| // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "quiche/quic/core/quic_framer.h" |
| |
| #include <sys/types.h> |
| |
| #include <cstddef> |
| #include <cstdint> |
| #include <limits> |
| #include <memory> |
| #include <string> |
| #include <utility> |
| |
| #include "absl/base/attributes.h" |
| #include "absl/base/macros.h" |
| #include "absl/base/optimization.h" |
| #include "absl/cleanup/cleanup.h" |
| #include "absl/strings/escaping.h" |
| #include "absl/strings/numbers.h" |
| #include "absl/strings/str_cat.h" |
| #include "absl/strings/str_split.h" |
| #include "absl/strings/string_view.h" |
| #include "absl/types/optional.h" |
| #include "quiche/quic/core/crypto/crypto_framer.h" |
| #include "quiche/quic/core/crypto/crypto_handshake.h" |
| #include "quiche/quic/core/crypto/crypto_handshake_message.h" |
| #include "quiche/quic/core/crypto/crypto_protocol.h" |
| #include "quiche/quic/core/crypto/crypto_utils.h" |
| #include "quiche/quic/core/crypto/null_decrypter.h" |
| #include "quiche/quic/core/crypto/null_encrypter.h" |
| #include "quiche/quic/core/crypto/quic_decrypter.h" |
| #include "quiche/quic/core/crypto/quic_encrypter.h" |
| #include "quiche/quic/core/crypto/quic_random.h" |
| #include "quiche/quic/core/frames/quic_ack_frequency_frame.h" |
| #include "quiche/quic/core/quic_connection_context.h" |
| #include "quiche/quic/core/quic_connection_id.h" |
| #include "quiche/quic/core/quic_constants.h" |
| #include "quiche/quic/core/quic_data_reader.h" |
| #include "quiche/quic/core/quic_data_writer.h" |
| #include "quiche/quic/core/quic_error_codes.h" |
| #include "quiche/quic/core/quic_packets.h" |
| #include "quiche/quic/core/quic_socket_address_coder.h" |
| #include "quiche/quic/core/quic_stream_frame_data_producer.h" |
| #include "quiche/quic/core/quic_time.h" |
| #include "quiche/quic/core/quic_types.h" |
| #include "quiche/quic/core/quic_utils.h" |
| #include "quiche/quic/core/quic_versions.h" |
| #include "quiche/quic/platform/api/quic_bug_tracker.h" |
| #include "quiche/quic/platform/api/quic_client_stats.h" |
| #include "quiche/quic/platform/api/quic_flag_utils.h" |
| #include "quiche/quic/platform/api/quic_flags.h" |
| #include "quiche/quic/platform/api/quic_ip_address_family.h" |
| #include "quiche/quic/platform/api/quic_logging.h" |
| #include "quiche/quic/platform/api/quic_stack_trace.h" |
| #include "quiche/common/quiche_text_utils.h" |
| |
| namespace quic { |
| |
| namespace { |
| |
| #define ENDPOINT \ |
| (perspective_ == Perspective::IS_SERVER ? "Server: " : "Client: ") |
| |
| // Number of bits the packet number length bits are shifted from the right |
| // edge of the header. |
| const uint8_t kPublicHeaderSequenceNumberShift = 4; |
| |
| // There are two interpretations for the Frame Type byte in the QUIC protocol, |
| // resulting in two Frame Types: Special Frame Types and Regular Frame Types. |
| // |
| // Regular Frame Types use the Frame Type byte simply. Currently defined |
| // Regular Frame Types are: |
| // Padding : 0b 00000000 (0x00) |
| // ResetStream : 0b 00000001 (0x01) |
| // ConnectionClose : 0b 00000010 (0x02) |
| // GoAway : 0b 00000011 (0x03) |
| // WindowUpdate : 0b 00000100 (0x04) |
| // Blocked : 0b 00000101 (0x05) |
| // |
| // Special Frame Types encode both a Frame Type and corresponding flags |
| // all in the Frame Type byte. Currently defined Special Frame Types |
| // are: |
| // Stream : 0b 1xxxxxxx |
| // Ack : 0b 01xxxxxx |
| // |
| // Semantics of the flag bits above (the x bits) depends on the frame type. |
| |
| // Masks to determine if the frame type is a special use |
| // and for specific special frame types. |
| const uint8_t kQuicFrameTypeBrokenMask = 0xE0; // 0b 11100000 |
| const uint8_t kQuicFrameTypeSpecialMask = 0xC0; // 0b 11000000 |
| const uint8_t kQuicFrameTypeStreamMask = 0x80; |
| const uint8_t kQuicFrameTypeAckMask = 0x40; |
| static_assert(kQuicFrameTypeSpecialMask == |
| (kQuicFrameTypeStreamMask | kQuicFrameTypeAckMask), |
| "Invalid kQuicFrameTypeSpecialMask"); |
| |
| // The stream type format is 1FDOOOSS, where |
| // F is the fin bit. |
| // D is the data length bit (0 or 2 bytes). |
| // OO/OOO are the size of the offset. |
| // SS is the size of the stream ID. |
| // Note that the stream encoding can not be determined by inspection. It can |
| // be determined only by knowing the QUIC Version. |
| // Stream frame relative shifts and masks for interpreting the stream flags. |
| // StreamID may be 1, 2, 3, or 4 bytes. |
| const uint8_t kQuicStreamIdShift = 2; |
| const uint8_t kQuicStreamIDLengthMask = 0x03; |
| |
| // Offset may be 0, 2, 4, or 8 bytes. |
| const uint8_t kQuicStreamShift = 3; |
| const uint8_t kQuicStreamOffsetMask = 0x07; |
| |
| // Data length may be 0 or 2 bytes. |
| const uint8_t kQuicStreamDataLengthShift = 1; |
| const uint8_t kQuicStreamDataLengthMask = 0x01; |
| |
| // Fin bit may be set or not. |
| const uint8_t kQuicStreamFinShift = 1; |
| const uint8_t kQuicStreamFinMask = 0x01; |
| |
| // The format is 01M0LLOO, where |
| // M if set, there are multiple ack blocks in the frame. |
| // LL is the size of the largest ack field. |
| // OO is the size of the ack blocks offset field. |
| // packet number size shift used in AckFrames. |
| const uint8_t kQuicSequenceNumberLengthNumBits = 2; |
| const uint8_t kActBlockLengthOffset = 0; |
| const uint8_t kLargestAckedOffset = 2; |
| |
| // Acks may have only one ack block. |
| const uint8_t kQuicHasMultipleAckBlocksOffset = 5; |
| |
| // Timestamps are 4 bytes followed by 2 bytes. |
| const uint8_t kQuicNumTimestampsLength = 1; |
| const uint8_t kQuicFirstTimestampLength = 4; |
| const uint8_t kQuicTimestampLength = 2; |
| // Gaps between packet numbers are 1 byte. |
| const uint8_t kQuicTimestampPacketNumberGapLength = 1; |
| |
| // Maximum length of encoded error strings. |
| const int kMaxErrorStringLength = 256; |
| |
| const uint8_t kConnectionIdLengthAdjustment = 3; |
| const uint8_t kDestinationConnectionIdLengthMask = 0xF0; |
| const uint8_t kSourceConnectionIdLengthMask = 0x0F; |
| |
| // Returns the absolute value of the difference between |a| and |b|. |
| uint64_t Delta(uint64_t a, uint64_t b) { |
| // Since these are unsigned numbers, we can't just return abs(a - b) |
| if (a < b) { |
| return b - a; |
| } |
| return a - b; |
| } |
| |
| uint64_t ClosestTo(uint64_t target, uint64_t a, uint64_t b) { |
| return (Delta(target, a) < Delta(target, b)) ? a : b; |
| } |
| |
| QuicPacketNumberLength ReadSequenceNumberLength(uint8_t flags) { |
| switch (flags & PACKET_FLAGS_8BYTE_PACKET) { |
| case PACKET_FLAGS_8BYTE_PACKET: |
| return PACKET_6BYTE_PACKET_NUMBER; |
| case PACKET_FLAGS_4BYTE_PACKET: |
| return PACKET_4BYTE_PACKET_NUMBER; |
| case PACKET_FLAGS_2BYTE_PACKET: |
| return PACKET_2BYTE_PACKET_NUMBER; |
| case PACKET_FLAGS_1BYTE_PACKET: |
| return PACKET_1BYTE_PACKET_NUMBER; |
| default: |
| QUIC_BUG(quic_bug_10850_1) << "Unreachable case statement."; |
| return PACKET_6BYTE_PACKET_NUMBER; |
| } |
| } |
| |
| QuicPacketNumberLength ReadAckPacketNumberLength(uint8_t flags) { |
| switch (flags & PACKET_FLAGS_8BYTE_PACKET) { |
| case PACKET_FLAGS_8BYTE_PACKET: |
| return PACKET_6BYTE_PACKET_NUMBER; |
| case PACKET_FLAGS_4BYTE_PACKET: |
| return PACKET_4BYTE_PACKET_NUMBER; |
| case PACKET_FLAGS_2BYTE_PACKET: |
| return PACKET_2BYTE_PACKET_NUMBER; |
| case PACKET_FLAGS_1BYTE_PACKET: |
| return PACKET_1BYTE_PACKET_NUMBER; |
| default: |
| QUIC_BUG(quic_bug_10850_2) << "Unreachable case statement."; |
| return PACKET_6BYTE_PACKET_NUMBER; |
| } |
| } |
| |
| uint8_t PacketNumberLengthToOnWireValue( |
| QuicPacketNumberLength packet_number_length) { |
| return packet_number_length - 1; |
| } |
| |
| QuicPacketNumberLength GetShortHeaderPacketNumberLength(uint8_t type) { |
| QUICHE_DCHECK(!(type & FLAGS_LONG_HEADER)); |
| return static_cast<QuicPacketNumberLength>((type & 0x03) + 1); |
| } |
| |
| uint8_t LongHeaderTypeToOnWireValue(QuicLongHeaderType type, |
| const ParsedQuicVersion& version) { |
| switch (type) { |
| case INITIAL: |
| return version.UsesV2PacketTypes() ? (1 << 4) : 0; |
| case ZERO_RTT_PROTECTED: |
| return version.UsesV2PacketTypes() ? (2 << 4) : (1 << 4); |
| case HANDSHAKE: |
| return version.UsesV2PacketTypes() ? (3 << 4) : (2 << 4); |
| case RETRY: |
| return version.UsesV2PacketTypes() ? 0 : (3 << 4); |
| case VERSION_NEGOTIATION: |
| return 0xF0; // Value does not matter |
| default: |
| QUIC_BUG(quic_bug_10850_3) << "Invalid long header type: " << type; |
| return 0xFF; |
| } |
| } |
| |
| QuicLongHeaderType GetLongHeaderType(uint8_t type, |
| const ParsedQuicVersion& version) { |
| QUICHE_DCHECK((type & FLAGS_LONG_HEADER)); |
| switch ((type & 0x30) >> 4) { |
| case 0: |
| return version.UsesV2PacketTypes() ? RETRY : INITIAL; |
| case 1: |
| return version.UsesV2PacketTypes() ? INITIAL : ZERO_RTT_PROTECTED; |
| case 2: |
| return version.UsesV2PacketTypes() ? ZERO_RTT_PROTECTED : HANDSHAKE; |
| case 3: |
| return version.UsesV2PacketTypes() ? HANDSHAKE : RETRY; |
| default: |
| QUIC_BUG(quic_bug_10850_4) << "Unreachable statement"; |
| return INVALID_PACKET_TYPE; |
| } |
| } |
| |
| QuicPacketNumberLength GetLongHeaderPacketNumberLength(uint8_t type) { |
| return static_cast<QuicPacketNumberLength>((type & 0x03) + 1); |
| } |
| |
| // Used to get packet number space before packet gets decrypted. |
| PacketNumberSpace GetPacketNumberSpace(const QuicPacketHeader& header) { |
| switch (header.form) { |
| case GOOGLE_QUIC_PACKET: |
| QUIC_BUG(quic_bug_10850_5) |
| << "Try to get packet number space of Google QUIC packet"; |
| break; |
| case IETF_QUIC_SHORT_HEADER_PACKET: |
| return APPLICATION_DATA; |
| case IETF_QUIC_LONG_HEADER_PACKET: |
| switch (header.long_packet_type) { |
| case INITIAL: |
| return INITIAL_DATA; |
| case HANDSHAKE: |
| return HANDSHAKE_DATA; |
| case ZERO_RTT_PROTECTED: |
| return APPLICATION_DATA; |
| case VERSION_NEGOTIATION: |
| case RETRY: |
| case INVALID_PACKET_TYPE: |
| QUIC_BUG(quic_bug_10850_6) |
| << "Try to get packet number space of long header type: " |
| << QuicUtils::QuicLongHeaderTypetoString(header.long_packet_type); |
| break; |
| } |
| } |
| |
| return NUM_PACKET_NUMBER_SPACES; |
| } |
| |
| EncryptionLevel GetEncryptionLevel(const QuicPacketHeader& header) { |
| switch (header.form) { |
| case GOOGLE_QUIC_PACKET: |
| QUIC_BUG(quic_bug_10850_7) |
| << "Cannot determine EncryptionLevel from Google QUIC header"; |
| break; |
| case IETF_QUIC_SHORT_HEADER_PACKET: |
| return ENCRYPTION_FORWARD_SECURE; |
| case IETF_QUIC_LONG_HEADER_PACKET: |
| switch (header.long_packet_type) { |
| case INITIAL: |
| return ENCRYPTION_INITIAL; |
| case HANDSHAKE: |
| return ENCRYPTION_HANDSHAKE; |
| case ZERO_RTT_PROTECTED: |
| return ENCRYPTION_ZERO_RTT; |
| case VERSION_NEGOTIATION: |
| case RETRY: |
| case INVALID_PACKET_TYPE: |
| QUIC_BUG(quic_bug_10850_8) |
| << "No encryption used with type " |
| << QuicUtils::QuicLongHeaderTypetoString(header.long_packet_type); |
| } |
| } |
| return NUM_ENCRYPTION_LEVELS; |
| } |
| |
| absl::string_view TruncateErrorString(absl::string_view error) { |
| if (error.length() <= kMaxErrorStringLength) { |
| return error; |
| } |
| return absl::string_view(error.data(), kMaxErrorStringLength); |
| } |
| |
| size_t TruncatedErrorStringSize(const absl::string_view& error) { |
| if (error.length() < kMaxErrorStringLength) { |
| return error.length(); |
| } |
| return kMaxErrorStringLength; |
| } |
| |
| uint8_t GetConnectionIdLengthValue(uint8_t length) { |
| if (length == 0) { |
| return 0; |
| } |
| return static_cast<uint8_t>(length - kConnectionIdLengthAdjustment); |
| } |
| |
| bool IsValidPacketNumberLength(QuicPacketNumberLength packet_number_length) { |
| size_t length = packet_number_length; |
| return length == 1 || length == 2 || length == 4 || length == 6 || |
| length == 8; |
| } |
| |
| bool IsValidFullPacketNumber(uint64_t full_packet_number, |
| ParsedQuicVersion version) { |
| return full_packet_number > 0 || version.HasIetfQuicFrames(); |
| } |
| |
| bool AppendIetfConnectionIds(bool version_flag, bool use_length_prefix, |
| QuicConnectionId destination_connection_id, |
| QuicConnectionId source_connection_id, |
| QuicDataWriter* writer) { |
| if (!version_flag) { |
| return writer->WriteConnectionId(destination_connection_id); |
| } |
| |
| if (use_length_prefix) { |
| return writer->WriteLengthPrefixedConnectionId(destination_connection_id) && |
| writer->WriteLengthPrefixedConnectionId(source_connection_id); |
| } |
| |
| // Compute connection ID length byte. |
| uint8_t dcil = GetConnectionIdLengthValue(destination_connection_id.length()); |
| uint8_t scil = GetConnectionIdLengthValue(source_connection_id.length()); |
| uint8_t connection_id_length = dcil << 4 | scil; |
| |
| return writer->WriteUInt8(connection_id_length) && |
| writer->WriteConnectionId(destination_connection_id) && |
| writer->WriteConnectionId(source_connection_id); |
| } |
| |
| enum class DroppedPacketReason { |
| // General errors |
| INVALID_PUBLIC_HEADER, |
| VERSION_MISMATCH, |
| // Version negotiation packet errors |
| INVALID_VERSION_NEGOTIATION_PACKET, |
| // Public reset packet errors, pre-v44 |
| INVALID_PUBLIC_RESET_PACKET, |
| // Data packet errors |
| INVALID_PACKET_NUMBER, |
| INVALID_DIVERSIFICATION_NONCE, |
| DECRYPTION_FAILURE, |
| NUM_REASONS, |
| }; |
| |
| void RecordDroppedPacketReason(DroppedPacketReason reason) { |
