1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "quiche/quic/core/quic_framer.h"
6
7 #include <sys/types.h>
8
9 #include <cstddef>
10 #include <cstdint>
11 #include <limits>
12 #include <memory>
13 #include <optional>
14 #include <string>
15 #include <type_traits>
16 #include <utility>
17
18 #include "absl/base/attributes.h"
19 #include "absl/base/macros.h"
20 #include "absl/base/optimization.h"
21 #include "absl/cleanup/cleanup.h"
22 #include "absl/status/status.h"
23 #include "absl/strings/escaping.h"
24 #include "absl/strings/numbers.h"
25 #include "absl/strings/str_cat.h"
26 #include "absl/strings/str_split.h"
27 #include "absl/strings/string_view.h"
28 #include "quiche/quic/core/crypto/crypto_framer.h"
29 #include "quiche/quic/core/crypto/crypto_handshake.h"
30 #include "quiche/quic/core/crypto/crypto_handshake_message.h"
31 #include "quiche/quic/core/crypto/crypto_protocol.h"
32 #include "quiche/quic/core/crypto/crypto_utils.h"
33 #include "quiche/quic/core/crypto/null_decrypter.h"
34 #include "quiche/quic/core/crypto/null_encrypter.h"
35 #include "quiche/quic/core/crypto/quic_decrypter.h"
36 #include "quiche/quic/core/crypto/quic_encrypter.h"
37 #include "quiche/quic/core/crypto/quic_random.h"
38 #include "quiche/quic/core/frames/quic_ack_frequency_frame.h"
39 #include "quiche/quic/core/frames/quic_reset_stream_at_frame.h"
40 #include "quiche/quic/core/quic_connection_context.h"
41 #include "quiche/quic/core/quic_connection_id.h"
42 #include "quiche/quic/core/quic_constants.h"
43 #include "quiche/quic/core/quic_data_reader.h"
44 #include "quiche/quic/core/quic_data_writer.h"
45 #include "quiche/quic/core/quic_error_codes.h"
46 #include "quiche/quic/core/quic_packets.h"
47 #include "quiche/quic/core/quic_socket_address_coder.h"
48 #include "quiche/quic/core/quic_stream_frame_data_producer.h"
49 #include "quiche/quic/core/quic_time.h"
50 #include "quiche/quic/core/quic_types.h"
51 #include "quiche/quic/core/quic_utils.h"
52 #include "quiche/quic/core/quic_versions.h"
53 #include "quiche/quic/platform/api/quic_bug_tracker.h"
54 #include "quiche/quic/platform/api/quic_client_stats.h"
55 #include "quiche/quic/platform/api/quic_flag_utils.h"
56 #include "quiche/quic/platform/api/quic_flags.h"
57 #include "quiche/quic/platform/api/quic_ip_address_family.h"
58 #include "quiche/quic/platform/api/quic_logging.h"
59 #include "quiche/quic/platform/api/quic_stack_trace.h"
60 #include "quiche/common/quiche_text_utils.h"
61 #include "quiche/common/wire_serialization.h"
62
63 namespace quic {
64
65 namespace {
66
67 #define ENDPOINT \
68 (perspective_ == Perspective::IS_SERVER ? "Server: " : "Client: ")
69
70 // There are two interpretations for the Frame Type byte in the QUIC protocol,
71 // resulting in two Frame Types: Special Frame Types and Regular Frame Types.
72 //
73 // Regular Frame Types use the Frame Type byte simply. Currently defined
74 // Regular Frame Types are:
75 // Padding : 0b 00000000 (0x00)
76 // ResetStream : 0b 00000001 (0x01)
77 // ConnectionClose : 0b 00000010 (0x02)
78 // GoAway : 0b 00000011 (0x03)
79 // WindowUpdate : 0b 00000100 (0x04)
80 // Blocked : 0b 00000101 (0x05)
81 //
82 // Special Frame Types encode both a Frame Type and corresponding flags
83 // all in the Frame Type byte. Currently defined Special Frame Types
84 // are:
85 // Stream : 0b 1xxxxxxx
86 // Ack : 0b 01xxxxxx
87 //
88 // Semantics of the flag bits above (the x bits) depends on the frame type.
89
90 // Masks to determine if the frame type is a special use
91 // and for specific special frame types.
92 const uint8_t kQuicFrameTypeSpecialMask = 0xC0; // 0b 11000000
93 const uint8_t kQuicFrameTypeStreamMask = 0x80;
94 const uint8_t kQuicFrameTypeAckMask = 0x40;
95 static_assert(kQuicFrameTypeSpecialMask ==
96 (kQuicFrameTypeStreamMask | kQuicFrameTypeAckMask),
97 "Invalid kQuicFrameTypeSpecialMask");
98
99 // The stream type format is 1FDOOOSS, where
100 // F is the fin bit.
101 // D is the data length bit (0 or 2 bytes).
102 // OO/OOO are the size of the offset.
103 // SS is the size of the stream ID.
104 // Note that the stream encoding can not be determined by inspection. It can
105 // be determined only by knowing the QUIC Version.
106 // Stream frame relative shifts and masks for interpreting the stream flags.
107 // StreamID may be 1, 2, 3, or 4 bytes.
108 const uint8_t kQuicStreamIdShift = 2;
109 const uint8_t kQuicStreamIDLengthMask = 0x03;
110
111 // Offset may be 0, 2, 4, or 8 bytes.
112 const uint8_t kQuicStreamShift = 3;
113 const uint8_t kQuicStreamOffsetMask = 0x07;
114
115 // Data length may be 0 or 2 bytes.
116 const uint8_t kQuicStreamDataLengthShift = 1;
117 const uint8_t kQuicStreamDataLengthMask = 0x01;
118
119 // Fin bit may be set or not.
120 const uint8_t kQuicStreamFinShift = 1;
121 const uint8_t kQuicStreamFinMask = 0x01;
122
123 // The format is 01M0LLOO, where
124 // M if set, there are multiple ack blocks in the frame.
125 // LL is the size of the largest ack field.
126 // OO is the size of the ack blocks offset field.
127 // packet number size shift used in AckFrames.
128 const uint8_t kQuicSequenceNumberLengthNumBits = 2;
129 const uint8_t kActBlockLengthOffset = 0;
130 const uint8_t kLargestAckedOffset = 2;
131
132 // Acks may have only one ack block.
133 const uint8_t kQuicHasMultipleAckBlocksOffset = 5;
134
135 // Timestamps are 4 bytes followed by 2 bytes.
136 const uint8_t kQuicNumTimestampsLength = 1;
137 const uint8_t kQuicFirstTimestampLength = 4;
138 const uint8_t kQuicTimestampLength = 2;
139 // Gaps between packet numbers are 1 byte.
140 const uint8_t kQuicTimestampPacketNumberGapLength = 1;
141
142 // Maximum length of encoded error strings.
143 const int kMaxErrorStringLength = 256;
144
145 const uint8_t kConnectionIdLengthAdjustment = 3;
146 const uint8_t kDestinationConnectionIdLengthMask = 0xF0;
147 const uint8_t kSourceConnectionIdLengthMask = 0x0F;
148
149 // Returns the absolute value of the difference between |a| and |b|.
Delta(uint64_t a,uint64_t b)150 uint64_t Delta(uint64_t a, uint64_t b) {
151 // Since these are unsigned numbers, we can't just return abs(a - b)
152 if (a < b) {
153 return b - a;
154 }
155 return a - b;
156 }
157
ClosestTo(uint64_t target,uint64_t a,uint64_t b)158 uint64_t ClosestTo(uint64_t target, uint64_t a, uint64_t b) {
159 return (Delta(target, a) < Delta(target, b)) ? a : b;
160 }
161
ReadAckPacketNumberLength(uint8_t flags)162 QuicPacketNumberLength ReadAckPacketNumberLength(uint8_t flags) {
163 switch (flags & PACKET_FLAGS_8BYTE_PACKET) {
164 case PACKET_FLAGS_8BYTE_PACKET:
165 return PACKET_6BYTE_PACKET_NUMBER;
166 case PACKET_FLAGS_4BYTE_PACKET:
167 return PACKET_4BYTE_PACKET_NUMBER;
168 case PACKET_FLAGS_2BYTE_PACKET:
169 return PACKET_2BYTE_PACKET_NUMBER;
170 case PACKET_FLAGS_1BYTE_PACKET:
171 return PACKET_1BYTE_PACKET_NUMBER;
172 default:
173 QUIC_BUG(quic_bug_10850_2) << "Unreachable case statement.";
174 return PACKET_6BYTE_PACKET_NUMBER;
175 }
176 }
177
PacketNumberLengthToOnWireValue(QuicPacketNumberLength packet_number_length)178 uint8_t PacketNumberLengthToOnWireValue(
179 QuicPacketNumberLength packet_number_length) {
180 return packet_number_length - 1;
181 }
182
GetShortHeaderPacketNumberLength(uint8_t type)183 QuicPacketNumberLength GetShortHeaderPacketNumberLength(uint8_t type) {
184 QUICHE_DCHECK(!(type & FLAGS_LONG_HEADER));
185 return static_cast<QuicPacketNumberLength>((type & 0x03) + 1);
186 }
187
LongHeaderTypeToOnWireValue(QuicLongHeaderType type,const ParsedQuicVersion & version)188 uint8_t LongHeaderTypeToOnWireValue(QuicLongHeaderType type,
189 const ParsedQuicVersion& version) {
190 switch (type) {
191 case INITIAL:
192 return version.UsesV2PacketTypes() ? (1 << 4) : 0;
193 case ZERO_RTT_PROTECTED:
194 return version.UsesV2PacketTypes() ? (2 << 4) : (1 << 4);
195 case HANDSHAKE:
196 return version.UsesV2PacketTypes() ? (3 << 4) : (2 << 4);
197 case RETRY:
198 return version.UsesV2PacketTypes() ? 0 : (3 << 4);
199 case VERSION_NEGOTIATION:
200 return 0xF0; // Value does not matter
201 default:
202 QUIC_BUG(quic_bug_10850_3) << "Invalid long header type: " << type;
203 return 0xFF;
204 }
205 }
206
GetLongHeaderType(uint8_t type,const ParsedQuicVersion & version)207 QuicLongHeaderType GetLongHeaderType(uint8_t type,
208 const ParsedQuicVersion& version) {
209 QUICHE_DCHECK((type & FLAGS_LONG_HEADER));
210 switch ((type & 0x30) >> 4) {
211 case 0:
212 return version.UsesV2PacketTypes() ? RETRY : INITIAL;
213 case 1:
214 return version.UsesV2PacketTypes() ? INITIAL : ZERO_RTT_PROTECTED;
215 case 2:
216 return version.UsesV2PacketTypes() ? ZERO_RTT_PROTECTED : HANDSHAKE;
217 case 3:
218 return version.UsesV2PacketTypes() ? HANDSHAKE : RETRY;
219 default:
220 QUIC_BUG(quic_bug_10850_4) << "Unreachable statement";
221 return INVALID_PACKET_TYPE;
222 }
223 }
224
GetLongHeaderPacketNumberLength(uint8_t type)225 QuicPacketNumberLength GetLongHeaderPacketNumberLength(uint8_t type) {
226 return static_cast<QuicPacketNumberLength>((type & 0x03) + 1);
227 }
228
229 // Used to get packet number space before packet gets decrypted.
GetPacketNumberSpace(const QuicPacketHeader & header)230 PacketNumberSpace GetPacketNumberSpace(const QuicPacketHeader& header) {
231 switch (header.form) {
232 case GOOGLE_QUIC_PACKET:
233 QUIC_BUG(quic_bug_10850_5)
234 << "Try to get packet number space of Google QUIC packet";
235 break;
236 case IETF_QUIC_SHORT_HEADER_PACKET:
237 return APPLICATION_DATA;
238 case IETF_QUIC_LONG_HEADER_PACKET:
239 switch (header.long_packet_type) {
240 case INITIAL:
241 return INITIAL_DATA;
242 case HANDSHAKE:
243 return HANDSHAKE_DATA;
244 case ZERO_RTT_PROTECTED:
245 return APPLICATION_DATA;
246 case VERSION_NEGOTIATION:
247 case RETRY:
248 case INVALID_PACKET_TYPE:
249 QUIC_BUG(quic_bug_10850_6)
250 << "Try to get packet number space of long header type: "
251 << QuicUtils::QuicLongHeaderTypetoString(header.long_packet_type);
252 break;
253 }
254 }
255
256 return NUM_PACKET_NUMBER_SPACES;
257 }
258
GetEncryptionLevel(const QuicPacketHeader & header)259 EncryptionLevel GetEncryptionLevel(const QuicPacketHeader& header) {
260 switch (header.form) {
261 case GOOGLE_QUIC_PACKET:
262 QUIC_BUG(quic_bug_10850_7)
263 << "Cannot determine EncryptionLevel from Google QUIC header";
264 break;
265 case IETF_QUIC_SHORT_HEADER_PACKET:
266 return ENCRYPTION_FORWARD_SECURE;
267 case IETF_QUIC_LONG_HEADER_PACKET:
268 switch (header.long_packet_type) {
269 case INITIAL:
270 return ENCRYPTION_INITIAL;
271 case HANDSHAKE:
272 return ENCRYPTION_HANDSHAKE;
273 case ZERO_RTT_PROTECTED:
274 return ENCRYPTION_ZERO_RTT;
275 case VERSION_NEGOTIATION:
276 case RETRY:
277 case INVALID_PACKET_TYPE:
278 QUIC_BUG(quic_bug_10850_8)
279 << "No encryption used with type "
280 << QuicUtils::QuicLongHeaderTypetoString(header.long_packet_type);
281 }
282 }
283 return NUM_ENCRYPTION_LEVELS;
284 }
285
TruncateErrorString(absl::string_view error)286 absl::string_view TruncateErrorString(absl::string_view error) {
287 if (error.length() <= kMaxErrorStringLength) {
288 return error;
289 }
290 return absl::string_view(error.data(), kMaxErrorStringLength);
291 }
292
TruncatedErrorStringSize(const absl::string_view & error)293 size_t TruncatedErrorStringSize(const absl::string_view& error) {
294 if (error.length() < kMaxErrorStringLength) {
295 return error.length();
296 }
297 return kMaxErrorStringLength;
298 }
299
GetConnectionIdLengthValue(uint8_t length)300 uint8_t GetConnectionIdLengthValue(uint8_t length) {
301 if (length == 0) {
302 return 0;
303 }
304 return static_cast<uint8_t>(length - kConnectionIdLengthAdjustment);
305 }
306
IsValidPacketNumberLength(QuicPacketNumberLength packet_number_length)307 bool IsValidPacketNumberLength(QuicPacketNumberLength packet_number_length) {
308 size_t length = packet_number_length;
309 return length == 1 || length == 2 || length == 4 || length == 6 ||
310 length == 8;
311 }
312
IsValidFullPacketNumber(uint64_t full_packet_number,ParsedQuicVersion version)313 bool IsValidFullPacketNumber(uint64_t full_packet_number,
314 ParsedQuicVersion version) {
315 return full_packet_number > 0 || version.HasIetfQuicFrames();
316 }
317
AppendIetfConnectionIds(bool version_flag,bool use_length_prefix,QuicConnectionId destination_connection_id,QuicConnectionId source_connection_id,QuicDataWriter * writer)318 bool AppendIetfConnectionIds(bool version_flag, bool use_length_prefix,
319 QuicConnectionId destination_connection_id,
320 QuicConnectionId source_connection_id,
321 QuicDataWriter* writer) {
322 if (!version_flag) {
323 return writer->WriteConnectionId(destination_connection_id);
324 }
325
326 if (use_length_prefix) {
327 return writer->WriteLengthPrefixedConnectionId(destination_connection_id) &&
328 writer->WriteLengthPrefixedConnectionId(source_connection_id);
329 }
330
331 // Compute connection ID length byte.
332 uint8_t dcil = GetConnectionIdLengthValue(destination_connection_id.length());
333 uint8_t scil = GetConnectionIdLengthValue(source_connection_id.length());
334 uint8_t connection_id_length = dcil << 4 | scil;
335
336 return writer->WriteUInt8(connection_id_length) &&
337 writer->WriteConnectionId(destination_connection_id) &&
338 writer->WriteConnectionId(source_connection_id);
339 }
340
341 enum class DroppedPacketReason {
342 // General errors
343 INVALID_PUBLIC_HEADER,
344 VERSION_MISMATCH,
345 // Version negotiation packet errors
346 INVALID_VERSION_NEGOTIATION_PACKET,
347 // Public reset packet errors, pre-v44
348 INVALID_PUBLIC_RESET_PACKET,
349 // Data packet errors
350 INVALID_PACKET_NUMBER,
351 INVALID_DIVERSIFICATION_NONCE,
352 DECRYPTION_FAILURE,
353 NUM_REASONS,
354 };
355
RecordDroppedPacketReason(DroppedPacketReason reason)356 void RecordDroppedPacketReason(DroppedPacketReason reason) {
357 QUIC_CLIENT_HISTOGRAM_ENUM("QuicDroppedPacketReason", reason,
358 DroppedPacketReason::NUM_REASONS,
359 "The reason a packet was not processed. Recorded "
360 "each time such a packet is dropped");
361 }
362
GetIetfPacketHeaderFormat(uint8_t type_byte)363 PacketHeaderFormat GetIetfPacketHeaderFormat(uint8_t type_byte) {
364 return type_byte & FLAGS_LONG_HEADER ? IETF_QUIC_LONG_HEADER_PACKET
365 : IETF_QUIC_SHORT_HEADER_PACKET;
366 }
367
GenerateErrorString(std::string initial_error_string,QuicErrorCode quic_error_code)368 std::string GenerateErrorString(std::string initial_error_string,
369 QuicErrorCode quic_error_code) {
370 if (quic_error_code == QUIC_IETF_GQUIC_ERROR_MISSING) {
371 // QUIC_IETF_GQUIC_ERROR_MISSING is special -- it means not to encode
372 // the error value in the string.
373 return initial_error_string;
374 }
375 return absl::StrCat(std::to_string(static_cast<unsigned>(quic_error_code)),
376 ":", initial_error_string);
377 }
378
379 // Return the minimum size of the ECN fields in an ACK frame
AckEcnCountSize(const QuicAckFrame & ack_frame)380 size_t AckEcnCountSize(const QuicAckFrame& ack_frame) {
381 if (!ack_frame.ecn_counters.has_value()) {
382 return 0;
383 }
384 return (QuicDataWriter::GetVarInt62Len(ack_frame.ecn_counters->ect0) +
385 QuicDataWriter::GetVarInt62Len(ack_frame.ecn_counters->ect1) +
386 QuicDataWriter::GetVarInt62Len(ack_frame.ecn_counters->ce));
387 }
388
389 } // namespace
390
QuicFramer(const ParsedQuicVersionVector & supported_versions,QuicTime creation_time,Perspective perspective,uint8_t expected_server_connection_id_length)391 QuicFramer::QuicFramer(const ParsedQuicVersionVector& supported_versions,
392 QuicTime creation_time, Perspective perspective,
393 uint8_t expected_server_connection_id_length)
394 : visitor_(nullptr),
395 error_(QUIC_NO_ERROR),
396 last_serialized_server_connection_id_(EmptyQuicConnectionId()),
397 version_(ParsedQuicVersion::Unsupported()),
398 supported_versions_(supported_versions),
399 decrypter_level_(ENCRYPTION_INITIAL),
400 alternative_decrypter_level_(NUM_ENCRYPTION_LEVELS),
401 alternative_decrypter_latch_(false),
402 perspective_(perspective),
403 validate_flags_(true),
404 process_timestamps_(false),
405 max_receive_timestamps_per_ack_(std::numeric_limits<uint32_t>::max()),
406 receive_timestamps_exponent_(0),
407 process_reset_stream_at_(false),
408 creation_time_(creation_time),
409 last_timestamp_(QuicTime::Delta::Zero()),
410 support_key_update_for_connection_(false),
411 current_key_phase_bit_(false),
412 potential_peer_key_update_attempt_count_(0),
413 first_sending_packet_number_(FirstSendingPacketNumber()),
414 data_producer_(nullptr),
415 expected_server_connection_id_length_(
416 expected_server_connection_id_length),
417 expected_client_connection_id_length_(0),
418 supports_multiple_packet_number_spaces_(false),
419 last_written_packet_number_length_(0),
420 peer_ack_delay_exponent_(kDefaultAckDelayExponent),
421 local_ack_delay_exponent_(kDefaultAckDelayExponent),
422 current_received_frame_type_(0),
423 previously_received_frame_type_(0) {
424 QUICHE_DCHECK(!supported_versions.empty());
425 version_ = supported_versions_[0];
426 QUICHE_DCHECK(version_.IsKnown())
427 << ParsedQuicVersionVectorToString(supported_versions_);
428 }
429
~QuicFramer()430 QuicFramer::~QuicFramer() {}
431
432 // static
GetMinStreamFrameSize(QuicTransportVersion version,QuicStreamId stream_id,QuicStreamOffset offset,bool last_frame_in_packet,size_t data_length)433 size_t QuicFramer::GetMinStreamFrameSize(QuicTransportVersion version,
434 QuicStreamId stream_id,
435 QuicStreamOffset offset,
436 bool last_frame_in_packet,
437 size_t data_length) {
438 if (VersionHasIetfQuicFrames(version)) {
439 return kQuicFrameTypeSize + QuicDataWriter::GetVarInt62Len(stream_id) +
440 (last_frame_in_packet
441 ? 0
442 : QuicDataWriter::GetVarInt62Len(data_length)) +
443 (offset != 0 ? QuicDataWriter::GetVarInt62Len(offset) : 0);
444 }
445 return kQuicFrameTypeSize + GetStreamIdSize(stream_id) +
446 GetStreamOffsetSize(offset) +
447 (last_frame_in_packet ? 0 : kQuicStreamPayloadLengthSize);
448 }
449
450 // static
GetMinCryptoFrameSize(QuicStreamOffset offset,QuicPacketLength data_length)451 size_t QuicFramer::GetMinCryptoFrameSize(QuicStreamOffset offset,
452 QuicPacketLength data_length) {
453 return kQuicFrameTypeSize + QuicDataWriter::GetVarInt62Len(offset) +
454 QuicDataWriter::GetVarInt62Len(data_length);
455 }
456
457 // static
GetMessageFrameSize(bool last_frame_in_packet,QuicByteCount length)458 size_t QuicFramer::GetMessageFrameSize(bool last_frame_in_packet,
459 QuicByteCount length) {
460 return kQuicFrameTypeSize +
461 (last_frame_in_packet ? 0 : QuicDataWriter::GetVarInt62Len(length)) +
462 length;
463 }
464
465 // static
GetMinAckFrameSize(QuicTransportVersion version,const QuicAckFrame & ack_frame,uint32_t local_ack_delay_exponent,bool use_ietf_ack_with_receive_timestamp)466 size_t QuicFramer::GetMinAckFrameSize(
467 QuicTransportVersion version, const QuicAckFrame& ack_frame,
468 uint32_t local_ack_delay_exponent,
469 bool use_ietf_ack_with_receive_timestamp) {
470 if (VersionHasIetfQuicFrames(version)) {
471 // The minimal ack frame consists of the following fields: Largest
472 // Acknowledged, ACK Delay, 0 ACK Block Count, First ACK Block and either 0
473 // Timestamp Range Count or ECN counts.
474 // Type byte + largest acked.
475 size_t min_size =
476 kQuicFrameTypeSize +
477 QuicDataWriter::GetVarInt62Len(LargestAcked(ack_frame).ToUint64());
478 // Ack delay.
479 min_size += QuicDataWriter::GetVarInt62Len(
480 ack_frame.ack_delay_time.ToMicroseconds() >> local_ack_delay_exponent);
481 // 0 ack block count.
482 min_size += QuicDataWriter::GetVarInt62Len(0);
483 // First ack block.
484 min_size += QuicDataWriter::GetVarInt62Len(
485 ack_frame.packets.Empty() ? 0
486 : ack_frame.packets.rbegin()->Length() - 1);
487
488 if (use_ietf_ack_with_receive_timestamp) {
489 // 0 Timestamp Range Count.
490 min_size += QuicDataWriter::GetVarInt62Len(0);
491 } else {
492 min_size += AckEcnCountSize(ack_frame);
493 }
494 return min_size;
495 }
496 return kQuicFrameTypeSize +
497 GetMinPacketNumberLength(LargestAcked(ack_frame)) +
498 kQuicDeltaTimeLargestObservedSize + kQuicNumTimestampsSize;
499 }
500
501 // static
GetStopWaitingFrameSize(QuicPacketNumberLength packet_number_length)502 size_t QuicFramer::GetStopWaitingFrameSize(
503 QuicPacketNumberLength packet_number_length) {
504 size_t min_size = kQuicFrameTypeSize + packet_number_length;
505 return min_size;
506 }
507
508 // static
GetRstStreamFrameSize(QuicTransportVersion version,const QuicRstStreamFrame & frame)509 size_t QuicFramer::GetRstStreamFrameSize(QuicTransportVersion version,
510 const QuicRstStreamFrame& frame) {
511 if (VersionHasIetfQuicFrames(version)) {
512 return QuicDataWriter::GetVarInt62Len(frame.stream_id) +
513 QuicDataWriter::GetVarInt62Len(frame.byte_offset) +
514 kQuicFrameTypeSize +
515 QuicDataWriter::GetVarInt62Len(frame.ietf_error_code);
516 }
517 return kQuicFrameTypeSize + kQuicMaxStreamIdSize + kQuicMaxStreamOffsetSize +
518 kQuicErrorCodeSize;
519 }
520
521 // static
GetConnectionCloseFrameSize(QuicTransportVersion version,const QuicConnectionCloseFrame & frame)522 size_t QuicFramer::GetConnectionCloseFrameSize(
523 QuicTransportVersion version, const QuicConnectionCloseFrame& frame) {
524 if (!VersionHasIetfQuicFrames(version)) {
525 // Not IETF QUIC, return Google QUIC CONNECTION CLOSE frame size.
526 return kQuicFrameTypeSize + kQuicErrorCodeSize +
527 kQuicErrorDetailsLengthSize +
528 TruncatedErrorStringSize(frame.error_details);
529 }
530
531 // Prepend the extra error information to the string and get the result's
532 // length.
533 const size_t truncated_error_string_size = TruncatedErrorStringSize(
534 GenerateErrorString(frame.error_details, frame.quic_error_code));
535
536 const size_t frame_size =
537 truncated_error_string_size +
538 QuicDataWriter::GetVarInt62Len(truncated_error_string_size) +
539 kQuicFrameTypeSize +
540 QuicDataWriter::GetVarInt62Len(frame.wire_error_code);
541 if (frame.close_type == IETF_QUIC_APPLICATION_CONNECTION_CLOSE) {
542 return frame_size;
543 }
544 // The Transport close frame has the transport_close_frame_type, so include
545 // its length.
546 return frame_size +
547 QuicDataWriter::GetVarInt62Len(frame.transport_close_frame_type);
548 }
549
550 // static
GetMinGoAwayFrameSize()551 size_t QuicFramer::GetMinGoAwayFrameSize() {
552 return kQuicFrameTypeSize + kQuicErrorCodeSize + kQuicErrorDetailsLengthSize +
553 kQuicMaxStreamIdSize;
554 }
555
556 // static
GetWindowUpdateFrameSize(QuicTransportVersion version,const QuicWindowUpdateFrame & frame)557 size_t QuicFramer::GetWindowUpdateFrameSize(
558 QuicTransportVersion version, const QuicWindowUpdateFrame& frame) {
559 if (!VersionHasIetfQuicFrames(version)) {
560 return kQuicFrameTypeSize + kQuicMaxStreamIdSize + kQuicMaxStreamOffsetSize;
561 }
562 if (frame.stream_id == QuicUtils::GetInvalidStreamId(version)) {
563 // Frame would be a MAX DATA frame, which has only a Maximum Data field.
564 return kQuicFrameTypeSize + QuicDataWriter::GetVarInt62Len(frame.max_data);
565 }
566 // Frame would be MAX STREAM DATA, has Maximum Stream Data and Stream ID
567 // fields.
568 return kQuicFrameTypeSize + QuicDataWriter::GetVarInt62Len(frame.max_data) +
569 QuicDataWriter::GetVarInt62Len(frame.stream_id);
570 }
571
572 // static
GetMaxStreamsFrameSize(QuicTransportVersion version,const QuicMaxStreamsFrame & frame)573 size_t QuicFramer::GetMaxStreamsFrameSize(QuicTransportVersion version,
574 const QuicMaxStreamsFrame& frame) {
575 if (!VersionHasIetfQuicFrames(version)) {
576 QUIC_BUG(quic_bug_10850_9)
577 << "In version " << version
578 << ", which does not support IETF Frames, and tried to serialize "
579 "MaxStreams Frame.";
580 }
581 return kQuicFrameTypeSize +
582 QuicDataWriter::GetVarInt62Len(frame.stream_count);
583 }
584
585 // static
GetStreamsBlockedFrameSize(QuicTransportVersion version,const QuicStreamsBlockedFrame & frame)586 size_t QuicFramer::GetStreamsBlockedFrameSize(
587 QuicTransportVersion version, const QuicStreamsBlockedFrame& frame) {
588 if (!VersionHasIetfQuicFrames(version)) {
589 QUIC_BUG(quic_bug_10850_10)
590 << "In version " << version
591 << ", which does not support IETF frames, and tried to serialize "
592 "StreamsBlocked Frame.";
593 }
594
595 return kQuicFrameTypeSize +
596 QuicDataWriter::GetVarInt62Len(frame.stream_count);
597 }
598
599 // static
GetBlockedFrameSize(QuicTransportVersion version,const QuicBlockedFrame & frame)600 size_t QuicFramer::GetBlockedFrameSize(QuicTransportVersion version,
601 const QuicBlockedFrame& frame) {
602 if (!VersionHasIetfQuicFrames(version)) {
603 return kQuicFrameTypeSize + kQuicMaxStreamIdSize;
604 }
605 if (frame.stream_id == QuicUtils::GetInvalidStreamId(version)) {
606 // return size of IETF QUIC Blocked frame
607 return kQuicFrameTypeSize + QuicDataWriter::GetVarInt62Len(frame.offset);
608 }
609 // return size of IETF QUIC Stream Blocked frame.
610 return kQuicFrameTypeSize + QuicDataWriter::GetVarInt62Len(frame.offset) +
611 QuicDataWriter::GetVarInt62Len(frame.stream_id);
612 }
613
614 // static
GetStopSendingFrameSize(const QuicStopSendingFrame & frame)615 size_t QuicFramer::GetStopSendingFrameSize(const QuicStopSendingFrame& frame) {
616 return kQuicFrameTypeSize + QuicDataWriter::GetVarInt62Len(frame.stream_id) +
617 QuicDataWriter::GetVarInt62Len(frame.ietf_error_code);
618 }
619
620 // static
GetAckFrequencyFrameSize(const QuicAckFrequencyFrame & frame)621 size_t QuicFramer::GetAckFrequencyFrameSize(
622 const QuicAckFrequencyFrame& frame) {
623 return QuicDataWriter::GetVarInt62Len(IETF_ACK_FREQUENCY) +
624 QuicDataWriter::GetVarInt62Len(frame.sequence_number) +
625 QuicDataWriter::GetVarInt62Len(frame.packet_tolerance) +
626 QuicDataWriter::GetVarInt62Len(frame.max_ack_delay.ToMicroseconds()) +
627 // One byte for encoding boolean
628 1;
629 }
630
631 // static
GetResetStreamAtFrameSize(const QuicResetStreamAtFrame & frame)632 size_t QuicFramer::GetResetStreamAtFrameSize(
633 const QuicResetStreamAtFrame& frame) {
634 return QuicDataWriter::GetVarInt62Len(IETF_RESET_STREAM_AT) +
635 QuicDataWriter::GetVarInt62Len(frame.stream_id) +
636 QuicDataWriter::GetVarInt62Len(frame.error) +
637 QuicDataWriter::GetVarInt62Len(frame.final_offset) +
638 QuicDataWriter::GetVarInt62Len(frame.reliable_offset);
639 }
640
641 // static
GetPathChallengeFrameSize(const QuicPathChallengeFrame & frame)642 size_t QuicFramer::GetPathChallengeFrameSize(
643 const QuicPathChallengeFrame& frame) {
644 return kQuicFrameTypeSize + sizeof(frame.data_buffer);
645 }
646
647 // static
GetPathResponseFrameSize(const QuicPathResponseFrame & frame)648 size_t QuicFramer::GetPathResponseFrameSize(
649 const QuicPathResponseFrame& frame) {
650 return kQuicFrameTypeSize + sizeof(frame.data_buffer);
651 }
652
653 // static
GetRetransmittableControlFrameSize(QuicTransportVersion version,const QuicFrame & frame)654 size_t QuicFramer::GetRetransmittableControlFrameSize(
655 QuicTransportVersion version, const QuicFrame& frame) {
656 switch (frame.type) {
657 case PING_FRAME:
658 // Ping has no payload.
659 return kQuicFrameTypeSize;
660 case RST_STREAM_FRAME:
661 return GetRstStreamFrameSize(version, *frame.rst_stream_frame);
662 case CONNECTION_CLOSE_FRAME:
663 return GetConnectionCloseFrameSize(version,
664 *frame.connection_close_frame);
665 case GOAWAY_FRAME:
666 return GetMinGoAwayFrameSize() +
667 TruncatedErrorStringSize(frame.goaway_frame->reason_phrase);
668 case WINDOW_UPDATE_FRAME:
669 // For IETF QUIC, this could be either a MAX DATA or MAX STREAM DATA.
670 // GetWindowUpdateFrameSize figures this out and returns the correct
671 // length.
672 return GetWindowUpdateFrameSize(version, frame.window_update_frame);
673 case BLOCKED_FRAME:
674 return GetBlockedFrameSize(version, frame.blocked_frame);
675 case NEW_CONNECTION_ID_FRAME:
676 return GetNewConnectionIdFrameSize(*frame.new_connection_id_frame);
677 case RETIRE_CONNECTION_ID_FRAME:
678 return GetRetireConnectionIdFrameSize(*frame.retire_connection_id_frame);
679 case NEW_TOKEN_FRAME:
680 return GetNewTokenFrameSize(*frame.new_token_frame);
681 case MAX_STREAMS_FRAME:
682 return GetMaxStreamsFrameSize(version, frame.max_streams_frame);
683 case STREAMS_BLOCKED_FRAME:
684 return GetStreamsBlockedFrameSize(version, frame.streams_blocked_frame);
685 case PATH_RESPONSE_FRAME:
686 return GetPathResponseFrameSize(frame.path_response_frame);
687 case PATH_CHALLENGE_FRAME:
688 return GetPathChallengeFrameSize(frame.path_challenge_frame);
689 case STOP_SENDING_FRAME:
690 return GetStopSendingFrameSize(frame.stop_sending_frame);
691 case HANDSHAKE_DONE_FRAME:
692 // HANDSHAKE_DONE has no payload.
693 return kQuicFrameTypeSize;
694 case ACK_FREQUENCY_FRAME:
695 return GetAckFrequencyFrameSize(*frame.ack_frequency_frame);
696 case RESET_STREAM_AT_FRAME:
697 return GetResetStreamAtFrameSize(*frame.reset_stream_at_frame);
698 case STREAM_FRAME:
699 case ACK_FRAME:
700 case STOP_WAITING_FRAME:
701 case MTU_DISCOVERY_FRAME:
702 case PADDING_FRAME:
703 case MESSAGE_FRAME:
704 case CRYPTO_FRAME:
705 case NUM_FRAME_TYPES:
706 QUICHE_DCHECK(false);
707 return 0;
708 }
709
710 // Not reachable, but some Chrome compilers can't figure that out. *sigh*
711 QUICHE_DCHECK(false);
712 return 0;
713 }
714
715 // static
GetStreamIdSize(QuicStreamId stream_id)716 size_t QuicFramer::GetStreamIdSize(QuicStreamId stream_id) {
717 // Sizes are 1 through 4 bytes.
