet.client_address = |
| QuicSocketAddress(address_coder.ip(), address_coder.port()); |
| } |
| } |
| |
| absl::string_view endpoint_id; |
| if (perspective_ == Perspective::IS_CLIENT && |
| reset->GetStringPiece(kEPID, &endpoint_id)) { |
| packet.endpoint_id = std::string(endpoint_id); |
| packet.endpoint_id += '\0'; |
| } |
| |
| visitor_->OnPublicResetPacket(packet); |
| return true; |
| } |
| |
| bool QuicFramer::IsIetfStatelessResetPacket( |
| const QuicPacketHeader& header) const { |
| QUIC_BUG_IF(quic_bug_12975_3, header.has_possible_stateless_reset_token && |
| perspective_ != Perspective::IS_CLIENT) |
| << "has_possible_stateless_reset_token can only be true at client side."; |
| return header.form == IETF_QUIC_SHORT_HEADER_PACKET && |
| header.has_possible_stateless_reset_token && |
| visitor_->IsValidStatelessResetToken( |
| header.possible_stateless_reset_token); |
| } |
| |
| bool QuicFramer::HasEncrypterOfEncryptionLevel(EncryptionLevel level) const { |
| return encrypter_[level] != nullptr; |
| } |
| |
| bool QuicFramer::HasDecrypterOfEncryptionLevel(EncryptionLevel level) const { |
| return decrypter_[level] != nullptr; |
| } |
| |
| bool QuicFramer::HasAnEncrypterForSpace(PacketNumberSpace space) const { |
| switch (space) { |
| case INITIAL_DATA: |
| return HasEncrypterOfEncryptionLevel(ENCRYPTION_INITIAL); |
| case HANDSHAKE_DATA: |
| return HasEncrypterOfEncryptionLevel(ENCRYPTION_HANDSHAKE); |
| case APPLICATION_DATA: |
| return HasEncrypterOfEncryptionLevel(ENCRYPTION_ZERO_RTT) || |
| HasEncrypterOfEncryptionLevel(ENCRYPTION_FORWARD_SECURE); |
| case NUM_PACKET_NUMBER_SPACES: |
| break; |
| } |
| QUIC_BUG(quic_bug_10850_55) |
| << ENDPOINT |
| << "Try to send data of space: " << PacketNumberSpaceToString(space); |
| return false; |
| } |
| |
| EncryptionLevel QuicFramer::GetEncryptionLevelToSendApplicationData() const { |
| if (!HasAnEncrypterForSpace(APPLICATION_DATA)) { |
| QUIC_BUG(quic_bug_12975_4) |
| << "Tried to get encryption level to send application data with no " |
| "encrypter available."; |
| return NUM_ENCRYPTION_LEVELS; |
| } |
| if (HasEncrypterOfEncryptionLevel(ENCRYPTION_FORWARD_SECURE)) { |
| return ENCRYPTION_FORWARD_SECURE; |
| } |
| QUICHE_DCHECK(HasEncrypterOfEncryptionLevel(ENCRYPTION_ZERO_RTT)); |
| return ENCRYPTION_ZERO_RTT; |
| } |
| |
| bool QuicFramer::AppendPacketHeader(const QuicPacketHeader& header, |
| QuicDataWriter* writer, |
| size_t* length_field_offset) { |
| if (version().HasIetfInvariantHeader()) { |
| return AppendIetfPacketHeader(header, writer, length_field_offset); |
| } |
| QUIC_DVLOG(1) << ENDPOINT << "Appending header: " << header; |
| uint8_t public_flags = 0; |
| if (header.reset_flag) { |
| public_flags |= PACKET_PUBLIC_FLAGS_RST; |
| } |
| if (header.version_flag) { |
| public_flags |= PACKET_PUBLIC_FLAGS_VERSION; |
| } |
| |
| public_flags |= GetPacketNumberFlags(header.packet_number_length) |
| << kPublicHeaderSequenceNumberShift; |
| |
| if (header.nonce != nullptr) { |
| QUICHE_DCHECK_EQ(Perspective::IS_SERVER, perspective_); |
| public_flags |= PACKET_PUBLIC_FLAGS_NONCE; |
| } |
| |
| QuicConnectionId server_connection_id = |
| GetServerConnectionIdAsSender(header, perspective_); |
| QuicConnectionIdIncluded server_connection_id_included = |
| GetServerConnectionIdIncludedAsSender(header, perspective_); |
| QUICHE_DCHECK_EQ(CONNECTION_ID_ABSENT, |
| GetClientConnectionIdIncludedAsSender(header, perspective_)) |
| << ENDPOINT << ParsedQuicVersionToString(version_) |
| << " invalid header: " << header; |
| |
| switch (server_connection_id_included) { |
| case CONNECTION_ID_ABSENT: |
| if (!writer->WriteUInt8(public_flags | |
| PACKET_PUBLIC_FLAGS_0BYTE_CONNECTION_ID)) { |
| return false; |
| } |
| break; |
| case CONNECTION_ID_PRESENT: |
| QUIC_BUG_IF(quic_bug_12975_5, |
| !QuicUtils::IsConnectionIdValidForVersion( |
| server_connection_id, transport_version())) |
| << "AppendPacketHeader: attempted to use connection ID " |
| << server_connection_id << " which is invalid with version " |
| << version(); |
| |
| public_flags |= PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID; |
| if (perspective_ == Perspective::IS_CLIENT) { |
| public_flags |= PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID_OLD; |
| } |
| if (!writer->WriteUInt8(public_flags) || |
| !writer->WriteConnectionId(server_connection_id)) { |
| return false; |
| } |
| break; |
| } |
| last_serialized_server_connection_id_ = server_connection_id; |
| |
| if (header.version_flag) { |
| QUICHE_DCHECK_EQ(Perspective::IS_CLIENT, perspective_); |
| QuicVersionLabel version_label = CreateQuicVersionLabel(version_); |
| if (!writer->WriteUInt32(version_label)) { |
| return false; |
| } |
| |
| QUIC_DVLOG(1) << ENDPOINT << "label = '" |
| << QuicVersionLabelToString(version_label) << "'"; |
| } |
| |
| if (header.nonce != nullptr && |
| !writer->WriteBytes(header.nonce, kDiversificationNonceSize)) { |
| return false; |
| } |
| |
| if (!AppendPacketNumber(header.packet_number_length, header.packet_number, |
| writer)) { |
| return false; |
| } |
| |
| return true; |
| } |
| |
| bool QuicFramer::AppendIetfHeaderTypeByte(const QuicPacketHeader& header, |
| QuicDataWriter* writer) { |
| uint8_t type = 0; |
| if (header.version_flag) { |
| type = static_cast<uint8_t>( |
| FLAGS_LONG_HEADER | FLAGS_FIXED_BIT | |
| LongHeaderTypeToOnWireValue(header.long_packet_type) | |
| PacketNumberLengthToOnWireValue(header.packet_number_length)); |
| } else { |
| type = static_cast<uint8_t>( |
| FLAGS_FIXED_BIT | (current_key_phase_bit_ ? FLAGS_KEY_PHASE_BIT : 0) | |
| PacketNumberLengthToOnWireValue(header.packet_number_length)); |
| } |
| return writer->WriteUInt8(type); |
| } |
| |
| bool QuicFramer::AppendIetfPacketHeader(const QuicPacketHeader& header, |
| QuicDataWriter* writer, |
| size_t* length_field_offset) { |
| QUIC_DVLOG(1) << ENDPOINT << "Appending IETF header: " << header; |
| QuicConnectionId server_connection_id = |
| GetServerConnectionIdAsSender(header, perspective_); |
| QUIC_BUG_IF(quic_bug_12975_6, !QuicUtils::IsConnectionIdValidForVersion( |
| server_connection_id, transport_version())) |
| << "AppendIetfPacketHeader: attempted to use connection ID " |
| << server_connection_id << " which is invalid with version " << version(); |
| if (!AppendIetfHeaderTypeByte(header, writer)) { |
| return false; |
| } |
| |
| if (header.version_flag) { |
| QUICHE_DCHECK_NE(VERSION_NEGOTIATION, header.long_packet_type) |
| << "QuicFramer::AppendIetfPacketHeader does not support sending " |
| "version negotiation packets, use " |
| "QuicFramer::BuildVersionNegotiationPacket instead " |
| << header; |
| // Append version for long header. |
| QuicVersionLabel version_label = CreateQuicVersionLabel(version_); |
| if (!writer->WriteUInt32(version_label)) { |
| return false; |
| } |
| } |
| |
| // Append connection ID. |
| if (!AppendIetfConnectionIds( |
| header.version_flag, version_.HasLengthPrefixedConnectionIds(), |
| header.destination_connection_id_included != CONNECTION_ID_ABSENT |
| ? header.destination_connection_id |
| : EmptyQuicConnectionId(), |
| header.source_connection_id_included != CONNECTION_ID_ABSENT |
| ? header.source_connection_id |
| : EmptyQuicConnectionId(), |
| writer)) { |
| return false; |
| } |
| |
| last_serialized_server_connection_id_ = server_connection_id; |
| if (version_.SupportsClientConnectionIds()) { |
| last_serialized_client_connection_id_ = |
| GetClientConnectionIdAsSender(header, perspective_); |
| } |
| |
| // TODO(b/141924462) Remove this QUIC_BUG once we do support sending RETRY. |
| QUIC_BUG_IF(quic_bug_12975_7, |
| header.version_flag && header.long_packet_type == RETRY) |
| << "Sending IETF RETRY packets is not currently supported " << header; |
| |
| if (QuicVersionHasLongHeaderLengths(transport_version()) && |
| header.version_flag) { |
| if (header.long_packet_type == INITIAL) { |
| QUICHE_DCHECK_NE(VARIABLE_LENGTH_INTEGER_LENGTH_0, |
| header.retry_token_length_length) |
| << ENDPOINT << ParsedQuicVersionToString(version_) |
| << " bad retry token length length in header: " << header; |
| // Write retry token length. |
| if (!writer->WriteVarInt62(header.retry_token.length(), |
| header.retry_token_length_length)) { |
| return false; |
| } |
| // Write retry token. |
| if (!header.retry_token.empty() && |
| !writer->WriteStringPiece(header.retry_token)) { |
| return false; |
| } |
| } |
| if (length_field_offset != nullptr) { |
| *length_field_offset = writer->length(); |
| } |
| // Add fake length to reserve two bytes to add length in later. |
| writer->WriteVarInt62(256); |
| } else if (length_field_offset != nullptr) { |
| *length_field_offset = 0; |
| } |
| |
| // Append packet number. |
| if (!AppendPacketNumber(header.packet_number_length, header.packet_number, |
| writer)) { |
| return false; |
| } |
| last_written_packet_number_length_ = header.packet_number_length; |
| |
| if (!header.version_flag) { |
| return true; |
| } |
| |
| if (header.nonce != nullptr) { |
| QUICHE_DCHECK(header.version_flag); |
| QUICHE_DCHECK_EQ(ZERO_RTT_PROTECTED, header.long_packet_type); |
| QUICHE_DCHECK_EQ(Perspective::IS_SERVER, perspective_); |
| if (!writer->WriteBytes(header.nonce, kDiversificationNonceSize)) { |
| return false; |
| } |
| } |
| |
| return true; |
| } |
| |
| const QuicTime::Delta QuicFramer::CalculateTimestampFromWire( |
| uint32_t time_delta_us) { |
| // The new time_delta might have wrapped to the next epoch, or it |
| // might have reverse wrapped to the previous epoch, or it might |
| // remain in the same epoch. Select the time closest to the previous |
| // time. |
| // |
| // epoch_delta is the delta between epochs. A delta is 4 bytes of |
| // microseconds. |
| const uint64_t epoch_delta = UINT64_C(1) << 32; |
| uint64_t epoch = last_timestamp_.ToMicroseconds() & ~(epoch_delta - 1); |
| // Wrapping is safe here because a wrapped value will not be ClosestTo below. |
| uint64_t prev_epoch = epoch - epoch_delta; |
| uint64_t next_epoch = epoch + epoch_delta; |
| |
| uint64_t time = ClosestTo( |
| last_timestamp_.ToMicroseconds(), epoch + time_delta_us, |
| ClosestTo(last_timestamp_.ToMicroseconds(), prev_epoch + time_delta_us, |
| next_epoch + time_delta_us)); |
| |
| return QuicTime::Delta::FromMicroseconds(time); |
| } |
| |
| uint64_t QuicFramer::CalculatePacketNumberFromWire( |
| QuicPacketNumberLength packet_number_length, |
| QuicPacketNumber base_packet_number, |
| uint64_t packet_number) const { |
| // The new packet number might have wrapped to the next epoch, or |
| // it might have reverse wrapped to the previous epoch, or it might |
| // remain in the same epoch. Select the packet number closest to the |
| // next expected packet number, the previous packet number plus 1. |
| |
| // epoch_delta is the delta between epochs the packet number was serialized |
| // with, so the correct value is likely the same epoch as the last sequence |
| // number or an adjacent epoch. |
| if (!base_packet_number.IsInitialized()) { |
| return packet_number; |
| } |
| const uint64_t epoch_delta = UINT64_C(1) << (8 * packet_number_length); |
| uint64_t next_packet_number = base_packet_number.ToUint64() + 1; |
| uint64_t epoch = base_packet_number.ToUint64() & ~(epoch_delta - 1); |
| uint64_t prev_epoch = epoch - epoch_delta; |
| uint64_t next_epoch = epoch + epoch_delta; |
| |
| return ClosestTo(next_packet_number, epoch + packet_number, |
| ClosestTo(next_packet_number, prev_epoch + packet_number, |
| next_epoch + packet_number)); |
| } |
| |
| bool QuicFramer::ProcessPublicHeader(QuicDataReader* reader, |
| bool packet_has_ietf_packet_header, |
| QuicPacketHeader* header) { |
| if (packet_has_ietf_packet_header) { |
| return ProcessIetfPacketHeader(reader, header); |
| } |
| uint8_t public_flags; |
| if (!reader->ReadBytes(&public_flags, 1)) { |
| set_detailed_error("Unable to read public flags."); |
| return false; |
| } |
| |
| header->reset_flag = (public_flags & PACKET_PUBLIC_FLAGS_RST) != 0; |
| header->version_flag = (public_flags & PACKET_PUBLIC_FLAGS_VERSION) != 0; |
| |
| if (validate_flags_ && !header->version_flag && |
| public_flags > PACKET_PUBLIC_FLAGS_MAX) { |
| set_detailed_error("Illegal public flags value."); |
| return false; |
| } |
| |
| if (header->reset_flag && header->version_flag) { |
| set_detailed_error("Got version flag in reset packet"); |
| return false; |
| } |
| |
| QuicConnectionId* header_connection_id = &header->destination_connection_id; |
| QuicConnectionIdIncluded* header_connection_id_included = |
| &header->destination_connection_id_included; |
| if (perspective_ == Perspective::IS_CLIENT) { |
| header_connection_id = &header->source_connection_id; |
| header_connection_id_included = &header->source_connection_id_included; |
| } |
| switch (public_flags & PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID) { |
| case PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID: |
| if (!reader->ReadConnectionId(header_connection_id, |
| kQuicDefaultConnectionIdLength)) { |
| set_detailed_error("Unable to read ConnectionId."); |
| return false; |
| } |
| *header_connection_id_included = CONNECTION_ID_PRESENT; |
| break; |
| case PACKET_PUBLIC_FLAGS_0BYTE_CONNECTION_ID: |
| *header_connection_id_included = CONNECTION_ID_ABSENT; |
| *header_connection_id = last_serialized_server_connection_id_; |
| break; |
| } |
| |
| header->packet_number_length = ReadSequenceNumberLength( |
| public_flags >> kPublicHeaderSequenceNumberShift); |
| |
| // Read the version only if the packet is from the client. |
| // version flag from the server means version negotiation packet. |
| if (header->version_flag && perspective_ == Perspective::IS_SERVER) { |
| QuicVersionLabel version_label; |
| if (!ProcessVersionLabel(reader, &version_label)) { |
| set_detailed_error("Unable to read protocol version."); |
| return false; |
| } |
| // If the version from the new packet is the same as the version of this |
| // framer, then the public flags should be set to something we understand. |
| // If not, this raises an error. |
| ParsedQuicVersion version = ParseQuicVersionLabel(version_label); |
| if (version == version_ && public_flags > PACKET_PUBLIC_FLAGS_MAX) { |
| set_detailed_error("Illegal public flags value."); |
| return false; |
| } |
| header->version = version; |
| } |
| |
| // A nonce should only be present in packets from the server to the client, |
| // which are neither version negotiation nor public reset packets. |
| if (public_flags & PACKET_PUBLIC_FLAGS_NONCE && |
| !(public_flags & PACKET_PUBLIC_FLAGS_VERSION) && |
| !(public_flags & PACKET_PUBLIC_FLAGS_RST) && |
| // The nonce flag from a client is ignored and is assumed to be an older |
| // client indicating an eight-byte connection ID. |
| perspective_ == Perspective::IS_CLIENT) { |
| if (!reader->ReadBytes(reinterpret_cast<uint8_t*>(last_nonce_.data()), |
| last_nonce_.size())) { |
| set_detailed_error("Unable to read nonce."); |
| return false; |
| } |
| header->nonce = &last_nonce_; |
| } else { |
| header->nonce = nullptr; |
| } |
| |
| return true; |
| } |
| |
| // static |
| QuicPacketNumberLength QuicFramer::GetMinPacketNumberLength( |
| QuicPacketNumber packet_number) { |
| QUICHE_DCHECK(packet_number.IsInitialized()); |
| if (packet_number < QuicPacketNumber(1 << (PACKET_1BYTE_PACKET_NUMBER * 8))) { |
| return PACKET_1BYTE_PACKET_NUMBER; |
| } else if (packet_number < |
| QuicPacketNumber(1 << (PACKET_2BYTE_PACKET_NUMBER * 8))) { |
| return PACKET_2BYTE_PACKET_NUMBER; |
| } else if (packet_number < |
| QuicPacketNumber(UINT64_C(1) |
| << (PACKET_4BYTE_PACKET_NUMBER * 8))) { |
| return PACKET_4BYTE_PACKET_NUMBER; |
| } else { |
| return PACKET_6BYTE_PACKET_NUMBER; |
| } |
| } |
| |
| // static |
| uint8_t QuicFramer::GetPacketNumberFlags( |
| QuicPacketNumberLength packet_number_length) { |
| switch (packet_number_length) { |
| case PACKET_1BYTE_PACKET_NUMBER: |
| return PACKET_FLAGS_1BYTE_PACKET; |
| case PACKET_2BYTE_PACKET_NUMBER: |
| return PACKET_FLAGS_2BYTE_PACKET; |
| case PACKET_4BYTE_PACKET_NUMBER: |
| return PACKET_FLAGS_4BYTE_PACKET; |
| case PACKET_6BYTE_PACKET_NUMBER: |
| case PACKET_8BYTE_PACKET_NUMBER: |
| return PACKET_FLAGS_8BYTE_PACKET; |
| default: |
| QUIC_BUG(quic_bug_10850_56) << "Unreachable case statement."; |
| return PACKET_FLAGS_8BYTE_PACKET; |
| } |
| } |
| |
| // static |
| QuicFramer::AckFrameInfo QuicFramer::GetAckFrameInfo( |
| const QuicAckFrame& frame) { |
| AckFrameInfo new_ack_info; |
| if (frame.packets.Empty()) { |
| return new_ack_info; |
| } |
| // The first block is the last interval. It isn't encoded with the gap-length |
| // encoding, so skip it. |
| new_ack_info.first_block_length = frame.packets.LastIntervalLength(); |
| auto itr = frame.packets.rbegin(); |
| QuicPacketNumber previous_start = itr->min(); |
| new_ack_info.max_block_length = itr->Length(); |
| ++itr; |
| |
| // Don't do any more work after getting information for 256 ACK blocks; any |
| // more can't be encoded anyway. |
| for (; itr != frame.packets.rend() && |
| new_ack_info.num_ack_blocks < std::numeric_limits<uint8_t>::max(); |
| previous_start = itr->min(), ++itr) { |
| const auto& interval = *itr; |
| const QuicPacketCount total_gap = previous_start - interval.max(); |
| new_ack_info.num_ack_blocks += |
| (total_gap + std::numeric_limits<uint8_t>::max() - 1) / |
| std::numeric_limits<uint8_t>::max(); |
| new_ack_info.max_block_length = |
| std::max(new_ack_info.max_block_length, interval.Length()); |
| } |
| return new_ack_info; |
| } |
| |
| bool QuicFramer::ProcessUnauthenticatedHeader(QuicDataReader* encrypted_reader, |
| QuicPacketHeader* header) { |
| QuicPacketNumber base_packet_number; |
| if (supports_multiple_packet_number_spaces_) { |
| PacketNumberSpace pn_space = GetPacketNumberSpace(*header); |
| if (pn_space == NUM_PACKET_NUMBER_SPACES) { |
| set_detailed_error("Unable to determine packet number space."); |
| return RaiseError(QUIC_INVALID_PACKET_HEADER); |
| } |
| base_packet_number = largest_decrypted_packet_numbers_[pn_space]; |
| } else { |
| base_packet_number = largest_packet_number_; |
| } |
| uint64_t full_packet_number; |
| if (!ProcessAndCalculatePacketNumber( |
| encrypted_reader, header->packet_number_length, base_packet_number, |
| &full_packet_number)) { |
| set_detailed_error("Unable to read packet number."); |
| return RaiseError(QUIC_INVALID_PACKET_HEADER); |
| } |
| |
| if (!IsValidFullPacketNumber(full_packet_number, version())) { |
| set_detailed_error("packet numbers cannot be 0."); |
| return RaiseError(QUIC_INVALID_PACKET_HEADER); |
| } |
| header->packet_number = QuicPacketNumber(full_packet_number); |
| |
| if (!visitor_->OnUnauthenticatedHeader(*header)) { |
| set_detailed_error( |
| "Visitor asked to stop processing of unauthenticated header."); |
| return false; |
| } |
| // The function we are in is called because the framer believes that it is |
| // processing a packet that uses the non-IETF (i.e. Google QUIC) packet header |
| // type. Usually, the framer makes that decision based on the framer's |
| // version, but when the framer is used with Perspective::IS_SERVER, then |
| // before version negotiation is complete (specifically, before |
| // InferPacketHeaderTypeFromVersion is called), this decision is made based on |
| // the type byte of the packet. |
| // |
| // If the framer's version KnowsWhichDecrypterToUse, then that version expects |
| // to use the IETF packet header type. If that's the case and we're in this |
| // function, then the packet received is invalid: the framer was expecting an |
| // IETF packet header and didn't get one. |
| if (version().KnowsWhichDecrypterToUse()) { |
| set_detailed_error("Invalid public header type for expected version."); |
| return RaiseError(QUIC_INVALID_PACKET_HEADER); |
| } |
| return true; |
| } |
| |
| bool QuicFramer::ProcessIetfHeaderTypeByte(QuicDataReader* reader, |
| QuicPacketHeader* header) { |
| uint8_t type; |
| if (!reader->ReadBytes(&type, 1)) { |
| set_detailed_error("Unable to read first byte."); |
| return false; |
| } |
| header->type_byte = type; |
| // Determine whether this is a long or short header. |
| header->form = GetIetfPacketHeaderFormat(type); |
| if (header->form == IETF_QUIC_LONG_HEADER_PACKET) { |
| // Version is always present in long headers. |
| header->version_flag = true; |
| // In versions that do not support client connection IDs, we mark the |
| // corresponding connection ID as absent. |
| header->destination_connection_id_included = |
| (perspective_ == Perspective::IS_SERVER || |
| version_.SupportsClientConnectionIds()) |
| ? CONNECTION_ID_PRESENT |
| : CONNECTION_ID_ABSENT; |
| header->source_connection_id_included = |
| (perspective_ == Perspective::IS_CLIENT || |
| version_.SupportsClientConnectionIds()) |
| ? CONNECTION_ID_PRESENT |
| : CONNECTION_ID_ABSENT; |
| // Read version tag. |
| QuicVersionLabel version_label; |
| if (!ProcessVersionLabel(reader, &version_label)) { |
| set_detailed_error("Unable to read protocol version."); |
| return false; |
| } |
| if (!version_label) { |
| // Version label is 0 indicating this is a version negotiation packet. |
| header->long_packet_type = VERSION_NEGOTIATION; |
| } else { |
| header->version = ParseQuicVersionLabel(version_label); |
| if (header->version.IsKnown()) { |
| if (!(type & FLAGS_FIXED_BIT)) { |
| set_detailed_error("Fixed bit is 0 in long header."); |
| return false; |
| } |
| if (!GetLongHeaderType(type, &header->long_packet_type)) { |
| set_detailed_error("Illegal long header type value."); |
| return false; |
| } |
| if (header->long_packet_type == RETRY) { |
| if (!version().SupportsRetry()) { |