| QUIC_CLIENT_HISTOGRAM_ENUM("QuicDroppedPacketReason", reason, |
| DroppedPacketReason::NUM_REASONS, |
| "The reason a packet was not processed. Recorded " |
| "each time such a packet is dropped"); |
| } |
| |
| PacketHeaderFormat GetIetfPacketHeaderFormat(uint8_t type_byte) { |
| return type_byte & FLAGS_LONG_HEADER ? IETF_QUIC_LONG_HEADER_PACKET |
| : IETF_QUIC_SHORT_HEADER_PACKET; |
| } |
| |
| std::string GenerateErrorString(std::string initial_error_string, |
| QuicErrorCode quic_error_code) { |
| if (quic_error_code == QUIC_IETF_GQUIC_ERROR_MISSING) { |
| // QUIC_IETF_GQUIC_ERROR_MISSING is special -- it means not to encode |
| // the error value in the string. |
| return initial_error_string; |
| } |
| return absl::StrCat(std::to_string(static_cast<unsigned>(quic_error_code)), |
| ":", initial_error_string); |
| } |
| |
| // Return the minimum size of the ECN fields in an ACK frame |
| size_t AckEcnCountSize(const QuicAckFrame& ack_frame) { |
| if (!ack_frame.ecn_counters.has_value()) { |
| return 0; |
| } |
| return (QuicDataWriter::GetVarInt62Len(ack_frame.ecn_counters->ect0) + |
| QuicDataWriter::GetVarInt62Len(ack_frame.ecn_counters->ect1) + |
| QuicDataWriter::GetVarInt62Len(ack_frame.ecn_counters->ce)); |
| } |
| |
| } // namespace |
| |
| QuicFramer::QuicFramer(const ParsedQuicVersionVector& supported_versions, |
| QuicTime creation_time, Perspective perspective, |
| uint8_t expected_server_connection_id_length) |
| : visitor_(nullptr), |
| error_(QUIC_NO_ERROR), |
| last_serialized_server_connection_id_(EmptyQuicConnectionId()), |
| last_serialized_client_connection_id_(EmptyQuicConnectionId()), |
| version_(ParsedQuicVersion::Unsupported()), |
| supported_versions_(supported_versions), |
| decrypter_level_(ENCRYPTION_INITIAL), |
| alternative_decrypter_level_(NUM_ENCRYPTION_LEVELS), |
| alternative_decrypter_latch_(false), |
| perspective_(perspective), |
| validate_flags_(true), |
| process_timestamps_(false), |
| max_receive_timestamps_per_ack_(std::numeric_limits<uint32_t>::max()), |
| receive_timestamps_exponent_(0), |
| creation_time_(creation_time), |
| last_timestamp_(QuicTime::Delta::Zero()), |
| support_key_update_for_connection_(false), |
| current_key_phase_bit_(false), |
| potential_peer_key_update_attempt_count_(0), |
| first_sending_packet_number_(FirstSendingPacketNumber()), |
| data_producer_(nullptr), |
| infer_packet_header_type_from_version_(perspective == |
| Perspective::IS_CLIENT), |
| expected_server_connection_id_length_( |
| expected_server_connection_id_length), |
| expected_client_connection_id_length_(0), |
| supports_multiple_packet_number_spaces_(false), |
| last_written_packet_number_length_(0), |
| peer_ack_delay_exponent_(kDefaultAckDelayExponent), |
| local_ack_delay_exponent_(kDefaultAckDelayExponent), |
| current_received_frame_type_(0), |
| previously_received_frame_type_(0) { |
| QUICHE_DCHECK(!supported_versions.empty()); |
| version_ = supported_versions_[0]; |
| QUICHE_DCHECK(version_.IsKnown()) |
| << ParsedQuicVersionVectorToString(supported_versions_); |
| } |
| |
| QuicFramer::~QuicFramer() {} |
| |
| // static |
| size_t QuicFramer::GetMinStreamFrameSize(QuicTransportVersion version, |
| QuicStreamId stream_id, |
| QuicStreamOffset offset, |
| bool last_frame_in_packet, |
| size_t data_length) { |
| if (VersionHasIetfQuicFrames(version)) { |
| return kQuicFrameTypeSize + QuicDataWriter::GetVarInt62Len(stream_id) + |
| (last_frame_in_packet |
| ? 0 |
| : QuicDataWriter::GetVarInt62Len(data_length)) + |
| (offset != 0 ? QuicDataWriter::GetVarInt62Len(offset) : 0); |
| } |
| return kQuicFrameTypeSize + GetStreamIdSize(stream_id) + |
| GetStreamOffsetSize(offset) + |
| (last_frame_in_packet ? 0 : kQuicStreamPayloadLengthSize); |
| } |
| |
| // static |
| size_t QuicFramer::GetMinCryptoFrameSize(QuicStreamOffset offset, |
| QuicPacketLength data_length) { |
| return kQuicFrameTypeSize + QuicDataWriter::GetVarInt62Len(offset) + |
| QuicDataWriter::GetVarInt62Len(data_length); |
| } |
| |
| // static |
| size_t QuicFramer::GetMessageFrameSize(QuicTransportVersion version, |
| bool last_frame_in_packet, |
| QuicByteCount length) { |
| QUIC_BUG_IF(quic_bug_12975_1, !VersionSupportsMessageFrames(version)) |
| << "Try to serialize MESSAGE frame in " << version; |
| return kQuicFrameTypeSize + |
| (last_frame_in_packet ? 0 : QuicDataWriter::GetVarInt62Len(length)) + |
| length; |
| } |
| |
| // static |
| size_t QuicFramer::GetMinAckFrameSize( |
| QuicTransportVersion version, const QuicAckFrame& ack_frame, |
| uint32_t local_ack_delay_exponent, |
| bool use_ietf_ack_with_receive_timestamp) { |
| if (VersionHasIetfQuicFrames(version)) { |
| // The minimal ack frame consists of the following fields: Largest |
| // Acknowledged, ACK Delay, 0 ACK Block Count, First ACK Block and either 0 |
| // Timestamp Range Count or ECN counts. |
| // Type byte + largest acked. |
| size_t min_size = |
| kQuicFrameTypeSize + |
| QuicDataWriter::GetVarInt62Len(LargestAcked(ack_frame).ToUint64()); |
| // Ack delay. |
| min_size += QuicDataWriter::GetVarInt62Len( |
| ack_frame.ack_delay_time.ToMicroseconds() >> local_ack_delay_exponent); |
| // 0 ack block count. |
| min_size += QuicDataWriter::GetVarInt62Len(0); |
| // First ack block. |
| min_size += QuicDataWriter::GetVarInt62Len( |
| ack_frame.packets.Empty() ? 0 |
| : ack_frame.packets.rbegin()->Length() - 1); |
| |
| if (use_ietf_ack_with_receive_timestamp) { |
| // 0 Timestamp Range Count. |
| min_size += QuicDataWriter::GetVarInt62Len(0); |
| } else { |
| min_size += AckEcnCountSize(ack_frame); |
| } |
| return min_size; |
| } |
| return kQuicFrameTypeSize + |
| GetMinPacketNumberLength(LargestAcked(ack_frame)) + |
| kQuicDeltaTimeLargestObservedSize + kQuicNumTimestampsSize; |
| } |
| |
| // static |
| size_t QuicFramer::GetStopWaitingFrameSize( |
| QuicPacketNumberLength packet_number_length) { |
| size_t min_size = kQuicFrameTypeSize + packet_number_length; |
| return min_size; |
| } |
| |
| // static |
| size_t QuicFramer::GetRstStreamFrameSize(QuicTransportVersion version, |
| const QuicRstStreamFrame& frame) { |
| if (VersionHasIetfQuicFrames(version)) { |
| return QuicDataWriter::GetVarInt62Len(frame.stream_id) + |
| QuicDataWriter::GetVarInt62Len(frame.byte_offset) + |
| kQuicFrameTypeSize + |
| QuicDataWriter::GetVarInt62Len(frame.ietf_error_code); |
| } |
| return kQuicFrameTypeSize + kQuicMaxStreamIdSize + kQuicMaxStreamOffsetSize + |
| kQuicErrorCodeSize; |
| } |
| |
| // static |
| size_t QuicFramer::GetConnectionCloseFrameSize( |
| QuicTransportVersion version, const QuicConnectionCloseFrame& frame) { |
| if (!VersionHasIetfQuicFrames(version)) { |
| // Not IETF QUIC, return Google QUIC CONNECTION CLOSE frame size. |
| return kQuicFrameTypeSize + kQuicErrorCodeSize + |
| kQuicErrorDetailsLengthSize + |
| TruncatedErrorStringSize(frame.error_details); |
| } |
| |
| // Prepend the extra error information to the string and get the result's |
| // length. |
| const size_t truncated_error_string_size = TruncatedErrorStringSize( |
| GenerateErrorString(frame.error_details, frame.quic_error_code)); |
| |
| const size_t frame_size = |
| truncated_error_string_size + |
| QuicDataWriter::GetVarInt62Len(truncated_error_string_size) + |
| kQuicFrameTypeSize + |
| QuicDataWriter::GetVarInt62Len(frame.wire_error_code); |
| if (frame.close_type == IETF_QUIC_APPLICATION_CONNECTION_CLOSE) { |
| return frame_size; |
| } |
| // The Transport close frame has the transport_close_frame_type, so include |
| // its length. |
| return frame_size + |
| QuicDataWriter::GetVarInt62Len(frame.transport_close_frame_type); |
| } |
| |
| // static |
| size_t QuicFramer::GetMinGoAwayFrameSize() { |
| return kQuicFrameTypeSize + kQuicErrorCodeSize + kQuicErrorDetailsLengthSize + |
| kQuicMaxStreamIdSize; |
| } |
| |
| // static |
| size_t QuicFramer::GetWindowUpdateFrameSize( |
| QuicTransportVersion version, const QuicWindowUpdateFrame& frame) { |
| if (!VersionHasIetfQuicFrames(version)) { |
| return kQuicFrameTypeSize + kQuicMaxStreamIdSize + kQuicMaxStreamOffsetSize; |
| } |
| if (frame.stream_id == QuicUtils::GetInvalidStreamId(version)) { |
| // Frame would be a MAX DATA frame, which has only a Maximum Data field. |
| return kQuicFrameTypeSize + QuicDataWriter::GetVarInt62Len(frame.max_data); |
| } |
| // Frame would be MAX STREAM DATA, has Maximum Stream Data and Stream ID |
| // fields. |
| return kQuicFrameTypeSize + QuicDataWriter::GetVarInt62Len(frame.max_data) + |
| QuicDataWriter::GetVarInt62Len(frame.stream_id); |
| } |
| |
| // static |
| size_t QuicFramer::GetMaxStreamsFrameSize(QuicTransportVersion version, |
| const QuicMaxStreamsFrame& frame) { |
| if (!VersionHasIetfQuicFrames(version)) { |
| QUIC_BUG(quic_bug_10850_9) |
| << "In version " << version |
| << ", which does not support IETF Frames, and tried to serialize " |
| "MaxStreams Frame."; |
| } |
| return kQuicFrameTypeSize + |
| QuicDataWriter::GetVarInt62Len(frame.stream_count); |
| } |
| |
| // static |
| size_t QuicFramer::GetStreamsBlockedFrameSize( |
| QuicTransportVersion version, const QuicStreamsBlockedFrame& frame) { |
| if (!VersionHasIetfQuicFrames(version)) { |
| QUIC_BUG(quic_bug_10850_10) |
| << "In version " << version |
| << ", which does not support IETF frames, and tried to serialize " |
| "StreamsBlocked Frame."; |
| } |
| |
| return kQuicFrameTypeSize + |
| QuicDataWriter::GetVarInt62Len(frame.stream_count); |
| } |
| |
| // static |
| size_t QuicFramer::GetBlockedFrameSize(QuicTransportVersion version, |
| const QuicBlockedFrame& frame) { |
| if (!VersionHasIetfQuicFrames(version)) { |
| return kQuicFrameTypeSize + kQuicMaxStreamIdSize; |
| } |
| if (frame.stream_id == QuicUtils::GetInvalidStreamId(version)) { |
| // return size of IETF QUIC Blocked frame |
| return kQuicFrameTypeSize + QuicDataWriter::GetVarInt62Len(frame.offset); |
| } |
| // return size of IETF QUIC Stream Blocked frame. |
| return kQuicFrameTypeSize + QuicDataWriter::GetVarInt62Len(frame.offset) + |
| QuicDataWriter::GetVarInt62Len(frame.stream_id); |
| } |
| |
| // static |
| size_t QuicFramer::GetStopSendingFrameSize(const QuicStopSendingFrame& frame) { |
| return kQuicFrameTypeSize + QuicDataWriter::GetVarInt62Len(frame.stream_id) + |
| QuicDataWriter::GetVarInt62Len(frame.ietf_error_code); |
| } |
| |
| // static |
| size_t QuicFramer::GetAckFrequencyFrameSize( |
| const QuicAckFrequencyFrame& frame) { |
| return QuicDataWriter::GetVarInt62Len(IETF_ACK_FREQUENCY) + |
| QuicDataWriter::GetVarInt62Len(frame.sequence_number) + |
| QuicDataWriter::GetVarInt62Len(frame.packet_tolerance) + |
| QuicDataWriter::GetVarInt62Len(frame.max_ack_delay.ToMicroseconds()) + |
| // One byte for encoding boolean |
| 1; |
| } |
| |
| // static |
| size_t QuicFramer::GetPathChallengeFrameSize( |
| const QuicPathChallengeFrame& frame) { |
| return kQuicFrameTypeSize + sizeof(frame.data_buffer); |
| } |
| |
| // static |
| size_t QuicFramer::GetPathResponseFrameSize( |
| const QuicPathResponseFrame& frame) { |
| return kQuicFrameTypeSize + sizeof(frame.data_buffer); |
| } |
| |
| // static |
| size_t QuicFramer::GetRetransmittableControlFrameSize( |
| QuicTransportVersion version, const QuicFrame& frame) { |
| switch (frame.type) { |
| case PING_FRAME: |
| // Ping has no payload. |
| return kQuicFrameTypeSize; |
| case RST_STREAM_FRAME: |
| return GetRstStreamFrameSize(version, *frame.rst_stream_frame); |
| case CONNECTION_CLOSE_FRAME: |
| return GetConnectionCloseFrameSize(version, |
| *frame.connection_close_frame); |
| case GOAWAY_FRAME: |
| return GetMinGoAwayFrameSize() + |
| TruncatedErrorStringSize(frame.goaway_frame->reason_phrase); |
| case WINDOW_UPDATE_FRAME: |
| // For IETF QUIC, this could be either a MAX DATA or MAX STREAM DATA. |
| // GetWindowUpdateFrameSize figures this out and returns the correct |
| // length. |
| return GetWindowUpdateFrameSize(version, frame.window_update_frame); |
| case BLOCKED_FRAME: |
| return GetBlockedFrameSize(version, frame.blocked_frame); |
| case NEW_CONNECTION_ID_FRAME: |
| return GetNewConnectionIdFrameSize(*frame.new_connection_id_frame); |
| case RETIRE_CONNECTION_ID_FRAME: |
| return GetRetireConnectionIdFrameSize(*frame.retire_connection_id_frame); |
| case NEW_TOKEN_FRAME: |
| return GetNewTokenFrameSize(*frame.new_token_frame); |
| case MAX_STREAMS_FRAME: |
| return GetMaxStreamsFrameSize(version, frame.max_streams_frame); |
| case STREAMS_BLOCKED_FRAME: |
| return GetStreamsBlockedFrameSize(version, frame.streams_blocked_frame); |
| case PATH_RESPONSE_FRAME: |
| return GetPathResponseFrameSize(frame.path_response_frame); |
| case PATH_CHALLENGE_FRAME: |
| return GetPathChallengeFrameSize(frame.path_challenge_frame); |
| case STOP_SENDING_FRAME: |
| return GetStopSendingFrameSize(frame.stop_sending_frame); |
| case HANDSHAKE_DONE_FRAME: |
| // HANDSHAKE_DONE has no payload. |
| return kQuicFrameTypeSize; |
| case ACK_FREQUENCY_FRAME: |
| return GetAckFrequencyFrameSize(*frame.ack_frequency_frame); |
| case STREAM_FRAME: |
| case ACK_FRAME: |
| case STOP_WAITING_FRAME: |
| case MTU_DISCOVERY_FRAME: |
| case PADDING_FRAME: |
| case MESSAGE_FRAME: |
| case CRYPTO_FRAME: |
| case NUM_FRAME_TYPES: |
| QUICHE_DCHECK(false); |
| return 0; |
| } |
| |
| // Not reachable, but some Chrome compilers can't figure that out. *sigh* |
| QUICHE_DCHECK(false); |
| return 0; |
| } |