718 for (int i = 1; i <= 4; ++i) {
719 stream_id >>= 8;
720 if (stream_id == 0) {
721 return i;
722 }
723 }
724 QUIC_BUG(quic_bug_10850_11) << "Failed to determine StreamIDSize.";
725 return 4;
726 }
727
728 // static
GetStreamOffsetSize(QuicStreamOffset offset)729 size_t QuicFramer::GetStreamOffsetSize(QuicStreamOffset offset) {
730 // 0 is a special case.
731 if (offset == 0) {
732 return 0;
733 }
734 // 2 through 8 are the remaining sizes.
735 offset >>= 8;
736 for (int i = 2; i <= 8; ++i) {
737 offset >>= 8;
738 if (offset == 0) {
739 return i;
740 }
741 }
742 QUIC_BUG(quic_bug_10850_12) << "Failed to determine StreamOffsetSize.";
743 return 8;
744 }
745
746 // static
GetNewConnectionIdFrameSize(const QuicNewConnectionIdFrame & frame)747 size_t QuicFramer::GetNewConnectionIdFrameSize(
748 const QuicNewConnectionIdFrame& frame) {
749 return kQuicFrameTypeSize +
750 QuicDataWriter::GetVarInt62Len(frame.sequence_number) +
751 QuicDataWriter::GetVarInt62Len(frame.retire_prior_to) +
752 kConnectionIdLengthSize + frame.connection_id.length() +
753 sizeof(frame.stateless_reset_token);
754 }
755
756 // static
GetRetireConnectionIdFrameSize(const QuicRetireConnectionIdFrame & frame)757 size_t QuicFramer::GetRetireConnectionIdFrameSize(
758 const QuicRetireConnectionIdFrame& frame) {
759 return kQuicFrameTypeSize +
760 QuicDataWriter::GetVarInt62Len(frame.sequence_number);
761 }
762
763 // static
GetNewTokenFrameSize(const QuicNewTokenFrame & frame)764 size_t QuicFramer::GetNewTokenFrameSize(const QuicNewTokenFrame& frame) {
765 return kQuicFrameTypeSize +
766 QuicDataWriter::GetVarInt62Len(frame.token.length()) +
767 frame.token.length();
768 }
769
IsSupportedVersion(const ParsedQuicVersion version) const770 bool QuicFramer::IsSupportedVersion(const ParsedQuicVersion version) const {
771 for (const ParsedQuicVersion& supported_version : supported_versions_) {
772 if (version == supported_version) {
773 return true;
774 }
775 }
776 return false;
777 }
778
GetSerializedFrameLength(const QuicFrame & frame,size_t free_bytes,bool first_frame,bool last_frame,QuicPacketNumberLength packet_number_length)779 size_t QuicFramer::GetSerializedFrameLength(
780 const QuicFrame& frame, size_t free_bytes, bool first_frame,
781 bool last_frame, QuicPacketNumberLength packet_number_length) {
782 // Prevent a rare crash reported in b/19458523.
783 if (frame.type == ACK_FRAME && frame.ack_frame == nullptr) {
784 QUIC_BUG(quic_bug_10850_13)
785 << "Cannot compute the length of a null ack frame. free_bytes:"
786 << free_bytes << " first_frame:" << first_frame
787 << " last_frame:" << last_frame
788 << " seq num length:" << packet_number_length;
789 set_error(QUIC_INTERNAL_ERROR);
790 visitor_->OnError(this);
791 return 0;
792 }
793 if (frame.type == PADDING_FRAME) {
794 if (frame.padding_frame.num_padding_bytes == -1) {
795 // Full padding to the end of the packet.
796 return free_bytes;
797 } else {
798 // Lite padding.
799 return free_bytes <
800 static_cast<size_t>(frame.padding_frame.num_padding_bytes)
801 ? free_bytes
802 : frame.padding_frame.num_padding_bytes;
803 }
804 }
805
806 size_t frame_len =
807 ComputeFrameLength(frame, last_frame, packet_number_length);
808 if (frame_len <= free_bytes) {
809 // Frame fits within packet. Note that acks may be truncated.
810 return frame_len;
811 }
812 // Only truncate the first frame in a packet, so if subsequent ones go
813 // over, stop including more frames.
814 if (!first_frame) {
815 return 0;
816 }
817 bool can_truncate =
818 frame.type == ACK_FRAME &&
819 free_bytes >=
820 GetMinAckFrameSize(version_.transport_version, *frame.ack_frame,
821 local_ack_delay_exponent_,
822 UseIetfAckWithReceiveTimestamp(*frame.ack_frame));
823 if (can_truncate) {
824 // Truncate the frame so the packet will not exceed kMaxOutgoingPacketSize.
825 // Note that we may not use every byte of the writer in this case.
826 QUIC_DLOG(INFO) << ENDPOINT
827 << "Truncating large frame, free bytes: " << free_bytes;
828 return free_bytes;
829 }
830 return 0;
831 }
832
AckFrameInfo()833 QuicFramer::AckFrameInfo::AckFrameInfo()
834 : max_block_length(0), first_block_length(0), num_ack_blocks(0) {}
835
836 QuicFramer::AckFrameInfo::AckFrameInfo(const AckFrameInfo& other) = default;
837
~AckFrameInfo()838 QuicFramer::AckFrameInfo::~AckFrameInfo() {}
839
WriteIetfLongHeaderLength(const QuicPacketHeader & header,QuicDataWriter * writer,size_t length_field_offset,EncryptionLevel level)840 bool QuicFramer::WriteIetfLongHeaderLength(const QuicPacketHeader& header,
841 QuicDataWriter* writer,
842 size_t length_field_offset,
843 EncryptionLevel level) {
844 if (!QuicVersionHasLongHeaderLengths(transport_version()) ||
845 !header.version_flag || length_field_offset == 0) {
846 return true;
847 }
848 if (writer->length() < length_field_offset ||
849 writer->length() - length_field_offset <
850 quiche::kQuicheDefaultLongHeaderLengthLength) {
851 set_detailed_error("Invalid length_field_offset.");
852 QUIC_BUG(quic_bug_10850_14) << "Invalid length_field_offset.";
853 return false;
854 }
855 size_t length_to_write = writer->length() - length_field_offset -
856 quiche::kQuicheDefaultLongHeaderLengthLength;
857 // Add length of auth tag.
858 length_to_write = GetCiphertextSize(level, length_to_write);
859
860 QuicDataWriter length_writer(writer->length() - length_field_offset,
861 writer->data() + length_field_offset);
862 if (!length_writer.WriteVarInt62WithForcedLength(
863 length_to_write, quiche::kQuicheDefaultLongHeaderLengthLength)) {
864 set_detailed_error("Failed to overwrite long header length.");
865 QUIC_BUG(quic_bug_10850_15) << "Failed to overwrite long header length.";
866 return false;
867 }
868 return true;
869 }
870
BuildDataPacket(const QuicPacketHeader & header,const QuicFrames & frames,char * buffer,size_t packet_length,EncryptionLevel level)871 size_t QuicFramer::BuildDataPacket(const QuicPacketHeader& header,
872 const QuicFrames& frames, char* buffer,
873 size_t packet_length,
874 EncryptionLevel level) {
875 QUIC_BUG_IF(quic_bug_12975_2, header.version_flag &&
876 header.long_packet_type == RETRY &&
877 !frames.empty())
878 << "IETF RETRY packets cannot contain frames " << header;
879 QuicDataWriter writer(packet_length, buffer);
880 size_t length_field_offset = 0;
881 if (!AppendIetfPacketHeader(header, &writer, &length_field_offset)) {
882 QUIC_BUG(quic_bug_10850_16) << "AppendPacketHeader failed";
883 return 0;
884 }
885
886 if (VersionHasIetfQuicFrames(transport_version())) {
887 if (AppendIetfFrames(frames, &writer) == 0) {
888 return 0;
889 }
890 if (!WriteIetfLongHeaderLength(header, &writer, length_field_offset,
891 level)) {
892 return 0;
893 }
894 return writer.length();
895 }
896
897 size_t i = 0;
898 for (const QuicFrame& frame : frames) {
899 // Determine if we should write stream frame length in header.
900 const bool last_frame_in_packet = i == frames.size() - 1;
901 if (!AppendTypeByte(frame, last_frame_in_packet, &writer)) {
902 QUIC_BUG(quic_bug_10850_17) << "AppendTypeByte failed";
903 return 0;
904 }
905
906 switch (frame.type) {
907 case PADDING_FRAME:
908 if (!AppendPaddingFrame(frame.padding_frame, &writer)) {
909 QUIC_BUG(quic_bug_10850_18)
910 << "AppendPaddingFrame of "
911 << frame.padding_frame.num_padding_bytes << " failed";
912 return 0;
913 }
914 break;
915 case STREAM_FRAME:
916 if (!AppendStreamFrame(frame.stream_frame, last_frame_in_packet,
917 &writer)) {
918 QUIC_BUG(quic_bug_10850_19) << "AppendStreamFrame failed";
919 return 0;
920 }
921 break;
922 case ACK_FRAME:
923 if (!AppendAckFrameAndTypeByte(*frame.ack_frame, &writer)) {
924 QUIC_BUG(quic_bug_10850_20)
925 << "AppendAckFrameAndTypeByte failed: " << detailed_error_;
926 return 0;
927 }
928 break;
929 case MTU_DISCOVERY_FRAME:
930 // MTU discovery frames are serialized as ping frames.
931 ABSL_FALLTHROUGH_INTENDED;
932 case PING_FRAME:
933 // Ping has no payload.
934 break;
935 case RST_STREAM_FRAME:
936 if (!AppendRstStreamFrame(*frame.rst_stream_frame, &writer)) {
937 QUIC_BUG(quic_bug_10850_22) << "AppendRstStreamFrame failed";
938 return 0;
939 }
940 break;
941 case CONNECTION_CLOSE_FRAME:
942 if (!AppendConnectionCloseFrame(*frame.connection_close_frame,
943 &writer)) {
944 QUIC_BUG(quic_bug_10850_23) << "AppendConnectionCloseFrame failed";
945 return 0;
946 }
947 break;
948 case GOAWAY_FRAME:
949 if (!AppendGoAwayFrame(*frame.goaway_frame, &writer)) {
950 QUIC_BUG(quic_bug_10850_24) << "AppendGoAwayFrame failed";
951 return 0;
952 }
953 break;
954 case WINDOW_UPDATE_FRAME:
955 if (!AppendWindowUpdateFrame(frame.window_update_frame, &writer)) {
956 QUIC_BUG(quic_bug_10850_25) << "AppendWindowUpdateFrame failed";
957 return 0;
958 }
959 break;
960 case BLOCKED_FRAME:
961 if (!AppendBlockedFrame(frame.blocked_frame, &writer)) {
962 QUIC_BUG(quic_bug_10850_26) << "AppendBlockedFrame failed";
963 return 0;
964 }
965 break;
966 case NEW_CONNECTION_ID_FRAME:
967 set_detailed_error(
968 "Attempt to append NEW_CONNECTION_ID frame and not in IETF QUIC.");
969 return RaiseError(QUIC_INTERNAL_ERROR);
970 case RETIRE_CONNECTION_ID_FRAME:
971 set_detailed_error(
972 "Attempt to append RETIRE_CONNECTION_ID frame and not in IETF "
973 "QUIC.");
974 return RaiseError(QUIC_INTERNAL_ERROR);
975 case NEW_TOKEN_FRAME:
976 set_detailed_error(
977 "Attempt to append NEW_TOKEN_ID frame and not in IETF QUIC.");
978 return RaiseError(QUIC_INTERNAL_ERROR);
979 case MAX_STREAMS_FRAME:
980 set_detailed_error(
981 "Attempt to append MAX_STREAMS frame and not in IETF QUIC.");
982 return RaiseError(QUIC_INTERNAL_ERROR);
983 case STREAMS_BLOCKED_FRAME:
984 set_detailed_error(
985 "Attempt to append STREAMS_BLOCKED frame and not in IETF QUIC.");
986 return RaiseError(QUIC_INTERNAL_ERROR);
987 case PATH_RESPONSE_FRAME:
988 set_detailed_error(
989 "Attempt to append PATH_RESPONSE frame and not in IETF QUIC.");
990 return RaiseError(QUIC_INTERNAL_ERROR);
991 case PATH_CHALLENGE_FRAME:
992 set_detailed_error(
993 "Attempt to append PATH_CHALLENGE frame and not in IETF QUIC.");
994 return RaiseError(QUIC_INTERNAL_ERROR);
995 case STOP_SENDING_FRAME:
996 set_detailed_error(
997 "Attempt to append STOP_SENDING frame and not in IETF QUIC.");
998 return RaiseError(QUIC_INTERNAL_ERROR);
999 case MESSAGE_FRAME:
1000 if (!AppendMessageFrameAndTypeByte(*frame.message_frame,
1001 last_frame_in_packet, &writer)) {
1002 QUIC_BUG(quic_bug_10850_27) << "AppendMessageFrame failed";
1003 return 0;
1004 }
1005 break;
1006 case CRYPTO_FRAME:
1007 if (!QuicVersionUsesCryptoFrames(version_.transport_version)) {
1008 set_detailed_error(
1009 "Attempt to append CRYPTO frame in version prior to 47.");
1010 return RaiseError(QUIC_INTERNAL_ERROR);
1011 }
1012 if (!AppendCryptoFrame(*frame.crypto_frame, &writer)) {
1013 QUIC_BUG(quic_bug_10850_28) << "AppendCryptoFrame failed";
1014 return 0;
1015 }
1016 break;
1017 case HANDSHAKE_DONE_FRAME:
1018 // HANDSHAKE_DONE has no payload.
1019 break;
1020 default:
1021 RaiseError(QUIC_INVALID_FRAME_DATA);
1022 QUIC_BUG(quic_bug_10850_29) << "QUIC_INVALID_FRAME_DATA";
1023 return 0;
1024 }
1025 ++i;
1026 }
1027
1028 if (!WriteIetfLongHeaderLength(header, &writer, length_field_offset, level)) {
1029 return 0;
1030 }
1031
1032 return writer.length();
1033 }
1034
AppendIetfFrames(const QuicFrames & frames,QuicDataWriter * writer)1035 size_t QuicFramer::AppendIetfFrames(const QuicFrames& frames,
1036 QuicDataWriter* writer) {
1037 size_t i = 0;
1038 for (const QuicFrame& frame : frames) {
1039 // Determine if we should write stream frame length in header.
1040 const bool last_frame_in_packet = i == frames.size() - 1;
1041 if (!AppendIetfFrameType(frame, last_frame_in_packet, writer)) {
1042 QUIC_BUG(quic_bug_10850_30)
1043 << "AppendIetfFrameType failed: " << detailed_error();
1044 return 0;
1045 }
1046
1047 switch (frame.type) {
1048 case PADDING_FRAME:
1049 if (!AppendPaddingFrame(frame.padding_frame, writer)) {
1050 QUIC_BUG(quic_bug_10850_31) << "AppendPaddingFrame of "
1051 << frame.padding_frame.num_padding_bytes
1052 << " failed: " << detailed_error();
1053 return 0;
1054 }
1055 break;
1056 case STREAM_FRAME:
1057 if (!AppendStreamFrame(frame.stream_frame, last_frame_in_packet,
1058 writer)) {
1059 QUIC_BUG(quic_bug_10850_32)
1060 << "AppendStreamFrame " << frame.stream_frame
1061 << " failed: " << detailed_error();
1062 return 0;
1063 }
1064 break;
1065 case ACK_FRAME:
1066 if (!AppendIetfAckFrameAndTypeByte(*frame.ack_frame, writer)) {
1067 QUIC_BUG(quic_bug_10850_33)
1068 << "AppendIetfAckFrameAndTypeByte failed: " << detailed_error();
1069 return 0;
1070 }
1071 break;
1072 case STOP_WAITING_FRAME:
1073 set_detailed_error(
1074 "Attempt to append STOP WAITING frame in IETF QUIC.");
1075 RaiseError(QUIC_INTERNAL_ERROR);
1076 QUIC_BUG(quic_bug_10850_34) << detailed_error();
1077 return 0;
1078 case MTU_DISCOVERY_FRAME:
1079 // MTU discovery frames are serialized as ping frames.
1080 ABSL_FALLTHROUGH_INTENDED;
1081 case PING_FRAME:
1082 // Ping has no payload.
1083 break;
1084 case RST_STREAM_FRAME:
1085 if (!AppendRstStreamFrame(*frame.rst_stream_frame, writer)) {
1086 QUIC_BUG(quic_bug_10850_35)
1087 << "AppendRstStreamFrame failed: " << detailed_error();
1088 return 0;
1089 }
1090 break;
1091 case CONNECTION_CLOSE_FRAME:
1092 if (!AppendIetfConnectionCloseFrame(*frame.connection_close_frame,
1093 writer)) {
1094 QUIC_BUG(quic_bug_10850_36)
1095 << "AppendIetfConnectionCloseFrame failed: " << detailed_error();
1096 return 0;
1097 }
1098 break;
1099 case GOAWAY_FRAME:
1100 set_detailed_error("Attempt to append GOAWAY frame in IETF QUIC.");
1101 RaiseError(QUIC_INTERNAL_ERROR);
1102 QUIC_BUG(quic_bug_10850_37) << detailed_error();
1103 return 0;
1104 case WINDOW_UPDATE_FRAME:
1105 // Depending on whether there is a stream ID or not, will be either a
1106 // MAX STREAM DATA frame or a MAX DATA frame.
1107 if (frame.window_update_frame.stream_id ==
1108 QuicUtils::GetInvalidStreamId(transport_version())) {
1109 if (!AppendMaxDataFrame(frame.window_update_frame, writer)) {
1110 QUIC_BUG(quic_bug_10850_38)
1111 << "AppendMaxDataFrame failed: " << detailed_error();
1112 return 0;
1113 }
1114 } else {
1115 if (!AppendMaxStreamDataFrame(frame.window_update_frame, writer)) {
1116 QUIC_BUG(quic_bug_10850_39)
1117 << "AppendMaxStreamDataFrame failed: " << detailed_error();
1118 return 0;
1119 }
1120 }
1121 break;
1122 case BLOCKED_FRAME:
1123 if (!AppendBlockedFrame(frame.blocked_frame, writer)) {
1124 QUIC_BUG(quic_bug_10850_40)
1125 << "AppendBlockedFrame failed: " << detailed_error();
1126 return 0;
1127 }
1128 break;
1129 case MAX_STREAMS_FRAME:
1130 if (!AppendMaxStreamsFrame(frame.max_streams_frame, writer)) {
1131 QUIC_BUG(quic_bug_10850_41)
1132 << "AppendMaxStreamsFrame failed: " << detailed_error();
1133 return 0;
1134 }
1135 break;
1136 case STREAMS_BLOCKED_FRAME:
1137 if (!AppendStreamsBlockedFrame(frame.streams_blocked_frame, writer)) {
1138 QUIC_BUG(quic_bug_10850_42)
1139 << "AppendStreamsBlockedFrame failed: " << detailed_error();
1140 return 0;
1141 }
1142 break;
1143 case NEW_CONNECTION_ID_FRAME:
1144 if (!AppendNewConnectionIdFrame(*frame.new_connection_id_frame,
1145 writer)) {
1146 QUIC_BUG(quic_bug_10850_43)
1147 << "AppendNewConnectionIdFrame failed: " << detailed_error();
1148 return 0;
1149 }
1150 break;
1151 case RETIRE_CONNECTION_ID_FRAME:
1152 if (!AppendRetireConnectionIdFrame(*frame.retire_connection_id_frame,
1153 writer)) {
1154 QUIC_BUG(quic_bug_10850_44)
1155 << "AppendRetireConnectionIdFrame failed: " << detailed_error();
1156 return 0;
1157 }
1158 break;
1159 case NEW_TOKEN_FRAME:
1160 if (!AppendNewTokenFrame(*frame.new_token_frame, writer)) {
1161 QUIC_BUG(quic_bug_10850_45)
1162 << "AppendNewTokenFrame failed: " << detailed_error();
1163 return 0;
1164 }
1165 break;
1166 case STOP_SENDING_FRAME:
1167 if (!AppendStopSendingFrame(frame.stop_sending_frame, writer)) {
1168 QUIC_BUG(quic_bug_10850_46)
1169 << "AppendStopSendingFrame failed: " << detailed_error();
1170 return 0;
1171 }
1172 break;
1173 case PATH_CHALLENGE_FRAME:
1174 if (!AppendPathChallengeFrame(frame.path_challenge_frame, writer)) {
1175 QUIC_BUG(quic_bug_10850_47)
1176 << "AppendPathChallengeFrame failed: " << detailed_error();
1177 return 0;
1178 }
1179 break;
1180 case PATH_RESPONSE_FRAME:
1181 if (!AppendPathResponseFrame(frame.path_response_frame, writer)) {
1182 QUIC_BUG(quic_bug_10850_48)
1183 << "AppendPathResponseFrame failed: " << detailed_error();
1184 return 0;
1185 }
1186 break;
1187 case MESSAGE_FRAME:
1188 if (!AppendMessageFrameAndTypeByte(*frame.message_frame,
1189 last_frame_in_packet, writer)) {
1190 QUIC_BUG(quic_bug_10850_49)
1191 << "AppendMessageFrame failed: " << detailed_error();
1192 return 0;
1193 }
1194 break;
1195 case CRYPTO_FRAME:
1196 if (!AppendCryptoFrame(*frame.crypto_frame, writer)) {
1197 QUIC_BUG(quic_bug_10850_50)
1198 << "AppendCryptoFrame failed: " << detailed_error();
1199 return 0;
1200 }
1201 break;
1202 case HANDSHAKE_DONE_FRAME:
1203 // HANDSHAKE_DONE has no payload.
1204 break;
1205 case ACK_FREQUENCY_FRAME:
1206 if (!AppendAckFrequencyFrame(*frame.ack_frequency_frame, writer)) {
1207 QUIC_BUG(quic_bug_10850_51)
1208 << "AppendAckFrequencyFrame failed: " << detailed_error();
1209 return 0;
1210 }
1211 break;
1212 case RESET_STREAM_AT_FRAME:
1213 QUIC_BUG_IF(reset_stream_at_appended_while_disabled,
1214 !process_reset_stream_at_)
1215 << "Requested serialization of RESET_STREAM_AT_FRAME while it is "
1216 "not explicitly enabled in the framer";
1217 if (!AppendResetFrameAtFrame(*frame.reset_stream_at_frame, *writer)) {
1218 QUIC_BUG(cannot_append_reset_stream_at)
1219 << "AppendResetStreamAtFram failed: " << detailed_error();
1220 return 0;
1221 }
1222 break;
1223 default:
1224 set_detailed_error("Tried to append unknown frame type.");
1225 RaiseError(QUIC_INVALID_FRAME_DATA);
1226 QUIC_BUG(quic_bug_10850_52)
1227 << "QUIC_INVALID_FRAME_DATA: " << frame.type;
1228 return 0;
1229 }
1230 ++i;
1231 }
1232
1233 return writer->length();
1234 }
1235
1236 // static
BuildPublicResetPacket(const QuicPublicResetPacket & packet)1237 std::unique_ptr<QuicEncryptedPacket> QuicFramer::BuildPublicResetPacket(
1238 const QuicPublicResetPacket& packet) {
1239 CryptoHandshakeMessage reset;
1240 reset.set_tag(kPRST);
1241 reset.SetValue(kRNON, packet.nonce_proof);
1242 if (packet.client_address.host().address_family() !=
1243 IpAddressFamily::IP_UNSPEC) {
1244 // packet.client_address is non-empty.
1245 QuicSocketAddressCoder address_coder(packet.client_address);
1246 std::string serialized_address = address_coder.Encode();
1247 if (serialized_address.empty()) {
1248 return nullptr;
1249 }
1250 reset.SetStringPiece(kCADR, serialized_address);
1251 }
1252 if (!packet.endpoint_id.empty()) {
1253 reset.SetStringPiece(kEPID, packet.endpoint_id);
1254 }
1255 const QuicData& reset_serialized = reset.GetSerialized();
1256
1257 size_t len = kPublicFlagsSize + packet.connection_id.length() +
1258 reset_serialized.length();
1259 std::unique_ptr<char[]> buffer(new char[len]);
1260 QuicDataWriter writer(len, buffer.get());
1261
1262 uint8_t flags = static_cast<uint8_t>(PACKET_PUBLIC_FLAGS_RST |
1263 PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID);
1264 // This hack makes post-v33 public reset packet look like pre-v33 packets.
1265 flags |= static_cast<uint8_t>(PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID_OLD);
1266 if (!writer.WriteUInt8(flags)) {
1267 return nullptr;
1268 }
1269
1270 if (!writer.WriteConnectionId(packet.connection_id)) {
1271 return nullptr;
1272 }
1273
1274 if (!writer.WriteBytes(reset_serialized.data(), reset_serialized.length())) {
1275 return nullptr;
1276 }
1277
1278 return std::make_unique<QuicEncryptedPacket>(buffer.release(), len, true);
1279 }
1280
1281 // static
GetMinStatelessResetPacketLength()1282 size_t QuicFramer::GetMinStatelessResetPacketLength() {
1283 // 5 bytes (40 bits) = 2 Fixed Bits (01) + 38 Unpredictable bits
1284 return 5 + kStatelessResetTokenLength;
1285 }
1286
1287 // static
BuildIetfStatelessResetPacket(QuicConnectionId connection_id,size_t received_packet_length,StatelessResetToken stateless_reset_token)1288 std::unique_ptr<QuicEncryptedPacket> QuicFramer::BuildIetfStatelessResetPacket(
1289 QuicConnectionId connection_id, size_t received_packet_length,
1290 StatelessResetToken stateless_reset_token) {
1291 return BuildIetfStatelessResetPacket(connection_id, received_packet_length,
1292 stateless_reset_token,
1293 QuicRandom::GetInstance());
1294 }
1295
1296 // static
BuildIetfStatelessResetPacket(QuicConnectionId,size_t received_packet_length,StatelessResetToken stateless_reset_token,QuicRandom * random)1297 std::unique_ptr<QuicEncryptedPacket> QuicFramer::BuildIetfStatelessResetPacket(
1298 QuicConnectionId /*connection_id*/, size_t received_packet_length,
1299 StatelessResetToken stateless_reset_token, QuicRandom* random) {
1300 QUIC_DVLOG(1) << "Building IETF stateless reset packet.";
1301 if (received_packet_length <= GetMinStatelessResetPacketLength()) {
1302 QUICHE_DLOG(ERROR)
1303 << "Tried to build stateless reset packet with received packet "
1304 "length "
1305 << received_packet_length;
1306 return nullptr;
1307 }
1308 // To ensure stateless reset is indistinguishable from a valid packet,
1309 // include the max connection ID length.
1310 size_t len = std::min(received_packet_length - 1,
1311 GetMinStatelessResetPacketLength() + 1 +
1312 kQuicMaxConnectionIdWithLengthPrefixLength);
1313 std::unique_ptr<char[]> buffer(new char[len]);
1314 QuicDataWriter writer(len, buffer.get());
1315 // Append random bytes. This randomness only exists to prevent middleboxes
1316 // from comparing the entire packet to a known value. Therefore it has no
1317 // cryptographic use, and does not need a secure cryptographic pseudo-random
1318 // number generator. It's therefore safe to use WriteInsecureRandomBytes.
1319 const size_t random_bytes_size = len - kStatelessResetTokenLength;
1320 if (!writer.WriteInsecureRandomBytes(random, random_bytes_size)) {
1321 QUIC_BUG(362045737_2) << "Failed to append random bytes of length: "
1322 << random_bytes_size;
1323 return nullptr;
1324 }
1325 // Change first 2 fixed bits to 01.
1326 buffer[0] &= ~FLAGS_LONG_HEADER;
1327 buffer[0] |= FLAGS_FIXED_BIT;
1328
1329 // Append stateless reset token.
1330 if (!writer.WriteBytes(&stateless_reset_token,
1331 sizeof(stateless_reset_token))) {
1332 QUIC_BUG(362045737_3) << "Failed to write stateless reset token";
1333 return nullptr;
1334 }
1335 return std::make_unique<QuicEncryptedPacket>(buffer.release(), len,
1336 /*owns_buffer=*/true);
1337 }
1338
1339 // static
BuildVersionNegotiationPacket(QuicConnectionId server_connection_id,QuicConnectionId client_connection_id,bool ietf_quic,bool use_length_prefix,const ParsedQuicVersionVector & versions)1340 std::unique_ptr<QuicEncryptedPacket> QuicFramer::BuildVersionNegotiationPacket(
1341 QuicConnectionId server_connection_id,
1342 QuicConnectionId client_connection_id, bool ietf_quic,
1343 bool use_length_prefix, const ParsedQuicVersionVector& versions) {
1344 QUIC_CODE_COUNT(quic_build_version_negotiation);
1345 if (use_length_prefix) {
1346 QUICHE_DCHECK(ietf_quic);
1347 QUIC_CODE_COUNT(quic_build_version_negotiation_ietf);
1348 } else if (ietf_quic) {
1349 QUIC_CODE_COUNT(quic_build_version_negotiation_old_ietf);
1350 } else {
1351 QUIC_CODE_COUNT(quic_build_version_negotiation_old_gquic);
1352 }
1353 ParsedQuicVersionVector wire_versions = versions;
1354 // Add a version reserved for negotiation as suggested by the
1355 // "Using Reserved Versions" section of draft-ietf-quic-transport.
1356 if (wire_versions.empty()) {
1357 // Ensure that version negotiation packets we send have at least two
1358 // versions. This guarantees that, under all circumstances, all QUIC
1359 // packets we send are at least 14 bytes long.
1360 wire_versions = {QuicVersionReservedForNegotiation(),
1361 QuicVersionReservedForNegotiation()};
1362 } else {
1363 // This is not uniformely distributed but is acceptable since no security
1364 // depends on this randomness.
1365 size_t version_index = 0;
1366 const bool disable_randomness =
1367 GetQuicFlag(quic_disable_version_negotiation_grease_randomness);
1368 if (!disable_randomness) {
1369 version_index =
1370 QuicRandom::GetInstance()->RandUint64() % (wire_versions.size() + 1);
1371 }
1372 wire_versions.insert(wire_versions.begin() + version_index,
1373 QuicVersionReservedForNegotiation());
1374 }
1375 if (ietf_quic) {
1376 return BuildIetfVersionNegotiationPacket(
1377 use_length_prefix, server_connection_id, client_connection_id,
1378 wire_versions);
1379 }
1380
1381 // The GQUIC encoding does not support encoding client connection IDs.
1382 QUICHE_DCHECK(client_connection_id.IsEmpty());
1383 // The GQUIC encoding does not support length-prefixed connection IDs.
1384 QUICHE_DCHECK(!use_length_prefix);
1385
1386 QUICHE_DCHECK(!wire_versions.empty());
1387 size_t len = kPublicFlagsSize + server_connection_id.length() +
1388 wire_versions.size() * kQuicVersionSize;
1389 std::unique_ptr<char[]> buffer(new char[len]);
1390 QuicDataWriter writer(len, buffer.get());
1391
1392 uint8_t flags = static_cast<uint8_t>(
1393 PACKET_PUBLIC_FLAGS_VERSION | PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID |
1394 PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID_OLD);
1395 if (!writer.WriteUInt8(flags)) {
1396 return nullptr;
1397 }
1398
1399 if (!writer.WriteConnectionId(server_connection_id)) {
1400 return nullptr;
1401 }
1402
1403 for (const ParsedQuicVersion& version : wire_versions) {
1404 if (!writer.WriteUInt32(CreateQuicVersionLabel(version))) {
1405 return nullptr;
1406 }
1407 }
1408
1409 return std::make_unique<QuicEncryptedPacket>(buffer.release(), len, true);
1410 }
1411
1412 // static
1413 std::unique_ptr<QuicEncryptedPacket>
BuildIetfVersionNegotiationPacket(bool use_length_prefix,QuicConnectionId server_connection_id,QuicConnectionId client_connection_id,const ParsedQuicVersionVector & versions)1414 QuicFramer::BuildIetfVersionNegotiationPacket(
1415 bool use_length_prefix, QuicConnectionId server_connection_id,
1416 QuicConnectionId client_connection_id,
1417 const ParsedQuicVersionVector& versions) {
1418 QUIC_DVLOG(1) << "Building IETF version negotiation packet with"
1419 << (use_length_prefix ? "" : "out")
1420 << " length prefix, server_connection_id "
1421 << server_connection_id << " client_connection_id "
1422 << client_connection_id << " versions "
1423 << ParsedQuicVersionVectorToString(versions);
1424 QUICHE_DCHECK(!versions.empty());
1425 size_t len = kPacketHeaderTypeSize + kConnectionIdLengthSize +
1426 client_connection_id.length() + server_connection_id.length() +
1427 (versions.size() + 1) * kQuicVersionSize;
1428 if (use_length_prefix) {
1429 // When using length-prefixed connection IDs, packets carry two lengths
1430 // instead of one.
1431 len += kConnectionIdLengthSize;
1432 }
1433 std::unique_ptr<char[]> buffer(new char[len]);
1434 QuicDataWriter writer(len, buffer.get());
1435
1436 // TODO(fayang): Randomly select a value for the type.
1437 uint8_t type = static_cast<uint8_t>(FLAGS_LONG_HEADER | FLAGS_FIXED_BIT);
1438 if (!writer.WriteUInt8(type)) {
1439 return nullptr;
1440 }
1441
1442 if (!writer.WriteUInt32(0)) {
1443 return nullptr;
1444 }
1445
1446 if (!AppendIetfConnectionIds(true, use_length_prefix, client_connection_id,
1447 server_connection_id, &writer)) {
1448 return nullptr;
1449 }
1450
1451 for (const ParsedQuicVersion& version : versions) {
1452 if (!writer.WriteUInt32(CreateQuicVersionLabel(version))) {
1453 return nullptr;
1454 }
1455 }
1456
1457 return std::make_unique<QuicEncryptedPacket>(buffer.release(), len, true);
1458 }
1459
ProcessPacket(const QuicEncryptedPacket & packet)1460 bool QuicFramer::ProcessPacket(const QuicEncryptedPacket& packet) {
1461 QUICHE_DCHECK(!is_processing_packet_) << ENDPOINT << "Nested ProcessPacket";
1462 is_processing_packet_ = true;
1463 bool result = ProcessPacketInternal(packet);
1464 is_processing_packet_ = false;
1465 return result;
1466 }
1467
ProcessPacketInternal(const QuicEncryptedPacket & packet)1468 bool QuicFramer::ProcessPacketInternal(const QuicEncryptedPacket& packet) {
1469 QuicDataReader reader(packet.data(), packet.length());
1470 QUIC_DVLOG(1) << ENDPOINT << "Processing IETF QUIC packet.";
1471
1472 visitor_->OnPacket();
1473
1474 QuicPacketHeader header;
1475 if (!ProcessIetfPacketHeader(&reader, &header)) {
1476 QUICHE_DCHECK_NE("", detailed_error_);
1477 QUIC_DVLOG(1) << ENDPOINT << "Unable to process public header. Error: "
1478 << detailed_error_;
1479 QUICHE_DCHECK_NE("", detailed_error_);
1480 RecordDroppedPacketReason(DroppedPacketReason::INVALID_PUBLIC_HEADER);
1481 return RaiseError(QUIC_INVALID_PACKET_HEADER);
1482 }
1483
1484 if (!visitor_->OnUnauthenticatedPublicHeader(header)) {
1485 // The visitor suppresses further processing of the packet.
