blob: 6d2d9c79aa840cb0d9493cc86d845dd4ab0f0417 [file] [log] [blame]
// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "quic/core/quic_framer.h"
#include <cstddef>
#include <cstdint>
#include <limits>
#include <memory>
#include <string>
#include <utility>
#include "absl/base/attributes.h"
#include "absl/base/macros.h"
#include "absl/base/optimization.h"
#include "absl/strings/escaping.h"
#include "absl/strings/numbers.h"
#include "absl/strings/str_cat.h"
#include "absl/strings/str_split.h"
#include "absl/strings/string_view.h"
#include "quic/core/crypto/crypto_framer.h"
#include "quic/core/crypto/crypto_handshake.h"
#include "quic/core/crypto/crypto_handshake_message.h"
#include "quic/core/crypto/crypto_protocol.h"
#include "quic/core/crypto/crypto_utils.h"
#include "quic/core/crypto/null_decrypter.h"
#include "quic/core/crypto/null_encrypter.h"
#include "quic/core/crypto/quic_decrypter.h"
#include "quic/core/crypto/quic_encrypter.h"
#include "quic/core/crypto/quic_random.h"
#include "quic/core/frames/quic_ack_frequency_frame.h"
#include "quic/core/quic_connection_id.h"
#include "quic/core/quic_constants.h"
#include "quic/core/quic_data_reader.h"
#include "quic/core/quic_data_writer.h"
#include "quic/core/quic_error_codes.h"
#include "quic/core/quic_packets.h"
#include "quic/core/quic_socket_address_coder.h"
#include "quic/core/quic_stream_frame_data_producer.h"
#include "quic/core/quic_time.h"
#include "quic/core/quic_types.h"
#include "quic/core/quic_utils.h"
#include "quic/core/quic_versions.h"
#include "quic/platform/api/quic_bug_tracker.h"
#include "quic/platform/api/quic_client_stats.h"
#include "quic/platform/api/quic_flag_utils.h"
#include "quic/platform/api/quic_flags.h"
#include "quic/platform/api/quic_logging.h"
#include "quic/platform/api/quic_stack_trace.h"
#include "common/quiche_text_utils.h"
namespace quic {
namespace {
#define ENDPOINT \
(perspective_ == Perspective::IS_SERVER ? "Server: " : "Client: ")
// Number of bits the packet number length bits are shifted from the right
// edge of the header.
const uint8_t kPublicHeaderSequenceNumberShift = 4;
// There are two interpretations for the Frame Type byte in the QUIC protocol,
// resulting in two Frame Types: Special Frame Types and Regular Frame Types.
//
// Regular Frame Types use the Frame Type byte simply. Currently defined
// Regular Frame Types are:
// Padding : 0b 00000000 (0x00)
// ResetStream : 0b 00000001 (0x01)
// ConnectionClose : 0b 00000010 (0x02)
// GoAway : 0b 00000011 (0x03)
// WindowUpdate : 0b 00000100 (0x04)
// Blocked : 0b 00000101 (0x05)
//
// Special Frame Types encode both a Frame Type and corresponding flags
// all in the Frame Type byte. Currently defined Special Frame Types
// are:
// Stream : 0b 1xxxxxxx
// Ack : 0b 01xxxxxx
//
// Semantics of the flag bits above (the x bits) depends on the frame type.
// Masks to determine if the frame type is a special use
// and for specific special frame types.
const uint8_t kQuicFrameTypeBrokenMask = 0xE0; // 0b 11100000
const uint8_t kQuicFrameTypeSpecialMask = 0xC0; // 0b 11000000
const uint8_t kQuicFrameTypeStreamMask = 0x80;
const uint8_t kQuicFrameTypeAckMask = 0x40;
static_assert(kQuicFrameTypeSpecialMask ==
(kQuicFrameTypeStreamMask | kQuicFrameTypeAckMask),
"Invalid kQuicFrameTypeSpecialMask");
// The stream type format is 1FDOOOSS, where
// F is the fin bit.
// D is the data length bit (0 or 2 bytes).
// OO/OOO are the size of the offset.
// SS is the size of the stream ID.
// Note that the stream encoding can not be determined by inspection. It can
// be determined only by knowing the QUIC Version.
// Stream frame relative shifts and masks for interpreting the stream flags.
// StreamID may be 1, 2, 3, or 4 bytes.
const uint8_t kQuicStreamIdShift = 2;
const uint8_t kQuicStreamIDLengthMask = 0x03;
// Offset may be 0, 2, 4, or 8 bytes.
const uint8_t kQuicStreamShift = 3;
const uint8_t kQuicStreamOffsetMask = 0x07;
// Data length may be 0 or 2 bytes.
const uint8_t kQuicStreamDataLengthShift = 1;
const uint8_t kQuicStreamDataLengthMask = 0x01;
// Fin bit may be set or not.
const uint8_t kQuicStreamFinShift = 1;
const uint8_t kQuicStreamFinMask = 0x01;
// The format is 01M0LLOO, where
// M if set, there are multiple ack blocks in the frame.
// LL is the size of the largest ack field.
// OO is the size of the ack blocks offset field.
// packet number size shift used in AckFrames.
const uint8_t kQuicSequenceNumberLengthNumBits = 2;
const uint8_t kActBlockLengthOffset = 0;
const uint8_t kLargestAckedOffset = 2;
// Acks may have only one ack block.
const uint8_t kQuicHasMultipleAckBlocksOffset = 5;
// Timestamps are 4 bytes followed by 2 bytes.
const uint8_t kQuicNumTimestampsLength = 1;
const uint8_t kQuicFirstTimestampLength = 4;
const uint8_t kQuicTimestampLength = 2;
// Gaps between packet numbers are 1 byte.
const uint8_t kQuicTimestampPacketNumberGapLength = 1;
// Maximum length of encoded error strings.
const int kMaxErrorStringLength = 256;
const uint8_t kConnectionIdLengthAdjustment = 3;
const uint8_t kDestinationConnectionIdLengthMask = 0xF0;
const uint8_t kSourceConnectionIdLengthMask = 0x0F;
// Returns the absolute value of the difference between |a| and |b|.
uint64_t Delta(uint64_t a, uint64_t b) {
// Since these are unsigned numbers, we can't just return abs(a - b)
if (a < b) {
return b - a;
}
return a - b;
}
uint64_t ClosestTo(uint64_t target, uint64_t a, uint64_t b) {
return (Delta(target, a) < Delta(target, b)) ? a : b;
}
QuicPacketNumberLength ReadSequenceNumberLength(uint8_t flags) {
switch (flags & PACKET_FLAGS_8BYTE_PACKET) {
case PACKET_FLAGS_8BYTE_PACKET:
return PACKET_6BYTE_PACKET_NUMBER;
case PACKET_FLAGS_4BYTE_PACKET:
return PACKET_4BYTE_PACKET_NUMBER;
case PACKET_FLAGS_2BYTE_PACKET:
return PACKET_2BYTE_PACKET_NUMBER;
case PACKET_FLAGS_1BYTE_PACKET:
return PACKET_1BYTE_PACKET_NUMBER;
default:
QUIC_BUG(quic_bug_10850_1) << "Unreachable case statement.";
return PACKET_6BYTE_PACKET_NUMBER;
}
}
QuicPacketNumberLength ReadAckPacketNumberLength(uint8_t flags) {
switch (flags & PACKET_FLAGS_8BYTE_PACKET) {
case PACKET_FLAGS_8BYTE_PACKET:
return PACKET_6BYTE_PACKET_NUMBER;
case PACKET_FLAGS_4BYTE_PACKET:
return PACKET_4BYTE_PACKET_NUMBER;
case PACKET_FLAGS_2BYTE_PACKET:
return PACKET_2BYTE_PACKET_NUMBER;
case PACKET_FLAGS_1BYTE_PACKET:
return PACKET_1BYTE_PACKET_NUMBER;
default:
QUIC_BUG(quic_bug_10850_2) << "Unreachable case statement.";
return PACKET_6BYTE_PACKET_NUMBER;
}
}
uint8_t PacketNumberLengthToOnWireValue(
QuicPacketNumberLength packet_number_length) {
return packet_number_length - 1;
}
QuicPacketNumberLength GetShortHeaderPacketNumberLength(uint8_t type) {
QUICHE_DCHECK(!(type & FLAGS_LONG_HEADER));
return static_cast<QuicPacketNumberLength>((type & 0x03) + 1);
}
uint8_t LongHeaderTypeToOnWireValue(QuicLongHeaderType type,
const ParsedQuicVersion& version) {
switch (type) {
case INITIAL:
return version.UsesV2PacketTypes() ? (1 << 4) : 0;
case ZERO_RTT_PROTECTED:
return version.UsesV2PacketTypes() ? (2 << 4) : (1 << 4);
case HANDSHAKE:
return version.UsesV2PacketTypes() ? (3 << 4) : (2 << 4);
case RETRY:
return version.UsesV2PacketTypes() ? 0 : (3 << 4);
case VERSION_NEGOTIATION:
return 0xF0; // Value does not matter
default:
QUIC_BUG(quic_bug_10850_3) << "Invalid long header type: " << type;
return 0xFF;
}
}
bool GetLongHeaderType(uint8_t type, const ParsedQuicVersion& version,
QuicLongHeaderType* long_header_type) {
QUICHE_DCHECK((type & FLAGS_LONG_HEADER));
switch ((type & 0x30) >> 4) {
case 0:
*long_header_type = version.UsesV2PacketTypes() ? RETRY : INITIAL;
break;
case 1:
*long_header_type =
version.UsesV2PacketTypes() ? INITIAL : ZERO_RTT_PROTECTED;
break;
case 2:
*long_header_type =
version.UsesV2PacketTypes() ? ZERO_RTT_PROTECTED : HANDSHAKE;
break;
case 3:
*long_header_type = version.UsesV2PacketTypes() ? HANDSHAKE : RETRY;
break;
default:
QUIC_BUG(quic_bug_10850_4) << "Unreachable statement";
*long_header_type = INVALID_PACKET_TYPE;
return false;
}
return true;
}
QuicPacketNumberLength GetLongHeaderPacketNumberLength(uint8_t type) {
return static_cast<QuicPacketNumberLength>((type & 0x03) + 1);
}
// Used to get packet number space before packet gets decrypted.
PacketNumberSpace GetPacketNumberSpace(const QuicPacketHeader& header) {
switch (header.form) {
case GOOGLE_QUIC_PACKET:
QUIC_BUG(quic_bug_10850_5)
<< "Try to get packet number space of Google QUIC packet";
break;
case IETF_QUIC_SHORT_HEADER_PACKET:
return APPLICATION_DATA;
case IETF_QUIC_LONG_HEADER_PACKET:
switch (header.long_packet_type) {
case INITIAL:
return INITIAL_DATA;
case HANDSHAKE:
return HANDSHAKE_DATA;
case ZERO_RTT_PROTECTED:
return APPLICATION_DATA;
case VERSION_NEGOTIATION:
case RETRY:
case INVALID_PACKET_TYPE:
QUIC_BUG(quic_bug_10850_6)
<< "Try to get packet number space of long header type: "
<< QuicUtils::QuicLongHeaderTypetoString(header.long_packet_type);
break;
}
}
return NUM_PACKET_NUMBER_SPACES;
}
EncryptionLevel GetEncryptionLevel(const QuicPacketHeader& header) {
switch (header.form) {
case GOOGLE_QUIC_PACKET:
QUIC_BUG(quic_bug_10850_7)
<< "Cannot determine EncryptionLevel from Google QUIC header";
break;
case IETF_QUIC_SHORT_HEADER_PACKET:
return ENCRYPTION_FORWARD_SECURE;
case IETF_QUIC_LONG_HEADER_PACKET:
switch (header.long_packet_type) {
case INITIAL:
return ENCRYPTION_INITIAL;
case HANDSHAKE:
return ENCRYPTION_HANDSHAKE;
case ZERO_RTT_PROTECTED:
return ENCRYPTION_ZERO_RTT;
case VERSION_NEGOTIATION:
case RETRY:
case INVALID_PACKET_TYPE:
QUIC_BUG(quic_bug_10850_8)
<< "No encryption used with type "
<< QuicUtils::QuicLongHeaderTypetoString(header.long_packet_type);
}
}
return NUM_ENCRYPTION_LEVELS;
}
absl::string_view TruncateErrorString(absl::string_view error) {
if (error.length() <= kMaxErrorStringLength) {
return error;
}
return absl::string_view(error.data(), kMaxErrorStringLength);
}
size_t TruncatedErrorStringSize(const absl::string_view& error) {
if (error.length() < kMaxErrorStringLength) {
return error.length();
}
return kMaxErrorStringLength;
}
uint8_t GetConnectionIdLengthValue(QuicConnectionIdLength length) {
if (length == 0) {
return 0;
}
return static_cast<uint8_t>(length - kConnectionIdLengthAdjustment);
}
bool IsValidPacketNumberLength(QuicPacketNumberLength packet_number_length) {
size_t length = packet_number_length;
return length == 1 || length == 2 || length == 4 || length == 6 ||
length == 8;
}
bool IsValidFullPacketNumber(uint64_t full_packet_number,
ParsedQuicVersion version) {
return full_packet_number > 0 || version.HasIetfQuicFrames();
}
bool AppendIetfConnectionIds(bool version_flag, bool use_length_prefix,
QuicConnectionId destination_connection_id,
QuicConnectionId source_connection_id,
QuicDataWriter* writer) {
if (!version_flag) {
return writer->WriteConnectionId(destination_connection_id);
}
if (use_length_prefix) {
return writer->WriteLengthPrefixedConnectionId(destination_connection_id) &&
writer->WriteLengthPrefixedConnectionId(source_connection_id);
}
// Compute connection ID length byte.