| |
| // static |
| size_t QuicFramer::GetStreamIdSize(QuicStreamId stream_id) { |
| // Sizes are 1 through 4 bytes. |
| for (int i = 1; i <= 4; ++i) { |
| stream_id >>= 8; |
| if (stream_id == 0) { |
| return i; |
| } |
| } |
| QUIC_BUG(quic_bug_10850_11) << "Failed to determine StreamIDSize."; |
| return 4; |
| } |
| |
| // static |
| size_t QuicFramer::GetStreamOffsetSize(QuicStreamOffset offset) { |
| // 0 is a special case. |
| if (offset == 0) { |
| return 0; |
| } |
| // 2 through 8 are the remaining sizes. |
| offset >>= 8; |
| for (int i = 2; i <= 8; ++i) { |
| offset >>= 8; |
| if (offset == 0) { |
| return i; |
| } |
| } |
| QUIC_BUG(quic_bug_10850_12) << "Failed to determine StreamOffsetSize."; |
| return 8; |
| } |
| |
| // static |
| size_t QuicFramer::GetNewConnectionIdFrameSize( |
| const QuicNewConnectionIdFrame& frame) { |
| return kQuicFrameTypeSize + |
| QuicDataWriter::GetVarInt62Len(frame.sequence_number) + |
| QuicDataWriter::GetVarInt62Len(frame.retire_prior_to) + |
| kConnectionIdLengthSize + frame.connection_id.length() + |
| sizeof(frame.stateless_reset_token); |
| } |
| |
| // static |
| size_t QuicFramer::GetRetireConnectionIdFrameSize( |
| const QuicRetireConnectionIdFrame& frame) { |
| return kQuicFrameTypeSize + |
| QuicDataWriter::GetVarInt62Len(frame.sequence_number); |
| } |
| |
| // static |
| size_t QuicFramer::GetNewTokenFrameSize(const QuicNewTokenFrame& frame) { |
| return kQuicFrameTypeSize + |
| QuicDataWriter::GetVarInt62Len(frame.token.length()) + |
| frame.token.length(); |
| } |
| |
| // TODO(nharper): Change this method to take a ParsedQuicVersion. |
| bool QuicFramer::IsSupportedTransportVersion( |
| const QuicTransportVersion version) const { |
| for (const ParsedQuicVersion& supported_version : supported_versions_) { |
| if (version == supported_version.transport_version) { |
| return true; |
| } |
| } |
| return false; |
| } |
| |
| bool QuicFramer::IsSupportedVersion(const ParsedQuicVersion version) const { |
| for (const ParsedQuicVersion& supported_version : supported_versions_) { |
| if (version == supported_version) { |
| return true; |
| } |
| } |
| return false; |
| } |
| |
| size_t QuicFramer::GetSerializedFrameLength( |
| const QuicFrame& frame, size_t free_bytes, bool first_frame, |
| bool last_frame, QuicPacketNumberLength packet_number_length) { |
| // Prevent a rare crash reported in b/19458523. |
| if (frame.type == ACK_FRAME && frame.ack_frame == nullptr) { |
| QUIC_BUG(quic_bug_10850_13) |
| << "Cannot compute the length of a null ack frame. free_bytes:" |
| << free_bytes << " first_frame:" << first_frame |
| << " last_frame:" << last_frame |
| << " seq num length:" << packet_number_length; |
| set_error(QUIC_INTERNAL_ERROR); |
| visitor_->OnError(this); |
| return 0; |
| } |
| if (frame.type == PADDING_FRAME) { |
| if (frame.padding_frame.num_padding_bytes == -1) { |
| // Full padding to the end of the packet. |
| return free_bytes; |
| } else { |
| // Lite padding. |
| return free_bytes < |
| static_cast<size_t>(frame.padding_frame.num_padding_bytes) |
| ? free_bytes |
| : frame.padding_frame.num_padding_bytes; |
| } |
| } |
| |
| size_t frame_len = |
| ComputeFrameLength(frame, last_frame, packet_number_length); |
| if (frame_len <= free_bytes) { |
| // Frame fits within packet. Note that acks may be truncated. |
| return frame_len; |
| } |
| // Only truncate the first frame in a packet, so if subsequent ones go |
| // over, stop including more frames. |
| if (!first_frame) { |
| return 0; |
| } |
| bool can_truncate = |
| frame.type == ACK_FRAME && |
| free_bytes >= |
| GetMinAckFrameSize(version_.transport_version, *frame.ack_frame, |
| local_ack_delay_exponent_, |
| UseIetfAckWithReceiveTimestamp(*frame.ack_frame)); |
| if (can_truncate) { |
| // Truncate the frame so the packet will not exceed kMaxOutgoingPacketSize. |
| // Note that we may not use every byte of the writer in this case. |
| QUIC_DLOG(INFO) << ENDPOINT |
| << "Truncating large frame, free bytes: " << free_bytes; |
| return free_bytes; |
| } |
| return 0; |
| } |
| |
| QuicFramer::AckFrameInfo::AckFrameInfo() |
| : max_block_length(0), first_block_length(0), num_ack_blocks(0) {} |
| |
| QuicFramer::AckFrameInfo::AckFrameInfo(const AckFrameInfo& other) = default; |
| |
| QuicFramer::AckFrameInfo::~AckFrameInfo() {} |
| |
| bool QuicFramer::WriteIetfLongHeaderLength(const QuicPacketHeader& header, |
| QuicDataWriter* writer, |
| size_t length_field_offset, |
| EncryptionLevel level) { |
| if (!QuicVersionHasLongHeaderLengths(transport_version()) || |
| !header.version_flag || length_field_offset == 0) { |
| return true; |
| } |
| if (writer->length() < length_field_offset || |
| writer->length() - length_field_offset < |
| quiche::kQuicheDefaultLongHeaderLengthLength) { |
| set_detailed_error("Invalid length_field_offset."); |
| QUIC_BUG(quic_bug_10850_14) << "Invalid length_field_offset."; |
| return false; |
| } |
| size_t length_to_write = writer->length() - length_field_offset - |
| quiche::kQuicheDefaultLongHeaderLengthLength; |
| // Add length of auth tag. |
| length_to_write = GetCiphertextSize(level, length_to_write); |
| |
| QuicDataWriter length_writer(writer->length() - length_field_offset, |
| writer->data() + length_field_offset); |
| if (!length_writer.WriteVarInt62WithForcedLength( |
| length_to_write, quiche::kQuicheDefaultLongHeaderLengthLength)) { |
| set_detailed_error("Failed to overwrite long header length."); |
| QUIC_BUG(quic_bug_10850_15) << "Failed to overwrite long header length."; |
| return false; |
| } |
| return true; |
| } |
| |
| size_t QuicFramer::BuildDataPacket(const QuicPacketHeader& header, |
| const QuicFrames& frames, char* buffer, |
| size_t packet_length, |
| EncryptionLevel level) { |
| QUIC_BUG_IF(quic_bug_12975_2, |
| header.version_flag && version().HasIetfInvariantHeader() && |
| header.long_packet_type == RETRY && !frames.empty()) |
| << "IETF RETRY packets cannot contain frames " << header; |
| QuicDataWriter writer(packet_length, buffer); |
| size_t length_field_offset = 0; |
| if (!AppendPacketHeader(header, &writer, &length_field_offset)) { |
| QUIC_BUG(quic_bug_10850_16) << "AppendPacketHeader failed"; |
| return 0; |
| } |
| |
| if (VersionHasIetfQuicFrames(transport_version())) { |
| if (AppendIetfFrames(frames, &writer) == 0) { |
| return 0; |
| } |
| if (!WriteIetfLongHeaderLength(header, &writer, length_field_offset, |
| level)) { |
| return 0; |
| } |
| return writer.length(); |
| } |
| |
| size_t i = 0; |
| for (const QuicFrame& frame : frames) { |
| // Determine if we should write stream frame length in header. |
| const bool last_frame_in_packet = i == frames.size() - 1; |
| if (!AppendTypeByte(frame, last_frame_in_packet, &writer)) { |
| QUIC_BUG(quic_bug_10850_17) << "AppendTypeByte failed"; |
| return 0; |
| } |
| |
| switch (frame.type) { |
| case PADDING_FRAME: |
| if (!AppendPaddingFrame(frame.padding_frame, &writer)) { |
| QUIC_BUG(quic_bug_10850_18) |
| << "AppendPaddingFrame of " |
| << frame.padding_frame.num_padding_bytes << " failed"; |
| return 0; |
| } |
| break; |
| case STREAM_FRAME: |
| if (!AppendStreamFrame(frame.stream_frame, last_frame_in_packet, |
| &writer)) { |
| QUIC_BUG(quic_bug_10850_19) << "AppendStreamFrame failed"; |
| return 0; |
| } |
| break; |
| case ACK_FRAME: |
| if (!AppendAckFrameAndTypeByte(*frame.ack_frame, &writer)) { |
| QUIC_BUG(quic_bug_10850_20) |
| << "AppendAckFrameAndTypeByte failed: " << detailed_error_; |
| return 0; |
| } |
| break; |
| case STOP_WAITING_FRAME: |
| if (!AppendStopWaitingFrame(header, frame.stop_waiting_frame, |
| &writer)) { |
| QUIC_BUG(quic_bug_10850_21) << "AppendStopWaitingFrame failed"; |
| return 0; |
| } |
| break; |
| case MTU_DISCOVERY_FRAME: |
| // MTU discovery frames are serialized as ping frames. |
| ABSL_FALLTHROUGH_INTENDED; |
| case PING_FRAME: |
| // Ping has no payload. |
| break; |
| case RST_STREAM_FRAME: |
| if (!AppendRstStreamFrame(*frame.rst_stream_frame, &writer)) { |
| QUIC_BUG(quic_bug_10850_22) << "AppendRstStreamFrame failed"; |
| return 0; |
| } |
| break; |
| case CONNECTION_CLOSE_FRAME: |
| if (!AppendConnectionCloseFrame(*frame.connection_close_frame, |
| &writer)) { |
| QUIC_BUG(quic_bug_10850_23) << "AppendConnectionCloseFrame failed"; |
| return 0; |
| } |
| break; |
| case GOAWAY_FRAME: |
| if (!AppendGoAwayFrame(*frame.goaway_frame, &writer)) { |
| QUIC_BUG(quic_bug_10850_24) << "AppendGoAwayFrame failed"; |
| return 0; |
| } |
| break; |
| case WINDOW_UPDATE_FRAME: |
| if (!AppendWindowUpdateFrame(frame.window_update_frame, &writer)) { |
| QUIC_BUG(quic_bug_10850_25) << "AppendWindowUpdateFrame failed"; |
| return 0; |
| } |
| break; |
| case BLOCKED_FRAME: |
| if (!AppendBlockedFrame(frame.blocked_frame, &writer)) { |
| QUIC_BUG(quic_bug_10850_26) << "AppendBlockedFrame failed"; |
| return 0; |
| } |
| break; |
| case NEW_CONNECTION_ID_FRAME: |
| set_detailed_error( |
| "Attempt to append NEW_CONNECTION_ID frame and not in IETF QUIC."); |
| return RaiseError(QUIC_INTERNAL_ERROR); |
| case RETIRE_CONNECTION_ID_FRAME: |
| set_detailed_error( |
| "Attempt to append RETIRE_CONNECTION_ID frame and not in IETF " |
| "QUIC."); |
| return RaiseError(QUIC_INTERNAL_ERROR); |
| case NEW_TOKEN_FRAME: |
| set_detailed_error( |
| "Attempt to append NEW_TOKEN_ID frame and not in IETF QUIC."); |
| return RaiseError(QUIC_INTERNAL_ERROR); |
| case MAX_STREAMS_FRAME: |
| set_detailed_error( |
| "Attempt to append MAX_STREAMS frame and not in IETF QUIC."); |
| return RaiseError(QUIC_INTERNAL_ERROR); |
| case STREAMS_BLOCKED_FRAME: |
| set_detailed_error( |
| "Attempt to append STREAMS_BLOCKED frame and not in IETF QUIC."); |
| return RaiseError(QUIC_INTERNAL_ERROR); |
| case PATH_RESPONSE_FRAME: |
| set_detailed_error( |
| "Attempt to append PATH_RESPONSE frame and not in IETF QUIC."); |
| return RaiseError(QUIC_INTERNAL_ERROR); |
| case PATH_CHALLENGE_FRAME: |
| set_detailed_error( |
| "Attempt to append PATH_CHALLENGE frame and not in IETF QUIC."); |
| return RaiseError(QUIC_INTERNAL_ERROR); |
| case STOP_SENDING_FRAME: |
| set_detailed_error( |
| "Attempt to append STOP_SENDING frame and not in IETF QUIC."); |
| return RaiseError(QUIC_INTERNAL_ERROR); |
| case MESSAGE_FRAME: |
| if (!AppendMessageFrameAndTypeByte(*frame.message_frame, |
| last_frame_in_packet, &writer)) { |
| QUIC_BUG(quic_bug_10850_27) << "AppendMessageFrame failed"; |
| return 0; |
| } |
| break; |
| case CRYPTO_FRAME: |
| if (!QuicVersionUsesCryptoFrames(version_.transport_version)) { |
| set_detailed_error( |
| "Attempt to append CRYPTO frame in version prior to 47."); |
| return RaiseError(QUIC_INTERNAL_ERROR); |
| } |
| if (!AppendCryptoFrame(*frame.crypto_frame, &writer)) { |
| QUIC_BUG(quic_bug_10850_28) << "AppendCryptoFrame failed"; |
| return 0; |
| } |
| break; |
| case HANDSHAKE_DONE_FRAME: |
| // HANDSHAKE_DONE has no payload. |
| break; |
| default: |
| RaiseError(QUIC_INVALID_FRAME_DATA); |
| QUIC_BUG(quic_bug_10850_29) << "QUIC_INVALID_FRAME_DATA"; |
| return 0; |
| } |
| ++i; |
| } |
| |
| if (!WriteIetfLongHeaderLength(header, &writer, length_field_offset, level)) { |
| return 0; |
| } |
| |
| return writer.length(); |
| } |
| |
| size_t QuicFramer::AppendIetfFrames(const QuicFrames& frames, |
| QuicDataWriter* writer) { |
| size_t i = 0; |
| for (const QuicFrame& frame : frames) { |
| // Determine if we should write stream frame length in header. |
| const bool last_frame_in_packet = i == frames.size() - 1; |
| if (!AppendIetfFrameType(frame, last_frame_in_packet, writer)) { |
| QUIC_BUG(quic_bug_10850_30) |
| << "AppendIetfFrameType failed: " << detailed_error(); |
| return 0; |
| } |
| |
| switch (frame.type) { |
| case PADDING_FRAME: |
| if (!AppendPaddingFrame(frame.padding_frame, writer)) { |
| QUIC_BUG(quic_bug_10850_31) << "AppendPaddingFrame of " |
| << frame.padding_frame.num_padding_bytes |
| << " failed: " << detailed_error(); |
| return 0; |
| } |
| break; |
| case STREAM_FRAME: |
| if (!AppendStreamFrame(frame.stream_frame, last_frame_in_packet, |
| writer)) { |
| QUIC_BUG(quic_bug_10850_32) |
| << "AppendStreamFrame " << frame.stream_frame |
| << " failed: " << detailed_error(); |
| return 0; |
| } |
| break; |
| case ACK_FRAME: |
| if (!AppendIetfAckFrameAndTypeByte(*frame.ack_frame, writer)) { |
| QUIC_BUG(quic_bug_10850_33) |
| << "AppendIetfAckFrameAndTypeByte failed: " << detailed_error(); |
| return 0; |
| } |
| break; |
| case STOP_WAITING_FRAME: |
| set_detailed_error( |
| "Attempt to append STOP WAITING frame in IETF QUIC."); |
| RaiseError(QUIC_INTERNAL_ERROR); |
| QUIC_BUG(quic_bug_10850_34) << detailed_error(); |
| return 0; |
| case MTU_DISCOVERY_FRAME: |
| // MTU discovery frames are serialized as ping frames. |
| ABSL_FALLTHROUGH_INTENDED; |
| case PING_FRAME: |
| // Ping has no payload. |
| break; |
| case RST_STREAM_FRAME: |
| if (!AppendRstStreamFrame(*frame.rst_stream_frame, writer)) { |
| QUIC_BUG(quic_bug_10850_35) |
| << "AppendRstStreamFrame failed: " << detailed_error(); |
| return 0; |
| } |
| break; |
| case CONNECTION_CLOSE_FRAME: |
| if (!AppendIetfConnectionCloseFrame(*frame.connection_close_frame, |
| writer)) { |
| QUIC_BUG(quic_bug_10850_36) |
| << "AppendIetfConnectionCloseFrame failed: " << detailed_error(); |
| return 0; |
| } |
| break; |
| case GOAWAY_FRAME: |
| set_detailed_error("Attempt to append GOAWAY frame in IETF QUIC."); |