| set_detailed_error("RETRY not supported in this version."); |
| return false; |
| } |
| if (perspective_ == Perspective::IS_SERVER) { |
| set_detailed_error("Client-initiated RETRY is invalid."); |
| return false; |
| } |
| } else if (!header->version.HasHeaderProtection()) { |
| header->packet_number_length = GetLongHeaderPacketNumberLength(type); |
| } |
| } |
| } |
| |
| QUIC_DVLOG(1) << ENDPOINT << "Received IETF long header: " |
| << QuicUtils::QuicLongHeaderTypetoString( |
| header->long_packet_type); |
| return true; |
| } |
| |
| QUIC_DVLOG(1) << ENDPOINT << "Received IETF short header"; |
| // Version is not present in short headers. |
| header->version_flag = false; |
| // In versions that do not support client connection IDs, the client will not |
| // receive destination connection IDs. |
| header->destination_connection_id_included = |
| (perspective_ == Perspective::IS_SERVER || |
| version_.SupportsClientConnectionIds()) |
| ? CONNECTION_ID_PRESENT |
| : CONNECTION_ID_ABSENT; |
| header->source_connection_id_included = CONNECTION_ID_ABSENT; |
| if (!(type & FLAGS_FIXED_BIT)) { |
| set_detailed_error("Fixed bit is 0 in short header."); |
| return false; |
| } |
| if (!version_.HasHeaderProtection()) { |
| header->packet_number_length = GetShortHeaderPacketNumberLength(type); |
| } |
| QUIC_DVLOG(1) << "packet_number_length = " << header->packet_number_length; |
| return true; |
| } |
| |
| // static |
| bool QuicFramer::ProcessVersionLabel(QuicDataReader* reader, |
| QuicVersionLabel* version_label) { |
| if (!reader->ReadUInt32(version_label)) { |
| return false; |
| } |
| return true; |
| } |
| |
| // static |
| bool QuicFramer::ProcessAndValidateIetfConnectionIdLength( |
| QuicDataReader* reader, |
| ParsedQuicVersion version, |
| Perspective perspective, |
| bool should_update_expected_server_connection_id_length, |
| uint8_t* expected_server_connection_id_length, |
| uint8_t* destination_connection_id_length, |
| uint8_t* source_connection_id_length, |
| std::string* detailed_error) { |
| uint8_t connection_id_lengths_byte; |
| if (!reader->ReadBytes(&connection_id_lengths_byte, 1)) { |
| *detailed_error = "Unable to read ConnectionId length."; |
| return false; |
| } |
| uint8_t dcil = |
| (connection_id_lengths_byte & kDestinationConnectionIdLengthMask) >> 4; |
| if (dcil != 0) { |
| dcil += kConnectionIdLengthAdjustment; |
| } |
| uint8_t scil = connection_id_lengths_byte & kSourceConnectionIdLengthMask; |
| if (scil != 0) { |
| scil += kConnectionIdLengthAdjustment; |
| } |
| if (should_update_expected_server_connection_id_length) { |
| uint8_t server_connection_id_length = |
| perspective == Perspective::IS_SERVER ? dcil : scil; |
| if (*expected_server_connection_id_length != server_connection_id_length) { |
| QUIC_DVLOG(1) << "Updating expected_server_connection_id_length: " |
| << static_cast<int>(*expected_server_connection_id_length) |
| << " -> " << static_cast<int>(server_connection_id_length); |
| *expected_server_connection_id_length = server_connection_id_length; |
| } |
| } |
| if (!should_update_expected_server_connection_id_length && |
| (dcil != *destination_connection_id_length || |
| scil != *source_connection_id_length) && |
| version.IsKnown() && !version.AllowsVariableLengthConnectionIds()) { |
| QUIC_DVLOG(1) << "dcil: " << static_cast<uint32_t>(dcil) |
| << ", scil: " << static_cast<uint32_t>(scil); |
| *detailed_error = "Invalid ConnectionId length."; |
| return false; |
| } |
| *destination_connection_id_length = dcil; |
| *source_connection_id_length = scil; |
| return true; |
| } |
| |
| bool QuicFramer::ValidateReceivedConnectionIds(const QuicPacketHeader& header) { |
| bool skip_server_connection_id_validation = |
| perspective_ == Perspective::IS_CLIENT && |
| header.form == IETF_QUIC_SHORT_HEADER_PACKET; |
| if (!skip_server_connection_id_validation && |
| !QuicUtils::IsConnectionIdValidForVersion( |
| GetServerConnectionIdAsRecipient(header, perspective_), |
| transport_version())) { |
| set_detailed_error("Received server connection ID with invalid length."); |
| return false; |
| } |
| |
| bool skip_client_connection_id_validation = |
| perspective_ == Perspective::IS_SERVER && |
| header.form == IETF_QUIC_SHORT_HEADER_PACKET; |
| if (!skip_client_connection_id_validation && |
| version_.SupportsClientConnectionIds() && |
| !QuicUtils::IsConnectionIdValidForVersion( |
| GetClientConnectionIdAsRecipient(header, perspective_), |
| transport_version())) { |
| set_detailed_error("Received client connection ID with invalid length."); |
| return false; |
| } |
| return true; |
| } |
| |
| bool QuicFramer::ProcessIetfPacketHeader(QuicDataReader* reader, |
| QuicPacketHeader* header) { |
| if (version_.HasLengthPrefixedConnectionIds()) { |
| uint8_t expected_destination_connection_id_length = |
| perspective_ == Perspective::IS_CLIENT |
| ? expected_client_connection_id_length_ |
| : expected_server_connection_id_length_; |
| QuicVersionLabel version_label; |
| bool has_length_prefix; |
| std::string detailed_error; |
| QuicErrorCode parse_result = QuicFramer::ParsePublicHeader( |
| reader, expected_destination_connection_id_length, |
| version_.HasIetfInvariantHeader(), &header->type_byte, &header->form, |
| &header->version_flag, &has_length_prefix, &version_label, |
| &header->version, &header->destination_connection_id, |
| &header->source_connection_id, &header->long_packet_type, |
| &header->retry_token_length_length, &header->retry_token, |
| &detailed_error); |
| if (parse_result != QUIC_NO_ERROR) { |
| set_detailed_error(detailed_error); |
| return false; |
| } |
| header->destination_connection_id_included = CONNECTION_ID_PRESENT; |
| header->source_connection_id_included = |
| header->version_flag ? CONNECTION_ID_PRESENT : CONNECTION_ID_ABSENT; |
| |
| if (!ValidateReceivedConnectionIds(*header)) { |
| return false; |
| } |
| |
| if (header->version_flag && |
| header->long_packet_type != VERSION_NEGOTIATION && |
| !(header->type_byte & FLAGS_FIXED_BIT)) { |
| set_detailed_error("Fixed bit is 0 in long header."); |
| return false; |
| } |
| if (!header->version_flag && !(header->type_byte & FLAGS_FIXED_BIT)) { |
| set_detailed_error("Fixed bit is 0 in short header."); |
| return false; |
| } |
| if (!header->version_flag) { |
| if (!version_.HasHeaderProtection()) { |
| header->packet_number_length = |
| GetShortHeaderPacketNumberLength(header->type_byte); |
| } |
| return true; |
| } |
| if (header->long_packet_type == RETRY) { |
| if (!version().SupportsRetry()) { |
| set_detailed_error("RETRY not supported in this version."); |
| return false; |
| } |
| if (perspective_ == Perspective::IS_SERVER) { |
| set_detailed_error("Client-initiated RETRY is invalid."); |
| return false; |
| } |
| return true; |
| } |
| if (header->version.IsKnown() && !header->version.HasHeaderProtection()) { |
| header->packet_number_length = |
| GetLongHeaderPacketNumberLength(header->type_byte); |
| } |
| |
| return true; |
| } |
| |
| if (!ProcessIetfHeaderTypeByte(reader, header)) { |
| return false; |
| } |
| |
| uint8_t destination_connection_id_length = |
| header->destination_connection_id_included == CONNECTION_ID_PRESENT |
| ? (perspective_ == Perspective::IS_SERVER |
| ? expected_server_connection_id_length_ |
| : expected_client_connection_id_length_) |
| : 0; |
| uint8_t source_connection_id_length = |
| header->source_connection_id_included == CONNECTION_ID_PRESENT |
| ? (perspective_ == Perspective::IS_CLIENT |
| ? expected_server_connection_id_length_ |
| : expected_client_connection_id_length_) |
| : 0; |
| if (header->form == IETF_QUIC_LONG_HEADER_PACKET) { |
| if (!ProcessAndValidateIetfConnectionIdLength( |
| reader, header->version, perspective_, |
| /*should_update_expected_server_connection_id_length=*/false, |
| &expected_server_connection_id_length_, |
| &destination_connection_id_length, &source_connection_id_length, |
| &detailed_error_)) { |
| return false; |
| } |
| } |
| |
| // Read connection ID. |
| if (!reader->ReadConnectionId(&header->destination_connection_id, |
| destination_connection_id_length)) { |
| set_detailed_error("Unable to read destination connection ID."); |
| return false; |
| } |
| |
| if (!reader->ReadConnectionId(&header->source_connection_id, |
| source_connection_id_length)) { |
| set_detailed_error("Unable to read source connection ID."); |
| return false; |
| } |
| |
| if (header->source_connection_id_included == CONNECTION_ID_ABSENT) { |
| if (!header->source_connection_id.IsEmpty()) { |
| QUICHE_DCHECK(!version_.SupportsClientConnectionIds()); |
| set_detailed_error("Client connection ID not supported in this version."); |
| return false; |
| } |
| } |
| |
| return ValidateReceivedConnectionIds(*header); |
| } |
| |
| bool QuicFramer::ProcessAndCalculatePacketNumber( |
| QuicDataReader* reader, |
| QuicPacketNumberLength packet_number_length, |
| QuicPacketNumber base_packet_number, |
| uint64_t* packet_number) { |
| uint64_t wire_packet_number; |
| if (!reader->ReadBytesToUInt64(packet_number_length, &wire_packet_number)) { |
| return false; |
| } |
| |
| // TODO(ianswett): Explore the usefulness of trying multiple packet numbers |
| // in case the first guess is incorrect. |
| *packet_number = CalculatePacketNumberFromWire( |
| packet_number_length, base_packet_number, wire_packet_number); |
| return true; |
| } |
| |
| bool QuicFramer::ProcessFrameData(QuicDataReader* reader, |
| const QuicPacketHeader& header) { |
| QUICHE_DCHECK(!VersionHasIetfQuicFrames(version_.transport_version)) |
| << "IETF QUIC Framing negotiated but attempting to process frames as " |
| "non-IETF QUIC."; |
| if (reader->IsDoneReading()) { |
| set_detailed_error("Packet has no frames."); |
| return RaiseError(QUIC_MISSING_PAYLOAD); |
| } |
| QUIC_DVLOG(2) << ENDPOINT << "Processing packet with header " << header; |
| while (!reader->IsDoneReading()) { |
| uint8_t frame_type; |
| if (!reader->ReadBytes(&frame_type, 1)) { |
| set_detailed_error("Unable to read frame type."); |
| return RaiseError(QUIC_INVALID_FRAME_DATA); |
| } |
| const uint8_t special_mask = version_.HasIetfInvariantHeader() |
| ? kQuicFrameTypeSpecialMask |
| : kQuicFrameTypeBrokenMask; |
| if (frame_type & special_mask) { |
| // Stream Frame |
| if (frame_type & kQuicFrameTypeStreamMask) { |
| QuicStreamFrame frame; |
| if (!ProcessStreamFrame(reader, frame_type, &frame)) { |
| return RaiseError(QUIC_INVALID_STREAM_DATA); |
| } |
| QUIC_DVLOG(2) << ENDPOINT << "Processing stream frame " << frame; |
| if (!visitor_->OnStreamFrame(frame)) { |
| QUIC_DVLOG(1) << ENDPOINT |
| << "Visitor asked to stop further processing."; |
| // Returning true since there was no parsing error. |
| return true; |
| } |
| continue; |
| } |
| |
| // Ack Frame |
| if (frame_type & kQuicFrameTypeAckMask) { |
| if (!ProcessAckFrame(reader, frame_type)) { |
| return RaiseError(QUIC_INVALID_ACK_DATA); |
| } |
| QUIC_DVLOG(2) << ENDPOINT << "Processing ACK frame"; |
| continue; |
| } |
| |
| // This was a special frame type that did not match any |
| // of the known ones. Error. |
| set_detailed_error("Illegal frame type."); |
| QUIC_DLOG(WARNING) << ENDPOINT << "Illegal frame type: " |
| << static_cast<int>(frame_type); |
| return RaiseError(QUIC_INVALID_FRAME_DATA); |
| } |
| |
| switch (frame_type) { |
| case PADDING_FRAME: { |
| QuicPaddingFrame frame; |
| ProcessPaddingFrame(reader, &frame); |
| QUIC_DVLOG(2) << ENDPOINT << "Processing padding frame " << frame; |
| if (!visitor_->OnPaddingFrame(frame)) { |
| QUIC_DVLOG(1) << "Visitor asked to stop further processing."; |
| // Returning true since there was no parsing error. |
| return true; |
| } |
| continue; |
| } |
| |
| case RST_STREAM_FRAME: { |
| QuicRstStreamFrame frame; |
| if (!ProcessRstStreamFrame(reader, &frame)) { |
| return RaiseError(QUIC_INVALID_RST_STREAM_DATA); |
| } |
| QUIC_DVLOG(2) << ENDPOINT << "Processing reset stream frame " << frame; |
| if (!visitor_->OnRstStreamFrame(frame)) { |
| QUIC_DVLOG(1) << "Visitor asked to stop further processing."; |
| // Returning true since there was no parsing error. |
| return true; |
| } |
| continue; |
| } |
| |
| case CONNECTION_CLOSE_FRAME: { |
| QuicConnectionCloseFrame frame; |
| if (!ProcessConnectionCloseFrame(reader, &frame)) { |
| return RaiseError(QUIC_INVALID_CONNECTION_CLOSE_DATA); |
| } |
| |
| QUIC_DVLOG(2) << ENDPOINT << "Processing connection close frame " |
| << frame; |
| if (!visitor_->OnConnectionCloseFrame(frame)) { |
| QUIC_DVLOG(1) << ENDPOINT |
| << "Visitor asked to stop further processing."; |
| // Returning true since there was no parsing error. |
| return true; |
| } |
| continue; |
| } |
| |
| case GOAWAY_FRAME: { |
| QuicGoAwayFrame goaway_frame; |
| if (!ProcessGoAwayFrame(reader, &goaway_frame)) { |
| return RaiseError(QUIC_INVALID_GOAWAY_DATA); |
| } |
| QUIC_DVLOG(2) << ENDPOINT << "Processing go away frame " |
| << goaway_frame; |
| if (!visitor_->OnGoAwayFrame(goaway_frame)) { |
| QUIC_DVLOG(1) << ENDPOINT |
| << "Visitor asked to stop further processing."; |
| // Returning true since there was no parsing error. |
| return true; |
| } |
| continue; |
| } |
| |
| case WINDOW_UPDATE_FRAME: { |
| QuicWindowUpdateFrame window_update_frame; |
| if (!ProcessWindowUpdateFrame(reader, &window_update_frame)) { |
| return RaiseError(QUIC_INVALID_WINDOW_UPDATE_DATA); |
| } |
| QUIC_DVLOG(2) << ENDPOINT << "Processing window update frame " |
| << window_update_frame; |
| if (!visitor_->OnWindowUpdateFrame(window_update_frame)) { |
| QUIC_DVLOG(1) << ENDPOINT |
| << "Visitor asked to stop further processing."; |
| // Returning true since there was no parsing error. |
| return true; |
| } |
| continue; |
| } |
| |
| case BLOCKED_FRAME: { |
| QuicBlockedFrame blocked_frame; |
| if (!ProcessBlockedFrame(reader, &blocked_frame)) { |
| return RaiseError(QUIC_INVALID_BLOCKED_DATA); |
| } |
| QUIC_DVLOG(2) << ENDPOINT << "Processing blocked frame " |
| << blocked_frame; |
| if (!visitor_->OnBlockedFrame(blocked_frame)) { |
| QUIC_DVLOG(1) << ENDPOINT |
| << "Visitor asked to stop further processing."; |
| // Returning true since there was no parsing error. |
| return true; |
| } |
| continue; |
| } |
| |
| case STOP_WAITING_FRAME: { |
| QuicStopWaitingFrame stop_waiting_frame; |
| if (!ProcessStopWaitingFrame(reader, header, &stop_waiting_frame)) { |
| return RaiseError(QUIC_INVALID_STOP_WAITING_DATA); |
| } |
| QUIC_DVLOG(2) << ENDPOINT << "Processing stop waiting frame " |
| << stop_waiting_frame; |
| if (!visitor_->OnStopWaitingFrame(stop_waiting_frame)) { |
| QUIC_DVLOG(1) << ENDPOINT |
| << "Visitor asked to stop further processing."; |
| // Returning true since there was no parsing error. |
| return true; |
| } |
| continue; |
| } |
| case PING_FRAME: { |
| // Ping has no payload. |
| QuicPingFrame ping_frame; |
| if (!visitor_->OnPingFrame(ping_frame)) { |
| QUIC_DVLOG(1) << ENDPOINT |
| << "Visitor asked to stop further processing."; |
| // Returning true since there was no parsing error. |
| return true; |
| } |
| QUIC_DVLOG(2) << ENDPOINT << "Processing ping frame " << ping_frame; |
| continue; |
| } |
| case IETF_EXTENSION_MESSAGE_NO_LENGTH: |
| ABSL_FALLTHROUGH_INTENDED; |
| case IETF_EXTENSION_MESSAGE: { |
| QuicMessageFrame message_frame; |
| if (!ProcessMessageFrame(reader, |
| frame_type == IETF_EXTENSION_MESSAGE_NO_LENGTH, |
| &message_frame)) { |
| return RaiseError(QUIC_INVALID_MESSAGE_DATA); |
| } |
| QUIC_DVLOG(2) << ENDPOINT << "Processing message frame " |
| << message_frame; |
| if (!visitor_->OnMessageFrame(message_frame)) { |
| QUIC_DVLOG(1) << ENDPOINT |
| << "Visitor asked to stop further processing."; |
| // Returning true since there was no parsing error. |
| return true; |
| } |
| break; |
| } |
| case CRYPTO_FRAME: { |
| if (!QuicVersionUsesCryptoFrames(version_.transport_version)) { |
| set_detailed_error("Illegal frame type."); |
| return RaiseError(QUIC_INVALID_FRAME_DATA); |
| } |
| QuicCryptoFrame frame; |
| if (!ProcessCryptoFrame(reader, GetEncryptionLevel(header), &frame)) { |
| return RaiseError(QUIC_INVALID_FRAME_DATA); |
| } |
| QUIC_DVLOG(2) << ENDPOINT << "Processing crypto frame " << frame; |
| if (!visitor_->OnCryptoFrame(frame)) { |
| QUIC_DVLOG(1) << "Visitor asked to stop further processing."; |
| // Returning true since there was no parsing error. |
| return true; |
| } |
| break; |
| } |
| case HANDSHAKE_DONE_FRAME: { |
| // HANDSHAKE_DONE has no payload. |
| QuicHandshakeDoneFrame handshake_done_frame; |
| QUIC_DVLOG(2) << ENDPOINT << "Processing handshake done frame " |
| << handshake_done_frame; |
| if (!visitor_->OnHandshakeDoneFrame(handshake_done_frame)) { |
| QUIC_DVLOG(1) << ENDPOINT |
| << "Visitor asked to stop further processing."; |
| // Returning true since there was no parsing error. |
| return true; |
| } |
| break; |
| } |
| |
| default: |
| set_detailed_error("Illegal frame type."); |
| QUIC_DLOG(WARNING) << ENDPOINT << "Illegal frame type: " |
| << static_cast<int>(frame_type); |
| return RaiseError(QUIC_INVALID_FRAME_DATA); |
| } |
| } |
| |
| return true; |
| } |
| |
| // static |
| bool QuicFramer::IsIetfFrameTypeExpectedForEncryptionLevel( |
| uint64_t frame_type, |
| EncryptionLevel level) { |
| switch (level) { |
| case ENCRYPTION_INITIAL: |
| case ENCRYPTION_HANDSHAKE: |
| return frame_type == IETF_CRYPTO || frame_type == IETF_ACK || |
| frame_type == IETF_PING || frame_type == IETF_PADDING || |
| frame_type == IETF_CONNECTION_CLOSE; |
| case ENCRYPTION_ZERO_RTT: |
| return !(frame_type == IETF_ACK || frame_type == IETF_CRYPTO || |
| frame_type == IETF_HANDSHAKE_DONE || |
| frame_type == IETF_NEW_TOKEN || |
| frame_type == IETF_PATH_RESPONSE || |
| frame_type == IETF_RETIRE_CONNECTION_ID); |
| case ENCRYPTION_FORWARD_SECURE: |
| return true; |
| default: |
| QUIC_BUG(quic_bug_10850_57) << "Unknown encryption level: " << level; |
| } |
| return false; |
| } |
| |
| bool QuicFramer::ProcessIetfFrameData(QuicDataReader* reader, |
| const QuicPacketHeader& header, |
| EncryptionLevel decrypted_level) { |
| QUICHE_DCHECK(VersionHasIetfQuicFrames(version_.transport_version)) |
| << "Attempt to process frames as IETF frames but version (" |
| << version_.transport_version << ") does not support IETF Framing."; |
| |
| if (reader->IsDoneReading()) { |
| set_detailed_error("Packet has no frames."); |
| return RaiseError(QUIC_MISSING_PAYLOAD); |
| } |
| |
| QUIC_DVLOG(2) << ENDPOINT << "Processing IETF packet with header " << header; |
| while (!reader->IsDoneReading()) { |
| uint64_t frame_type; |
| // Will be the number of bytes into which frame_type was encoded. |
| size_t encoded_bytes = reader->BytesRemaining(); |
| if (!reader->ReadVarInt62(&frame_type)) { |
| set_detailed_error("Unable to read frame type."); |
| return RaiseError(QUIC_INVALID_FRAME_DATA); |
| } |
| if (!IsIetfFrameTypeExpectedForEncryptionLevel(frame_type, |
| decrypted_level)) { |
| set_detailed_error(absl::StrCat( |
| "IETF frame type ", |
| QuicIetfFrameTypeString(static_cast<QuicIetfFrameType>(frame_type)), |
| " is unexpected at encryption level ", |
| EncryptionLevelToString(decrypted_level))); |
| return RaiseError(IETF_QUIC_PROTOCOL_VIOLATION); |
| } |
| previously_received_frame_type_ = current_received_frame_type_; |
| current_received_frame_type_ = frame_type; |
| |
| // Is now the number of bytes into which the frame type was encoded. |
| encoded_bytes -= reader->BytesRemaining(); |
| |
| // Check that the frame type is minimally encoded. |
| if (encoded_bytes != |
| static_cast<size_t>(QuicDataWriter::GetVarInt62Len(frame_type))) { |
| // The frame type was not minimally encoded. |
| set_detailed_error("Frame type not minimally encoded."); |
| return RaiseError(IETF_QUIC_PROTOCOL_VIOLATION); |
| } |
| |
| if (IS_IETF_STREAM_FRAME(frame_type)) { |
| QuicStreamFrame frame; |
| if (!ProcessIetfStreamFrame(reader, frame_type, &frame)) { |
| return RaiseError(QUIC_INVALID_STREAM_DATA); |
| } |
| QUIC_DVLOG(2) << ENDPOINT << "Processing IETF stream frame " << frame; |
| if (!visitor_->OnStreamFrame(frame)) { |
| QUIC_DVLOG(1) << ENDPOINT |
| << "Visitor asked to stop further processing."; |
| // Returning true since there was no parsing error. |
| return true; |
| } |
| } else { |
| switch (frame_type) { |
| case IETF_PADDING: { |
| QuicPaddingFrame frame; |
| ProcessPaddingFrame(reader, &frame); |
| QUIC_DVLOG(2) << ENDPOINT << "Processing IETF padding frame " |
| << frame; |
| if (!visitor_->OnPaddingFrame(frame)) { |
| QUIC_DVLOG(1) << "Visitor asked to stop further processing."; |
| // Returning true since there was no parsing error. |
| return true; |
| } |
| break; |
| } |
| case IETF_RST_STREAM: { |
| QuicRstStreamFrame frame; |
| if (!ProcessIetfResetStreamFrame(reader, &frame)) { |
| return RaiseError(QUIC_INVALID_RST_STREAM_DATA); |
| } |
| QUIC_DVLOG(2) << ENDPOINT << "Processing IETF reset stream frame " |
| << frame; |
| if (!visitor_->OnRstStreamFrame(frame)) { |
| QUIC_DVLOG(1) << "Visitor asked to stop further processing."; |
| // Returning true since there was no parsing error. |
| return true; |
| } |
| break; |
| } |
| case IETF_APPLICATION_CLOSE: |
| case IETF_CONNECTION_CLOSE: { |
| QuicConnectionCloseFrame frame; |
| if (!ProcessIetfConnectionCloseFrame( |
| reader, |
| (frame_type == IETF_CONNECTION_CLOSE) |
| ? IETF_QUIC_TRANSPORT_CONNECTION_CLOSE |
| : IETF_QUIC_APPLICATION_CONNECTION_CLOSE, |
| &frame)) { |
| return RaiseError(QUIC_INVALID_CONNECTION_CLOSE_DATA); |
| } |
| QUIC_DVLOG(2) << ENDPOINT << "Processing IETF connection close frame " |
| << frame; |
| if (!visitor_->OnConnectionCloseFrame(frame)) { |
| QUIC_DVLOG(1) << "Visitor asked to stop further processing."; |
| // Returning true since there was no parsing error. |