1486 return true;
1487 }
1488
1489 if (IsVersionNegotiation(header)) {
1490 if (perspective_ == Perspective::IS_CLIENT) {
1491 QUIC_DVLOG(1) << "Client received version negotiation packet";
1492 return ProcessVersionNegotiationPacket(&reader, header);
1493 } else {
1494 QUIC_DLOG(ERROR) << "Server received version negotiation packet";
1495 set_detailed_error("Server received version negotiation packet.");
1496 return RaiseError(QUIC_INVALID_VERSION_NEGOTIATION_PACKET);
1497 }
1498 }
1499
1500 if (header.version_flag && header.version != version_) {
1501 if (perspective_ == Perspective::IS_SERVER) {
1502 if (!visitor_->OnProtocolVersionMismatch(header.version)) {
1503 RecordDroppedPacketReason(DroppedPacketReason::VERSION_MISMATCH);
1504 return true;
1505 }
1506 } else {
1507 // A client received a packet of a different version but that packet is
1508 // not a version negotiation packet. It is therefore invalid and dropped.
1509 QUIC_DLOG(ERROR) << "Client received unexpected version "
1510 << ParsedQuicVersionToString(header.version)
1511 << " instead of " << ParsedQuicVersionToString(version_);
1512 set_detailed_error("Client received unexpected version.");
1513 return RaiseError(QUIC_PACKET_WRONG_VERSION);
1514 }
1515 }
1516
1517 bool rv;
1518 if (header.long_packet_type == RETRY) {
1519 rv = ProcessRetryPacket(&reader, header);
1520 } else if (packet.length() <= kMaxIncomingPacketSize) {
1521 // The optimized decryption algorithm implementations run faster when
1522 // operating on aligned memory.
1523 ABSL_CACHELINE_ALIGNED char buffer[kMaxIncomingPacketSize];
1524 rv = ProcessIetfDataPacket(&reader, &header, packet, buffer,
1525 ABSL_ARRAYSIZE(buffer));
1526 } else {
1527 std::unique_ptr<char[]> large_buffer(new char[packet.length()]);
1528 rv = ProcessIetfDataPacket(&reader, &header, packet, large_buffer.get(),
1529 packet.length());
1530 QUIC_BUG_IF(quic_bug_10850_53, rv)
1531 << "QUIC should never successfully process packets larger"
1532 << "than kMaxIncomingPacketSize. packet size:" << packet.length();
1533 }
1534 return rv;
1535 }
1536
ProcessVersionNegotiationPacket(QuicDataReader * reader,const QuicPacketHeader & header)1537 bool QuicFramer::ProcessVersionNegotiationPacket(
1538 QuicDataReader* reader, const QuicPacketHeader& header) {
1539 QUICHE_DCHECK_EQ(Perspective::IS_CLIENT, perspective_);
1540
1541 QuicVersionNegotiationPacket packet(
1542 GetServerConnectionIdAsRecipient(header, perspective_));
1543 // Try reading at least once to raise error if the packet is invalid.
1544 do {
1545 QuicVersionLabel version_label;
1546 if (!ProcessVersionLabel(reader, &version_label)) {
1547 set_detailed_error("Unable to read supported version in negotiation.");
1548 RecordDroppedPacketReason(
1549 DroppedPacketReason::INVALID_VERSION_NEGOTIATION_PACKET);
1550 return RaiseError(QUIC_INVALID_VERSION_NEGOTIATION_PACKET);
1551 }
1552 ParsedQuicVersion parsed_version = ParseQuicVersionLabel(version_label);
1553 if (parsed_version != UnsupportedQuicVersion()) {
1554 packet.versions.push_back(parsed_version);
1555 }
1556 } while (!reader->IsDoneReading());
1557
1558 QUIC_DLOG(INFO) << ENDPOINT << "parsed version negotiation: "
1559 << ParsedQuicVersionVectorToString(packet.versions);
1560
1561 visitor_->OnVersionNegotiationPacket(packet);
1562 return true;
1563 }
1564
ProcessRetryPacket(QuicDataReader * reader,const QuicPacketHeader & header)1565 bool QuicFramer::ProcessRetryPacket(QuicDataReader* reader,
1566 const QuicPacketHeader& header) {
1567 QUICHE_DCHECK_EQ(Perspective::IS_CLIENT, perspective_);
1568 if (drop_incoming_retry_packets_) {
1569 QUIC_DLOG(INFO) << "Ignoring received RETRY packet";
1570 return true;
1571 }
1572
1573 if (version_.UsesTls()) {
1574 QUICHE_DCHECK(version_.HasLengthPrefixedConnectionIds()) << version_;
1575 const size_t bytes_remaining = reader->BytesRemaining();
1576 if (bytes_remaining <= kRetryIntegrityTagLength) {
1577 set_detailed_error("Retry packet too short to parse integrity tag.");
1578 return false;
1579 }
1580 const size_t retry_token_length =
1581 bytes_remaining - kRetryIntegrityTagLength;
1582 QUICHE_DCHECK_GT(retry_token_length, 0u);
1583 absl::string_view retry_token;
1584 if (!reader->ReadStringPiece(&retry_token, retry_token_length)) {
1585 set_detailed_error("Failed to read retry token.");
1586 return false;
1587 }
1588 absl::string_view retry_without_tag = reader->PreviouslyReadPayload();
1589 absl::string_view integrity_tag = reader->ReadRemainingPayload();
1590 QUICHE_DCHECK_EQ(integrity_tag.length(), kRetryIntegrityTagLength);
1591 visitor_->OnRetryPacket(EmptyQuicConnectionId(),
1592 header.source_connection_id, retry_token,
1593 integrity_tag, retry_without_tag);
1594 return true;
1595 }
1596
1597 QuicConnectionId original_destination_connection_id;
1598 if (version_.HasLengthPrefixedConnectionIds()) {
1599 // Parse Original Destination Connection ID.
1600 if (!reader->ReadLengthPrefixedConnectionId(
1601 &original_destination_connection_id)) {
1602 set_detailed_error("Unable to read Original Destination ConnectionId.");
1603 return false;
1604 }
1605 } else {
1606 // Parse Original Destination Connection ID Length.
1607 uint8_t odcil = header.type_byte & 0xf;
1608 if (odcil != 0) {
1609 odcil += kConnectionIdLengthAdjustment;
1610 }
1611
1612 // Parse Original Destination Connection ID.
1613 if (!reader->ReadConnectionId(&original_destination_connection_id, odcil)) {
1614 set_detailed_error("Unable to read Original Destination ConnectionId.");
1615 return false;
1616 }
1617 }
1618
1619 if (!QuicUtils::IsConnectionIdValidForVersion(
1620 original_destination_connection_id, transport_version())) {
1621 set_detailed_error(
1622 "Received Original Destination ConnectionId with invalid length.");
1623 return false;
1624 }
1625
1626 absl::string_view retry_token = reader->ReadRemainingPayload();
1627 visitor_->OnRetryPacket(original_destination_connection_id,
1628 header.source_connection_id, retry_token,
1629 /*retry_integrity_tag=*/absl::string_view(),
1630 /*retry_without_tag=*/absl::string_view());
1631 return true;
1632 }
1633
1634 // Seeks the current packet to check for a coalesced packet at the end.
1635 // If the IETF length field only spans part of the outer packet,
1636 // then there is a coalesced packet after this one.
MaybeProcessCoalescedPacket(const QuicDataReader & encrypted_reader,uint64_t remaining_bytes_length,const QuicPacketHeader & header)1637 void QuicFramer::MaybeProcessCoalescedPacket(
1638 const QuicDataReader& encrypted_reader, uint64_t remaining_bytes_length,
1639 const QuicPacketHeader& header) {
1640 if (header.remaining_packet_length >= remaining_bytes_length) {
1641 // There is no coalesced packet.
1642 return;
1643 }
1644
1645 absl::string_view remaining_data = encrypted_reader.PeekRemainingPayload();
1646 QUICHE_DCHECK_EQ(remaining_data.length(), remaining_bytes_length);
1647
1648 const char* coalesced_data =
1649 remaining_data.data() + header.remaining_packet_length;
1650 uint64_t coalesced_data_length =
1651 remaining_bytes_length - header.remaining_packet_length;
1652 QuicDataReader coalesced_reader(coalesced_data, coalesced_data_length);
1653
1654 QuicPacketHeader coalesced_header;
1655 if (!ProcessIetfPacketHeader(&coalesced_reader, &coalesced_header)) {
1656 // Some implementations pad their INITIAL packets by sending random invalid
1657 // data after the INITIAL, and that is allowed by the specification. If we
1658 // fail to parse a subsequent coalesced packet, simply ignore it.
1659 QUIC_DLOG(INFO) << ENDPOINT
1660 << "Failed to parse received coalesced header of length "
1661 << coalesced_data_length
1662 << " with error: " << detailed_error_ << ": "
1663 << absl::BytesToHexString(absl::string_view(
1664 coalesced_data, coalesced_data_length))
1665 << " previous header was " << header;
1666 return;
1667 }
1668
1669 if (coalesced_header.destination_connection_id !=
1670 header.destination_connection_id) {
1671 // Drop coalesced packets with mismatched connection IDs.
1672 QUIC_DLOG(INFO) << ENDPOINT << "Received mismatched coalesced header "
1673 << coalesced_header << " previous header was " << header;
1674 QUIC_CODE_COUNT(
1675 quic_received_coalesced_packets_with_mismatched_connection_id);
1676 return;
1677 }
1678
1679 QuicEncryptedPacket coalesced_packet(coalesced_data, coalesced_data_length,
1680 /*owns_buffer=*/false);
1681 visitor_->OnCoalescedPacket(coalesced_packet);
1682 }
1683
MaybeProcessIetfLength(QuicDataReader * encrypted_reader,QuicPacketHeader * header)1684 bool QuicFramer::MaybeProcessIetfLength(QuicDataReader* encrypted_reader,
1685 QuicPacketHeader* header) {
1686 if (!QuicVersionHasLongHeaderLengths(header->version.transport_version) ||
1687 header->form != IETF_QUIC_LONG_HEADER_PACKET ||
1688 (header->long_packet_type != INITIAL &&
1689 header->long_packet_type != HANDSHAKE &&
1690 header->long_packet_type != ZERO_RTT_PROTECTED)) {
1691 return true;
1692 }
1693 header->length_length = encrypted_reader->PeekVarInt62Length();
1694 if (!encrypted_reader->ReadVarInt62(&header->remaining_packet_length)) {
1695 set_detailed_error("Unable to read long header payload length.");
1696 return RaiseError(QUIC_INVALID_PACKET_HEADER);
1697 }
1698 uint64_t remaining_bytes_length = encrypted_reader->BytesRemaining();
1699 if (header->remaining_packet_length > remaining_bytes_length) {
1700 set_detailed_error("Long header payload length longer than packet.");
1701 return RaiseError(QUIC_INVALID_PACKET_HEADER);
1702 }
1703
1704 MaybeProcessCoalescedPacket(*encrypted_reader, remaining_bytes_length,
1705 *header);
1706
1707 if (!encrypted_reader->TruncateRemaining(header->remaining_packet_length)) {
1708 set_detailed_error("Length TruncateRemaining failed.");
1709 QUIC_BUG(quic_bug_10850_54) << "Length TruncateRemaining failed.";
1710 return RaiseError(QUIC_INVALID_PACKET_HEADER);
1711 }
1712 return true;
1713 }
1714
ProcessIetfDataPacket(QuicDataReader * encrypted_reader,QuicPacketHeader * header,const QuicEncryptedPacket & packet,char * decrypted_buffer,size_t buffer_length)1715 bool QuicFramer::ProcessIetfDataPacket(QuicDataReader* encrypted_reader,
1716 QuicPacketHeader* header,
1717 const QuicEncryptedPacket& packet,
1718 char* decrypted_buffer,
1719 size_t buffer_length) {
1720 QUICHE_DCHECK_NE(GOOGLE_QUIC_PACKET, header->form);
1721 QUICHE_DCHECK(!header->has_possible_stateless_reset_token);
1722 header->length_length = quiche::VARIABLE_LENGTH_INTEGER_LENGTH_0;
1723 header->remaining_packet_length = 0;
1724 if (header->form == IETF_QUIC_SHORT_HEADER_PACKET &&
1725 perspective_ == Perspective::IS_CLIENT) {
1726 // Peek possible stateless reset token. Will only be used on decryption
1727 // failure.
1728 absl::string_view remaining = encrypted_reader->PeekRemainingPayload();
1729 if (remaining.length() >= sizeof(header->possible_stateless_reset_token)) {
1730 header->has_possible_stateless_reset_token = true;
1731 memcpy(&header->possible_stateless_reset_token,
1732 &remaining.data()[remaining.length() -
1733 sizeof(header->possible_stateless_reset_token)],
1734 sizeof(header->possible_stateless_reset_token));
1735 }
1736 }
1737
1738 if (!MaybeProcessIetfLength(encrypted_reader, header)) {
1739 return false;
1740 }
1741
1742 absl::string_view associated_data;
1743 AssociatedDataStorage ad_storage;
1744 QuicPacketNumber base_packet_number;
1745 if (header->form == IETF_QUIC_SHORT_HEADER_PACKET ||
1746 header->long_packet_type != VERSION_NEGOTIATION) {
1747 QUICHE_DCHECK(header->form == IETF_QUIC_SHORT_HEADER_PACKET ||
1748 header->long_packet_type == INITIAL ||
1749 header->long_packet_type == HANDSHAKE ||
1750 header->long_packet_type == ZERO_RTT_PROTECTED);
1751 // Process packet number.
1752 if (supports_multiple_packet_number_spaces_) {
1753 PacketNumberSpace pn_space = GetPacketNumberSpace(*header);
1754 if (pn_space == NUM_PACKET_NUMBER_SPACES) {
1755 return RaiseError(QUIC_INVALID_PACKET_HEADER);
1756 }
1757 base_packet_number = largest_decrypted_packet_numbers_[pn_space];
1758 } else {
1759 base_packet_number = largest_packet_number_;
1760 }
1761 uint64_t full_packet_number;
1762 bool hp_removal_failed = false;
1763 if (version_.HasHeaderProtection()) {
1764 if (!RemoveHeaderProtection(encrypted_reader, packet, header,
1765 &full_packet_number, ad_storage)) {
1766 hp_removal_failed = true;
1767 }
1768 associated_data = absl::string_view(ad_storage.data(), ad_storage.size());
1769 } else if (!ProcessAndCalculatePacketNumber(
1770 encrypted_reader, header->packet_number_length,
1771 base_packet_number, &full_packet_number)) {
1772 set_detailed_error("Unable to read packet number.");
1773 RecordDroppedPacketReason(DroppedPacketReason::INVALID_PACKET_NUMBER);
1774 return RaiseError(QUIC_INVALID_PACKET_HEADER);
1775 }
1776
1777 if (hp_removal_failed ||
1778 !IsValidFullPacketNumber(full_packet_number, version())) {
1779 if (IsIetfStatelessResetPacket(*header)) {
1780 // This is a stateless reset packet.
1781 QuicIetfStatelessResetPacket reset_packet(
1782 *header, header->possible_stateless_reset_token);
1783 visitor_->OnAuthenticatedIetfStatelessResetPacket(reset_packet);
1784 return true;
1785 }
1786 if (hp_removal_failed) {
1787 const EncryptionLevel decryption_level = GetEncryptionLevel(*header);
1788 const bool has_decryption_key = decrypter_[decryption_level] != nullptr;
1789 visitor_->OnUndecryptablePacket(
1790 QuicEncryptedPacket(encrypted_reader->FullPayload()),
1791 decryption_level, has_decryption_key);
1792 RecordDroppedPacketReason(DroppedPacketReason::DECRYPTION_FAILURE);
1793 set_detailed_error(absl::StrCat(
1794 "Unable to decrypt ", EncryptionLevelToString(decryption_level),
1795 " header protection", has_decryption_key ? "" : " (missing key)",
1796 "."));
1797 return RaiseError(QUIC_DECRYPTION_FAILURE);
1798 }
1799 RecordDroppedPacketReason(DroppedPacketReason::INVALID_PACKET_NUMBER);
1800 set_detailed_error("packet numbers cannot be 0.");
1801 return RaiseError(QUIC_INVALID_PACKET_HEADER);
1802 }
1803 header->packet_number = QuicPacketNumber(full_packet_number);
1804 }
1805
1806 // A nonce should only present in SHLO from the server to the client when
1807 // using QUIC crypto.
1808 if (header->form == IETF_QUIC_LONG_HEADER_PACKET &&
1809 header->long_packet_type == ZERO_RTT_PROTECTED &&
1810 perspective_ == Perspective::IS_CLIENT &&
1811 version_.handshake_protocol == PROTOCOL_QUIC_CRYPTO) {
1812 if (!encrypted_reader->ReadBytes(
1813 reinterpret_cast<uint8_t*>(last_nonce_.data()),
1814 last_nonce_.size())) {
1815 set_detailed_error("Unable to read nonce.");
1816 RecordDroppedPacketReason(
1817 DroppedPacketReason::INVALID_DIVERSIFICATION_NONCE);
1818 return RaiseError(QUIC_INVALID_PACKET_HEADER);
1819 }
1820
1821 header->nonce = &last_nonce_;
1822 } else {
1823 header->nonce = nullptr;
1824 }
1825
1826 if (!visitor_->OnUnauthenticatedHeader(*header)) {
1827 set_detailed_error(
1828 "Visitor asked to stop processing of unauthenticated header.");
1829 return false;
1830 }
1831
1832 absl::string_view encrypted = encrypted_reader->ReadRemainingPayload();
1833 if (!version_.HasHeaderProtection()) {
1834 associated_data = GetAssociatedDataFromEncryptedPacket(
1835 version_.transport_version, packet,
1836 GetIncludedDestinationConnectionIdLength(*header),
1837 GetIncludedSourceConnectionIdLength(*header), header->version_flag,
1838 header->nonce != nullptr, header->packet_number_length,
1839 header->retry_token_length_length, header->retry_token.length(),
1840 header->length_length);
1841 }
1842
1843 size_t decrypted_length = 0;
1844 EncryptionLevel decrypted_level;
1845 if (!DecryptPayload(packet.length(), encrypted, associated_data, *header,
1846 decrypted_buffer, buffer_length, &decrypted_length,
1847 &decrypted_level)) {
1848 if (IsIetfStatelessResetPacket(*header)) {
1849 // This is a stateless reset packet.
1850 QuicIetfStatelessResetPacket reset_packet(
1851 *header, header->possible_stateless_reset_token);
1852 visitor_->OnAuthenticatedIetfStatelessResetPacket(reset_packet);
1853 return true;
1854 }
1855 const EncryptionLevel decryption_level = GetEncryptionLevel(*header);
1856 const bool has_decryption_key = version_.KnowsWhichDecrypterToUse() &&
1857 decrypter_[decryption_level] != nullptr;
1858 visitor_->OnUndecryptablePacket(
1859 QuicEncryptedPacket(encrypted_reader->FullPayload()), decryption_level,
1860 has_decryption_key);
1861 set_detailed_error(absl::StrCat(
1862 "Unable to decrypt ", EncryptionLevelToString(decryption_level),
1863 " payload with reconstructed packet number ",
1864 header->packet_number.ToString(), " (largest decrypted was ",
1865 base_packet_number.ToString(), ")",
1866 has_decryption_key || !version_.KnowsWhichDecrypterToUse()
1867 ? ""
1868 : " (missing key)",
1869 "."));
1870 RecordDroppedPacketReason(DroppedPacketReason::DECRYPTION_FAILURE);
1871 return RaiseError(QUIC_DECRYPTION_FAILURE);
1872 }
1873 QuicDataReader reader(decrypted_buffer, decrypted_length);
1874
1875 // Remember decrypted_payload in the current connection context until the end
1876 // of this function.
1877 auto* connection_context = QuicConnectionContext::Current();
1878 if (connection_context != nullptr) {
1879 connection_context->process_packet_context.decrypted_payload =
1880 reader.FullPayload();
1881 connection_context->process_packet_context.current_frame_offset = 0;
1882 }
1883 auto clear_decrypted_payload = absl::MakeCleanup([&]() {
1884 if (connection_context != nullptr) {
1885 connection_context->process_packet_context.decrypted_payload =
1886 absl::string_view();
1887 }
1888 });
1889
1890 // Update the largest packet number after we have decrypted the packet
1891 // so we are confident is not attacker controlled.
1892 if (supports_multiple_packet_number_spaces_) {
1893 largest_decrypted_packet_numbers_[QuicUtils::GetPacketNumberSpace(
1894 decrypted_level)]
1895 .UpdateMax(header->packet_number);
1896 } else {
1897 largest_packet_number_.UpdateMax(header->packet_number);
1898 }
1899
1900 if (!visitor_->OnPacketHeader(*header)) {
1901 RecordDroppedPacketReason(DroppedPacketReason::INVALID_PACKET_NUMBER);
1902 // The visitor suppresses further processing of the packet.
1903 return true;
1904 }
1905
1906 if (packet.length() > kMaxIncomingPacketSize) {
1907 set_detailed_error("Packet too large.");
1908 return RaiseError(QUIC_PACKET_TOO_LARGE);
1909 }
1910
1911 // Handle the payload.
1912 if (VersionHasIetfQuicFrames(version_.transport_version)) {
1913 current_received_frame_type_ = 0;
1914 previously_received_frame_type_ = 0;
1915 if (!ProcessIetfFrameData(&reader, *header, decrypted_level)) {
1916 current_received_frame_type_ = 0;
1917 previously_received_frame_type_ = 0;
1918 QUICHE_DCHECK_NE(QUIC_NO_ERROR,
1919 error_); // ProcessIetfFrameData sets the error.
1920 QUICHE_DCHECK_NE("", detailed_error_);
1921 QUIC_DLOG(WARNING) << ENDPOINT << "Unable to process frame data. Error: "
1922 << detailed_error_;
1923 return false;
1924 }
1925 current_received_frame_type_ = 0;
1926 previously_received_frame_type_ = 0;
1927 } else {
1928 if (!ProcessFrameData(&reader, *header)) {
1929 QUICHE_DCHECK_NE(QUIC_NO_ERROR,
1930 error_); // ProcessFrameData sets the error.
1931 QUICHE_DCHECK_NE("", detailed_error_);
1932 QUIC_DLOG(WARNING) << ENDPOINT << "Unable to process frame data. Error: "
1933 << detailed_error_;
1934 return false;
1935 }
1936 }
1937
1938 visitor_->OnPacketComplete();
1939 return true;
1940 }
1941
IsIetfStatelessResetPacket(const QuicPacketHeader & header) const1942 bool QuicFramer::IsIetfStatelessResetPacket(
1943 const QuicPacketHeader& header) const {
1944 QUIC_BUG_IF(quic_bug_12975_3, header.has_possible_stateless_reset_token &&
1945 perspective_ != Perspective::IS_CLIENT)
1946 << "has_possible_stateless_reset_token can only be true at client side.";
1947 return header.form == IETF_QUIC_SHORT_HEADER_PACKET &&
1948 header.has_possible_stateless_reset_token &&
1949 visitor_->IsValidStatelessResetToken(
1950 header.possible_stateless_reset_token);
1951 }
1952
HasEncrypterOfEncryptionLevel(EncryptionLevel level) const1953 bool QuicFramer::HasEncrypterOfEncryptionLevel(EncryptionLevel level) const {
1954 return encrypter_[level] != nullptr;
1955 }
1956
HasDecrypterOfEncryptionLevel(EncryptionLevel level) const1957 bool QuicFramer::HasDecrypterOfEncryptionLevel(EncryptionLevel level) const {
1958 return decrypter_[level] != nullptr;
1959 }
1960
HasAnEncrypterForSpace(PacketNumberSpace space) const1961 bool QuicFramer::HasAnEncrypterForSpace(PacketNumberSpace space) const {
1962 switch (space) {
1963 case INITIAL_DATA:
1964 return HasEncrypterOfEncryptionLevel(ENCRYPTION_INITIAL);
1965 case HANDSHAKE_DATA:
1966 return HasEncrypterOfEncryptionLevel(ENCRYPTION_HANDSHAKE);
1967 case APPLICATION_DATA:
1968 return HasEncrypterOfEncryptionLevel(ENCRYPTION_ZERO_RTT) ||
1969 HasEncrypterOfEncryptionLevel(ENCRYPTION_FORWARD_SECURE);
1970 case NUM_PACKET_NUMBER_SPACES:
1971 break;
1972 }
1973 QUIC_BUG(quic_bug_10850_55)
1974 << ENDPOINT
1975 << "Try to send data of space: " << PacketNumberSpaceToString(space);
1976 return false;
1977 }
1978
GetEncryptionLevelToSendApplicationData() const1979 EncryptionLevel QuicFramer::GetEncryptionLevelToSendApplicationData() const {
1980 if (!HasAnEncrypterForSpace(APPLICATION_DATA)) {
1981 QUIC_BUG(quic_bug_12975_4)
1982 << "Tried to get encryption level to send application data with no "
1983 "encrypter available.";
1984 return NUM_ENCRYPTION_LEVELS;
1985 }
1986 if (HasEncrypterOfEncryptionLevel(ENCRYPTION_FORWARD_SECURE)) {
1987 return ENCRYPTION_FORWARD_SECURE;
1988 }
1989 QUICHE_DCHECK(HasEncrypterOfEncryptionLevel(ENCRYPTION_ZERO_RTT));
1990 return ENCRYPTION_ZERO_RTT;
1991 }
1992
AppendIetfHeaderTypeByte(const QuicPacketHeader & header,QuicDataWriter * writer)1993 bool QuicFramer::AppendIetfHeaderTypeByte(const QuicPacketHeader& header,
1994 QuicDataWriter* writer) {
1995 uint8_t type = 0;
1996 if (header.version_flag) {
1997 type = static_cast<uint8_t>(
1998 FLAGS_LONG_HEADER | FLAGS_FIXED_BIT |
1999 LongHeaderTypeToOnWireValue(header.long_packet_type, version_) |
2000 PacketNumberLengthToOnWireValue(header.packet_number_length));
2001 } else {
2002 type = static_cast<uint8_t>(
2003 FLAGS_FIXED_BIT | (current_key_phase_bit_ ? FLAGS_KEY_PHASE_BIT : 0) |
2004 PacketNumberLengthToOnWireValue(header.packet_number_length));
2005 }
2006 return writer->WriteUInt8(type);
2007 }
2008
AppendIetfPacketHeader(const QuicPacketHeader & header,QuicDataWriter * writer,size_t * length_field_offset)2009 bool QuicFramer::AppendIetfPacketHeader(const QuicPacketHeader& header,
2010 QuicDataWriter* writer,
2011 size_t* length_field_offset) {
2012 QUIC_DVLOG(1) << ENDPOINT << "Appending IETF header: " << header;
2013 QuicConnectionId server_connection_id =
2014 GetServerConnectionIdAsSender(header, perspective_);
2015 QUIC_BUG_IF(quic_bug_12975_6, !QuicUtils::IsConnectionIdValidForVersion(
2016 server_connection_id, transport_version()))
2017 << "AppendIetfPacketHeader: attempted to use connection ID "
2018 << server_connection_id << " which is invalid with version " << version();
2019 if (!AppendIetfHeaderTypeByte(header, writer)) {
2020 return false;
2021 }
2022
2023 if (header.version_flag) {
2024 QUICHE_DCHECK_NE(VERSION_NEGOTIATION, header.long_packet_type)
2025 << "QuicFramer::AppendIetfPacketHeader does not support sending "
2026 "version negotiation packets, use "
2027 "QuicFramer::BuildVersionNegotiationPacket instead "
2028 << header;
2029 // Append version for long header.
2030 QuicVersionLabel version_label = CreateQuicVersionLabel(version_);
2031 if (!writer->WriteUInt32(version_label)) {
2032 return false;
2033 }
2034 }
2035
2036 // Append connection ID.
2037 if (!AppendIetfConnectionIds(
2038 header.version_flag, version_.HasLengthPrefixedConnectionIds(),
2039 header.destination_connection_id_included != CONNECTION_ID_ABSENT
2040 ? header.destination_connection_id
2041 : EmptyQuicConnectionId(),
2042 header.source_connection_id_included != CONNECTION_ID_ABSENT
2043 ? header.source_connection_id
2044 : EmptyQuicConnectionId(),
2045 writer)) {
2046 return false;
2047 }
2048
2049 last_serialized_server_connection_id_ = server_connection_id;
2050
2051 // TODO(b/141924462) Remove this QUIC_BUG once we do support sending RETRY.
2052 QUIC_BUG_IF(quic_bug_12975_7,
2053 header.version_flag && header.long_packet_type == RETRY)
2054 << "Sending IETF RETRY packets is not currently supported " << header;
2055
2056 if (QuicVersionHasLongHeaderLengths(transport_version()) &&
2057 header.version_flag) {
2058 if (header.long_packet_type == INITIAL) {
2059 QUICHE_DCHECK_NE(quiche::VARIABLE_LENGTH_INTEGER_LENGTH_0,
2060 header.retry_token_length_length)
2061 << ENDPOINT << ParsedQuicVersionToString(version_)
2062 << " bad retry token length length in header: " << header;
2063 // Write retry token length.
2064 if (!writer->WriteVarInt62WithForcedLength(
2065 header.retry_token.length(), header.retry_token_length_length)) {
2066 return false;
2067 }
2068 // Write retry token.
2069 if (!header.retry_token.empty() &&
2070 !writer->WriteStringPiece(header.retry_token)) {
2071 return false;
2072 }
2073 }
2074 if (length_field_offset != nullptr) {
2075 *length_field_offset = writer->length();
2076 }
2077 // Add fake length to reserve two bytes to add length in later.
2078 writer->WriteVarInt62(256);
2079 } else if (length_field_offset != nullptr) {
2080 *length_field_offset = 0;
2081 }
2082
2083 // Append packet number.
2084 if (!AppendPacketNumber(header.packet_number_length, header.packet_number,
2085 writer)) {
2086 return false;
2087 }
2088 last_written_packet_number_length_ = header.packet_number_length;
2089
2090 if (!header.version_flag) {
2091 return true;
2092 }
2093
2094 if (header.nonce != nullptr) {
2095 QUICHE_DCHECK(header.version_flag);
2096 QUICHE_DCHECK_EQ(ZERO_RTT_PROTECTED, header.long_packet_type);
2097 QUICHE_DCHECK_EQ(Perspective::IS_SERVER, perspective_);
2098 if (!writer->WriteBytes(header.nonce, kDiversificationNonceSize)) {
2099 return false;
2100 }
2101 }
2102
2103 return true;
2104 }
2105
CalculateTimestampFromWire(uint32_t time_delta_us)2106 const QuicTime::Delta QuicFramer::CalculateTimestampFromWire(
2107 uint32_t time_delta_us) {
2108 // The new time_delta might have wrapped to the next epoch, or it
2109 // might have reverse wrapped to the previous epoch, or it might
2110 // remain in the same epoch. Select the time closest to the previous
2111 // time.
2112 //
2113 // epoch_delta is the delta between epochs. A delta is 4 bytes of
2114 // microseconds.
2115 const uint64_t epoch_delta = UINT64_C(1) << 32;
2116 uint64_t epoch = last_timestamp_.ToMicroseconds() & ~(epoch_delta - 1);
2117 // Wrapping is safe here because a wrapped value will not be ClosestTo below.
2118 uint64_t prev_epoch = epoch - epoch_delta;
2119 uint64_t next_epoch = epoch + epoch_delta;
2120
2121 uint64_t time = ClosestTo(
2122 last_timestamp_.ToMicroseconds(), epoch + time_delta_us,
2123 ClosestTo(last_timestamp_.ToMicroseconds(), prev_epoch + time_delta_us,
2124 next_epoch + time_delta_us));
2125
2126 return QuicTime::Delta::FromMicroseconds(time);
2127 }
2128
CalculatePacketNumberFromWire(QuicPacketNumberLength packet_number_length,QuicPacketNumber base_packet_number,uint64_t packet_number) const2129 uint64_t QuicFramer::CalculatePacketNumberFromWire(
2130 QuicPacketNumberLength packet_number_length,
2131 QuicPacketNumber base_packet_number, uint64_t packet_number) const {
2132 // The new packet number might have wrapped to the next epoch, or
2133 // it might have reverse wrapped to the previous epoch, or it might
2134 // remain in the same epoch. Select the packet number closest to the
2135 // next expected packet number, the previous packet number plus 1.
2136
2137 // epoch_delta is the delta between epochs the packet number was serialized
2138 // with, so the correct value is likely the same epoch as the last sequence
2139 // number or an adjacent epoch.
2140 if (!base_packet_number.IsInitialized()) {
2141 return packet_number;
2142 }
2143 const uint64_t epoch_delta = UINT64_C(1) << (8 * packet_number_length);
2144 uint64_t next_packet_number = base_packet_number.ToUint64() + 1;
2145 uint64_t epoch = base_packet_number.ToUint64() & ~(epoch_delta - 1);
2146 uint64_t prev_epoch = epoch - epoch_delta;
2147 uint64_t next_epoch = epoch + epoch_delta;
2148
2149 return ClosestTo(next_packet_number, epoch + packet_number,
2150 ClosestTo(next_packet_number, prev_epoch + packet_number,
2151 next_epoch + packet_number));
2152 }
2153
2154 // static
GetMinPacketNumberLength(QuicPacketNumber packet_number)2155 QuicPacketNumberLength QuicFramer::GetMinPacketNumberLength(
2156 QuicPacketNumber packet_number) {
2157 QUICHE_DCHECK(packet_number.IsInitialized());
2158 if (packet_number < QuicPacketNumber(1 << (PACKET_1BYTE_PACKET_NUMBER * 8))) {
2159 return PACKET_1BYTE_PACKET_NUMBER;
2160 } else if (packet_number <
2161 QuicPacketNumber(1 << (PACKET_2BYTE_PACKET_NUMBER * 8))) {
2162 return PACKET_2BYTE_PACKET_NUMBER;
2163 } else if (packet_number <
2164 QuicPacketNumber(UINT64_C(1)
2165 << (PACKET_4BYTE_PACKET_NUMBER * 8))) {
2166 return PACKET_4BYTE_PACKET_NUMBER;
2167 } else {
2168 return PACKET_6BYTE_PACKET_NUMBER;
2169 }
2170 }
2171
2172 // static
GetPacketNumberFlags(QuicPacketNumberLength packet_number_length)2173 uint8_t QuicFramer::GetPacketNumberFlags(
2174 QuicPacketNumberLength packet_number_length) {
2175 switch (packet_number_length) {
2176 case PACKET_1BYTE_PACKET_NUMBER:
2177 return PACKET_FLAGS_1BYTE_PACKET;
2178 case PACKET_2BYTE_PACKET_NUMBER:
2179 return PACKET_FLAGS_2BYTE_PACKET;
2180 case PACKET_4BYTE_PACKET_NUMBER:
2181 return PACKET_FLAGS_4BYTE_PACKET;
2182 case PACKET_6BYTE_PACKET_NUMBER:
2183 case PACKET_8BYTE_PACKET_NUMBER:
2184 return PACKET_FLAGS_8BYTE_PACKET;
2185 default:
2186 QUIC_BUG(quic_bug_10850_56) << "Unreachable case statement.";
2187 return PACKET_FLAGS_8BYTE_PACKET;
2188 }
2189 }
2190
2191 // static
GetAckFrameInfo(const QuicAckFrame & frame)2192 QuicFramer::AckFrameInfo QuicFramer::GetAckFrameInfo(
2193 const QuicAckFrame& frame) {
2194 AckFrameInfo new_ack_info;
2195 if (frame.packets.Empty()) {
2196 return new_ack_info;
2197 }
2198 // The first block is the last interval. It isn't encoded with the gap-length
2199 // encoding, so skip it.