uint8_t dcil = GetConnectionIdLengthValue(
static_cast<QuicConnectionIdLength>(destination_connection_id.length()));
uint8_t scil = GetConnectionIdLengthValue(
static_cast<QuicConnectionIdLength>(source_connection_id.length()));
uint8_t connection_id_length = dcil << 4 | scil;
return writer->WriteUInt8(connection_id_length) &&
writer->WriteConnectionId(destination_connection_id) &&
writer->WriteConnectionId(source_connection_id);
}
enum class DroppedPacketReason {
// General errors
INVALID_PUBLIC_HEADER,
VERSION_MISMATCH,
// Version negotiation packet errors
INVALID_VERSION_NEGOTIATION_PACKET,
// Public reset packet errors, pre-v44
INVALID_PUBLIC_RESET_PACKET,
// Data packet errors
INVALID_PACKET_NUMBER,
INVALID_DIVERSIFICATION_NONCE,
DECRYPTION_FAILURE,
NUM_REASONS,
};
void RecordDroppedPacketReason(DroppedPacketReason reason) {
QUIC_CLIENT_HISTOGRAM_ENUM("QuicDroppedPacketReason", reason,
DroppedPacketReason::NUM_REASONS,
"The reason a packet was not processed. Recorded "
"each time such a packet is dropped");
}
PacketHeaderFormat GetIetfPacketHeaderFormat(uint8_t type_byte) {
return type_byte & FLAGS_LONG_HEADER ? IETF_QUIC_LONG_HEADER_PACKET
: IETF_QUIC_SHORT_HEADER_PACKET;
}
std::string GenerateErrorString(std::string initial_error_string,
QuicErrorCode quic_error_code) {
if (quic_error_code == QUIC_IETF_GQUIC_ERROR_MISSING) {
// QUIC_IETF_GQUIC_ERROR_MISSING is special -- it means not to encode
// the error value in the string.
return initial_error_string;
}
return absl::StrCat(std::to_string(static_cast<unsigned>(quic_error_code)),
":", initial_error_string);
}
} // namespace
QuicFramer::QuicFramer(const ParsedQuicVersionVector& supported_versions,
QuicTime creation_time, Perspective perspective,
uint8_t expected_server_connection_id_length)
: visitor_(nullptr),
error_(QUIC_NO_ERROR),
last_serialized_server_connection_id_(EmptyQuicConnectionId()),
last_serialized_client_connection_id_(EmptyQuicConnectionId()),
version_(ParsedQuicVersion::Unsupported()),
supported_versions_(supported_versions),
decrypter_level_(ENCRYPTION_INITIAL),
alternative_decrypter_level_(NUM_ENCRYPTION_LEVELS),
alternative_decrypter_latch_(false),
perspective_(perspective),
validate_flags_(true),
process_timestamps_(false),
receive_timestamps_exponent_(0),
creation_time_(creation_time),
last_timestamp_(QuicTime::Delta::Zero()),
support_key_update_for_connection_(false),
current_key_phase_bit_(false),
potential_peer_key_update_attempt_count_(0),
first_sending_packet_number_(FirstSendingPacketNumber()),
data_producer_(nullptr),
infer_packet_header_type_from_version_(perspective ==
Perspective::IS_CLIENT),
expected_server_connection_id_length_(
expected_server_connection_id_length),
expected_client_connection_id_length_(0),
supports_multiple_packet_number_spaces_(false),
last_written_packet_number_length_(0),
peer_ack_delay_exponent_(kDefaultAckDelayExponent),
local_ack_delay_exponent_(kDefaultAckDelayExponent),
current_received_frame_type_(0),
previously_received_frame_type_(0) {
QUICHE_DCHECK(!supported_versions.empty());
version_ = supported_versions_[0];
QUICHE_DCHECK(version_.IsKnown())
<< ParsedQuicVersionVectorToString(supported_versions_);
}
QuicFramer::~QuicFramer() {}
// static
size_t QuicFramer::GetMinStreamFrameSize(QuicTransportVersion version,
QuicStreamId stream_id,
QuicStreamOffset offset,
bool last_frame_in_packet,
size_t data_length) {
if (VersionHasIetfQuicFrames(version)) {
return kQuicFrameTypeSize + QuicDataWriter::GetVarInt62Len(stream_id) +
(last_frame_in_packet
? 0
: QuicDataWriter::GetVarInt62Len(data_length)) +
(offset != 0 ? QuicDataWriter::GetVarInt62Len(offset) : 0);
}
return kQuicFrameTypeSize + GetStreamIdSize(stream_id) +
GetStreamOffsetSize(offset) +
(last_frame_in_packet ? 0 : kQuicStreamPayloadLengthSize);
}
// static
size_t QuicFramer::GetMinCryptoFrameSize(QuicStreamOffset offset,
QuicPacketLength data_length) {
return kQuicFrameTypeSize + QuicDataWriter::GetVarInt62Len(offset) +
QuicDataWriter::GetVarInt62Len(data_length);
}
// static
size_t QuicFramer::GetMessageFrameSize(QuicTransportVersion version,
bool last_frame_in_packet,
QuicByteCount length) {
QUIC_BUG_IF(quic_bug_12975_1, !VersionSupportsMessageFrames(version))
<< "Try to serialize MESSAGE frame in " << version;
return kQuicFrameTypeSize +
(last_frame_in_packet ? 0 : QuicDataWriter::GetVarInt62Len(length)) +
length;
}
// static
size_t QuicFramer::GetMinAckFrameSize(QuicTransportVersion version,
const QuicAckFrame& ack_frame,
uint32_t local_ack_delay_exponent) {
if (VersionHasIetfQuicFrames(version)) {
// The minimal ack frame consists of the following fields: Largest
// Acknowledged, ACK Delay, 0 ACK Block Count, First ACK Block and ECN
// counts.
// Type byte + largest acked.
size_t min_size =
kQuicFrameTypeSize +
QuicDataWriter::GetVarInt62Len(LargestAcked(ack_frame).ToUint64());
// Ack delay.
min_size += QuicDataWriter::GetVarInt62Len(
ack_frame.ack_delay_time.ToMicroseconds() >> local_ack_delay_exponent);
// 0 ack block count.
min_size += QuicDataWriter::GetVarInt62Len(0);
// First ack block.
min_size += QuicDataWriter::GetVarInt62Len(
ack_frame.packets.Empty() ? 0
: ack_frame.packets.rbegin()->Length() - 1);
// ECN counts.
if (ack_frame.ecn_counters_populated &&
(ack_frame.ect_0_count || ack_frame.ect_1_count ||
ack_frame.ecn_ce_count)) {
min_size += (QuicDataWriter::GetVarInt62Len(ack_frame.ect_0_count) +
QuicDataWriter::GetVarInt62Len(ack_frame.ect_1_count) +
QuicDataWriter::GetVarInt62Len(ack_frame.ecn_ce_count));
}
return min_size;
}
return kQuicFrameTypeSize +
GetMinPacketNumberLength(LargestAcked(ack_frame)) +
kQuicDeltaTimeLargestObservedSize + kQuicNumTimestampsSize;
}
// static
size_t QuicFramer::GetStopWaitingFrameSize(
QuicPacketNumberLength packet_number_length) {
size_t min_size = kQuicFrameTypeSize + packet_number_length;
return min_size;
}
// static
size_t QuicFramer::GetRstStreamFrameSize(QuicTransportVersion version,
const QuicRstStreamFrame& frame) {
if (VersionHasIetfQuicFrames(version)) {
return QuicDataWriter::GetVarInt62Len(frame.stream_id) +
QuicDataWriter::GetVarInt62Len(frame.byte_offset) +
kQuicFrameTypeSize +
QuicDataWriter::GetVarInt62Len(frame.ietf_error_code);
}
return kQuicFrameTypeSize + kQuicMaxStreamIdSize + kQuicMaxStreamOffsetSize +
kQuicErrorCodeSize;
}
// static
size_t QuicFramer::GetConnectionCloseFrameSize(
QuicTransportVersion version, const QuicConnectionCloseFrame& frame) {
if (!VersionHasIetfQuicFrames(version)) {
// Not IETF QUIC, return Google QUIC CONNECTION CLOSE frame size.
return kQuicFrameTypeSize + kQuicErrorCodeSize +
kQuicErrorDetailsLengthSize +
TruncatedErrorStringSize(frame.error_details);
}
// Prepend the extra error information to the string and get the result's
// length.
const size_t truncated_error_string_size = TruncatedErrorStringSize(
GenerateErrorString(frame.error_details, frame.quic_error_code));
const size_t frame_size =
truncated_error_string_size +
QuicDataWriter::GetVarInt62Len(truncated_error_string_size) +
kQuicFrameTypeSize +
QuicDataWriter::GetVarInt62Len(frame.wire_error_code);
if (frame.close_type == IETF_QUIC_APPLICATION_CONNECTION_CLOSE) {
return frame_size;
}
// The Transport close frame has the transport_close_frame_type, so include
// its length.
return frame_size +
QuicDataWriter::GetVarInt62Len(frame.transport_close_frame_type);
}
// static
size_t QuicFramer::GetMinGoAwayFrameSize() {
return kQuicFrameTypeSize + kQuicErrorCodeSize + kQuicErrorDetailsLengthSize +
kQuicMaxStreamIdSize;
}
// static
size_t QuicFramer::GetWindowUpdateFrameSize(
QuicTransportVersion version, const QuicWindowUpdateFrame& frame) {
if (!VersionHasIetfQuicFrames(version)) {
return kQuicFrameTypeSize + kQuicMaxStreamIdSize + kQuicMaxStreamOffsetSize;
}
if (frame.stream_id == QuicUtils::GetInvalidStreamId(version)) {
// Frame would be a MAX DATA frame, which has only a Maximum Data field.
return kQuicFrameTypeSize + QuicDataWriter::GetVarInt62Len(frame.max_data);
}
// Frame would be MAX STREAM DATA, has Maximum Stream Data and Stream ID
// fields.
return kQuicFrameTypeSize + QuicDataWriter::GetVarInt62Len(frame.max_data) +
QuicDataWriter::GetVarInt62Len(frame.stream_id);
}
// static
size_t QuicFramer::GetMaxStreamsFrameSize(QuicTransportVersion version,
const QuicMaxStreamsFrame& frame) {
if (!VersionHasIetfQuicFrames(version)) {
QUIC_BUG(quic_bug_10850_9)
<< "In version " << version
<< ", which does not support IETF Frames, and tried to serialize "
"MaxStreams Frame.";
}
return kQuicFrameTypeSize +
QuicDataWriter::GetVarInt62Len(frame.stream_count);
}
// static
size_t QuicFramer::GetStreamsBlockedFrameSize(
QuicTransportVersion version, const QuicStreamsBlockedFrame& frame) {
if (!VersionHasIetfQuicFrames(version)) {
QUIC_BUG(quic_bug_10850_10)
<< "In version " << version
<< ", which does not support IETF frames, and tried to serialize "
"StreamsBlocked Frame.";
}
return kQuicFrameTypeSize +
QuicDataWriter::GetVarInt62Len(frame.stream_count);
}
// static
size_t QuicFramer::GetBlockedFrameSize(QuicTransportVersion version,
const QuicBlockedFrame& frame) {
if (!VersionHasIetfQuicFrames(version)) {
return kQuicFrameTypeSize + kQuicMaxStreamIdSize;
}
if (frame.stream_id == QuicUtils::GetInvalidStreamId(version)) {
// return size of IETF QUIC Blocked frame
return kQuicFrameTypeSize + QuicDataWriter::GetVarInt62Len(frame.offset);
}
// return size of IETF QUIC Stream Blocked frame.
return kQuicFrameTypeSize + QuicDataWriter::GetVarInt62Len(frame.offset) +
QuicDataWriter::GetVarInt62Len(frame.stream_id);
}
// static
size_t QuicFramer::GetStopSendingFrameSize(const QuicStopSendingFrame& frame) {
return kQuicFrameTypeSize + QuicDataWriter::GetVarInt62Len(frame.stream_id) +
QuicDataWriter::GetVarInt62Len(frame.ietf_error_code);
}
// static
size_t QuicFramer::GetAckFrequencyFrameSize(
const QuicAckFrequencyFrame& frame) {
return QuicDataWriter::GetVarInt62Len(IETF_ACK_FREQUENCY) +
QuicDataWriter::GetVarInt62Len(frame.sequence_number) +
QuicDataWriter::GetVarInt62Len(frame.packet_tolerance) +
QuicDataWriter::GetVarInt62Len(frame.max_ack_delay.ToMicroseconds()) +
// One byte for encoding boolean
1;
}
// static
size_t QuicFramer::GetPathChallengeFrameSize(
const QuicPathChallengeFrame& frame) {
return kQuicFrameTypeSize + sizeof(frame.data_buffer);
}
// static
size_t QuicFramer::GetPathResponseFrameSize(
const QuicPathResponseFrame& frame) {
return kQuicFrameTypeSize + sizeof(frame.data_buffer);
}
// static
size_t QuicFramer::GetRetransmittableControlFrameSize(
QuicTransportVersion version, const QuicFrame& frame) {
switch (frame.type) {
case PING_FRAME:
// Ping has no payload.
return kQuicFrameTypeSize;
case RST_STREAM_FRAME:
return GetRstStreamFrameSize(version, *frame.rst_stream_frame);
case CONNECTION_CLOSE_FRAME:
return GetConnectionCloseFrameSize(version,
*frame.connection_close_frame);
case GOAWAY_FRAME:
return GetMinGoAwayFrameSize() +
TruncatedErrorStringSize(frame.goaway_frame->reason_phrase);
case WINDOW_UPDATE_FRAME:
// For IETF QUIC, this could be either a MAX DATA or MAX STREAM DATA.