| RaiseError(QUIC_INTERNAL_ERROR); |
| QUIC_BUG(quic_bug_10850_37) << detailed_error(); |
| return 0; |
| case WINDOW_UPDATE_FRAME: |
| // Depending on whether there is a stream ID or not, will be either a |
| // MAX STREAM DATA frame or a MAX DATA frame. |
| if (frame.window_update_frame.stream_id == |
| QuicUtils::GetInvalidStreamId(transport_version())) { |
| if (!AppendMaxDataFrame(frame.window_update_frame, writer)) { |
| QUIC_BUG(quic_bug_10850_38) |
| << "AppendMaxDataFrame failed: " << detailed_error(); |
| return 0; |
| } |
| } else { |
| if (!AppendMaxStreamDataFrame(frame.window_update_frame, writer)) { |
| QUIC_BUG(quic_bug_10850_39) |
| << "AppendMaxStreamDataFrame failed: " << detailed_error(); |
| return 0; |
| } |
| } |
| break; |
| case BLOCKED_FRAME: |
| if (!AppendBlockedFrame(frame.blocked_frame, writer)) { |
| QUIC_BUG(quic_bug_10850_40) |
| << "AppendBlockedFrame failed: " << detailed_error(); |
| return 0; |
| } |
| break; |
| case MAX_STREAMS_FRAME: |
| if (!AppendMaxStreamsFrame(frame.max_streams_frame, writer)) { |
| QUIC_BUG(quic_bug_10850_41) |
| << "AppendMaxStreamsFrame failed: " << detailed_error(); |
| return 0; |
| } |
| break; |
| case STREAMS_BLOCKED_FRAME: |
| if (!AppendStreamsBlockedFrame(frame.streams_blocked_frame, writer)) { |
| QUIC_BUG(quic_bug_10850_42) |
| << "AppendStreamsBlockedFrame failed: " << detailed_error(); |
| return 0; |
| } |
| break; |
| case NEW_CONNECTION_ID_FRAME: |
| if (!AppendNewConnectionIdFrame(*frame.new_connection_id_frame, |
| writer)) { |
| QUIC_BUG(quic_bug_10850_43) |
| << "AppendNewConnectionIdFrame failed: " << detailed_error(); |
| return 0; |
| } |
| break; |
| case RETIRE_CONNECTION_ID_FRAME: |
| if (!AppendRetireConnectionIdFrame(*frame.retire_connection_id_frame, |
| writer)) { |
| QUIC_BUG(quic_bug_10850_44) |
| << "AppendRetireConnectionIdFrame failed: " << detailed_error(); |
| return 0; |
| } |
| break; |
| case NEW_TOKEN_FRAME: |
| if (!AppendNewTokenFrame(*frame.new_token_frame, writer)) { |
| QUIC_BUG(quic_bug_10850_45) |
| << "AppendNewTokenFrame failed: " << detailed_error(); |
| return 0; |
| } |
| break; |
| case STOP_SENDING_FRAME: |
| if (!AppendStopSendingFrame(frame.stop_sending_frame, writer)) { |
| QUIC_BUG(quic_bug_10850_46) |
| << "AppendStopSendingFrame failed: " << detailed_error(); |
| return 0; |
| } |
| break; |
| case PATH_CHALLENGE_FRAME: |
| if (!AppendPathChallengeFrame(frame.path_challenge_frame, writer)) { |
| QUIC_BUG(quic_bug_10850_47) |
| << "AppendPathChallengeFrame failed: " << detailed_error(); |
| return 0; |
| } |
| break; |
| case PATH_RESPONSE_FRAME: |
| if (!AppendPathResponseFrame(frame.path_response_frame, writer)) { |
| QUIC_BUG(quic_bug_10850_48) |
| << "AppendPathResponseFrame failed: " << detailed_error(); |
| return 0; |
| } |
| break; |
| case MESSAGE_FRAME: |
| if (!AppendMessageFrameAndTypeByte(*frame.message_frame, |
| last_frame_in_packet, writer)) { |
| QUIC_BUG(quic_bug_10850_49) |
| << "AppendMessageFrame failed: " << detailed_error(); |
| return 0; |
| } |
| break; |
| case CRYPTO_FRAME: |
| if (!AppendCryptoFrame(*frame.crypto_frame, writer)) { |
| QUIC_BUG(quic_bug_10850_50) |
| << "AppendCryptoFrame failed: " << detailed_error(); |
| return 0; |
| } |
| break; |
| case HANDSHAKE_DONE_FRAME: |
| // HANDSHAKE_DONE has no payload. |
| break; |
| case ACK_FREQUENCY_FRAME: |
| if (!AppendAckFrequencyFrame(*frame.ack_frequency_frame, writer)) { |
| QUIC_BUG(quic_bug_10850_51) |
| << "AppendAckFrequencyFrame failed: " << detailed_error(); |
| return 0; |
| } |
| break; |
| default: |
| set_detailed_error("Tried to append unknown frame type."); |
| RaiseError(QUIC_INVALID_FRAME_DATA); |
| QUIC_BUG(quic_bug_10850_52) |
| << "QUIC_INVALID_FRAME_DATA: " << frame.type; |
| return 0; |
| } |
| ++i; |
| } |
| |
| return writer->length(); |
| } |
| |
| // static |
| std::unique_ptr<QuicEncryptedPacket> QuicFramer::BuildPublicResetPacket( |
| const QuicPublicResetPacket& packet) { |
| CryptoHandshakeMessage reset; |
| reset.set_tag(kPRST); |
| reset.SetValue(kRNON, packet.nonce_proof); |
| if (packet.client_address.host().address_family() != |
| IpAddressFamily::IP_UNSPEC) { |
| // packet.client_address is non-empty. |
| QuicSocketAddressCoder address_coder(packet.client_address); |
| std::string serialized_address = address_coder.Encode(); |
| if (serialized_address.empty()) { |
| return nullptr; |
| } |
| reset.SetStringPiece(kCADR, serialized_address); |
| } |
| if (!packet.endpoint_id.empty()) { |
| reset.SetStringPiece(kEPID, packet.endpoint_id); |
| } |
| const QuicData& reset_serialized = reset.GetSerialized(); |
| |
| size_t len = kPublicFlagsSize + packet.connection_id.length() + |
| reset_serialized.length(); |
| std::unique_ptr<char[]> buffer(new char[len]); |
| QuicDataWriter writer(len, buffer.get()); |
| |
| uint8_t flags = static_cast<uint8_t>(PACKET_PUBLIC_FLAGS_RST | |
| PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID); |
| // This hack makes post-v33 public reset packet look like pre-v33 packets. |
| flags |= static_cast<uint8_t>(PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID_OLD); |
| if (!writer.WriteUInt8(flags)) { |
| return nullptr; |
| } |
| |
| if (!writer.WriteConnectionId(packet.connection_id)) { |
| return nullptr; |
| } |
| |
| if (!writer.WriteBytes(reset_serialized.data(), reset_serialized.length())) { |
| return nullptr; |
| } |
| |
| return std::make_unique<QuicEncryptedPacket>(buffer.release(), len, true); |
| } |
| |
| // static |
| size_t QuicFramer::GetMinStatelessResetPacketLength() { |
| // 5 bytes (40 bits) = 2 Fixed Bits (01) + 38 Unpredictable bits |
| return 5 + kStatelessResetTokenLength; |
| } |
| |
| // static |
| std::unique_ptr<QuicEncryptedPacket> QuicFramer::BuildIetfStatelessResetPacket( |
| QuicConnectionId connection_id, size_t received_packet_length, |
| StatelessResetToken stateless_reset_token) { |
| return BuildIetfStatelessResetPacket(connection_id, received_packet_length, |
| stateless_reset_token, |
| QuicRandom::GetInstance()); |
| } |
| |
| // static |
| std::unique_ptr<QuicEncryptedPacket> QuicFramer::BuildIetfStatelessResetPacket( |
| QuicConnectionId /*connection_id*/, size_t received_packet_length, |
| StatelessResetToken stateless_reset_token, QuicRandom* random) { |
| QUIC_DVLOG(1) << "Building IETF stateless reset packet."; |
| if (received_packet_length <= GetMinStatelessResetPacketLength()) { |
| QUICHE_DLOG(ERROR) |
| << "Tried to build stateless reset packet with received packet " |
| "length " |
| << received_packet_length; |
| return nullptr; |
| } |
| // To ensure stateless reset is indistinguishable from a valid packet, |
| // include the max connection ID length. |
| size_t len = std::min(received_packet_length - 1, |
| GetMinStatelessResetPacketLength() + 1 + |
| kQuicMaxConnectionIdWithLengthPrefixLength); |
| std::unique_ptr<char[]> buffer(new char[len]); |
| QuicDataWriter writer(len, buffer.get()); |
| // Append random bytes. This randomness only exists to prevent middleboxes |
| // from comparing the entire packet to a known value. Therefore it has no |
| // cryptographic use, and does not need a secure cryptographic pseudo-random |
| // number generator. It's therefore safe to use WriteInsecureRandomBytes. |
| const size_t random_bytes_size = len - kStatelessResetTokenLength; |
| if (!writer.WriteInsecureRandomBytes(random, random_bytes_size)) { |
| QUIC_BUG(362045737_2) << "Failed to append random bytes of length: " |
| << random_bytes_size; |
| return nullptr; |
| } |
| // Change first 2 fixed bits to 01. |
| buffer[0] &= ~FLAGS_LONG_HEADER; |
| buffer[0] |= FLAGS_FIXED_BIT; |
| |
| // Append stateless reset token. |
| if (!writer.WriteBytes(&stateless_reset_token, |
| sizeof(stateless_reset_token))) { |
| QUIC_BUG(362045737_3) << "Failed to write stateless reset token"; |
| return nullptr; |
| } |
| return std::make_unique<QuicEncryptedPacket>(buffer.release(), len, |
| /*owns_buffer=*/true); |
| } |
| |
| // static |
| std::unique_ptr<QuicEncryptedPacket> QuicFramer::BuildVersionNegotiationPacket( |
| QuicConnectionId server_connection_id, |
| QuicConnectionId client_connection_id, bool ietf_quic, |
| bool use_length_prefix, const ParsedQuicVersionVector& versions) { |
| QUIC_CODE_COUNT(quic_build_version_negotiation); |
| if (use_length_prefix) { |
| QUICHE_DCHECK(ietf_quic); |
| QUIC_CODE_COUNT(quic_build_version_negotiation_ietf); |
| } else if (ietf_quic) { |
| QUIC_CODE_COUNT(quic_build_version_negotiation_old_ietf); |
| } else { |
| QUIC_CODE_COUNT(quic_build_version_negotiation_old_gquic); |
| } |
| ParsedQuicVersionVector wire_versions = versions; |
| // Add a version reserved for negotiation as suggested by the |
| // "Using Reserved Versions" section of draft-ietf-quic-transport. |
| if (wire_versions.empty()) { |
| // Ensure that version negotiation packets we send have at least two |
| // versions. This guarantees that, under all circumstances, all QUIC |
| // packets we send are at least 14 bytes long. |
| wire_versions = {QuicVersionReservedForNegotiation(), |
| QuicVersionReservedForNegotiation()}; |
| } else { |
| // This is not uniformely distributed but is acceptable since no security |
| // depends on this randomness. |
| size_t version_index = 0; |
| const bool disable_randomness = |
| GetQuicFlag(quic_disable_version_negotiation_grease_randomness); |
| if (!disable_randomness) { |
| version_index = |
| QuicRandom::GetInstance()->RandUint64() % (wire_versions.size() + 1); |
| } |
| wire_versions.insert(wire_versions.begin() + version_index, |
| QuicVersionReservedForNegotiation()); |
| } |
| if (ietf_quic) { |
| return BuildIetfVersionNegotiationPacket( |
| use_length_prefix, server_connection_id, client_connection_id, |
| wire_versions); |
| } |
| |
| // The GQUIC encoding does not support encoding client connection IDs. |
| QUICHE_DCHECK(client_connection_id.IsEmpty()); |
| // The GQUIC encoding does not support length-prefixed connection IDs. |
| QUICHE_DCHECK(!use_length_prefix); |
| |
| QUICHE_DCHECK(!wire_versions.empty()); |
| size_t len = kPublicFlagsSize + server_connection_id.length() + |
| wire_versions.size() * kQuicVersionSize; |
| std::unique_ptr<char[]> buffer(new char[len]); |
| QuicDataWriter writer(len, buffer.get()); |
| |
| uint8_t flags = static_cast<uint8_t>( |
| PACKET_PUBLIC_FLAGS_VERSION | PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID | |
| PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID_OLD); |
| if (!writer.WriteUInt8(flags)) { |
| return nullptr; |
| } |
| |
| if (!writer.WriteConnectionId(server_connection_id)) { |
| return nullptr; |
| } |
| |
| for (const ParsedQuicVersion& version : wire_versions) { |
| if (!writer.WriteUInt32(CreateQuicVersionLabel(version))) { |
| return nullptr; |
| } |
| } |
| |
| return std::make_unique<QuicEncryptedPacket>(buffer.release(), len, true); |
| } |
| |
| // static |
| std::unique_ptr<QuicEncryptedPacket> |
| QuicFramer::BuildIetfVersionNegotiationPacket( |
| bool use_length_prefix, QuicConnectionId server_connection_id, |
| QuicConnectionId client_connection_id, |
| const ParsedQuicVersionVector& versions) { |
| QUIC_DVLOG(1) << "Building IETF version negotiation packet with" |
| << (use_length_prefix ? "" : "out") |
| << " length prefix, server_connection_id " |
| << server_connection_id << " client_connection_id " |
| << client_connection_id << " versions " |
| << ParsedQuicVersionVectorToString(versions); |
| QUICHE_DCHECK(!versions.empty()); |
| size_t len = kPacketHeaderTypeSize + kConnectionIdLengthSize + |
| client_connection_id.length() + server_connection_id.length() + |
| (versions.size() + 1) * kQuicVersionSize; |
| if (use_length_prefix) { |
| // When using length-prefixed connection IDs, packets carry two lengths |
| // instead of one. |
| len += kConnectionIdLengthSize; |
| } |
| std::unique_ptr<char[]> buffer(new char[len]); |
| QuicDataWriter writer(len, buffer.get()); |
| |
| // TODO(fayang): Randomly select a value for the type. |
| uint8_t type = static_cast<uint8_t>(FLAGS_LONG_HEADER | FLAGS_FIXED_BIT); |
| if (!writer.WriteUInt8(type)) { |
| return nullptr; |
| } |
| |
| if (!writer.WriteUInt32(0)) { |
| return nullptr; |
| } |
| |
| if (!AppendIetfConnectionIds(true, use_length_prefix, client_connection_id, |
| server_connection_id, &writer)) { |
| return nullptr; |
| } |
| |
| for (const ParsedQuicVersion& version : versions) { |
| if (!writer.WriteUInt32(CreateQuicVersionLabel(version))) { |
| return nullptr; |
| } |
| } |
| |
| return std::make_unique<QuicEncryptedPacket>(buffer.release(), len, true); |
| } |
| |
| bool QuicFramer::ProcessPacket(const QuicEncryptedPacket& packet) { |
| QUICHE_DCHECK(!is_processing_packet_) << ENDPOINT << "Nested ProcessPacket"; |
| is_processing_packet_ = true; |
| bool result = ProcessPacketInternal(packet); |
| is_processing_packet_ = false; |
| return result; |
| } |
| |
| bool QuicFramer::ProcessPacketInternal(const QuicEncryptedPacket& packet) { |
| QuicDataReader reader(packet.data(), packet.length()); |
| |
| bool packet_has_ietf_packet_header = false; |
| if (infer_packet_header_type_from_version_) { |
| packet_has_ietf_packet_header = version_.HasIetfInvariantHeader(); |
| } else if (!reader.IsDoneReading()) { |
| uint8_t type = reader.PeekByte(); |
| packet_has_ietf_packet_header = QuicUtils::IsIetfPacketHeader(type); |
| } |
| if (packet_has_ietf_packet_header) { |