| return true; |
| } |
| break; |
| } |
| case IETF_MAX_DATA: { |
| QuicWindowUpdateFrame frame; |
| if (!ProcessMaxDataFrame(reader, &frame)) { |
| return RaiseError(QUIC_INVALID_MAX_DATA_FRAME_DATA); |
| } |
| QUIC_DVLOG(2) << ENDPOINT << "Processing IETF max data frame " |
| << frame; |
| if (!visitor_->OnWindowUpdateFrame(frame)) { |
| QUIC_DVLOG(1) << "Visitor asked to stop further processing."; |
| // Returning true since there was no parsing error. |
| return true; |
| } |
| break; |
| } |
| case IETF_MAX_STREAM_DATA: { |
| QuicWindowUpdateFrame frame; |
| if (!ProcessMaxStreamDataFrame(reader, &frame)) { |
| return RaiseError(QUIC_INVALID_MAX_STREAM_DATA_FRAME_DATA); |
| } |
| QUIC_DVLOG(2) << ENDPOINT << "Processing IETF max stream data frame " |
| << frame; |
| if (!visitor_->OnWindowUpdateFrame(frame)) { |
| QUIC_DVLOG(1) << "Visitor asked to stop further processing."; |
| // Returning true since there was no parsing error. |
| return true; |
| } |
| break; |
| } |
| case IETF_MAX_STREAMS_BIDIRECTIONAL: |
| case IETF_MAX_STREAMS_UNIDIRECTIONAL: { |
| QuicMaxStreamsFrame frame; |
| if (!ProcessMaxStreamsFrame(reader, &frame, frame_type)) { |
| return RaiseError(QUIC_MAX_STREAMS_DATA); |
| } |
| QUIC_CODE_COUNT_N(quic_max_streams_received, 1, 2); |
| QUIC_DVLOG(2) << ENDPOINT << "Processing IETF max streams frame " |
| << frame; |
| if (!visitor_->OnMaxStreamsFrame(frame)) { |
| QUIC_DVLOG(1) << "Visitor asked to stop further processing."; |
| // Returning true since there was no parsing error. |
| return true; |
| } |
| break; |
| } |
| case IETF_PING: { |
| // Ping has no payload. |
| QuicPingFrame ping_frame; |
| QUIC_DVLOG(2) << ENDPOINT << "Processing IETF ping frame " |
| << ping_frame; |
| if (!visitor_->OnPingFrame(ping_frame)) { |
| QUIC_DVLOG(1) << "Visitor asked to stop further processing."; |
| // Returning true since there was no parsing error. |
| return true; |
| } |
| break; |
| } |
| case IETF_DATA_BLOCKED: { |
| QuicBlockedFrame frame; |
| if (!ProcessDataBlockedFrame(reader, &frame)) { |
| return RaiseError(QUIC_INVALID_BLOCKED_DATA); |
| } |
| QUIC_DVLOG(2) << ENDPOINT << "Processing IETF blocked frame " |
| << frame; |
| if (!visitor_->OnBlockedFrame(frame)) { |
| QUIC_DVLOG(1) << "Visitor asked to stop further processing."; |
| // Returning true since there was no parsing error. |
| return true; |
| } |
| break; |
| } |
| case IETF_STREAM_DATA_BLOCKED: { |
| QuicBlockedFrame frame; |
| if (!ProcessStreamDataBlockedFrame(reader, &frame)) { |
| return RaiseError(QUIC_INVALID_STREAM_BLOCKED_DATA); |
| } |
| QUIC_DVLOG(2) << ENDPOINT << "Processing IETF stream blocked frame " |
| << frame; |
| if (!visitor_->OnBlockedFrame(frame)) { |
| QUIC_DVLOG(1) << "Visitor asked to stop further processing."; |
| // Returning true since there was no parsing error. |
| return true; |
| } |
| break; |
| } |
| case IETF_STREAMS_BLOCKED_UNIDIRECTIONAL: |
| case IETF_STREAMS_BLOCKED_BIDIRECTIONAL: { |
| QuicStreamsBlockedFrame frame; |
| if (!ProcessStreamsBlockedFrame(reader, &frame, frame_type)) { |
| return RaiseError(QUIC_STREAMS_BLOCKED_DATA); |
| } |
| QUIC_DVLOG(2) << ENDPOINT << "Processing IETF streams blocked frame " |
| << frame; |
| if (!visitor_->OnStreamsBlockedFrame(frame)) { |
| QUIC_DVLOG(1) << "Visitor asked to stop further processing."; |
| // Returning true since there was no parsing error. |
| return true; |
| } |
| break; |
| } |
| case IETF_NEW_CONNECTION_ID: { |
| QuicNewConnectionIdFrame frame; |
| if (!ProcessNewConnectionIdFrame(reader, &frame)) { |
| return RaiseError(QUIC_INVALID_NEW_CONNECTION_ID_DATA); |
| } |
| QUIC_DVLOG(2) << ENDPOINT |
| << "Processing IETF new connection ID frame " << frame; |
| if (!visitor_->OnNewConnectionIdFrame(frame)) { |
| QUIC_DVLOG(1) << "Visitor asked to stop further processing."; |
| // Returning true since there was no parsing error. |
| return true; |
| } |
| break; |
| } |
| case IETF_RETIRE_CONNECTION_ID: { |
| QuicRetireConnectionIdFrame frame; |
| if (!ProcessRetireConnectionIdFrame(reader, &frame)) { |
| return RaiseError(QUIC_INVALID_RETIRE_CONNECTION_ID_DATA); |
| } |
| QUIC_DVLOG(2) << ENDPOINT |
| << "Processing IETF retire connection ID frame " |
| << frame; |
| if (!visitor_->OnRetireConnectionIdFrame(frame)) { |
| QUIC_DVLOG(1) << "Visitor asked to stop further processing."; |
| // Returning true since there was no parsing error. |
| return true; |
| } |
| break; |
| } |
| case IETF_NEW_TOKEN: { |
| QuicNewTokenFrame frame; |
| if (!ProcessNewTokenFrame(reader, &frame)) { |
| return RaiseError(QUIC_INVALID_NEW_TOKEN); |
| } |
| QUIC_DVLOG(2) << ENDPOINT << "Processing IETF new token frame " |
| << frame; |
| if (!visitor_->OnNewTokenFrame(frame)) { |
| QUIC_DVLOG(1) << "Visitor asked to stop further processing."; |
| // Returning true since there was no parsing error. |
| return true; |
| } |
| break; |
| } |
| case IETF_STOP_SENDING: { |
| QuicStopSendingFrame frame; |
| if (!ProcessStopSendingFrame(reader, &frame)) { |
| return RaiseError(QUIC_INVALID_STOP_SENDING_FRAME_DATA); |
| } |
| QUIC_DVLOG(2) << ENDPOINT << "Processing IETF stop sending frame " |
| << frame; |
| if (!visitor_->OnStopSendingFrame(frame)) { |
| QUIC_DVLOG(1) << "Visitor asked to stop further processing."; |
| // Returning true since there was no parsing error. |
| return true; |
| } |
| break; |
| } |
| case IETF_ACK_ECN: |
| case IETF_ACK: { |
| QuicAckFrame frame; |
| if (!ProcessIetfAckFrame(reader, frame_type, &frame)) { |
| return RaiseError(QUIC_INVALID_ACK_DATA); |
| } |
| QUIC_DVLOG(2) << ENDPOINT << "Processing IETF ACK frame " << frame; |
| break; |
| } |
| case IETF_PATH_CHALLENGE: { |
| QuicPathChallengeFrame frame; |
| if (!ProcessPathChallengeFrame(reader, &frame)) { |
| return RaiseError(QUIC_INVALID_PATH_CHALLENGE_DATA); |
| } |
| QUIC_DVLOG(2) << ENDPOINT << "Processing IETF path challenge frame " |
| << frame; |
| if (!visitor_->OnPathChallengeFrame(frame)) { |
| QUIC_DVLOG(1) << "Visitor asked to stop further processing."; |
| // Returning true since there was no parsing error. |
| return true; |
| } |
| break; |
| } |
| case IETF_PATH_RESPONSE: { |
| QuicPathResponseFrame frame; |
| if (!ProcessPathResponseFrame(reader, &frame)) { |
| return RaiseError(QUIC_INVALID_PATH_RESPONSE_DATA); |
| } |
| QUIC_DVLOG(2) << ENDPOINT << "Processing IETF path response frame " |
| << frame; |
| if (!visitor_->OnPathResponseFrame(frame)) { |
| QUIC_DVLOG(1) << "Visitor asked to stop further processing."; |
| // Returning true since there was no parsing error. |
| return true; |
| } |
| break; |
| } |
| case IETF_EXTENSION_MESSAGE_NO_LENGTH_V99: |
| ABSL_FALLTHROUGH_INTENDED; |
| case IETF_EXTENSION_MESSAGE_V99: { |
| QuicMessageFrame message_frame; |
| if (!ProcessMessageFrame( |
| reader, frame_type == IETF_EXTENSION_MESSAGE_NO_LENGTH_V99, |
| &message_frame)) { |
| return RaiseError(QUIC_INVALID_MESSAGE_DATA); |
| } |
| QUIC_DVLOG(2) << ENDPOINT << "Processing IETF message frame " |
| << message_frame; |
| if (!visitor_->OnMessageFrame(message_frame)) { |
| QUIC_DVLOG(1) << ENDPOINT |
| << "Visitor asked to stop further processing."; |
| // Returning true since there was no parsing error. |
| return true; |
| } |
| break; |
| } |
| case IETF_CRYPTO: { |
| QuicCryptoFrame frame; |
| if (!ProcessCryptoFrame(reader, GetEncryptionLevel(header), &frame)) { |
| return RaiseError(QUIC_INVALID_FRAME_DATA); |
| } |
| QUIC_DVLOG(2) << ENDPOINT << "Processing IETF crypto frame " << frame; |
| if (!visitor_->OnCryptoFrame(frame)) { |
| QUIC_DVLOG(1) << "Visitor asked to stop further processing."; |
| // Returning true since there was no parsing error. |
| return true; |
| } |
| break; |
| } |
| case IETF_HANDSHAKE_DONE: { |
| // HANDSHAKE_DONE has no payload. |
| QuicHandshakeDoneFrame handshake_done_frame; |
| if (!visitor_->OnHandshakeDoneFrame(handshake_done_frame)) { |
| QUIC_DVLOG(1) << ENDPOINT |
| << "Visitor asked to stop further processing."; |
| // Returning true since there was no parsing error. |
| return true; |
| } |
| QUIC_DVLOG(2) << ENDPOINT << "Processing handshake done frame " |
| << handshake_done_frame; |
| break; |
| } |
| case IETF_ACK_FREQUENCY: { |
| QuicAckFrequencyFrame frame; |
| if (!ProcessAckFrequencyFrame(reader, &frame)) { |
| return RaiseError(QUIC_INVALID_FRAME_DATA); |
| } |
| QUIC_DVLOG(2) << ENDPOINT << "Processing IETF ack frequency frame " |
| << frame; |
| if (!visitor_->OnAckFrequencyFrame(frame)) { |
| QUIC_DVLOG(1) << "Visitor asked to stop further processing."; |
| // Returning true since there was no parsing error. |
| return true; |
| } |
| break; |
| } |
| default: |
| set_detailed_error("Illegal frame type."); |
| QUIC_DLOG(WARNING) |
| << ENDPOINT |
| << "Illegal frame type: " << static_cast<int>(frame_type); |
| return RaiseError(QUIC_INVALID_FRAME_DATA); |
| } |
| } |
| } |
| return true; |
| } |
| |
| namespace { |
| // Create a mask that sets the last |num_bits| to 1 and the rest to 0. |
| inline uint8_t GetMaskFromNumBits(uint8_t num_bits) { |
| return (1u << num_bits) - 1; |
| } |
| |
| // Extract |num_bits| from |flags| offset by |offset|. |
| uint8_t ExtractBits(uint8_t flags, uint8_t num_bits, uint8_t offset) { |
| return (flags >> offset) & GetMaskFromNumBits(num_bits); |
| } |
| |
| // Extract the bit at position |offset| from |flags| as a bool. |
| bool ExtractBit(uint8_t flags, uint8_t offset) { |
| return ((flags >> offset) & GetMaskFromNumBits(1)) != 0; |
| } |
| |
| // Set |num_bits|, offset by |offset| to |val| in |flags|. |
| void SetBits(uint8_t* flags, uint8_t val, uint8_t num_bits, uint8_t offset) { |
| QUICHE_DCHECK_LE(val, GetMaskFromNumBits(num_bits)); |
| *flags |= val << offset; |
| } |
| |
| // Set the bit at position |offset| to |val| in |flags|. |
| void SetBit(uint8_t* flags, bool val, uint8_t offset) { |
| SetBits(flags, val ? 1 : 0, 1, offset); |
| } |
| } // namespace |
| |
| bool QuicFramer::ProcessStreamFrame(QuicDataReader* reader, |
| uint8_t frame_type, |
| QuicStreamFrame* frame) { |
| uint8_t stream_flags = frame_type; |
| |
| uint8_t stream_id_length = 0; |
| uint8_t offset_length = 4; |
| bool has_data_length = true; |
| stream_flags &= ~kQuicFrameTypeStreamMask; |
| |
| // Read from right to left: StreamID, Offset, Data Length, Fin. |
| stream_id_length = (stream_flags & kQuicStreamIDLengthMask) + 1; |
| stream_flags >>= kQuicStreamIdShift; |
| |
| offset_length = (stream_flags & kQuicStreamOffsetMask); |
| // There is no encoding for 1 byte, only 0 and 2 through 8. |
| if (offset_length > 0) { |
| offset_length += 1; |
| } |
| stream_flags >>= kQuicStreamShift; |
| |
| has_data_length = |
| (stream_flags & kQuicStreamDataLengthMask) == kQuicStreamDataLengthMask; |
| stream_flags >>= kQuicStreamDataLengthShift; |
| |
| frame->fin = (stream_flags & kQuicStreamFinMask) == kQuicStreamFinShift; |
| |
| uint64_t stream_id; |
| if (!reader->ReadBytesToUInt64(stream_id_length, &stream_id)) { |
| set_detailed_error("Unable to read stream_id."); |
| return false; |
| } |
| frame->stream_id = static_cast<QuicStreamId>(stream_id); |
| |
| if (!reader->ReadBytesToUInt64(offset_length, &frame->offset)) { |
| set_detailed_error("Unable to read offset."); |
| return false; |
| } |
| |
| // TODO(ianswett): Don't use absl::string_view as an intermediary. |
| absl::string_view data; |
| if (has_data_length) { |
| if (!reader->ReadStringPiece16(&data)) { |
| set_detailed_error("Unable to read frame data."); |
| return false; |
| } |
| } else { |
| if (!reader->ReadStringPiece(&data, reader->BytesRemaining())) { |
| set_detailed_error("Unable to read frame data."); |
| return false; |
| } |
| } |
| frame->data_buffer = data.data(); |
| frame->data_length = static_cast<uint16_t>(data.length()); |
| |
| return true; |
| } |
| |
| bool QuicFramer::ProcessIetfStreamFrame(QuicDataReader* reader, |
| uint8_t frame_type, |
| QuicStreamFrame* frame) { |
| // Read stream id from the frame. It's always present. |
| if (!ReadUint32FromVarint62(reader, IETF_STREAM, &frame->stream_id)) { |
| return false; |
| } |
| |
| // If we have a data offset, read it. If not, set to 0. |
| if (frame_type & IETF_STREAM_FRAME_OFF_BIT) { |
| if (!reader->ReadVarInt62(&frame->offset)) { |
| set_detailed_error("Unable to read stream data offset."); |
| return false; |
| } |
| } else { |
| // no offset in the frame, ensure it's 0 in the Frame. |
| frame->offset = 0; |
| } |
| |
| // If we have a data length, read it. If not, set to 0. |
| if (frame_type & IETF_STREAM_FRAME_LEN_BIT) { |
| uint64_t length; |
| if (!reader->ReadVarInt62(&length)) { |
| set_detailed_error("Unable to read stream data length."); |
| return false; |
| } |
| if (length > std::numeric_limits<decltype(frame->data_length)>::max()) { |
| set_detailed_error("Stream data length is too large."); |
| return false; |
| } |
| frame->data_length = length; |
| } else { |
| // no length in the frame, it is the number of bytes remaining in the |
| // packet. |
| frame->data_length = reader->BytesRemaining(); |
| } |
| |
| if (frame_type & IETF_STREAM_FRAME_FIN_BIT) { |
| frame->fin = true; |
| } else { |
| frame->fin = false; |
| } |
| |
| // TODO(ianswett): Don't use absl::string_view as an intermediary. |
| absl::string_view data; |
| if (!reader->ReadStringPiece(&data, frame->data_length)) { |
| set_detailed_error("Unable to read frame data."); |
| return false; |
| } |
| frame->data_buffer = data.data(); |
| QUICHE_DCHECK_EQ(frame->data_length, data.length()); |
| |
| return true; |
| } |
| |
| bool QuicFramer::ProcessCryptoFrame(QuicDataReader* reader, |
| EncryptionLevel encryption_level, |
| QuicCryptoFrame* frame) { |
| frame->level = encryption_level; |
| if (!reader->ReadVarInt62(&frame->offset)) { |
| set_detailed_error("Unable to read crypto data offset."); |
| return false; |
| } |
| uint64_t len; |
| if (!reader->ReadVarInt62(&len) || |
| len > std::numeric_limits<QuicPacketLength>::max()) { |
| set_detailed_error("Invalid data length."); |
| return false; |
| } |
| frame->data_length = len; |
| |
| // TODO(ianswett): Don't use absl::string_view as an intermediary. |
| absl::string_view data; |
| if (!reader->ReadStringPiece(&data, frame->data_length)) { |
| set_detailed_error("Unable to read frame data."); |
| return false; |
| } |
| frame->data_buffer = data.data(); |
| return true; |
| } |
| |
| bool QuicFramer::ProcessAckFrequencyFrame(QuicDataReader* reader, |
| QuicAckFrequencyFrame* frame) { |
| if (!reader->ReadVarInt62(&frame->sequence_number)) { |
| set_detailed_error("Unable to read sequence number."); |
| return false; |
| } |
| |
| if (!reader->ReadVarInt62(&frame->packet_tolerance)) { |
| set_detailed_error("Unable to read packet tolerance."); |
| return false; |
| } |
| if (frame->packet_tolerance == 0) { |
| set_detailed_error("Invalid packet tolerance."); |
| return false; |
| } |
| uint64_t max_ack_delay_us; |
| if (!reader->ReadVarInt62(&max_ack_delay_us)) { |
| set_detailed_error("Unable to read max_ack_delay_us."); |
| return false; |
| } |
| constexpr uint64_t kMaxAckDelayUsBound = 1u << 24; |
| if (max_ack_delay_us > kMaxAckDelayUsBound) { |
| set_detailed_error("Invalid max_ack_delay_us."); |
| return false; |
| } |
| frame->max_ack_delay = QuicTime::Delta::FromMicroseconds(max_ack_delay_us); |
| |
| uint8_t ignore_order; |
| if (!reader->ReadUInt8(&ignore_order)) { |
| set_detailed_error("Unable to read ignore_order."); |
| return false; |
| } |
| if (ignore_order > 1) { |
| set_detailed_error("Invalid ignore_order."); |
| return false; |
| } |
| frame->ignore_order = ignore_order; |
| |
| return true; |
| } |
| |
| bool QuicFramer::ProcessAckFrame(QuicDataReader* reader, uint8_t frame_type) { |
| const bool has_ack_blocks = |
| ExtractBit(frame_type, kQuicHasMultipleAckBlocksOffset); |
| uint8_t num_ack_blocks = 0; |
| uint8_t num_received_packets = 0; |
| |
| // Determine the two lengths from the frame type: largest acked length, |
| // ack block length. |
| const QuicPacketNumberLength ack_block_length = ReadAckPacketNumberLength( |
| ExtractBits(frame_type, kQuicSequenceNumberLengthNumBits, |
| kActBlockLengthOffset)); |
| const QuicPacketNumberLength largest_acked_length = ReadAckPacketNumberLength( |
| ExtractBits(frame_type, kQuicSequenceNumberLengthNumBits, |
| kLargestAckedOffset)); |
| |
| uint64_t largest_acked; |
| if (!reader->ReadBytesToUInt64(largest_acked_length, &largest_acked)) { |
| set_detailed_error("Unable to read largest acked."); |
| return false; |
| } |
| |
| if (largest_acked < first_sending_packet_number_.ToUint64()) { |
| // Connection always sends packet starting from kFirstSendingPacketNumber > |
| // 0, peer has observed an unsent packet. |
| set_detailed_error("Largest acked is 0."); |
| return false; |
| } |
| |
| uint64_t ack_delay_time_us; |
| if (!reader->ReadUFloat16(&ack_delay_time_us)) { |
| set_detailed_error("Unable to read ack delay time."); |
| return false; |
| } |
| |
| if (!visitor_->OnAckFrameStart( |
| QuicPacketNumber(largest_acked), |
| ack_delay_time_us == kUFloat16MaxValue |
| ? QuicTime::Delta::Infinite() |
| : QuicTime::Delta::FromMicroseconds(ack_delay_time_us))) { |
| // The visitor suppresses further processing of the packet. Although this is |
| // not a parsing error, returns false as this is in middle of processing an |
| // ack frame, |
| set_detailed_error("Visitor suppresses further processing of ack frame."); |
| return false; |
| } |
| |
| if (has_ack_blocks && !reader->ReadUInt8(&num_ack_blocks)) { |
| set_detailed_error("Unable to read num of ack blocks."); |
| return false; |
| } |
| |
| uint64_t first_block_length; |
| if (!reader->ReadBytesToUInt64(ack_block_length, &first_block_length)) { |
| set_detailed_error("Unable to read first ack block length."); |
| return false; |
| } |
| |
| if (first_block_length == 0) { |
| set_detailed_error("First block length is zero."); |
| return false; |
| } |
| bool first_ack_block_underflow = first_block_length > largest_acked + 1; |
| if (first_block_length + first_sending_packet_number_.ToUint64() > |
| largest_acked + 1) { |
| first_ack_block_underflow = true; |
| } |
| if (first_ack_block_underflow) { |
| set_detailed_error(absl::StrCat("Underflow with first ack block length ", |
| first_block_length, " largest acked is ", |
| largest_acked, ".") |
| .c_str()); |
| return false; |
| } |
| |
| uint64_t first_received = largest_acked + 1 - first_block_length; |
| if (!visitor_->OnAckRange(QuicPacketNumber(first_received), |
| QuicPacketNumber(largest_acked + 1))) { |
| // The visitor suppresses further processing of the packet. Although |
| // this is not a parsing error, returns false as this is in middle |
| // of processing an ack frame, |
| set_detailed_error("Visitor suppresses further processing of ack frame."); |
| return false; |
| } |
| |
| if (num_ack_blocks > 0) { |
| for (size_t i = 0; i < num_ack_blocks; ++i) { |
| uint8_t gap = 0; |
| if (!reader->ReadUInt8(&gap)) { |
| set_detailed_error("Unable to read gap to next ack block."); |
| return false; |
| } |
| uint64_t current_block_length; |
| if (!reader->ReadBytesToUInt64(ack_block_length, ¤t_block_length)) { |
| set_detailed_error("Unable to ack block length."); |
| return false; |
| } |
| bool ack_block_underflow = first_received < gap + current_block_length; |
| if (first_received < gap + current_block_length + |
| first_sending_packet_number_.ToUint64()) { |
| ack_block_underflow = true; |
| } |
| if (ack_block_underflow) { |
| set_detailed_error(absl::StrCat("Underflow with ack block length ", |
| current_block_length, |
| ", end of block is ", |
| first_received - gap, ".") |
| .c_str()); |
| return false; |
| } |
| |
| first_received -= (gap + current_block_length); |
| if (current_block_length > 0) { |
| if (!visitor_->OnAckRange( |
| QuicPacketNumber(first_received), |
| QuicPacketNumber(first_received) + current_block_length)) { |
| // The visitor suppresses further processing of the packet. Although |
| // this is not a parsing error, returns false as this is in middle |
| // of processing an ack frame, |
| set_detailed_error( |
| "Visitor suppresses further processing of ack frame."); |
| return false; |
| } |
| } |
| } |
| } |
| |
| if (!reader->ReadUInt8(&num_received_packets)) { |
| set_detailed_error("Unable to read num received packets."); |
| return false; |
| } |
| |
| if (!ProcessTimestampsInAckFrame(num_received_packets, |
| QuicPacketNumber(largest_acked), reader)) { |
| return false; |
| } |
| |
| // Done processing the ACK frame. |
| if (!visitor_->OnAckFrameEnd(QuicPacketNumber(first_received))) { |
| set_detailed_error( |
| "Error occurs when visitor finishes processing the ACK frame."); |
| return false; |
| } |
| |
| return true; |
| } |
| |
| bool QuicFramer::ProcessTimestampsInAckFrame(uint8_t num_received_packets, |
| QuicPacketNumber largest_acked, |
| QuicDataReader* reader) { |
| if (num_received_packets == 0) { |
| return true; |
| } |
| uint8_t delta_from_largest_observed; |
| if (!reader->ReadUInt8(&delta_from_largest_observed)) { |
| set_detailed_error("Unable to read sequence delta in received packets."); |
| return false; |
| } |
| |
| if (largest_acked.ToUint64() <= delta_from_largest_observed) { |
| set_detailed_error( |
| absl::StrCat("delta_from_largest_observed too high: ", |
| delta_from_largest_observed, |
| ", largest_acked: ", largest_acked.ToUint64()) |
| .c_str()); |
| return false; |
| } |
| |
| // Time delta from the framer creation. |
| uint32_t time_delta_us; |
| if (!reader->ReadUInt32(&time_delta_us)) { |
| set_detailed_error("Unable to read time delta in received packets."); |
| return false; |
| } |
| |
| QuicPacketNumber seq_num = largest_acked - delta_from_largest_observed; |