// GetWindowUpdateFrameSize figures this out and returns the correct
// length.
return GetWindowUpdateFrameSize(version, *frame.window_update_frame);
case BLOCKED_FRAME:
return GetBlockedFrameSize(version, *frame.blocked_frame);
case NEW_CONNECTION_ID_FRAME:
return GetNewConnectionIdFrameSize(*frame.new_connection_id_frame);
case RETIRE_CONNECTION_ID_FRAME:
return GetRetireConnectionIdFrameSize(*frame.retire_connection_id_frame);
case NEW_TOKEN_FRAME:
return GetNewTokenFrameSize(*frame.new_token_frame);
case MAX_STREAMS_FRAME:
return GetMaxStreamsFrameSize(version, frame.max_streams_frame);
case STREAMS_BLOCKED_FRAME:
return GetStreamsBlockedFrameSize(version, frame.streams_blocked_frame);
case PATH_RESPONSE_FRAME:
return GetPathResponseFrameSize(*frame.path_response_frame);
case PATH_CHALLENGE_FRAME:
return GetPathChallengeFrameSize(*frame.path_challenge_frame);
case STOP_SENDING_FRAME:
return GetStopSendingFrameSize(*frame.stop_sending_frame);
case HANDSHAKE_DONE_FRAME:
// HANDSHAKE_DONE has no payload.
return kQuicFrameTypeSize;
case ACK_FREQUENCY_FRAME:
return GetAckFrequencyFrameSize(*frame.ack_frequency_frame);
case STREAM_FRAME:
case ACK_FRAME:
case STOP_WAITING_FRAME:
case MTU_DISCOVERY_FRAME:
case PADDING_FRAME:
case MESSAGE_FRAME:
case CRYPTO_FRAME:
case NUM_FRAME_TYPES:
QUICHE_DCHECK(false);
return 0;
}
// Not reachable, but some Chrome compilers can't figure that out. *sigh*
QUICHE_DCHECK(false);
return 0;
}
// static
size_t QuicFramer::GetStreamIdSize(QuicStreamId stream_id) {
// Sizes are 1 through 4 bytes.
for (int i = 1; i <= 4; ++i) {
stream_id >>= 8;
if (stream_id == 0) {
return i;
}
}
QUIC_BUG(quic_bug_10850_11) << "Failed to determine StreamIDSize.";
return 4;
}
// static
size_t QuicFramer::GetStreamOffsetSize(QuicStreamOffset offset) {
// 0 is a special case.
if (offset == 0) {
return 0;
}
// 2 through 8 are the remaining sizes.
offset >>= 8;
for (int i = 2; i <= 8; ++i) {
offset >>= 8;
if (offset == 0) {
return i;
}
}
QUIC_BUG(quic_bug_10850_12) << "Failed to determine StreamOffsetSize.";
return 8;
}
// static
size_t QuicFramer::GetNewConnectionIdFrameSize(
const QuicNewConnectionIdFrame& frame) {
return kQuicFrameTypeSize +
QuicDataWriter::GetVarInt62Len(frame.sequence_number) +
QuicDataWriter::GetVarInt62Len(frame.retire_prior_to) +
kConnectionIdLengthSize + frame.connection_id.length() +
sizeof(frame.stateless_reset_token);
}
// static
size_t QuicFramer::GetRetireConnectionIdFrameSize(
const QuicRetireConnectionIdFrame& frame) {
return kQuicFrameTypeSize +
QuicDataWriter::GetVarInt62Len(frame.sequence_number);
}
// static
size_t QuicFramer::GetNewTokenFrameSize(const QuicNewTokenFrame& frame) {
return kQuicFrameTypeSize +
QuicDataWriter::GetVarInt62Len(frame.token.length()) +
frame.token.length();
}
// TODO(nharper): Change this method to take a ParsedQuicVersion.
bool QuicFramer::IsSupportedTransportVersion(
const QuicTransportVersion version) const {
for (const ParsedQuicVersion& supported_version : supported_versions_) {
if (version == supported_version.transport_version) {
return true;
}
}
return false;
}
bool QuicFramer::IsSupportedVersion(const ParsedQuicVersion version) const {
for (const ParsedQuicVersion& supported_version : supported_versions_) {
if (version == supported_version) {
return true;
}
}
return false;
}
size_t QuicFramer::GetSerializedFrameLength(
const QuicFrame& frame, size_t free_bytes, bool first_frame,
bool last_frame, QuicPacketNumberLength packet_number_length) {
// Prevent a rare crash reported in b/19458523.
if (frame.type == ACK_FRAME && frame.ack_frame == nullptr) {
QUIC_BUG(quic_bug_10850_13)
<< "Cannot compute the length of a null ack frame. free_bytes:"
<< free_bytes << " first_frame:" << first_frame
<< " last_frame:" << last_frame
<< " seq num length:" << packet_number_length;
set_error(QUIC_INTERNAL_ERROR);
visitor_->OnError(this);
return 0;
}
if (frame.type == PADDING_FRAME) {
if (frame.padding_frame.num_padding_bytes == -1) {
// Full padding to the end of the packet.
return free_bytes;
} else {
// Lite padding.
return free_bytes <
static_cast<size_t>(frame.padding_frame.num_padding_bytes)
? free_bytes
: frame.padding_frame.num_padding_bytes;
}
}
size_t frame_len =
ComputeFrameLength(frame, last_frame, packet_number_length);
if (frame_len <= free_bytes) {
// Frame fits within packet. Note that acks may be truncated.
return frame_len;
}
// Only truncate the first frame in a packet, so if subsequent ones go
// over, stop including more frames.
if (!first_frame) {
return 0;
}
bool can_truncate =
frame.type == ACK_FRAME &&
free_bytes >= GetMinAckFrameSize(version_.transport_version,
*frame.ack_frame,
local_ack_delay_exponent_);
if (can_truncate) {
// Truncate the frame so the packet will not exceed kMaxOutgoingPacketSize.
// Note that we may not use every byte of the writer in this case.
QUIC_DLOG(INFO) << ENDPOINT
<< "Truncating large frame, free bytes: " << free_bytes;
return free_bytes;
}
return 0;
}
QuicFramer::AckFrameInfo::AckFrameInfo()
: max_block_length(0), first_block_length(0), num_ack_blocks(0) {}
QuicFramer::AckFrameInfo::AckFrameInfo(const AckFrameInfo& other) = default;
QuicFramer::AckFrameInfo::~AckFrameInfo() {}
bool QuicFramer::WriteIetfLongHeaderLength(const QuicPacketHeader& header,
QuicDataWriter* writer,
size_t length_field_offset,
EncryptionLevel level) {
if (!QuicVersionHasLongHeaderLengths(transport_version()) ||
!header.version_flag || length_field_offset == 0) {
return true;
}
if (writer->length() < length_field_offset ||
writer->length() - length_field_offset <
kQuicDefaultLongHeaderLengthLength) {
set_detailed_error("Invalid length_field_offset.");
QUIC_BUG(quic_bug_10850_14) << "Invalid length_field_offset.";
return false;
}
size_t length_to_write = writer->length() - length_field_offset -
kQuicDefaultLongHeaderLengthLength;
// Add length of auth tag.
length_to_write = GetCiphertextSize(level, length_to_write);
QuicDataWriter length_writer(writer->length() - length_field_offset,
writer->data() + length_field_offset);
if (!length_writer.WriteVarInt62(length_to_write,
kQuicDefaultLongHeaderLengthLength)) {
set_detailed_error("Failed to overwrite long header length.");
QUIC_BUG(quic_bug_10850_15) << "Failed to overwrite long header length.";
return false;
}
return true;
}
size_t QuicFramer::BuildDataPacket(const QuicPacketHeader& header,
const QuicFrames& frames, char* buffer,
size_t packet_length,
EncryptionLevel level) {
QUIC_BUG_IF(quic_bug_12975_2,
header.version_flag && version().HasIetfInvariantHeader() &&
header.long_packet_type == RETRY && !frames.empty())
<< "IETF RETRY packets cannot contain frames " << header;
QuicDataWriter writer(packet_length, buffer);
size_t length_field_offset = 0;
if (!AppendPacketHeader(header, &writer, &length_field_offset)) {
QUIC_BUG(quic_bug_10850_16) << "AppendPacketHeader failed";
return 0;
}
if (VersionHasIetfQuicFrames(transport_version())) {
if (AppendIetfFrames(frames, &writer) == 0) {
return 0;
}
if (!WriteIetfLongHeaderLength(header, &writer, length_field_offset,
level)) {
return 0;
}
return writer.length();
}
size_t i = 0;
for (const QuicFrame& frame : frames) {
// Determine if we should write stream frame length in header.
const bool last_frame_in_packet = i == frames.size() - 1;
if (!AppendTypeByte(frame, last_frame_in_packet, &writer)) {
QUIC_BUG(quic_bug_10850_17) << "AppendTypeByte failed";
return 0;
}
switch (frame.type) {
case PADDING_FRAME:
if (!AppendPaddingFrame(frame.padding_frame, &writer)) {
QUIC_BUG(quic_bug_10850_18)
<< "AppendPaddingFrame of "
<< frame.padding_frame.num_padding_bytes << " failed";
return 0;
}
break;
case STREAM_FRAME:
if (!AppendStreamFrame(frame.stream_frame, last_frame_in_packet,
&writer)) {
QUIC_BUG(quic_bug_10850_19) << "AppendStreamFrame failed";
return 0;
}
break;
case ACK_FRAME:
if (!AppendAckFrameAndTypeByte(*frame.ack_frame, &writer)) {
QUIC_BUG(quic_bug_10850_20)
<< "AppendAckFrameAndTypeByte failed: " << detailed_error_;
return 0;
}
break;
case STOP_WAITING_FRAME:
if (!AppendStopWaitingFrame(header, frame.stop_waiting_frame,
&writer)) {
QUIC_BUG(quic_bug_10850_21) << "AppendStopWaitingFrame failed";
return 0;
}
break;
case MTU_DISCOVERY_FRAME:
// MTU discovery frames are serialized as ping frames.
ABSL_FALLTHROUGH_INTENDED;
case PING_FRAME:
// Ping has no payload.
break;
case RST_STREAM_FRAME:
if (!AppendRstStreamFrame(*frame.rst_stream_frame, &writer)) {
QUIC_BUG(quic_bug_10850_22) << "AppendRstStreamFrame failed";
return 0;
}
break;
case CONNECTION_CLOSE_FRAME:
if (!AppendConnectionCloseFrame(*frame.connection_close_frame,
&writer)) {
QUIC_BUG(quic_bug_10850_23) << "AppendConnectionCloseFrame failed";
return 0;
}
break;
case GOAWAY_FRAME:
if (!AppendGoAwayFrame(*frame.goaway_frame, &writer)) {
QUIC_BUG(quic_bug_10850_24) << "AppendGoAwayFrame failed";
return 0;
}
break;
case WINDOW_UPDATE_FRAME:
if (!AppendWindowUpdateFrame(*frame.window_update_frame, &writer)) {
QUIC_BUG(quic_bug_10850_25) << "AppendWindowUpdateFrame failed";
return 0;
}
break;
case BLOCKED_FRAME:
if (!AppendBlockedFrame(*frame.blocked_frame, &writer)) {
QUIC_BUG(quic_bug_10850_26) << "AppendBlockedFrame failed";
return 0;
}
break;
case NEW_CONNECTION_ID_FRAME:
set_detailed_error(
"Attempt to append NEW_CONNECTION_ID frame and not in IETF QUIC.");
return RaiseError(QUIC_INTERNAL_ERROR);
case RETIRE_CONNECTION_ID_FRAME:
set_detailed_error(
"Attempt to append RETIRE_CONNECTION_ID frame and not in IETF "
"QUIC.");
return RaiseError(QUIC_INTERNAL_ERROR);
case NEW_TOKEN_FRAME:
set_detailed_error(
"Attempt to append NEW_TOKEN_ID frame and not in IETF QUIC.");
return RaiseError(QUIC_INTERNAL_ERROR);
case MAX_STREAMS_FRAME:
set_detailed_error(
"Attempt to append MAX_STREAMS frame and not in IETF QUIC.");
return RaiseError(QUIC_INTERNAL_ERROR);
case STREAMS_BLOCKED_FRAME:
set_detailed_error(
"Attempt to append STREAMS_BLOCKED frame and not in IETF QUIC.");
return RaiseError(QUIC_INTERNAL_ERROR);
case PATH_RESPONSE_FRAME:
set_detailed_error(
"Attempt to append PATH_RESPONSE frame and not in IETF QUIC.");
return RaiseError(QUIC_INTERNAL_ERROR);
case PATH_CHALLENGE_FRAME:
set_detailed_error(
"Attempt to append PATH_CHALLENGE frame and not in IETF QUIC.");
return RaiseError(QUIC_INTERNAL_ERROR);
case STOP_SENDING_FRAME:
set_detailed_error(
"Attempt to append STOP_SENDING frame and not in IETF QUIC.");
return RaiseError(QUIC_INTERNAL_ERROR);
case MESSAGE_FRAME:
if (!AppendMessageFrameAndTypeByte(*frame.message_frame,
last_frame_in_packet, &writer)) {
QUIC_BUG(quic_bug_10850_27) << "AppendMessageFrame failed";
return 0;
}
break;
case CRYPTO_FRAME:
if (!QuicVersionUsesCryptoFrames(version_.transport_version)) {
set_detailed_error(
"Attempt to append CRYPTO frame in version prior to 47.");
return RaiseError(QUIC_INTERNAL_ERROR);
}
if (!AppendCryptoFrame(*frame.crypto_frame, &writer)) {
QUIC_BUG(quic_bug_10850_28) << "AppendCryptoFrame failed";
return 0;
}
break;
case HANDSHAKE_DONE_FRAME:
// HANDSHAKE_DONE has no payload.
break;
default:
RaiseError(QUIC_INVALID_FRAME_DATA);
QUIC_BUG(quic_bug_10850_29) << "QUIC_INVALID_FRAME_DATA";
return 0;
}
++i;
}
if (!WriteIetfLongHeaderLength(header, &writer, length_field_offset, level)) {
return 0;
}
return writer.length();
}
size_t QuicFramer::AppendIetfFrames(const QuicFrames& frames,
QuicDataWriter* writer) {
size_t i = 0;
for (const QuicFrame& frame : frames) {
// Determine if we should write stream frame length in header.
const bool last_frame_in_packet = i == frames.size() - 1;
if (!AppendIetfFrameType(frame, last_frame_in_packet, writer)) {
QUIC_BUG(quic_bug_10850_30)
<< "AppendIetfFrameType failed: " << detailed_error();
return 0;
}
switch (frame.type) {
case PADDING_FRAME:
if (!AppendPaddingFrame(frame.padding_frame, writer)) {
QUIC_BUG(quic_bug_10850_31) << "AppendPaddingFrame of "
<< frame.padding_frame.num_padding_bytes
<< " failed: " << detailed_error();
return 0;
}
break;
case STREAM_FRAME:
if (!AppendStreamFrame(frame.stream_frame, last_frame_in_packet,
writer)) {
QUIC_BUG(quic_bug_10850_32)
<< "AppendStreamFrame " << frame.stream_frame
<< " failed: " << detailed_error();
return 0;
}
break;
case ACK_FRAME:
if (!AppendIetfAckFrameAndTypeByte(*frame.ack_frame, writer)) {
QUIC_BUG(quic_bug_10850_33)
<< "AppendIetfAckFrameAndTypeByte failed: " << detailed_error();
return 0;
}
break;
case STOP_WAITING_FRAME:
set_detailed_error(
"Attempt to append STOP WAITING frame in IETF QUIC.");
RaiseError(QUIC_INTERNAL_ERROR);
QUIC_BUG(quic_bug_10850_34) << detailed_error();
return 0;
case MTU_DISCOVERY_FRAME:
// MTU discovery frames are serialized as ping frames.