2200 new_ack_info.first_block_length = frame.packets.LastIntervalLength();
2201 auto itr = frame.packets.rbegin();
2202 QuicPacketNumber previous_start = itr->min();
2203 new_ack_info.max_block_length = itr->Length();
2204 ++itr;
2205
2206 // Don't do any more work after getting information for 256 ACK blocks; any
2207 // more can't be encoded anyway.
2208 for (; itr != frame.packets.rend() &&
2209 new_ack_info.num_ack_blocks < std::numeric_limits<uint8_t>::max();
2210 previous_start = itr->min(), ++itr) {
2211 const auto& interval = *itr;
2212 const QuicPacketCount total_gap = previous_start - interval.max();
2213 new_ack_info.num_ack_blocks +=
2214 (total_gap + std::numeric_limits<uint8_t>::max() - 1) /
2215 std::numeric_limits<uint8_t>::max();
2216 new_ack_info.max_block_length =
2217 std::max(new_ack_info.max_block_length, interval.Length());
2218 }
2219 return new_ack_info;
2220 }
2221
ProcessIetfHeaderTypeByte(QuicDataReader * reader,QuicPacketHeader * header)2222 bool QuicFramer::ProcessIetfHeaderTypeByte(QuicDataReader* reader,
2223 QuicPacketHeader* header) {
2224 uint8_t type;
2225 if (!reader->ReadBytes(&type, 1)) {
2226 set_detailed_error("Unable to read first byte.");
2227 return false;
2228 }
2229 header->type_byte = type;
2230 // Determine whether this is a long or short header.
2231 header->form = GetIetfPacketHeaderFormat(type);
2232 if (header->form == IETF_QUIC_LONG_HEADER_PACKET) {
2233 // Version is always present in long headers.
2234 header->version_flag = true;
2235 // In versions that do not support client connection IDs, we mark the
2236 // corresponding connection ID as absent.
2237 header->destination_connection_id_included =
2238 (perspective_ == Perspective::IS_SERVER ||
2239 version_.SupportsClientConnectionIds())
2240 ? CONNECTION_ID_PRESENT
2241 : CONNECTION_ID_ABSENT;
2242 header->source_connection_id_included =
2243 (perspective_ == Perspective::IS_CLIENT ||
2244 version_.SupportsClientConnectionIds())
2245 ? CONNECTION_ID_PRESENT
2246 : CONNECTION_ID_ABSENT;
2247 // Read version tag.
2248 QuicVersionLabel version_label;
2249 if (!ProcessVersionLabel(reader, &version_label)) {
2250 set_detailed_error("Unable to read protocol version.");
2251 return false;
2252 }
2253 if (!version_label) {
2254 // Version label is 0 indicating this is a version negotiation packet.
2255 header->long_packet_type = VERSION_NEGOTIATION;
2256 } else {
2257 header->version = ParseQuicVersionLabel(version_label);
2258 if (header->version.IsKnown()) {
2259 if (!(type & FLAGS_FIXED_BIT)) {
2260 set_detailed_error("Fixed bit is 0 in long header.");
2261 return false;
2262 }
2263 header->long_packet_type = GetLongHeaderType(type, header->version);
2264 switch (header->long_packet_type) {
2265 case INVALID_PACKET_TYPE:
2266 set_detailed_error("Illegal long header type value.");
2267 return false;
2268 case RETRY:
2269 if (!version().SupportsRetry()) {
2270 set_detailed_error("RETRY not supported in this version.");
2271 return false;
2272 }
2273 if (perspective_ == Perspective::IS_SERVER) {
2274 set_detailed_error("Client-initiated RETRY is invalid.");
2275 return false;
2276 }
2277 break;
2278 default:
2279 if (!header->version.HasHeaderProtection()) {
2280 header->packet_number_length =
2281 GetLongHeaderPacketNumberLength(type);
2282 }
2283 break;
2284 }
2285 }
2286 }
2287
2288 QUIC_DVLOG(1) << ENDPOINT << "Received IETF long header: "
2289 << QuicUtils::QuicLongHeaderTypetoString(
2290 header->long_packet_type);
2291 return true;
2292 }
2293
2294 QUIC_DVLOG(1) << ENDPOINT << "Received IETF short header";
2295 // Version is not present in short headers.
2296 header->version_flag = false;
2297 // In versions that do not support client connection IDs, the client will not
2298 // receive destination connection IDs.
2299 header->destination_connection_id_included =
2300 (perspective_ == Perspective::IS_SERVER ||
2301 version_.SupportsClientConnectionIds())
2302 ? CONNECTION_ID_PRESENT
2303 : CONNECTION_ID_ABSENT;
2304 header->source_connection_id_included = CONNECTION_ID_ABSENT;
2305 if (!(type & FLAGS_FIXED_BIT)) {
2306 set_detailed_error("Fixed bit is 0 in short header.");
2307 return false;
2308 }
2309 if (!version_.HasHeaderProtection()) {
2310 header->packet_number_length = GetShortHeaderPacketNumberLength(type);
2311 }
2312 QUIC_DVLOG(1) << "packet_number_length = " << header->packet_number_length;
2313 return true;
2314 }
2315
2316 // static
ProcessVersionLabel(QuicDataReader * reader,QuicVersionLabel * version_label)2317 bool QuicFramer::ProcessVersionLabel(QuicDataReader* reader,
2318 QuicVersionLabel* version_label) {
2319 if (!reader->ReadUInt32(version_label)) {
2320 return false;
2321 }
2322 return true;
2323 }
2324
2325 // static
ProcessAndValidateIetfConnectionIdLength(QuicDataReader * reader,ParsedQuicVersion version,Perspective perspective,bool should_update_expected_server_connection_id_length,uint8_t * expected_server_connection_id_length,uint8_t * destination_connection_id_length,uint8_t * source_connection_id_length,std::string * detailed_error)2326 bool QuicFramer::ProcessAndValidateIetfConnectionIdLength(
2327 QuicDataReader* reader, ParsedQuicVersion version, Perspective perspective,
2328 bool should_update_expected_server_connection_id_length,
2329 uint8_t* expected_server_connection_id_length,
2330 uint8_t* destination_connection_id_length,
2331 uint8_t* source_connection_id_length, std::string* detailed_error) {
2332 uint8_t connection_id_lengths_byte;
2333 if (!reader->ReadBytes(&connection_id_lengths_byte, 1)) {
2334 *detailed_error = "Unable to read ConnectionId length.";
2335 return false;
2336 }
2337 uint8_t dcil =
2338 (connection_id_lengths_byte & kDestinationConnectionIdLengthMask) >> 4;
2339 if (dcil != 0) {
2340 dcil += kConnectionIdLengthAdjustment;
2341 }
2342 uint8_t scil = connection_id_lengths_byte & kSourceConnectionIdLengthMask;
2343 if (scil != 0) {
2344 scil += kConnectionIdLengthAdjustment;
2345 }
2346 if (should_update_expected_server_connection_id_length) {
2347 uint8_t server_connection_id_length =
2348 perspective == Perspective::IS_SERVER ? dcil : scil;
2349 if (*expected_server_connection_id_length != server_connection_id_length) {
2350 QUIC_DVLOG(1) << "Updating expected_server_connection_id_length: "
2351 << static_cast<int>(*expected_server_connection_id_length)
2352 << " -> " << static_cast<int>(server_connection_id_length);
2353 *expected_server_connection_id_length = server_connection_id_length;
2354 }
2355 }
2356 if (!should_update_expected_server_connection_id_length &&
2357 (dcil != *destination_connection_id_length ||
2358 scil != *source_connection_id_length) &&
2359 version.IsKnown() && !version.AllowsVariableLengthConnectionIds()) {
2360 QUIC_DVLOG(1) << "dcil: " << static_cast<uint32_t>(dcil)
2361 << ", scil: " << static_cast<uint32_t>(scil);
2362 *detailed_error = "Invalid ConnectionId length.";
2363 return false;
2364 }
2365 *destination_connection_id_length = dcil;
2366 *source_connection_id_length = scil;
2367 return true;
2368 }
2369
ValidateReceivedConnectionIds(const QuicPacketHeader & header)2370 bool QuicFramer::ValidateReceivedConnectionIds(const QuicPacketHeader& header) {
2371 bool skip_server_connection_id_validation =
2372 perspective_ == Perspective::IS_CLIENT &&
2373 header.form == IETF_QUIC_SHORT_HEADER_PACKET;
2374 if (!skip_server_connection_id_validation &&
2375 !QuicUtils::IsConnectionIdValidForVersion(
2376 GetServerConnectionIdAsRecipient(header, perspective_),
2377 transport_version())) {
2378 set_detailed_error("Received server connection ID with invalid length.");
2379 return false;
2380 }
2381
2382 bool skip_client_connection_id_validation =
2383 perspective_ == Perspective::IS_SERVER &&
2384 header.form == IETF_QUIC_SHORT_HEADER_PACKET;
2385 if (!skip_client_connection_id_validation &&
2386 version_.SupportsClientConnectionIds() &&
2387 !QuicUtils::IsConnectionIdValidForVersion(
2388 GetClientConnectionIdAsRecipient(header, perspective_),
2389 transport_version())) {
2390 set_detailed_error("Received client connection ID with invalid length.");
2391 return false;
2392 }
2393 return true;
2394 }
2395
ProcessIetfPacketHeader(QuicDataReader * reader,QuicPacketHeader * header)2396 bool QuicFramer::ProcessIetfPacketHeader(QuicDataReader* reader,
2397 QuicPacketHeader* header) {
2398 if (version_.HasLengthPrefixedConnectionIds()) {
2399 uint8_t expected_destination_connection_id_length =
2400 perspective_ == Perspective::IS_CLIENT
2401 ? expected_client_connection_id_length_
2402 : expected_server_connection_id_length_;
2403 QuicVersionLabel version_label;
2404 bool has_length_prefix;
2405 std::string detailed_error;
2406 QuicErrorCode parse_result = QuicFramer::ParsePublicHeader(
2407 reader, expected_destination_connection_id_length, /*ietf_format=*/true,
2408 &header->type_byte, &header->form, &header->version_flag,
2409 &has_length_prefix, &version_label, &header->version,
2410 &header->destination_connection_id, &header->source_connection_id,
2411 &header->long_packet_type, &header->retry_token_length_length,
2412 &header->retry_token, &detailed_error);
2413 if (parse_result != QUIC_NO_ERROR) {
2414 set_detailed_error(detailed_error);
2415 return false;
2416 }
2417 header->destination_connection_id_included = CONNECTION_ID_PRESENT;
2418 header->source_connection_id_included =
2419 header->version_flag ? CONNECTION_ID_PRESENT : CONNECTION_ID_ABSENT;
2420
2421 if (!ValidateReceivedConnectionIds(*header)) {
2422 return false;
2423 }
2424
2425 if (header->version_flag &&
2426 header->long_packet_type != VERSION_NEGOTIATION &&
2427 !(header->type_byte & FLAGS_FIXED_BIT)) {
2428 set_detailed_error("Fixed bit is 0 in long header.");
2429 return false;
2430 }
2431 if (!header->version_flag && !(header->type_byte & FLAGS_FIXED_BIT)) {
2432 set_detailed_error("Fixed bit is 0 in short header.");
2433 return false;
2434 }
2435 if (!header->version_flag) {
2436 if (!version_.HasHeaderProtection()) {
2437 header->packet_number_length =
2438 GetShortHeaderPacketNumberLength(header->type_byte);
2439 }
2440 return true;
2441 }
2442 if (header->long_packet_type == RETRY) {
2443 if (!version().SupportsRetry()) {
2444 set_detailed_error("RETRY not supported in this version.");
2445 return false;
2446 }
2447 if (perspective_ == Perspective::IS_SERVER) {
2448 set_detailed_error("Client-initiated RETRY is invalid.");
2449 return false;
2450 }
2451 return true;
2452 }
2453 if (header->version.IsKnown() && !header->version.HasHeaderProtection()) {
2454 header->packet_number_length =
2455 GetLongHeaderPacketNumberLength(header->type_byte);
2456 }
2457
2458 return true;
2459 }
2460
2461 if (!ProcessIetfHeaderTypeByte(reader, header)) {
2462 return false;
2463 }
2464
2465 uint8_t destination_connection_id_length =
2466 header->destination_connection_id_included == CONNECTION_ID_PRESENT
2467 ? (perspective_ == Perspective::IS_SERVER
2468 ? expected_server_connection_id_length_
2469 : expected_client_connection_id_length_)
2470 : 0;
2471 uint8_t source_connection_id_length =
2472 header->source_connection_id_included == CONNECTION_ID_PRESENT
2473 ? (perspective_ == Perspective::IS_CLIENT
2474 ? expected_server_connection_id_length_
2475 : expected_client_connection_id_length_)
2476 : 0;
2477 if (header->form == IETF_QUIC_LONG_HEADER_PACKET) {
2478 if (!ProcessAndValidateIetfConnectionIdLength(
2479 reader, header->version, perspective_,
2480 /*should_update_expected_server_connection_id_length=*/false,
2481 &expected_server_connection_id_length_,
2482 &destination_connection_id_length, &source_connection_id_length,
2483 &detailed_error_)) {
2484 return false;
2485 }
2486 }
2487
2488 // Read connection ID.
2489 if (!reader->ReadConnectionId(&header->destination_connection_id,
2490 destination_connection_id_length)) {
2491 set_detailed_error("Unable to read destination connection ID.");
2492 return false;
2493 }
2494
2495 if (!reader->ReadConnectionId(&header->source_connection_id,
2496 source_connection_id_length)) {
2497 set_detailed_error("Unable to read source connection ID.");
2498 return false;
2499 }
2500
2501 if (header->source_connection_id_included == CONNECTION_ID_ABSENT) {
2502 if (!header->source_connection_id.IsEmpty()) {
2503 QUICHE_DCHECK(!version_.SupportsClientConnectionIds());
2504 set_detailed_error("Client connection ID not supported in this version.");
2505 return false;
2506 }
2507 }
2508
2509 return ValidateReceivedConnectionIds(*header);
2510 }
2511
ProcessAndCalculatePacketNumber(QuicDataReader * reader,QuicPacketNumberLength packet_number_length,QuicPacketNumber base_packet_number,uint64_t * packet_number)2512 bool QuicFramer::ProcessAndCalculatePacketNumber(
2513 QuicDataReader* reader, QuicPacketNumberLength packet_number_length,
2514 QuicPacketNumber base_packet_number, uint64_t* packet_number) {
2515 uint64_t wire_packet_number;
2516 if (!reader->ReadBytesToUInt64(packet_number_length, &wire_packet_number)) {
2517 return false;
2518 }
2519
2520 // TODO(ianswett): Explore the usefulness of trying multiple packet numbers
2521 // in case the first guess is incorrect.
2522 *packet_number = CalculatePacketNumberFromWire(
2523 packet_number_length, base_packet_number, wire_packet_number);
2524 return true;
2525 }
2526
ProcessFrameData(QuicDataReader * reader,const QuicPacketHeader & header)2527 bool QuicFramer::ProcessFrameData(QuicDataReader* reader,
2528 const QuicPacketHeader& header) {
2529 QUICHE_DCHECK(!VersionHasIetfQuicFrames(version_.transport_version))
2530 << "IETF QUIC Framing negotiated but attempting to process frames as "
2531 "non-IETF QUIC.";
2532 if (reader->IsDoneReading()) {
2533 set_detailed_error("Packet has no frames.");
2534 return RaiseError(QUIC_MISSING_PAYLOAD);
2535 }
2536 QUIC_DVLOG(2) << ENDPOINT << "Processing packet with header " << header;
2537 while (!reader->IsDoneReading()) {
2538 uint8_t frame_type;
2539 if (!reader->ReadBytes(&frame_type, 1)) {
2540 set_detailed_error("Unable to read frame type.");
2541 return RaiseError(QUIC_INVALID_FRAME_DATA);
2542 }
2543 if (frame_type & kQuicFrameTypeSpecialMask) {
2544 // Stream Frame
2545 if (frame_type & kQuicFrameTypeStreamMask) {
2546 QuicStreamFrame frame;
2547 if (!ProcessStreamFrame(reader, frame_type, &frame)) {
2548 return RaiseError(QUIC_INVALID_STREAM_DATA);
2549 }
2550 QUIC_DVLOG(2) << ENDPOINT << "Processing stream frame " << frame;
2551 if (!visitor_->OnStreamFrame(frame)) {
2552 QUIC_DVLOG(1) << ENDPOINT
2553 << "Visitor asked to stop further processing.";
2554 // Returning true since there was no parsing error.
2555 return true;
2556 }
2557 continue;
2558 }
2559
2560 // Ack Frame
2561 if (frame_type & kQuicFrameTypeAckMask) {
2562 if (!ProcessAckFrame(reader, frame_type)) {
2563 return RaiseError(QUIC_INVALID_ACK_DATA);
2564 }
2565 QUIC_DVLOG(2) << ENDPOINT << "Processing ACK frame";
2566 continue;
2567 }
2568
2569 // This was a special frame type that did not match any
2570 // of the known ones. Error.
2571 set_detailed_error("Illegal frame type.");
2572 QUIC_DLOG(WARNING) << ENDPOINT << "Illegal frame type: "
2573 << static_cast<int>(frame_type);
2574 return RaiseError(QUIC_INVALID_FRAME_DATA);
2575 }
2576
2577 switch (frame_type) {
2578 case PADDING_FRAME: {
2579 QuicPaddingFrame frame;
2580 ProcessPaddingFrame(reader, &frame);
2581 QUIC_DVLOG(2) << ENDPOINT << "Processing padding frame " << frame;
2582 if (!visitor_->OnPaddingFrame(frame)) {
2583 QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
2584 // Returning true since there was no parsing error.
2585 return true;
2586 }
2587 continue;
2588 }
2589
2590 case RST_STREAM_FRAME: {
2591 QuicRstStreamFrame frame;
2592 if (!ProcessRstStreamFrame(reader, &frame)) {
2593 return RaiseError(QUIC_INVALID_RST_STREAM_DATA);
2594 }
2595 QUIC_DVLOG(2) << ENDPOINT << "Processing reset stream frame " << frame;
2596 if (!visitor_->OnRstStreamFrame(frame)) {
2597 QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
2598 // Returning true since there was no parsing error.
2599 return true;
2600 }
2601 continue;
2602 }
2603
2604 case CONNECTION_CLOSE_FRAME: {
2605 QuicConnectionCloseFrame frame;
2606 if (!ProcessConnectionCloseFrame(reader, &frame)) {
2607 return RaiseError(QUIC_INVALID_CONNECTION_CLOSE_DATA);
2608 }
2609
2610 QUIC_DVLOG(2) << ENDPOINT << "Processing connection close frame "
2611 << frame;
2612 if (!visitor_->OnConnectionCloseFrame(frame)) {
2613 QUIC_DVLOG(1) << ENDPOINT
2614 << "Visitor asked to stop further processing.";
2615 // Returning true since there was no parsing error.
2616 return true;
2617 }
2618 continue;
2619 }
2620
2621 case GOAWAY_FRAME: {
2622 QuicGoAwayFrame goaway_frame;
2623 if (!ProcessGoAwayFrame(reader, &goaway_frame)) {
2624 return RaiseError(QUIC_INVALID_GOAWAY_DATA);
2625 }
2626 QUIC_DVLOG(2) << ENDPOINT << "Processing go away frame "
2627 << goaway_frame;
2628 if (!visitor_->OnGoAwayFrame(goaway_frame)) {
2629 QUIC_DVLOG(1) << ENDPOINT
2630 << "Visitor asked to stop further processing.";
2631 // Returning true since there was no parsing error.
2632 return true;
2633 }
2634 continue;
2635 }
2636
2637 case WINDOW_UPDATE_FRAME: {
2638 QuicWindowUpdateFrame window_update_frame;
2639 if (!ProcessWindowUpdateFrame(reader, &window_update_frame)) {
2640 return RaiseError(QUIC_INVALID_WINDOW_UPDATE_DATA);
2641 }
2642 QUIC_DVLOG(2) << ENDPOINT << "Processing window update frame "
2643 << window_update_frame;
2644 if (!visitor_->OnWindowUpdateFrame(window_update_frame)) {
2645 QUIC_DVLOG(1) << ENDPOINT
2646 << "Visitor asked to stop further processing.";
2647 // Returning true since there was no parsing error.
2648 return true;
2649 }
2650 continue;
2651 }
2652
2653 case BLOCKED_FRAME: {
2654 QuicBlockedFrame blocked_frame;
2655 if (!ProcessBlockedFrame(reader, &blocked_frame)) {
2656 return RaiseError(QUIC_INVALID_BLOCKED_DATA);
2657 }
2658 QUIC_DVLOG(2) << ENDPOINT << "Processing blocked frame "
2659 << blocked_frame;
2660 if (!visitor_->OnBlockedFrame(blocked_frame)) {
2661 QUIC_DVLOG(1) << ENDPOINT
2662 << "Visitor asked to stop further processing.";
2663 // Returning true since there was no parsing error.
2664 return true;
2665 }
2666 continue;
2667 }
2668
2669 case STOP_WAITING_FRAME: {
2670 QuicStopWaitingFrame stop_waiting_frame;
2671 if (!ProcessStopWaitingFrame(reader, header, &stop_waiting_frame)) {
2672 return RaiseError(QUIC_INVALID_STOP_WAITING_DATA);
2673 }
2674 QUIC_DVLOG(2) << ENDPOINT << "Processing stop waiting frame "
2675 << stop_waiting_frame;
2676 if (!visitor_->OnStopWaitingFrame(stop_waiting_frame)) {
2677 QUIC_DVLOG(1) << ENDPOINT
2678 << "Visitor asked to stop further processing.";
2679 // Returning true since there was no parsing error.
2680 return true;
2681 }
2682 continue;
2683 }
2684 case PING_FRAME: {
2685 // Ping has no payload.
2686 QuicPingFrame ping_frame;
2687 if (!visitor_->OnPingFrame(ping_frame)) {
2688 QUIC_DVLOG(1) << ENDPOINT
2689 << "Visitor asked to stop further processing.";
2690 // Returning true since there was no parsing error.
2691 return true;
2692 }
2693 QUIC_DVLOG(2) << ENDPOINT << "Processing ping frame " << ping_frame;
2694 continue;
2695 }
2696 case IETF_EXTENSION_MESSAGE_NO_LENGTH:
2697 ABSL_FALLTHROUGH_INTENDED;
2698 case IETF_EXTENSION_MESSAGE: {
2699 QUIC_CODE_COUNT(quic_legacy_message_frame_codepoint_read);
2700 QuicMessageFrame message_frame;
2701 if (!ProcessMessageFrame(reader,
2702 frame_type == IETF_EXTENSION_MESSAGE_NO_LENGTH,
2703 &message_frame)) {
2704 return RaiseError(QUIC_INVALID_MESSAGE_DATA);
2705 }
2706 QUIC_DVLOG(2) << ENDPOINT << "Processing message frame "
2707 << message_frame;
2708 if (!visitor_->OnMessageFrame(message_frame)) {
2709 QUIC_DVLOG(1) << ENDPOINT
2710 << "Visitor asked to stop further processing.";
2711 // Returning true since there was no parsing error.
2712 return true;
2713 }
2714 break;
2715 }
2716 case CRYPTO_FRAME: {
2717 if (!QuicVersionUsesCryptoFrames(version_.transport_version)) {
2718 set_detailed_error("Illegal frame type.");
2719 return RaiseError(QUIC_INVALID_FRAME_DATA);
2720 }
2721 QuicCryptoFrame frame;
2722 if (!ProcessCryptoFrame(reader, GetEncryptionLevel(header), &frame)) {
2723 return RaiseError(QUIC_INVALID_FRAME_DATA);
2724 }
2725 QUIC_DVLOG(2) << ENDPOINT << "Processing crypto frame " << frame;
2726 if (!visitor_->OnCryptoFrame(frame)) {
2727 QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
2728 // Returning true since there was no parsing error.
2729 return true;
2730 }
2731 break;
2732 }
2733 case HANDSHAKE_DONE_FRAME: {
2734 // HANDSHAKE_DONE has no payload.
2735 QuicHandshakeDoneFrame handshake_done_frame;
2736 QUIC_DVLOG(2) << ENDPOINT << "Processing handshake done frame "
2737 << handshake_done_frame;
2738 if (!visitor_->OnHandshakeDoneFrame(handshake_done_frame)) {
2739 QUIC_DVLOG(1) << ENDPOINT
2740 << "Visitor asked to stop further processing.";
2741 // Returning true since there was no parsing error.
2742 return true;
2743 }
2744 break;
2745 }
2746
2747 default:
2748 set_detailed_error("Illegal frame type.");
2749 QUIC_DLOG(WARNING) << ENDPOINT << "Illegal frame type: "
2750 << static_cast<int>(frame_type);
2751 return RaiseError(QUIC_INVALID_FRAME_DATA);
2752 }
2753 }
2754
2755 return true;
2756 }
2757
2758 // static
IsIetfFrameTypeExpectedForEncryptionLevel(uint64_t frame_type,EncryptionLevel level)2759 bool QuicFramer::IsIetfFrameTypeExpectedForEncryptionLevel(
2760 uint64_t frame_type, EncryptionLevel level) {
2761 // IETF_CRYPTO is allowed for any level here and is separately checked in
2762 // QuicCryptoStream::OnCryptoFrame.
2763 switch (level) {
2764 case ENCRYPTION_INITIAL:
2765 case ENCRYPTION_HANDSHAKE:
2766 return frame_type == IETF_CRYPTO || frame_type == IETF_ACK ||
2767 frame_type == IETF_ACK_ECN ||
2768 frame_type == IETF_ACK_RECEIVE_TIMESTAMPS ||
2769 frame_type == IETF_PING || frame_type == IETF_PADDING ||
2770 frame_type == IETF_CONNECTION_CLOSE;
2771 case ENCRYPTION_ZERO_RTT:
2772 return !(frame_type == IETF_ACK || frame_type == IETF_ACK_ECN ||
2773 frame_type == IETF_ACK_RECEIVE_TIMESTAMPS ||
2774 frame_type == IETF_HANDSHAKE_DONE ||
2775 frame_type == IETF_NEW_TOKEN ||
2776 frame_type == IETF_PATH_RESPONSE ||
2777 frame_type == IETF_RETIRE_CONNECTION_ID);
2778 case ENCRYPTION_FORWARD_SECURE:
2779 return true;
2780 default:
2781 QUIC_BUG(quic_bug_10850_57) << "Unknown encryption level: " << level;
2782 }
2783 return false;
2784 }
2785
ProcessIetfFrameData(QuicDataReader * reader,const QuicPacketHeader & header,EncryptionLevel decrypted_level)2786 bool QuicFramer::ProcessIetfFrameData(QuicDataReader* reader,
2787 const QuicPacketHeader& header,
2788 EncryptionLevel decrypted_level) {
2789 QUICHE_DCHECK(VersionHasIetfQuicFrames(version_.transport_version))
2790 << "Attempt to process frames as IETF frames but version ("
2791 << version_.transport_version << ") does not support IETF Framing.";
2792
2793 if (reader->IsDoneReading()) {
2794 set_detailed_error("Packet has no frames.");
2795 return RaiseError(QUIC_MISSING_PAYLOAD);
2796 }
2797
2798 QUIC_DVLOG(2) << ENDPOINT << "Processing IETF packet with header " << header;
2799 auto* connection_context = QuicConnectionContext::Current();
2800 while (!reader->IsDoneReading()) {
2801 if (connection_context != nullptr) {
2802 connection_context->process_packet_context.current_frame_offset =
2803 connection_context->process_packet_context.decrypted_payload.size() -
2804 reader->BytesRemaining();
2805 }
2806 uint64_t frame_type;
2807 // Will be the number of bytes into which frame_type was encoded.
2808 size_t encoded_bytes = reader->BytesRemaining();
2809 if (!reader->ReadVarInt62(&frame_type)) {
2810 set_detailed_error("Unable to read frame type.");
2811 return RaiseError(QUIC_INVALID_FRAME_DATA);
2812 }
2813 if (!IsIetfFrameTypeExpectedForEncryptionLevel(frame_type,
2814 decrypted_level)) {
2815 set_detailed_error(absl::StrCat(
2816 "IETF frame type ",
2817 QuicIetfFrameTypeString(static_cast<QuicIetfFrameType>(frame_type)),
2818 " is unexpected at encryption level ",
2819 EncryptionLevelToString(decrypted_level)));
2820 return RaiseError(IETF_QUIC_PROTOCOL_VIOLATION);
2821 }
2822 previously_received_frame_type_ = current_received_frame_type_;
2823 current_received_frame_type_ = frame_type;
2824
2825 // Is now the number of bytes into which the frame type was encoded.
2826 encoded_bytes -= reader->BytesRemaining();
2827
2828 // Check that the frame type is minimally encoded.
2829 if (encoded_bytes !=
2830 static_cast<size_t>(QuicDataWriter::GetVarInt62Len(frame_type))) {
2831 // The frame type was not minimally encoded.
2832 set_detailed_error("Frame type not minimally encoded.");
2833 return RaiseError(IETF_QUIC_PROTOCOL_VIOLATION);
2834 }
2835
2836 if (IS_IETF_STREAM_FRAME(frame_type)) {
2837 QuicStreamFrame frame;
2838 if (!ProcessIetfStreamFrame(reader, frame_type, &frame)) {
2839 return RaiseError(QUIC_INVALID_STREAM_DATA);
2840 }
2841 QUIC_DVLOG(2) << ENDPOINT << "Processing IETF stream frame " << frame;
2842 if (!visitor_->OnStreamFrame(frame)) {
2843 QUIC_DVLOG(1) << ENDPOINT
2844 << "Visitor asked to stop further processing.";
2845 // Returning true since there was no parsing error.
2846 return true;
2847 }
2848 } else {
2849 switch (frame_type) {
2850 case IETF_PADDING: {
2851 QuicPaddingFrame frame;
2852 ProcessPaddingFrame(reader, &frame);
2853 QUIC_DVLOG(2) << ENDPOINT << "Processing IETF padding frame "
2854 << frame;
2855 if (!visitor_->OnPaddingFrame(frame)) {
2856 QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
2857 // Returning true since there was no parsing error.
2858 return true;
2859 }
2860 break;
2861 }
2862 case IETF_RST_STREAM: {
2863 QuicRstStreamFrame frame;
2864 if (!ProcessIetfResetStreamFrame(reader, &frame)) {
2865 return RaiseError(QUIC_INVALID_RST_STREAM_DATA);
2866 }
2867 QUIC_DVLOG(2) << ENDPOINT << "Processing IETF reset stream frame "
2868 << frame;
2869 if (!visitor_->OnRstStreamFrame(frame)) {
2870 QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
2871 // Returning true since there was no parsing error.
2872 return true;
2873 }
2874 break;
2875 }
2876 case IETF_APPLICATION_CLOSE:
2877 case IETF_CONNECTION_CLOSE: {
2878 QuicConnectionCloseFrame frame;
2879 if (!ProcessIetfConnectionCloseFrame(
2880 reader,
2881 (frame_type == IETF_CONNECTION_CLOSE)
2882 ? IETF_QUIC_TRANSPORT_CONNECTION_CLOSE
2883 : IETF_QUIC_APPLICATION_CONNECTION_CLOSE,
2884 &frame)) {
2885 return RaiseError(QUIC_INVALID_CONNECTION_CLOSE_DATA);
2886 }
2887 QUIC_DVLOG(2) << ENDPOINT << "Processing IETF connection close frame "
2888 << frame;
2889 if (!visitor_->OnConnectionCloseFrame(frame)) {
2890 QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
2891 // Returning true since there was no parsing error.
2892 return true;
2893 }
2894 break;
2895 }
2896 case IETF_MAX_DATA: {
2897 QuicWindowUpdateFrame frame;
2898 if (!ProcessMaxDataFrame(reader, &frame)) {
2899 return RaiseError(QUIC_INVALID_MAX_DATA_FRAME_DATA);
2900 }
2901 QUIC_DVLOG(2) << ENDPOINT << "Processing IETF max data frame "
2902 << frame;
2903 if (!visitor_->OnWindowUpdateFrame(frame)) {
2904 QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
2905 // Returning true since there was no parsing error.
2906 return true;
2907 }
2908 break;
2909 }
2910 case IETF_MAX_STREAM_DATA: {
2911 QuicWindowUpdateFrame frame;
2912 if (!ProcessMaxStreamDataFrame(reader, &frame)) {
2913 return RaiseError(QUIC_INVALID_MAX_STREAM_DATA_FRAME_DATA);
2914 }
2915 QUIC_DVLOG(2) << ENDPOINT << "Processing IETF max stream data frame "
2916 << frame;
2917 if (!visitor_->OnWindowUpdateFrame(frame)) {
2918 QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
2919 // Returning true since there was no parsing error.
2920 return true;
2921 }
2922 break;
2923 }
2924 case IETF_MAX_STREAMS_BIDIRECTIONAL:
2925 case IETF_MAX_STREAMS_UNIDIRECTIONAL: {
2926 QuicMaxStreamsFrame frame;
2927 if (!ProcessMaxStreamsFrame(reader, &frame, frame_type)) {
2928 return RaiseError(QUIC_MAX_STREAMS_DATA);
2929 }
2930 QUIC_CODE_COUNT_N(quic_max_streams_received, 1, 2);
2931 QUIC_DVLOG(2) << ENDPOINT << "Processing IETF max streams frame "
2932 << frame;
2933 if (!visitor_->OnMaxStreamsFrame(frame)) {
2934 QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
2935 // Returning true since there was no parsing error.
2936 return true;
2937 }
2938 break;
2939 }
2940 case IETF_PING: {
2941 // Ping has no payload.
2942 QuicPingFrame ping_frame;
2943 QUIC_DVLOG(2) << ENDPOINT << "Processing IETF ping frame "
2944 << ping_frame;
2945 if (!visitor_->OnPingFrame(ping_frame)) {
2946 QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
2947 // Returning true since there was no parsing error.
2948 return true;
2949 }
2950 break;
2951 }
2952 case IETF_DATA_BLOCKED: {
2953 QuicBlockedFrame frame;
2954 if (!ProcessDataBlockedFrame(reader, &frame)) {
2955 return RaiseError(QUIC_INVALID_BLOCKED_DATA);
2956 }
2957 QUIC_DVLOG(2) << ENDPOINT << "Processing IETF blocked frame "
2958 << frame;
2959 if (!visitor_->OnBlockedFrame(frame)) {
2960 QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
2961 // Returning true since there was no parsing error.
2962 return true;
2963 }
2964 break;
2965 }
2966 case IETF_STREAM_DATA_BLOCKED: {
2967 QuicBlockedFrame frame;
2968 if (!ProcessStreamDataBlockedFrame(reader, &frame)) {
2969 return RaiseError(QUIC_INVALID_STREAM_BLOCKED_DATA);
2970 }
2971 QUIC_DVLOG(2) << ENDPOINT << "Processing IETF stream blocked frame "
2972 << frame;
2973 if (!visitor_->OnBlockedFrame(frame)) {
2974 QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
2975 // Returning true since there was no parsing error.