| if (process_timestamps_) { |
| last_timestamp_ = CalculateTimestampFromWire(time_delta_us); |
| |
| visitor_->OnAckTimestamp(seq_num, creation_time_ + last_timestamp_); |
| } |
| |
| for (uint8_t i = 1; i < num_received_packets; ++i) { |
| if (!reader->ReadUInt8(&delta_from_largest_observed)) { |
| set_detailed_error("Unable to read sequence delta in received packets."); |
| return false; |
| } |
| if (largest_acked.ToUint64() <= delta_from_largest_observed) { |
| set_detailed_error( |
| absl::StrCat("delta_from_largest_observed too high: ", |
| delta_from_largest_observed, |
| ", largest_acked: ", largest_acked.ToUint64()) |
| .c_str()); |
| return false; |
| } |
| seq_num = largest_acked - delta_from_largest_observed; |
| |
| // Time delta from the previous timestamp. |
| uint64_t incremental_time_delta_us; |
| if (!reader->ReadUFloat16(&incremental_time_delta_us)) { |
| set_detailed_error( |
| "Unable to read incremental time delta in received packets."); |
| return false; |
| } |
| |
| if (process_timestamps_) { |
| last_timestamp_ = last_timestamp_ + QuicTime::Delta::FromMicroseconds( |
| incremental_time_delta_us); |
| visitor_->OnAckTimestamp(seq_num, creation_time_ + last_timestamp_); |
| } |
| } |
| return true; |
| } |
| |
| bool QuicFramer::ProcessIetfAckFrame(QuicDataReader* reader, |
| uint64_t frame_type, |
| QuicAckFrame* ack_frame) { |
| uint64_t largest_acked; |
| if (!reader->ReadVarInt62(&largest_acked)) { |
| set_detailed_error("Unable to read largest acked."); |
| return false; |
| } |
| if (largest_acked < first_sending_packet_number_.ToUint64()) { |
| // Connection always sends packet starting from kFirstSendingPacketNumber > |
| // 0, peer has observed an unsent packet. |
| set_detailed_error("Largest acked is 0."); |
| return false; |
| } |
| ack_frame->largest_acked = static_cast<QuicPacketNumber>(largest_acked); |
| uint64_t ack_delay_time_in_us; |
| if (!reader->ReadVarInt62(&ack_delay_time_in_us)) { |
| set_detailed_error("Unable to read ack delay time."); |
| return false; |
| } |
| |
| if (ack_delay_time_in_us >= (kVarInt62MaxValue >> peer_ack_delay_exponent_)) { |
| ack_frame->ack_delay_time = QuicTime::Delta::Infinite(); |
| } else { |
| ack_delay_time_in_us = (ack_delay_time_in_us << peer_ack_delay_exponent_); |
| ack_frame->ack_delay_time = |
| QuicTime::Delta::FromMicroseconds(ack_delay_time_in_us); |
| } |
| if (!visitor_->OnAckFrameStart(QuicPacketNumber(largest_acked), |
| ack_frame->ack_delay_time)) { |
| // The visitor suppresses further processing of the packet. Although this is |
| // not a parsing error, returns false as this is in middle of processing an |
| // ACK frame. |
| set_detailed_error("Visitor suppresses further processing of ACK frame."); |
| return false; |
| } |
| |
| // Get number of ACK blocks from the packet. |
| uint64_t ack_block_count; |
| if (!reader->ReadVarInt62(&ack_block_count)) { |
| set_detailed_error("Unable to read ack block count."); |
| return false; |
| } |
| // There always is a first ACK block, which is the (number of packets being |
| // acked)-1, up to and including the packet at largest_acked. Therefore if the |
| // value is 0, then only largest is acked. If it is 1, then largest-1, |
| // largest] are acked, etc |
| uint64_t ack_block_value; |
| if (!reader->ReadVarInt62(&ack_block_value)) { |
| set_detailed_error("Unable to read first ack block length."); |
| return false; |
| } |
| // Calculate the packets being acked in the first block. |
| // +1 because AddRange implementation requires [low,high) |
| uint64_t block_high = largest_acked + 1; |
| uint64_t block_low = largest_acked - ack_block_value; |
| |
| // ack_block_value is the number of packets preceding the |
| // largest_acked packet which are in the block being acked. Thus, |
| // its maximum value is largest_acked-1. Test this, reporting an |
| // error if the value is wrong. |
| if (ack_block_value + first_sending_packet_number_.ToUint64() > |
| largest_acked) { |
| set_detailed_error(absl::StrCat("Underflow with first ack block length ", |
| ack_block_value + 1, " largest acked is ", |
| largest_acked, ".") |
| .c_str()); |
| return false; |
| } |
| |
| if (!visitor_->OnAckRange(QuicPacketNumber(block_low), |
| QuicPacketNumber(block_high))) { |
| // The visitor suppresses further processing of the packet. Although |
| // this is not a parsing error, returns false as this is in middle |
| // of processing an ACK frame. |
| set_detailed_error("Visitor suppresses further processing of ACK frame."); |
| return false; |
| } |
| |
| while (ack_block_count != 0) { |
| uint64_t gap_block_value; |
| // Get the sizes of the gap and ack blocks, |
| if (!reader->ReadVarInt62(&gap_block_value)) { |
| set_detailed_error("Unable to read gap block value."); |
| return false; |
| } |
| // It's an error if the gap is larger than the space from packet |
| // number 0 to the start of the block that's just been acked, PLUS |
| // there must be space for at least 1 packet to be acked. For |
| // example, if block_low is 10 and gap_block_value is 9, it means |
| // the gap block is 10 packets long, leaving no room for a packet |
| // to be acked. Thus, gap_block_value+2 can not be larger than |
| // block_low. |
| // The test is written this way to detect wrap-arounds. |
| if ((gap_block_value + 2) > block_low) { |
| set_detailed_error( |
| absl::StrCat("Underflow with gap block length ", gap_block_value + 1, |
| " previous ack block start is ", block_low, ".") |
| .c_str()); |
| return false; |
| } |
| |
| // Adjust block_high to be the top of the next ack block. |
| // There is a gap of |gap_block_value| packets between the bottom |
| // of ack block N and top of block N+1. Note that gap_block_value |
| // is he size of the gap minus 1 (per the QUIC protocol), and |
| // block_high is the packet number of the first packet of the gap |
| // (per the implementation of OnAckRange/AddAckRange, below). |
| block_high = block_low - 1 - gap_block_value; |
| |
| if (!reader->ReadVarInt62(&ack_block_value)) { |
| set_detailed_error("Unable to read ack block value."); |
| return false; |
| } |
| if (ack_block_value + first_sending_packet_number_.ToUint64() > |
| (block_high - 1)) { |
| set_detailed_error( |
| absl::StrCat("Underflow with ack block length ", ack_block_value + 1, |
| " latest ack block end is ", block_high - 1, ".") |
| .c_str()); |
| return false; |
| } |
| // Calculate the low end of the new nth ack block. The +1 is |
| // because the encoded value is the blocksize-1. |
| block_low = block_high - 1 - ack_block_value; |
| if (!visitor_->OnAckRange(QuicPacketNumber(block_low), |
| QuicPacketNumber(block_high))) { |
| // The visitor suppresses further processing of the packet. Although |
| // this is not a parsing error, returns false as this is in middle |
| // of processing an ACK frame. |
| set_detailed_error("Visitor suppresses further processing of ACK frame."); |
| return false; |
| } |
| |
| // Another one done. |
| ack_block_count--; |
| } |
| |
| if (frame_type == IETF_ACK_ECN) { |
| ack_frame->ecn_counters_populated = true; |
| if (!reader->ReadVarInt62(&ack_frame->ect_0_count)) { |
| set_detailed_error("Unable to read ack ect_0_count."); |
| return false; |
| } |
| if (!reader->ReadVarInt62(&ack_frame->ect_1_count)) { |
| set_detailed_error("Unable to read ack ect_1_count."); |
| return false; |
| } |
| if (!reader->ReadVarInt62(&ack_frame->ecn_ce_count)) { |
| set_detailed_error("Unable to read ack ecn_ce_count."); |
| return false; |
| } |
| } else { |
| ack_frame->ecn_counters_populated = false; |
| ack_frame->ect_0_count = 0; |
| ack_frame->ect_1_count = 0; |
| ack_frame->ecn_ce_count = 0; |
| } |
| // TODO(fayang): Report ECN counts to visitor when they are actually used. |
| if (!visitor_->OnAckFrameEnd(QuicPacketNumber(block_low))) { |
| set_detailed_error( |
| "Error occurs when visitor finishes processing the ACK frame."); |
| return false; |
| } |
| |
| return true; |
| } |
| |
| bool QuicFramer::ProcessStopWaitingFrame(QuicDataReader* reader, |
| const QuicPacketHeader& header, |
| QuicStopWaitingFrame* stop_waiting) { |
| uint64_t least_unacked_delta; |
| if (!reader->ReadBytesToUInt64(header.packet_number_length, |
| &least_unacked_delta)) { |
| set_detailed_error("Unable to read least unacked delta."); |
| return false; |
| } |
| if (header.packet_number.ToUint64() <= least_unacked_delta) { |
| set_detailed_error("Invalid unacked delta."); |
| return false; |
| } |
| stop_waiting->least_unacked = header.packet_number - least_unacked_delta; |
| |
| return true; |
| } |
| |
| bool QuicFramer::ProcessRstStreamFrame(QuicDataReader* reader, |
| QuicRstStreamFrame* frame) { |
| if (!reader->ReadUInt32(&frame->stream_id)) { |
| set_detailed_error("Unable to read stream_id."); |
| return false; |
| } |
| |
| if (!reader->ReadUInt64(&frame->byte_offset)) { |
| set_detailed_error("Unable to read rst stream sent byte offset."); |
| return false; |
| } |
| |
| uint32_t error_code; |
| if (!reader->ReadUInt32(&error_code)) { |
| set_detailed_error("Unable to read rst stream error code."); |
| return false; |
| } |
| |
| if (error_code >= QUIC_STREAM_LAST_ERROR) { |
| // Ignore invalid stream error code if any. |
| error_code = QUIC_STREAM_LAST_ERROR; |
| } |
| |
| frame->error_code = static_cast<QuicRstStreamErrorCode>(error_code); |
| |
| return true; |
| } |
| |
| bool QuicFramer::ProcessConnectionCloseFrame(QuicDataReader* reader, |
| QuicConnectionCloseFrame* frame) { |
| uint32_t error_code; |
| frame->close_type = GOOGLE_QUIC_CONNECTION_CLOSE; |
| |
| if (!reader->ReadUInt32(&error_code)) { |
| set_detailed_error("Unable to read connection close error code."); |
| return false; |
| } |
| |
| // For Google QUIC connection closes, |wire_error_code| and |quic_error_code| |
| // must have the same value. |
| frame->wire_error_code = error_code; |
| frame->quic_error_code = static_cast<QuicErrorCode>(error_code); |
| |
| absl::string_view error_details; |
| if (!reader->ReadStringPiece16(&error_details)) { |
| set_detailed_error("Unable to read connection close error details."); |
| return false; |
| } |
| frame->error_details = std::string(error_details); |
| |
| return true; |
| } |
| |
| bool QuicFramer::ProcessGoAwayFrame(QuicDataReader* reader, |
| QuicGoAwayFrame* frame) { |
| uint32_t error_code; |
| if (!reader->ReadUInt32(&error_code)) { |
| set_detailed_error("Unable to read go away error code."); |
| return false; |
| } |
| |
| frame->error_code = static_cast<QuicErrorCode>(error_code); |
| |
| uint32_t stream_id; |
| if (!reader->ReadUInt32(&stream_id)) { |
| set_detailed_error("Unable to read last good stream id."); |
| return false; |
| } |
| frame->last_good_stream_id = static_cast<QuicStreamId>(stream_id); |
| |
| absl::string_view reason_phrase; |
| if (!reader->ReadStringPiece16(&reason_phrase)) { |
| set_detailed_error("Unable to read goaway reason."); |
| return false; |
| } |
| frame->reason_phrase = std::string(reason_phrase); |
| |
| return true; |
| } |
| |
| bool QuicFramer::ProcessWindowUpdateFrame(QuicDataReader* reader, |
| QuicWindowUpdateFrame* frame) { |
| if (!reader->ReadUInt32(&frame->stream_id)) { |
| set_detailed_error("Unable to read stream_id."); |
| return false; |
| } |
| |
| if (!reader->ReadUInt64(&frame->max_data)) { |
| set_detailed_error("Unable to read window byte_offset."); |
| return false; |
| } |
| |
| return true; |
| } |
| |
| bool QuicFramer::ProcessBlockedFrame(QuicDataReader* reader, |
| QuicBlockedFrame* frame) { |
| QUICHE_DCHECK(!VersionHasIetfQuicFrames(version_.transport_version)) |
| << "Attempt to process non-IETF QUIC frames in an IETF QUIC version."; |
| |
| if (!reader->ReadUInt32(&frame->stream_id)) { |
| set_detailed_error("Unable to read stream_id."); |
| return false; |
| } |
| |
| return true; |
| } |
| |
| void QuicFramer::ProcessPaddingFrame(QuicDataReader* reader, |
| QuicPaddingFrame* frame) { |
| // Type byte has been read. |
| frame->num_padding_bytes = 1; |
| uint8_t next_byte; |
| while (!reader->IsDoneReading() && reader->PeekByte() == 0x00) { |
| reader->ReadBytes(&next_byte, 1); |
| QUICHE_DCHECK_EQ(0x00, next_byte); |
| ++frame->num_padding_bytes; |
| } |
| } |
| |
| bool QuicFramer::ProcessMessageFrame(QuicDataReader* reader, |
| bool no_message_length, |
| QuicMessageFrame* frame) { |
| if (no_message_length) { |
| absl::string_view remaining(reader->ReadRemainingPayload()); |
| frame->data = remaining.data(); |
| frame->message_length = remaining.length(); |
| return true; |
| } |
| |
| uint64_t message_length; |
| if (!reader->ReadVarInt62(&message_length)) { |
| set_detailed_error("Unable to read message length"); |
| return false; |
| } |
| |
| absl::string_view message_piece; |
| if (!reader->ReadStringPiece(&message_piece, message_length)) { |
| set_detailed_error("Unable to read message data"); |
| return false; |
| } |
| |
| frame->data = message_piece.data(); |
| frame->message_length = message_length; |
| |
| return true; |
| } |
| |
| // static |
| absl::string_view QuicFramer::GetAssociatedDataFromEncryptedPacket( |
| QuicTransportVersion version, |
| const QuicEncryptedPacket& encrypted, |
| QuicConnectionIdLength destination_connection_id_length, |
| QuicConnectionIdLength source_connection_id_length, |
| bool includes_version, |
| bool includes_diversification_nonce, |
| QuicPacketNumberLength packet_number_length, |
| QuicVariableLengthIntegerLength retry_token_length_length, |
| uint64_t retry_token_length, |
| QuicVariableLengthIntegerLength length_length) { |
| // TODO(ianswett): This is identical to QuicData::AssociatedData. |
| return absl::string_view( |
| encrypted.data(), |
| GetStartOfEncryptedData(version, destination_connection_id_length, |
| source_connection_id_length, includes_version, |
| includes_diversification_nonce, |
| packet_number_length, retry_token_length_length, |
| retry_token_length, length_length)); |
| } |
| |
| void QuicFramer::SetDecrypter(EncryptionLevel level, |
| std::unique_ptr<QuicDecrypter> decrypter) { |
| QUICHE_DCHECK_EQ(alternative_decrypter_level_, NUM_ENCRYPTION_LEVELS); |
| QUICHE_DCHECK_GE(level, decrypter_level_); |
| QUICHE_DCHECK(!version_.KnowsWhichDecrypterToUse()); |
| QUIC_DVLOG(1) << ENDPOINT << "Setting decrypter from level " |
| << decrypter_level_ << " to " << level; |
| decrypter_[decrypter_level_] = nullptr; |
| decrypter_[level] = std::move(decrypter); |
| decrypter_level_ = level; |
| } |
| |
| void QuicFramer::SetAlternativeDecrypter( |
| EncryptionLevel level, |
| std::unique_ptr<QuicDecrypter> decrypter, |
| bool latch_once_used) { |
| QUICHE_DCHECK_NE(level, decrypter_level_); |
| QUICHE_DCHECK(!version_.KnowsWhichDecrypterToUse()); |
| QUIC_DVLOG(1) << ENDPOINT << "Setting alternative decrypter from level " |
| << alternative_decrypter_level_ << " to " << level; |
| if (alternative_decrypter_level_ != NUM_ENCRYPTION_LEVELS) { |
| decrypter_[alternative_decrypter_level_] = nullptr; |
| } |
| decrypter_[level] = std::move(decrypter); |
| alternative_decrypter_level_ = level; |
| alternative_decrypter_latch_ = latch_once_used; |
| } |
| |
| void QuicFramer::InstallDecrypter(EncryptionLevel level, |
| std::unique_ptr<QuicDecrypter> decrypter) { |
| QUICHE_DCHECK(version_.KnowsWhichDecrypterToUse()); |
| QUIC_DVLOG(1) << ENDPOINT << "Installing decrypter at level " << level; |
| decrypter_[level] = std::move(decrypter); |
| } |
| |
| void QuicFramer::RemoveDecrypter(EncryptionLevel level) { |
| QUICHE_DCHECK(version_.KnowsWhichDecrypterToUse()); |
| QUIC_DVLOG(1) << ENDPOINT << "Removing decrypter at level " << level; |
| decrypter_[level] = nullptr; |
| } |
| |
| void QuicFramer::SetKeyUpdateSupportForConnection(bool enabled) { |
| QUIC_DVLOG(1) << ENDPOINT << "SetKeyUpdateSupportForConnection: " << enabled; |
| support_key_update_for_connection_ = enabled; |
| } |
| |
| void QuicFramer::DiscardPreviousOneRttKeys() { |
| QUICHE_DCHECK(support_key_update_for_connection_); |
| QUIC_DVLOG(1) << ENDPOINT << "Discarding previous set of 1-RTT keys"; |
| previous_decrypter_ = nullptr; |
| } |
| |
| bool QuicFramer::DoKeyUpdate(KeyUpdateReason reason) { |
| QUICHE_DCHECK(support_key_update_for_connection_); |
| if (!next_decrypter_) { |
| // If key update is locally initiated, next decrypter might not be created |
| // yet. |
| next_decrypter_ = visitor_->AdvanceKeysAndCreateCurrentOneRttDecrypter(); |
| } |
| std::unique_ptr<QuicEncrypter> next_encrypter = |
| visitor_->CreateCurrentOneRttEncrypter(); |
| if (!next_decrypter_ || !next_encrypter) { |
| QUIC_BUG(quic_bug_10850_58) << "Failed to create next crypters"; |
| return false; |
| } |
| key_update_performed_ = true; |
| current_key_phase_bit_ = !current_key_phase_bit_; |
| QUIC_DLOG(INFO) << ENDPOINT << "DoKeyUpdate: new current_key_phase_bit_=" |
| << current_key_phase_bit_; |
| current_key_phase_first_received_packet_number_.Clear(); |
| previous_decrypter_ = std::move(decrypter_[ENCRYPTION_FORWARD_SECURE]); |
| decrypter_[ENCRYPTION_FORWARD_SECURE] = std::move(next_decrypter_); |
| encrypter_[ENCRYPTION_FORWARD_SECURE] = std::move(next_encrypter); |
| visitor_->OnKeyUpdate(reason); |
| return true; |
| } |
| |
| QuicPacketCount QuicFramer::PotentialPeerKeyUpdateAttemptCount() const { |
| return potential_peer_key_update_attempt_count_; |
| } |
| |
| const QuicDecrypter* QuicFramer::GetDecrypter(EncryptionLevel level) const { |
| QUICHE_DCHECK(version_.KnowsWhichDecrypterToUse()); |
| return decrypter_[level].get(); |
| } |
| |
| const QuicDecrypter* QuicFramer::decrypter() const { |
| return decrypter_[decrypter_level_].get(); |
| } |
| |
| const QuicDecrypter* QuicFramer::alternative_decrypter() const { |
| if (alternative_decrypter_level_ == NUM_ENCRYPTION_LEVELS) { |
| return nullptr; |
| } |
| return decrypter_[alternative_decrypter_level_].get(); |
| } |
| |
| void QuicFramer::SetEncrypter(EncryptionLevel level, |
| std::unique_ptr<QuicEncrypter> encrypter) { |
| QUICHE_DCHECK_GE(level, 0); |
| QUICHE_DCHECK_LT(level, NUM_ENCRYPTION_LEVELS); |
| QUIC_DVLOG(1) << ENDPOINT << "Setting encrypter at level " << level; |
| encrypter_[level] = std::move(encrypter); |
| } |
| |
| void QuicFramer::RemoveEncrypter(EncryptionLevel level) { |
| QUIC_DVLOG(1) << ENDPOINT << "Removing encrypter of " << level; |
| encrypter_[level] = nullptr; |
| } |
| |
| void QuicFramer::SetInitialObfuscators(QuicConnectionId connection_id) { |
| CrypterPair crypters; |
| CryptoUtils::CreateInitialObfuscators(perspective_, version_, connection_id, |
| &crypters); |
| encrypter_[ENCRYPTION_INITIAL] = std::move(crypters.encrypter); |
| decrypter_[ENCRYPTION_INITIAL] = std::move(crypters.decrypter); |
| } |
| |
| size_t QuicFramer::EncryptInPlace(EncryptionLevel level, |
| QuicPacketNumber packet_number, |
| size_t ad_len, |
| size_t total_len, |
| size_t buffer_len, |
| char* buffer) { |
| QUICHE_DCHECK(packet_number.IsInitialized()); |
| if (encrypter_[level] == nullptr) { |
| QUIC_BUG(quic_bug_10850_59) |
| << ENDPOINT |
| << "Attempted to encrypt in place without encrypter at level " << level; |
| RaiseError(QUIC_ENCRYPTION_FAILURE); |
| return 0; |
| } |
| |
| size_t output_length = 0; |
| if (!encrypter_[level]->EncryptPacket( |
| packet_number.ToUint64(), |
| absl::string_view(buffer, ad_len), // Associated data |
| absl::string_view(buffer + ad_len, |
| total_len - ad_len), // Plaintext |
| buffer + ad_len, // Destination buffer |
| &output_length, buffer_len - ad_len)) { |
| RaiseError(QUIC_ENCRYPTION_FAILURE); |
| return 0; |
| } |
| if (version_.HasHeaderProtection() && |
| !ApplyHeaderProtection(level, buffer, ad_len + output_length, ad_len)) { |
| QUIC_DLOG(ERROR) << "Applying header protection failed."; |
| RaiseError(QUIC_ENCRYPTION_FAILURE); |
| return 0; |
| } |
| |
| return ad_len + output_length; |
| } |
| |
| namespace { |
| |
| const size_t kHPSampleLen = 16; |
| |
| constexpr bool IsLongHeader(uint8_t type_byte) { |
| return (type_byte & FLAGS_LONG_HEADER) != 0; |
| } |
| |
| } // namespace |
| |
| bool QuicFramer::ApplyHeaderProtection(EncryptionLevel level, |
| char* buffer, |
| size_t buffer_len, |
| size_t ad_len) { |
| QuicDataReader buffer_reader(buffer, buffer_len); |
| QuicDataWriter buffer_writer(buffer_len, buffer); |
| // The sample starts 4 bytes after the start of the packet number. |
| if (ad_len < last_written_packet_number_length_) { |
| return false; |
| } |
| size_t pn_offset = ad_len - last_written_packet_number_length_; |
| // Sample the ciphertext and generate the mask to use for header protection. |
| size_t sample_offset = pn_offset + 4; |
| QuicDataReader sample_reader(buffer, buffer_len); |
| absl::string_view sample; |
| if (!sample_reader.Seek(sample_offset) || |
| !sample_reader.ReadStringPiece(&sample, kHPSampleLen)) { |
| QUIC_BUG(quic_bug_10850_60) |
| << "Not enough bytes to sample: sample_offset " << sample_offset |
| << ", sample len: " << kHPSampleLen << ", buffer len: " << buffer_len; |
| return false; |
| } |
| |
| if (encrypter_[level] == nullptr) { |
| QUIC_BUG(quic_bug_12975_8) |
| << ENDPOINT |
| << "Attempted to apply header protection without encrypter at level " |
| << level << " using " << version_; |
| return false; |
| } |
| |
| std::string mask = encrypter_[level]->GenerateHeaderProtectionMask(sample); |
| if (mask.empty()) { |
| QUIC_BUG(quic_bug_10850_61) << "Unable to generate header protection mask."; |
| return false; |
| } |
| QuicDataReader mask_reader(mask.data(), mask.size()); |
| |
| // Apply the mask to the 4 or 5 least significant bits of the first byte. |
| uint8_t bitmask = 0x1f; |
| uint8_t type_byte; |
| if (!buffer_reader.ReadUInt8(&type_byte)) { |
| return false; |
| } |
| QuicLongHeaderType header_type; |