ABSL_FALLTHROUGH_INTENDED;
case PING_FRAME:
// Ping has no payload.
break;
case RST_STREAM_FRAME:
if (!AppendRstStreamFrame(*frame.rst_stream_frame, writer)) {
QUIC_BUG(quic_bug_10850_35)
<< "AppendRstStreamFrame failed: " << detailed_error();
return 0;
}
break;
case CONNECTION_CLOSE_FRAME:
if (!AppendIetfConnectionCloseFrame(*frame.connection_close_frame,
writer)) {
QUIC_BUG(quic_bug_10850_36)
<< "AppendIetfConnectionCloseFrame failed: " << detailed_error();
return 0;
}
break;
case GOAWAY_FRAME:
set_detailed_error("Attempt to append GOAWAY frame in IETF QUIC.");
RaiseError(QUIC_INTERNAL_ERROR);
QUIC_BUG(quic_bug_10850_37) << detailed_error();
return 0;
case WINDOW_UPDATE_FRAME:
// Depending on whether there is a stream ID or not, will be either a
// MAX STREAM DATA frame or a MAX DATA frame.
if (frame.window_update_frame->stream_id ==
QuicUtils::GetInvalidStreamId(transport_version())) {
if (!AppendMaxDataFrame(*frame.window_update_frame, writer)) {
QUIC_BUG(quic_bug_10850_38)
<< "AppendMaxDataFrame failed: " << detailed_error();
return 0;
}
} else {
if (!AppendMaxStreamDataFrame(*frame.window_update_frame, writer)) {
QUIC_BUG(quic_bug_10850_39)
<< "AppendMaxStreamDataFrame failed: " << detailed_error();
return 0;
}
}
break;
case BLOCKED_FRAME:
if (!AppendBlockedFrame(*frame.blocked_frame, writer)) {
QUIC_BUG(quic_bug_10850_40)
<< "AppendBlockedFrame failed: " << detailed_error();
return 0;
}
break;
case MAX_STREAMS_FRAME:
if (!AppendMaxStreamsFrame(frame.max_streams_frame, writer)) {
QUIC_BUG(quic_bug_10850_41)
<< "AppendMaxStreamsFrame failed: " << detailed_error();
return 0;
}
break;
case STREAMS_BLOCKED_FRAME:
if (!AppendStreamsBlockedFrame(frame.streams_blocked_frame, writer)) {
QUIC_BUG(quic_bug_10850_42)
<< "AppendStreamsBlockedFrame failed: " << detailed_error();
return 0;
}
break;
case NEW_CONNECTION_ID_FRAME:
if (!AppendNewConnectionIdFrame(*frame.new_connection_id_frame,
writer)) {
QUIC_BUG(quic_bug_10850_43)
<< "AppendNewConnectionIdFrame failed: " << detailed_error();
return 0;
}
break;
case RETIRE_CONNECTION_ID_FRAME:
if (!AppendRetireConnectionIdFrame(*frame.retire_connection_id_frame,
writer)) {
QUIC_BUG(quic_bug_10850_44)
<< "AppendRetireConnectionIdFrame failed: " << detailed_error();
return 0;
}
break;
case NEW_TOKEN_FRAME:
if (!AppendNewTokenFrame(*frame.new_token_frame, writer)) {
QUIC_BUG(quic_bug_10850_45)
<< "AppendNewTokenFrame failed: " << detailed_error();
return 0;
}
break;
case STOP_SENDING_FRAME:
if (!AppendStopSendingFrame(*frame.stop_sending_frame, writer)) {
QUIC_BUG(quic_bug_10850_46)
<< "AppendStopSendingFrame failed: " << detailed_error();
return 0;
}
break;
case PATH_CHALLENGE_FRAME:
if (!AppendPathChallengeFrame(*frame.path_challenge_frame, writer)) {
QUIC_BUG(quic_bug_10850_47)
<< "AppendPathChallengeFrame failed: " << detailed_error();
return 0;
}
break;
case PATH_RESPONSE_FRAME:
if (!AppendPathResponseFrame(*frame.path_response_frame, writer)) {
QUIC_BUG(quic_bug_10850_48)
<< "AppendPathResponseFrame failed: " << detailed_error();
return 0;
}
break;
case MESSAGE_FRAME:
if (!AppendMessageFrameAndTypeByte(*frame.message_frame,
last_frame_in_packet, writer)) {
QUIC_BUG(quic_bug_10850_49)
<< "AppendMessageFrame failed: " << detailed_error();
return 0;
}
break;
case CRYPTO_FRAME:
if (!AppendCryptoFrame(*frame.crypto_frame, writer)) {
QUIC_BUG(quic_bug_10850_50)
<< "AppendCryptoFrame failed: " << detailed_error();
return 0;
}
break;
case HANDSHAKE_DONE_FRAME:
// HANDSHAKE_DONE has no payload.
break;
case ACK_FREQUENCY_FRAME:
if (!AppendAckFrequencyFrame(*frame.ack_frequency_frame, writer)) {
QUIC_BUG(quic_bug_10850_51)
<< "AppendAckFrequencyFrame failed: " << detailed_error();
return 0;
}
break;
default:
set_detailed_error("Tried to append unknown frame type.");
RaiseError(QUIC_INVALID_FRAME_DATA);
QUIC_BUG(quic_bug_10850_52)
<< "QUIC_INVALID_FRAME_DATA: " << frame.type;
return 0;
}
++i;
}
return writer->length();
}
// static
std::unique_ptr<QuicEncryptedPacket> QuicFramer::BuildPublicResetPacket(
const QuicPublicResetPacket& packet) {
CryptoHandshakeMessage reset;
reset.set_tag(kPRST);
reset.SetValue(kRNON, packet.nonce_proof);
if (packet.client_address.host().address_family() !=
IpAddressFamily::IP_UNSPEC) {
// packet.client_address is non-empty.
QuicSocketAddressCoder address_coder(packet.client_address);
std::string serialized_address = address_coder.Encode();
if (serialized_address.empty()) {
return nullptr;
}
reset.SetStringPiece(kCADR, serialized_address);
}
if (!packet.endpoint_id.empty()) {
reset.SetStringPiece(kEPID, packet.endpoint_id);
}
const QuicData& reset_serialized = reset.GetSerialized();
size_t len = kPublicFlagsSize + packet.connection_id.length() +
reset_serialized.length();
std::unique_ptr<char[]> buffer(new char[len]);
QuicDataWriter writer(len, buffer.get());
uint8_t flags = static_cast<uint8_t>(PACKET_PUBLIC_FLAGS_RST |
PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID);
// This hack makes post-v33 public reset packet look like pre-v33 packets.
flags |= static_cast<uint8_t>(PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID_OLD);
if (!writer.WriteUInt8(flags)) {
return nullptr;
}
if (!writer.WriteConnectionId(packet.connection_id)) {
return nullptr;
}
if (!writer.WriteBytes(reset_serialized.data(), reset_serialized.length())) {
return nullptr;
}
return std::make_unique<QuicEncryptedPacket>(buffer.release(), len, true);
}
// static
size_t QuicFramer::GetMinStatelessResetPacketLength() {
// 5 bytes (40 bits) = 2 Fixed Bits (01) + 38 Unpredictable bits
return 5 + kStatelessResetTokenLength;
}
// static
std::unique_ptr<QuicEncryptedPacket> QuicFramer::BuildIetfStatelessResetPacket(
QuicConnectionId /*connection_id*/, size_t received_packet_length,
StatelessResetToken stateless_reset_token) {
QUIC_DVLOG(1) << "Building IETF stateless reset packet.";
if (received_packet_length <= GetMinStatelessResetPacketLength()) {
QUICHE_DLOG(ERROR)
<< "Tried to build stateless reset packet with received packet "
"length "
<< received_packet_length;
return nullptr;
}
// To ensure stateless reset is indistinguishable from a valid packet,
// include the max connection ID length.
size_t len = std::min(received_packet_length - 1,
GetMinStatelessResetPacketLength() + 1 +
kQuicMaxConnectionIdWithLengthPrefixLength);
std::unique_ptr<char[]> buffer(new char[len]);
QuicDataWriter writer(len, buffer.get());
// Append random bytes. This randomness only exists to prevent middleboxes
// from comparing the entire packet to a known value. Therefore it has no
// cryptographic use, and does not need a secure cryptographic pseudo-random
// number generator. It's therefore safe to use WriteInsecureRandomBytes.
if (!writer.WriteInsecureRandomBytes(QuicRandom::GetInstance(),
len - kStatelessResetTokenLength)) {
QUIC_BUG(362045737_2) << "Failed to append random bytes of length: "
<< len - kStatelessResetTokenLength;
return nullptr;
}
// Change first 2 fixed bits to 01.
buffer[0] &= ~FLAGS_LONG_HEADER;
buffer[0] |= FLAGS_FIXED_BIT;
// Append stateless reset token.
if (!writer.WriteBytes(&stateless_reset_token,
sizeof(stateless_reset_token))) {
QUIC_BUG(362045737_3) << "Failed to write stateless reset token";
return nullptr;
}
return std::make_unique<QuicEncryptedPacket>(buffer.release(), len,
/*owns_buffer=*/true);
}
// static
std::unique_ptr<QuicEncryptedPacket> QuicFramer::BuildVersionNegotiationPacket(
QuicConnectionId server_connection_id,
QuicConnectionId client_connection_id, bool ietf_quic,
bool use_length_prefix, const ParsedQuicVersionVector& versions) {
QUIC_CODE_COUNT(quic_build_version_negotiation);
if (use_length_prefix) {
QUICHE_DCHECK(ietf_quic);
QUIC_CODE_COUNT(quic_build_version_negotiation_ietf);
} else if (ietf_quic) {
QUIC_CODE_COUNT(quic_build_version_negotiation_old_ietf);
} else {
QUIC_CODE_COUNT(quic_build_version_negotiation_old_gquic);
}
ParsedQuicVersionVector wire_versions = versions;
// Add a version reserved for negotiation as suggested by the
// "Using Reserved Versions" section of draft-ietf-quic-transport.
if (wire_versions.empty()) {
// Ensure that version negotiation packets we send have at least two
// versions. This guarantees that, under all circumstances, all QUIC
// packets we send are at least 14 bytes long.
wire_versions = {QuicVersionReservedForNegotiation(),
QuicVersionReservedForNegotiation()};
} else {
// This is not uniformely distributed but is acceptable since no security
// depends on this randomness.
size_t version_index = 0;
const bool disable_randomness =
GetQuicFlag(FLAGS_quic_disable_version_negotiation_grease_randomness);
if (!disable_randomness) {
version_index =
QuicRandom::GetInstance()->RandUint64() % (wire_versions.size() + 1);
}
wire_versions.insert(wire_versions.begin() + version_index,
QuicVersionReservedForNegotiation());
}
if (ietf_quic) {
return BuildIetfVersionNegotiationPacket(
use_length_prefix, server_connection_id, client_connection_id,
wire_versions);
}
// The GQUIC encoding does not support encoding client connection IDs.
QUICHE_DCHECK(client_connection_id.IsEmpty());
// The GQUIC encoding does not support length-prefixed connection IDs.