2976 return true;
2977 }
2978 break;
2979 }
2980 case IETF_STREAMS_BLOCKED_UNIDIRECTIONAL:
2981 case IETF_STREAMS_BLOCKED_BIDIRECTIONAL: {
2982 QuicStreamsBlockedFrame frame;
2983 if (!ProcessStreamsBlockedFrame(reader, &frame, frame_type)) {
2984 return RaiseError(QUIC_STREAMS_BLOCKED_DATA);
2985 }
2986 QUIC_DVLOG(2) << ENDPOINT << "Processing IETF streams blocked frame "
2987 << frame;
2988 if (!visitor_->OnStreamsBlockedFrame(frame)) {
2989 QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
2990 // Returning true since there was no parsing error.
2991 return true;
2992 }
2993 break;
2994 }
2995 case IETF_NEW_CONNECTION_ID: {
2996 QuicNewConnectionIdFrame frame;
2997 if (!ProcessNewConnectionIdFrame(reader, &frame)) {
2998 return RaiseError(QUIC_INVALID_NEW_CONNECTION_ID_DATA);
2999 }
3000 QUIC_DVLOG(2) << ENDPOINT
3001 << "Processing IETF new connection ID frame " << frame;
3002 if (!visitor_->OnNewConnectionIdFrame(frame)) {
3003 QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
3004 // Returning true since there was no parsing error.
3005 return true;
3006 }
3007 break;
3008 }
3009 case IETF_RETIRE_CONNECTION_ID: {
3010 QuicRetireConnectionIdFrame frame;
3011 if (!ProcessRetireConnectionIdFrame(reader, &frame)) {
3012 return RaiseError(QUIC_INVALID_RETIRE_CONNECTION_ID_DATA);
3013 }
3014 QUIC_DVLOG(2) << ENDPOINT
3015 << "Processing IETF retire connection ID frame "
3016 << frame;
3017 if (!visitor_->OnRetireConnectionIdFrame(frame)) {
3018 QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
3019 // Returning true since there was no parsing error.
3020 return true;
3021 }
3022 break;
3023 }
3024 case IETF_NEW_TOKEN: {
3025 QuicNewTokenFrame frame;
3026 if (!ProcessNewTokenFrame(reader, &frame)) {
3027 return RaiseError(QUIC_INVALID_NEW_TOKEN);
3028 }
3029 QUIC_DVLOG(2) << ENDPOINT << "Processing IETF new token frame "
3030 << frame;
3031 if (!visitor_->OnNewTokenFrame(frame)) {
3032 QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
3033 // Returning true since there was no parsing error.
3034 return true;
3035 }
3036 break;
3037 }
3038 case IETF_STOP_SENDING: {
3039 QuicStopSendingFrame frame;
3040 if (!ProcessStopSendingFrame(reader, &frame)) {
3041 return RaiseError(QUIC_INVALID_STOP_SENDING_FRAME_DATA);
3042 }
3043 QUIC_DVLOG(2) << ENDPOINT << "Processing IETF stop sending frame "
3044 << frame;
3045 if (!visitor_->OnStopSendingFrame(frame)) {
3046 QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
3047 // Returning true since there was no parsing error.
3048 return true;
3049 }
3050 break;
3051 }
3052 case IETF_ACK_RECEIVE_TIMESTAMPS:
3053 if (!process_timestamps_) {
3054 set_detailed_error("Unsupported frame type.");
3055 QUIC_DLOG(WARNING)
3056 << ENDPOINT << "IETF_ACK_RECEIVE_TIMESTAMPS not supported";
3057 return RaiseError(QUIC_INVALID_FRAME_DATA);
3058 }
3059 ABSL_FALLTHROUGH_INTENDED;
3060 case IETF_ACK_ECN:
3061 case IETF_ACK: {
3062 QuicAckFrame frame;
3063 if (!ProcessIetfAckFrame(reader, frame_type, &frame)) {
3064 return RaiseError(QUIC_INVALID_ACK_DATA);
3065 }
3066 QUIC_DVLOG(2) << ENDPOINT << "Processing IETF ACK frame " << frame;
3067 break;
3068 }
3069 case IETF_PATH_CHALLENGE: {
3070 QuicPathChallengeFrame frame;
3071 if (!ProcessPathChallengeFrame(reader, &frame)) {
3072 return RaiseError(QUIC_INVALID_PATH_CHALLENGE_DATA);
3073 }
3074 QUIC_DVLOG(2) << ENDPOINT << "Processing IETF path challenge frame "
3075 << frame;
3076 if (!visitor_->OnPathChallengeFrame(frame)) {
3077 QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
3078 // Returning true since there was no parsing error.
3079 return true;
3080 }
3081 break;
3082 }
3083 case IETF_PATH_RESPONSE: {
3084 QuicPathResponseFrame frame;
3085 if (!ProcessPathResponseFrame(reader, &frame)) {
3086 return RaiseError(QUIC_INVALID_PATH_RESPONSE_DATA);
3087 }
3088 QUIC_DVLOG(2) << ENDPOINT << "Processing IETF path response frame "
3089 << frame;
3090 if (!visitor_->OnPathResponseFrame(frame)) {
3091 QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
3092 // Returning true since there was no parsing error.
3093 return true;
3094 }
3095 break;
3096 }
3097 case IETF_EXTENSION_MESSAGE_NO_LENGTH_V99:
3098 ABSL_FALLTHROUGH_INTENDED;
3099 case IETF_EXTENSION_MESSAGE_V99: {
3100 QuicMessageFrame message_frame;
3101 if (!ProcessMessageFrame(
3102 reader, frame_type == IETF_EXTENSION_MESSAGE_NO_LENGTH_V99,
3103 &message_frame)) {
3104 return RaiseError(QUIC_INVALID_MESSAGE_DATA);
3105 }
3106 QUIC_DVLOG(2) << ENDPOINT << "Processing IETF message frame "
3107 << message_frame;
3108 if (!visitor_->OnMessageFrame(message_frame)) {
3109 QUIC_DVLOG(1) << ENDPOINT
3110 << "Visitor asked to stop further processing.";
3111 // Returning true since there was no parsing error.
3112 return true;
3113 }
3114 break;
3115 }
3116 case IETF_CRYPTO: {
3117 QuicCryptoFrame frame;
3118 if (!ProcessCryptoFrame(reader, GetEncryptionLevel(header), &frame)) {
3119 return RaiseError(QUIC_INVALID_FRAME_DATA);
3120 }
3121 QUIC_DVLOG(2) << ENDPOINT << "Processing IETF crypto frame " << frame;
3122 if (!visitor_->OnCryptoFrame(frame)) {
3123 QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
3124 // Returning true since there was no parsing error.
3125 return true;
3126 }
3127 break;
3128 }
3129 case IETF_HANDSHAKE_DONE: {
3130 // HANDSHAKE_DONE has no payload.
3131 QuicHandshakeDoneFrame handshake_done_frame;
3132 if (!visitor_->OnHandshakeDoneFrame(handshake_done_frame)) {
3133 QUIC_DVLOG(1) << ENDPOINT
3134 << "Visitor asked to stop further processing.";
3135 // Returning true since there was no parsing error.
3136 return true;
3137 }
3138 QUIC_DVLOG(2) << ENDPOINT << "Processing handshake done frame "
3139 << handshake_done_frame;
3140 break;
3141 }
3142 case IETF_ACK_FREQUENCY: {
3143 QuicAckFrequencyFrame frame;
3144 if (!ProcessAckFrequencyFrame(reader, &frame)) {
3145 return RaiseError(QUIC_INVALID_FRAME_DATA);
3146 }
3147 QUIC_DVLOG(2) << ENDPOINT << "Processing IETF ack frequency frame "
3148 << frame;
3149 if (!visitor_->OnAckFrequencyFrame(frame)) {
3150 QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
3151 // Returning true since there was no parsing error.
3152 return true;
3153 }
3154 break;
3155 }
3156 case IETF_RESET_STREAM_AT: {
3157 if (!process_reset_stream_at_) {
3158 set_detailed_error("RESET_STREAM_AT not enabled.");
3159 return RaiseError(QUIC_INVALID_FRAME_DATA);
3160 }
3161 QuicResetStreamAtFrame frame;
3162 if (!ProcessResetStreamAtFrame(*reader, frame)) {
3163 return RaiseError(QUIC_INVALID_FRAME_DATA);
3164 }
3165 QUIC_DVLOG(2) << ENDPOINT << "Processing RESET_STREAM_AT frame "
3166 << frame;
3167 if (!visitor_->OnResetStreamAtFrame(frame)) {
3168 QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
3169 // Returning true since there was no parsing error.
3170 return true;
3171 }
3172 break;
3173 }
3174 default:
3175 set_detailed_error("Illegal frame type.");
3176 QUIC_DLOG(WARNING)
3177 << ENDPOINT
3178 << "Illegal frame type: " << static_cast<int>(frame_type);
3179 return RaiseError(QUIC_INVALID_FRAME_DATA);
3180 }
3181 }
3182 }
3183 return true;
3184 }
3185
3186 namespace {
3187 // Create a mask that sets the last |num_bits| to 1 and the rest to 0.
GetMaskFromNumBits(uint8_t num_bits)3188 inline uint8_t GetMaskFromNumBits(uint8_t num_bits) {
3189 return (1u << num_bits) - 1;
3190 }
3191
3192 // Extract |num_bits| from |flags| offset by |offset|.
ExtractBits(uint8_t flags,uint8_t num_bits,uint8_t offset)3193 uint8_t ExtractBits(uint8_t flags, uint8_t num_bits, uint8_t offset) {
3194 return (flags >> offset) & GetMaskFromNumBits(num_bits);
3195 }
3196
3197 // Extract the bit at position |offset| from |flags| as a bool.
ExtractBit(uint8_t flags,uint8_t offset)3198 bool ExtractBit(uint8_t flags, uint8_t offset) {
3199 return ((flags >> offset) & GetMaskFromNumBits(1)) != 0;
3200 }
3201
3202 // Set |num_bits|, offset by |offset| to |val| in |flags|.
SetBits(uint8_t * flags,uint8_t val,uint8_t num_bits,uint8_t offset)3203 void SetBits(uint8_t* flags, uint8_t val, uint8_t num_bits, uint8_t offset) {
3204 QUICHE_DCHECK_LE(val, GetMaskFromNumBits(num_bits));
3205 *flags |= val << offset;
3206 }
3207
3208 // Set the bit at position |offset| to |val| in |flags|.
SetBit(uint8_t * flags,bool val,uint8_t offset)3209 void SetBit(uint8_t* flags, bool val, uint8_t offset) {
3210 SetBits(flags, val ? 1 : 0, 1, offset);
3211 }
3212 } // namespace
3213
ProcessStreamFrame(QuicDataReader * reader,uint8_t frame_type,QuicStreamFrame * frame)3214 bool QuicFramer::ProcessStreamFrame(QuicDataReader* reader, uint8_t frame_type,
3215 QuicStreamFrame* frame) {
3216 uint8_t stream_flags = frame_type;
3217
3218 uint8_t stream_id_length = 0;
3219 uint8_t offset_length = 4;
3220 bool has_data_length = true;
3221 stream_flags &= ~kQuicFrameTypeStreamMask;
3222
3223 // Read from right to left: StreamID, Offset, Data Length, Fin.
3224 stream_id_length = (stream_flags & kQuicStreamIDLengthMask) + 1;
3225 stream_flags >>= kQuicStreamIdShift;
3226
3227 offset_length = (stream_flags & kQuicStreamOffsetMask);
3228 // There is no encoding for 1 byte, only 0 and 2 through 8.
3229 if (offset_length > 0) {
3230 offset_length += 1;
3231 }
3232 stream_flags >>= kQuicStreamShift;
3233
3234 has_data_length =
3235 (stream_flags & kQuicStreamDataLengthMask) == kQuicStreamDataLengthMask;
3236 stream_flags >>= kQuicStreamDataLengthShift;
3237
3238 frame->fin = (stream_flags & kQuicStreamFinMask) == kQuicStreamFinShift;
3239
3240 uint64_t stream_id;
3241 if (!reader->ReadBytesToUInt64(stream_id_length, &stream_id)) {
3242 set_detailed_error("Unable to read stream_id.");
3243 return false;
3244 }
3245 frame->stream_id = static_cast<QuicStreamId>(stream_id);
3246
3247 if (!reader->ReadBytesToUInt64(offset_length, &frame->offset)) {
3248 set_detailed_error("Unable to read offset.");
3249 return false;
3250 }
3251
3252 // TODO(ianswett): Don't use absl::string_view as an intermediary.
3253 absl::string_view data;
3254 if (has_data_length) {
3255 if (!reader->ReadStringPiece16(&data)) {
3256 set_detailed_error("Unable to read frame data.");
3257 return false;
3258 }
3259 } else {
3260 if (!reader->ReadStringPiece(&data, reader->BytesRemaining())) {
3261 set_detailed_error("Unable to read frame data.");
3262 return false;
3263 }
3264 }
3265 frame->data_buffer = data.data();
3266 frame->data_length = static_cast<uint16_t>(data.length());
3267
3268 return true;
3269 }
3270
ProcessIetfStreamFrame(QuicDataReader * reader,uint8_t frame_type,QuicStreamFrame * frame)3271 bool QuicFramer::ProcessIetfStreamFrame(QuicDataReader* reader,
3272 uint8_t frame_type,
3273 QuicStreamFrame* frame) {
3274 // Read stream id from the frame. It's always present.
3275 if (!ReadUint32FromVarint62(reader, IETF_STREAM, &frame->stream_id)) {
3276 return false;
3277 }
3278
3279 // If we have a data offset, read it. If not, set to 0.
3280 if (frame_type & IETF_STREAM_FRAME_OFF_BIT) {
3281 if (!reader->ReadVarInt62(&frame->offset)) {
3282 set_detailed_error("Unable to read stream data offset.");
3283 return false;
3284 }
3285 } else {
3286 // no offset in the frame, ensure it's 0 in the Frame.
3287 frame->offset = 0;
3288 }
3289
3290 // If we have a data length, read it. If not, set to 0.
3291 if (frame_type & IETF_STREAM_FRAME_LEN_BIT) {
3292 uint64_t length;
3293 if (!reader->ReadVarInt62(&length)) {
3294 set_detailed_error("Unable to read stream data length.");
3295 return false;
3296 }
3297 if (length > std::numeric_limits<decltype(frame->data_length)>::max()) {
3298 set_detailed_error("Stream data length is too large.");
3299 return false;
3300 }
3301 frame->data_length = length;
3302 } else {
3303 // no length in the frame, it is the number of bytes remaining in the
3304 // packet.
3305 frame->data_length = reader->BytesRemaining();
3306 }
3307
3308 if (frame_type & IETF_STREAM_FRAME_FIN_BIT) {
3309 frame->fin = true;
3310 } else {
3311 frame->fin = false;
3312 }
3313
3314 // TODO(ianswett): Don't use absl::string_view as an intermediary.
3315 absl::string_view data;
3316 if (!reader->ReadStringPiece(&data, frame->data_length)) {
3317 set_detailed_error("Unable to read frame data.");
3318 return false;
3319 }
3320 frame->data_buffer = data.data();
3321 QUICHE_DCHECK_EQ(frame->data_length, data.length());
3322
3323 return true;
3324 }
3325
ProcessCryptoFrame(QuicDataReader * reader,EncryptionLevel encryption_level,QuicCryptoFrame * frame)3326 bool QuicFramer::ProcessCryptoFrame(QuicDataReader* reader,
3327 EncryptionLevel encryption_level,
3328 QuicCryptoFrame* frame) {
3329 frame->level = encryption_level;
3330 if (!reader->ReadVarInt62(&frame->offset)) {
3331 set_detailed_error("Unable to read crypto data offset.");
3332 return false;
3333 }
3334 uint64_t len;
3335 if (!reader->ReadVarInt62(&len) ||
3336 len > std::numeric_limits<QuicPacketLength>::max()) {
3337 set_detailed_error("Invalid data length.");
3338 return false;
3339 }
3340 frame->data_length = len;
3341
3342 // TODO(ianswett): Don't use absl::string_view as an intermediary.
3343 absl::string_view data;
3344 if (!reader->ReadStringPiece(&data, frame->data_length)) {
3345 set_detailed_error("Unable to read frame data.");
3346 return false;
3347 }
3348 frame->data_buffer = data.data();
3349 return true;
3350 }
3351
ProcessAckFrequencyFrame(QuicDataReader * reader,QuicAckFrequencyFrame * frame)3352 bool QuicFramer::ProcessAckFrequencyFrame(QuicDataReader* reader,
3353 QuicAckFrequencyFrame* frame) {
3354 if (!reader->ReadVarInt62(&frame->sequence_number)) {
3355 set_detailed_error("Unable to read sequence number.");
3356 return false;
3357 }
3358
3359 if (!reader->ReadVarInt62(&frame->packet_tolerance)) {
3360 set_detailed_error("Unable to read packet tolerance.");
3361 return false;
3362 }
3363 if (frame->packet_tolerance == 0) {
3364 set_detailed_error("Invalid packet tolerance.");
3365 return false;
3366 }
3367 uint64_t max_ack_delay_us;
3368 if (!reader->ReadVarInt62(&max_ack_delay_us)) {
3369 set_detailed_error("Unable to read max_ack_delay_us.");
3370 return false;
3371 }
3372 constexpr uint64_t kMaxAckDelayUsBound = 1u << 24;
3373 if (max_ack_delay_us > kMaxAckDelayUsBound) {
3374 set_detailed_error("Invalid max_ack_delay_us.");
3375 return false;
3376 }
3377 frame->max_ack_delay = QuicTime::Delta::FromMicroseconds(max_ack_delay_us);
3378
3379 uint8_t ignore_order;
3380 if (!reader->ReadUInt8(&ignore_order)) {
3381 set_detailed_error("Unable to read ignore_order.");
3382 return false;
3383 }
3384 if (ignore_order > 1) {
3385 set_detailed_error("Invalid ignore_order.");
3386 return false;
3387 }
3388 frame->ignore_order = ignore_order;
3389
3390 return true;
3391 }
3392
ProcessResetStreamAtFrame(QuicDataReader & reader,QuicResetStreamAtFrame & frame)3393 bool QuicFramer::ProcessResetStreamAtFrame(QuicDataReader& reader,
3394 QuicResetStreamAtFrame& frame) {
3395 if (!ReadUint32FromVarint62(&reader, IETF_RESET_STREAM_AT,
3396 &frame.stream_id)) {
3397 return false;
3398 }
3399 if (!reader.ReadVarInt62(&frame.error)) {
3400 set_detailed_error("Failed to read the error code.");
3401 return false;
3402 }
3403 if (!reader.ReadVarInt62(&frame.final_offset)) {
3404 set_detailed_error("Failed to read the final offset.");
3405 return false;
3406 }
3407 if (!reader.ReadVarInt62(&frame.reliable_offset)) {
3408 set_detailed_error("Failed to read the reliable offset.");
3409 return false;
3410 }
3411 if (frame.reliable_offset > frame.final_offset) {
3412 set_detailed_error("reliable_offset > final_offset");
3413 return false;
3414 }
3415 return true;
3416 }
3417
ProcessAckFrame(QuicDataReader * reader,uint8_t frame_type)3418 bool QuicFramer::ProcessAckFrame(QuicDataReader* reader, uint8_t frame_type) {
3419 const bool has_ack_blocks =
3420 ExtractBit(frame_type, kQuicHasMultipleAckBlocksOffset);
3421 uint8_t num_ack_blocks = 0;
3422 uint8_t num_received_packets = 0;
3423
3424 // Determine the two lengths from the frame type: largest acked length,
3425 // ack block length.
3426 const QuicPacketNumberLength ack_block_length =
3427 ReadAckPacketNumberLength(ExtractBits(
3428 frame_type, kQuicSequenceNumberLengthNumBits, kActBlockLengthOffset));
3429 const QuicPacketNumberLength largest_acked_length =
3430 ReadAckPacketNumberLength(ExtractBits(
3431 frame_type, kQuicSequenceNumberLengthNumBits, kLargestAckedOffset));
3432
3433 uint64_t largest_acked;
3434 if (!reader->ReadBytesToUInt64(largest_acked_length, &largest_acked)) {
3435 set_detailed_error("Unable to read largest acked.");
3436 return false;
3437 }
3438
3439 if (largest_acked < first_sending_packet_number_.ToUint64()) {
3440 // Connection always sends packet starting from kFirstSendingPacketNumber >
3441 // 0, peer has observed an unsent packet.
3442 set_detailed_error("Largest acked is 0.");
3443 return false;
3444 }
3445
3446 uint64_t ack_delay_time_us;
3447 if (!reader->ReadUFloat16(&ack_delay_time_us)) {
3448 set_detailed_error("Unable to read ack delay time.");
3449 return false;
3450 }
3451
3452 if (!visitor_->OnAckFrameStart(
3453 QuicPacketNumber(largest_acked),
3454 ack_delay_time_us == kUFloat16MaxValue
3455 ? QuicTime::Delta::Infinite()
3456 : QuicTime::Delta::FromMicroseconds(ack_delay_time_us))) {
3457 // The visitor suppresses further processing of the packet. Although this is
3458 // not a parsing error, returns false as this is in middle of processing an
3459 // ack frame,
3460 set_detailed_error("Visitor suppresses further processing of ack frame.");
3461 return false;
3462 }
3463
3464 if (has_ack_blocks && !reader->ReadUInt8(&num_ack_blocks)) {
3465 set_detailed_error("Unable to read num of ack blocks.");
3466 return false;
3467 }
3468
3469 uint64_t first_block_length;
3470 if (!reader->ReadBytesToUInt64(ack_block_length, &first_block_length)) {
3471 set_detailed_error("Unable to read first ack block length.");
3472 return false;
3473 }
3474
3475 if (first_block_length == 0) {
3476 set_detailed_error("First block length is zero.");
3477 return false;
3478 }
3479 bool first_ack_block_underflow = first_block_length > largest_acked + 1;
3480 if (first_block_length + first_sending_packet_number_.ToUint64() >
3481 largest_acked + 1) {
3482 first_ack_block_underflow = true;
3483 }
3484 if (first_ack_block_underflow) {
3485 set_detailed_error(absl::StrCat("Underflow with first ack block length ",
3486 first_block_length, " largest acked is ",
3487 largest_acked, ".")
3488 .c_str());
3489 return false;
3490 }
3491
3492 uint64_t first_received = largest_acked + 1 - first_block_length;
3493 if (!visitor_->OnAckRange(QuicPacketNumber(first_received),
3494 QuicPacketNumber(largest_acked + 1))) {
3495 // The visitor suppresses further processing of the packet. Although
3496 // this is not a parsing error, returns false as this is in middle
3497 // of processing an ack frame,
3498 set_detailed_error("Visitor suppresses further processing of ack frame.");
3499 return false;
3500 }
3501
3502 if (num_ack_blocks > 0) {
3503 for (size_t i = 0; i < num_ack_blocks; ++i) {
3504 uint8_t gap = 0;
3505 if (!reader->ReadUInt8(&gap)) {
3506 set_detailed_error("Unable to read gap to next ack block.");
3507 return false;
3508 }
3509 uint64_t current_block_length;
3510 if (!reader->ReadBytesToUInt64(ack_block_length, ¤t_block_length)) {
3511 set_detailed_error("Unable to ack block length.");
3512 return false;
3513 }
3514 bool ack_block_underflow = first_received < gap + current_block_length;
3515 if (first_received < gap + current_block_length +
3516 first_sending_packet_number_.ToUint64()) {
3517 ack_block_underflow = true;
3518 }
3519 if (ack_block_underflow) {
3520 set_detailed_error(absl::StrCat("Underflow with ack block length ",
3521 current_block_length,
3522 ", end of block is ",
3523 first_received - gap, ".")
3524 .c_str());
3525 return false;
3526 }
3527
3528 first_received -= (gap + current_block_length);
3529 if (current_block_length > 0) {
3530 if (!visitor_->OnAckRange(
3531 QuicPacketNumber(first_received),
3532 QuicPacketNumber(first_received) + current_block_length)) {
3533 // The visitor suppresses further processing of the packet. Although
3534 // this is not a parsing error, returns false as this is in middle
3535 // of processing an ack frame,
3536 set_detailed_error(
3537 "Visitor suppresses further processing of ack frame.");
3538 return false;
3539 }
3540 }
3541 }
3542 }
3543
3544 if (!reader->ReadUInt8(&num_received_packets)) {
3545 set_detailed_error("Unable to read num received packets.");
3546 return false;
3547 }
3548
3549 if (!ProcessTimestampsInAckFrame(num_received_packets,
3550 QuicPacketNumber(largest_acked), reader)) {
3551 return false;
3552 }
3553
3554 // Done processing the ACK frame.
3555 std::optional<QuicEcnCounts> ecn_counts = std::nullopt;
3556 if (!visitor_->OnAckFrameEnd(QuicPacketNumber(first_received), ecn_counts)) {
3557 set_detailed_error(
3558 "Error occurs when visitor finishes processing the ACK frame.");
3559 return false;
3560 }
3561
3562 return true;
3563 }
3564
ProcessTimestampsInAckFrame(uint8_t num_received_packets,QuicPacketNumber largest_acked,QuicDataReader * reader)3565 bool QuicFramer::ProcessTimestampsInAckFrame(uint8_t num_received_packets,
3566 QuicPacketNumber largest_acked,
3567 QuicDataReader* reader) {
3568 if (num_received_packets == 0) {
3569 return true;
3570 }
3571 uint8_t delta_from_largest_observed;
3572 if (!reader->ReadUInt8(&delta_from_largest_observed)) {
3573 set_detailed_error("Unable to read sequence delta in received packets.");
3574 return false;
3575 }
3576
3577 if (largest_acked.ToUint64() <= delta_from_largest_observed) {
3578 set_detailed_error(
3579 absl::StrCat("delta_from_largest_observed too high: ",
3580 delta_from_largest_observed,
3581 ", largest_acked: ", largest_acked.ToUint64())
3582 .c_str());
3583 return false;
3584 }
3585
3586 // Time delta from the framer creation.
3587 uint32_t time_delta_us;
3588 if (!reader->ReadUInt32(&time_delta_us)) {
3589 set_detailed_error("Unable to read time delta in received packets.");
3590 return false;
3591 }
3592
3593 QuicPacketNumber seq_num = largest_acked - delta_from_largest_observed;
3594 if (process_timestamps_) {
3595 last_timestamp_ = CalculateTimestampFromWire(time_delta_us);
3596
3597 visitor_->OnAckTimestamp(seq_num, creation_time_ + last_timestamp_);
3598 }
3599
3600 for (uint8_t i = 1; i < num_received_packets; ++i) {
3601 if (!reader->ReadUInt8(&delta_from_largest_observed)) {
3602 set_detailed_error("Unable to read sequence delta in received packets.");
3603 return false;
3604 }
3605 if (largest_acked.ToUint64() <= delta_from_largest_observed) {
3606 set_detailed_error(
3607 absl::StrCat("delta_from_largest_observed too high: ",
3608 delta_from_largest_observed,
3609 ", largest_acked: ", largest_acked.ToUint64())
3610 .c_str());
3611 return false;
3612 }
3613 seq_num = largest_acked - delta_from_largest_observed;
3614
3615 // Time delta from the previous timestamp.
3616 uint64_t incremental_time_delta_us;
3617 if (!reader->ReadUFloat16(&incremental_time_delta_us)) {
3618 set_detailed_error(
3619 "Unable to read incremental time delta in received packets.");
3620 return false;
3621 }
3622
3623 if (process_timestamps_) {
3624 last_timestamp_ = last_timestamp_ + QuicTime::Delta::FromMicroseconds(
3625 incremental_time_delta_us);
3626 visitor_->OnAckTimestamp(seq_num, creation_time_ + last_timestamp_);
3627 }
3628 }
3629 return true;
3630 }
3631
ProcessIetfAckFrame(QuicDataReader * reader,uint64_t frame_type,QuicAckFrame * ack_frame)3632 bool QuicFramer::ProcessIetfAckFrame(QuicDataReader* reader,
3633 uint64_t frame_type,
3634 QuicAckFrame* ack_frame) {
3635 uint64_t largest_acked;
3636 if (!reader->ReadVarInt62(&largest_acked)) {
3637 set_detailed_error("Unable to read largest acked.");
3638 return false;
3639 }
3640 if (largest_acked < first_sending_packet_number_.ToUint64()) {
3641 // Connection always sends packet starting from kFirstSendingPacketNumber >
3642 // 0, peer has observed an unsent packet.
3643 set_detailed_error("Largest acked is 0.");
3644 return false;
3645 }
3646 ack_frame->largest_acked = static_cast<QuicPacketNumber>(largest_acked);
3647 uint64_t ack_delay_time_in_us;
3648 if (!reader->ReadVarInt62(&ack_delay_time_in_us)) {
3649 set_detailed_error("Unable to read ack delay time.");
3650 return false;
3651 }
3652
3653 if (ack_delay_time_in_us >=
3654 (quiche::kVarInt62MaxValue >> peer_ack_delay_exponent_)) {
3655 ack_frame->ack_delay_time = QuicTime::Delta::Infinite();
3656 } else {
3657 ack_delay_time_in_us = (ack_delay_time_in_us << peer_ack_delay_exponent_);
3658 ack_frame->ack_delay_time =
3659 QuicTime::Delta::FromMicroseconds(ack_delay_time_in_us);
3660 }
3661 if (!visitor_->OnAckFrameStart(QuicPacketNumber(largest_acked),
3662 ack_frame->ack_delay_time)) {
3663 // The visitor suppresses further processing of the packet. Although this is
3664 // not a parsing error, returns false as this is in middle of processing an
3665 // ACK frame.
3666 set_detailed_error("Visitor suppresses further processing of ACK frame.");
3667 return false;
3668 }
3669
3670 // Get number of ACK blocks from the packet.
3671 uint64_t ack_block_count;
3672 if (!reader->ReadVarInt62(&ack_block_count)) {
3673 set_detailed_error("Unable to read ack block count.");
3674 return false;
3675 }
3676 // There always is a first ACK block, which is the (number of packets being
3677 // acked)-1, up to and including the packet at largest_acked. Therefore if the
3678 // value is 0, then only largest is acked. If it is 1, then largest-1,
3679 // largest] are acked, etc
3680 uint64_t ack_block_value;
3681 if (!reader->ReadVarInt62(&ack_block_value)) {
3682 set_detailed_error("Unable to read first ack block length.");
3683 return false;
3684 }
3685 // Calculate the packets being acked in the first block.
3686 // +1 because AddRange implementation requires [low,high)
3687 uint64_t block_high = largest_acked + 1;
3688 uint64_t block_low = largest_acked - ack_block_value;
3689
3690 // ack_block_value is the number of packets preceding the
3691 // largest_acked packet which are in the block being acked. Thus,
3692 // its maximum value is largest_acked-1. Test this, reporting an
3693 // error if the value is wrong.
3694 if (ack_block_value + first_sending_packet_number_.ToUint64() >
3695 largest_acked) {
3696 set_detailed_error(absl::StrCat("Underflow with first ack block length ",
3697 ack_block_value + 1, " largest acked is ",
3698 largest_acked, ".")
3699 .c_str());
3700 return false;
3701 }
3702
3703 if (!visitor_->OnAckRange(QuicPacketNumber(block_low),
3704 QuicPacketNumber(block_high))) {
3705 // The visitor suppresses further processing of the packet. Although
3706 // this is not a parsing error, returns false as this is in middle
3707 // of processing an ACK frame.
3708 set_detailed_error("Visitor suppresses further processing of ACK frame.");
3709 return false;
3710 }
3711
3712 while (ack_block_count != 0) {
3713 uint64_t gap_block_value;
3714 // Get the sizes of the gap and ack blocks,
3715 if (!reader->ReadVarInt62(&gap_block_value)) {
3716 set_detailed_error("Unable to read gap block value.");
3717 return false;
3718 }
3719 // It's an error if the gap is larger than the space from packet
3720 // number 0 to the start of the block that's just been acked, PLUS
3721 // there must be space for at least 1 packet to be acked. For
3722 // example, if block_low is 10 and gap_block_value is 9, it means
3723 // the gap block is 10 packets long, leaving no room for a packet
3724 // to be acked. Thus, gap_block_value+2 can not be larger than
3725 // block_low.
3726 // The test is written this way to detect wrap-arounds.
3727 if ((gap_block_value + 2) > block_low) {
3728 set_detailed_error(
3729 absl::StrCat("Underflow with gap block length ", gap_block_value + 1,
3730 " previous ack block start is ", block_low, ".")
3731 .c_str());
3732 return false;
3733 }
3734
3735 // Adjust block_high to be the top of the next ack block.
3736 // There is a gap of |gap_block_value| packets between the bottom
3737 // of ack block N and top of block N+1. Note that gap_block_value
3738 // is he size of the gap minus 1 (per the QUIC protocol), and
3739 // block_high is the packet number of the first packet of the gap
3740 // (per the implementation of OnAckRange/AddAckRange, below).
3741 block_high = block_low - 1 - gap_block_value;
3742
3743 if (!reader->ReadVarInt62(&ack_block_value)) {
3744 set_detailed_error("Unable to read ack block value.");
3745 return false;
3746 }
3747 if (ack_block_value + first_sending_packet_number_.ToUint64() >
3748 (block_high - 1)) {
3749 set_detailed_error(
3750 absl::StrCat("Underflow with ack block length ", ack_block_value + 1,
3751 " latest ack block end is ", block_high - 1, ".")
3752 .c_str());
3753 return false;
3754 }
3755 // Calculate the low end of the new nth ack block. The +1 is
3756 // because the encoded value is the blocksize-1.
3757 block_low = block_high - 1 - ack_block_value;
3758 if (!visitor_->OnAckRange(QuicPacketNumber(block_low),
3759 QuicPacketNumber(block_high))) {
3760 // The visitor suppresses further processing of the packet. Although
3761 // this is not a parsing error, returns false as this is in middle
3762 // of processing an ACK frame.
3763 set_detailed_error("Visitor suppresses further processing of ACK frame.");
3764 return false;
3765 }
3766
3767 // Another one done.