| if (IsLongHeader(type_byte)) { |
| bitmask = 0x0f; |
| if (!GetLongHeaderType(type_byte, &header_type)) { |
| return false; |
| } |
| } |
| uint8_t mask_byte; |
| if (!mask_reader.ReadUInt8(&mask_byte) || |
| !buffer_writer.WriteUInt8(type_byte ^ (mask_byte & bitmask))) { |
| return false; |
| } |
| |
| // Adjust |pn_offset| to account for the diversification nonce. |
| if (IsLongHeader(type_byte) && header_type == ZERO_RTT_PROTECTED && |
| perspective_ == Perspective::IS_SERVER && |
| version_.handshake_protocol == PROTOCOL_QUIC_CRYPTO) { |
| if (pn_offset <= kDiversificationNonceSize) { |
| QUIC_BUG(quic_bug_10850_62) |
| << "Expected diversification nonce, but not enough bytes"; |
| return false; |
| } |
| pn_offset -= kDiversificationNonceSize; |
| } |
| // Advance the reader and writer to the packet number. Both the reader and |
| // writer have each read/written one byte. |
| if (!buffer_writer.Seek(pn_offset - 1) || |
| !buffer_reader.Seek(pn_offset - 1)) { |
| return false; |
| } |
| // Apply the rest of the mask to the packet number. |
| for (size_t i = 0; i < last_written_packet_number_length_; ++i) { |
| uint8_t buffer_byte; |
| uint8_t mask_byte; |
| if (!mask_reader.ReadUInt8(&mask_byte) || |
| !buffer_reader.ReadUInt8(&buffer_byte) || |
| !buffer_writer.WriteUInt8(buffer_byte ^ mask_byte)) { |
| return false; |
| } |
| } |
| return true; |
| } |
| |
| bool QuicFramer::RemoveHeaderProtection(QuicDataReader* reader, |
| const QuicEncryptedPacket& packet, |
| QuicPacketHeader* header, |
| uint64_t* full_packet_number, |
| std::vector<char>* associated_data) { |
| EncryptionLevel expected_decryption_level = GetEncryptionLevel(*header); |
| QuicDecrypter* decrypter = decrypter_[expected_decryption_level].get(); |
| if (decrypter == nullptr) { |
| QUIC_DVLOG(1) |
| << ENDPOINT |
| << "No decrypter available for removing header protection at level " |
| << expected_decryption_level; |
| return false; |
| } |
| |
| bool has_diversification_nonce = |
| header->form == IETF_QUIC_LONG_HEADER_PACKET && |
| header->long_packet_type == ZERO_RTT_PROTECTED && |
| perspective_ == Perspective::IS_CLIENT && |
| version_.handshake_protocol == PROTOCOL_QUIC_CRYPTO; |
| |
| // Read a sample from the ciphertext and compute the mask to use for header |
| // protection. |
| absl::string_view remaining_packet = reader->PeekRemainingPayload(); |
| QuicDataReader sample_reader(remaining_packet); |
| |
| // The sample starts 4 bytes after the start of the packet number. |
| absl::string_view pn; |
| if (!sample_reader.ReadStringPiece(&pn, 4)) { |
| QUIC_DVLOG(1) << "Not enough data to sample"; |
| return false; |
| } |
| if (has_diversification_nonce) { |
| // In Google QUIC, the diversification nonce comes between the packet number |
| // and the sample. |
| if (!sample_reader.Seek(kDiversificationNonceSize)) { |
| QUIC_DVLOG(1) << "No diversification nonce to skip over"; |
| return false; |
| } |
| } |
| std::string mask = decrypter->GenerateHeaderProtectionMask(&sample_reader); |
| QuicDataReader mask_reader(mask.data(), mask.size()); |
| if (mask.empty()) { |
| QUIC_DVLOG(1) << "Failed to compute mask"; |
| return false; |
| } |
| |
| // Unmask the rest of the type byte. |
| uint8_t bitmask = 0x1f; |
| if (IsLongHeader(header->type_byte)) { |
| bitmask = 0x0f; |
| } |
| uint8_t mask_byte; |
| if (!mask_reader.ReadUInt8(&mask_byte)) { |
| QUIC_DVLOG(1) << "No first byte to read from mask"; |
| return false; |
| } |
| header->type_byte ^= (mask_byte & bitmask); |
| |
| // Compute the packet number length. |
| header->packet_number_length = |
| static_cast<QuicPacketNumberLength>((header->type_byte & 0x03) + 1); |
| |
| char pn_buffer[IETF_MAX_PACKET_NUMBER_LENGTH] = {}; |
| QuicDataWriter pn_writer(ABSL_ARRAYSIZE(pn_buffer), pn_buffer); |
| |
| // Read the (protected) packet number from the reader and unmask the packet |
| // number. |
| for (size_t i = 0; i < header->packet_number_length; ++i) { |
| uint8_t protected_pn_byte, mask_byte; |
| if (!mask_reader.ReadUInt8(&mask_byte) || |
| !reader->ReadUInt8(&protected_pn_byte) || |
| !pn_writer.WriteUInt8(protected_pn_byte ^ mask_byte)) { |
| QUIC_DVLOG(1) << "Failed to unmask packet number"; |
| return false; |
| } |
| } |
| QuicDataReader packet_number_reader(pn_writer.data(), pn_writer.length()); |
| QuicPacketNumber base_packet_number; |
| if (supports_multiple_packet_number_spaces_) { |
| PacketNumberSpace pn_space = GetPacketNumberSpace(*header); |
| if (pn_space == NUM_PACKET_NUMBER_SPACES) { |
| return false; |
| } |
| base_packet_number = largest_decrypted_packet_numbers_[pn_space]; |
| } else { |
| base_packet_number = largest_packet_number_; |
| } |
| if (!ProcessAndCalculatePacketNumber( |
| &packet_number_reader, header->packet_number_length, |
| base_packet_number, full_packet_number)) { |
| return false; |
| } |
| |
| // Get the associated data, and apply the same unmasking operations to it. |
| absl::string_view ad = GetAssociatedDataFromEncryptedPacket( |
| version_.transport_version, packet, |
| GetIncludedDestinationConnectionIdLength(*header), |
| GetIncludedSourceConnectionIdLength(*header), header->version_flag, |
| has_diversification_nonce, header->packet_number_length, |
| header->retry_token_length_length, header->retry_token.length(), |
| header->length_length); |
| *associated_data = std::vector<char>(ad.begin(), ad.end()); |
| QuicDataWriter ad_writer(associated_data->size(), associated_data->data()); |
| |
| // Apply the unmasked type byte and packet number to |associated_data|. |
| if (!ad_writer.WriteUInt8(header->type_byte)) { |
| return false; |
| } |
| // Put the packet number at the end of the AD, or if there's a diversification |
| // nonce, before that (which is at the end of the AD). |
| size_t seek_len = ad_writer.remaining() - header->packet_number_length; |
| if (has_diversification_nonce) { |
| seek_len -= kDiversificationNonceSize; |
| } |
| if (!ad_writer.Seek(seek_len) || |
| !ad_writer.WriteBytes(pn_writer.data(), pn_writer.length())) { |
| QUIC_DVLOG(1) << "Failed to apply unmasking operations to AD"; |
| return false; |
| } |
| |
| return true; |
| } |
| |
| size_t QuicFramer::EncryptPayload(EncryptionLevel level, |
| QuicPacketNumber packet_number, |
| const QuicPacket& packet, |
| char* buffer, |
| size_t buffer_len) { |
| QUICHE_DCHECK(packet_number.IsInitialized()); |
| if (encrypter_[level] == nullptr) { |
| QUIC_BUG(quic_bug_10850_63) |
| << ENDPOINT << "Attempted to encrypt without encrypter at level " |
| << level; |
| RaiseError(QUIC_ENCRYPTION_FAILURE); |
| return 0; |
| } |
| |
| absl::string_view associated_data = |
| packet.AssociatedData(version_.transport_version); |
| // Copy in the header, because the encrypter only populates the encrypted |
| // plaintext content. |
| const size_t ad_len = associated_data.length(); |
| if (packet.length() < ad_len) { |
| QUIC_BUG(quic_bug_10850_64) |
| << ENDPOINT << "packet is shorter than associated data length. version:" |
| << version() << ", packet length:" << packet.length() |
| << ", associated data length:" << ad_len; |
| RaiseError(QUIC_ENCRYPTION_FAILURE); |
| return 0; |
| } |
| memmove(buffer, associated_data.data(), ad_len); |
| // Encrypt the plaintext into the buffer. |
| size_t output_length = 0; |
| if (!encrypter_[level]->EncryptPacket( |
| packet_number.ToUint64(), associated_data, |
| packet.Plaintext(version_.transport_version), buffer + ad_len, |
| &output_length, buffer_len - ad_len)) { |
| RaiseError(QUIC_ENCRYPTION_FAILURE); |
| return 0; |
| } |
| if (version_.HasHeaderProtection() && |
| !ApplyHeaderProtection(level, buffer, ad_len + output_length, ad_len)) { |
| QUIC_DLOG(ERROR) << "Applying header protection failed."; |
| RaiseError(QUIC_ENCRYPTION_FAILURE); |
| return 0; |
| } |
| |
| return ad_len + output_length; |
| } |
| |
| size_t QuicFramer::GetCiphertextSize(EncryptionLevel level, |
| size_t plaintext_size) const { |
| if (encrypter_[level] == nullptr) { |
| QUIC_BUG(quic_bug_10850_65) |
| << ENDPOINT |
| << "Attempted to get ciphertext size without encrypter at level " |
| << level << " using " << version_; |
| return plaintext_size; |
| } |
| return encrypter_[level]->GetCiphertextSize(plaintext_size); |
| } |
| |
| size_t QuicFramer::GetMaxPlaintextSize(size_t ciphertext_size) { |
| // In order to keep the code simple, we don't have the current encryption |
| // level to hand. Both the NullEncrypter and AES-GCM have a tag length of 12. |
| size_t min_plaintext_size = ciphertext_size; |
| |
| for (int i = ENCRYPTION_INITIAL; i < NUM_ENCRYPTION_LEVELS; i++) { |
| if (encrypter_[i] != nullptr) { |
| size_t size = encrypter_[i]->GetMaxPlaintextSize(ciphertext_size); |
| if (size < min_plaintext_size) { |
| min_plaintext_size = size; |
| } |
| } |
| } |
| |
| return min_plaintext_size; |
| } |
| |
| QuicPacketCount QuicFramer::GetOneRttEncrypterConfidentialityLimit() const { |
| if (!encrypter_[ENCRYPTION_FORWARD_SECURE]) { |
| QUIC_BUG(quic_bug_10850_66) << "1-RTT encrypter not set"; |
| return 0; |
| } |
| return encrypter_[ENCRYPTION_FORWARD_SECURE]->GetConfidentialityLimit(); |
| } |
| |
| bool QuicFramer::DecryptPayload(size_t udp_packet_length, |
| absl::string_view encrypted, |
| absl::string_view associated_data, |
| const QuicPacketHeader& header, |
| char* decrypted_buffer, |
| size_t buffer_length, |
| size_t* decrypted_length, |
| EncryptionLevel* decrypted_level) { |
| if (!EncryptionLevelIsValid(decrypter_level_)) { |
| QUIC_BUG(quic_bug_10850_67) |
| << "Attempted to decrypt with bad decrypter_level_"; |
| return false; |
| } |
| EncryptionLevel level = decrypter_level_; |
| QuicDecrypter* decrypter = decrypter_[level].get(); |
| QuicDecrypter* alternative_decrypter = nullptr; |
| bool key_phase_parsed = false; |
| bool key_phase; |
| bool attempt_key_update = false; |
| if (version().KnowsWhichDecrypterToUse()) { |
| if (header.form == GOOGLE_QUIC_PACKET) { |
| QUIC_BUG(quic_bug_10850_68) |
| << "Attempted to decrypt GOOGLE_QUIC_PACKET with a version that " |
| "knows which decrypter to use"; |
| return false; |
| } |
| level = GetEncryptionLevel(header); |
| if (!EncryptionLevelIsValid(level)) { |
| QUIC_BUG(quic_bug_10850_69) << "Attempted to decrypt with bad level"; |
| return false; |
| } |
| decrypter = decrypter_[level].get(); |
| if (decrypter == nullptr) { |
| return false; |
| } |
| if (level == ENCRYPTION_ZERO_RTT && |
| perspective_ == Perspective::IS_CLIENT && header.nonce != nullptr) { |
| decrypter->SetDiversificationNonce(*header.nonce); |
| } |
| if (support_key_update_for_connection_ && |
| header.form == IETF_QUIC_SHORT_HEADER_PACKET) { |
| QUICHE_DCHECK(version().UsesTls()); |
| QUICHE_DCHECK_EQ(level, ENCRYPTION_FORWARD_SECURE); |
| key_phase = (header.type_byte & FLAGS_KEY_PHASE_BIT) != 0; |
| key_phase_parsed = true; |
| QUIC_DVLOG(1) << ENDPOINT << "packet " << header.packet_number |
| << " received key_phase=" << key_phase |
| << " current_key_phase_bit_=" << current_key_phase_bit_; |
| if (key_phase != current_key_phase_bit_) { |
| if ((current_key_phase_first_received_packet_number_.IsInitialized() && |
| header.packet_number > |
| current_key_phase_first_received_packet_number_) || |
| (!current_key_phase_first_received_packet_number_.IsInitialized() && |
| !key_update_performed_)) { |
| if (!next_decrypter_) { |
| next_decrypter_ = |
| visitor_->AdvanceKeysAndCreateCurrentOneRttDecrypter(); |
| if (!next_decrypter_) { |
| QUIC_BUG(quic_bug_10850_70) << "Failed to create next_decrypter"; |
| return false; |
| } |
| } |
| QUIC_DVLOG(1) << ENDPOINT << "packet " << header.packet_number |
| << " attempt_key_update=true"; |
| attempt_key_update = true; |
| potential_peer_key_update_attempt_count_++; |
| decrypter = next_decrypter_.get(); |
| } else { |
| if (previous_decrypter_) { |
| QUIC_DVLOG(1) << ENDPOINT |
| << "trying previous_decrypter_ for packet " |
| << header.packet_number; |
| decrypter = previous_decrypter_.get(); |
| } else { |
| QUIC_DVLOG(1) << ENDPOINT << "dropping packet " |
| << header.packet_number << " with old key phase"; |
| return false; |
| } |
| } |
| } |
| } |
| } else if (alternative_decrypter_level_ != NUM_ENCRYPTION_LEVELS) { |
| if (!EncryptionLevelIsValid(alternative_decrypter_level_)) { |
| QUIC_BUG(quic_bug_10850_71) |
| << "Attempted to decrypt with bad alternative_decrypter_level_"; |
| return false; |
| } |
| alternative_decrypter = decrypter_[alternative_decrypter_level_].get(); |
| } |
| |
| if (decrypter == nullptr) { |
| QUIC_BUG(quic_bug_10850_72) |
| << "Attempting to decrypt without decrypter, encryption level:" << level |
| << " version:" << version(); |
| return false; |
| } |
| |
| bool success = decrypter->DecryptPacket( |
| header.packet_number.ToUint64(), associated_data, encrypted, |
| decrypted_buffer, decrypted_length, buffer_length); |
| if (success) { |
| visitor_->OnDecryptedPacket(udp_packet_length, level); |
| if (level == ENCRYPTION_ZERO_RTT && |
| current_key_phase_first_received_packet_number_.IsInitialized() && |
| header.packet_number > |
| current_key_phase_first_received_packet_number_) { |
| set_detailed_error(absl::StrCat( |
| "Decrypted a 0-RTT packet with a packet number ", |
| header.packet_number.ToString(), |
| " which is higher than a 1-RTT packet number ", |
| current_key_phase_first_received_packet_number_.ToString())); |
| return RaiseError(QUIC_INVALID_0RTT_PACKET_NUMBER_OUT_OF_ORDER); |
| } |
| *decrypted_level = level; |
| potential_peer_key_update_attempt_count_ = 0; |
| if (attempt_key_update) { |
| if (!DoKeyUpdate(KeyUpdateReason::kRemote)) { |
| set_detailed_error("Key update failed due to internal error"); |
| return RaiseError(QUIC_INTERNAL_ERROR); |
| } |
| QUICHE_DCHECK_EQ(current_key_phase_bit_, key_phase); |
| } |
| if (key_phase_parsed && |
| !current_key_phase_first_received_packet_number_.IsInitialized() && |
| key_phase == current_key_phase_bit_) { |
| // Set packet number for current key phase if it hasn't been initialized |
| // yet. This is set outside of attempt_key_update since the key update |
| // may have been initiated locally, and in that case we don't know yet |
| // which packet number from the remote side to use until we receive a |
| // packet with that phase. |
| QUIC_DVLOG(1) << ENDPOINT |
| << "current_key_phase_first_received_packet_number_ = " |
| << header.packet_number; |
| current_key_phase_first_received_packet_number_ = header.packet_number; |
| visitor_->OnDecryptedFirstPacketInKeyPhase(); |
| } |
| } else if (alternative_decrypter != nullptr) { |
| if (header.nonce != nullptr) { |
| QUICHE_DCHECK_EQ(perspective_, Perspective::IS_CLIENT); |
| alternative_decrypter->SetDiversificationNonce(*header.nonce); |
| } |
| bool try_alternative_decryption = true; |
| if (alternative_decrypter_level_ == ENCRYPTION_ZERO_RTT) { |
| if (perspective_ == Perspective::IS_CLIENT) { |
| if (header.nonce == nullptr) { |
| // Can not use INITIAL decryption without a diversification nonce. |
| try_alternative_decryption = false; |
| } |
| } else { |
| QUICHE_DCHECK(header.nonce == nullptr); |
| } |
| } |
| |
| if (try_alternative_decryption) { |
| success = alternative_decrypter->DecryptPacket( |
| header.packet_number.ToUint64(), associated_data, encrypted, |
| decrypted_buffer, decrypted_length, buffer_length); |
| } |
| if (success) { |
| visitor_->OnDecryptedPacket(udp_packet_length, |
| alternative_decrypter_level_); |
| *decrypted_level = decrypter_level_; |
| if (alternative_decrypter_latch_) { |
| if (!EncryptionLevelIsValid(alternative_decrypter_level_)) { |
| QUIC_BUG(quic_bug_10850_73) |
| << "Attempted to latch alternate decrypter with bad " |
| "alternative_decrypter_level_"; |
| return false; |
| } |
| // Switch to the alternative decrypter and latch so that we cannot |
| // switch back. |
| decrypter_level_ = alternative_decrypter_level_; |
| alternative_decrypter_level_ = NUM_ENCRYPTION_LEVELS; |
| } else { |
| // Switch the alternative decrypter so that we use it first next time. |
| EncryptionLevel level = alternative_decrypter_level_; |
| alternative_decrypter_level_ = decrypter_level_; |
| decrypter_level_ = level; |
| } |
| } |
| } |
| |
| if (!success) { |
| QUIC_DVLOG(1) << ENDPOINT << "DecryptPacket failed for: " << header; |
| return false; |
| } |
| |
| return true; |
| } |
| |
| size_t QuicFramer::GetIetfAckFrameSize(const QuicAckFrame& frame) { |
| // Type byte, largest_acked, and delay_time are straight-forward. |
| size_t ack_frame_size = kQuicFrameTypeSize; |
| QuicPacketNumber largest_acked = LargestAcked(frame); |
| ack_frame_size += QuicDataWriter::GetVarInt62Len(largest_acked.ToUint64()); |
| uint64_t ack_delay_time_us; |
| ack_delay_time_us = frame.ack_delay_time.ToMicroseconds(); |
| ack_delay_time_us = ack_delay_time_us >> local_ack_delay_exponent_; |
| ack_frame_size += QuicDataWriter::GetVarInt62Len(ack_delay_time_us); |
| |
| if (frame.packets.Empty() || frame.packets.Max() != largest_acked) { |
| QUIC_BUG(quic_bug_10850_74) << "Malformed ack frame"; |
| // ACK frame serialization will fail and connection will be closed. |
| return ack_frame_size; |
| } |
| |
| // Ack block count. |
| ack_frame_size += |
| QuicDataWriter::GetVarInt62Len(frame.packets.NumIntervals() - 1); |
| |
| // First Ack range. |
| auto iter = frame.packets.rbegin(); |
| ack_frame_size += QuicDataWriter::GetVarInt62Len(iter->Length() - 1); |
| QuicPacketNumber previous_smallest = iter->min(); |
| ++iter; |
| |
| // Ack blocks. |
| for (; iter != frame.packets.rend(); ++iter) { |
| const uint64_t gap = previous_smallest - iter->max() - 1; |
| const uint64_t ack_range = iter->Length() - 1; |
| ack_frame_size += (QuicDataWriter::GetVarInt62Len(gap) + |
| QuicDataWriter::GetVarInt62Len(ack_range)); |
| previous_smallest = iter->min(); |
| } |
| |
| // ECN counts. |
| if (frame.ecn_counters_populated && |
| (frame.ect_0_count || frame.ect_1_count || frame.ecn_ce_count)) { |
| ack_frame_size += QuicDataWriter::GetVarInt62Len(frame.ect_0_count); |
| ack_frame_size += QuicDataWriter::GetVarInt62Len(frame.ect_1_count); |
| ack_frame_size += QuicDataWriter::GetVarInt62Len(frame.ecn_ce_count); |
| } |
| |
| return ack_frame_size; |
| } |
| |
| size_t QuicFramer::GetAckFrameSize( |
| const QuicAckFrame& ack, |
| QuicPacketNumberLength /*packet_number_length*/) { |
| QUICHE_DCHECK(!ack.packets.Empty()); |
| size_t ack_size = 0; |
| |
| if (VersionHasIetfQuicFrames(version_.transport_version)) { |
| return GetIetfAckFrameSize(ack); |
| } |
| AckFrameInfo ack_info = GetAckFrameInfo(ack); |
| QuicPacketNumberLength ack_block_length = |
| GetMinPacketNumberLength(QuicPacketNumber(ack_info.max_block_length)); |
| |
| ack_size = GetMinAckFrameSize(version_.transport_version, ack, |
| local_ack_delay_exponent_); |
| // First ack block length. |
| ack_size += ack_block_length; |
| if (ack_info.num_ack_blocks != 0) { |
| ack_size += kNumberOfAckBlocksSize; |
| ack_size += std::min(ack_info.num_ack_blocks, kMaxAckBlocks) * |
| (ack_block_length + PACKET_1BYTE_PACKET_NUMBER); |
| } |
| |
| // Include timestamps. |
| if (process_timestamps_) { |
| ack_size += GetAckFrameTimeStampSize(ack); |
| } |
| |
| return ack_size; |
| } |
| |
| size_t QuicFramer::GetAckFrameTimeStampSize(const QuicAckFrame& ack) { |
| if (ack.received_packet_times.empty()) { |
| return 0; |
| } |
| |
| return kQuicNumTimestampsLength + kQuicFirstTimestampLength + |
| (kQuicTimestampLength + kQuicTimestampPacketNumberGapLength) * |
| (ack.received_packet_times.size() - 1); |
| } |
| |
| size_t QuicFramer::ComputeFrameLength( |
| const QuicFrame& frame, |
| bool last_frame_in_packet, |
| QuicPacketNumberLength packet_number_length) { |
| switch (frame.type) { |
| case STREAM_FRAME: |
| return GetMinStreamFrameSize( |
| version_.transport_version, frame.stream_frame.stream_id, |
| frame.stream_frame.offset, last_frame_in_packet, |
| frame.stream_frame.data_length) + |
| frame.stream_frame.data_length; |
| case CRYPTO_FRAME: |
| return GetMinCryptoFrameSize(frame.crypto_frame->offset, |
| frame.crypto_frame->data_length) + |
| frame.crypto_frame->data_length; |
| case ACK_FRAME: { |
| return GetAckFrameSize(*frame.ack_frame, packet_number_length); |
| } |
| case STOP_WAITING_FRAME: |
| return GetStopWaitingFrameSize(packet_number_length); |
| case MTU_DISCOVERY_FRAME: |
| // MTU discovery frames are serialized as ping frames. |
| return kQuicFrameTypeSize; |
| case MESSAGE_FRAME: |
| return GetMessageFrameSize(version_.transport_version, |
| last_frame_in_packet, |
| frame.message_frame->message_length); |
| case PADDING_FRAME: |
| QUICHE_DCHECK(false); |
| return 0; |
| default: |
| return GetRetransmittableControlFrameSize(version_.transport_version, |
| frame); |
| } |
| } |
| |
| bool QuicFramer::AppendTypeByte(const QuicFrame& frame, |
| bool last_frame_in_packet, |
| QuicDataWriter* writer) { |
| if (VersionHasIetfQuicFrames(version_.transport_version)) { |
| return AppendIetfFrameType(frame, last_frame_in_packet, writer); |
| } |
| uint8_t type_byte = 0; |
| switch (frame.type) { |
| case STREAM_FRAME: |
| type_byte = |
| GetStreamFrameTypeByte(frame.stream_frame, last_frame_in_packet); |
| break; |
| case ACK_FRAME: |
| return true; |
| case MTU_DISCOVERY_FRAME: |
| type_byte = static_cast<uint8_t>(PING_FRAME); |
| break; |
| case NEW_CONNECTION_ID_FRAME: |
| set_detailed_error( |
| "Attempt to append NEW_CONNECTION_ID frame and not in IETF QUIC."); |
| return RaiseError(QUIC_INTERNAL_ERROR); |
| case RETIRE_CONNECTION_ID_FRAME: |
| set_detailed_error( |
| "Attempt to append RETIRE_CONNECTION_ID frame and not in IETF QUIC."); |
| return RaiseError(QUIC_INTERNAL_ERROR); |
| case NEW_TOKEN_FRAME: |
| set_detailed_error( |
| "Attempt to append NEW_TOKEN frame and not in IETF QUIC."); |