| QUIC_DVLOG(1) << ENDPOINT << "Processing IETF QUIC packet."; |
| } |
| |
| visitor_->OnPacket(); |
| |
| QuicPacketHeader header; |
| if (!ProcessPublicHeader(&reader, packet_has_ietf_packet_header, &header)) { |
| QUICHE_DCHECK_NE("", detailed_error_); |
| QUIC_DVLOG(1) << ENDPOINT << "Unable to process public header. Error: " |
| << detailed_error_; |
| QUICHE_DCHECK_NE("", detailed_error_); |
| RecordDroppedPacketReason(DroppedPacketReason::INVALID_PUBLIC_HEADER); |
| return RaiseError(QUIC_INVALID_PACKET_HEADER); |
| } |
| |
| if (!visitor_->OnUnauthenticatedPublicHeader(header)) { |
| // The visitor suppresses further processing of the packet. |
| return true; |
| } |
| |
| if (IsVersionNegotiation(header, packet_has_ietf_packet_header)) { |
| if (perspective_ == Perspective::IS_CLIENT) { |
| QUIC_DVLOG(1) << "Client received version negotiation packet"; |
| return ProcessVersionNegotiationPacket(&reader, header); |
| } else { |
| QUIC_DLOG(ERROR) << "Server received version negotiation packet"; |
| set_detailed_error("Server received version negotiation packet."); |
| return RaiseError(QUIC_INVALID_VERSION_NEGOTIATION_PACKET); |
| } |
| } |
| |
| if (header.version_flag && header.version != version_) { |
| if (perspective_ == Perspective::IS_SERVER) { |
| if (!visitor_->OnProtocolVersionMismatch(header.version)) { |
| RecordDroppedPacketReason(DroppedPacketReason::VERSION_MISMATCH); |
| return true; |
| } |
| } else { |
| // A client received a packet of a different version but that packet is |
| // not a version negotiation packet. It is therefore invalid and dropped. |
| QUIC_DLOG(ERROR) << "Client received unexpected version " |
| << ParsedQuicVersionToString(header.version) |
| << " instead of " << ParsedQuicVersionToString(version_); |
| set_detailed_error("Client received unexpected version."); |
| return RaiseError(QUIC_PACKET_WRONG_VERSION); |
| } |
| } |
| |
| bool rv; |
| if (header.long_packet_type == RETRY) { |
| rv = ProcessRetryPacket(&reader, header); |
| } else if (header.reset_flag) { |
| rv = ProcessPublicResetPacket(&reader, header); |
| } else if (packet.length() <= kMaxIncomingPacketSize) { |
| // The optimized decryption algorithm implementations run faster when |
| // operating on aligned memory. |
| ABSL_CACHELINE_ALIGNED char buffer[kMaxIncomingPacketSize]; |
| if (packet_has_ietf_packet_header) { |
| rv = ProcessIetfDataPacket(&reader, &header, packet, buffer, |
| ABSL_ARRAYSIZE(buffer)); |
| } else { |
| rv = ProcessDataPacket(&reader, &header, packet, buffer, |
| ABSL_ARRAYSIZE(buffer)); |
| } |
| } else { |
| std::unique_ptr<char[]> large_buffer(new char[packet.length()]); |
| if (packet_has_ietf_packet_header) { |
| rv = ProcessIetfDataPacket(&reader, &header, packet, large_buffer.get(), |
| packet.length()); |
| } else { |
| rv = ProcessDataPacket(&reader, &header, packet, large_buffer.get(), |
| packet.length()); |
| } |
| QUIC_BUG_IF(quic_bug_10850_53, rv) |
| << "QUIC should never successfully process packets larger" |
| << "than kMaxIncomingPacketSize. packet size:" << packet.length(); |
| } |
| return rv; |
| } |
| |
| bool QuicFramer::ProcessVersionNegotiationPacket( |
| QuicDataReader* reader, const QuicPacketHeader& header) { |
| QUICHE_DCHECK_EQ(Perspective::IS_CLIENT, perspective_); |
| |
| QuicVersionNegotiationPacket packet( |
| GetServerConnectionIdAsRecipient(header, perspective_)); |
| // Try reading at least once to raise error if the packet is invalid. |
| do { |
| QuicVersionLabel version_label; |
| if (!ProcessVersionLabel(reader, &version_label)) { |
| set_detailed_error("Unable to read supported version in negotiation."); |
| RecordDroppedPacketReason( |
| DroppedPacketReason::INVALID_VERSION_NEGOTIATION_PACKET); |
| return RaiseError(QUIC_INVALID_VERSION_NEGOTIATION_PACKET); |
| } |
| ParsedQuicVersion parsed_version = ParseQuicVersionLabel(version_label); |
| if (parsed_version != UnsupportedQuicVersion()) { |
| packet.versions.push_back(parsed_version); |
| } |
| } while (!reader->IsDoneReading()); |
| |
| QUIC_DLOG(INFO) << ENDPOINT << "parsed version negotiation: " |
| << ParsedQuicVersionVectorToString(packet.versions); |
| |
| visitor_->OnVersionNegotiationPacket(packet); |
| return true; |
| } |
| |
| bool QuicFramer::ProcessRetryPacket(QuicDataReader* reader, |
| const QuicPacketHeader& header) { |
| QUICHE_DCHECK_EQ(Perspective::IS_CLIENT, perspective_); |
| if (drop_incoming_retry_packets_) { |
| QUIC_DLOG(INFO) << "Ignoring received RETRY packet"; |
| return true; |
| } |
| |
| if (version_.UsesTls()) { |
| QUICHE_DCHECK(version_.HasLengthPrefixedConnectionIds()) << version_; |
| const size_t bytes_remaining = reader->BytesRemaining(); |
| if (bytes_remaining <= kRetryIntegrityTagLength) { |
| set_detailed_error("Retry packet too short to parse integrity tag."); |
| return false; |
| } |
| const size_t retry_token_length = |
| bytes_remaining - kRetryIntegrityTagLength; |
| QUICHE_DCHECK_GT(retry_token_length, 0u); |
| absl::string_view retry_token; |
| if (!reader->ReadStringPiece(&retry_token, retry_token_length)) { |
| set_detailed_error("Failed to read retry token."); |
| return false; |
| } |
| absl::string_view retry_without_tag = reader->PreviouslyReadPayload(); |
| absl::string_view integrity_tag = reader->ReadRemainingPayload(); |
| QUICHE_DCHECK_EQ(integrity_tag.length(), kRetryIntegrityTagLength); |
| visitor_->OnRetryPacket(EmptyQuicConnectionId(), |
| header.source_connection_id, retry_token, |
| integrity_tag, retry_without_tag); |
| return true; |
| } |
| |
| QuicConnectionId original_destination_connection_id; |
| if (version_.HasLengthPrefixedConnectionIds()) { |
| // Parse Original Destination Connection ID. |
| if (!reader->ReadLengthPrefixedConnectionId( |
| &original_destination_connection_id)) { |
| set_detailed_error("Unable to read Original Destination ConnectionId."); |
| return false; |
| } |
| } else { |
| // Parse Original Destination Connection ID Length. |
| uint8_t odcil = header.type_byte & 0xf; |
| if (odcil != 0) { |
| odcil += kConnectionIdLengthAdjustment; |
| } |
| |
| // Parse Original Destination Connection ID. |
| if (!reader->ReadConnectionId(&original_destination_connection_id, odcil)) { |
| set_detailed_error("Unable to read Original Destination ConnectionId."); |
| return false; |
| } |
| } |
| |
| if (!QuicUtils::IsConnectionIdValidForVersion( |
| original_destination_connection_id, transport_version())) { |
| set_detailed_error( |
| "Received Original Destination ConnectionId with invalid length."); |
| return false; |
| } |
| |
| absl::string_view retry_token = reader->ReadRemainingPayload(); |
| visitor_->OnRetryPacket(original_destination_connection_id, |
| header.source_connection_id, retry_token, |
| /*retry_integrity_tag=*/absl::string_view(), |
| /*retry_without_tag=*/absl::string_view()); |
| return true; |
| } |
| |
| // Seeks the current packet to check for a coalesced packet at the end. |
| // If the IETF length field only spans part of the outer packet, |
| // then there is a coalesced packet after this one. |
| void QuicFramer::MaybeProcessCoalescedPacket( |
| const QuicDataReader& encrypted_reader, uint64_t remaining_bytes_length, |
| const QuicPacketHeader& header) { |
| if (header.remaining_packet_length >= remaining_bytes_length) { |
| // There is no coalesced packet. |
| return; |
| } |
| |
| absl::string_view remaining_data = encrypted_reader.PeekRemainingPayload(); |
| QUICHE_DCHECK_EQ(remaining_data.length(), remaining_bytes_length); |
| |
| const char* coalesced_data = |
| remaining_data.data() + header.remaining_packet_length; |
| uint64_t coalesced_data_length = |
| remaining_bytes_length - header.remaining_packet_length; |
| QuicDataReader coalesced_reader(coalesced_data, coalesced_data_length); |
| |
| QuicPacketHeader coalesced_header; |
| if (!ProcessIetfPacketHeader(&coalesced_reader, &coalesced_header)) { |
| // Some implementations pad their INITIAL packets by sending random invalid |
| // data after the INITIAL, and that is allowed by the specification. If we |
| // fail to parse a subsequent coalesced packet, simply ignore it. |
| QUIC_DLOG(INFO) << ENDPOINT |
| << "Failed to parse received coalesced header of length " |
| << coalesced_data_length |
| << " with error: " << detailed_error_ << ": " |
| << absl::BytesToHexString(absl::string_view( |
| coalesced_data, coalesced_data_length)) |
| << " previous header was " << header; |
| return; |
| } |
| |
| if (coalesced_header.destination_connection_id != |
| header.destination_connection_id) { |
| // Drop coalesced packets with mismatched connection IDs. |
| QUIC_DLOG(INFO) << ENDPOINT << "Received mismatched coalesced header " |
| << coalesced_header << " previous header was " << header; |
| QUIC_CODE_COUNT( |
| quic_received_coalesced_packets_with_mismatched_connection_id); |
| return; |
| } |
| |
| QuicEncryptedPacket coalesced_packet(coalesced_data, coalesced_data_length, |
| /*owns_buffer=*/false); |
| visitor_->OnCoalescedPacket(coalesced_packet); |
| } |
| |
| bool QuicFramer::MaybeProcessIetfLength(QuicDataReader* encrypted_reader, |
| QuicPacketHeader* header) { |
| if (!QuicVersionHasLongHeaderLengths(header->version.transport_version) || |
| header->form != IETF_QUIC_LONG_HEADER_PACKET || |
| (header->long_packet_type != INITIAL && |
| header->long_packet_type != HANDSHAKE && |
| header->long_packet_type != ZERO_RTT_PROTECTED)) { |
| return true; |
| } |
| header->length_length = encrypted_reader->PeekVarInt62Length(); |
| if (!encrypted_reader->ReadVarInt62(&header->remaining_packet_length)) { |
| set_detailed_error("Unable to read long header payload length."); |
| return RaiseError(QUIC_INVALID_PACKET_HEADER); |
| } |
| uint64_t remaining_bytes_length = encrypted_reader->BytesRemaining(); |
| if (header->remaining_packet_length > remaining_bytes_length) { |
| set_detailed_error("Long header payload length longer than packet."); |
| return RaiseError(QUIC_INVALID_PACKET_HEADER); |
| } |
| |
| MaybeProcessCoalescedPacket(*encrypted_reader, remaining_bytes_length, |
| *header); |
| |
| if (!encrypted_reader->TruncateRemaining(header->remaining_packet_length)) { |
| set_detailed_error("Length TruncateRemaining failed."); |
| QUIC_BUG(quic_bug_10850_54) << "Length TruncateRemaining failed."; |
| return RaiseError(QUIC_INVALID_PACKET_HEADER); |
| } |
| return true; |
| } |
| |
| bool QuicFramer::ProcessIetfDataPacket(QuicDataReader* encrypted_reader, |
| QuicPacketHeader* header, |
| const QuicEncryptedPacket& packet, |
| char* decrypted_buffer, |
| size_t buffer_length) { |
| QUICHE_DCHECK_NE(GOOGLE_QUIC_PACKET, header->form); |
| QUICHE_DCHECK(!header->has_possible_stateless_reset_token); |
| header->length_length = quiche::VARIABLE_LENGTH_INTEGER_LENGTH_0; |
| header->remaining_packet_length = 0; |
| if (header->form == IETF_QUIC_SHORT_HEADER_PACKET && |
| perspective_ == Perspective::IS_CLIENT) { |
| // Peek possible stateless reset token. Will only be used on decryption |
| // failure. |
| absl::string_view remaining = encrypted_reader->PeekRemainingPayload(); |
| if (remaining.length() >= sizeof(header->possible_stateless_reset_token)) { |
| header->has_possible_stateless_reset_token = true; |
| memcpy(&header->possible_stateless_reset_token, |
| &remaining.data()[remaining.length() - |
| sizeof(header->possible_stateless_reset_token)], |
| sizeof(header->possible_stateless_reset_token)); |
| } |
| } |
| |
| if (!MaybeProcessIetfLength(encrypted_reader, header)) { |
| return false; |
| } |
| |
| absl::string_view associated_data; |
| std::vector<char> ad_storage; |
| QuicPacketNumber base_packet_number; |
| if (header->form == IETF_QUIC_SHORT_HEADER_PACKET || |
| header->long_packet_type != VERSION_NEGOTIATION) { |
| QUICHE_DCHECK(header->form == IETF_QUIC_SHORT_HEADER_PACKET || |
| header->long_packet_type == INITIAL || |
| header->long_packet_type == HANDSHAKE || |
| header->long_packet_type == ZERO_RTT_PROTECTED); |
| // Process packet number. |
| if (supports_multiple_packet_number_spaces_) { |
| PacketNumberSpace pn_space = GetPacketNumberSpace(*header); |
| if (pn_space == NUM_PACKET_NUMBER_SPACES) { |
| return RaiseError(QUIC_INVALID_PACKET_HEADER); |
| } |
| base_packet_number = largest_decrypted_packet_numbers_[pn_space]; |
| } else { |
| base_packet_number = largest_packet_number_; |
| } |
| uint64_t full_packet_number; |
| bool hp_removal_failed = false; |
| if (version_.HasHeaderProtection()) { |
| if (!RemoveHeaderProtection(encrypted_reader, packet, header, |
| &full_packet_number, &ad_storage)) { |
| hp_removal_failed = true; |
| } |
| associated_data = absl::string_view(ad_storage.data(), ad_storage.size()); |
| } else if (!ProcessAndCalculatePacketNumber( |
| encrypted_reader, header->packet_number_length, |
| base_packet_number, &full_packet_number)) { |
| set_detailed_error("Unable to read packet number."); |
| RecordDroppedPacketReason(DroppedPacketReason::INVALID_PACKET_NUMBER); |
| return RaiseError(QUIC_INVALID_PACKET_HEADER); |
| } |
| |
| if (hp_removal_failed || |
| !IsValidFullPacketNumber(full_packet_number, version())) { |
| if (IsIetfStatelessResetPacket(*header)) { |
| // This is a stateless reset packet. |
| QuicIetfStatelessResetPacket reset_packet( |
| *header, header->possible_stateless_reset_token); |
| visitor_->OnAuthenticatedIetfStatelessResetPacket(reset_packet); |
| return true; |
| } |