3768 ack_block_count--;
3769 }
3770
3771 QUICHE_DCHECK(!ack_frame->ecn_counters.has_value());
3772 if (frame_type == IETF_ACK_RECEIVE_TIMESTAMPS) {
3773 QUICHE_DCHECK(process_timestamps_);
3774 if (!ProcessIetfTimestampsInAckFrame(ack_frame->largest_acked, reader)) {
3775 return false;
3776 }
3777 } else if (frame_type == IETF_ACK_ECN) {
3778 ack_frame->ecn_counters = QuicEcnCounts();
3779 if (!reader->ReadVarInt62(&ack_frame->ecn_counters->ect0)) {
3780 set_detailed_error("Unable to read ack ect_0_count.");
3781 return false;
3782 }
3783 if (!reader->ReadVarInt62(&ack_frame->ecn_counters->ect1)) {
3784 set_detailed_error("Unable to read ack ect_1_count.");
3785 return false;
3786 }
3787 if (!reader->ReadVarInt62(&ack_frame->ecn_counters->ce)) {
3788 set_detailed_error("Unable to read ack ecn_ce_count.");
3789 return false;
3790 }
3791 }
3792
3793 if (!visitor_->OnAckFrameEnd(QuicPacketNumber(block_low),
3794 ack_frame->ecn_counters)) {
3795 set_detailed_error(
3796 "Error occurs when visitor finishes processing the ACK frame.");
3797 return false;
3798 }
3799
3800 return true;
3801 }
3802
ProcessIetfTimestampsInAckFrame(QuicPacketNumber largest_acked,QuicDataReader * reader)3803 bool QuicFramer::ProcessIetfTimestampsInAckFrame(QuicPacketNumber largest_acked,
3804 QuicDataReader* reader) {
3805 uint64_t timestamp_range_count;
3806 if (!reader->ReadVarInt62(×tamp_range_count)) {
3807 set_detailed_error("Unable to read receive timestamp range count.");
3808 return false;
3809 }
3810 if (timestamp_range_count == 0) {
3811 return true;
3812 }
3813
3814 QuicPacketNumber packet_number = largest_acked;
3815
3816 // Iterate through all timestamp ranges, each of which represents a block of
3817 // contiguous packets for which receive timestamps are being reported. Each
3818 // range is of the form:
3819 //
3820 // Timestamp Range {
3821 // Gap (i),
3822 // Timestamp Delta Count (i),
3823 // Timestamp Delta (i) ...,
3824 // }
3825 for (uint64_t i = 0; i < timestamp_range_count; i++) {
3826 uint64_t gap;
3827 if (!reader->ReadVarInt62(&gap)) {
3828 set_detailed_error("Unable to read receive timestamp gap.");
3829 return false;
3830 }
3831 if (packet_number.ToUint64() < gap) {
3832 set_detailed_error("Receive timestamp gap too high.");
3833 return false;
3834 }
3835 packet_number = packet_number - gap;
3836 uint64_t timestamp_count;
3837 if (!reader->ReadVarInt62(×tamp_count)) {
3838 set_detailed_error("Unable to read receive timestamp count.");
3839 return false;
3840 }
3841 if (packet_number.ToUint64() < timestamp_count) {
3842 set_detailed_error("Receive timestamp count too high.");
3843 return false;
3844 }
3845 for (uint64_t j = 0; j < timestamp_count; j++) {
3846 uint64_t timestamp_delta;
3847 if (!reader->ReadVarInt62(×tamp_delta)) {
3848 set_detailed_error("Unable to read receive timestamp delta.");
3849 return false;
3850 }
3851 // The first timestamp delta is relative to framer creation time; whereas
3852 // subsequent deltas are relative to the previous delta in decreasing
3853 // packet order.
3854 timestamp_delta = timestamp_delta << receive_timestamps_exponent_;
3855 if (i == 0 && j == 0) {
3856 last_timestamp_ = QuicTime::Delta::FromMicroseconds(timestamp_delta);
3857 } else {
3858 last_timestamp_ = last_timestamp_ -
3859 QuicTime::Delta::FromMicroseconds(timestamp_delta);
3860 if (last_timestamp_ < QuicTime::Delta::Zero()) {
3861 set_detailed_error("Receive timestamp delta too high.");
3862 return false;
3863 }
3864 }
3865 visitor_->OnAckTimestamp(packet_number, creation_time_ + last_timestamp_);
3866 packet_number--;
3867 }
3868 packet_number--;
3869 }
3870 return true;
3871 }
3872
ProcessStopWaitingFrame(QuicDataReader * reader,const QuicPacketHeader & header,QuicStopWaitingFrame * stop_waiting)3873 bool QuicFramer::ProcessStopWaitingFrame(QuicDataReader* reader,
3874 const QuicPacketHeader& header,
3875 QuicStopWaitingFrame* stop_waiting) {
3876 uint64_t least_unacked_delta;
3877 if (!reader->ReadBytesToUInt64(header.packet_number_length,
3878 &least_unacked_delta)) {
3879 set_detailed_error("Unable to read least unacked delta.");
3880 return false;
3881 }
3882 if (header.packet_number.ToUint64() <= least_unacked_delta) {
3883 set_detailed_error("Invalid unacked delta.");
3884 return false;
3885 }
3886 stop_waiting->least_unacked = header.packet_number - least_unacked_delta;
3887
3888 return true;
3889 }
3890
ProcessRstStreamFrame(QuicDataReader * reader,QuicRstStreamFrame * frame)3891 bool QuicFramer::ProcessRstStreamFrame(QuicDataReader* reader,
3892 QuicRstStreamFrame* frame) {
3893 if (!reader->ReadUInt32(&frame->stream_id)) {
3894 set_detailed_error("Unable to read stream_id.");
3895 return false;
3896 }
3897
3898 if (!reader->ReadUInt64(&frame->byte_offset)) {
3899 set_detailed_error("Unable to read rst stream sent byte offset.");
3900 return false;
3901 }
3902
3903 uint32_t error_code;
3904 if (!reader->ReadUInt32(&error_code)) {
3905 set_detailed_error("Unable to read rst stream error code.");
3906 return false;
3907 }
3908
3909 if (error_code >= QUIC_STREAM_LAST_ERROR) {
3910 // Ignore invalid stream error code if any.
3911 error_code = QUIC_STREAM_LAST_ERROR;
3912 }
3913
3914 frame->error_code = static_cast<QuicRstStreamErrorCode>(error_code);
3915
3916 return true;
3917 }
3918
ProcessConnectionCloseFrame(QuicDataReader * reader,QuicConnectionCloseFrame * frame)3919 bool QuicFramer::ProcessConnectionCloseFrame(QuicDataReader* reader,
3920 QuicConnectionCloseFrame* frame) {
3921 uint32_t error_code;
3922 frame->close_type = GOOGLE_QUIC_CONNECTION_CLOSE;
3923
3924 if (!reader->ReadUInt32(&error_code)) {
3925 set_detailed_error("Unable to read connection close error code.");
3926 return false;
3927 }
3928
3929 // For Google QUIC connection closes, |wire_error_code| and |quic_error_code|
3930 // must have the same value.
3931 frame->wire_error_code = error_code;
3932 frame->quic_error_code = static_cast<QuicErrorCode>(error_code);
3933
3934 absl::string_view error_details;
3935 if (!reader->ReadStringPiece16(&error_details)) {
3936 set_detailed_error("Unable to read connection close error details.");
3937 return false;
3938 }
3939 frame->error_details = std::string(error_details);
3940
3941 return true;
3942 }
3943
ProcessGoAwayFrame(QuicDataReader * reader,QuicGoAwayFrame * frame)3944 bool QuicFramer::ProcessGoAwayFrame(QuicDataReader* reader,
3945 QuicGoAwayFrame* frame) {
3946 uint32_t error_code;
3947 if (!reader->ReadUInt32(&error_code)) {
3948 set_detailed_error("Unable to read go away error code.");
3949 return false;
3950 }
3951
3952 frame->error_code = static_cast<QuicErrorCode>(error_code);
3953
3954 uint32_t stream_id;
3955 if (!reader->ReadUInt32(&stream_id)) {
3956 set_detailed_error("Unable to read last good stream id.");
3957 return false;
3958 }
3959 frame->last_good_stream_id = static_cast<QuicStreamId>(stream_id);
3960
3961 absl::string_view reason_phrase;
3962 if (!reader->ReadStringPiece16(&reason_phrase)) {
3963 set_detailed_error("Unable to read goaway reason.");
3964 return false;
3965 }
3966 frame->reason_phrase = std::string(reason_phrase);
3967
3968 return true;
3969 }
3970
ProcessWindowUpdateFrame(QuicDataReader * reader,QuicWindowUpdateFrame * frame)3971 bool QuicFramer::ProcessWindowUpdateFrame(QuicDataReader* reader,
3972 QuicWindowUpdateFrame* frame) {
3973 if (!reader->ReadUInt32(&frame->stream_id)) {
3974 set_detailed_error("Unable to read stream_id.");
3975 return false;
3976 }
3977
3978 if (!reader->ReadUInt64(&frame->max_data)) {
3979 set_detailed_error("Unable to read window byte_offset.");
3980 return false;
3981 }
3982
3983 return true;
3984 }
3985
ProcessBlockedFrame(QuicDataReader * reader,QuicBlockedFrame * frame)3986 bool QuicFramer::ProcessBlockedFrame(QuicDataReader* reader,
3987 QuicBlockedFrame* frame) {
3988 QUICHE_DCHECK(!VersionHasIetfQuicFrames(version_.transport_version))
3989 << "Attempt to process non-IETF QUIC frames in an IETF QUIC version.";
3990
3991 if (!reader->ReadUInt32(&frame->stream_id)) {
3992 set_detailed_error("Unable to read stream_id.");
3993 return false;
3994 }
3995
3996 return true;
3997 }
3998
ProcessPaddingFrame(QuicDataReader * reader,QuicPaddingFrame * frame)3999 void QuicFramer::ProcessPaddingFrame(QuicDataReader* reader,
4000 QuicPaddingFrame* frame) {
4001 // Type byte has been read.
4002 frame->num_padding_bytes = 1;
4003 uint8_t next_byte;
4004 while (!reader->IsDoneReading() && reader->PeekByte() == 0x00) {
4005 reader->ReadBytes(&next_byte, 1);
4006 QUICHE_DCHECK_EQ(0x00, next_byte);
4007 ++frame->num_padding_bytes;
4008 }
4009 }
4010
ProcessMessageFrame(QuicDataReader * reader,bool no_message_length,QuicMessageFrame * frame)4011 bool QuicFramer::ProcessMessageFrame(QuicDataReader* reader,
4012 bool no_message_length,
4013 QuicMessageFrame* frame) {
4014 if (no_message_length) {
4015 absl::string_view remaining(reader->ReadRemainingPayload());
4016 frame->data = remaining.data();
4017 frame->message_length = remaining.length();
4018 return true;
4019 }
4020
4021 uint64_t message_length;
4022 if (!reader->ReadVarInt62(&message_length)) {
4023 set_detailed_error("Unable to read message length");
4024 return false;
4025 }
4026
4027 absl::string_view message_piece;
4028 if (!reader->ReadStringPiece(&message_piece, message_length)) {
4029 set_detailed_error("Unable to read message data");
4030 return false;
4031 }
4032
4033 frame->data = message_piece.data();
4034 frame->message_length = message_length;
4035
4036 return true;
4037 }
4038
4039 // static
GetAssociatedDataFromEncryptedPacket(QuicTransportVersion version,const QuicEncryptedPacket & encrypted,uint8_t destination_connection_id_length,uint8_t source_connection_id_length,bool includes_version,bool includes_diversification_nonce,QuicPacketNumberLength packet_number_length,quiche::QuicheVariableLengthIntegerLength retry_token_length_length,uint64_t retry_token_length,quiche::QuicheVariableLengthIntegerLength length_length)4040 absl::string_view QuicFramer::GetAssociatedDataFromEncryptedPacket(
4041 QuicTransportVersion version, const QuicEncryptedPacket& encrypted,
4042 uint8_t destination_connection_id_length,
4043 uint8_t source_connection_id_length, bool includes_version,
4044 bool includes_diversification_nonce,
4045 QuicPacketNumberLength packet_number_length,
4046 quiche::QuicheVariableLengthIntegerLength retry_token_length_length,
4047 uint64_t retry_token_length,
4048 quiche::QuicheVariableLengthIntegerLength length_length) {
4049 // TODO(ianswett): This is identical to QuicData::AssociatedData.
4050 return absl::string_view(
4051 encrypted.data(),
4052 GetStartOfEncryptedData(version, destination_connection_id_length,
4053 source_connection_id_length, includes_version,
4054 includes_diversification_nonce,
4055 packet_number_length, retry_token_length_length,
4056 retry_token_length, length_length));
4057 }
4058
SetDecrypter(EncryptionLevel level,std::unique_ptr<QuicDecrypter> decrypter)4059 void QuicFramer::SetDecrypter(EncryptionLevel level,
4060 std::unique_ptr<QuicDecrypter> decrypter) {
4061 QUICHE_DCHECK_GE(level, decrypter_level_);
4062 QUICHE_DCHECK(!version_.KnowsWhichDecrypterToUse());
4063 QUIC_DVLOG(1) << ENDPOINT << "Setting decrypter from level "
4064 << decrypter_level_ << " to " << level;
4065 decrypter_[decrypter_level_] = nullptr;
4066 decrypter_[level] = std::move(decrypter);
4067 decrypter_level_ = level;
4068 }
4069
SetAlternativeDecrypter(EncryptionLevel level,std::unique_ptr<QuicDecrypter> decrypter,bool latch_once_used)4070 void QuicFramer::SetAlternativeDecrypter(
4071 EncryptionLevel level, std::unique_ptr<QuicDecrypter> decrypter,
4072 bool latch_once_used) {
4073 QUICHE_DCHECK_NE(level, decrypter_level_);
4074 QUICHE_DCHECK(!version_.KnowsWhichDecrypterToUse());
4075 QUIC_DVLOG(1) << ENDPOINT << "Setting alternative decrypter from level "
4076 << alternative_decrypter_level_ << " to " << level;
4077 if (alternative_decrypter_level_ != NUM_ENCRYPTION_LEVELS) {
4078 decrypter_[alternative_decrypter_level_] = nullptr;
4079 }
4080 decrypter_[level] = std::move(decrypter);
4081 alternative_decrypter_level_ = level;
4082 alternative_decrypter_latch_ = latch_once_used;
4083 }
4084
InstallDecrypter(EncryptionLevel level,std::unique_ptr<QuicDecrypter> decrypter)4085 void QuicFramer::InstallDecrypter(EncryptionLevel level,
4086 std::unique_ptr<QuicDecrypter> decrypter) {
4087 QUICHE_DCHECK(version_.KnowsWhichDecrypterToUse());
4088 QUIC_DVLOG(1) << ENDPOINT << "Installing decrypter at level " << level;
4089 decrypter_[level] = std::move(decrypter);
4090 }
4091
RemoveDecrypter(EncryptionLevel level)4092 void QuicFramer::RemoveDecrypter(EncryptionLevel level) {
4093 QUICHE_DCHECK(version_.KnowsWhichDecrypterToUse());
4094 QUIC_DVLOG(1) << ENDPOINT << "Removing decrypter at level " << level;
4095 decrypter_[level] = nullptr;
4096 }
4097
SetKeyUpdateSupportForConnection(bool enabled)4098 void QuicFramer::SetKeyUpdateSupportForConnection(bool enabled) {
4099 QUIC_DVLOG(1) << ENDPOINT << "SetKeyUpdateSupportForConnection: " << enabled;
4100 support_key_update_for_connection_ = enabled;
4101 }
4102
DiscardPreviousOneRttKeys()4103 void QuicFramer::DiscardPreviousOneRttKeys() {
4104 QUICHE_DCHECK(support_key_update_for_connection_);
4105 QUIC_DVLOG(1) << ENDPOINT << "Discarding previous set of 1-RTT keys";
4106 previous_decrypter_ = nullptr;
4107 }
4108
DoKeyUpdate(KeyUpdateReason reason)4109 bool QuicFramer::DoKeyUpdate(KeyUpdateReason reason) {
4110 QUICHE_DCHECK(support_key_update_for_connection_);
4111 if (!next_decrypter_) {
4112 // If key update is locally initiated, next decrypter might not be created
4113 // yet.
4114 next_decrypter_ = visitor_->AdvanceKeysAndCreateCurrentOneRttDecrypter();
4115 }
4116 std::unique_ptr<QuicEncrypter> next_encrypter =
4117 visitor_->CreateCurrentOneRttEncrypter();
4118 if (!next_decrypter_ || !next_encrypter) {
4119 QUIC_BUG(quic_bug_10850_58) << "Failed to create next crypters";
4120 return false;
4121 }
4122 key_update_performed_ = true;
4123 current_key_phase_bit_ = !current_key_phase_bit_;
4124 QUIC_DLOG(INFO) << ENDPOINT << "DoKeyUpdate: new current_key_phase_bit_="
4125 << current_key_phase_bit_;
4126 current_key_phase_first_received_packet_number_.Clear();
4127 previous_decrypter_ = std::move(decrypter_[ENCRYPTION_FORWARD_SECURE]);
4128 decrypter_[ENCRYPTION_FORWARD_SECURE] = std::move(next_decrypter_);
4129 encrypter_[ENCRYPTION_FORWARD_SECURE] = std::move(next_encrypter);
4130 switch (reason) {
4131 case KeyUpdateReason::kInvalid:
4132 QUIC_CODE_COUNT(quic_key_update_invalid);
4133 break;
4134 case KeyUpdateReason::kRemote:
4135 QUIC_CODE_COUNT(quic_key_update_remote);
4136 break;
4137 case KeyUpdateReason::kLocalForTests:
4138 QUIC_CODE_COUNT(quic_key_update_local_for_tests);
4139 break;
4140 case KeyUpdateReason::kLocalForInteropRunner:
4141 QUIC_CODE_COUNT(quic_key_update_local_for_interop_runner);
4142 break;
4143 case KeyUpdateReason::kLocalAeadConfidentialityLimit:
4144 QUIC_CODE_COUNT(quic_key_update_local_aead_confidentiality_limit);
4145 break;
4146 case KeyUpdateReason::kLocalKeyUpdateLimitOverride:
4147 QUIC_CODE_COUNT(quic_key_update_local_limit_override);
4148 break;
4149 }
4150 visitor_->OnKeyUpdate(reason);
4151 return true;
4152 }
4153
PotentialPeerKeyUpdateAttemptCount() const4154 QuicPacketCount QuicFramer::PotentialPeerKeyUpdateAttemptCount() const {
4155 return potential_peer_key_update_attempt_count_;
4156 }
4157
GetDecrypter(EncryptionLevel level) const4158 const QuicDecrypter* QuicFramer::GetDecrypter(EncryptionLevel level) const {
4159 QUICHE_DCHECK(version_.KnowsWhichDecrypterToUse());
4160 return decrypter_[level].get();
4161 }
4162
decrypter() const4163 const QuicDecrypter* QuicFramer::decrypter() const {
4164 return decrypter_[decrypter_level_].get();
4165 }
4166
alternative_decrypter() const4167 const QuicDecrypter* QuicFramer::alternative_decrypter() const {
4168 if (alternative_decrypter_level_ == NUM_ENCRYPTION_LEVELS) {
4169 return nullptr;
4170 }
4171 return decrypter_[alternative_decrypter_level_].get();
4172 }
4173
SetEncrypter(EncryptionLevel level,std::unique_ptr<QuicEncrypter> encrypter)4174 void QuicFramer::SetEncrypter(EncryptionLevel level,
4175 std::unique_ptr<QuicEncrypter> encrypter) {
4176 QUICHE_DCHECK_GE(level, 0);
4177 QUICHE_DCHECK_LT(level, NUM_ENCRYPTION_LEVELS);
4178 QUIC_DVLOG(1) << ENDPOINT << "Setting encrypter at level " << level;
4179 encrypter_[level] = std::move(encrypter);
4180 }
4181
RemoveEncrypter(EncryptionLevel level)4182 void QuicFramer::RemoveEncrypter(EncryptionLevel level) {
4183 QUIC_DVLOG(1) << ENDPOINT << "Removing encrypter of " << level;
4184 encrypter_[level] = nullptr;
4185 }
4186
SetInitialObfuscators(QuicConnectionId connection_id)4187 void QuicFramer::SetInitialObfuscators(QuicConnectionId connection_id) {
4188 CrypterPair crypters;
4189 CryptoUtils::CreateInitialObfuscators(perspective_, version_, connection_id,
4190 &crypters);
4191 encrypter_[ENCRYPTION_INITIAL] = std::move(crypters.encrypter);
4192 decrypter_[ENCRYPTION_INITIAL] = std::move(crypters.decrypter);
4193 }
4194
EncryptInPlace(EncryptionLevel level,QuicPacketNumber packet_number,size_t ad_len,size_t total_len,size_t buffer_len,char * buffer)4195 size_t QuicFramer::EncryptInPlace(EncryptionLevel level,
4196 QuicPacketNumber packet_number, size_t ad_len,
4197 size_t total_len, size_t buffer_len,
4198 char* buffer) {
4199 QUICHE_DCHECK(packet_number.IsInitialized());
4200 if (encrypter_[level] == nullptr) {
4201 QUIC_BUG(quic_bug_10850_59)
4202 << ENDPOINT
4203 << "Attempted to encrypt in place without encrypter at level " << level;
4204 RaiseError(QUIC_ENCRYPTION_FAILURE);
4205 return 0;
4206 }
4207
4208 size_t output_length = 0;
4209 if (!encrypter_[level]->EncryptPacket(
4210 packet_number.ToUint64(),
4211 absl::string_view(buffer, ad_len), // Associated data
4212 absl::string_view(buffer + ad_len,
4213 total_len - ad_len), // Plaintext
4214 buffer + ad_len, // Destination buffer
4215 &output_length, buffer_len - ad_len)) {
4216 RaiseError(QUIC_ENCRYPTION_FAILURE);
4217 return 0;
4218 }
4219 if (version_.HasHeaderProtection() &&
4220 !ApplyHeaderProtection(level, buffer, ad_len + output_length, ad_len)) {
4221 QUIC_DLOG(ERROR) << "Applying header protection failed.";
4222 RaiseError(QUIC_ENCRYPTION_FAILURE);
4223 return 0;
4224 }
4225
4226 return ad_len + output_length;
4227 }
4228
4229 namespace {
4230
4231 const size_t kHPSampleLen = 16;
4232
IsLongHeader(uint8_t type_byte)4233 constexpr bool IsLongHeader(uint8_t type_byte) {
4234 return (type_byte & FLAGS_LONG_HEADER) != 0;
4235 }
4236
4237 } // namespace
4238
ApplyHeaderProtection(EncryptionLevel level,char * buffer,size_t buffer_len,size_t ad_len)4239 bool QuicFramer::ApplyHeaderProtection(EncryptionLevel level, char* buffer,
4240 size_t buffer_len, size_t ad_len) {
4241 QuicDataReader buffer_reader(buffer, buffer_len);
4242 QuicDataWriter buffer_writer(buffer_len, buffer);
4243 // The sample starts 4 bytes after the start of the packet number.
4244 if (ad_len < last_written_packet_number_length_) {
4245 return false;
4246 }
4247 size_t pn_offset = ad_len - last_written_packet_number_length_;
4248 // Sample the ciphertext and generate the mask to use for header protection.
4249 size_t sample_offset = pn_offset + 4;
4250 QuicDataReader sample_reader(buffer, buffer_len);
4251 absl::string_view sample;
4252 if (!sample_reader.Seek(sample_offset) ||
4253 !sample_reader.ReadStringPiece(&sample, kHPSampleLen)) {
4254 QUIC_BUG(quic_bug_10850_60)
4255 << "Not enough bytes to sample: sample_offset " << sample_offset
4256 << ", sample len: " << kHPSampleLen << ", buffer len: " << buffer_len;
4257 return false;
4258 }
4259
4260 if (encrypter_[level] == nullptr) {
4261 QUIC_BUG(quic_bug_12975_8)
4262 << ENDPOINT
4263 << "Attempted to apply header protection without encrypter at level "
4264 << level << " using " << version_;
4265 return false;
4266 }
4267
4268 std::string mask = encrypter_[level]->GenerateHeaderProtectionMask(sample);
4269 if (mask.empty()) {
4270 QUIC_BUG(quic_bug_10850_61) << "Unable to generate header protection mask.";
4271 return false;
4272 }
4273 QuicDataReader mask_reader(mask.data(), mask.size());
4274
4275 // Apply the mask to the 4 or 5 least significant bits of the first byte.
4276 uint8_t bitmask = 0x1f;
4277 uint8_t type_byte;
4278 if (!buffer_reader.ReadUInt8(&type_byte)) {
4279 return false;
4280 }
4281 QuicLongHeaderType header_type;
4282 if (IsLongHeader(type_byte)) {
4283 bitmask = 0x0f;
4284 header_type = GetLongHeaderType(type_byte, version_);
4285 if (header_type == INVALID_PACKET_TYPE) {
4286 return false;
4287 }
4288 }
4289 uint8_t mask_byte;
4290 if (!mask_reader.ReadUInt8(&mask_byte) ||
4291 !buffer_writer.WriteUInt8(type_byte ^ (mask_byte & bitmask))) {
4292 return false;
4293 }
4294
4295 // Adjust |pn_offset| to account for the diversification nonce.
4296 if (IsLongHeader(type_byte) && header_type == ZERO_RTT_PROTECTED &&
4297 perspective_ == Perspective::IS_SERVER &&
4298 version_.handshake_protocol == PROTOCOL_QUIC_CRYPTO) {
4299 if (pn_offset <= kDiversificationNonceSize) {
4300 QUIC_BUG(quic_bug_10850_62)
4301 << "Expected diversification nonce, but not enough bytes";
4302 return false;
4303 }
4304 pn_offset -= kDiversificationNonceSize;
4305 }
4306 // Advance the reader and writer to the packet number. Both the reader and
4307 // writer have each read/written one byte.
4308 if (!buffer_writer.Seek(pn_offset - 1) ||
4309 !buffer_reader.Seek(pn_offset - 1)) {
4310 return false;
4311 }
4312 // Apply the rest of the mask to the packet number.
4313 for (size_t i = 0; i < last_written_packet_number_length_; ++i) {
4314 uint8_t buffer_byte;
4315 uint8_t pn_mask_byte;
4316 if (!mask_reader.ReadUInt8(&pn_mask_byte) ||
4317 !buffer_reader.ReadUInt8(&buffer_byte) ||
4318 !buffer_writer.WriteUInt8(buffer_byte ^ pn_mask_byte)) {
4319 return false;
4320 }
4321 }
4322 return true;
4323 }
4324
RemoveHeaderProtection(QuicDataReader * reader,const QuicEncryptedPacket & packet,QuicPacketHeader * header,uint64_t * full_packet_number,AssociatedDataStorage & associated_data)4325 bool QuicFramer::RemoveHeaderProtection(
4326 QuicDataReader* reader, const QuicEncryptedPacket& packet,
4327 QuicPacketHeader* header, uint64_t* full_packet_number,
4328 AssociatedDataStorage& associated_data) {
4329 EncryptionLevel expected_decryption_level = GetEncryptionLevel(*header);
4330 QuicDecrypter* decrypter = decrypter_[expected_decryption_level].get();
4331 if (decrypter == nullptr) {
4332 QUIC_DVLOG(1)
4333 << ENDPOINT
4334 << "No decrypter available for removing header protection at level "
4335 << expected_decryption_level;
4336 return false;
4337 }
4338
4339 bool has_diversification_nonce =
4340 header->form == IETF_QUIC_LONG_HEADER_PACKET &&
4341 header->long_packet_type == ZERO_RTT_PROTECTED &&
4342 perspective_ == Perspective::IS_CLIENT &&
4343 version_.handshake_protocol == PROTOCOL_QUIC_CRYPTO;
4344
4345 // Read a sample from the ciphertext and compute the mask to use for header
4346 // protection.
4347 absl::string_view remaining_packet = reader->PeekRemainingPayload();
4348 QuicDataReader sample_reader(remaining_packet);
4349
4350 // The sample starts 4 bytes after the start of the packet number.
4351 absl::string_view pn;
4352 if (!sample_reader.ReadStringPiece(&pn, 4)) {
4353 QUIC_DVLOG(1) << "Not enough data to sample";
4354 return false;
4355 }
4356 if (has_diversification_nonce) {
4357 // In Google QUIC, the diversification nonce comes between the packet number
4358 // and the sample.
4359 if (!sample_reader.Seek(kDiversificationNonceSize)) {
4360 QUIC_DVLOG(1) << "No diversification nonce to skip over";
4361 return false;
4362 }
4363 }
4364 std::string mask = decrypter->GenerateHeaderProtectionMask(&sample_reader);
4365 QuicDataReader mask_reader(mask.data(), mask.size());
4366 if (mask.empty()) {
4367 QUIC_DVLOG(1) << "Failed to compute mask";
4368 return false;
4369 }
4370
4371 // Unmask the rest of the type byte.
4372 uint8_t bitmask = 0x1f;
4373 if (IsLongHeader(header->type_byte)) {
4374 bitmask = 0x0f;
4375 }
4376 uint8_t mask_byte;
4377 if (!mask_reader.ReadUInt8(&mask_byte)) {
4378 QUIC_DVLOG(1) << "No first byte to read from mask";
4379 return false;
4380 }
4381 header->type_byte ^= (mask_byte & bitmask);
4382
4383 // Compute the packet number length.
4384 header->packet_number_length =
4385 static_cast<QuicPacketNumberLength>((header->type_byte & 0x03) + 1);
4386
4387 char pn_buffer[IETF_MAX_PACKET_NUMBER_LENGTH] = {};
4388 QuicDataWriter pn_writer(ABSL_ARRAYSIZE(pn_buffer), pn_buffer);
4389
4390 // Read the (protected) packet number from the reader and unmask the packet
4391 // number.
4392 for (size_t i = 0; i < header->packet_number_length; ++i) {
4393 uint8_t protected_pn_byte, pn_mask_byte;
4394 if (!mask_reader.ReadUInt8(&pn_mask_byte) ||
4395 !reader->ReadUInt8(&protected_pn_byte) ||
4396 !pn_writer.WriteUInt8(protected_pn_byte ^ pn_mask_byte)) {
4397 QUIC_DVLOG(1) << "Failed to unmask packet number";
4398 return false;
4399 }
4400 }
4401 QuicDataReader packet_number_reader(pn_writer.data(), pn_writer.length());
4402 QuicPacketNumber base_packet_number;
4403 if (supports_multiple_packet_number_spaces_) {
4404 PacketNumberSpace pn_space = GetPacketNumberSpace(*header);
4405 if (pn_space == NUM_PACKET_NUMBER_SPACES) {
4406 return false;
4407 }
4408 base_packet_number = largest_decrypted_packet_numbers_[pn_space];
4409 } else {
4410 base_packet_number = largest_packet_number_;
4411 }
4412 if (!ProcessAndCalculatePacketNumber(
4413 &packet_number_reader, header->packet_number_length,
4414 base_packet_number, full_packet_number)) {
4415 return false;
4416 }
4417
4418 // Get the associated data, and apply the same unmasking operations to it.
4419 absl::string_view ad = GetAssociatedDataFromEncryptedPacket(
4420 version_.transport_version, packet,
4421 GetIncludedDestinationConnectionIdLength(*header),
4422 GetIncludedSourceConnectionIdLength(*header), header->version_flag,
4423 has_diversification_nonce, header->packet_number_length,
4424 header->retry_token_length_length, header->retry_token.length(),
4425 header->length_length);
4426 associated_data.assign(ad.begin(), ad.end());
4427 QuicDataWriter ad_writer(associated_data.size(), associated_data.data());
4428
4429 // Apply the unmasked type byte and packet number to |associated_data|.
4430 if (!ad_writer.WriteUInt8(header->type_byte)) {
4431 return false;
4432 }
4433 // Put the packet number at the end of the AD, or if there's a diversification
4434 // nonce, before that (which is at the end of the AD).
4435 size_t seek_len = ad_writer.remaining() - header->packet_number_length;
4436 if (has_diversification_nonce) {
4437 seek_len -= kDiversificationNonceSize;
4438 }
4439 if (!ad_writer.Seek(seek_len) ||
4440 !ad_writer.WriteBytes(pn_writer.data(), pn_writer.length())) {
4441 QUIC_DVLOG(1) << "Failed to apply unmasking operations to AD";
4442 return false;
4443 }
4444
4445 return true;
4446 }
4447
EncryptPayload(EncryptionLevel level,QuicPacketNumber packet_number,const QuicPacket & packet,char * buffer,size_t buffer_len)4448 size_t QuicFramer::EncryptPayload(EncryptionLevel level,
4449 QuicPacketNumber packet_number,
4450 const QuicPacket& packet, char* buffer,
4451 size_t buffer_len) {
4452 QUICHE_DCHECK(packet_number.IsInitialized());
4453 if (encrypter_[level] == nullptr) {
4454 QUIC_BUG(quic_bug_10850_63)
4455 << ENDPOINT << "Attempted to encrypt without encrypter at level "
4456 << level;
4457 RaiseError(QUIC_ENCRYPTION_FAILURE);
4458 return 0;
4459 }
4460
4461 absl::string_view associated_data =
4462 packet.AssociatedData(version_.transport_version);
4463 // Copy in the header, because the encrypter only populates the encrypted
4464 // plaintext content.
4465 const size_t ad_len = associated_data.length();
4466 if (packet.length() < ad_len) {
4467 QUIC_BUG(quic_bug_10850_64)
4468 << ENDPOINT << "packet is shorter than associated data length. version:"
4469 << version() << ", packet length:" << packet.length()
4470 << ", associated data length:" << ad_len;
4471 RaiseError(QUIC_ENCRYPTION_FAILURE);
4472 return 0;
4473 }
4474 memmove(buffer, associated_data.data(), ad_len);
4475 // Encrypt the plaintext into the buffer.
4476 size_t output_length = 0;
4477 if (!encrypter_[level]->EncryptPacket(
4478 packet_number.ToUint64(), associated_data,
4479 packet.Plaintext(version_.transport_version), buffer + ad_len,
4480 &output_length, buffer_len - ad_len)) {
4481 RaiseError(QUIC_ENCRYPTION_FAILURE);
4482 return 0;
4483 }
4484 if (version_.HasHeaderProtection() &&
4485 !ApplyHeaderProtection(level, buffer, ad_len + output_length, ad_len)) {
4486 QUIC_DLOG(ERROR) << "Applying header protection failed.";
4487 RaiseError(QUIC_ENCRYPTION_FAILURE);
4488 return 0;
4489 }
4490
4491 return ad_len + output_length;
4492 }
4493
GetCiphertextSize(EncryptionLevel level,size_t plaintext_size) const4494 size_t QuicFramer::GetCiphertextSize(EncryptionLevel level,
4495 size_t plaintext_size) const {
4496 if (encrypter_[level] == nullptr) {
4497 QUIC_BUG(quic_bug_10850_65)
4498 << ENDPOINT
4499 << "Attempted to get ciphertext size without encrypter at level "
4500 << level << " using " << version_;
4501 return plaintext_size;
4502 }
4503 return encrypter_[level]->GetCiphertextSize(plaintext_size);
4504 }
4505
GetMaxPlaintextSize(size_t ciphertext_size)4506 size_t QuicFramer::GetMaxPlaintextSize(size_t ciphertext_size) {
4507 // In order to keep the code simple, we don't have the current encryption
4508 // level to hand. Both the NullEncrypter and AES-GCM have a tag length of 12.