| return RaiseError(QUIC_INTERNAL_ERROR); |
| case MAX_STREAMS_FRAME: |
| set_detailed_error( |
| "Attempt to append MAX_STREAMS frame and not in IETF QUIC."); |
| return RaiseError(QUIC_INTERNAL_ERROR); |
| case STREAMS_BLOCKED_FRAME: |
| set_detailed_error( |
| "Attempt to append STREAMS_BLOCKED frame and not in IETF QUIC."); |
| return RaiseError(QUIC_INTERNAL_ERROR); |
| case PATH_RESPONSE_FRAME: |
| set_detailed_error( |
| "Attempt to append PATH_RESPONSE frame and not in IETF QUIC."); |
| return RaiseError(QUIC_INTERNAL_ERROR); |
| case PATH_CHALLENGE_FRAME: |
| set_detailed_error( |
| "Attempt to append PATH_CHALLENGE frame and not in IETF QUIC."); |
| return RaiseError(QUIC_INTERNAL_ERROR); |
| case STOP_SENDING_FRAME: |
| set_detailed_error( |
| "Attempt to append STOP_SENDING frame and not in IETF QUIC."); |
| return RaiseError(QUIC_INTERNAL_ERROR); |
| case MESSAGE_FRAME: |
| return true; |
| |
| default: |
| type_byte = static_cast<uint8_t>(frame.type); |
| break; |
| } |
| |
| return writer->WriteUInt8(type_byte); |
| } |
| |
| bool QuicFramer::AppendIetfFrameType(const QuicFrame& frame, |
| bool last_frame_in_packet, |
| QuicDataWriter* writer) { |
| uint8_t type_byte = 0; |
| switch (frame.type) { |
| case PADDING_FRAME: |
| type_byte = IETF_PADDING; |
| break; |
| case RST_STREAM_FRAME: |
| type_byte = IETF_RST_STREAM; |
| break; |
| case CONNECTION_CLOSE_FRAME: |
| switch (frame.connection_close_frame->close_type) { |
| case IETF_QUIC_APPLICATION_CONNECTION_CLOSE: |
| type_byte = IETF_APPLICATION_CLOSE; |
| break; |
| case IETF_QUIC_TRANSPORT_CONNECTION_CLOSE: |
| type_byte = IETF_CONNECTION_CLOSE; |
| break; |
| default: |
| set_detailed_error(absl::StrCat( |
| "Invalid QuicConnectionCloseFrame type: ", |
| static_cast<int>(frame.connection_close_frame->close_type))); |
| return RaiseError(QUIC_INTERNAL_ERROR); |
| } |
| break; |
| case GOAWAY_FRAME: |
| set_detailed_error( |
| "Attempt to create non-IETF QUIC GOAWAY frame in IETF QUIC."); |
| return RaiseError(QUIC_INTERNAL_ERROR); |
| case WINDOW_UPDATE_FRAME: |
| // Depending on whether there is a stream ID or not, will be either a |
| // MAX_STREAM_DATA frame or a MAX_DATA frame. |
| if (frame.window_update_frame->stream_id == |
| QuicUtils::GetInvalidStreamId(transport_version())) { |
| type_byte = IETF_MAX_DATA; |
| } else { |
| type_byte = IETF_MAX_STREAM_DATA; |
| } |
| break; |
| case BLOCKED_FRAME: |
| if (frame.blocked_frame->stream_id == |
| QuicUtils::GetInvalidStreamId(transport_version())) { |
| type_byte = IETF_DATA_BLOCKED; |
| } else { |
| type_byte = IETF_STREAM_DATA_BLOCKED; |
| } |
| break; |
| case STOP_WAITING_FRAME: |
| set_detailed_error( |
| "Attempt to append type byte of STOP WAITING frame in IETF QUIC."); |
| return RaiseError(QUIC_INTERNAL_ERROR); |
| case PING_FRAME: |
| type_byte = IETF_PING; |
| break; |
| case STREAM_FRAME: |
| type_byte = |
| GetStreamFrameTypeByte(frame.stream_frame, last_frame_in_packet); |
| break; |
| case ACK_FRAME: |
| // Do nothing here, AppendIetfAckFrameAndTypeByte() will put the type byte |
| // in the buffer. |
| return true; |
| case MTU_DISCOVERY_FRAME: |
| // The path MTU discovery frame is encoded as a PING frame on the wire. |
| type_byte = IETF_PING; |
| break; |
| case NEW_CONNECTION_ID_FRAME: |
| type_byte = IETF_NEW_CONNECTION_ID; |
| break; |
| case RETIRE_CONNECTION_ID_FRAME: |
| type_byte = IETF_RETIRE_CONNECTION_ID; |
| break; |
| case NEW_TOKEN_FRAME: |
| type_byte = IETF_NEW_TOKEN; |
| break; |
| case MAX_STREAMS_FRAME: |
| if (frame.max_streams_frame.unidirectional) { |
| type_byte = IETF_MAX_STREAMS_UNIDIRECTIONAL; |
| } else { |
| type_byte = IETF_MAX_STREAMS_BIDIRECTIONAL; |
| } |
| break; |
| case STREAMS_BLOCKED_FRAME: |
| if (frame.streams_blocked_frame.unidirectional) { |
| type_byte = IETF_STREAMS_BLOCKED_UNIDIRECTIONAL; |
| } else { |
| type_byte = IETF_STREAMS_BLOCKED_BIDIRECTIONAL; |
| } |
| break; |
| case PATH_RESPONSE_FRAME: |
| type_byte = IETF_PATH_RESPONSE; |
| break; |
| case PATH_CHALLENGE_FRAME: |
| type_byte = IETF_PATH_CHALLENGE; |
| break; |
| case STOP_SENDING_FRAME: |
| type_byte = IETF_STOP_SENDING; |
| break; |
| case MESSAGE_FRAME: |
| return true; |
| case CRYPTO_FRAME: |
| type_byte = IETF_CRYPTO; |
| break; |
| case HANDSHAKE_DONE_FRAME: |
| type_byte = IETF_HANDSHAKE_DONE; |
| break; |
| case ACK_FREQUENCY_FRAME: |
| type_byte = IETF_ACK_FREQUENCY; |
| break; |
| default: |
| QUIC_BUG(quic_bug_10850_75) |
| << "Attempt to generate a frame type for an unsupported value: " |
| << frame.type; |
| return false; |
| } |
| return writer->WriteVarInt62(type_byte); |
| } |
| |
| // static |
| bool QuicFramer::AppendPacketNumber(QuicPacketNumberLength packet_number_length, |
| QuicPacketNumber packet_number, |
| QuicDataWriter* writer) { |
| QUICHE_DCHECK(packet_number.IsInitialized()); |
| if (!IsValidPacketNumberLength(packet_number_length)) { |
| QUIC_BUG(quic_bug_10850_76) |
| << "Invalid packet_number_length: " << packet_number_length; |
| return false; |
| } |
| return writer->WriteBytesToUInt64(packet_number_length, |
| packet_number.ToUint64()); |
| } |
| |
| // static |
| bool QuicFramer::AppendStreamId(size_t stream_id_length, |
| QuicStreamId stream_id, |
| QuicDataWriter* writer) { |
| if (stream_id_length == 0 || stream_id_length > 4) { |
| QUIC_BUG(quic_bug_10850_77) |
| << "Invalid stream_id_length: " << stream_id_length; |
| return false; |
| } |
| return writer->WriteBytesToUInt64(stream_id_length, stream_id); |
| } |
| |
| // static |
| bool QuicFramer::AppendStreamOffset(size_t offset_length, |
| QuicStreamOffset offset, |
| QuicDataWriter* writer) { |
| if (offset_length == 1 || offset_length > 8) { |
| QUIC_BUG(quic_bug_10850_78) |
| << "Invalid stream_offset_length: " << offset_length; |
| return false; |
| } |
| |
| return writer->WriteBytesToUInt64(offset_length, offset); |
| } |
| |
| // static |
| bool QuicFramer::AppendAckBlock(uint8_t gap, |
| QuicPacketNumberLength length_length, |
| uint64_t length, |
| QuicDataWriter* writer) { |
| if (length == 0) { |
| if (!IsValidPacketNumberLength(length_length)) { |
| QUIC_BUG(quic_bug_10850_79) |
| << "Invalid packet_number_length: " << length_length; |
| return false; |
| } |
| return writer->WriteUInt8(gap) && |
| writer->WriteBytesToUInt64(length_length, length); |
| } |
| return writer->WriteUInt8(gap) && |
| AppendPacketNumber(length_length, QuicPacketNumber(length), writer); |
| } |
| |
| bool QuicFramer::AppendStreamFrame(const QuicStreamFrame& frame, |
| bool no_stream_frame_length, |
| QuicDataWriter* writer) { |
| if (VersionHasIetfQuicFrames(version_.transport_version)) { |
| return AppendIetfStreamFrame(frame, no_stream_frame_length, writer); |
| } |
| if (!AppendStreamId(GetStreamIdSize(frame.stream_id), frame.stream_id, |
| writer)) { |
| QUIC_BUG(quic_bug_10850_80) << "Writing stream id size failed."; |
| return false; |
| } |
| if (!AppendStreamOffset(GetStreamOffsetSize(frame.offset), frame.offset, |
| writer)) { |
| QUIC_BUG(quic_bug_10850_81) << "Writing offset size failed."; |
| return false; |
| } |
| if (!no_stream_frame_length) { |
| static_assert( |
| std::numeric_limits<decltype(frame.data_length)>::max() <= |
| std::numeric_limits<uint16_t>::max(), |
| "If frame.data_length can hold more than a uint16_t than we need to " |
| "check that frame.data_length <= std::numeric_limits<uint16_t>::max()"); |
| if (!writer->WriteUInt16(static_cast<uint16_t>(frame.data_length))) { |
| QUIC_BUG(quic_bug_10850_82) << "Writing stream frame length failed"; |
| return false; |
| } |
| } |
| |
| if (data_producer_ != nullptr) { |
| QUICHE_DCHECK_EQ(nullptr, frame.data_buffer); |
| if (frame.data_length == 0) { |
| return true; |
| } |
| if (data_producer_->WriteStreamData(frame.stream_id, frame.offset, |
| frame.data_length, |
| writer) != WRITE_SUCCESS) { |
| QUIC_BUG(quic_bug_10850_83) << "Writing frame data failed."; |
| return false; |
| } |
| return true; |
| } |
| |
| if (!writer->WriteBytes(frame.data_buffer, frame.data_length)) { |
| QUIC_BUG(quic_bug_10850_84) << "Writing frame data failed."; |
| return false; |
| } |
| return true; |
| } |
| |
| bool QuicFramer::AppendNewTokenFrame(const QuicNewTokenFrame& frame, |
| QuicDataWriter* writer) { |
| if (!writer->WriteVarInt62(static_cast<uint64_t>(frame.token.length()))) { |
| set_detailed_error("Writing token length failed."); |
| return false; |
| } |
| if (!writer->WriteBytes(frame.token.data(), frame.token.length())) { |
| set_detailed_error("Writing token buffer failed."); |
| return false; |
| } |
| return true; |
| } |
| |
| bool QuicFramer::ProcessNewTokenFrame(QuicDataReader* reader, |
| QuicNewTokenFrame* frame) { |
| uint64_t length; |
| if (!reader->ReadVarInt62(&length)) { |
| set_detailed_error("Unable to read new token length."); |
| return false; |
| } |
| if (length > kMaxNewTokenTokenLength) { |
| set_detailed_error("Token length larger than maximum."); |
| return false; |
| } |
| |
| // TODO(ianswett): Don't use absl::string_view as an intermediary. |
| absl::string_view data; |
| if (!reader->ReadStringPiece(&data, length)) { |
| set_detailed_error("Unable to read new token data."); |
| return false; |
| } |
| frame->token = std::string(data); |
| return true; |
| } |
| |
| // Add a new ietf-format stream frame. |
| // Bits controlling whether there is a frame-length and frame-offset |
| // are in the QuicStreamFrame. |
| bool QuicFramer::AppendIetfStreamFrame(const QuicStreamFrame& frame, |
| bool last_frame_in_packet, |
| QuicDataWriter* writer) { |
| if (!writer->WriteVarInt62(static_cast<uint64_t>(frame.stream_id))) { |
| set_detailed_error("Writing stream id failed."); |
| return false; |
| } |
| |
| if (frame.offset != 0) { |
| if (!writer->WriteVarInt62(static_cast<uint64_t>(frame.offset))) { |
| set_detailed_error("Writing data offset failed."); |
| return false; |
| } |
| } |
| |
| if (!last_frame_in_packet) { |
| if (!writer->WriteVarInt62(frame.data_length)) { |
| set_detailed_error("Writing data length failed."); |
| return false; |
| } |
| } |
| |
| if (frame.data_length == 0) { |
| return true; |
| } |
| if (data_producer_ == nullptr) { |
| if (!writer->WriteBytes(frame.data_buffer, frame.data_length)) { |
| set_detailed_error("Writing frame data failed."); |
| return false; |
| } |
| } else { |
| QUICHE_DCHECK_EQ(nullptr, frame.data_buffer); |
| |
| if (data_producer_->WriteStreamData(frame.stream_id, frame.offset, |
| frame.data_length, |
| writer) != WRITE_SUCCESS) { |
| set_detailed_error("Writing frame data from producer failed."); |
| return false; |
| } |
| } |
| return true; |
| } |
| |
| bool QuicFramer::AppendCryptoFrame(const QuicCryptoFrame& frame, |
| QuicDataWriter* writer) { |
| if (!writer->WriteVarInt62(static_cast<uint64_t>(frame.offset))) { |
| set_detailed_error("Writing data offset failed."); |
| return false; |
| } |
| if (!writer->WriteVarInt62(static_cast<uint64_t>(frame.data_length))) { |
| set_detailed_error("Writing data length failed."); |
| return false; |
| } |
| if (data_producer_ == nullptr) { |
| if (frame.data_buffer == nullptr || |
| !writer->WriteBytes(frame.data_buffer, frame.data_length)) { |
| set_detailed_error("Writing frame data failed."); |
| return false; |
| } |
| } else { |
| QUICHE_DCHECK_EQ(nullptr, frame.data_buffer); |
| if (!data_producer_->WriteCryptoData(frame.level, frame.offset, |
| frame.data_length, writer)) { |
| return false; |
| } |
| } |
| return true; |
| } |
| |
| bool QuicFramer::AppendAckFrequencyFrame(const QuicAckFrequencyFrame& frame, |
| QuicDataWriter* writer) { |
| if (!writer->WriteVarInt62(frame.sequence_number)) { |
| set_detailed_error("Writing sequence number failed."); |
| return false; |
| } |
| if (!writer->WriteVarInt62(frame.packet_tolerance)) { |
| set_detailed_error("Writing packet tolerance failed."); |
| return false; |
| } |
| if (!writer->WriteVarInt62( |
| static_cast<uint64_t>(frame.max_ack_delay.ToMicroseconds()))) { |
| set_detailed_error("Writing max_ack_delay_us failed."); |
| return false; |
| } |
| if (!writer->WriteUInt8(static_cast<uint8_t>(frame.ignore_order))) { |
| set_detailed_error("Writing ignore_order failed."); |
| return false; |
| } |
| |
| return true; |
| } |
| |
| void QuicFramer::set_version(const ParsedQuicVersion version) { |
| QUICHE_DCHECK(IsSupportedVersion(version)) |
| << ParsedQuicVersionToString(version); |
| version_ = version; |
| } |
| |
| bool QuicFramer::AppendAckFrameAndTypeByte(const QuicAckFrame& frame, |
| QuicDataWriter* writer) { |
| if (VersionHasIetfQuicFrames(transport_version())) { |
| return AppendIetfAckFrameAndTypeByte(frame, writer); |
| } |
| |
| const AckFrameInfo new_ack_info = GetAckFrameInfo(frame); |
| QuicPacketNumber largest_acked = LargestAcked(frame); |
| QuicPacketNumberLength largest_acked_length = |
| GetMinPacketNumberLength(largest_acked); |
| QuicPacketNumberLength ack_block_length = |
| GetMinPacketNumberLength(QuicPacketNumber(new_ack_info.max_block_length)); |
| // Calculate available bytes for timestamps and ack blocks. |
| int32_t available_timestamp_and_ack_block_bytes = |
| writer->capacity() - writer->length() - ack_block_length - |
| GetMinAckFrameSize(version_.transport_version, frame, |
| local_ack_delay_exponent_) - |
| (new_ack_info.num_ack_blocks != 0 ? kNumberOfAckBlocksSize : 0); |
| QUICHE_DCHECK_LE(0, available_timestamp_and_ack_block_bytes); |
| |
| uint8_t type_byte = 0; |
| SetBit(&type_byte, new_ack_info.num_ack_blocks != 0, |
| kQuicHasMultipleAckBlocksOffset); |
| |
| SetBits(&type_byte, GetPacketNumberFlags(largest_acked_length), |
| kQuicSequenceNumberLengthNumBits, kLargestAckedOffset); |
| |
| SetBits(&type_byte, GetPacketNumberFlags(ack_block_length), |
| kQuicSequenceNumberLengthNumBits, kActBlockLengthOffset); |
| |
| type_byte |= kQuicFrameTypeAckMask; |
| |
| if (!writer->WriteUInt8(type_byte)) { |
| return false; |
| } |
| |
| size_t max_num_ack_blocks = available_timestamp_and_ack_block_bytes / |
| (ack_block_length + PACKET_1BYTE_PACKET_NUMBER); |
| |
| // Number of ack blocks. |
| size_t num_ack_blocks = |
| std::min(new_ack_info.num_ack_blocks, max_num_ack_blocks); |
| if (num_ack_blocks > std::numeric_limits<uint8_t>::max()) { |
| num_ack_blocks = std::numeric_limits<uint8_t>::max(); |
| } |
| |
| // Largest acked. |
| if (!AppendPacketNumber(largest_acked_length, largest_acked, writer)) { |
| return false; |
| } |
| |
| // Largest acked delta time. |
| uint64_t ack_delay_time_us = kUFloat16MaxValue; |
| if (!frame.ack_delay_time.IsInfinite()) { |
| QUICHE_DCHECK_LE(0u, frame.ack_delay_time.ToMicroseconds()); |
| ack_delay_time_us = frame.ack_delay_time.ToMicroseconds(); |
| } |
| if (!writer->WriteUFloat16(ack_delay_time_us)) { |
| return false; |
| } |
| |
| if (num_ack_blocks > 0) { |
| if (!writer->WriteBytes(&num_ack_blocks, 1)) { |
| return false; |
| } |
| } |
| |
| // First ack block length. |
| if (!AppendPacketNumber(ack_block_length, |
| QuicPacketNumber(new_ack_info.first_block_length), |
| writer)) { |
| return false; |
| } |
| |
| // Ack blocks. |
| if (num_ack_blocks > 0) { |
| size_t num_ack_blocks_written = 0; |
| // Append, in descending order from the largest ACKed packet, a series of |
| // ACK blocks that represents the successfully acknoweldged packets. Each |
| // appended gap/block length represents a descending delta from the previous |
| // block. i.e.: |
| // |--- length ---|--- gap ---|--- length ---|--- gap ---|--- largest ---| |
| // For gaps larger than can be represented by a single encoded gap, a 0 |
| // length gap of the maximum is used, i.e.: |
| // |--- length ---|--- gap ---|- 0 -|--- gap ---|--- largest ---| |
| auto itr = frame.packets.rbegin(); |
| QuicPacketNumber previous_start = itr->min(); |
| ++itr; |
| |
| for (; |
| itr != frame.packets.rend() && num_ack_blocks_written < num_ack_blocks; |
| previous_start = itr->min(), ++itr) { |
| const auto& interval = *itr; |
| const uint64_t total_gap = previous_start - interval.max(); |
| const size_t num_encoded_gaps = |
| (total_gap + std::numeric_limits<uint8_t>::max() - 1) / |
| std::numeric_limits<uint8_t>::max(); |
| |
| // Append empty ACK blocks because the gap is longer than a single gap. |
| for (size_t i = 1; |
| i < num_encoded_gaps && num_ack_blocks_written < num_ack_blocks; |
| ++i) { |
| if (!AppendAckBlock(std::numeric_limits<uint8_t>::max(), |
| ack_block_length, 0, writer)) { |
| return false; |
| } |
| ++num_ack_blocks_written; |
| } |
| if (num_ack_blocks_written >= num_ack_blocks) { |
| if (QUIC_PREDICT_FALSE(num_ack_blocks_written != num_ack_blocks)) { |
| QUIC_BUG(quic_bug_10850_85) |
| << "Wrote " << num_ack_blocks_written << ", expected to write " |
| << num_ack_blocks; |
| } |
| break; |
| } |
| |
| const uint8_t last_gap = |
| total_gap - |
| (num_encoded_gaps - 1) * std::numeric_limits<uint8_t>::max(); |
| // Append the final ACK block with a non-empty size. |
| if (!AppendAckBlock(last_gap, ack_block_length, interval.Length(), |
| writer)) { |
| return false; |
| } |
| ++num_ack_blocks_written; |
| } |
| QUICHE_DCHECK_EQ(num_ack_blocks, num_ack_blocks_written); |
| } |
| // Timestamps. |
| // If we don't process timestamps or if we don't have enough available space |
| // to append all the timestamps, don't append any of them. |
| if (process_timestamps_ && writer->capacity() - writer->length() >= |
| GetAckFrameTimeStampSize(frame)) { |
| if (!AppendTimestampsToAckFrame(frame, writer)) { |
| return false; |
| } |
| } else { |
| uint8_t num_received_packets = 0; |
| if (!writer->WriteBytes(&num_received_packets, 1)) { |
| return false; |
| } |
| } |
| |
| return true; |
| } |
| |
| bool QuicFramer::AppendTimestampsToAckFrame(const QuicAckFrame& frame, |
| QuicDataWriter* writer) { |
| QUICHE_DCHECK_GE(std::numeric_limits<uint8_t>::max(), |
| frame.received_packet_times.size()); |
| // num_received_packets is only 1 byte. |
| if (frame.received_packet_times.size() > |
| std::numeric_limits<uint8_t>::max()) { |
| return false; |
| } |
| |
| uint8_t num_received_packets = frame.received_packet_times.size(); |
| if (!writer->WriteBytes(&num_received_packets, 1)) { |
| return false; |
| } |
| if (num_received_packets == 0) { |
| return true; |
| } |
| |
| auto it = frame.received_packet_times.begin(); |
| QuicPacketNumber packet_number = it->first; |
| uint64_t delta_from_largest_observed = LargestAcked(frame) - packet_number; |
| |
| QUICHE_DCHECK_GE(std::numeric_limits<uint8_t>::max(), |
| delta_from_largest_observed); |
| if (delta_from_largest_observed > std::numeric_limits<uint8_t>::max()) { |
| return false; |
| } |
| |
| if (!writer->WriteUInt8(delta_from_largest_observed)) { |
| return false; |
| } |
| |
| // Use the lowest 4 bytes of the time delta from the creation_time_. |
| const uint64_t time_epoch_delta_us = UINT64_C(1) << 32; |
| uint32_t time_delta_us = |
| static_cast<uint32_t>((it->second - creation_time_).ToMicroseconds() & |
| (time_epoch_delta_us - 1)); |
| if (!writer->WriteUInt32(time_delta_us)) { |
| return false; |
| } |
| |
| QuicTime prev_time = it->second; |
| |
| for (++it; it != frame.received_packet_times.end(); ++it) { |
| packet_number = it->first; |
| delta_from_largest_observed = LargestAcked(frame) - packet_number; |
| |
| if (delta_from_largest_observed > std::numeric_limits<uint8_t>::max()) { |
| return false; |
| } |
| |
| if (!writer->WriteUInt8(delta_from_largest_observed)) { |
| return false; |
| } |
| |
| uint64_t frame_time_delta_us = (it->second - prev_time).ToMicroseconds(); |
| prev_time = it->second; |
| if (!writer->WriteUFloat16(frame_time_delta_us)) { |
| return false; |
| } |
| } |
| return true; |
| } |
| |
| bool QuicFramer::AppendStopWaitingFrame(const QuicPacketHeader& header, |
| const QuicStopWaitingFrame& frame, |
| QuicDataWriter* writer) { |
| QUICHE_DCHECK(!version_.HasIetfInvariantHeader()); |
| QUICHE_DCHECK(frame.least_unacked.IsInitialized()); |
| QUICHE_DCHECK_GE(header.packet_number, frame.least_unacked); |
| const uint64_t least_unacked_delta = |
| header.packet_number - frame.least_unacked; |
| const uint64_t length_shift = header.packet_number_length * 8; |
| |
| if (least_unacked_delta >> length_shift > 0) { |
| QUIC_BUG(quic_bug_10850_86) |
| << "packet_number_length " << header.packet_number_length |
| << " is too small for least_unacked_delta: " << least_unacked_delta |
| << " packet_number:" << header.packet_number |
| << " least_unacked:" << frame.least_unacked |
| << " version:" << version_.transport_version; |
| return false; |
| } |
| if (least_unacked_delta == 0) { |
| return writer->WriteBytesToUInt64(header.packet_number_length, |
| least_unacked_delta); |
| } |
| if (!AppendPacketNumber(header.packet_number_length, |
| QuicPacketNumber(least_unacked_delta), writer)) { |
| QUIC_BUG(quic_bug_10850_87) |
| << " seq failed: " << header.packet_number_length; |
| return false; |
| } |
| |
| return true; |
| } |
| |
| bool QuicFramer::AppendIetfAckFrameAndTypeByte(const QuicAckFrame& frame, |
| QuicDataWriter* writer) { |
| uint8_t type = IETF_ACK; |
| uint64_t ecn_size = 0; |
| if (frame.ecn_counters_populated && |
| (frame.ect_0_count || frame.ect_1_count || frame.ecn_ce_count)) { |
| // Change frame type to ACK_ECN if any ECN count is available. |
| type = IETF_ACK_ECN; |
| ecn_size = (QuicDataWriter::GetVarInt62Len(frame.ect_0_count) + |
| QuicDataWriter::GetVarInt62Len(frame.ect_1_count) + |
| QuicDataWriter::GetVarInt62Len(frame.ecn_ce_count)); |
| } |
| |
| if (!writer->WriteVarInt62(type)) { |
| set_detailed_error("No room for frame-type"); |
| return false; |
| } |
| |
| QuicPacketNumber largest_acked = LargestAcked(frame); |
| if (!writer->WriteVarInt62(largest_acked.ToUint64())) { |