| if (hp_removal_failed) { |
| const EncryptionLevel decryption_level = GetEncryptionLevel(*header); |
| const bool has_decryption_key = decrypter_[decryption_level] != nullptr; |
| visitor_->OnUndecryptablePacket( |
| QuicEncryptedPacket(encrypted_reader->FullPayload()), |
| decryption_level, has_decryption_key); |
| RecordDroppedPacketReason(DroppedPacketReason::DECRYPTION_FAILURE); |
| set_detailed_error(absl::StrCat( |
| "Unable to decrypt ", EncryptionLevelToString(decryption_level), |
| " header protection", has_decryption_key ? "" : " (missing key)", |
| ".")); |
| return RaiseError(QUIC_DECRYPTION_FAILURE); |
| } |
| RecordDroppedPacketReason(DroppedPacketReason::INVALID_PACKET_NUMBER); |
| set_detailed_error("packet numbers cannot be 0."); |
| return RaiseError(QUIC_INVALID_PACKET_HEADER); |
| } |
| header->packet_number = QuicPacketNumber(full_packet_number); |
| } |
| |
| // A nonce should only present in SHLO from the server to the client when |
| // using QUIC crypto. |
| if (header->form == IETF_QUIC_LONG_HEADER_PACKET && |
| header->long_packet_type == ZERO_RTT_PROTECTED && |
| perspective_ == Perspective::IS_CLIENT && |
| version_.handshake_protocol == PROTOCOL_QUIC_CRYPTO) { |
| if (!encrypted_reader->ReadBytes( |
| reinterpret_cast<uint8_t*>(last_nonce_.data()), |
| last_nonce_.size())) { |
| set_detailed_error("Unable to read nonce."); |
| RecordDroppedPacketReason( |
| DroppedPacketReason::INVALID_DIVERSIFICATION_NONCE); |
| return RaiseError(QUIC_INVALID_PACKET_HEADER); |
| } |
| |
| header->nonce = &last_nonce_; |
| } else { |
| header->nonce = nullptr; |
| } |
| |
| if (!visitor_->OnUnauthenticatedHeader(*header)) { |
| set_detailed_error( |
| "Visitor asked to stop processing of unauthenticated header."); |
| return false; |
| } |
| |
| absl::string_view encrypted = encrypted_reader->ReadRemainingPayload(); |
| if (!version_.HasHeaderProtection()) { |
| associated_data = GetAssociatedDataFromEncryptedPacket( |
| version_.transport_version, packet, |
| GetIncludedDestinationConnectionIdLength(*header), |
| GetIncludedSourceConnectionIdLength(*header), header->version_flag, |
| header->nonce != nullptr, header->packet_number_length, |
| header->retry_token_length_length, header->retry_token.length(), |
| header->length_length); |
| } |
| |
| size_t decrypted_length = 0; |
| EncryptionLevel decrypted_level; |
| if (!DecryptPayload(packet.length(), encrypted, associated_data, *header, |
| decrypted_buffer, buffer_length, &decrypted_length, |
| &decrypted_level)) { |
| if (IsIetfStatelessResetPacket(*header)) { |
| // This is a stateless reset packet. |
| QuicIetfStatelessResetPacket reset_packet( |
| *header, header->possible_stateless_reset_token); |
| visitor_->OnAuthenticatedIetfStatelessResetPacket(reset_packet); |
| return true; |
| } |
| const EncryptionLevel decryption_level = GetEncryptionLevel(*header); |
| const bool has_decryption_key = version_.KnowsWhichDecrypterToUse() && |
| decrypter_[decryption_level] != nullptr; |
| visitor_->OnUndecryptablePacket( |
| QuicEncryptedPacket(encrypted_reader->FullPayload()), decryption_level, |
| has_decryption_key); |
| set_detailed_error(absl::StrCat( |
| "Unable to decrypt ", EncryptionLevelToString(decryption_level), |
| " payload with reconstructed packet number ", |
| header->packet_number.ToString(), " (largest decrypted was ", |
| base_packet_number.ToString(), ")", |
| has_decryption_key || !version_.KnowsWhichDecrypterToUse() |
| ? "" |
| : " (missing key)", |
| ".")); |
| RecordDroppedPacketReason(DroppedPacketReason::DECRYPTION_FAILURE); |
| return RaiseError(QUIC_DECRYPTION_FAILURE); |
| } |
| QuicDataReader reader(decrypted_buffer, decrypted_length); |
| |
| // Remember decrypted_payload in the current connection context until the end |
| // of this function. |
| auto* connection_context = QuicConnectionContext::Current(); |
| if (connection_context != nullptr) { |
| connection_context->process_packet_context.decrypted_payload = |
| reader.FullPayload(); |
| connection_context->process_packet_context.current_frame_offset = 0; |
| } |
| auto clear_decrypted_payload = absl::MakeCleanup([&]() { |
| if (connection_context != nullptr) { |
| connection_context->process_packet_context.decrypted_payload = |
| absl::string_view(); |
| } |
| }); |
| |
| // Update the largest packet number after we have decrypted the packet |
| // so we are confident is not attacker controlled. |
| if (supports_multiple_packet_number_spaces_) { |
| largest_decrypted_packet_numbers_[QuicUtils::GetPacketNumberSpace( |
| decrypted_level)] |
| .UpdateMax(header->packet_number); |
| } else { |
| largest_packet_number_.UpdateMax(header->packet_number); |
| } |
| |
| if (!visitor_->OnPacketHeader(*header)) { |
| RecordDroppedPacketReason(DroppedPacketReason::INVALID_PACKET_NUMBER); |
| // The visitor suppresses further processing of the packet. |
| return true; |
| } |
| |
| if (packet.length() > kMaxIncomingPacketSize) { |
| set_detailed_error("Packet too large."); |
| return RaiseError(QUIC_PACKET_TOO_LARGE); |
| } |
| |
| // Handle the payload. |
| if (VersionHasIetfQuicFrames(version_.transport_version)) { |
| current_received_frame_type_ = 0; |
| previously_received_frame_type_ = 0; |
| if (!ProcessIetfFrameData(&reader, *header, decrypted_level)) { |
| current_received_frame_type_ = 0; |
| previously_received_frame_type_ = 0; |
| QUICHE_DCHECK_NE(QUIC_NO_ERROR, |
| error_); // ProcessIetfFrameData sets the error. |
| QUICHE_DCHECK_NE("", detailed_error_); |
| QUIC_DLOG(WARNING) << ENDPOINT << "Unable to process frame data. Error: " |
| << detailed_error_; |
| return false; |
| } |
| current_received_frame_type_ = 0; |
| previously_received_frame_type_ = 0; |
| } else { |
| if (!ProcessFrameData(&reader, *header)) { |
| QUICHE_DCHECK_NE(QUIC_NO_ERROR, |
| error_); // ProcessFrameData sets the error. |
| QUICHE_DCHECK_NE("", detailed_error_); |
| QUIC_DLOG(WARNING) << ENDPOINT << "Unable to process frame data. Error: " |
| << detailed_error_; |
| return false; |
| } |
| } |
| |
| visitor_->OnPacketComplete(); |
| return true; |
| } |
| |
| bool QuicFramer::ProcessDataPacket(QuicDataReader* encrypted_reader, |
| QuicPacketHeader* header, |
| const QuicEncryptedPacket& packet, |
| char* decrypted_buffer, |
| size_t buffer_length) { |
| if (!ProcessUnauthenticatedHeader(encrypted_reader, header)) { |
| QUICHE_DCHECK_NE("", detailed_error_); |
| QUIC_DVLOG(1) |
| << ENDPOINT |
| << "Unable to process packet header. Stopping parsing. Error: " |
| << detailed_error_; |
| RecordDroppedPacketReason(DroppedPacketReason::INVALID_PACKET_NUMBER); |
| return false; |
| } |
| |
| absl::string_view encrypted = encrypted_reader->ReadRemainingPayload(); |
| absl::string_view associated_data = GetAssociatedDataFromEncryptedPacket( |
| version_.transport_version, packet, |
| GetIncludedDestinationConnectionIdLength(*header), |
| GetIncludedSourceConnectionIdLength(*header), header->version_flag, |
| header->nonce != nullptr, header->packet_number_length, |
| header->retry_token_length_length, header->retry_token.length(), |
| header->length_length); |
| |
| size_t decrypted_length = 0; |
| EncryptionLevel decrypted_level; |
| if (!DecryptPayload(packet.length(), encrypted, associated_data, *header, |
| decrypted_buffer, buffer_length, &decrypted_length, |
| &decrypted_level)) { |
| const EncryptionLevel decryption_level = decrypter_level_; |
| // This version uses trial decryption so we always report to our visitor |
| // that we are not certain we have the correct decryption key. |
| const bool has_decryption_key = false; |
| visitor_->OnUndecryptablePacket( |
| QuicEncryptedPacket(encrypted_reader->FullPayload()), decryption_level, |
| has_decryption_key); |
| RecordDroppedPacketReason(DroppedPacketReason::DECRYPTION_FAILURE); |
| set_detailed_error(absl::StrCat("Unable to decrypt ", |
| EncryptionLevelToString(decryption_level), |
| " payload.")); |
| return RaiseError(QUIC_DECRYPTION_FAILURE); |
| } |
| |
| QuicDataReader reader(decrypted_buffer, decrypted_length); |
| |
| // Update the largest packet number after we have decrypted the packet |
| // so we are confident is not attacker controlled. |
| if (supports_multiple_packet_number_spaces_) { |
| largest_decrypted_packet_numbers_[QuicUtils::GetPacketNumberSpace( |
| decrypted_level)] |
| .UpdateMax(header->packet_number); |
| } else { |
| largest_packet_number_.UpdateMax(header->packet_number); |
| } |
| |
| if (!visitor_->OnPacketHeader(*header)) { |
| // The visitor suppresses further processing of the packet. |
| return true; |
| } |
| |
| if (packet.length() > kMaxIncomingPacketSize) { |
| set_detailed_error("Packet too large."); |
| return RaiseError(QUIC_PACKET_TOO_LARGE); |
| } |
| |
| // Handle the payload. |
| if (!ProcessFrameData(&reader, *header)) { |
| QUICHE_DCHECK_NE(QUIC_NO_ERROR, |
| error_); // ProcessFrameData sets the error. |
| QUICHE_DCHECK_NE("", detailed_error_); |
| QUIC_DLOG(WARNING) << ENDPOINT << "Unable to process frame data. Error: " |
| << detailed_error_; |
| return false; |
| } |
| |
| visitor_->OnPacketComplete(); |
| return true; |
| } |
| |
| bool QuicFramer::ProcessPublicResetPacket(QuicDataReader* reader, |
| const QuicPacketHeader& header) { |
| QuicPublicResetPacket packet( |
| GetServerConnectionIdAsRecipient(header, perspective_)); |
| |
| std::unique_ptr<CryptoHandshakeMessage> reset( |
| CryptoFramer::ParseMessage(reader->ReadRemainingPayload())); |
| if (!reset) { |
| set_detailed_error("Unable to read reset message."); |
| RecordDroppedPacketReason(DroppedPacketReason::INVALID_PUBLIC_RESET_PACKET); |
| return RaiseError(QUIC_INVALID_PUBLIC_RST_PACKET); |
| } |
| if (reset->tag() != kPRST) { |
| set_detailed_error("Incorrect message tag."); |
| RecordDroppedPacketReason(DroppedPacketReason::INVALID_PUBLIC_RESET_PACKET); |
| return RaiseError(QUIC_INVALID_PUBLIC_RST_PACKET); |
| } |
| |
| if (reset->GetUint64(kRNON, &packet.nonce_proof) != QUIC_NO_ERROR) { |
| set_detailed_error("Unable to read nonce proof."); |
| RecordDroppedPacketReason(DroppedPacketReason::INVALID_PUBLIC_RESET_PACKET); |
| return RaiseError(QUIC_INVALID_PUBLIC_RST_PACKET); |
| } |
| // TODO(satyamshekhar): validate nonce to protect against DoS. |
| |
| absl::string_view address; |
| if (reset->GetStringPiece(kCADR, &address)) { |
| QuicSocketAddressCoder address_coder; |
| if (address_coder.Decode(address.data(), address.length())) { |
| packet.client_address = |
| QuicSocketAddress(address_coder.ip(), address_coder.port()); |
| } |
| } |
| |
| absl::string_view endpoint_id; |
| if (perspective_ == Perspective::IS_CLIENT && |
| reset->GetStringPiece(kEPID, &endpoint_id)) { |
| packet.endpoint_id = std::string(endpoint_id); |
| packet.endpoint_id += '\0'; |
| } |
| |
| visitor_->OnPublicResetPacket(packet); |
| return true; |
| } |
| |
| bool QuicFramer::IsIetfStatelessResetPacket( |
| const QuicPacketHeader& header) const { |
| QUIC_BUG_IF(quic_bug_12975_3, header.has_possible_stateless_reset_token && |
| perspective_ != Perspective::IS_CLIENT) |
| << "has_possible_stateless_reset_token can only be true at client side."; |
| return header.form == IETF_QUIC_SHORT_HEADER_PACKET && |
| header.has_possible_stateless_reset_token && |
| visitor_->IsValidStatelessResetToken( |
| header.possible_stateless_reset_token); |
| } |
| |
| bool QuicFramer::HasEncrypterOfEncryptionLevel(EncryptionLevel level) const { |
| return encrypter_[level] != nullptr; |
| } |
| |
| bool QuicFramer::HasDecrypterOfEncryptionLevel(EncryptionLevel level) const { |
| return decrypter_[level] != nullptr; |
| } |
| |
| bool QuicFramer::HasAnEncrypterForSpace(PacketNumberSpace space) const { |
| switch (space) { |
| case INITIAL_DATA: |
| return HasEncrypterOfEncryptionLevel(ENCRYPTION_INITIAL); |
| case HANDSHAKE_DATA: |
| return HasEncrypterOfEncryptionLevel(ENCRYPTION_HANDSHAKE); |
| case APPLICATION_DATA: |
| return HasEncrypterOfEncryptionLevel(ENCRYPTION_ZERO_RTT) || |
| HasEncrypterOfEncryptionLevel(ENCRYPTION_FORWARD_SECURE); |
| case NUM_PACKET_NUMBER_SPACES: |
| break; |
| } |
| QUIC_BUG(quic_bug_10850_55) |
| << ENDPOINT |
| << "Try to send data of space: " << PacketNumberSpaceToString(space); |
| return false; |
| } |
| |
| EncryptionLevel QuicFramer::GetEncryptionLevelToSendApplicationData() const { |
| if (!HasAnEncrypterForSpace(APPLICATION_DATA)) { |
| QUIC_BUG(quic_bug_12975_4) |
| << "Tried to get encryption level to send application data with no " |
| "encrypter available."; |
| return NUM_ENCRYPTION_LEVELS; |
| } |
| if (HasEncrypterOfEncryptionLevel(ENCRYPTION_FORWARD_SECURE)) { |
| return ENCRYPTION_FORWARD_SECURE; |
| } |
| QUICHE_DCHECK(HasEncrypterOfEncryptionLevel(ENCRYPTION_ZERO_RTT)); |
| return ENCRYPTION_ZERO_RTT; |
| } |
| |
| bool QuicFramer::AppendPacketHeader(const QuicPacketHeader& header, |
| QuicDataWriter* writer, |
| size_t* length_field_offset) { |
| if (version().HasIetfInvariantHeader()) { |
| return AppendIetfPacketHeader(header, writer, length_field_offset); |
| } |
| QUIC_DVLOG(1) << ENDPOINT << "Appending header: " << header; |
| uint8_t public_flags = 0; |
| if (header.reset_flag) { |
| public_flags |= PACKET_PUBLIC_FLAGS_RST; |
| } |
| if (header.version_flag) { |
| public_flags |= PACKET_PUBLIC_FLAGS_VERSION; |
| } |
| |
| public_flags |= GetPacketNumberFlags(header.packet_number_length) |
| << kPublicHeaderSequenceNumberShift; |
| |