4509 size_t min_plaintext_size = ciphertext_size;
4510
4511 for (int i = ENCRYPTION_INITIAL; i < NUM_ENCRYPTION_LEVELS; i++) {
4512 if (encrypter_[i] != nullptr) {
4513 size_t size = encrypter_[i]->GetMaxPlaintextSize(ciphertext_size);
4514 if (size < min_plaintext_size) {
4515 min_plaintext_size = size;
4516 }
4517 }
4518 }
4519
4520 return min_plaintext_size;
4521 }
4522
GetOneRttEncrypterConfidentialityLimit() const4523 QuicPacketCount QuicFramer::GetOneRttEncrypterConfidentialityLimit() const {
4524 if (!encrypter_[ENCRYPTION_FORWARD_SECURE]) {
4525 QUIC_BUG(quic_bug_10850_66) << "1-RTT encrypter not set";
4526 return 0;
4527 }
4528 return encrypter_[ENCRYPTION_FORWARD_SECURE]->GetConfidentialityLimit();
4529 }
4530
DecryptPayload(size_t udp_packet_length,absl::string_view encrypted,absl::string_view associated_data,const QuicPacketHeader & header,char * decrypted_buffer,size_t buffer_length,size_t * decrypted_length,EncryptionLevel * decrypted_level)4531 bool QuicFramer::DecryptPayload(size_t udp_packet_length,
4532 absl::string_view encrypted,
4533 absl::string_view associated_data,
4534 const QuicPacketHeader& header,
4535 char* decrypted_buffer, size_t buffer_length,
4536 size_t* decrypted_length,
4537 EncryptionLevel* decrypted_level) {
4538 if (!EncryptionLevelIsValid(decrypter_level_)) {
4539 QUIC_BUG(quic_bug_10850_67)
4540 << "Attempted to decrypt with bad decrypter_level_";
4541 return false;
4542 }
4543 EncryptionLevel level = decrypter_level_;
4544 QuicDecrypter* decrypter = decrypter_[level].get();
4545 QuicDecrypter* alternative_decrypter = nullptr;
4546 bool key_phase_parsed = false;
4547 bool key_phase;
4548 bool attempt_key_update = false;
4549 if (version().KnowsWhichDecrypterToUse()) {
4550 if (header.form == GOOGLE_QUIC_PACKET) {
4551 QUIC_BUG(quic_bug_10850_68)
4552 << "Attempted to decrypt GOOGLE_QUIC_PACKET with a version that "
4553 "knows which decrypter to use";
4554 return false;
4555 }
4556 level = GetEncryptionLevel(header);
4557 if (!EncryptionLevelIsValid(level)) {
4558 QUIC_BUG(quic_bug_10850_69) << "Attempted to decrypt with bad level";
4559 return false;
4560 }
4561 decrypter = decrypter_[level].get();
4562 if (decrypter == nullptr) {
4563 return false;
4564 }
4565 if (level == ENCRYPTION_ZERO_RTT &&
4566 perspective_ == Perspective::IS_CLIENT && header.nonce != nullptr) {
4567 decrypter->SetDiversificationNonce(*header.nonce);
4568 }
4569 if (support_key_update_for_connection_ &&
4570 header.form == IETF_QUIC_SHORT_HEADER_PACKET) {
4571 QUICHE_DCHECK(version().UsesTls());
4572 QUICHE_DCHECK_EQ(level, ENCRYPTION_FORWARD_SECURE);
4573 key_phase = (header.type_byte & FLAGS_KEY_PHASE_BIT) != 0;
4574 key_phase_parsed = true;
4575 QUIC_DVLOG(1) << ENDPOINT << "packet " << header.packet_number
4576 << " received key_phase=" << key_phase
4577 << " current_key_phase_bit_=" << current_key_phase_bit_;
4578 if (key_phase != current_key_phase_bit_) {
4579 if ((current_key_phase_first_received_packet_number_.IsInitialized() &&
4580 header.packet_number >
4581 current_key_phase_first_received_packet_number_) ||
4582 (!current_key_phase_first_received_packet_number_.IsInitialized() &&
4583 !key_update_performed_)) {
4584 if (!next_decrypter_) {
4585 next_decrypter_ =
4586 visitor_->AdvanceKeysAndCreateCurrentOneRttDecrypter();
4587 if (!next_decrypter_) {
4588 QUIC_BUG(quic_bug_10850_70) << "Failed to create next_decrypter";
4589 return false;
4590 }
4591 }
4592 QUIC_DVLOG(1) << ENDPOINT << "packet " << header.packet_number
4593 << " attempt_key_update=true";
4594 attempt_key_update = true;
4595 potential_peer_key_update_attempt_count_++;
4596 decrypter = next_decrypter_.get();
4597 } else {
4598 if (previous_decrypter_) {
4599 QUIC_DVLOG(1) << ENDPOINT
4600 << "trying previous_decrypter_ for packet "
4601 << header.packet_number;
4602 decrypter = previous_decrypter_.get();
4603 } else {
4604 QUIC_DVLOG(1) << ENDPOINT << "dropping packet "
4605 << header.packet_number << " with old key phase";
4606 return false;
4607 }
4608 }
4609 }
4610 }
4611 } else if (alternative_decrypter_level_ != NUM_ENCRYPTION_LEVELS) {
4612 if (!EncryptionLevelIsValid(alternative_decrypter_level_)) {
4613 QUIC_BUG(quic_bug_10850_71)
4614 << "Attempted to decrypt with bad alternative_decrypter_level_";
4615 return false;
4616 }
4617 alternative_decrypter = decrypter_[alternative_decrypter_level_].get();
4618 }
4619
4620 if (decrypter == nullptr) {
4621 QUIC_BUG(quic_bug_10850_72)
4622 << "Attempting to decrypt without decrypter, encryption level:" << level
4623 << " version:" << version();
4624 return false;
4625 }
4626
4627 bool success = decrypter->DecryptPacket(
4628 header.packet_number.ToUint64(), associated_data, encrypted,
4629 decrypted_buffer, decrypted_length, buffer_length);
4630 if (success) {
4631 visitor_->OnDecryptedPacket(udp_packet_length, level);
4632 if (level == ENCRYPTION_ZERO_RTT &&
4633 current_key_phase_first_received_packet_number_.IsInitialized() &&
4634 header.packet_number >
4635 current_key_phase_first_received_packet_number_) {
4636 set_detailed_error(absl::StrCat(
4637 "Decrypted a 0-RTT packet with a packet number ",
4638 header.packet_number.ToString(),
4639 " which is higher than a 1-RTT packet number ",
4640 current_key_phase_first_received_packet_number_.ToString()));
4641 return RaiseError(QUIC_INVALID_0RTT_PACKET_NUMBER_OUT_OF_ORDER);
4642 }
4643 *decrypted_level = level;
4644 potential_peer_key_update_attempt_count_ = 0;
4645 if (attempt_key_update) {
4646 if (!DoKeyUpdate(KeyUpdateReason::kRemote)) {
4647 set_detailed_error("Key update failed due to internal error");
4648 return RaiseError(QUIC_INTERNAL_ERROR);
4649 }
4650 QUICHE_DCHECK_EQ(current_key_phase_bit_, key_phase);
4651 }
4652 if (key_phase_parsed &&
4653 !current_key_phase_first_received_packet_number_.IsInitialized() &&
4654 key_phase == current_key_phase_bit_) {
4655 // Set packet number for current key phase if it hasn't been initialized
4656 // yet. This is set outside of attempt_key_update since the key update
4657 // may have been initiated locally, and in that case we don't know yet
4658 // which packet number from the remote side to use until we receive a
4659 // packet with that phase.
4660 QUIC_DVLOG(1) << ENDPOINT
4661 << "current_key_phase_first_received_packet_number_ = "
4662 << header.packet_number;
4663 current_key_phase_first_received_packet_number_ = header.packet_number;
4664 visitor_->OnDecryptedFirstPacketInKeyPhase();
4665 }
4666 } else if (alternative_decrypter != nullptr) {
4667 if (header.nonce != nullptr) {
4668 QUICHE_DCHECK_EQ(perspective_, Perspective::IS_CLIENT);
4669 alternative_decrypter->SetDiversificationNonce(*header.nonce);
4670 }
4671 bool try_alternative_decryption = true;
4672 if (alternative_decrypter_level_ == ENCRYPTION_ZERO_RTT) {
4673 if (perspective_ == Perspective::IS_CLIENT) {
4674 if (header.nonce == nullptr) {
4675 // Can not use INITIAL decryption without a diversification nonce.
4676 try_alternative_decryption = false;
4677 }
4678 } else {
4679 QUICHE_DCHECK(header.nonce == nullptr);
4680 }
4681 }
4682
4683 if (try_alternative_decryption) {
4684 success = alternative_decrypter->DecryptPacket(
4685 header.packet_number.ToUint64(), associated_data, encrypted,
4686 decrypted_buffer, decrypted_length, buffer_length);
4687 }
4688 if (success) {
4689 visitor_->OnDecryptedPacket(udp_packet_length,
4690 alternative_decrypter_level_);
4691 *decrypted_level = decrypter_level_;
4692 if (alternative_decrypter_latch_) {
4693 if (!EncryptionLevelIsValid(alternative_decrypter_level_)) {
4694 QUIC_BUG(quic_bug_10850_73)
4695 << "Attempted to latch alternate decrypter with bad "
4696 "alternative_decrypter_level_";
4697 return false;
4698 }
4699 // Switch to the alternative decrypter and latch so that we cannot
4700 // switch back.
4701 decrypter_level_ = alternative_decrypter_level_;
4702 alternative_decrypter_level_ = NUM_ENCRYPTION_LEVELS;
4703 } else {
4704 // Switch the alternative decrypter so that we use it first next time.
4705 EncryptionLevel alt_level = alternative_decrypter_level_;
4706 alternative_decrypter_level_ = decrypter_level_;
4707 decrypter_level_ = alt_level;
4708 }
4709 }
4710 }
4711
4712 if (!success) {
4713 QUIC_DVLOG(1) << ENDPOINT << "DecryptPacket failed for: " << header;
4714 return false;
4715 }
4716
4717 return true;
4718 }
4719
GetIetfAckFrameSize(const QuicAckFrame & frame)4720 size_t QuicFramer::GetIetfAckFrameSize(const QuicAckFrame& frame) {
4721 // Type byte, largest_acked, and delay_time are straight-forward.
4722 size_t ack_frame_size = kQuicFrameTypeSize;
4723 QuicPacketNumber largest_acked = LargestAcked(frame);
4724 ack_frame_size += QuicDataWriter::GetVarInt62Len(largest_acked.ToUint64());
4725 uint64_t ack_delay_time_us;
4726 ack_delay_time_us = frame.ack_delay_time.ToMicroseconds();
4727 ack_delay_time_us = ack_delay_time_us >> local_ack_delay_exponent_;
4728 ack_frame_size += QuicDataWriter::GetVarInt62Len(ack_delay_time_us);
4729
4730 if (frame.packets.Empty() || frame.packets.Max() != largest_acked) {
4731 QUIC_BUG(quic_bug_10850_74) << "Malformed ack frame";
4732 // ACK frame serialization will fail and connection will be closed.
4733 return ack_frame_size;
4734 }
4735
4736 // Ack block count.
4737 ack_frame_size +=
4738 QuicDataWriter::GetVarInt62Len(frame.packets.NumIntervals() - 1);
4739
4740 // First Ack range.
4741 auto iter = frame.packets.rbegin();
4742 ack_frame_size += QuicDataWriter::GetVarInt62Len(iter->Length() - 1);
4743 QuicPacketNumber previous_smallest = iter->min();
4744 ++iter;
4745
4746 // Ack blocks.
4747 for (; iter != frame.packets.rend(); ++iter) {
4748 const uint64_t gap = previous_smallest - iter->max() - 1;
4749 const uint64_t ack_range = iter->Length() - 1;
4750 ack_frame_size += (QuicDataWriter::GetVarInt62Len(gap) +
4751 QuicDataWriter::GetVarInt62Len(ack_range));
4752 previous_smallest = iter->min();
4753 }
4754
4755 if (UseIetfAckWithReceiveTimestamp(frame)) {
4756 ack_frame_size += GetIetfAckFrameTimestampSize(frame);
4757 } else {
4758 ack_frame_size += AckEcnCountSize(frame);
4759 }
4760
4761 return ack_frame_size;
4762 }
4763
GetIetfAckFrameTimestampSize(const QuicAckFrame & ack)4764 size_t QuicFramer::GetIetfAckFrameTimestampSize(const QuicAckFrame& ack) {
4765 QUICHE_DCHECK(!ack.received_packet_times.empty());
4766 std::string detailed_error;
4767 absl::InlinedVector<AckTimestampRange, 2> timestamp_ranges =
4768 GetAckTimestampRanges(ack, detailed_error);
4769 if (!detailed_error.empty()) {
4770 return 0;
4771 }
4772
4773 int64_t size =
4774 FrameAckTimestampRanges(ack, timestamp_ranges, /*writer=*/nullptr);
4775 return std::max<int64_t>(0, size);
4776 }
4777
GetAckFrameSize(const QuicAckFrame & ack,QuicPacketNumberLength)4778 size_t QuicFramer::GetAckFrameSize(
4779 const QuicAckFrame& ack, QuicPacketNumberLength /*packet_number_length*/) {
4780 QUICHE_DCHECK(!ack.packets.Empty());
4781 size_t ack_size = 0;
4782
4783 if (VersionHasIetfQuicFrames(version_.transport_version)) {
4784 return GetIetfAckFrameSize(ack);
4785 }
4786 AckFrameInfo ack_info = GetAckFrameInfo(ack);
4787 QuicPacketNumberLength ack_block_length =
4788 GetMinPacketNumberLength(QuicPacketNumber(ack_info.max_block_length));
4789
4790 ack_size = GetMinAckFrameSize(version_.transport_version, ack,
4791 local_ack_delay_exponent_,
4792 UseIetfAckWithReceiveTimestamp(ack));
4793 // First ack block length.
4794 ack_size += ack_block_length;
4795 if (ack_info.num_ack_blocks != 0) {
4796 ack_size += kNumberOfAckBlocksSize;
4797 ack_size += std::min(ack_info.num_ack_blocks, kMaxAckBlocks) *
4798 (ack_block_length + PACKET_1BYTE_PACKET_NUMBER);
4799 }
4800
4801 // Include timestamps.
4802 if (process_timestamps_) {
4803 ack_size += GetAckFrameTimeStampSize(ack);
4804 }
4805
4806 return ack_size;
4807 }
4808
GetAckFrameTimeStampSize(const QuicAckFrame & ack)4809 size_t QuicFramer::GetAckFrameTimeStampSize(const QuicAckFrame& ack) {
4810 if (ack.received_packet_times.empty()) {
4811 return 0;
4812 }
4813
4814 return kQuicNumTimestampsLength + kQuicFirstTimestampLength +
4815 (kQuicTimestampLength + kQuicTimestampPacketNumberGapLength) *
4816 (ack.received_packet_times.size() - 1);
4817 }
4818
ComputeFrameLength(const QuicFrame & frame,bool last_frame_in_packet,QuicPacketNumberLength packet_number_length)4819 size_t QuicFramer::ComputeFrameLength(
4820 const QuicFrame& frame, bool last_frame_in_packet,
4821 QuicPacketNumberLength packet_number_length) {
4822 switch (frame.type) {
4823 case STREAM_FRAME:
4824 return GetMinStreamFrameSize(
4825 version_.transport_version, frame.stream_frame.stream_id,
4826 frame.stream_frame.offset, last_frame_in_packet,
4827 frame.stream_frame.data_length) +
4828 frame.stream_frame.data_length;
4829 case CRYPTO_FRAME:
4830 return GetMinCryptoFrameSize(frame.crypto_frame->offset,
4831 frame.crypto_frame->data_length) +
4832 frame.crypto_frame->data_length;
4833 case ACK_FRAME: {
4834 return GetAckFrameSize(*frame.ack_frame, packet_number_length);
4835 }
4836 case STOP_WAITING_FRAME:
4837 return GetStopWaitingFrameSize(packet_number_length);
4838 case MTU_DISCOVERY_FRAME:
4839 // MTU discovery frames are serialized as ping frames.
4840 return kQuicFrameTypeSize;
4841 case MESSAGE_FRAME:
4842 return GetMessageFrameSize(last_frame_in_packet,
4843 frame.message_frame->message_length);
4844 case PADDING_FRAME:
4845 QUICHE_DCHECK(false);
4846 return 0;
4847 default:
4848 return GetRetransmittableControlFrameSize(version_.transport_version,
4849 frame);
4850 }
4851 }
4852
AppendTypeByte(const QuicFrame & frame,bool last_frame_in_packet,QuicDataWriter * writer)4853 bool QuicFramer::AppendTypeByte(const QuicFrame& frame,
4854 bool last_frame_in_packet,
4855 QuicDataWriter* writer) {
4856 if (VersionHasIetfQuicFrames(version_.transport_version)) {
4857 return AppendIetfFrameType(frame, last_frame_in_packet, writer);
4858 }
4859 uint8_t type_byte = 0;
4860 switch (frame.type) {
4861 case STREAM_FRAME:
4862 type_byte =
4863 GetStreamFrameTypeByte(frame.stream_frame, last_frame_in_packet);
4864 break;
4865 case ACK_FRAME:
4866 return true;
4867 case MTU_DISCOVERY_FRAME:
4868 type_byte = static_cast<uint8_t>(PING_FRAME);
4869 break;
4870 case NEW_CONNECTION_ID_FRAME:
4871 set_detailed_error(
4872 "Attempt to append NEW_CONNECTION_ID frame and not in IETF QUIC.");
4873 return RaiseError(QUIC_INTERNAL_ERROR);
4874 case RETIRE_CONNECTION_ID_FRAME:
4875 set_detailed_error(
4876 "Attempt to append RETIRE_CONNECTION_ID frame and not in IETF QUIC.");
4877 return RaiseError(QUIC_INTERNAL_ERROR);
4878 case NEW_TOKEN_FRAME:
4879 set_detailed_error(
4880 "Attempt to append NEW_TOKEN frame and not in IETF QUIC.");
4881 return RaiseError(QUIC_INTERNAL_ERROR);
4882 case MAX_STREAMS_FRAME:
4883 set_detailed_error(
4884 "Attempt to append MAX_STREAMS frame and not in IETF QUIC.");
4885 return RaiseError(QUIC_INTERNAL_ERROR);
4886 case STREAMS_BLOCKED_FRAME:
4887 set_detailed_error(
4888 "Attempt to append STREAMS_BLOCKED frame and not in IETF QUIC.");
4889 return RaiseError(QUIC_INTERNAL_ERROR);
4890 case PATH_RESPONSE_FRAME:
4891 set_detailed_error(
4892 "Attempt to append PATH_RESPONSE frame and not in IETF QUIC.");
4893 return RaiseError(QUIC_INTERNAL_ERROR);
4894 case PATH_CHALLENGE_FRAME:
4895 set_detailed_error(
4896 "Attempt to append PATH_CHALLENGE frame and not in IETF QUIC.");
4897 return RaiseError(QUIC_INTERNAL_ERROR);
4898 case STOP_SENDING_FRAME:
4899 set_detailed_error(
4900 "Attempt to append STOP_SENDING frame and not in IETF QUIC.");
4901 return RaiseError(QUIC_INTERNAL_ERROR);
4902 case MESSAGE_FRAME:
4903 return true;
4904
4905 default:
4906 type_byte = static_cast<uint8_t>(frame.type);
4907 break;
4908 }
4909
4910 return writer->WriteUInt8(type_byte);
4911 }
4912
AppendIetfFrameType(const QuicFrame & frame,bool last_frame_in_packet,QuicDataWriter * writer)4913 bool QuicFramer::AppendIetfFrameType(const QuicFrame& frame,
4914 bool last_frame_in_packet,
4915 QuicDataWriter* writer) {
4916 uint8_t type_byte = 0;
4917 switch (frame.type) {
4918 case PADDING_FRAME:
4919 type_byte = IETF_PADDING;
4920 break;
4921 case RST_STREAM_FRAME:
4922 type_byte = IETF_RST_STREAM;
4923 break;
4924 case CONNECTION_CLOSE_FRAME:
4925 switch (frame.connection_close_frame->close_type) {
4926 case IETF_QUIC_APPLICATION_CONNECTION_CLOSE:
4927 type_byte = IETF_APPLICATION_CLOSE;
4928 break;
4929 case IETF_QUIC_TRANSPORT_CONNECTION_CLOSE:
4930 type_byte = IETF_CONNECTION_CLOSE;
4931 break;
4932 default:
4933 set_detailed_error(absl::StrCat(
4934 "Invalid QuicConnectionCloseFrame type: ",
4935 static_cast<int>(frame.connection_close_frame->close_type)));
4936 return RaiseError(QUIC_INTERNAL_ERROR);
4937 }
4938 break;
4939 case GOAWAY_FRAME:
4940 set_detailed_error(
4941 "Attempt to create non-IETF QUIC GOAWAY frame in IETF QUIC.");
4942 return RaiseError(QUIC_INTERNAL_ERROR);
4943 case WINDOW_UPDATE_FRAME:
4944 // Depending on whether there is a stream ID or not, will be either a
4945 // MAX_STREAM_DATA frame or a MAX_DATA frame.
4946 if (frame.window_update_frame.stream_id ==
4947 QuicUtils::GetInvalidStreamId(transport_version())) {
4948 type_byte = IETF_MAX_DATA;
4949 } else {
4950 type_byte = IETF_MAX_STREAM_DATA;
4951 }
4952 break;
4953 case BLOCKED_FRAME:
4954 if (frame.blocked_frame.stream_id ==
4955 QuicUtils::GetInvalidStreamId(transport_version())) {
4956 type_byte = IETF_DATA_BLOCKED;
4957 } else {
4958 type_byte = IETF_STREAM_DATA_BLOCKED;
4959 }
4960 break;
4961 case STOP_WAITING_FRAME:
4962 set_detailed_error(
4963 "Attempt to append type byte of STOP WAITING frame in IETF QUIC.");
4964 return RaiseError(QUIC_INTERNAL_ERROR);
4965 case PING_FRAME:
4966 type_byte = IETF_PING;
4967 break;
4968 case STREAM_FRAME:
4969 type_byte =
4970 GetStreamFrameTypeByte(frame.stream_frame, last_frame_in_packet);
4971 break;
4972 case ACK_FRAME:
4973 // Do nothing here, AppendIetfAckFrameAndTypeByte() will put the type byte
4974 // in the buffer.
4975 return true;
4976 case MTU_DISCOVERY_FRAME:
4977 // The path MTU discovery frame is encoded as a PING frame on the wire.
4978 type_byte = IETF_PING;
4979 break;
4980 case NEW_CONNECTION_ID_FRAME:
4981 type_byte = IETF_NEW_CONNECTION_ID;
4982 break;
4983 case RETIRE_CONNECTION_ID_FRAME:
4984 type_byte = IETF_RETIRE_CONNECTION_ID;
4985 break;
4986 case NEW_TOKEN_FRAME:
4987 type_byte = IETF_NEW_TOKEN;
4988 break;
4989 case MAX_STREAMS_FRAME:
4990 if (frame.max_streams_frame.unidirectional) {
4991 type_byte = IETF_MAX_STREAMS_UNIDIRECTIONAL;
4992 } else {
4993 type_byte = IETF_MAX_STREAMS_BIDIRECTIONAL;
4994 }
4995 break;
4996 case STREAMS_BLOCKED_FRAME:
4997 if (frame.streams_blocked_frame.unidirectional) {
4998 type_byte = IETF_STREAMS_BLOCKED_UNIDIRECTIONAL;
4999 } else {
5000 type_byte = IETF_STREAMS_BLOCKED_BIDIRECTIONAL;
5001 }
5002 break;
5003 case PATH_RESPONSE_FRAME:
5004 type_byte = IETF_PATH_RESPONSE;
5005 break;
5006 case PATH_CHALLENGE_FRAME:
5007 type_byte = IETF_PATH_CHALLENGE;
5008 break;
5009 case STOP_SENDING_FRAME:
5010 type_byte = IETF_STOP_SENDING;
5011 break;
5012 case MESSAGE_FRAME:
5013 return true;
5014 case CRYPTO_FRAME:
5015 type_byte = IETF_CRYPTO;
5016 break;
5017 case HANDSHAKE_DONE_FRAME:
5018 type_byte = IETF_HANDSHAKE_DONE;
5019 break;
5020 case ACK_FREQUENCY_FRAME:
5021 type_byte = IETF_ACK_FREQUENCY;
5022 break;
5023 case RESET_STREAM_AT_FRAME:
5024 type_byte = IETF_RESET_STREAM_AT;
5025 break;
5026 default:
5027 QUIC_BUG(quic_bug_10850_75)
5028 << "Attempt to generate a frame type for an unsupported value: "
5029 << frame.type;
5030 return false;
5031 }
5032 return writer->WriteVarInt62(type_byte);
5033 }
5034
5035 // static
AppendPacketNumber(QuicPacketNumberLength packet_number_length,QuicPacketNumber packet_number,QuicDataWriter * writer)5036 bool QuicFramer::AppendPacketNumber(QuicPacketNumberLength packet_number_length,
5037 QuicPacketNumber packet_number,
5038 QuicDataWriter* writer) {
5039 QUICHE_DCHECK(packet_number.IsInitialized());
5040 if (!IsValidPacketNumberLength(packet_number_length)) {
5041 QUIC_BUG(quic_bug_10850_76)
5042 << "Invalid packet_number_length: " << packet_number_length;
5043 return false;
5044 }
5045 return writer->WriteBytesToUInt64(packet_number_length,
5046 packet_number.ToUint64());
5047 }
5048
5049 // static
AppendStreamId(size_t stream_id_length,QuicStreamId stream_id,QuicDataWriter * writer)5050 bool QuicFramer::AppendStreamId(size_t stream_id_length, QuicStreamId stream_id,
5051 QuicDataWriter* writer) {
5052 if (stream_id_length == 0 || stream_id_length > 4) {
5053 QUIC_BUG(quic_bug_10850_77)
5054 << "Invalid stream_id_length: " << stream_id_length;
5055 return false;
5056 }
5057 return writer->WriteBytesToUInt64(stream_id_length, stream_id);
5058 }
5059
5060 // static
AppendStreamOffset(size_t offset_length,QuicStreamOffset offset,QuicDataWriter * writer)5061 bool QuicFramer::AppendStreamOffset(size_t offset_length,
5062 QuicStreamOffset offset,
5063 QuicDataWriter* writer) {
5064 if (offset_length == 1 || offset_length > 8) {
5065 QUIC_BUG(quic_bug_10850_78)
5066 << "Invalid stream_offset_length: " << offset_length;
5067 return false;
5068 }
5069
5070 return writer->WriteBytesToUInt64(offset_length, offset);
5071 }
5072
5073 // static
AppendAckBlock(uint8_t gap,QuicPacketNumberLength length_length,uint64_t length,QuicDataWriter * writer)5074 bool QuicFramer::AppendAckBlock(uint8_t gap,
5075 QuicPacketNumberLength length_length,
5076 uint64_t length, QuicDataWriter* writer) {
5077 if (length == 0) {
5078 if (!IsValidPacketNumberLength(length_length)) {
5079 QUIC_BUG(quic_bug_10850_79)
5080 << "Invalid packet_number_length: " << length_length;
5081 return false;
5082 }
5083 return writer->WriteUInt8(gap) &&
5084 writer->WriteBytesToUInt64(length_length, length);
5085 }
5086 return writer->WriteUInt8(gap) &&
5087 AppendPacketNumber(length_length, QuicPacketNumber(length), writer);
5088 }
5089
AppendStreamFrame(const QuicStreamFrame & frame,bool no_stream_frame_length,QuicDataWriter * writer)5090 bool QuicFramer::AppendStreamFrame(const QuicStreamFrame& frame,
5091 bool no_stream_frame_length,
5092 QuicDataWriter* writer) {
5093 if (VersionHasIetfQuicFrames(version_.transport_version)) {
5094 return AppendIetfStreamFrame(frame, no_stream_frame_length, writer);
5095 }
5096 if (!AppendStreamId(GetStreamIdSize(frame.stream_id), frame.stream_id,
5097 writer)) {
5098 QUIC_BUG(quic_bug_10850_80) << "Writing stream id size failed.";
5099 return false;
5100 }
5101 if (!AppendStreamOffset(GetStreamOffsetSize(frame.offset), frame.offset,
5102 writer)) {
5103 QUIC_BUG(quic_bug_10850_81) << "Writing offset size failed.";
5104 return false;
5105 }
5106 if (!no_stream_frame_length) {
5107 static_assert(
5108 std::numeric_limits<decltype(frame.data_length)>::max() <=
5109 std::numeric_limits<uint16_t>::max(),
5110 "If frame.data_length can hold more than a uint16_t than we need to "
5111 "check that frame.data_length <= std::numeric_limits<uint16_t>::max()");
5112 if (!writer->WriteUInt16(static_cast<uint16_t>(frame.data_length))) {
5113 QUIC_BUG(quic_bug_10850_82) << "Writing stream frame length failed";
5114 return false;
5115 }
5116 }
5117
5118 if (data_producer_ != nullptr) {
5119 QUICHE_DCHECK_EQ(nullptr, frame.data_buffer);
5120 if (frame.data_length == 0) {
5121 return true;
5122 }
5123 if (data_producer_->WriteStreamData(frame.stream_id, frame.offset,
5124 frame.data_length,
5125 writer) != WRITE_SUCCESS) {
5126 QUIC_BUG(quic_bug_10850_83) << "Writing frame data failed.";
5127 return false;
5128 }
5129 return true;
5130 }
5131
5132 if (!writer->WriteBytes(frame.data_buffer, frame.data_length)) {
5133 QUIC_BUG(quic_bug_10850_84) << "Writing frame data failed.";
5134 return false;
5135 }
5136 return true;
5137 }
5138
AppendNewTokenFrame(const QuicNewTokenFrame & frame,QuicDataWriter * writer)5139 bool QuicFramer::AppendNewTokenFrame(const QuicNewTokenFrame& frame,
5140 QuicDataWriter* writer) {
5141 if (!writer->WriteVarInt62(static_cast<uint64_t>(frame.token.length()))) {
5142 set_detailed_error("Writing token length failed.");
5143 return false;
5144 }
5145 if (!writer->WriteBytes(frame.token.data(), frame.token.length())) {
5146 set_detailed_error("Writing token buffer failed.");
5147 return false;
5148 }
5149 return true;
5150 }
5151
ProcessNewTokenFrame(QuicDataReader * reader,QuicNewTokenFrame * frame)5152 bool QuicFramer::ProcessNewTokenFrame(QuicDataReader* reader,
5153 QuicNewTokenFrame* frame) {
5154 uint64_t length;
5155 if (!reader->ReadVarInt62(&length)) {
5156 set_detailed_error("Unable to read new token length.");
5157 return false;
5158 }
5159 if (length > kMaxNewTokenTokenLength) {
5160 set_detailed_error("Token length larger than maximum.");
5161 return false;
5162 }
5163
5164 // TODO(ianswett): Don't use absl::string_view as an intermediary.
5165 absl::string_view data;
5166 if (!reader->ReadStringPiece(&data, length)) {
5167 set_detailed_error("Unable to read new token data.");
5168 return false;
5169 }
5170 frame->token = std::string(data);
5171 return true;
5172 }
5173
5174 // Add a new ietf-format stream frame.
5175 // Bits controlling whether there is a frame-length and frame-offset
5176 // are in the QuicStreamFrame.
AppendIetfStreamFrame(const QuicStreamFrame & frame,bool last_frame_in_packet,QuicDataWriter * writer)5177 bool QuicFramer::AppendIetfStreamFrame(const QuicStreamFrame& frame,
5178 bool last_frame_in_packet,
5179 QuicDataWriter* writer) {
5180 if (!writer->WriteVarInt62(static_cast<uint64_t>(frame.stream_id))) {
5181 set_detailed_error("Writing stream id failed.");
5182 return false;
5183 }
5184
5185 if (frame.offset != 0) {
5186 if (!writer->WriteVarInt62(static_cast<uint64_t>(frame.offset))) {
5187 set_detailed_error("Writing data offset failed.");
5188 return false;
5189 }
5190 }
5191
5192 if (!last_frame_in_packet) {
5193 if (!writer->WriteVarInt62(frame.data_length)) {
5194 set_detailed_error("Writing data length failed.");
5195 return false;
5196 }
5197 }
5198
5199 if (frame.data_length == 0) {
5200 return true;
5201 }
5202 if (data_producer_ == nullptr) {
5203 if (!writer->WriteBytes(frame.data_buffer, frame.data_length)) {
5204 set_detailed_error("Writing frame data failed.");
5205 return false;
5206 }
5207 } else {
5208 QUICHE_DCHECK_EQ(nullptr, frame.data_buffer);
5209
5210 if (data_producer_->WriteStreamData(frame.stream_id, frame.offset,
5211 frame.data_length,
5212 writer) != WRITE_SUCCESS) {
5213 set_detailed_error("Writing frame data from producer failed.");
5214 return false;
5215 }
5216 }
5217 return true;
5218 }
5219
AppendCryptoFrame(const QuicCryptoFrame & frame,QuicDataWriter * writer)5220 bool QuicFramer::AppendCryptoFrame(const QuicCryptoFrame& frame,
5221 QuicDataWriter* writer) {
5222 if (!writer->WriteVarInt62(static_cast<uint64_t>(frame.offset))) {
5223 set_detailed_error("Writing data offset failed.");
5224 return false;
5225 }
5226 if (!writer->WriteVarInt62(static_cast<uint64_t>(frame.data_length))) {
5227 set_detailed_error("Writing data length failed.");
5228 return false;
5229 }
5230 if (data_producer_ == nullptr) {
5231 if (frame.data_buffer == nullptr ||
5232 !writer->WriteBytes(frame.data_buffer, frame.data_length)) {
5233 set_detailed_error("Writing frame data failed.");
5234 return false;
5235 }
5236 } else {
5237 QUICHE_DCHECK_EQ(nullptr, frame.data_buffer);
5238 if (!data_producer_->WriteCryptoData(frame.level, frame.offset,
5239 frame.data_length, writer)) {
5240 return false;
5241 }
5242 }
5243 return true;
5244 }
5245
AppendAckFrequencyFrame(const QuicAckFrequencyFrame & frame,QuicDataWriter * writer)5246 bool QuicFramer::AppendAckFrequencyFrame(const QuicAckFrequencyFrame& frame,
5247 QuicDataWriter* writer) {
5248 if (!writer->WriteVarInt62(frame.sequence_number)) {
5249 set_detailed_error("Writing sequence number failed.");
5250 return false;
5251 }
5252 if (!writer->WriteVarInt62(frame.packet_tolerance)) {
5253 set_detailed_error("Writing packet tolerance failed.");
5254 return false;
5255 }
5256 if (!writer->WriteVarInt62(
5257 static_cast<uint64_t>(frame.max_ack_delay.ToMicroseconds()))) {
5258 set_detailed_error("Writing max_ack_delay_us failed.");
5259 return false;
5260 }
5261 if (!writer->WriteUInt8(static_cast<uint8_t>(frame.ignore_order))) {
5262 set_detailed_error("Writing ignore_order failed.");
5263 return false;
5264 }
5265
5266 return true;
5267 }
5268
AppendResetFrameAtFrame(const QuicResetStreamAtFrame & frame,QuicDataWriter & writer)5269 bool QuicFramer::AppendResetFrameAtFrame(const QuicResetStreamAtFrame& frame,
5270 QuicDataWriter& writer) {
5271 if (frame.reliable_offset > frame.final_offset) {
5272 QUIC_BUG(AppendResetFrameAtFrame_offset_mismatch)
5273 << "reliable_offset > final_offset";
5274 set_detailed_error("reliable_offset > final_offset");
5275 return false;
5276 }
5277 absl::Status status =
5278 quiche::SerializeIntoWriter(writer, quiche::WireVarInt62(frame.stream_id),
5279 quiche::WireVarInt62(frame.error),
5280 quiche::WireVarInt62(frame.final_offset),
5281 quiche::WireVarInt62(frame.reliable_offset));
5282 if (!status.ok()) {
5283 set_detailed_error(std::string(status.message()));
5284 return false;
5285 }
5286 return true;
5287 }
5288
set_version(const ParsedQuicVersion version)5289 void QuicFramer::set_version(const ParsedQuicVersion version) {
5290 QUICHE_DCHECK(IsSupportedVersion(version))
5291 << ParsedQuicVersionToString(version);
5292 version_ = version;
5293 }
5294
AppendAckFrameAndTypeByte(const QuicAckFrame & frame,QuicDataWriter * writer)5295 bool QuicFramer::AppendAckFrameAndTypeByte(const QuicAckFrame& frame,
5296 QuicDataWriter* writer) {
5297 if (VersionHasIetfQuicFrames(transport_version())) {
5298 return AppendIetfAckFrameAndTypeByte(frame, writer);
5299 }
5300
5301 const AckFrameInfo new_ack_info = GetAckFrameInfo(frame);
5302 QuicPacketNumber largest_acked = LargestAcked(frame);
5303 QuicPacketNumberLength largest_acked_length =
5304 GetMinPacketNumberLength(largest_acked);
5305 QuicPacketNumberLength ack_block_length =
5306 GetMinPacketNumberLength(QuicPacketNumber(new_ack_info.max_block_length));
5307 // Calculate available bytes for timestamps and ack blocks.