QUICHE_DCHECK(!use_length_prefix);
QUICHE_DCHECK(!wire_versions.empty());
size_t len = kPublicFlagsSize + server_connection_id.length() +
wire_versions.size() * kQuicVersionSize;
std::unique_ptr<char[]> buffer(new char[len]);
QuicDataWriter writer(len, buffer.get());
uint8_t flags = static_cast<uint8_t>(
PACKET_PUBLIC_FLAGS_VERSION | PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID |
PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID_OLD);
if (!writer.WriteUInt8(flags)) {
return nullptr;
}
if (!writer.WriteConnectionId(server_connection_id)) {
return nullptr;
}
for (const ParsedQuicVersion& version : wire_versions) {
if (!writer.WriteUInt32(CreateQuicVersionLabel(version))) {
return nullptr;
}
}
return std::make_unique<QuicEncryptedPacket>(buffer.release(), len, true);
}
// static
std::unique_ptr<QuicEncryptedPacket>
QuicFramer::BuildIetfVersionNegotiationPacket(
bool use_length_prefix, QuicConnectionId server_connection_id,
QuicConnectionId client_connection_id,
const ParsedQuicVersionVector& versions) {
QUIC_DVLOG(1) << "Building IETF version negotiation packet with"
<< (use_length_prefix ? "" : "out")
<< " length prefix, server_connection_id "
<< server_connection_id << " client_connection_id "
<< client_connection_id << " versions "
<< ParsedQuicVersionVectorToString(versions);
QUICHE_DCHECK(!versions.empty());
size_t len = kPacketHeaderTypeSize + kConnectionIdLengthSize +
client_connection_id.length() + server_connection_id.length() +
(versions.size() + 1) * kQuicVersionSize;
if (use_length_prefix) {
// When using length-prefixed connection IDs, packets carry two lengths
// instead of one.
len += kConnectionIdLengthSize;
}
std::unique_ptr<char[]> buffer(new char[len]);
QuicDataWriter writer(len, buffer.get());
// TODO(fayang): Randomly select a value for the type.
uint8_t type = static_cast<uint8_t>(FLAGS_LONG_HEADER | FLAGS_FIXED_BIT);
if (!writer.WriteUInt8(type)) {
return nullptr;
}
if (!writer.WriteUInt32(0)) {
return nullptr;
}
if (!AppendIetfConnectionIds(true, use_length_prefix, client_connection_id,
server_connection_id, &writer)) {
return nullptr;
}
for (const ParsedQuicVersion& version : versions) {
if (!writer.WriteUInt32(CreateQuicVersionLabel(version))) {
return nullptr;
}
}
return std::make_unique<QuicEncryptedPacket>(buffer.release(), len, true);
}
bool QuicFramer::ProcessPacket(const QuicEncryptedPacket& packet) {
QUICHE_DCHECK(!is_processing_packet_) << ENDPOINT << "Nested ProcessPacket";
is_processing_packet_ = true;
bool result = ProcessPacketInternal(packet);
is_processing_packet_ = false;
return result;
}
bool QuicFramer::ProcessPacketInternal(const QuicEncryptedPacket& packet) {
QuicDataReader reader(packet.data(), packet.length());
bool packet_has_ietf_packet_header = false;
if (infer_packet_header_type_from_version_) {
packet_has_ietf_packet_header = version_.HasIetfInvariantHeader();
} else if (!reader.IsDoneReading()) {
uint8_t type = reader.PeekByte();
packet_has_ietf_packet_header = QuicUtils::IsIetfPacketHeader(type);
}
if (packet_has_ietf_packet_header) {
QUIC_DVLOG(1) << ENDPOINT << "Processing IETF QUIC packet.";
}
visitor_->OnPacket();
QuicPacketHeader header;
if (!ProcessPublicHeader(&reader, packet_has_ietf_packet_header, &header)) {
QUICHE_DCHECK_NE("", detailed_error_);
QUIC_DVLOG(1) << ENDPOINT << "Unable to process public header. Error: "
<< detailed_error_;
QUICHE_DCHECK_NE("", detailed_error_);
RecordDroppedPacketReason(DroppedPacketReason::INVALID_PUBLIC_HEADER);
return RaiseError(QUIC_INVALID_PACKET_HEADER);
}
if (!visitor_->OnUnauthenticatedPublicHeader(header)) {
// The visitor suppresses further processing of the packet.
return true;
}
if (IsVersionNegotiation(header, packet_has_ietf_packet_header)) {
if (perspective_ == Perspective::IS_CLIENT) {
QUIC_DVLOG(1) << "Client received version negotiation packet";
return ProcessVersionNegotiationPacket(&reader, header);
} else {
QUIC_DLOG(ERROR) << "Server received version negotiation packet";
set_detailed_error("Server received version negotiation packet.");
return RaiseError(QUIC_INVALID_VERSION_NEGOTIATION_PACKET);
}
}
if (header.version_flag && header.version != version_) {
if (perspective_ == Perspective::IS_SERVER) {
if (!visitor_->OnProtocolVersionMismatch(header.version)) {
RecordDroppedPacketReason(DroppedPacketReason::VERSION_MISMATCH);
return true;
}
} else {
// A client received a packet of a different version but that packet is
// not a version negotiation packet. It is therefore invalid and dropped.
QUIC_DLOG(ERROR) << "Client received unexpected version "
<< ParsedQuicVersionToString(header.version)
<< " instead of " << ParsedQuicVersionToString(version_);
set_detailed_error("Client received unexpected version.");
return RaiseError(QUIC_INVALID_VERSION);
}
}
bool rv;
if (header.long_packet_type == RETRY) {
rv = ProcessRetryPacket(&reader, header);
} else if (header.reset_flag) {
rv = ProcessPublicResetPacket(&reader, header);
} else if (packet.length() <= kMaxIncomingPacketSize) {
// The optimized decryption algorithm implementations run faster when
// operating on aligned memory.
ABSL_CACHELINE_ALIGNED char buffer[kMaxIncomingPacketSize];
if (packet_has_ietf_packet_header) {
rv = ProcessIetfDataPacket(&reader, &header, packet, buffer,
ABSL_ARRAYSIZE(buffer));
} else {
rv = ProcessDataPacket(&reader, &header, packet, buffer,
ABSL_ARRAYSIZE(buffer));
}
} else {
std::unique_ptr<char[]> large_buffer(new char[packet.length()]);
if (packet_has_ietf_packet_header) {
rv = ProcessIetfDataPacket(&reader, &header, packet, large_buffer.get(),
packet.length());
} else {
rv = ProcessDataPacket(&reader, &header, packet, large_buffer.get(),
packet.length());
}
QUIC_BUG_IF(quic_bug_10850_53, rv)
<< "QUIC should never successfully process packets larger"
<< "than kMaxIncomingPacketSize. packet size:" << packet.length();
}
return rv;
}
bool QuicFramer::ProcessVersionNegotiationPacket(
QuicDataReader* reader, const QuicPacketHeader& header) {
QUICHE_DCHECK_EQ(Perspective::IS_CLIENT, perspective_);
QuicVersionNegotiationPacket packet(
GetServerConnectionIdAsRecipient(header, perspective_));
// Try reading at least once to raise error if the packet is invalid.
do {
QuicVersionLabel version_label;
if (!ProcessVersionLabel(reader, &version_label)) {
set_detailed_error("Unable to read supported version in negotiation.");
RecordDroppedPacketReason(
DroppedPacketReason::INVALID_VERSION_NEGOTIATION_PACKET);
return RaiseError(QUIC_INVALID_VERSION_NEGOTIATION_PACKET);
}
ParsedQuicVersion parsed_version = ParseQuicVersionLabel(version_label);
if (parsed_version != UnsupportedQuicVersion()) {
packet.versions.push_back(parsed_version);
}
} while (!reader->IsDoneReading());
QUIC_DLOG(INFO) << ENDPOINT << "parsed version negotiation: "
<< ParsedQuicVersionVectorToString(packet.versions);
visitor_->OnVersionNegotiationPacket(packet);
return true;
}
bool QuicFramer::ProcessRetryPacket(QuicDataReader* reader,
const QuicPacketHeader& header) {
QUICHE_DCHECK_EQ(Perspective::IS_CLIENT, perspective_);
if (drop_incoming_retry_packets_) {
QUIC_DLOG(INFO) << "Ignoring received RETRY packet";
return true;
}
if (version_.UsesTls()) {
QUICHE_DCHECK(version_.HasLengthPrefixedConnectionIds()) << version_;
const size_t bytes_remaining = reader->BytesRemaining();
if (bytes_remaining <= kRetryIntegrityTagLength) {
set_detailed_error("Retry packet too short to parse integrity tag.");
return false;
}
const size_t retry_token_length =
bytes_remaining - kRetryIntegrityTagLength;
QUICHE_DCHECK_GT(retry_token_length, 0u);
absl::string_view retry_token;
if (!reader->ReadStringPiece(&retry_token, retry_token_length)) {
set_detailed_error("Failed to read retry token.");
return false;
}
absl::string_view retry_without_tag = reader->PreviouslyReadPayload();
absl::string_view integrity_tag = reader->ReadRemainingPayload();
QUICHE_DCHECK_EQ(integrity_tag.length(), kRetryIntegrityTagLength);
visitor_->OnRetryPacket(EmptyQuicConnectionId(),
header.source_connection_id, retry_token,
integrity_tag, retry_without_tag);
return true;
}
QuicConnectionId original_destination_connection_id;
if (version_.HasLengthPrefixedConnectionIds()) {
// Parse Original Destination Connection ID.
if (!reader->ReadLengthPrefixedConnectionId(
&original_destination_connection_id)) {
set_detailed_error("Unable to read Original Destination ConnectionId.");
return false;
}
} else {
// Parse Original Destination Connection ID Length.
uint8_t odcil = header.type_byte & 0xf;
if (odcil != 0) {
odcil += kConnectionIdLengthAdjustment;
}
// Parse Original Destination Connection ID.
if (!reader->ReadConnectionId(&original_destination_connection_id, odcil)) {
set_detailed_error("Unable to read Original Destination ConnectionId.");
return false;
}
}
if (!QuicUtils::IsConnectionIdValidForVersion(
original_destination_connection_id, transport_version())) {
set_detailed_error(
"Received Original Destination ConnectionId with invalid length.");
return false;
}
absl::string_view retry_token = reader->ReadRemainingPayload();
visitor_->OnRetryPacket(original_destination_connection_id,
header.source_connection_id, retry_token,
/*retry_integrity_tag=*/absl::string_view(),
/*retry_without_tag=*/absl::string_view());
return true;
}
// Seeks the current packet to check for a coalesced packet at the end.
// If the IETF length field only spans part of the outer packet,
// then there is a coalesced packet after this one.
void QuicFramer::MaybeProcessCoalescedPacket(
const QuicDataReader& encrypted_reader, uint64_t remaining_bytes_length,
const QuicPacketHeader& header) {
if (header.remaining_packet_length >= remaining_bytes_length) {
// There is no coalesced packet.
return;
}
absl::string_view remaining_data = encrypted_reader.PeekRemainingPayload();
QUICHE_DCHECK_EQ(remaining_data.length(), remaining_bytes_length);
const char* coalesced_data =
remaining_data.data() + header.remaining_packet_length;
uint64_t coalesced_data_length =
remaining_bytes_length - header.remaining_packet_length;
QuicDataReader coalesced_reader(coalesced_data, coalesced_data_length);
QuicPacketHeader coalesced_header;
if (!ProcessIetfPacketHeader(&coalesced_reader, &coalesced_header)) {
// Some implementations pad their INITIAL packets by sending random invalid
// data after the INITIAL, and that is allowed by the specification. If we
// fail to parse a subsequent coalesced packet, simply ignore it.
QUIC_DLOG(INFO) << ENDPOINT
<< "Failed to parse received coalesced header of length "
<< coalesced_data_length
<< " with error: " << detailed_error_ << ": "
<< absl::BytesToHexString(absl::string_view(
coalesced_data, coalesced_data_length))
<< " previous header was " << header;
return;
}
if (coalesced_header.destination_connection_id !=
header.destination_connection_id) {
// Drop coalesced packets with mismatched connection IDs.
QUIC_DLOG(INFO) << ENDPOINT << "Received mismatched coalesced header "
<< coalesced_header << " previous header was " << header;
QUIC_CODE_COUNT(
quic_received_coalesced_packets_with_mismatched_connection_id);
return;
}
QuicEncryptedPacket coalesced_packet(coalesced_data, coalesced_data_length,
/*owns_buffer=*/false);
visitor_->OnCoalescedPacket(coalesced_packet);
}
bool QuicFramer::MaybeProcessIetfLength(QuicDataReader* encrypted_reader,
QuicPacketHeader* header) {
if (!QuicVersionHasLongHeaderLengths(header->version.transport_version) ||
header->form != IETF_QUIC_LONG_HEADER_PACKET ||
(header->long_packet_type != INITIAL &&
header->long_packet_type != HANDSHAKE &&
header->long_packet_type != ZERO_RTT_PROTECTED)) {
return true;
}
header->length_length = encrypted_reader->PeekVarInt62Length();
if (!encrypted_reader->ReadVarInt62(&header->remaining_packet_length)) {
set_detailed_error("Unable to read long header payload length.");
return RaiseError(QUIC_INVALID_PACKET_HEADER);
}
uint64_t remaining_bytes_length = encrypted_reader->BytesRemaining();
if (header->remaining_packet_length > remaining_bytes_length) {
set_detailed_error("Long header payload length longer than packet.");
return RaiseError(QUIC_INVALID_PACKET_HEADER);
}
MaybeProcessCoalescedPacket(*encrypted_reader, remaining_bytes_length,
*header);
if (!encrypted_reader->TruncateRemaining(header->remaining_packet_length)) {
set_detailed_error("Length TruncateRemaining failed.");
QUIC_BUG(quic_bug_10850_54) << "Length TruncateRemaining failed.";
return RaiseError(QUIC_INVALID_PACKET_HEADER);
}
return true;
}
bool QuicFramer::ProcessIetfDataPacket(QuicDataReader* encrypted_reader,
QuicPacketHeader* header,
const QuicEncryptedPacket& packet,
char* decrypted_buffer,
size_t buffer_length) {
QUICHE_DCHECK_NE(GOOGLE_QUIC_PACKET, header->form);
QUICHE_DCHECK(!header->has_possible_stateless_reset_token);
header->length_length = VARIABLE_LENGTH_INTEGER_LENGTH_0;
header->remaining_packet_length = 0;
if (header->form == IETF_QUIC_SHORT_HEADER_PACKET &&
perspective_ == Perspective::IS_CLIENT) {
// Peek possible stateless reset token. Will only be used on decryption
// failure.
absl::string_view remaining = encrypted_reader->PeekRemainingPayload();
if (remaining.length() >= sizeof(header->possible_stateless_reset_token)) {
header->has_possible_stateless_reset_token = true;
memcpy(&header->possible_stateless_reset_token,
&remaining.data()[remaining.length() -
sizeof(header->possible_stateless_reset_token)],
sizeof(header->possible_stateless_reset_token));
}
}
if (!MaybeProcessIetfLength(encrypted_reader, header)) {
return false;
}
absl::string_view associated_data;
std::vector<char> ad_storage;
QuicPacketNumber base_packet_number;
if (header->form == IETF_QUIC_SHORT_HEADER_PACKET ||
header->long_packet_type != VERSION_NEGOTIATION) {
QUICHE_DCHECK(header->form == IETF_QUIC_SHORT_HEADER_PACKET ||
header->long_packet_type == INITIAL ||
header->long_packet_type == HANDSHAKE ||
header->long_packet_type == ZERO_RTT_PROTECTED);
// Process packet number.
if (supports_multiple_packet_number_spaces_) {
PacketNumberSpace pn_space = GetPacketNumberSpace(*header);
if (pn_space == NUM_PACKET_NUMBER_SPACES) {
return RaiseError(QUIC_INVALID_PACKET_HEADER);
}
base_packet_number = largest_decrypted_packet_numbers_[pn_space];
} else {
base_packet_number = largest_packet_number_;
}
uint64_t full_packet_number;
bool hp_removal_failed = false;
if (version_.HasHeaderProtection()) {
if (!RemoveHeaderProtection(encrypted_reader, packet, header,
&full_packet_number, &ad_storage)) {
hp_removal_failed = true;
}
associated_data = absl::string_view(ad_storage.data(), ad_storage.size());
} else if (!ProcessAndCalculatePacketNumber(
encrypted_reader, header->packet_number_length,
base_packet_number, &full_packet_number)) {
set_detailed_error("Unable to read packet number.");
RecordDroppedPacketReason(DroppedPacketReason::INVALID_PACKET_NUMBER);
return RaiseError(QUIC_INVALID_PACKET_HEADER);
}
if (hp_removal_failed ||
!IsValidFullPacketNumber(full_packet_number, version())) {
if (IsIetfStatelessResetPacket(*header)) {
// This is a stateless reset packet.