| if (header.nonce != nullptr) { |
| QUICHE_DCHECK_EQ(Perspective::IS_SERVER, perspective_); |
| public_flags |= PACKET_PUBLIC_FLAGS_NONCE; |
| } |
| |
| QuicConnectionId server_connection_id = |
| GetServerConnectionIdAsSender(header, perspective_); |
| QuicConnectionIdIncluded server_connection_id_included = |
| GetServerConnectionIdIncludedAsSender(header, perspective_); |
| QUICHE_DCHECK_EQ(CONNECTION_ID_ABSENT, |
| GetClientConnectionIdIncludedAsSender(header, perspective_)) |
| << ENDPOINT << ParsedQuicVersionToString(version_) |
| << " invalid header: " << header; |
| |
| switch (server_connection_id_included) { |
| case CONNECTION_ID_ABSENT: |
| if (!writer->WriteUInt8(public_flags | |
| PACKET_PUBLIC_FLAGS_0BYTE_CONNECTION_ID)) { |
| return false; |
| } |
| break; |
| case CONNECTION_ID_PRESENT: |
| QUIC_BUG_IF(quic_bug_12975_5, |
| !QuicUtils::IsConnectionIdValidForVersion( |
| server_connection_id, transport_version())) |
| << "AppendPacketHeader: attempted to use connection ID " |
| << server_connection_id << " which is invalid with version " |
| << version(); |
| |
| public_flags |= PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID; |
| if (perspective_ == Perspective::IS_CLIENT) { |
| public_flags |= PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID_OLD; |
| } |
| if (!writer->WriteUInt8(public_flags) || |
| !writer->WriteConnectionId(server_connection_id)) { |
| return false; |
| } |
| break; |
| } |
| last_serialized_server_connection_id_ = server_connection_id; |
| |
| if (header.version_flag) { |
| QUICHE_DCHECK_EQ(Perspective::IS_CLIENT, perspective_); |
| QuicVersionLabel version_label = CreateQuicVersionLabel(version_); |
| if (!writer->WriteUInt32(version_label)) { |
| return false; |
| } |
| |
| QUIC_DVLOG(1) << ENDPOINT << "label = '" |
| << QuicVersionLabelToString(version_label) << "'"; |
| } |
| |
| if (header.nonce != nullptr && |
| !writer->WriteBytes(header.nonce, kDiversificationNonceSize)) { |
| return false; |
| } |
| |
| if (!AppendPacketNumber(header.packet_number_length, header.packet_number, |
| writer)) { |
| return false; |
| } |
| |
| return true; |
| } |
| |
| bool QuicFramer::AppendIetfHeaderTypeByte(const QuicPacketHeader& header, |
| QuicDataWriter* writer) { |
| uint8_t type = 0; |
| if (header.version_flag) { |
| type = static_cast<uint8_t>( |
| FLAGS_LONG_HEADER | FLAGS_FIXED_BIT | |
| LongHeaderTypeToOnWireValue(header.long_packet_type, version_) | |
| PacketNumberLengthToOnWireValue(header.packet_number_length)); |
| } else { |
| type = static_cast<uint8_t>( |
| FLAGS_FIXED_BIT | (current_key_phase_bit_ ? FLAGS_KEY_PHASE_BIT : 0) | |
| PacketNumberLengthToOnWireValue(header.packet_number_length)); |
| } |
| return writer->WriteUInt8(type); |
| } |
| |
| bool QuicFramer::AppendIetfPacketHeader(const QuicPacketHeader& header, |
| QuicDataWriter* writer, |
| size_t* length_field_offset) { |
| QUIC_DVLOG(1) << ENDPOINT << "Appending IETF header: " << header; |
| QuicConnectionId server_connection_id = |
| GetServerConnectionIdAsSender(header, perspective_); |
| QUIC_BUG_IF(quic_bug_12975_6, !QuicUtils::IsConnectionIdValidForVersion( |
| server_connection_id, transport_version())) |
| << "AppendIetfPacketHeader: attempted to use connection ID " |
| << server_connection_id << " which is invalid with version " << version(); |
| if (!AppendIetfHeaderTypeByte(header, writer)) { |
| return false; |
| } |
| |
| if (header.version_flag) { |
| QUICHE_DCHECK_NE(VERSION_NEGOTIATION, header.long_packet_type) |
| << "QuicFramer::AppendIetfPacketHeader does not support sending " |
| "version negotiation packets, use " |
| "QuicFramer::BuildVersionNegotiationPacket instead " |
| << header; |
| // Append version for long header. |
| QuicVersionLabel version_label = CreateQuicVersionLabel(version_); |
| if (!writer->WriteUInt32(version_label)) { |
| return false; |
| } |
| } |
| |
| // Append connection ID. |
| if (!AppendIetfConnectionIds( |
| header.version_flag, version_.HasLengthPrefixedConnectionIds(), |
| header.destination_connection_id_included != CONNECTION_ID_ABSENT |
| ? header.destination_connection_id |
| : EmptyQuicConnectionId(), |
| header.source_connection_id_included != CONNECTION_ID_ABSENT |
| ? header.source_connection_id |
| : EmptyQuicConnectionId(), |
| writer)) { |
| return false; |
| } |
| |
| last_serialized_server_connection_id_ = server_connection_id; |
| if (version_.SupportsClientConnectionIds()) { |
| last_serialized_client_connection_id_ = |
| GetClientConnectionIdAsSender(header, perspective_); |
| } |
| |
| // TODO(b/141924462) Remove this QUIC_BUG once we do support sending RETRY. |
| QUIC_BUG_IF(quic_bug_12975_7, |
| header.version_flag && header.long_packet_type == RETRY) |
| << "Sending IETF RETRY packets is not currently supported " << header; |
| |
| if (QuicVersionHasLongHeaderLengths(transport_version()) && |
| header.version_flag) { |
| if (header.long_packet_type == INITIAL) { |
| QUICHE_DCHECK_NE(quiche::VARIABLE_LENGTH_INTEGER_LENGTH_0, |
| header.retry_token_length_length) |
| << ENDPOINT << ParsedQuicVersionToString(version_) |
| << " bad retry token length length in header: " << header; |
| // Write retry token length. |
| if (!writer->WriteVarInt62WithForcedLength( |
| header.retry_token.length(), header.retry_token_length_length)) { |
| return false; |
| } |
| // Write retry token. |
| if (!header.retry_token.empty() && |
| !writer->WriteStringPiece(header.retry_token)) { |
| return false; |
| } |
| } |
| if (length_field_offset != nullptr) { |
| *length_field_offset = writer->length(); |
| } |
| // Add fake length to reserve two bytes to add length in later. |
| writer->WriteVarInt62(256); |
| } else if (length_field_offset != nullptr) { |
| *length_field_offset = 0; |
| } |
| |
| // Append packet number. |
| if (!AppendPacketNumber(header.packet_number_length, header.packet_number, |
| writer)) { |
| return false; |
| } |
| last_written_packet_number_length_ = header.packet_number_length; |
| |
| if (!header.version_flag) { |
| return true; |
| } |
| |
| if (header.nonce != nullptr) { |
| QUICHE_DCHECK(header.version_flag); |
| QUICHE_DCHECK_EQ(ZERO_RTT_PROTECTED, header.long_packet_type); |
| QUICHE_DCHECK_EQ(Perspective::IS_SERVER, perspective_); |
| if (!writer->WriteBytes(header.nonce, kDiversificationNonceSize)) { |
| return false; |
| } |
| } |
| |
| return true; |
| } |
| |
| const QuicTime::Delta QuicFramer::CalculateTimestampFromWire( |
| uint32_t time_delta_us) { |
| // The new time_delta might have wrapped to the next epoch, or it |
| // might have reverse wrapped to the previous epoch, or it might |
| // remain in the same epoch. Select the time closest to the previous |
| // time. |
| // |
| // epoch_delta is the delta between epochs. A delta is 4 bytes of |
| // microseconds. |
| const uint64_t epoch_delta = UINT64_C(1) << 32; |
| uint64_t epoch = last_timestamp_.ToMicroseconds() & ~(epoch_delta - 1); |
| // Wrapping is safe here because a wrapped value will not be ClosestTo below. |
| uint64_t prev_epoch = epoch - epoch_delta; |
| uint64_t next_epoch = epoch + epoch_delta; |
| |
| uint64_t time = ClosestTo( |
| last_timestamp_.ToMicroseconds(), epoch + time_delta_us, |
| ClosestTo(last_timestamp_.ToMicroseconds(), prev_epoch + time_delta_us, |
| next_epoch + time_delta_us)); |
| |
| return QuicTime::Delta::FromMicroseconds(time); |
| } |
| |
| uint64_t QuicFramer::CalculatePacketNumberFromWire( |
| QuicPacketNumberLength packet_number_length, |
| QuicPacketNumber base_packet_number, uint64_t packet_number) const { |
| // The new packet number might have wrapped to the next epoch, or |
| // it might have reverse wrapped to the previous epoch, or it might |
| // remain in the same epoch. Select the packet number closest to the |
| // next expected packet number, the previous packet number plus 1. |
| |
| // epoch_delta is the delta between epochs the packet number was serialized |
| // with, so the correct value is likely the same epoch as the last sequence |
| // number or an adjacent epoch. |
| if (!base_packet_number.IsInitialized()) { |
| return packet_number; |
| } |
| const uint64_t epoch_delta = UINT64_C(1) << (8 * packet_number_length); |
| uint64_t next_packet_number = base_packet_number.ToUint64() + 1; |
| uint64_t epoch = base_packet_number.ToUint64() & ~(epoch_delta - 1); |
| uint64_t prev_epoch = epoch - epoch_delta; |
| uint64_t next_epoch = epoch + epoch_delta; |
| |
| return ClosestTo(next_packet_number, epoch + packet_number, |
| ClosestTo(next_packet_number, prev_epoch + packet_number, |
| next_epoch + packet_number)); |
| } |
| |
| bool QuicFramer::ProcessPublicHeader(QuicDataReader* reader, |
| bool packet_has_ietf_packet_header, |
| QuicPacketHeader* header) { |
| if (packet_has_ietf_packet_header) { |
| return ProcessIetfPacketHeader(reader, header); |
| } |
| uint8_t public_flags; |
| if (!reader->ReadBytes(&public_flags, 1)) { |
| set_detailed_error("Unable to read public flags."); |
| return false; |
| } |
| |
| header->reset_flag = (public_flags & PACKET_PUBLIC_FLAGS_RST) != 0; |
| header->version_flag = (public_flags & PACKET_PUBLIC_FLAGS_VERSION) != 0; |
| |
| if (validate_flags_ && !header->version_flag && |
| public_flags > PACKET_PUBLIC_FLAGS_MAX) { |
| set_detailed_error("Illegal public flags value."); |
| return false; |
| } |
| |
| if (header->reset_flag && header->version_flag) { |
| set_detailed_error("Got version flag in reset packet"); |
| return false; |
| } |
| |
| QuicConnectionId* header_connection_id = &header->destination_connection_id; |
| QuicConnectionIdIncluded* header_connection_id_included = |
| &header->destination_connection_id_included; |
| if (perspective_ == Perspective::IS_CLIENT) { |
| header_connection_id = &header->source_connection_id; |
| header_connection_id_included = &header->source_connection_id_included; |
| } |
| switch (public_flags & PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID) { |
| case PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID: |
| if (!reader->ReadConnectionId(header_connection_id, |
| kQuicDefaultConnectionIdLength)) { |
| set_detailed_error("Unable to read ConnectionId."); |
| return false; |
| } |
| *header_connection_id_included = CONNECTION_ID_PRESENT; |
| break; |
| case PACKET_PUBLIC_FLAGS_0BYTE_CONNECTION_ID: |
| *header_connection_id_included = CONNECTION_ID_ABSENT; |
| *header_connection_id = last_serialized_server_connection_id_; |
| break; |
| } |
| |
| header->packet_number_length = ReadSequenceNumberLength( |
| public_flags >> kPublicHeaderSequenceNumberShift); |
| |
| // Read the version only if the packet is from the client. |
| // version flag from the server means version negotiation packet. |
| if (header->version_flag && perspective_ == Perspective::IS_SERVER) { |
| QuicVersionLabel version_label; |
| if (!ProcessVersionLabel(reader, &version_label)) { |
| set_detailed_error("Unable to read protocol version."); |
| return false; |
| } |
| // If the version from the new packet is the same as the version of this |
| // framer, then the public flags should be set to something we understand. |
| // If not, this raises an error. |
| ParsedQuicVersion version = ParseQuicVersionLabel(version_label); |
| if (version == version_ && public_flags > PACKET_PUBLIC_FLAGS_MAX) { |
| set_detailed_error("Illegal public flags value."); |
| return false; |
| } |
| header->version = version; |
| } |
| |
| // A nonce should only be present in packets from the server to the client, |
| // which are neither version negotiation nor public reset packets. |
| if (public_flags & PACKET_PUBLIC_FLAGS_NONCE && |
| !(public_flags & PACKET_PUBLIC_FLAGS_VERSION) && |
| !(public_flags & PACKET_PUBLIC_FLAGS_RST) && |
| // The nonce flag from a client is ignored and is assumed to be an older |
| // client indicating an eight-byte connection ID. |
| perspective_ == Perspective::IS_CLIENT) { |
| if (!reader->ReadBytes(reinterpret_cast<uint8_t*>(last_nonce_.data()), |
| last_nonce_.size())) { |
| set_detailed_error("Unable to read nonce."); |
| return false; |
| } |
| header->nonce = &last_nonce_; |
| } else { |
| header->nonce = nullptr; |
| } |
| |
| return true; |
| } |
| |
| // static |
| QuicPacketNumberLength QuicFramer::GetMinPacketNumberLength( |
| QuicPacketNumber packet_number) { |
| QUICHE_DCHECK(packet_number.IsInitialized()); |
| if (packet_number < QuicPacketNumber(1 << (PACKET_1BYTE_PACKET_NUMBER * 8))) { |
| return PACKET_1BYTE_PACKET_NUMBER; |
| } else if (packet_number < |
| QuicPacketNumber(1 << (PACKET_2BYTE_PACKET_NUMBER * 8))) { |
| return PACKET_2BYTE_PACKET_NUMBER; |
| } else if (packet_number < |
| QuicPacketNumber(UINT64_C(1) |
| << (PACKET_4BYTE_PACKET_NUMBER * 8))) { |
| return PACKET_4BYTE_PACKET_NUMBER; |
| } else { |
| return PACKET_6BYTE_PACKET_NUMBER; |
| } |
| } |
| |
| // static |
| uint8_t QuicFramer::GetPacketNumberFlags( |
| QuicPacketNumberLength packet_number_length) { |
| switch (packet_number_length) { |
| case PACKET_1BYTE_PACKET_NUMBER: |
| return PACKET_FLAGS_1BYTE_PACKET; |
| case PACKET_2BYTE_PACKET_NUMBER: |
| return PACKET_FLAGS_2BYTE_PACKET; |
| case PACKET_4BYTE_PACKET_NUMBER: |
| return PACKET_FLAGS_4BYTE_PACKET; |
| case PACKET_6BYTE_PACKET_NUMBER: |
| case PACKET_8BYTE_PACKET_NUMBER: |
| return PACKET_FLAGS_8BYTE_PACKET; |
| default: |
| QUIC_BUG(quic_bug_10850_56) << "Unreachable case statement."; |
| return PACKET_FLAGS_8BYTE_PACKET; |