| set_detailed_error("No room for largest-acked in ack frame"); |
| return false; |
| } |
| |
| uint64_t ack_delay_time_us = kVarInt62MaxValue; |
| if (!frame.ack_delay_time.IsInfinite()) { |
| QUICHE_DCHECK_LE(0u, frame.ack_delay_time.ToMicroseconds()); |
| ack_delay_time_us = frame.ack_delay_time.ToMicroseconds(); |
| ack_delay_time_us = ack_delay_time_us >> local_ack_delay_exponent_; |
| } |
| |
| if (!writer->WriteVarInt62(ack_delay_time_us)) { |
| set_detailed_error("No room for ack-delay in ack frame"); |
| return false; |
| } |
| |
| if (frame.packets.Empty() || frame.packets.Max() != largest_acked) { |
| QUIC_BUG(quic_bug_10850_88) << "Malformed ack frame: " << frame; |
| set_detailed_error("Malformed ack frame"); |
| return false; |
| } |
| |
| // Latch ack_block_count for potential truncation. |
| const uint64_t ack_block_count = frame.packets.NumIntervals() - 1; |
| QuicDataWriter count_writer(QuicDataWriter::GetVarInt62Len(ack_block_count), |
| writer->data() + writer->length()); |
| if (!writer->WriteVarInt62(ack_block_count)) { |
| set_detailed_error("No room for ack block count in ack frame"); |
| return false; |
| } |
| auto iter = frame.packets.rbegin(); |
| if (!writer->WriteVarInt62(iter->Length() - 1)) { |
| set_detailed_error("No room for first ack block in ack frame"); |
| return false; |
| } |
| QuicPacketNumber previous_smallest = iter->min(); |
| ++iter; |
| // Append remaining ACK blocks. |
| uint64_t appended_ack_blocks = 0; |
| for (; iter != frame.packets.rend(); ++iter) { |
| const uint64_t gap = previous_smallest - iter->max() - 1; |
| const uint64_t ack_range = iter->Length() - 1; |
| |
| if (writer->remaining() < ecn_size || |
| writer->remaining() - ecn_size < |
| static_cast<size_t>(QuicDataWriter::GetVarInt62Len(gap) + |
| QuicDataWriter::GetVarInt62Len(ack_range))) { |
| // ACK range does not fit, truncate it. |
| break; |
| } |
| const bool success = |
| writer->WriteVarInt62(gap) && writer->WriteVarInt62(ack_range); |
| QUICHE_DCHECK(success); |
| previous_smallest = iter->min(); |
| ++appended_ack_blocks; |
| } |
| |
| if (appended_ack_blocks < ack_block_count) { |
| // Truncation is needed, rewrite the ack block count. |
| if (QuicDataWriter::GetVarInt62Len(appended_ack_blocks) != |
| QuicDataWriter::GetVarInt62Len(ack_block_count) || |
| !count_writer.WriteVarInt62(appended_ack_blocks)) { |
| // This should never happen as ack_block_count is limited by |
| // max_ack_ranges_. |
| QUIC_BUG(quic_bug_10850_89) |
| << "Ack frame truncation fails. ack_block_count: " << ack_block_count |
| << ", appended count: " << appended_ack_blocks; |
| set_detailed_error("ACK frame truncation fails"); |
| return false; |
| } |
| QUIC_DLOG(INFO) << ENDPOINT << "ACK ranges get truncated from " |
| << ack_block_count << " to " << appended_ack_blocks; |
| } |
| |
| if (type == IETF_ACK_ECN) { |
| // Encode the ECN counts. |
| if (!writer->WriteVarInt62(frame.ect_0_count)) { |
| set_detailed_error("No room for ect_0_count in ack frame"); |
| return false; |
| } |
| if (!writer->WriteVarInt62(frame.ect_1_count)) { |
| set_detailed_error("No room for ect_1_count in ack frame"); |
| return false; |
| } |
| if (!writer->WriteVarInt62(frame.ecn_ce_count)) { |
| set_detailed_error("No room for ecn_ce_count in ack frame"); |
| return false; |
| } |
| } |
| |
| return true; |
| } |
| |
| bool QuicFramer::AppendRstStreamFrame(const QuicRstStreamFrame& frame, |
| QuicDataWriter* writer) { |
| if (VersionHasIetfQuicFrames(version_.transport_version)) { |
| return AppendIetfResetStreamFrame(frame, writer); |
| } |
| if (!writer->WriteUInt32(frame.stream_id)) { |
| return false; |
| } |
| |
| if (!writer->WriteUInt64(frame.byte_offset)) { |
| return false; |
| } |
| |
| uint32_t error_code = static_cast<uint32_t>(frame.error_code); |
| if (!writer->WriteUInt32(error_code)) { |
| return false; |
| } |
| |
| return true; |
| } |
| |
| bool QuicFramer::AppendConnectionCloseFrame( |
| const QuicConnectionCloseFrame& frame, |
| QuicDataWriter* writer) { |
| if (VersionHasIetfQuicFrames(version_.transport_version)) { |
| return AppendIetfConnectionCloseFrame(frame, writer); |
| } |
| uint32_t error_code = static_cast<uint32_t>(frame.wire_error_code); |
| if (!writer->WriteUInt32(error_code)) { |
| return false; |
| } |
| if (!writer->WriteStringPiece16(TruncateErrorString(frame.error_details))) { |
| return false; |
| } |
| return true; |
| } |
| |
| bool QuicFramer::AppendGoAwayFrame(const QuicGoAwayFrame& frame, |
| QuicDataWriter* writer) { |
| uint32_t error_code = static_cast<uint32_t>(frame.error_code); |
| if (!writer->WriteUInt32(error_code)) { |
| return false; |
| } |
| uint32_t stream_id = static_cast<uint32_t>(frame.last_good_stream_id); |
| if (!writer->WriteUInt32(stream_id)) { |
| return false; |
| } |
| if (!writer->WriteStringPiece16(TruncateErrorString(frame.reason_phrase))) { |
| return false; |
| } |
| return true; |
| } |
| |
| bool QuicFramer::AppendWindowUpdateFrame(const QuicWindowUpdateFrame& frame, |
| QuicDataWriter* writer) { |
| uint32_t stream_id = static_cast<uint32_t>(frame.stream_id); |
| if (!writer->WriteUInt32(stream_id)) { |
| return false; |
| } |
| if (!writer->WriteUInt64(frame.max_data)) { |
| return false; |
| } |
| return true; |
| } |
| |
| bool QuicFramer::AppendBlockedFrame(const QuicBlockedFrame& frame, |
| QuicDataWriter* writer) { |
| if (VersionHasIetfQuicFrames(version_.transport_version)) { |
| if (frame.stream_id == QuicUtils::GetInvalidStreamId(transport_version())) { |
| return AppendDataBlockedFrame(frame, writer); |
| } |
| return AppendStreamDataBlockedFrame(frame, writer); |
| } |
| uint32_t stream_id = static_cast<uint32_t>(frame.stream_id); |
| if (!writer->WriteUInt32(stream_id)) { |
| return false; |
| } |
| return true; |
| } |
| |
| bool QuicFramer::AppendPaddingFrame(const QuicPaddingFrame& frame, |
| QuicDataWriter* writer) { |
| if (frame.num_padding_bytes == 0) { |
| return false; |
| } |
| if (frame.num_padding_bytes < 0) { |
| QUIC_BUG_IF(quic_bug_12975_9, frame.num_padding_bytes != -1); |
| writer->WritePadding(); |
| return true; |
| } |
| // Please note, num_padding_bytes includes type byte which has been written. |
| return writer->WritePaddingBytes(frame.num_padding_bytes - 1); |
| } |
| |
| bool QuicFramer::AppendMessageFrameAndTypeByte(const QuicMessageFrame& frame, |
| bool last_frame_in_packet, |
| QuicDataWriter* writer) { |
| uint8_t type_byte; |
| if (VersionHasIetfQuicFrames(version_.transport_version)) { |
| type_byte = last_frame_in_packet ? IETF_EXTENSION_MESSAGE_NO_LENGTH_V99 |
| : IETF_EXTENSION_MESSAGE_V99; |
| } else { |
| type_byte = last_frame_in_packet ? IETF_EXTENSION_MESSAGE_NO_LENGTH |
| : IETF_EXTENSION_MESSAGE; |
| } |
| if (!writer->WriteUInt8(type_byte)) { |
| return false; |
| } |
| if (!last_frame_in_packet && !writer->WriteVarInt62(frame.message_length)) { |
| return false; |
| } |
| for (const auto& slice : frame.message_data) { |
| if (!writer->WriteBytes(slice.data(), slice.length())) { |
| return false; |
| } |
| } |
| return true; |
| } |
| |
| bool QuicFramer::RaiseError(QuicErrorCode error) { |
| QUIC_DLOG(INFO) << ENDPOINT << "Error: " << QuicErrorCodeToString(error) |
| << " detail: " << detailed_error_; |
| set_error(error); |
| if (visitor_) { |
| visitor_->OnError(this); |
| } |
| return false; |
| } |
| |
| bool QuicFramer::IsVersionNegotiation( |
| const QuicPacketHeader& header, |
| bool packet_has_ietf_packet_header) const { |
| if (!packet_has_ietf_packet_header && |
| perspective_ == Perspective::IS_CLIENT) { |
| return header.version_flag; |
| } |
| if (header.form == IETF_QUIC_SHORT_HEADER_PACKET) { |
| return false; |
| } |
| return header.long_packet_type == VERSION_NEGOTIATION; |
| } |
| |
| bool QuicFramer::AppendIetfConnectionCloseFrame( |
| const QuicConnectionCloseFrame& frame, |
| QuicDataWriter* writer) { |
| if (frame.close_type != IETF_QUIC_TRANSPORT_CONNECTION_CLOSE && |
| frame.close_type != IETF_QUIC_APPLICATION_CONNECTION_CLOSE) { |
| QUIC_BUG(quic_bug_10850_90) |
| << "Invalid close_type for writing IETF CONNECTION CLOSE."; |
| set_detailed_error("Invalid close_type for writing IETF CONNECTION CLOSE."); |
| return false; |
| } |
| |
| if (!writer->WriteVarInt62(frame.wire_error_code)) { |
| set_detailed_error("Can not write connection close frame error code"); |
| return false; |
| } |
| |
| if (frame.close_type == IETF_QUIC_TRANSPORT_CONNECTION_CLOSE) { |
| // Write the frame-type of the frame causing the error only |
| // if it's a CONNECTION_CLOSE/Transport. |
| if (!writer->WriteVarInt62(frame.transport_close_frame_type)) { |
| set_detailed_error("Writing frame type failed."); |
| return false; |
| } |
| } |
| |
| // There may be additional error information available in the extracted error |
| // code. Encode the error information in the reason phrase and serialize the |
| // result. |
| std::string final_error_string = |
| GenerateErrorString(frame.error_details, frame.quic_error_code); |
| if (!writer->WriteStringPieceVarInt62( |
| TruncateErrorString(final_error_string))) { |
| set_detailed_error("Can not write connection close phrase"); |
| return false; |
| } |
| return true; |
| } |
| |
| bool QuicFramer::ProcessIetfConnectionCloseFrame( |
| QuicDataReader* reader, |
| QuicConnectionCloseType type, |
| QuicConnectionCloseFrame* frame) { |
| frame->close_type = type; |
| |
| uint64_t error_code; |
| if (!reader->ReadVarInt62(&error_code)) { |
| set_detailed_error("Unable to read connection close error code."); |
| return false; |
| } |
| |
| frame->wire_error_code = error_code; |
| |
| if (type == IETF_QUIC_TRANSPORT_CONNECTION_CLOSE) { |
| // The frame-type of the frame causing the error is present only |
| // if it's a CONNECTION_CLOSE/Transport. |
| if (!reader->ReadVarInt62(&frame->transport_close_frame_type)) { |
| set_detailed_error("Unable to read connection close frame type."); |
| return false; |
| } |
| } |
| |
| uint64_t phrase_length; |
| if (!reader->ReadVarInt62(&phrase_length)) { |
| set_detailed_error("Unable to read connection close error details."); |
| return false; |
| } |
| |
| absl::string_view phrase; |
| if (!reader->ReadStringPiece(&phrase, static_cast<size_t>(phrase_length))) { |
| set_detailed_error("Unable to read connection close error details."); |
| return false; |
| } |
| frame->error_details = std::string(phrase); |
| |
| // The frame may have an extracted error code in it. Look for it and |
| // extract it. If it's not present, MaybeExtract will return |
| // QUIC_IETF_GQUIC_ERROR_MISSING. |
| MaybeExtractQuicErrorCode(frame); |
| return true; |
| } |
| |
| // IETF Quic Path Challenge/Response frames. |
| bool QuicFramer::ProcessPathChallengeFrame(QuicDataReader* reader, |
| QuicPathChallengeFrame* frame) { |
| if (!reader->ReadBytes(frame->data_buffer.data(), |
| frame->data_buffer.size())) { |
| set_detailed_error("Can not read path challenge data."); |
| return false; |
| } |
| return true; |
| } |
| |
| bool QuicFramer::ProcessPathResponseFrame(QuicDataReader* reader, |
| QuicPathResponseFrame* frame) { |
| if (!reader->ReadBytes(frame->data_buffer.data(), |
| frame->data_buffer.size())) { |
| set_detailed_error("Can not read path response data."); |
| return false; |
| } |
| return true; |
| } |
| |
| bool QuicFramer::AppendPathChallengeFrame(const QuicPathChallengeFrame& frame, |
| QuicDataWriter* writer) { |
| if (!writer->WriteBytes(frame.data_buffer.data(), frame.data_buffer.size())) { |
| set_detailed_error("Writing Path Challenge data failed."); |
| return false; |
| } |
| return true; |
| } |
| |
| bool QuicFramer::AppendPathResponseFrame(const QuicPathResponseFrame& frame, |
| QuicDataWriter* writer) { |
| if (!writer->WriteBytes(frame.data_buffer.data(), frame.data_buffer.size())) { |
| set_detailed_error("Writing Path Response data failed."); |
| return false; |
| } |
| return true; |
| } |
| |
| // Add a new ietf-format stream reset frame. |
| // General format is |
| // stream id |
| // application error code |
| // final offset |
| bool QuicFramer::AppendIetfResetStreamFrame(const QuicRstStreamFrame& frame, |
| QuicDataWriter* writer) { |
| if (!writer->WriteVarInt62(static_cast<uint64_t>(frame.stream_id))) { |
| set_detailed_error("Writing reset-stream stream id failed."); |
| return false; |
| } |
| if (!writer->WriteVarInt62(static_cast<uint64_t>(frame.ietf_error_code))) { |
| set_detailed_error("Writing reset-stream error code failed."); |
| return false; |
| } |
| if (!writer->WriteVarInt62(static_cast<uint64_t>(frame.byte_offset))) { |
| set_detailed_error("Writing reset-stream final-offset failed."); |
| return false; |
| } |
| return true; |
| } |
| |
| bool QuicFramer::ProcessIetfResetStreamFrame(QuicDataReader* reader, |
| QuicRstStreamFrame* frame) { |
| // Get Stream ID from frame. ReadVarIntStreamID returns false |
| // if either A) there is a read error or B) the resulting value of |
| // the Stream ID is larger than the maximum allowed value. |
| if (!ReadUint32FromVarint62(reader, IETF_RST_STREAM, &frame->stream_id)) { |
| return false; |
| } |
| |
| if (!reader->ReadVarInt62(&frame->ietf_error_code)) { |
| set_detailed_error("Unable to read rst stream error code."); |
| return false; |
| } |
| |
| frame->error_code = |
| IetfResetStreamErrorCodeToRstStreamErrorCode(frame->ietf_error_code); |
| |
| if (!reader->ReadVarInt62(&frame->byte_offset)) { |
| set_detailed_error("Unable to read rst stream sent byte offset."); |
| return false; |
| } |
| return true; |
| } |
| |
| bool QuicFramer::ProcessStopSendingFrame( |
| QuicDataReader* reader, |
| QuicStopSendingFrame* stop_sending_frame) { |
| if (!ReadUint32FromVarint62(reader, IETF_STOP_SENDING, |
| &stop_sending_frame->stream_id)) { |
| return false; |
| } |
| |
| if (!reader->ReadVarInt62(&stop_sending_frame->ietf_error_code)) { |
| set_detailed_error("Unable to read stop sending application error code."); |
| return false; |
| } |
| |
| stop_sending_frame->error_code = IetfResetStreamErrorCodeToRstStreamErrorCode( |
| stop_sending_frame->ietf_error_code); |
| return true; |
| } |
| |
| bool QuicFramer::AppendStopSendingFrame( |
| const QuicStopSendingFrame& stop_sending_frame, |
| QuicDataWriter* writer) { |
| if (!writer->WriteVarInt62(stop_sending_frame.stream_id)) { |
| set_detailed_error("Can not write stop sending stream id"); |
| return false; |
| } |
| if (!writer->WriteVarInt62( |
| static_cast<uint64_t>(stop_sending_frame.ietf_error_code))) { |
| set_detailed_error("Can not write application error code"); |
| return false; |
| } |
| return true; |
| } |
| |
| // Append/process IETF-Format MAX_DATA Frame |
| bool QuicFramer::AppendMaxDataFrame(const QuicWindowUpdateFrame& frame, |
| QuicDataWriter* writer) { |
| if (!writer->WriteVarInt62(frame.max_data)) { |
| set_detailed_error("Can not write MAX_DATA byte-offset"); |
| return false; |
| } |
| return true; |
| } |
| |
| bool QuicFramer::ProcessMaxDataFrame(QuicDataReader* reader, |
| QuicWindowUpdateFrame* frame) { |
| frame->stream_id = QuicUtils::GetInvalidStreamId(transport_version()); |
| if (!reader->ReadVarInt62(&frame->max_data)) { |
| set_detailed_error("Can not read MAX_DATA byte-offset"); |
| return false; |
| } |
| return true; |
| } |
| |
| // Append/process IETF-Format MAX_STREAM_DATA Frame |
| bool QuicFramer::AppendMaxStreamDataFrame(const QuicWindowUpdateFrame& frame, |
| QuicDataWriter* writer) { |
| if (!writer->WriteVarInt62(frame.stream_id)) { |
| set_detailed_error("Can not write MAX_STREAM_DATA stream id"); |
| return false; |
| } |
| if (!writer->WriteVarInt62(frame.max_data)) { |
| set_detailed_error("Can not write MAX_STREAM_DATA byte-offset"); |
| return false; |
| } |
| return true; |
| } |
| |
| bool QuicFramer::ProcessMaxStreamDataFrame(QuicDataReader* reader, |
| QuicWindowUpdateFrame* frame) { |
| if (!ReadUint32FromVarint62(reader, IETF_MAX_STREAM_DATA, |
| &frame->stream_id)) { |
| return false; |
| } |
| if (!reader->ReadVarInt62(&frame->max_data)) { |
| set_detailed_error("Can not read MAX_STREAM_DATA byte-count"); |
| return false; |
| } |
| return true; |
| } |
| |
| bool QuicFramer::AppendMaxStreamsFrame(const QuicMaxStreamsFrame& frame, |
| QuicDataWriter* writer) { |
| if (!writer->WriteVarInt62(frame.stream_count)) { |
| set_detailed_error("Can not write MAX_STREAMS stream count"); |
| return false; |
| } |
| return true; |
| } |
| |
| bool QuicFramer::ProcessMaxStreamsFrame(QuicDataReader* reader, |
| QuicMaxStreamsFrame* frame, |
| uint64_t frame_type) { |
| if (!ReadUint32FromVarint62(reader, |
| static_cast<QuicIetfFrameType>(frame_type), |
| &frame->stream_count)) { |
| return false; |
| } |
| frame->unidirectional = (frame_type == IETF_MAX_STREAMS_UNIDIRECTIONAL); |
| return true; |
| } |
| |
| bool QuicFramer::AppendDataBlockedFrame(const QuicBlockedFrame& frame, |
| QuicDataWriter* writer) { |
| if (!writer->WriteVarInt62(frame.offset)) { |
| set_detailed_error("Can not write blocked offset."); |
| return false; |
| } |
| return true; |
| } |
| |
| bool QuicFramer::ProcessDataBlockedFrame(QuicDataReader* reader, |
| QuicBlockedFrame* frame) { |
| // Indicates that it is a BLOCKED frame (as opposed to STREAM_BLOCKED). |
| frame->stream_id = QuicUtils::GetInvalidStreamId(transport_version()); |
| if (!reader->ReadVarInt62(&frame->offset)) { |
| set_detailed_error("Can not read blocked offset."); |
| return false; |
| } |
| return true; |
| } |
| |
| bool QuicFramer::AppendStreamDataBlockedFrame(const QuicBlockedFrame& frame, |
| QuicDataWriter* writer) { |
| if (!writer->WriteVarInt62(frame.stream_id)) { |
| set_detailed_error("Can not write stream blocked stream id."); |
| return false; |
| } |
| if (!writer->WriteVarInt62(frame.offset)) { |
| set_detailed_error("Can not write stream blocked offset."); |
| return false; |
| } |
| return true; |
| } |
| |
| bool QuicFramer::ProcessStreamDataBlockedFrame(QuicDataReader* reader, |
| QuicBlockedFrame* frame) { |
| if (!ReadUint32FromVarint62(reader, IETF_STREAM_DATA_BLOCKED, |
| &frame->stream_id)) { |
| return false; |
| } |
| if (!reader->ReadVarInt62(&frame->offset)) { |
| set_detailed_error("Can not read stream blocked offset."); |
| return false; |
| } |
| return true; |
| } |
| |
| bool QuicFramer::AppendStreamsBlockedFrame(const QuicStreamsBlockedFrame& frame, |
| QuicDataWriter* writer) { |
| if (!writer->WriteVarInt62(frame.stream_count)) { |
| set_detailed_error("Can not write STREAMS_BLOCKED stream count"); |
| return false; |
| } |
| return true; |
| } |
| |
| bool QuicFramer::ProcessStreamsBlockedFrame(QuicDataReader* reader, |
| QuicStreamsBlockedFrame* frame, |
| uint64_t frame_type) { |
| if (!ReadUint32FromVarint62(reader, |
| static_cast<QuicIetfFrameType>(frame_type), |
| &frame->stream_count)) { |
| return false; |
| } |
| if (frame->stream_count > QuicUtils::GetMaxStreamCount()) { |
| // If stream count is such that the resulting stream ID would exceed our |
| // implementation limit, generate an error. |
| set_detailed_error( |
| "STREAMS_BLOCKED stream count exceeds implementation limit."); |
| return false; |
| } |
| frame->unidirectional = (frame_type == IETF_STREAMS_BLOCKED_UNIDIRECTIONAL); |
| return true; |
| } |
| |
| bool QuicFramer::AppendNewConnectionIdFrame( |
| const QuicNewConnectionIdFrame& frame, |
| QuicDataWriter* writer) { |
| if (!writer->WriteVarInt62(frame.sequence_number)) { |
| set_detailed_error("Can not write New Connection ID sequence number"); |
| return false; |
| } |
| if (!writer->WriteVarInt62(frame.retire_prior_to)) { |
| set_detailed_error("Can not write New Connection ID retire_prior_to"); |
| return false; |
| } |
| if (!writer->WriteLengthPrefixedConnectionId(frame.connection_id)) { |
| set_detailed_error("Can not write New Connection ID frame connection ID"); |
| return false; |
| } |
| |
| if (!writer->WriteBytes( |
| static_cast<const void*>(&frame.stateless_reset_token), |
| sizeof(frame.stateless_reset_token))) { |
| set_detailed_error("Can not write New Connection ID Reset Token"); |
| return false; |
| } |
| return true; |
| } |
| |
| bool QuicFramer::ProcessNewConnectionIdFrame(QuicDataReader* reader, |
| QuicNewConnectionIdFrame* frame) { |
| if (!reader->ReadVarInt62(&frame->sequence_number)) { |
| set_detailed_error( |
| "Unable to read new connection ID frame sequence number."); |
| return false; |
| } |
| |
| if (!reader->ReadVarInt62(&frame->retire_prior_to)) { |
| set_detailed_error( |
| "Unable to read new connection ID frame retire_prior_to."); |
| return false; |
| } |
| if (frame->retire_prior_to > frame->sequence_number) { |
| set_detailed_error("Retire_prior_to > sequence_number."); |
| return false; |
| } |
| |
| if (!reader->ReadLengthPrefixedConnectionId(&frame->connection_id)) { |
| set_detailed_error("Unable to read new connection ID frame connection id."); |
| return false; |
| } |
| |
| if (!QuicUtils::IsConnectionIdValidForVersion(frame->connection_id, |
| transport_version())) { |
| set_detailed_error("Invalid new connection ID length for version."); |
| return false; |
| } |
| |
| if (!reader->ReadBytes(&frame->stateless_reset_token, |
| sizeof(frame->stateless_reset_token))) { |
| set_detailed_error("Can not read new connection ID frame reset token."); |
| return false; |
| } |
| return true; |
| } |
| |
| bool QuicFramer::AppendRetireConnectionIdFrame( |
| const QuicRetireConnectionIdFrame& frame, |
| QuicDataWriter* writer) { |
| if (!writer->WriteVarInt62(frame.sequence_number)) { |
| set_detailed_error("Can not write Retire Connection ID sequence number"); |
| return false; |
| } |
| return true; |
| } |
| |
| bool QuicFramer::ProcessRetireConnectionIdFrame( |
| QuicDataReader* reader, |