QuicIetfStatelessResetPacket packet(
*header, header->possible_stateless_reset_token);
visitor_->OnAuthenticatedIetfStatelessResetPacket(packet);
return true;
}
if (hp_removal_failed) {
const EncryptionLevel decryption_level = GetEncryptionLevel(*header);
const bool has_decryption_key = decrypter_[decryption_level] != nullptr;
visitor_->OnUndecryptablePacket(
QuicEncryptedPacket(encrypted_reader->FullPayload()),
decryption_level, has_decryption_key);
RecordDroppedPacketReason(DroppedPacketReason::DECRYPTION_FAILURE);
set_detailed_error(absl::StrCat(
"Unable to decrypt ", EncryptionLevelToString(decryption_level),
" header protection", has_decryption_key ? "" : " (missing key)",
"."));
return RaiseError(QUIC_DECRYPTION_FAILURE);
}
RecordDroppedPacketReason(DroppedPacketReason::INVALID_PACKET_NUMBER);
set_detailed_error("packet numbers cannot be 0.");
return RaiseError(QUIC_INVALID_PACKET_HEADER);
}
header->packet_number = QuicPacketNumber(full_packet_number);
}
// A nonce should only present in SHLO from the server to the client when
// using QUIC crypto.
if (header->form == IETF_QUIC_LONG_HEADER_PACKET &&
header->long_packet_type == ZERO_RTT_PROTECTED &&
perspective_ == Perspective::IS_CLIENT &&
version_.handshake_protocol == PROTOCOL_QUIC_CRYPTO) {
if (!encrypted_reader->ReadBytes(
reinterpret_cast<uint8_t*>(last_nonce_.data()),
last_nonce_.size())) {
set_detailed_error("Unable to read nonce.");
RecordDroppedPacketReason(
DroppedPacketReason::INVALID_DIVERSIFICATION_NONCE);
return RaiseError(QUIC_INVALID_PACKET_HEADER);
}
header->nonce = &last_nonce_;
} else {
header->nonce = nullptr;
}
if (!visitor_->OnUnauthenticatedHeader(*header)) {
set_detailed_error(
"Visitor asked to stop processing of unauthenticated header.");
return false;
}
absl::string_view encrypted = encrypted_reader->ReadRemainingPayload();
if (!version_.HasHeaderProtection()) {
associated_data = GetAssociatedDataFromEncryptedPacket(
version_.transport_version, packet,
GetIncludedDestinationConnectionIdLength(*header),
GetIncludedSourceConnectionIdLength(*header), header->version_flag,
header->nonce != nullptr, header->packet_number_length,
header->retry_token_length_length, header->retry_token.length(),
header->length_length);
}
size_t decrypted_length = 0;
EncryptionLevel decrypted_level;
if (!DecryptPayload(packet.length(), encrypted, associated_data, *header,
decrypted_buffer, buffer_length, &decrypted_length,
&decrypted_level)) {
if (IsIetfStatelessResetPacket(*header)) {
// This is a stateless reset packet.
QuicIetfStatelessResetPacket packet(
*header, header->possible_stateless_reset_token);
visitor_->OnAuthenticatedIetfStatelessResetPacket(packet);
return true;
}
const EncryptionLevel decryption_level = GetEncryptionLevel(*header);
const bool has_decryption_key = version_.KnowsWhichDecrypterToUse() &&
decrypter_[decryption_level] != nullptr;
visitor_->OnUndecryptablePacket(
QuicEncryptedPacket(encrypted_reader->FullPayload()), decryption_level,
has_decryption_key);
set_detailed_error(absl::StrCat(
"Unable to decrypt ", EncryptionLevelToString(decryption_level),
" payload with reconstructed packet number ",
header->packet_number.ToString(), " (largest decrypted was ",
base_packet_number.ToString(), ")",
has_decryption_key || !version_.KnowsWhichDecrypterToUse()
? ""
: " (missing key)",
"."));
RecordDroppedPacketReason(DroppedPacketReason::DECRYPTION_FAILURE);
return RaiseError(QUIC_DECRYPTION_FAILURE);
}
QuicDataReader reader(decrypted_buffer, decrypted_length);
// Update the largest packet number after we have decrypted the packet
// so we are confident is not attacker controlled.
if (supports_multiple_packet_number_spaces_) {
largest_decrypted_packet_numbers_[QuicUtils::GetPacketNumberSpace(
decrypted_level)]
.UpdateMax(header->packet_number);
} else {
largest_packet_number_.UpdateMax(header->packet_number);
}
if (!visitor_->OnPacketHeader(*header)) {
RecordDroppedPacketReason(DroppedPacketReason::INVALID_PACKET_NUMBER);
// The visitor suppresses further processing of the packet.
return true;
}
if (packet.length() > kMaxIncomingPacketSize) {
set_detailed_error("Packet too large.");
return RaiseError(QUIC_PACKET_TOO_LARGE);
}
// Handle the payload.
if (VersionHasIetfQuicFrames(version_.transport_version)) {
current_received_frame_type_ = 0;
previously_received_frame_type_ = 0;
if (!ProcessIetfFrameData(&reader, *header, decrypted_level)) {
current_received_frame_type_ = 0;
previously_received_frame_type_ = 0;
QUICHE_DCHECK_NE(QUIC_NO_ERROR,
error_); // ProcessIetfFrameData sets the error.
QUICHE_DCHECK_NE("", detailed_error_);
QUIC_DLOG(WARNING) << ENDPOINT << "Unable to process frame data. Error: "
<< detailed_error_;
return false;
}
current_received_frame_type_ = 0;
previously_received_frame_type_ = 0;
} else {
if (!ProcessFrameData(&reader, *header)) {
QUICHE_DCHECK_NE(QUIC_NO_ERROR,
error_); // ProcessFrameData sets the error.
QUICHE_DCHECK_NE("", detailed_error_);
QUIC_DLOG(WARNING) << ENDPOINT << "Unable to process frame data. Error: "
<< detailed_error_;
return false;
}
}
visitor_->OnPacketComplete();
return true;
}
bool QuicFramer::ProcessDataPacket(QuicDataReader* encrypted_reader,
QuicPacketHeader* header,
const QuicEncryptedPacket& packet,
char* decrypted_buffer,
size_t buffer_length) {
if (!ProcessUnauthenticatedHeader(encrypted_reader, header)) {
QUICHE_DCHECK_NE("", detailed_error_);
QUIC_DVLOG(1)
<< ENDPOINT
<< "Unable to process packet header. Stopping parsing. Error: "
<< detailed_error_;
RecordDroppedPacketReason(DroppedPacketReason::INVALID_PACKET_NUMBER);
return false;
}
absl::string_view encrypted = encrypted_reader->ReadRemainingPayload();
absl::string_view associated_data = GetAssociatedDataFromEncryptedPacket(
version_.transport_version, packet,
GetIncludedDestinationConnectionIdLength(*header),
GetIncludedSourceConnectionIdLength(*header), header->version_flag,
header->nonce != nullptr, header->packet_number_length,
header->retry_token_length_length, header->retry_token.length(),
header->length_length);
size_t decrypted_length = 0;
EncryptionLevel decrypted_level;
if (!DecryptPayload(packet.length(), encrypted, associated_data, *header,
decrypted_buffer, buffer_length, &decrypted_length,
&decrypted_level)) {
const EncryptionLevel decryption_level = decrypter_level_;
// This version uses trial decryption so we always report to our visitor
// that we are not certain we have the correct decryption key.
const bool has_decryption_key = false;
visitor_->OnUndecryptablePacket(
QuicEncryptedPacket(encrypted_reader->FullPayload()), decryption_level,
has_decryption_key);
RecordDroppedPacketReason(DroppedPacketReason::DECRYPTION_FAILURE);
set_detailed_error(absl::StrCat("Unable to decrypt ",
EncryptionLevelToString(decryption_level),
" payload."));
return RaiseError(QUIC_DECRYPTION_FAILURE);
}
QuicDataReader reader(decrypted_buffer, decrypted_length);
// Update the largest packet number after we have decrypted the packet
// so we are confident is not attacker controlled.
if (supports_multiple_packet_number_spaces_) {
largest_decrypted_packet_numbers_[QuicUtils::GetPacketNumberSpace(
decrypted_level)]
.UpdateMax(header->packet_number);
} else {
largest_packet_number_.UpdateMax(header->packet_number);
}
if (!visitor_->OnPacketHeader(*header)) {
// The visitor suppresses further processing of the packet.
return true;
}
if (packet.length() > kMaxIncomingPacketSize) {
set_detailed_error("Packet too large.");
return RaiseError(QUIC_PACKET_TOO_LARGE);
}
// Handle the payload.
if (!ProcessFrameData(&reader, *header)) {
QUICHE_DCHECK_NE(QUIC_NO_ERROR,
error_); // ProcessFrameData sets the error.
QUICHE_DCHECK_NE("", detailed_error_);
QUIC_DLOG(WARNING) << ENDPOINT << "Unable to process frame data. Error: "
<< detailed_error_;
return false;
}
visitor_->OnPacketComplete();
return true;
}
bool QuicFramer::ProcessPublicResetPacket(QuicDataReader* reader,
const QuicPacketHeader& header) {
QuicPublicResetPacket packet(
GetServerConnectionIdAsRecipient(header, perspective_));
std::unique_ptr<CryptoHandshakeMessage> reset(
CryptoFramer::ParseMessage(reader->ReadRemainingPayload()));
if (!reset) {
set_detailed_error("Unable to read reset message.");
RecordDroppedPacketReason(DroppedPacketReason::INVALID_PUBLIC_RESET_PACKET);
return RaiseError(QUIC_INVALID_PUBLIC_RST_PACKET);
}
if (reset->tag() != kPRST) {
set_detailed_error("Incorrect message tag.");
RecordDroppedPacketReason(DroppedPacketReason::INVALID_PUBLIC_RESET_PACKET);
return RaiseError(QUIC_INVALID_PUBLIC_RST_PACKET);
}
if (reset->GetUint64(kRNON, &packet.nonce_proof) != QUIC_NO_ERROR) {
set_detailed_error("Unable to read nonce proof.");
RecordDroppedPacketReason(DroppedPacketReason::INVALID_PUBLIC_RESET_PACKET);
return RaiseError(QUIC_INVALID_PUBLIC_RST_PACKET);
}
// TODO(satyamshekhar): validate nonce to protect against DoS.