| } |
| } |
| |
| // static |
| QuicFramer::AckFrameInfo QuicFramer::GetAckFrameInfo( |
| const QuicAckFrame& frame) { |
| AckFrameInfo new_ack_info; |
| if (frame.packets.Empty()) { |
| return new_ack_info; |
| } |
| // The first block is the last interval. It isn't encoded with the gap-length |
| // encoding, so skip it. |
| new_ack_info.first_block_length = frame.packets.LastIntervalLength(); |
| auto itr = frame.packets.rbegin(); |
| QuicPacketNumber previous_start = itr->min(); |
| new_ack_info.max_block_length = itr->Length(); |
| ++itr; |
| |
| // Don't do any more work after getting information for 256 ACK blocks; any |
| // more can't be encoded anyway. |
| for (; itr != frame.packets.rend() && |
| new_ack_info.num_ack_blocks < std::numeric_limits<uint8_t>::max(); |
| previous_start = itr->min(), ++itr) { |
| const auto& interval = *itr; |
| const QuicPacketCount total_gap = previous_start - interval.max(); |
| new_ack_info.num_ack_blocks += |
| (total_gap + std::numeric_limits<uint8_t>::max() - 1) / |
| std::numeric_limits<uint8_t>::max(); |
| new_ack_info.max_block_length = |
| std::max(new_ack_info.max_block_length, interval.Length()); |
| } |
| return new_ack_info; |
| } |
| |
| bool QuicFramer::ProcessUnauthenticatedHeader(QuicDataReader* encrypted_reader, |
| QuicPacketHeader* header) { |
| QuicPacketNumber base_packet_number; |
| if (supports_multiple_packet_number_spaces_) { |
| PacketNumberSpace pn_space = GetPacketNumberSpace(*header); |
| if (pn_space == NUM_PACKET_NUMBER_SPACES) { |
| set_detailed_error("Unable to determine packet number space."); |
| return RaiseError(QUIC_INVALID_PACKET_HEADER); |
| } |
| base_packet_number = largest_decrypted_packet_numbers_[pn_space]; |
| } else { |
| base_packet_number = largest_packet_number_; |
| } |
| uint64_t full_packet_number; |
| if (!ProcessAndCalculatePacketNumber( |
| encrypted_reader, header->packet_number_length, base_packet_number, |
| &full_packet_number)) { |
| set_detailed_error("Unable to read packet number."); |
| return RaiseError(QUIC_INVALID_PACKET_HEADER); |
| } |
| |
| if (!IsValidFullPacketNumber(full_packet_number, version())) { |
| set_detailed_error("packet numbers cannot be 0."); |
| return RaiseError(QUIC_INVALID_PACKET_HEADER); |
| } |
| header->packet_number = QuicPacketNumber(full_packet_number); |
| |
| if (!visitor_->OnUnauthenticatedHeader(*header)) { |
| set_detailed_error( |
| "Visitor asked to stop processing of unauthenticated header."); |
| return false; |
| } |
| // The function we are in is called because the framer believes that it is |
| // processing a packet that uses the non-IETF (i.e. Google QUIC) packet header |
| // type. Usually, the framer makes that decision based on the framer's |
| // version, but when the framer is used with Perspective::IS_SERVER, then |
| // before version negotiation is complete (specifically, before |
| // InferPacketHeaderTypeFromVersion is called), this decision is made based on |
| // the type byte of the packet. |
| // |
| // If the framer's version KnowsWhichDecrypterToUse, then that version expects |
| // to use the IETF packet header type. If that's the case and we're in this |
| // function, then the packet received is invalid: the framer was expecting an |
| // IETF packet header and didn't get one. |
| if (version().KnowsWhichDecrypterToUse()) { |
| set_detailed_error("Invalid public header type for expected version."); |
| return RaiseError(QUIC_INVALID_PACKET_HEADER); |
| } |
| return true; |
| } |
| |
| bool QuicFramer::ProcessIetfHeaderTypeByte(QuicDataReader* reader, |
| QuicPacketHeader* header) { |
| uint8_t type; |
| if (!reader->ReadBytes(&type, 1)) { |
| set_detailed_error("Unable to read first byte."); |
| return false; |
| } |
| header->type_byte = type; |
| // Determine whether this is a long or short header. |
| header->form = GetIetfPacketHeaderFormat(type); |
| if (header->form == IETF_QUIC_LONG_HEADER_PACKET) { |
| // Version is always present in long headers. |
| header->version_flag = true; |
| // In versions that do not support client connection IDs, we mark the |
| // corresponding connection ID as absent. |
| header->destination_connection_id_included = |
| (perspective_ == Perspective::IS_SERVER || |
| version_.SupportsClientConnectionIds()) |
| ? CONNECTION_ID_PRESENT |
| : CONNECTION_ID_ABSENT; |
| header->source_connection_id_included = |
| (perspective_ == Perspective::IS_CLIENT || |
| version_.SupportsClientConnectionIds()) |
| ? CONNECTION_ID_PRESENT |
| : CONNECTION_ID_ABSENT; |
| // Read version tag. |
| QuicVersionLabel version_label; |
| if (!ProcessVersionLabel(reader, &version_label)) { |
| set_detailed_error("Unable to read protocol version."); |
| return false; |
| } |
| if (!version_label) { |
| // Version label is 0 indicating this is a version negotiation packet. |
| header->long_packet_type = VERSION_NEGOTIATION; |
| } else { |
| header->version = ParseQuicVersionLabel(version_label); |
| if (header->version.IsKnown()) { |
| if (!(type & FLAGS_FIXED_BIT)) { |
| set_detailed_error("Fixed bit is 0 in long header."); |
| return false; |
| } |
| header->long_packet_type = GetLongHeaderType(type, header->version); |
| switch (header->long_packet_type) { |
| case INVALID_PACKET_TYPE: |
| set_detailed_error("Illegal long header type value."); |
| return false; |
| case RETRY: |
| if (!version().SupportsRetry()) { |
| set_detailed_error("RETRY not supported in this version."); |
| return false; |
| } |
| if (perspective_ == Perspective::IS_SERVER) { |
| set_detailed_error("Client-initiated RETRY is invalid."); |
| return false; |
| } |
| break; |
| default: |
| if (!header->version.HasHeaderProtection()) { |
| header->packet_number_length = |
| GetLongHeaderPacketNumberLength(type); |
| } |
| break; |
| } |
| } |
| } |
| |
| QUIC_DVLOG(1) << ENDPOINT << "Received IETF long header: " |
| << QuicUtils::QuicLongHeaderTypetoString( |
| header->long_packet_type); |
| return true; |
| } |
| |
| QUIC_DVLOG(1) << ENDPOINT << "Received IETF short header"; |
| // Version is not present in short headers. |
| header->version_flag = false; |
| // In versions that do not support client connection IDs, the client will not |
| // receive destination connection IDs. |
| header->destination_connection_id_included = |
| (perspective_ == Perspective::IS_SERVER || |
| version_.SupportsClientConnectionIds()) |
| ? CONNECTION_ID_PRESENT |
| : CONNECTION_ID_ABSENT; |
| header->source_connection_id_included = CONNECTION_ID_ABSENT; |
| if (!(type & FLAGS_FIXED_BIT)) { |
| set_detailed_error("Fixed bit is 0 in short header."); |
| return false; |
| } |
| if (!version_.HasHeaderProtection()) { |
| header->packet_number_length = GetShortHeaderPacketNumberLength(type); |
| } |
| QUIC_DVLOG(1) << "packet_number_length = " << header->packet_number_length; |
| return true; |
| } |
| |
| // static |
| bool QuicFramer::ProcessVersionLabel(QuicDataReader* reader, |
| QuicVersionLabel* version_label) { |
| if (!reader->ReadUInt32(version_label)) { |
| return false; |
| } |
| return true; |
| } |
| |
| // static |
| bool QuicFramer::ProcessAndValidateIetfConnectionIdLength( |
| QuicDataReader* reader, ParsedQuicVersion version, Perspective perspective, |
| bool should_update_expected_server_connection_id_length, |
| uint8_t* expected_server_connection_id_length, |
| uint8_t* destination_connection_id_length, |
| uint8_t* source_connection_id_length, std::string* detailed_error) { |
| uint8_t connection_id_lengths_byte; |
| if (!reader->ReadBytes(&connection_id_lengths_byte, 1)) { |
| *detailed_error = "Unable to read ConnectionId length."; |
| return false; |
| } |
| uint8_t dcil = |
| (connection_id_lengths_byte & kDestinationConnectionIdLengthMask) >> 4; |
| if (dcil != 0) { |
| dcil += kConnectionIdLengthAdjustment; |
| } |
| uint8_t scil = connection_id_lengths_byte & kSourceConnectionIdLengthMask; |
| if (scil != 0) { |
| scil += kConnectionIdLengthAdjustment; |
| } |
| if (should_update_expected_server_connection_id_length) { |
| uint8_t server_connection_id_length = |
| perspective == Perspective::IS_SERVER ? dcil : scil; |
| if (*expected_server_connection_id_length != server_connection_id_length) { |
| QUIC_DVLOG(1) << "Updating expected_server_connection_id_length: " |
| << static_cast<int>(*expected_server_connection_id_length) |
| << " -> " << static_cast<int>(server_connection_id_length); |
| *expected_server_connection_id_length = server_connection_id_length; |
| } |
| } |
| if (!should_update_expected_server_connection_id_length && |
| (dcil != *destination_connection_id_length || |
| scil != *source_connection_id_length) && |
| version.IsKnown() && !version.AllowsVariableLengthConnectionIds()) { |
| QUIC_DVLOG(1) << "dcil: " << static_cast<uint32_t>(dcil) |
| << ", scil: " << static_cast<uint32_t>(scil); |
| *detailed_error = "Invalid ConnectionId length."; |
| return false; |
| } |
| *destination_connection_id_length = dcil; |
| *source_connection_id_length = scil; |
| return true; |
| } |
| |
| bool QuicFramer::ValidateReceivedConnectionIds(const QuicPacketHeader& header) { |
| bool skip_server_connection_id_validation = |
| perspective_ == Perspective::IS_CLIENT && |
| header.form == IETF_QUIC_SHORT_HEADER_PACKET; |
| if (!skip_server_connection_id_validation && |
| !QuicUtils::IsConnectionIdValidForVersion( |
| GetServerConnectionIdAsRecipient(header, perspective_), |
| transport_version())) { |
| set_detailed_error("Received server connection ID with invalid length."); |
| return false; |
| } |
| |
| bool skip_client_connection_id_validation = |
| perspective_ == Perspective::IS_SERVER && |
| header.form == IETF_QUIC_SHORT_HEADER_PACKET; |
| if (!skip_client_connection_id_validation && |
| version_.SupportsClientConnectionIds() && |
| !QuicUtils::IsConnectionIdValidForVersion( |
| GetClientConnectionIdAsRecipient(header, perspective_), |
| transport_version())) { |
| set_detailed_error("Received client connection ID with invalid length."); |
| return false; |
| } |
| return true; |
| } |
| |
| bool QuicFramer::ProcessIetfPacketHeader(QuicDataReader* reader, |
| QuicPacketHeader* header) { |
| if (version_.HasLengthPrefixedConnectionIds()) { |
| uint8_t expected_destination_connection_id_length = |
| perspective_ == Perspective::IS_CLIENT |
| ? expected_client_connection_id_length_ |
| : expected_server_connection_id_length_; |
| QuicVersionLabel version_label; |
| bool has_length_prefix; |
| std::string detailed_error; |
| QuicErrorCode parse_result = QuicFramer::ParsePublicHeader( |
| reader, expected_destination_connection_id_length, |
| version_.HasIetfInvariantHeader(), &header->type_byte, &header->form, |
| &header->version_flag, &has_length_prefix, &version_label, |
| &header->version, &header->destination_connection_id, |
| &header->source_connection_id, &header->long_packet_type, |
| &header->retry_token_length_length, &header->retry_token, |
| &detailed_error); |
| if (parse_result != QUIC_NO_ERROR) { |
| set_detailed_error(detailed_error); |
| return false; |
| } |
| header->destination_connection_id_included = CONNECTION_ID_PRESENT; |
| header->source_connection_id_included = |
| header->version_flag ? CONNECTION_ID_PRESENT : CONNECTION_ID_ABSENT; |
| |
| if (!ValidateReceivedConnectionIds(*header)) { |
| return false; |
| } |
| |
| if (header->version_flag && |
| header->long_packet_type != VERSION_NEGOTIATION && |
| !(header->type_byte & FLAGS_FIXED_BIT)) { |
| set_detailed_error("Fixed bit is 0 in long header."); |
| return false; |
| } |
| if (!header->version_flag && !(header->type_byte & FLAGS_FIXED_BIT)) { |
| set_detailed_error("Fixed bit is 0 in short header."); |
| return false; |
| } |
| if (!header->version_flag) { |
| if (!version_.HasHeaderProtection()) { |
| header->packet_number_length = |
| GetShortHeaderPacketNumberLength(header->type_byte); |
| } |
| return true; |
| } |
| if (header->long_packet_type == RETRY) { |
| if (!version().SupportsRetry()) { |
| set_detailed_error("RETRY not supported in this version."); |
| return false; |
| } |
| if (perspective_ == Perspective::IS_SERVER) { |
| set_detailed_error("Client-initiated RETRY is invalid."); |
| return false; |
| } |
| return true; |
| } |
| if (header->version.IsKnown() && !header->version.HasHeaderProtection()) { |
| header->packet_number_length = |
| GetLongHeaderPacketNumberLength(header->type_byte); |
| } |
| |
| return true; |
| } |
| |
| if (!ProcessIetfHeaderTypeByte(reader, header)) { |
| return false; |
| } |
| |
| uint8_t destination_connection_id_length = |
| header->destination_connection_id_included == CONNECTION_ID_PRESENT |
| ? (perspective_ == Perspective::IS_SERVER |
| ? expected_server_connection_id_length_ |
| : expected_client_connection_id_length_) |
| : 0; |
| uint8_t source_connection_id_length = |
| header->source_connection_id_included == CONNECTION_ID_PRESENT |
| ? (perspective_ == Perspective::IS_CLIENT |
| ? expected_server_connection_id_length_ |
| : expected_client_connection_id_length_) |
| : 0; |
| if (header->form == IETF_QUIC_LONG_HEADER_PACKET) { |
| if (!ProcessAndValidateIetfConnectionIdLength( |
| reader, header->version, perspective_, |
| /*should_update_expected_server_connection_id_length=*/false, |
| &expected_server_connection_id_length_, |
| &destination_connection_id_length, &source_connection_id_length, |
| &detailed_error_)) { |
| return false; |
| } |
|