| QuicRetireConnectionIdFrame* frame) { |
| if (!reader->ReadVarInt62(&frame->sequence_number)) { |
| set_detailed_error( |
| "Unable to read retire connection ID frame sequence number."); |
| return false; |
| } |
| return true; |
| } |
| |
| bool QuicFramer::ReadUint32FromVarint62(QuicDataReader* reader, |
| QuicIetfFrameType type, |
| QuicStreamId* id) { |
| uint64_t temp_uint64; |
| if (!reader->ReadVarInt62(&temp_uint64)) { |
| set_detailed_error("Unable to read " + QuicIetfFrameTypeString(type) + |
| " frame stream id/count."); |
| return false; |
| } |
| if (temp_uint64 > kMaxQuicStreamId) { |
| set_detailed_error("Stream id/count of " + QuicIetfFrameTypeString(type) + |
| "frame is too large."); |
| return false; |
| } |
| *id = static_cast<uint32_t>(temp_uint64); |
| return true; |
| } |
| |
| uint8_t QuicFramer::GetStreamFrameTypeByte(const QuicStreamFrame& frame, |
| bool last_frame_in_packet) const { |
| if (VersionHasIetfQuicFrames(version_.transport_version)) { |
| return GetIetfStreamFrameTypeByte(frame, last_frame_in_packet); |
| } |
| uint8_t type_byte = 0; |
| // Fin bit. |
| type_byte |= frame.fin ? kQuicStreamFinMask : 0; |
| |
| // Data Length bit. |
| type_byte <<= kQuicStreamDataLengthShift; |
| type_byte |= last_frame_in_packet ? 0 : kQuicStreamDataLengthMask; |
| |
| // Offset 3 bits. |
| type_byte <<= kQuicStreamShift; |
| const size_t offset_len = GetStreamOffsetSize(frame.offset); |
| if (offset_len > 0) { |
| type_byte |= offset_len - 1; |
| } |
| |
| // stream id 2 bits. |
| type_byte <<= kQuicStreamIdShift; |
| type_byte |= GetStreamIdSize(frame.stream_id) - 1; |
| type_byte |= kQuicFrameTypeStreamMask; // Set Stream Frame Type to 1. |
| |
| return type_byte; |
| } |
| |
| uint8_t QuicFramer::GetIetfStreamFrameTypeByte( |
| const QuicStreamFrame& frame, |
| bool last_frame_in_packet) const { |
| QUICHE_DCHECK(VersionHasIetfQuicFrames(version_.transport_version)); |
| uint8_t type_byte = IETF_STREAM; |
| if (!last_frame_in_packet) { |
| type_byte |= IETF_STREAM_FRAME_LEN_BIT; |
| } |
| if (frame.offset != 0) { |
| type_byte |= IETF_STREAM_FRAME_OFF_BIT; |
| } |
| if (frame.fin) { |
| type_byte |= IETF_STREAM_FRAME_FIN_BIT; |
| } |
| return type_byte; |
| } |
| |
| void QuicFramer::InferPacketHeaderTypeFromVersion() { |
| // This function should only be called when server connection negotiates the |
| // version. |
| QUICHE_DCHECK_EQ(perspective_, Perspective::IS_SERVER); |
| QUICHE_DCHECK(!infer_packet_header_type_from_version_); |
| infer_packet_header_type_from_version_ = true; |
| } |
| |
| void QuicFramer::EnableMultiplePacketNumberSpacesSupport() { |
| if (supports_multiple_packet_number_spaces_) { |
| QUIC_BUG(quic_bug_10850_91) |
| << "Multiple packet number spaces has already been enabled"; |
| return; |
| } |
| if (largest_packet_number_.IsInitialized()) { |
| QUIC_BUG(quic_bug_10850_92) |
| << "Try to enable multiple packet number spaces support after any " |
| "packet has been received."; |
| return; |
| } |
| |
| supports_multiple_packet_number_spaces_ = true; |
| } |
| |
| // static |
| QuicErrorCode QuicFramer::ParsePublicHeaderDispatcher( |
| const QuicEncryptedPacket& packet, |
| uint8_t expected_destination_connection_id_length, |
| PacketHeaderFormat* format, |
| QuicLongHeaderType* long_packet_type, |
| bool* version_present, |
| bool* has_length_prefix, |
| QuicVersionLabel* version_label, |
| ParsedQuicVersion* parsed_version, |
| QuicConnectionId* destination_connection_id, |
| QuicConnectionId* source_connection_id, |
| bool* retry_token_present, |
| absl::string_view* retry_token, |
| std::string* detailed_error) { |
| QuicDataReader reader(packet.data(), packet.length()); |
| if (reader.IsDoneReading()) { |
| *detailed_error = "Unable to read first byte."; |
| return QUIC_INVALID_PACKET_HEADER; |
| } |
| const uint8_t first_byte = reader.PeekByte(); |
| if (GetQuicRestartFlag(quic_drop_invalid_flags)) { |
| QUIC_RESTART_FLAG_COUNT(quic_drop_invalid_flags); |
| if ((first_byte & FLAGS_LONG_HEADER) == 0 && |
| (first_byte & FLAGS_FIXED_BIT) == 0 && |
| (first_byte & FLAGS_DEMULTIPLEXING_BIT) == 0) { |
| // All versions of Google QUIC up to and including Q043 set |
| // FLAGS_DEMULTIPLEXING_BIT to one on all client-to-server packets. Q044 |
| // and Q045 were never default-enabled in production. All subsequent |
| // versions of Google QUIC (starting with Q046) require FLAGS_FIXED_BIT to |
| // be set to one on all packets. All versions of IETF QUIC (since |
| // draft-ietf-quic-transport-17 which was earlier than the first IETF QUIC |
| // version that was deployed in production by any implementation) also |
| // require FLAGS_FIXED_BIT to be set to one on all packets. If a packet |
| // has the FLAGS_LONG_HEADER bit set to one, it could be a first flight |
| // from an unknown future version that allows the other two bits to be set |
| // to zero. Based on this, packets that have all three of those bits set |
| // to zero are known to be invalid. |
| *detailed_error = "Invalid flags."; |
| return QUIC_INVALID_PACKET_HEADER; |
| } |
| } |
| const bool ietf_format = QuicUtils::IsIetfPacketHeader(first_byte); |
| uint8_t unused_first_byte; |
| QuicVariableLengthIntegerLength retry_token_length_length; |
| QuicErrorCode error_code = ParsePublicHeader( |
| &reader, expected_destination_connection_id_length, ietf_format, |
| &unused_first_byte, format, version_present, has_length_prefix, |
| version_label, parsed_version, destination_connection_id, |
| source_connection_id, long_packet_type, &retry_token_length_length, |
| retry_token, detailed_error); |
| *retry_token_present = |
| retry_token_length_length != VARIABLE_LENGTH_INTEGER_LENGTH_0; |
| return error_code; |
| } |
| |
| // static |
| QuicErrorCode QuicFramer::ParsePublicHeaderGoogleQuic( |
| QuicDataReader* reader, |
| uint8_t* first_byte, |
| PacketHeaderFormat* format, |
| bool* version_present, |
| QuicVersionLabel* version_label, |
| ParsedQuicVersion* parsed_version, |
| QuicConnectionId* destination_connection_id, |
| std::string* detailed_error) { |
| *format = GOOGLE_QUIC_PACKET; |
| *version_present = (*first_byte & PACKET_PUBLIC_FLAGS_VERSION) != 0; |
| uint8_t destination_connection_id_length = 0; |
| if ((*first_byte & PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID) != 0) { |
| destination_connection_id_length = kQuicDefaultConnectionIdLength; |
| } |
| if (!reader->ReadConnectionId(destination_connection_id, |
| destination_connection_id_length)) { |
| *detailed_error = "Unable to read ConnectionId."; |
| return QUIC_INVALID_PACKET_HEADER; |
| } |
| if (*version_present) { |
| if (!ProcessVersionLabel(reader, version_label)) { |
| *detailed_error = "Unable to read protocol version."; |
| return QUIC_INVALID_PACKET_HEADER; |
| } |
| *parsed_version = ParseQuicVersionLabel(*version_label); |
| } |
| return QUIC_NO_ERROR; |
| } |
| |
| namespace { |
| |
| const QuicVersionLabel kProxVersionLabel = 0x50524F58; // "PROX" |
| |
| inline bool PacketHasLengthPrefixedConnectionIds( |
| const QuicDataReader& reader, |
| ParsedQuicVersion parsed_version, |
| QuicVersionLabel version_label, |
| uint8_t first_byte) { |
| if (parsed_version.IsKnown()) { |
| return parsed_version.HasLengthPrefixedConnectionIds(); |
| } |
| |
| // Received unsupported version, check known old unsupported versions. |
| if (QuicVersionLabelUses4BitConnectionIdLength(version_label)) { |
| return false; |
| } |
| |
| // Received unknown version, check connection ID length byte. |
| if (reader.IsDoneReading()) { |
| // This check is required to safely peek the connection ID length byte. |
| return true; |
| } |
| const uint8_t connection_id_length_byte = reader.PeekByte(); |
| |
| // Check for packets produced by older versions of |
| // QuicFramer::WriteClientVersionNegotiationProbePacket |
| if (first_byte == 0xc0 && (connection_id_length_byte & 0x0f) == 0 && |
| connection_id_length_byte >= 0x50 && version_label == 0xcabadaba) { |
| return false; |
| } |
| |
| // Check for munged packets with version tag PROX. |
| if ((connection_id_length_byte & 0x0f) == 0 && |
| connection_id_length_byte >= 0x20 && version_label == kProxVersionLabel) { |
| return false; |
| } |
| |
| return true; |
| } |
| |
| inline bool ParseLongHeaderConnectionIds( |
| QuicDataReader* reader, |
| bool has_length_prefix, |
| QuicVersionLabel version_label, |
| QuicConnectionId* destination_connection_id, |
| QuicConnectionId* source_connection_id, |
| std::string* detailed_error) { |
| if (has_length_prefix) { |
| if (!reader->ReadLengthPrefixedConnectionId(destination_connection_id)) { |
| *detailed_error = "Unable to read destination connection ID."; |
| return false; |
| } |
| if (!reader->ReadLengthPrefixedConnectionId(source_connection_id)) { |
| if (version_label == kProxVersionLabel) { |
| // The "PROX" version does not follow the length-prefixed invariants, |
| // and can therefore attempt to read a payload byte and interpret it |
| // as the source connection ID length, which could fail to parse. |
| // In that scenario we keep the source connection ID empty but mark |
| // parsing as successful. |
| return true; |
| } |
| *detailed_error = "Unable to read source connection ID."; |
| return false; |
| } |
| } else { |
| // Parse connection ID lengths. |
| uint8_t connection_id_lengths_byte; |
| if (!reader->ReadUInt8(&connection_id_lengths_byte)) { |
| *detailed_error = "Unable to read connection ID lengths."; |
| return false; |
| } |
| uint8_t destination_connection_id_length = |
| (connection_id_lengths_byte & kDestinationConnectionIdLengthMask) >> 4; |
| if (destination_connection_id_length != 0) { |
| destination_connection_id_length += kConnectionIdLengthAdjustment; |
| } |
| uint8_t source_connection_id_length = |
| connection_id_lengths_byte & kSourceConnectionIdLengthMask; |
| if (source_connection_id_length != 0) { |
| source_connection_id_length += kConnectionIdLengthAdjustment; |
| } |
| |
| // Read destination connection ID. |
| if (!reader->ReadConnectionId(destination_connection_id, |
| destination_connection_id_length)) { |
| *detailed_error = "Unable to read destination connection ID."; |
| return false; |
| } |
| |
| // Read source connection ID. |
| if (!reader->ReadConnectionId(source_connection_id, |
| source_connection_id_length)) { |
| *detailed_error = "Unable to read source connection ID."; |
| return false; |
| } |
| } |
| return true; |
| } |
| |
| } // namespace |
| |
| // static |
| QuicErrorCode QuicFramer::ParsePublicHeader( |
| QuicDataReader* reader, |
| uint8_t expected_destination_connection_id_length, |
| bool ietf_format, |
| uint8_t* first_byte, |
| PacketHeaderFormat* format, |
| bool* version_present, |
| bool* has_length_prefix, |
| QuicVersionLabel* version_label, |
| ParsedQuicVersion* parsed_version, |
| QuicConnectionId* destination_connection_id, |
| QuicConnectionId* source_connection_id, |
| QuicLongHeaderType* long_packet_type, |
| QuicVariableLengthIntegerLength* retry_token_length_length, |
| absl::string_view* retry_token, |
| std::string* detailed_error) { |
| *version_present = false; |
| *has_length_prefix = false; |
| *version_label = 0; |
| *parsed_version = UnsupportedQuicVersion(); |
| *source_connection_id = EmptyQuicConnectionId(); |
| *long_packet_type = INVALID_PACKET_TYPE; |
| *retry_token_length_length = VARIABLE_LENGTH_INTEGER_LENGTH_0; |
| *retry_token = absl::string_view(); |
| *detailed_error = ""; |
| |
| if (!reader->ReadUInt8(first_byte)) { |
| *detailed_error = "Unable to read first byte."; |
| return QUIC_INVALID_PACKET_HEADER; |
| } |
| |
| if (!ietf_format) { |
| return ParsePublicHeaderGoogleQuic( |
| reader, first_byte, format, version_present, version_label, |
| parsed_version, destination_connection_id, detailed_error); |
| } |
| |
| *format = GetIetfPacketHeaderFormat(*first_byte); |
| |
| if (*format == IETF_QUIC_SHORT_HEADER_PACKET) { |
| // Read destination connection ID using |
| // expected_destination_connection_id_length to determine its length. |
| if (!reader->ReadConnectionId(destination_connection_id, |
| expected_destination_connection_id_length)) { |
| *detailed_error = "Unable to read destination connection ID."; |
| return QUIC_INVALID_PACKET_HEADER; |
| } |
| return QUIC_NO_ERROR; |
| } |
| |
| QUICHE_DCHECK_EQ(IETF_QUIC_LONG_HEADER_PACKET, *format); |
| *version_present = true; |
| if (!ProcessVersionLabel(reader, version_label)) { |
| *detailed_error = "Unable to read protocol version."; |
| return QUIC_INVALID_PACKET_HEADER; |
| } |
| |
| if (*version_label == 0) { |
| *long_packet_type = VERSION_NEGOTIATION; |
| } |
| |
| // Parse version. |
| *parsed_version = ParseQuicVersionLabel(*version_label); |
| |
| // Figure out which IETF QUIC invariants this packet follows. |
| *has_length_prefix = PacketHasLengthPrefixedConnectionIds( |
| *reader, *parsed_version, *version_label, *first_byte); |
| |
| // Parse connection IDs. |
| if (!ParseLongHeaderConnectionIds(reader, *has_length_prefix, *version_label, |
| destination_connection_id, |
| source_connection_id, detailed_error)) { |
| return QUIC_INVALID_PACKET_HEADER; |
| } |
| |
| if (!parsed_version->IsKnown()) { |
| // Skip parsing of long packet type and retry token for unknown versions. |
| return QUIC_NO_ERROR; |
| } |
| |
| // Parse long packet type. |
| if (!GetLongHeaderType(*first_byte, long_packet_type)) { |
| *detailed_error = "Unable to parse long packet type."; |
| return QUIC_INVALID_PACKET_HEADER; |
| } |
| |
| if (!parsed_version->SupportsRetry() || *long_packet_type != INITIAL) { |
| // Retry token is only present on initial packets for some versions. |
| return QUIC_NO_ERROR; |
| } |
| |
| *retry_token_length_length = reader->PeekVarInt62Length(); |
| uint64_t retry_token_length; |
| if (!reader->ReadVarInt62(&retry_token_length)) { |
| *retry_token_length_length = VARIABLE_LENGTH_INTEGER_LENGTH_0; |
| *detailed_error = "Unable to read retry token length."; |
| return QUIC_INVALID_PACKET_HEADER; |
| } |
| |
| if (!reader->ReadStringPiece(retry_token, retry_token_length)) { |
| *detailed_error = "Unable to read retry token."; |
| return QUIC_INVALID_PACKET_HEADER; |
| } |
| |
| return QUIC_NO_ERROR; |
| } |
| |
| // static |
| bool QuicFramer::WriteClientVersionNegotiationProbePacket( |
| char* packet_bytes, |
| QuicByteCount packet_length, |
| const char* destination_connection_id_bytes, |
| uint8_t destination_connection_id_length) { |
| if (packet_bytes == nullptr) { |
| QUIC_BUG(quic_bug_10850_93) << "Invalid packet_bytes"; |
| return false; |
| } |
| if (packet_length < kMinPacketSizeForVersionNegotiation || |
| packet_length > 65535) { |
| QUIC_BUG(quic_bug_10850_94) << "Invalid packet_length"; |
| return false; |
| } |
| if (destination_connection_id_length > kQuicMaxConnectionId4BitLength || |
| destination_connection_id_length < kQuicDefaultConnectionIdLength) { |
| QUIC_BUG(quic_bug_10850_95) << "Invalid connection_id_length"; |
| return false; |
| } |
| // clang-format off |
| const unsigned char packet_start_bytes[] = { |
| // IETF long header with fixed bit set, type initial, all-0 encrypted bits. |
| 0xc0, |
| // Version, part of the IETF space reserved for negotiation. |
| // This intentionally differs from QuicVersionReservedForNegotiation() |
| // to allow differentiating them over the wire. |
| 0xca, 0xba, 0xda, 0xda, |
| }; |
| // clang-format on |
| static_assert(sizeof(packet_start_bytes) == 5, "bad packet_start_bytes size"); |
| QuicDataWriter writer(packet_length, packet_bytes); |
| if (!writer.WriteBytes(packet_start_bytes, sizeof(packet_start_bytes))) { |
| QUIC_BUG(quic_bug_10850_96) << "Failed to write packet start"; |
| return false; |
| } |
| |
| QuicConnectionId destination_connection_id(destination_connection_id_bytes, |
| destination_connection_id_length); |
| if (!AppendIetfConnectionIds( |
| /*version_flag=*/true, /*use_length_prefix=*/true, |
| destination_connection_id, EmptyQuicConnectionId(), &writer)) { |
| QUIC_BUG(quic_bug_10850_97) << "Failed to write connection IDs"; |
| return false; |
| } |
| // Add 8 bytes of zeroes followed by 8 bytes of ones to ensure that this does |
| // not parse with any known version. The zeroes make sure that packet numbers, |
| // retry token lengths and payload lengths are parsed as zero, and if the |
| // zeroes are treated as padding frames, 0xff is known to not parse as a |
| // valid frame type. |
| if (!writer.WriteUInt64(0) || |
| !writer.WriteUInt64(std::numeric_limits<uint64_t>::max())) { |
| QUIC_BUG(quic_bug_10850_98) << "Failed to write 18 bytes"; |
| return false; |
| } |
| // Make sure the polite greeting below is padded to a 16-byte boundary to |
| // make it easier to read in tcpdump. |
| while (writer.length() % 16 != 0) { |
| if (!writer.WriteUInt8(0)) { |
| QUIC_BUG(quic_bug_10850_99) << "Failed to write padding byte"; |
| return false; |
| } |
| } |
| // Add a polite greeting in case a human sees this in tcpdump. |
| static const char polite_greeting[] = |
| "This packet only exists to trigger IETF QUIC version negotiation. " |
| "Please respond with a Version Negotiation packet indicating what " |
| "versions you support. Thank you and have a nice day."; |
| if (!writer.WriteBytes(polite_greeting, sizeof(polite_greeting))) { |
| QUIC_BUG(quic_bug_10850_100) << "Failed to write polite greeting"; |
| return false; |
| } |
| // Fill the rest of the packet with zeroes. |
| writer.WritePadding(); |
| QUICHE_DCHECK_EQ(0u, writer.remaining()); |
| return true; |
| } |
| |
| // static |
| bool QuicFramer::ParseServerVersionNegotiationProbeResponse( |
| const char* packet_bytes, |
| QuicByteCount packet_length, |
| char* source_connection_id_bytes, |
| uint8_t* source_connection_id_length_out, |
| std::string* detailed_error) { |
| if (detailed_error == nullptr) { |
| QUIC_BUG(quic_bug_10850_101) << "Invalid error_details"; |
| return false; |
| } |
| *detailed_error = ""; |
| if (packet_bytes == nullptr) { |
| *detailed_error = "Invalid packet_bytes"; |
| return false; |
| } |
| if (packet_length < 6) { |
| *detailed_error = "Invalid packet_length"; |
| return false; |
| } |
| if (source_connection_id_bytes == nullptr) { |
| *detailed_error = "Invalid source_connection_id_bytes"; |
| return false; |
| } |
| if (source_connection_id_length_out == nullptr) { |
| *detailed_error = "Invalid source_connection_id_length_out"; |
| return false; |
| } |
| QuicDataReader reader(packet_bytes, packet_length); |
| uint8_t type_byte = 0; |
| if (!reader.ReadUInt8(&type_byte)) { |
| *detailed_error = "Failed to read type byte"; |
| return false; |
| } |
| if ((type_byte & 0x80) == 0) { |
| *detailed_error = "Packet does not have long header"; |
| return false; |
| } |
| uint32_t version = 0; |
| if (!reader.ReadUInt32(&version)) { |
| *detailed_error = "Failed to read version"; |
| return false; |
| } |
| if (version != 0) { |
| *detailed_error = "Packet is not a version negotiation packet"; |
| return false; |
| } |
| |
| QuicConnectionId destination_connection_id, source_connection_id; |
| if (!reader.ReadLengthPrefixedConnectionId(&destination_connection_id)) { |
| *detailed_error = "Failed to read destination connection ID"; |
| return false; |
| } |
| if (!reader.ReadLengthPrefixedConnectionId(&source_connection_id)) { |
| *detailed_error = "Failed to read source connection ID"; |
| return false; |
| } |
| |
| if (destination_connection_id.length() != 0) { |
| *detailed_error = "Received unexpected destination connection ID length"; |
| return false; |
| } |
| if (*source_connection_id_length_out < source_connection_id.length()) { |
| *detailed_error = |
| absl::StrCat("*source_connection_id_length_out too small ", |
| static_cast<int>(*source_connection_id_length_out), " < ", |
| static_cast<int>(source_connection_id.length())); |
| return false; |
| } |
| |
| memcpy(source_connection_id_bytes, source_connection_id.data(), |
| source_connection_id.length()); |
| *source_connection_id_length_out = source_connection_id.length(); |
| |
| return true; |
| } |
| |
| // Look for and parse the error code from the "<quic_error_code>:" text that |
| // may be present at the start of the CONNECTION_CLOSE error details string. |
| // This text, inserted by the peer if it's using Google's QUIC implementation, |
| // contains additional error information that narrows down the exact error. If |
| // the string is not found, or is not properly formed, it returns |
| // ErrorCode::QUIC_IETF_GQUIC_ERROR_MISSING |
| void MaybeExtractQuicErrorCode(QuicConnectionCloseFrame* frame) { |
| std::vector<absl::string_view> ed = absl::StrSplit(frame->error_details, ':'); |
| uint64_t extracted_error_code; |
| if (ed.size() < 2 || !quiche::QuicheTextUtils::IsAllDigits(ed[0]) || |
| !absl::SimpleAtoi(ed[0], &extracted_error_code)) { |
| if (frame->close_type == IETF_QUIC_TRANSPORT_CONNECTION_CLOSE && |
| frame->wire_error_code == NO_IETF_QUIC_ERROR) { |
| frame->quic_error_code = QUIC_NO_ERROR; |
| } else { |
| frame->quic_error_code = QUIC_IETF_GQUIC_ERROR_MISSING; |
| } |
| return; |
| } |
| // Return the error code (numeric) and the error details string without the |
| // error code prefix. Note that Split returns everything up to, but not |
| // including, the split character, so the length of ed[0] is just the number |
| // of digits in the error number. In removing the prefix, 1 is added to the |
| // length to account for the : |
| absl::string_view x = absl::string_view(frame->error_details); |
| x.remove_prefix(ed[0].length() + 1); |
| frame->error_details = std::string(x); |
| frame->quic_error_code = static_cast<QuicErrorCode>(extracted_error_code); |
| } |
| |
| #undef ENDPOINT // undef for jumbo builds |
| } // namespace quic |