absl::string_view address;
if (reset->GetStringPiece(kCADR, &address)) {
QuicSocketAddressCoder address_coder;
if (address_coder.Decode(address.data(), address.length())) {
packet.client_address =
QuicSocketAddress(address_coder.ip(), address_coder.port());
}
}
absl::string_view endpoint_id;
if (perspective_ == Perspective::IS_CLIENT &&
reset->GetStringPiece(kEPID, &endpoint_id)) {
packet.endpoint_id = std::string(endpoint_id);
packet.endpoint_id += '\0';
}
visitor_->OnPublicResetPacket(packet);
return true;
}
bool QuicFramer::IsIetfStatelessResetPacket(
const QuicPacketHeader& header) const {
QUIC_BUG_IF(quic_bug_12975_3, header.has_possible_stateless_reset_token &&
perspective_ != Perspective::IS_CLIENT)
<< "has_possible_stateless_reset_token can only be true at client side.";
return header.form == IETF_QUIC_SHORT_HEADER_PACKET &&
header.has_possible_stateless_reset_token &&
visitor_->IsValidStatelessResetToken(
header.possible_stateless_reset_token);
}
bool QuicFramer::HasEncrypterOfEncryptionLevel(EncryptionLevel level) const {
return encrypter_[level] != nullptr;
}
bool QuicFramer::HasDecrypterOfEncryptionLevel(EncryptionLevel level) const {
return decrypter_[level] != nullptr;
}
bool QuicFramer::HasAnEncrypterForSpace(PacketNumberSpace space) const {
switch (space) {
case INITIAL_DATA:
return HasEncrypterOfEncryptionLevel(ENCRYPTION_INITIAL);
case HANDSHAKE_DATA:
return HasEncrypterOfEncryptionLevel(ENCRYPTION_HANDSHAKE);
case APPLICATION_DATA:
return HasEncrypterOfEncryptionLevel(ENCRYPTION_ZERO_RTT) ||
HasEncrypterOfEncryptionLevel(ENCRYPTION_FORWARD_SECURE);
case NUM_PACKET_NUMBER_SPACES:
break;
}
QUIC_BUG(quic_bug_10850_55)
<< ENDPOINT
<< "Try to send data of space: " << PacketNumberSpaceToString(space);
return false;
}
EncryptionLevel QuicFramer::GetEncryptionLevelToSendApplicationData() const {
if (!HasAnEncrypterForSpace(APPLICATION_DATA)) {
QUIC_BUG(quic_bug_12975_4)
<< "Tried to get encryption level to send application data with no "
"encrypter available.";
return NUM_ENCRYPTION_LEVELS;
}
if (HasEncrypterOfEncryptionLevel(ENCRYPTION_FORWARD_SECURE)) {
return ENCRYPTION_FORWARD_SECURE;
}
QUICHE_DCHECK(HasEncrypterOfEncryptionLevel(ENCRYPTION_ZERO_RTT));
return ENCRYPTION_ZERO_RTT;
}
bool QuicFramer::AppendPacketHeader(const QuicPacketHeader& header,
QuicDataWriter* writer,
size_t* length_field_offset) {
if (version().HasIetfInvariantHeader()) {
return AppendIetfPacketHeader(header, writer, length_field_offset);
}
QUIC_DVLOG(1) << ENDPOINT << "Appending header: " << header;
uint8_t public_flags = 0;
if (header.reset_flag) {
public_flags |= PACKET_PUBLIC_FLAGS_RST;
}
if (header.version_flag) {
public_flags |= PACKET_PUBLIC_FLAGS_VERSION;
}
public_flags |= GetPacketNumberFlags(header.packet_number_length)
<< kPublicHeaderSequenceNumberShift;
if (header.nonce != nullptr) {
QUICHE_DCHECK_EQ(Perspective::IS_SERVER, perspective_);
public_flags |= PACKET_PUBLIC_FLAGS_NONCE;
}
QuicConnectionId server_connection_id =
GetServerConnectionIdAsSender(header, perspective_);
QuicConnectionIdIncluded server_connection_id_included =
GetServerConnectionIdIncludedAsSender(header, perspective_);
QUICHE_DCHECK_EQ(CONNECTION_ID_ABSENT,
GetClientConnectionIdIncludedAsSender(header, perspective_))
<< ENDPOINT << ParsedQuicVersionToString(version_)
<< " invalid header: " << header;
switch (server_connection_id_included) {
case CONNECTION_ID_ABSENT:
if (!writer->WriteUInt8(public_flags |
PACKET_PUBLIC_FLAGS_0BYTE_CONNECTION_ID)) {
return false;
}
break;
case CONNECTION_ID_PRESENT:
QUIC_BUG_IF(quic_bug_12975_5,
!QuicUtils::IsConnectionIdValidForVersion(
server_connection_id, transport_version()))
<< "AppendPacketHeader: attempted to use connection ID "
<< server_connection_id << " which is invalid with version "
<< version();
public_flags |= PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID;
if (perspective_ == Perspective::IS_CLIENT) {
public_flags |= PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID_OLD;
}
if (!writer->WriteUInt8(public_flags) ||
!writer->WriteConnectionId(server_connection_id)) {
return false;
}
break;
}
last_serialized_server_connection_id_ = server_connection_id;
if (header.version_flag) {
QUICHE_DCHECK_EQ(Perspective::IS_CLIENT, perspective_);
QuicVersionLabel version_label = CreateQuicVersionLabel(version_);
if (!writer->WriteUInt32(version_label)) {
return false;
}
QUIC_DVLOG(1) << ENDPOINT << "label = '"
<< QuicVersionLabelToString(version_label) << "'";
}
if (header.nonce != nullptr &&
!writer->WriteBytes(header.nonce, kDiversificationNonceSize)) {
return false;
}
if (!AppendPacketNumber(header.packet_number_length, header.packet_number,
writer)) {
return false;
}
return true;
}
bool QuicFramer::AppendIetfHeaderTypeByte(const QuicPacketHeader& header,
QuicDataWriter* writer) {
uint8_t type = 0;
if (header.version_flag) {
type = static_cast<uint8_t>(
FLAGS_LONG_HEADER | FLAGS_FIXED_BIT |
LongHeaderTypeToOnWireValue(header.long_packet_type, version_) |
PacketNumberLengthToOnWireValue(header.packet_number_length));
} else {
type = static_cast<uint8_t>(
FLAGS_FIXED_BIT | (current_key_phase_bit_ ? FLAGS_KEY_PHASE_BIT : 0) |
PacketNumberLengthToOnWireValue(header.packet_number_length));
}
return writer->WriteUInt8(type);
}
bool QuicFramer::AppendIetfPacketHeader(const QuicPacketHeader& header,
QuicDataWriter* writer,
size_t* length_field_offset) {
QUIC_DVLOG(1) << ENDPOINT << "Appending IETF header: " << header;
QuicConnectionId server_connection_id =
GetServerConnectionIdAsSender(header, perspective_);
QUIC_BUG_IF(quic_bug_12975_6, !QuicUtils::IsConnectionIdValidForVersion(
server_connection_id, transport_version()))
<< "AppendIetfPacketHeader: attempted to use connection ID "
<< server_connection_id << " which is invalid with version " << version();
if (!AppendIetfHeaderTypeByte(header, writer)) {
return false;
}
if (header.version_flag) {
QUICHE_DCHECK_NE(VERSION_NEGOTIATION, header.long_packet_type)
<< "QuicFramer::AppendIetfPacketHeader does not support sending "
"version negotiation packets, use "
"QuicFramer::BuildVersionNegotiationPacket instead "
<< header;
// Append version for long header.
QuicVersionLabel version_label = CreateQuicVersionLabel(version_);
if (!writer->WriteUInt32(version_label)) {
return false;
}
}
// Append connection ID.
if (!AppendIetfConnectionIds(
header.version_flag, version_.HasLengthPrefixedConnectionIds(),
header.destination_connection_id_included != CONNECTION_ID_ABSENT
? header.destination_connection_id
: EmptyQuicConnectionId(),
header.source_connection_id_included != CONNECTION_ID_ABSENT
? header.source_connection_id
: EmptyQuicConnectionId(),
writer)) {
return false;
}
last_serialized_server_connection_id_ = server_connection_id;
if (version_.SupportsClientConnectionIds()) {
last_serialized_client_connection_id_ =
GetClientConnectionIdAsSender(header, perspective_);
}
// TODO(b/141924462) Remove this QUIC_BUG once we do support sending RETRY.
QUIC_BUG_IF(quic_bug_12975_7,
header.version_flag && header.long_packet_type == RETRY)
<< "Sending IETF RETRY packets is not currently supported " << header;
if (QuicVersionHasLongHeaderLengths(transport_version()) &&
header.version_flag) {
if (header.long_packet_type == INITIAL) {
QUICHE_DCHECK_NE(VARIABLE_LENGTH_INTEGER_LENGTH_0,
header.retry_token_length_length)
<< ENDPOINT << ParsedQuicVersionToString(version_)
<< " bad retry token length length in header: " << header;
// Write retry token length.
if (!writer->WriteVarInt62(header.retry_token.length(),
header.retry_token_length_length)) {
return false;
}
// Write retry token.
if (!header.retry_token.empty() &&
!writer->WriteStringPiece(header.retry_token)) {
return false;
}
}
if (length_field_offset != nullptr) {
*length_field_offset = writer->length();
}
// Add fake length to reserve two bytes to add length in later.
writer->WriteVarInt62(256);
} else if (length_field_offset != nullptr) {
*length_field_offset = 0;
}
// Append packet number.
if (!AppendPacketNumber(header.packet_number_length, header.packet_number,
writer)) {
return false;
}
last_written_packet_number_length_ = header.packet_number_length;
if (!header.version_flag) {
return true;
}
if (header.nonce != nullptr) {
QUICHE_DCHECK(header.version_flag);
QUICHE_DCHECK_EQ(ZERO_RTT_PROTECTED, header.long_packet_type);
QUICHE_DCHECK_EQ(Perspective::IS_SERVER, perspective_);
if (!writer->WriteBytes(header.nonce, kDiversificationNonceSize)) {
return false;
}
}
return true;
}
const QuicTime::Delta QuicFramer::CalculateTimestampFromWire(
uint32_t time_delta_us) {
// The new time_delta might have wrapped to the next epoch, or it
// might have reverse wrapped to the previous epoch, or it might
// remain in the same epoch. Select the time closest to the previous
// time.
//
// epoch_delta is the delta between epochs. A delta is 4 bytes of
// microseconds.
const uint64_t epoch_delta = UINT64_C(1) << 32;
uint64_t epoch = last_timestamp_.ToMicroseconds() & ~(epoch_delta - 1);
// Wrapping is safe here because a wrapped value will not be ClosestTo below.
uint64_t prev_epoch = epoch - epoch_delta;
uint64_t next_epoch = epoch + epoch_delta;
uint64_t time = ClosestTo(
last_timestamp_.ToMicroseconds(), epoch + time_delta_us,
ClosestTo(last_timestamp_.ToMicroseconds(), prev_epoch + time_delta_us,
next_epoch + time_delta_us));
return QuicTime::Delta::FromMicroseconds(time);
}
uint64_t QuicFramer::CalculatePacketNumberFromWire(
QuicPacketNumberLength packet_number_length,
QuicPacketNumber base_packet_number, uint64_t packet_number) const {
// The new packet number might have wrapped to the next epoch, or
// it might have reverse wrapped to the previous epoch, or it might
// remain in the same epoch. Select the packet number closest to the
// next expected packet number, the previous packet number plus 1.
// epoch_delta is the delta between epochs the packet number was serialized
// with, so the correct value is likely the same epoch as the last sequence
// number or an adjacent epoch.
if (!base_packet_number.IsInitialized()) {
return packet_number;
}
const uint64_t epoch_delta = UINT64_C(1) << (8 * packet_number_length);
uint64_t next_packet_number = base_packet_number.ToUint64() + 1;
uint64_t epoch = base_packet_number.ToUint64() & ~(epoch_delta - 1);
uint64_t prev_epoch = epoch - epoch_delta;
uint64_t next_epoch = epoch + epoch_delta;
return ClosestTo(next_packet_number, epoch + packet_number,
ClosestTo(next_packet_number, prev_epoch + packet_number,
next_epoch + packet_number));
}
bool QuicFramer::ProcessPublicHeader(QuicDataReader* reader,
bool packet_has_ietf_packet_header,
QuicPacketHeader* header) {
if (packet_has_ietf_packet_header) {
return ProcessIetfPacketHeader(reader, header);
}
uint8_t public_flags;
if (!reader->ReadBytes(&public_flags, 1)) {
set_detailed_error("Unable to read public flags.");
return false;
}
header->reset_flag = (public_flags & PACKET_PUBLIC_FLAGS_RST) != 0;
header->version_flag = (public_flags & PACKET_PUBLIC_FLAGS_VERSION) != 0;
if (validate_flags_ && !header->version_flag &&
public_flags > PACKET_PUBLIC_FLAGS_MAX) {
set_detailed_error("Illegal public flags value.");
return false;
}
if (header->reset_flag && header->version_flag) {
set_detailed_error("Got version flag in reset packet");
return false;
}
QuicConnectionId* header_connection_id = &header->destination_connection_id;
QuicConnectionIdIncluded* header_connection_id_included =
&header->destination_connection_id_included;
if (perspective_ == Perspective::IS_CLIENT) {
header_connection_id = &header->source_connection_id;
header_connection_id_included = &header->source_connection_id_included;
}
switch (public_flags & PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID) {
case PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID:
if (!reader->ReadConnectionId(header_connection_id,
kQuicDefaultConnectionIdLength)) {
set_detailed_error("Unable to read ConnectionId.");
return false;
}
*header_connection_id_included = CONNECTION_ID_PRESENT;
break;
case PACKET_PUBLIC_FLAGS_0BYTE_CONNECTION_ID:
*header_connection_id_included = CONNECTION_ID_ABSENT;
*header_connection_id = last_serialized_server_connection_id_;
break;
}
header->packet_number_length = ReadSequenceNumberLength(
public_flags >> kPublicHeaderSequenceNumberShift);
// Read the version only if the packet is from the client.
// version flag from the server means version negotiation packet.
if (header->version_flag && perspective_ == Perspective::IS_SERVER) {
QuicVersionLabel version_label;
if (!ProcessVersionLabel(reader, &version_label)) {
set_detailed_error("Unable to read protocol version.");
return false;
}
// If the version from the new packet is the same as the version of this
// framer, then the public flags should be set to something we understand.
// If not, this raises an error.
ParsedQuicVersion version = ParseQuicVersionLabel(version_label);
if (version == version_ && public_flags > PACKET_PUBLIC_FLAGS_MAX) {
set_detailed_error("Illegal public flags value.");
return false;
}
header->version = version;
}
// A nonce should only be present in packets from the server to the client,
// which are neither version negotiation nor public reset packets.
if (public_flags & PACKET_PUBLIC_FLAGS_NONCE &&
!(public_flags & PACKET_PUBLIC_FLAGS_VERSION) &&
!(public_flags & PACKET_PUBLIC_FLAGS_RST) &&
// The nonce flag from a client is ignored and is assumed to be an older
// client indicating an eight-byte connection ID.
perspective_ == Perspective::IS_CLIENT) {
if (!reader->ReadBytes(reinterpret_cast<uint8_t*>(last_nonce_.data()),
last_nonce_.size())) {
set_detailed_error("Unable to read nonce.");
return false;
}
header->nonce = &last_nonce_;
} else {
header->nonce = nullptr;
}
return true;
}
// static
QuicPacketNumberLength QuicFramer::GetMinPacketNumberLength(
QuicPacketNumber packet_number) {
QUICHE_DCHECK(packet_number.IsInitialized());
if (packet_number < QuicPacketNumber(1 << (PACKET_1BYTE_PACKET_NUMBER * 8))) {
return PACKET_1BYTE_PACKET_NUMBER;
} else if (packet_number <
QuicPacketNumber(1 << (PACKET_2BYTE_PACKET_NUMBER * 8))) {
return PACKET_2BYTE_PACKET_NUMBER;
} else if (packet_number <
QuicPacketNumber(UINT64_C(1)
<< (PACKET_4BYTE_PACKET_NUMBER * 8))) {
return PACKET_4BYTE_PACKET_NUMBER;
} else {
return PACKET_6BYTE_PACKET_NUMBER;
}
}
// static
uint8_t QuicFramer::GetPacketNumberFlags(
QuicPacketNumberLength packet_number_length) {
switch (packet_number_length) {
case PACKET_1BYTE_PACKET_NUMBER:
return PACKET_FLAGS_1BYTE_PACKET;
case PACKET_2BYTE_PACKET_NUMBER:
return PACKET_FLAGS_2BYTE_PACKET;
case PACKET_4BYTE_PACKET_NUMBER:
return PACKET_FLAGS_4BYTE_PACKET;
case PACKET_6BYTE_PACKET_NUMBER:
case PACKET_8BYTE_PACKET_NUMBER:
return PACKET_FLAGS_8BYTE_PACKET;
default:
QUIC_BUG(quic_bug_10850_56) << "Unreachable case statement.";
return PACKET_FLAGS_8BYTE_PACKET;
}
}
// static
QuicFramer::AckFrameInfo QuicFramer::GetAckFrameInfo(
const QuicAckFrame& frame) {
AckFrameInfo new_ack_info;
if (frame.packets.Empty()) {
return new_ack_info;
}
// The first block is the last interval. It isn't encoded with the gap-length
// encoding, so skip it.
new_ack_info.first_block_length = frame.packets.LastIntervalLength();
auto itr = frame.packets.rbegin();
QuicPacketNumber previous_start = itr->min();
new_ack_info.max_block_length = itr->Length();
++itr;
// Don't do any more work after getting information for 256 ACK blocks; any
// more can't be encoded anyway.
for (; itr != frame.packets.rend() &&
new_ack_info.num_ack_blocks < std::numeric_limits<uint8_t>::max();
previous_start = itr->min(), ++itr) {
const auto& interval = *itr;
const QuicPacketCount total_gap = previous_start - interval.max();
new_ack_info.num_ack_blocks +=
(total_gap + std::numeric_limits<uint8_t>::max() - 1) /
std::numeric_limits<uint8_t>::max();
new_ack_info.max_block_length =
std::max(new_ack_info.max_block_length, interval.Length());
}
return new_ack_info;
}
bool QuicFramer::ProcessUnauthenticatedHeader(QuicDataReader* encrypted_reader,
QuicPacketHeader* header) {
QuicPacketNumber base_packet_number;
if (supports_multiple_packet_number_spaces_) {
PacketNumberSpace pn_space = GetPacketNumberSpace(*header);
if (pn_space == NUM_PACKET_NUMBER_SPACES) {
set_detailed_error("Unable to determine packet number space.");
return RaiseError(QUIC_INVALID_PACKET_HEADER);
}
base_packet_number = largest_decrypted_packet_numbers_[pn_space];
} else {
base_packet_number = largest_packet_number_;
}
uint64_t full_packet_number;
if (!ProcessAndCalculatePacketNumber(
encrypted_reader, header->packet_number_length, base_packet_number,
&full_packet_number)) {
set_detailed_error("Unable to read packet number.");
return RaiseError(QUIC_INVALID_PACKET_HEADER);
}
if (!IsValidFullPacketNumber(full_packet_number, version())) {
set_detailed_error("packet numbers cannot be 0.");
return RaiseError(QUIC_INVALID_PACKET_HEADER);
}
header->packet_number = QuicPacketNumber(full_packet_number);
if (!visitor_->OnUnauthenticatedHeader(*header)) {
set_detailed_error(
"Visitor asked to stop processing of unauthenticated header.");
return false;
}
// The function we are in is called because the framer believes that it is
// processing a packet that uses the non-IETF (i.e. Google QUIC) packet header
// type. Usually, the framer makes that decision based on the framer's
// version, but when the framer is used with Perspective::IS_SERVER, then
// before version negotiation is complete (specifically, before
// InferPacketHeaderTypeFromVersion is called), this decision is made based on
// the type byte of the packet.
//
// If the framer's version KnowsWhichDecrypterToUse, then that version expects
// to use the IETF packet header type. If that's the case and we're in this
// function, then the packet received is invalid: the framer was expecting an
// IETF packet header and didn't get one.
if (version().KnowsWhichDecrypterToUse()) {
set_detailed_error("Invalid public header type for expected version.");
return RaiseError(QUIC_INVALID_PACKET_HEADER);
}
return true;
}
bool QuicFramer::ProcessIetfHeaderTypeByte(QuicDataReader* reader,
QuicPacketHeader* header) {
uint8_t type;
if (!reader->ReadBytes(&type, 1)) {
set_detailed_error("Unable to read first byte.");
return false;
}
header->type_byte = type;
// Determine whether this is a long or short header.
header->form = GetIetfPacketHeaderFormat(type);
if (header->form == IETF_QUIC_LONG_HEADER_PACKET) {
// Version is always present in long headers.
header->version_flag = true;
// In versions that do not support client connection IDs, we mark the
// corresponding connection ID as absent.
header->destination_connection_id_included =
(perspective_ == Perspective::IS_SERVER ||
version_.SupportsClientConnectionIds())
? CONNECTION_ID_PRESENT
: CONNECTION_ID_ABSENT;
header->source_connection_id_included =
(perspective_ == Perspective::IS_CLIENT ||
version_.SupportsClientConnectionIds())
? CONNECTION_ID_PRESENT
: CONNECTION_ID_ABSENT;
// Read version tag.
QuicVersionLabel version_label;
if (!ProcessVersionLabel(reader, &version_label)) {
set_detailed_error("Unable to read protocol version.");
return false;
}
if (!version_label) {
// Version label is 0 indicating this is a version negotiation packet.
header->long_packet_type = VERSION_NEGOTIATION;
} else {
header->version = ParseQuicVersionLabel(version_label);
if (header->version.IsKnown()) {
if (!(type & FLAGS_FIXED_BIT)) {
set_detailed_error("Fixed bit is 0 in long header.");
return false;
}
if (!GetLongHeaderType(type, header->version,
&header->long_packet_type)) {
set_detailed_error("Illegal long header type value.");
return false;
}
if (header->long_packet_type == RETRY) {
if (!version().SupportsRetry()) {
set_detailed_error("RETRY not supported in this version.");
return false;
}
if (perspective_ == Perspective::IS_SERVER) {
set_detailed_error("Client-initiated RETRY is invalid.");
return false;
}
} else if (!header->version.HasHeaderProtection()) {
header->packet_number_length = GetLongHeaderPacketNumberLength(type);
}
}
}
QUIC_DVLOG(1) << ENDPOINT << "Received IETF long header: "
<< QuicUtils::QuicLongHeaderTypetoString(
header->long_packet_type);
return true;
}
QUIC_DVLOG(1) << ENDPOINT << "Received IETF short header";
// Version is not present in short headers.
header->version_flag = false;
// In versions that do not support client connection IDs, the client will not
// receive destination connection IDs.
header->destination_connection_id_included =
(perspective_ == Perspective::IS_SERVER ||
version_.SupportsClientConnectionIds())
? CONNECTION_ID_PRESENT
: CONNECTION_ID_ABSENT;
header->source_connection_id_included = CONNECTION_ID_ABSENT;
if (!(type & FLAGS_FIXED_BIT)) {
set_detailed_error("Fixed bit is 0 in short header.");
return false;
}
if (!version_.HasHeaderProtection()) {
header->packet_number_length = GetShortHeaderPacketNumberLength(type);
}
QUIC_DVLOG(1) << "packet_number_length = " << header->packet_number_length;
return true;
}
// static
bool QuicFramer::ProcessVersionLabel(QuicDataReader* reader,
QuicVersionLabel* version_label) {
if (!reader->ReadUInt32(version_label)) {
return false;
}
return true;
}
// static
bool QuicFramer::ProcessAndValidateIetfConnectionIdLength(
QuicDataReader* reader, ParsedQuicVersion version, Perspective perspective,
bool should_update_expected_server_connection_id_length,
uint8_t* expected_server_connection_id_length,
uint8_t* destination_connection_id_length,
uint8_t* source_connection_id_length, std::string* detailed_error) {
uint8_t connection_id_lengths_byte;
if (!reader->ReadBytes(&connection_id_lengths_byte, 1)) {
*detailed_error = "Unable to read ConnectionId length.";
return false;
}
uint8_t dcil =
(connection_id_lengths_byte & kDestinationConnectionIdLengthMask) >> 4;
if (dcil != 0) {
dcil += kConnectionIdLengthAdjustment;
}
uint8_t scil = connection_id_lengths_byte & kSourceConnectionIdLengthMask;
if (scil != 0) {
scil += kConnectionIdLengthAdjustment;
}
if (should_update_expected_server_connection_id_length) {
uint8_t server_connection_id_length =
perspective == Perspective::IS_SERVER ? dcil : scil;
if (*expected_server_connection_id_length != server_connection_id_length) {
QUIC_DVLOG(1) << "Updating expected_server_connection_id_length: "
<< static_cast<int>(*expected_server_connection_id_length)
<< " -> " << static_cast<int>(server_connection_id_length);
*expected_server_connection_id_length = server_connection_id_length;
}
}
if (!should_update_expected_server_connection_id_length &&
(dcil != *destination_connection_id_length ||
scil != *source_connection_id_length) &&
version.IsKnown() && !version.AllowsVariableLengthConnectionIds()) {
QUIC_DVLOG(1) << "dcil: " << static_cast<uint32_t>(dcil)
<< ", scil: " << static_cast<uint32_t>(scil);
*detailed_error = "Invalid ConnectionId length.";
return false;
}
*destination_connection_id_length = dcil;
*source_connection_id_length = scil;
return true;
}
bool QuicFramer::ValidateReceivedConnectionIds(const QuicPacketHeader& header) {
bool skip_server_connection_id_validation =
perspective_ == Perspective::IS_CLIENT &&
header.form == IETF_QUIC_SHORT_HEADER_PACKET;
if (!skip_server_connection_id_validation &&
!QuicUtils::IsConnectionIdValidForVersion(
GetServerConnectionIdAsRecipient(header, perspective_),
transport_version())) {
set_detailed_error("Received server connection ID with invalid length.");
return false;
}
bool skip_client_connection_id_validation =
perspective_ == Perspective::IS_SERVER &&
header.form == IETF_QUIC_SHORT_HEADER_PACKET;
if (!skip_client_connection_id_validation &&
version_.SupportsClientConnectionIds() &&
!QuicUtils::IsConnectionIdValidForVersion(
GetClientConnectionIdAsRecipient(header, perspective_),
transport_version())) {
set_detailed_error("Received client connection ID with invalid length.");
return false;
}
return true;
}
bool QuicFramer::ProcessIetfPacketHeader(QuicDataReader* reader,
QuicPacketHeader* header) {
if (version_.HasLengthPrefixedConnectionIds()) {
uint8_t expected_destination_connection_id_length =
perspective_ == Perspective::IS_CLIENT
? expected_client_connection_id_length_
: expected_server_connection_id_length_;
QuicVersionLabel version_label;
bool has_length_prefix;
std::string detailed_error;
QuicErrorCode parse_result = QuicFramer::ParsePublicHeader(
reader, expected_destination_connection_id_length,
version_.HasIetfInvariantHeader(), &header->type_byte, &header->form,
&header->version_flag, &has_length_prefix, &version_label,
&header->version, &header->destination_connection_id,
&header->source_connection_id, &header->long_packet_type,
&header->retry_token_length_length, &header->retry_token,
&detailed_error);
if (parse_result != QUIC_NO_ERROR) {
set_detailed_error(detailed_error);
return false;
}
header->destination_connection_id_included = CONNECTION_ID_PRESENT;
header->source_connection_id_included =
header->version_flag ? CONNECTION_ID_PRESENT : CONNECTION_ID_ABSENT;
if (!ValidateReceivedConnectionIds(*header)) {
return false;
}
if (header->version_flag &&
header->long_packet_type != VERSION_NEGOTIATION &&
!(header->type_byte & FLAGS_FIXED_BIT)) {
set_detailed_error("Fixed bit is 0 in long header.");
return false;
}
if (!header->version_flag && !(header->type_byte & FLAGS_FIXED_BIT)) {
set_detailed_error("Fixed bit is 0 in short header.");
return false;
}
if (!header->version_flag) {
if (!version_.HasHeaderProtection()) {
header->packet_number_length =
GetShortHeaderPacketNumberLength(header->type_byte);
}
return true;
}
if (header->long_packet_type == RETRY) {
if (!version().SupportsRetry()) {
set_detailed_error("RETRY not supported in this version.");
return false;
}
if (perspective_ == Perspective::IS_SERVER) {
set_detailed_error("Client-initiated RETRY is invalid.");
return false;
}
return true;
}
if (header->version.IsKnown() && !header->version.HasHeaderProtection()) {
header->packet_number_length =
GetLongHeaderPacketNumberLength(header->type_byte);
}
return true;
}
if (!ProcessIetfHeaderTypeByte(reader, header)) {
return false;
}
uint8_t destination_connection_id_length =
header->destination_connection_id_included == CONNECTION_ID_PRESENT
? (perspective_ == Perspective::IS_SERVER
? expected_server_connection_id_length_
: expected_client_connection_id_length_)
: 0;
uint8_t source_connection_id_length =
header->source_connection_id_included == CONNECTION_ID_PRESENT
? (perspective_ == Perspective::IS_CLIENT
? expected_server_connection_id_length_
: expected_client_connection_id_length_)
: 0;
if (header->form == IETF_QUIC_LONG_HEADER_PACKET) {
if (!ProcessAndValidateIetfConnectionIdLength(
reader, header->version, perspective_,
/*should_update_expected_server_connection_id_length=*/false,
&expected_server_connection_id_length_,
&destination_connection_id_length, &source_connection_id_length,
&detailed_error_)) {
return false;
}
}
// Read connection ID.
if (!reader->ReadConnectionId(&header->destination_connection_id,
destination_connection_id_length)) {
set_detailed_error("Unable to read destination connection ID.");
return false;
}
if (!reader->ReadConnectionId(&header->source_connection_id,
source_connection_id_length)) {
set_detailed_error("Unable to read source connection ID.");
return false;
}
if (header->source_connection_id_included == CONNECTION_ID_ABSENT) {
if (!header->source_connection_id.IsEmpty()) {
QUICHE_DCHECK(!version_.SupportsClientConnectionIds());
set_detailed_error("Client connection ID not supported in this version.");
return false;
}
}
return ValidateReceivedConnectionIds(*header);
}
bool QuicFramer::ProcessAndCalculatePacketNumber(
QuicDataReader* reader, QuicPacketNumberLength packet_number_length,
QuicPacketNumber base_packet_number, uint64_t* packet_number) {
uint64_t wire_packet_number;
if (!reader->ReadBytesToUInt64(packet_number_length, &wire_packet_number)) {
return false;
}
// TODO(ianswett): Explore the usefulness of trying multiple packet numbers
// in case the first guess is incorrect.
*packet_number = CalculatePacketNumberFromWire(
packet_number_length, base_packet_number, wire_packet_number);