5308 int32_t available_timestamp_and_ack_block_bytes =
5309 writer->capacity() - writer->length() - ack_block_length -
5310 GetMinAckFrameSize(version_.transport_version, frame,
5311 local_ack_delay_exponent_,
5312 UseIetfAckWithReceiveTimestamp(frame)) -
5313 (new_ack_info.num_ack_blocks != 0 ? kNumberOfAckBlocksSize : 0);
5314 QUICHE_DCHECK_LE(0, available_timestamp_and_ack_block_bytes);
5315
5316 uint8_t type_byte = 0;
5317 SetBit(&type_byte, new_ack_info.num_ack_blocks != 0,
5318 kQuicHasMultipleAckBlocksOffset);
5319
5320 SetBits(&type_byte, GetPacketNumberFlags(largest_acked_length),
5321 kQuicSequenceNumberLengthNumBits, kLargestAckedOffset);
5322
5323 SetBits(&type_byte, GetPacketNumberFlags(ack_block_length),
5324 kQuicSequenceNumberLengthNumBits, kActBlockLengthOffset);
5325
5326 type_byte |= kQuicFrameTypeAckMask;
5327
5328 if (!writer->WriteUInt8(type_byte)) {
5329 return false;
5330 }
5331
5332 size_t max_num_ack_blocks = available_timestamp_and_ack_block_bytes /
5333 (ack_block_length + PACKET_1BYTE_PACKET_NUMBER);
5334
5335 // Number of ack blocks.
5336 size_t num_ack_blocks =
5337 std::min(new_ack_info.num_ack_blocks, max_num_ack_blocks);
5338 if (num_ack_blocks > std::numeric_limits<uint8_t>::max()) {
5339 num_ack_blocks = std::numeric_limits<uint8_t>::max();
5340 }
5341
5342 // Largest acked.
5343 if (!AppendPacketNumber(largest_acked_length, largest_acked, writer)) {
5344 return false;
5345 }
5346
5347 // Largest acked delta time.
5348 uint64_t ack_delay_time_us = kUFloat16MaxValue;
5349 if (!frame.ack_delay_time.IsInfinite()) {
5350 QUICHE_DCHECK_LE(0u, frame.ack_delay_time.ToMicroseconds());
5351 ack_delay_time_us = frame.ack_delay_time.ToMicroseconds();
5352 }
5353 if (!writer->WriteUFloat16(ack_delay_time_us)) {
5354 return false;
5355 }
5356
5357 if (num_ack_blocks > 0) {
5358 if (!writer->WriteBytes(&num_ack_blocks, 1)) {
5359 return false;
5360 }
5361 }
5362
5363 // First ack block length.
5364 if (!AppendPacketNumber(ack_block_length,
5365 QuicPacketNumber(new_ack_info.first_block_length),
5366 writer)) {
5367 return false;
5368 }
5369
5370 // Ack blocks.
5371 if (num_ack_blocks > 0) {
5372 size_t num_ack_blocks_written = 0;
5373 // Append, in descending order from the largest ACKed packet, a series of
5374 // ACK blocks that represents the successfully acknoweldged packets. Each
5375 // appended gap/block length represents a descending delta from the previous
5376 // block. i.e.:
5377 // |--- length ---|--- gap ---|--- length ---|--- gap ---|--- largest ---|
5378 // For gaps larger than can be represented by a single encoded gap, a 0
5379 // length gap of the maximum is used, i.e.:
5380 // |--- length ---|--- gap ---|- 0 -|--- gap ---|--- largest ---|
5381 auto itr = frame.packets.rbegin();
5382 QuicPacketNumber previous_start = itr->min();
5383 ++itr;
5384
5385 for (;
5386 itr != frame.packets.rend() && num_ack_blocks_written < num_ack_blocks;
5387 previous_start = itr->min(), ++itr) {
5388 const auto& interval = *itr;
5389 const uint64_t total_gap = previous_start - interval.max();
5390 const size_t num_encoded_gaps =
5391 (total_gap + std::numeric_limits<uint8_t>::max() - 1) /
5392 std::numeric_limits<uint8_t>::max();
5393
5394 // Append empty ACK blocks because the gap is longer than a single gap.
5395 for (size_t i = 1;
5396 i < num_encoded_gaps && num_ack_blocks_written < num_ack_blocks;
5397 ++i) {
5398 if (!AppendAckBlock(std::numeric_limits<uint8_t>::max(),
5399 ack_block_length, 0, writer)) {
5400 return false;
5401 }
5402 ++num_ack_blocks_written;
5403 }
5404 if (num_ack_blocks_written >= num_ack_blocks) {
5405 if (ABSL_PREDICT_FALSE(num_ack_blocks_written != num_ack_blocks)) {
5406 QUIC_BUG(quic_bug_10850_85)
5407 << "Wrote " << num_ack_blocks_written << ", expected to write "
5408 << num_ack_blocks;
5409 }
5410 break;
5411 }
5412
5413 const uint8_t last_gap =
5414 total_gap -
5415 (num_encoded_gaps - 1) * std::numeric_limits<uint8_t>::max();
5416 // Append the final ACK block with a non-empty size.
5417 if (!AppendAckBlock(last_gap, ack_block_length, interval.Length(),
5418 writer)) {
5419 return false;
5420 }
5421 ++num_ack_blocks_written;
5422 }
5423 QUICHE_DCHECK_EQ(num_ack_blocks, num_ack_blocks_written);
5424 }
5425 // Timestamps.
5426 // If we don't process timestamps or if we don't have enough available space
5427 // to append all the timestamps, don't append any of them.
5428 if (process_timestamps_ && writer->capacity() - writer->length() >=
5429 GetAckFrameTimeStampSize(frame)) {
5430 if (!AppendTimestampsToAckFrame(frame, writer)) {
5431 return false;
5432 }
5433 } else {
5434 uint8_t num_received_packets = 0;
5435 if (!writer->WriteBytes(&num_received_packets, 1)) {
5436 return false;
5437 }
5438 }
5439
5440 return true;
5441 }
5442
AppendTimestampsToAckFrame(const QuicAckFrame & frame,QuicDataWriter * writer)5443 bool QuicFramer::AppendTimestampsToAckFrame(const QuicAckFrame& frame,
5444 QuicDataWriter* writer) {
5445 QUICHE_DCHECK_GE(std::numeric_limits<uint8_t>::max(),
5446 frame.received_packet_times.size());
5447 // num_received_packets is only 1 byte.
5448 if (frame.received_packet_times.size() >
5449 std::numeric_limits<uint8_t>::max()) {
5450 return false;
5451 }
5452
5453 uint8_t num_received_packets = frame.received_packet_times.size();
5454 if (!writer->WriteBytes(&num_received_packets, 1)) {
5455 return false;
5456 }
5457 if (num_received_packets == 0) {
5458 return true;
5459 }
5460
5461 auto it = frame.received_packet_times.begin();
5462 QuicPacketNumber packet_number = it->first;
5463 uint64_t delta_from_largest_observed = LargestAcked(frame) - packet_number;
5464
5465 QUICHE_DCHECK_GE(std::numeric_limits<uint8_t>::max(),
5466 delta_from_largest_observed);
5467 if (delta_from_largest_observed > std::numeric_limits<uint8_t>::max()) {
5468 return false;
5469 }
5470
5471 if (!writer->WriteUInt8(delta_from_largest_observed)) {
5472 return false;
5473 }
5474
5475 // Use the lowest 4 bytes of the time delta from the creation_time_.
5476 const uint64_t time_epoch_delta_us = UINT64_C(1) << 32;
5477 uint32_t time_delta_us =
5478 static_cast<uint32_t>((it->second - creation_time_).ToMicroseconds() &
5479 (time_epoch_delta_us - 1));
5480 if (!writer->WriteUInt32(time_delta_us)) {
5481 return false;
5482 }
5483
5484 QuicTime prev_time = it->second;
5485
5486 for (++it; it != frame.received_packet_times.end(); ++it) {
5487 packet_number = it->first;
5488 delta_from_largest_observed = LargestAcked(frame) - packet_number;
5489
5490 if (delta_from_largest_observed > std::numeric_limits<uint8_t>::max()) {
5491 return false;
5492 }
5493
5494 if (!writer->WriteUInt8(delta_from_largest_observed)) {
5495 return false;
5496 }
5497
5498 uint64_t frame_time_delta_us = (it->second - prev_time).ToMicroseconds();
5499 prev_time = it->second;
5500 if (!writer->WriteUFloat16(frame_time_delta_us)) {
5501 return false;
5502 }
5503 }
5504 return true;
5505 }
5506
5507 absl::InlinedVector<QuicFramer::AckTimestampRange, 2>
GetAckTimestampRanges(const QuicAckFrame & frame,std::string & detailed_error) const5508 QuicFramer::GetAckTimestampRanges(const QuicAckFrame& frame,
5509 std::string& detailed_error) const {
5510 detailed_error = "";
5511 if (frame.received_packet_times.empty()) {
5512 return {};
5513 }
5514
5515 absl::InlinedVector<AckTimestampRange, 2> timestamp_ranges;
5516
5517 for (size_t r = 0; r < std::min<size_t>(max_receive_timestamps_per_ack_,
5518 frame.received_packet_times.size());
5519 ++r) {
5520 const size_t i = frame.received_packet_times.size() - 1 - r;
5521 const QuicPacketNumber packet_number = frame.received_packet_times[i].first;
5522 const QuicTime receive_timestamp = frame.received_packet_times[i].second;
5523
5524 if (timestamp_ranges.empty()) {
5525 if (receive_timestamp < creation_time_ ||
5526 LargestAcked(frame) < packet_number) {
5527 detailed_error =
5528 "The first packet is either received earlier than framer creation "
5529 "time, or larger than largest acked packet.";
5530 QUIC_BUG(quic_framer_ack_ts_first_packet_bad)
5531 << detailed_error << " receive_timestamp:" << receive_timestamp
5532 << ", framer_creation_time:" << creation_time_
5533 << ", packet_number:" << packet_number
5534 << ", largest_acked:" << LargestAcked(frame);
5535 return {};
5536 }
5537 timestamp_ranges.push_back(AckTimestampRange());
5538 timestamp_ranges.back().gap = LargestAcked(frame) - packet_number;
5539 timestamp_ranges.back().range_begin = i;
5540 timestamp_ranges.back().range_end = i;
5541 continue;
5542 }
5543
5544 const size_t prev_i = timestamp_ranges.back().range_end;
5545 const QuicPacketNumber prev_packet_number =
5546 frame.received_packet_times[prev_i].first;
5547 const QuicTime prev_receive_timestamp =
5548 frame.received_packet_times[prev_i].second;
5549
5550 QUIC_DVLOG(3) << "prev_packet_number:" << prev_packet_number
5551 << ", packet_number:" << packet_number;
5552 if (prev_receive_timestamp < receive_timestamp ||
5553 prev_packet_number <= packet_number) {
5554 detailed_error = "Packet number and/or receive time not in order.";
5555 QUIC_BUG(quic_framer_ack_ts_packet_out_of_order)
5556 << detailed_error << " packet_number:" << packet_number
5557 << ", receive_timestamp:" << receive_timestamp
5558 << ", prev_packet_number:" << prev_packet_number
5559 << ", prev_receive_timestamp:" << prev_receive_timestamp;
5560 return {};
5561 }
5562
5563 if (prev_packet_number == packet_number + 1) {
5564 timestamp_ranges.back().range_end = i;
5565 } else {
5566 timestamp_ranges.push_back(AckTimestampRange());
5567 timestamp_ranges.back().gap = prev_packet_number - 2 - packet_number;
5568 timestamp_ranges.back().range_begin = i;
5569 timestamp_ranges.back().range_end = i;
5570 }
5571 }
5572
5573 return timestamp_ranges;
5574 }
5575
FrameAckTimestampRanges(const QuicAckFrame & frame,const absl::InlinedVector<AckTimestampRange,2> & timestamp_ranges,QuicDataWriter * writer) const5576 int64_t QuicFramer::FrameAckTimestampRanges(
5577 const QuicAckFrame& frame,
5578 const absl::InlinedVector<AckTimestampRange, 2>& timestamp_ranges,
5579 QuicDataWriter* writer) const {
5580 int64_t size = 0;
5581 auto maybe_write_var_int62 = [&](uint64_t value) {
5582 size += QuicDataWriter::GetVarInt62Len(value);
5583 if (writer != nullptr && !writer->WriteVarInt62(value)) {
5584 return false;
5585 }
5586 return true;
5587 };
5588
5589 if (!maybe_write_var_int62(timestamp_ranges.size())) {
5590 return -1;
5591 }
5592
5593 // |effective_prev_time| is the exponent-encoded timestamp of the previous
5594 // packet.
5595 std::optional<QuicTime> effective_prev_time;
5596 for (const AckTimestampRange& range : timestamp_ranges) {
5597 QUIC_DVLOG(3) << "Range: gap:" << range.gap << ", beg:" << range.range_begin
5598 << ", end:" << range.range_end;
5599 if (!maybe_write_var_int62(range.gap)) {
5600 return -1;
5601 }
5602
5603 if (!maybe_write_var_int62(range.range_begin - range.range_end + 1)) {
5604 return -1;
5605 }
5606
5607 for (int64_t i = range.range_begin; i >= range.range_end; --i) {
5608 const QuicTime receive_timestamp = frame.received_packet_times[i].second;
5609 uint64_t time_delta;
5610 if (effective_prev_time.has_value()) {
5611 time_delta =
5612 (*effective_prev_time - receive_timestamp).ToMicroseconds();
5613 QUIC_DVLOG(3) << "time_delta:" << time_delta
5614 << ", exponent:" << receive_timestamps_exponent_
5615 << ", effective_prev_time:" << *effective_prev_time
5616 << ", recv_time:" << receive_timestamp;
5617 time_delta = time_delta >> receive_timestamps_exponent_;
5618 effective_prev_time = *effective_prev_time -
5619 QuicTime::Delta::FromMicroseconds(
5620 time_delta << receive_timestamps_exponent_);
5621 } else {
5622 // The first delta is from framer creation to the current receive
5623 // timestamp (forward in time), whereas in the common case subsequent
5624 // deltas move backwards in time.
5625 time_delta = (receive_timestamp - creation_time_).ToMicroseconds();
5626 QUIC_DVLOG(3) << "First time_delta:" << time_delta
5627 << ", exponent:" << receive_timestamps_exponent_
5628 << ", recv_time:" << receive_timestamp
5629 << ", creation_time:" << creation_time_;
5630 // Round up the first exponent-encoded time delta so that the next
5631 // receive timestamp is guaranteed to be decreasing.
5632 time_delta = ((time_delta - 1) >> receive_timestamps_exponent_) + 1;
5633 effective_prev_time =
5634 creation_time_ + QuicTime::Delta::FromMicroseconds(
5635 time_delta << receive_timestamps_exponent_);
5636 }
5637
5638 if (!maybe_write_var_int62(time_delta)) {
5639 return -1;
5640 }
5641 }
5642 }
5643
5644 return size;
5645 }
5646
AppendIetfTimestampsToAckFrame(const QuicAckFrame & frame,QuicDataWriter * writer)5647 bool QuicFramer::AppendIetfTimestampsToAckFrame(const QuicAckFrame& frame,
5648 QuicDataWriter* writer) {
5649 QUICHE_DCHECK(!frame.received_packet_times.empty());
5650 std::string detailed_error;
5651 const absl::InlinedVector<AckTimestampRange, 2> timestamp_ranges =
5652 GetAckTimestampRanges(frame, detailed_error);
5653 if (!detailed_error.empty()) {
5654 set_detailed_error(std::move(detailed_error));
5655 return false;
5656 }
5657
5658 // Compute the size first using a null writer.
5659 int64_t size =
5660 FrameAckTimestampRanges(frame, timestamp_ranges, /*writer=*/nullptr);
5661 if (size > static_cast<int64_t>(writer->capacity() - writer->length())) {
5662 QUIC_DVLOG(1) << "Insufficient room to write IETF ack receive timestamps. "
5663 "size_remain:"
5664 << (writer->capacity() - writer->length())
5665 << ", size_needed:" << size;
5666 // Write a Timestamp Range Count of 0.
5667 return writer->WriteVarInt62(0);
5668 }
5669
5670 return FrameAckTimestampRanges(frame, timestamp_ranges, writer) > 0;
5671 }
5672
AppendIetfAckFrameAndTypeByte(const QuicAckFrame & frame,QuicDataWriter * writer)5673 bool QuicFramer::AppendIetfAckFrameAndTypeByte(const QuicAckFrame& frame,
5674 QuicDataWriter* writer) {
5675 uint8_t type = IETF_ACK;
5676 uint64_t ecn_size = 0;
5677 if (UseIetfAckWithReceiveTimestamp(frame)) {
5678 type = IETF_ACK_RECEIVE_TIMESTAMPS;
5679 } else if (frame.ecn_counters.has_value()) {
5680 // Change frame type to ACK_ECN if any ECN count is available.
5681 type = IETF_ACK_ECN;
5682 ecn_size = AckEcnCountSize(frame);
5683 }
5684
5685 if (!writer->WriteVarInt62(type)) {
5686 set_detailed_error("No room for frame-type");
5687 return false;
5688 }
5689
5690 QuicPacketNumber largest_acked = LargestAcked(frame);
5691 if (!writer->WriteVarInt62(largest_acked.ToUint64())) {
5692 set_detailed_error("No room for largest-acked in ack frame");
5693 return false;
5694 }
5695
5696 uint64_t ack_delay_time_us = quiche::kVarInt62MaxValue;
5697 if (!frame.ack_delay_time.IsInfinite()) {
5698 QUICHE_DCHECK_LE(0u, frame.ack_delay_time.ToMicroseconds());
5699 ack_delay_time_us = frame.ack_delay_time.ToMicroseconds();
5700 ack_delay_time_us = ack_delay_time_us >> local_ack_delay_exponent_;
5701 }
5702
5703 if (!writer->WriteVarInt62(ack_delay_time_us)) {
5704 set_detailed_error("No room for ack-delay in ack frame");
5705 return false;
5706 }
5707
5708 if (frame.packets.Empty() || frame.packets.Max() != largest_acked) {
5709 QUIC_BUG(quic_bug_10850_88) << "Malformed ack frame: " << frame;
5710 set_detailed_error("Malformed ack frame");
5711 return false;
5712 }
5713
5714 // Latch ack_block_count for potential truncation.
5715 const uint64_t ack_block_count = frame.packets.NumIntervals() - 1;
5716 QuicDataWriter count_writer(QuicDataWriter::GetVarInt62Len(ack_block_count),
5717 writer->data() + writer->length());
5718 if (!writer->WriteVarInt62(ack_block_count)) {
5719 set_detailed_error("No room for ack block count in ack frame");
5720 return false;
5721 }
5722 auto iter = frame.packets.rbegin();
5723 if (!writer->WriteVarInt62(iter->Length() - 1)) {
5724 set_detailed_error("No room for first ack block in ack frame");
5725 return false;
5726 }
5727 QuicPacketNumber previous_smallest = iter->min();
5728 ++iter;
5729 // Append remaining ACK blocks.
5730 uint64_t appended_ack_blocks = 0;
5731 for (; iter != frame.packets.rend(); ++iter) {
5732 const uint64_t gap = previous_smallest - iter->max() - 1;
5733 const uint64_t ack_range = iter->Length() - 1;
5734
5735 if (type == IETF_ACK_RECEIVE_TIMESTAMPS &&
5736 writer->remaining() <
5737 static_cast<size_t>(QuicDataWriter::GetVarInt62Len(gap) +
5738 QuicDataWriter::GetVarInt62Len(ack_range) +
5739 QuicDataWriter::GetVarInt62Len(0))) {
5740 // If we write this ACK range we won't have space for a timestamp range
5741 // count of 0.
5742 break;
5743 } else if (writer->remaining() < ecn_size ||
5744 writer->remaining() - ecn_size <
5745 static_cast<size_t>(
5746 QuicDataWriter::GetVarInt62Len(gap) +
5747 QuicDataWriter::GetVarInt62Len(ack_range))) {
5748 // ACK range does not fit, truncate it.
5749 break;
5750 }
5751 const bool success =
5752 writer->WriteVarInt62(gap) && writer->WriteVarInt62(ack_range);
5753 QUICHE_DCHECK(success);
5754 previous_smallest = iter->min();
5755 ++appended_ack_blocks;
5756 }
5757
5758 if (appended_ack_blocks < ack_block_count) {
5759 // Truncation is needed, rewrite the ack block count.
5760 if (QuicDataWriter::GetVarInt62Len(appended_ack_blocks) !=
5761 QuicDataWriter::GetVarInt62Len(ack_block_count) ||
5762 !count_writer.WriteVarInt62(appended_ack_blocks)) {
5763 // This should never happen as ack_block_count is limited by
5764 // max_ack_ranges_.
5765 QUIC_BUG(quic_bug_10850_89)
5766 << "Ack frame truncation fails. ack_block_count: " << ack_block_count
5767 << ", appended count: " << appended_ack_blocks;
5768 set_detailed_error("ACK frame truncation fails");
5769 return false;
5770 }
5771 QUIC_DLOG(INFO) << ENDPOINT << "ACK ranges get truncated from "
5772 << ack_block_count << " to " << appended_ack_blocks;
5773 }
5774
5775 if (type == IETF_ACK_ECN) {
5776 // Encode the ECN counts.
5777 if (!writer->WriteVarInt62(frame.ecn_counters->ect0)) {
5778 set_detailed_error("No room for ect_0_count in ack frame");
5779 return false;
5780 }
5781 if (!writer->WriteVarInt62(frame.ecn_counters->ect1)) {
5782 set_detailed_error("No room for ect_1_count in ack frame");
5783 return false;
5784 }
5785 if (!writer->WriteVarInt62(frame.ecn_counters->ce)) {
5786 set_detailed_error("No room for ecn_ce_count in ack frame");
5787 return false;
5788 }
5789 }
5790
5791 if (type == IETF_ACK_RECEIVE_TIMESTAMPS) {
5792 if (!AppendIetfTimestampsToAckFrame(frame, writer)) {
5793 return false;
5794 }
5795 }
5796
5797 return true;
5798 }
5799
AppendRstStreamFrame(const QuicRstStreamFrame & frame,QuicDataWriter * writer)5800 bool QuicFramer::AppendRstStreamFrame(const QuicRstStreamFrame& frame,
5801 QuicDataWriter* writer) {
5802 if (VersionHasIetfQuicFrames(version_.transport_version)) {
5803 return AppendIetfResetStreamFrame(frame, writer);
5804 }
5805 if (!writer->WriteUInt32(frame.stream_id)) {
5806 return false;
5807 }
5808
5809 if (!writer->WriteUInt64(frame.byte_offset)) {
5810 return false;
5811 }
5812
5813 uint32_t error_code = static_cast<uint32_t>(frame.error_code);
5814 if (!writer->WriteUInt32(error_code)) {
5815 return false;
5816 }
5817
5818 return true;
5819 }
5820
AppendConnectionCloseFrame(const QuicConnectionCloseFrame & frame,QuicDataWriter * writer)5821 bool QuicFramer::AppendConnectionCloseFrame(
5822 const QuicConnectionCloseFrame& frame, QuicDataWriter* writer) {
5823 if (VersionHasIetfQuicFrames(version_.transport_version)) {
5824 return AppendIetfConnectionCloseFrame(frame, writer);
5825 }
5826 uint32_t error_code = static_cast<uint32_t>(frame.wire_error_code);
5827 if (!writer->WriteUInt32(error_code)) {
5828 return false;
5829 }
5830 if (!writer->WriteStringPiece16(TruncateErrorString(frame.error_details))) {
5831 return false;
5832 }
5833 return true;
5834 }
5835
AppendGoAwayFrame(const QuicGoAwayFrame & frame,QuicDataWriter * writer)5836 bool QuicFramer::AppendGoAwayFrame(const QuicGoAwayFrame& frame,
5837 QuicDataWriter* writer) {
5838 uint32_t error_code = static_cast<uint32_t>(frame.error_code);
5839 if (!writer->WriteUInt32(error_code)) {
5840 return false;
5841 }
5842 uint32_t stream_id = static_cast<uint32_t>(frame.last_good_stream_id);
5843 if (!writer->WriteUInt32(stream_id)) {
5844 return false;
5845 }
5846 if (!writer->WriteStringPiece16(TruncateErrorString(frame.reason_phrase))) {
5847 return false;
5848 }
5849 return true;
5850 }
5851
AppendWindowUpdateFrame(const QuicWindowUpdateFrame & frame,QuicDataWriter * writer)5852 bool QuicFramer::AppendWindowUpdateFrame(const QuicWindowUpdateFrame& frame,
5853 QuicDataWriter* writer) {
5854 uint32_t stream_id = static_cast<uint32_t>(frame.stream_id);
5855 if (!writer->WriteUInt32(stream_id)) {
5856 return false;
5857 }
5858 if (!writer->WriteUInt64(frame.max_data)) {
5859 return false;
5860 }
5861 return true;
5862 }
5863
AppendBlockedFrame(const QuicBlockedFrame & frame,QuicDataWriter * writer)5864 bool QuicFramer::AppendBlockedFrame(const QuicBlockedFrame& frame,
5865 QuicDataWriter* writer) {
5866 if (VersionHasIetfQuicFrames(version_.transport_version)) {
5867 if (frame.stream_id == QuicUtils::GetInvalidStreamId(transport_version())) {
5868 return AppendDataBlockedFrame(frame, writer);
5869 }
5870 return AppendStreamDataBlockedFrame(frame, writer);
5871 }
5872 uint32_t stream_id = static_cast<uint32_t>(frame.stream_id);
5873 if (!writer->WriteUInt32(stream_id)) {
5874 return false;
5875 }
5876 return true;
5877 }
5878
AppendPaddingFrame(const QuicPaddingFrame & frame,QuicDataWriter * writer)5879 bool QuicFramer::AppendPaddingFrame(const QuicPaddingFrame& frame,
5880 QuicDataWriter* writer) {
5881 if (frame.num_padding_bytes == 0) {
5882 return false;
5883 }
5884 if (frame.num_padding_bytes < 0) {
5885 QUIC_BUG_IF(quic_bug_12975_9, frame.num_padding_bytes != -1);
5886 writer->WritePadding();
5887 return true;
5888 }
5889 // Please note, num_padding_bytes includes type byte which has been written.
5890 return writer->WritePaddingBytes(frame.num_padding_bytes - 1);
5891 }
5892
AppendMessageFrameAndTypeByte(const QuicMessageFrame & frame,bool last_frame_in_packet,QuicDataWriter * writer)5893 bool QuicFramer::AppendMessageFrameAndTypeByte(const QuicMessageFrame& frame,
5894 bool last_frame_in_packet,
5895 QuicDataWriter* writer) {
5896 uint8_t type_byte;
5897 if (VersionHasIetfQuicFrames(version_.transport_version)) {
5898 type_byte = last_frame_in_packet ? IETF_EXTENSION_MESSAGE_NO_LENGTH_V99
5899 : IETF_EXTENSION_MESSAGE_V99;
5900 } else {
5901 QUIC_CODE_COUNT(quic_legacy_message_frame_codepoint_write);
5902 type_byte = last_frame_in_packet ? IETF_EXTENSION_MESSAGE_NO_LENGTH
5903 : IETF_EXTENSION_MESSAGE;
5904 }
5905 if (!writer->WriteUInt8(type_byte)) {
5906 return false;
5907 }
5908 if (!last_frame_in_packet && !writer->WriteVarInt62(frame.message_length)) {
5909 return false;
5910 }
5911 for (const auto& slice : frame.message_data) {
5912 if (!writer->WriteBytes(slice.data(), slice.length())) {
5913 return false;
5914 }
5915 }
5916 return true;
5917 }
5918
RaiseError(QuicErrorCode error)5919 bool QuicFramer::RaiseError(QuicErrorCode error) {
5920 QUIC_DLOG(INFO) << ENDPOINT << "Error: " << QuicErrorCodeToString(error)
5921 << " detail: " << detailed_error_;
5922 set_error(error);
5923 if (visitor_) {
5924 visitor_->OnError(this);
5925 }
5926 return false;
5927 }
5928
IsVersionNegotiation(const QuicPacketHeader & header) const5929 bool QuicFramer::IsVersionNegotiation(const QuicPacketHeader& header) const {
5930 return header.form == IETF_QUIC_LONG_HEADER_PACKET &&
5931 header.long_packet_type == VERSION_NEGOTIATION;
5932 }
5933
AppendIetfConnectionCloseFrame(const QuicConnectionCloseFrame & frame,QuicDataWriter * writer)5934 bool QuicFramer::AppendIetfConnectionCloseFrame(
5935 const QuicConnectionCloseFrame& frame, QuicDataWriter* writer) {
5936 if (frame.close_type != IETF_QUIC_TRANSPORT_CONNECTION_CLOSE &&
5937 frame.close_type != IETF_QUIC_APPLICATION_CONNECTION_CLOSE) {
5938 QUIC_BUG(quic_bug_10850_90)
5939 << "Invalid close_type for writing IETF CONNECTION CLOSE.";
5940 set_detailed_error("Invalid close_type for writing IETF CONNECTION CLOSE.");
5941 return false;
5942 }
5943
5944 if (!writer->WriteVarInt62(frame.wire_error_code)) {
5945 set_detailed_error("Can not write connection close frame error code");
5946 return false;
5947 }
5948
5949 if (frame.close_type == IETF_QUIC_TRANSPORT_CONNECTION_CLOSE) {
5950 // Write the frame-type of the frame causing the error only
5951 // if it's a CONNECTION_CLOSE/Transport.
5952 if (!writer->WriteVarInt62(frame.transport_close_frame_type)) {
5953 set_detailed_error("Writing frame type failed.");
5954 return false;
5955 }
5956 }
5957
5958 // There may be additional error information available in the extracted error
5959 // code. Encode the error information in the reason phrase and serialize the
5960 // result.
5961 std::string final_error_string =
5962 GenerateErrorString(frame.error_details, frame.quic_error_code);
5963 if (!writer->WriteStringPieceVarInt62(
5964 TruncateErrorString(final_error_string))) {
5965 set_detailed_error("Can not write connection close phrase");
5966 return false;
5967 }
5968 return true;
5969 }
5970
ProcessIetfConnectionCloseFrame(QuicDataReader * reader,QuicConnectionCloseType type,QuicConnectionCloseFrame * frame)5971 bool QuicFramer::ProcessIetfConnectionCloseFrame(
5972 QuicDataReader* reader, QuicConnectionCloseType type,
5973 QuicConnectionCloseFrame* frame) {
5974 frame->close_type = type;
5975
5976 uint64_t error_code;
5977 if (!reader->ReadVarInt62(&error_code)) {
5978 set_detailed_error("Unable to read connection close error code.");
5979 return false;
5980 }
5981
5982 frame->wire_error_code = error_code;
5983
5984 if (type == IETF_QUIC_TRANSPORT_CONNECTION_CLOSE) {
5985 // The frame-type of the frame causing the error is present only
5986 // if it's a CONNECTION_CLOSE/Transport.
5987 if (!reader->ReadVarInt62(&frame->transport_close_frame_type)) {
5988 set_detailed_error("Unable to read connection close frame type.");
5989 return false;
5990 }
5991 }
5992
5993 uint64_t phrase_length;
5994 if (!reader->ReadVarInt62(&phrase_length)) {
5995 set_detailed_error("Unable to read connection close error details.");
5996 return false;
5997 }
5998
5999 absl::string_view phrase;
6000 if (!reader->ReadStringPiece(&phrase, static_cast<size_t>(phrase_length))) {
6001 set_detailed_error("Unable to read connection close error details.");
6002 return false;
6003 }
6004 frame->error_details = std::string(phrase);
6005
6006 // The frame may have an extracted error code in it. Look for it and
6007 // extract it. If it's not present, MaybeExtract will return
6008 // QUIC_IETF_GQUIC_ERROR_MISSING.
6009 MaybeExtractQuicErrorCode(frame);
6010 return true;
6011 }
6012
6013 // IETF Quic Path Challenge/Response frames.
ProcessPathChallengeFrame(QuicDataReader * reader,QuicPathChallengeFrame * frame)6014 bool QuicFramer::ProcessPathChallengeFrame(QuicDataReader* reader,
6015 QuicPathChallengeFrame* frame) {
6016 if (!reader->ReadBytes(frame->data_buffer.data(),
6017 frame->data_buffer.size())) {
6018 set_detailed_error("Can not read path challenge data.");
6019 return false;
6020 }
6021 return true;
6022 }
6023
ProcessPathResponseFrame(QuicDataReader * reader,QuicPathResponseFrame * frame)6024 bool QuicFramer::ProcessPathResponseFrame(QuicDataReader* reader,
6025 QuicPathResponseFrame* frame) {
6026 if (!reader->ReadBytes(frame->data_buffer.data(),
6027 frame->data_buffer.size())) {
6028 set_detailed_error("Can not read path response data.");
6029 return false;
6030 }
6031 return true;
6032 }
6033
AppendPathChallengeFrame(const QuicPathChallengeFrame & frame,QuicDataWriter * writer)6034 bool QuicFramer::AppendPathChallengeFrame(const QuicPathChallengeFrame& frame,
6035 QuicDataWriter* writer) {
6036 if (!writer->WriteBytes(frame.data_buffer.data(), frame.data_buffer.size())) {
6037 set_detailed_error("Writing Path Challenge data failed.");
6038 return false;
6039 }
6040 return true;
6041 }
6042
AppendPathResponseFrame(const QuicPathResponseFrame & frame,QuicDataWriter * writer)6043 bool QuicFramer::AppendPathResponseFrame(const QuicPathResponseFrame& frame,
6044 QuicDataWriter* writer) {
6045 if (!writer->WriteBytes(frame.data_buffer.data(), frame.data_buffer.size())) {
6046 set_detailed_error("Writing Path Response data failed.");
6047 return false;
6048 }
6049 return true;
6050 }
6051
6052 // Add a new ietf-format stream reset frame.
6053 // General format is
6054 // stream id
6055 // application error code
6056 // final offset
AppendIetfResetStreamFrame(const QuicRstStreamFrame & frame,QuicDataWriter * writer)6057 bool QuicFramer::AppendIetfResetStreamFrame(const QuicRstStreamFrame& frame,
6058 QuicDataWriter* writer) {
6059 if (!writer->WriteVarInt62(static_cast<uint64_t>(frame.stream_id))) {
6060 set_detailed_error("Writing reset-stream stream id failed.");
6061 return false;
6062 }
6063 if (!writer->WriteVarInt62(static_cast<uint64_t>(frame.ietf_error_code))) {
6064 set_detailed_error("Writing reset-stream error code failed.");
6065 return false;
6066 }
6067 if (!writer->WriteVarInt62(static_cast<uint64_t>(frame.byte_offset))) {
6068 set_detailed_error("Writing reset-stream final-offset failed.");
6069 return false;
6070 }
6071 return true;
6072 }
6073
ProcessIetfResetStreamFrame(QuicDataReader * reader,QuicRstStreamFrame * frame)6074 bool QuicFramer::ProcessIetfResetStreamFrame(QuicDataReader* reader,
6075 QuicRstStreamFrame* frame) {
6076 // Get Stream ID from frame. ReadVarIntStreamID returns false
6077 // if either A) there is a read error or B) the resulting value of
6078 // the Stream ID is larger than the maximum allowed value.
6079 if (!ReadUint32FromVarint62(reader, IETF_RST_STREAM, &frame->stream_id)) {
6080 return false;
6081 }
6082
6083 if (!reader->ReadVarInt62(&frame->ietf_error_code)) {
6084 set_detailed_error("Unable to read rst stream error code.");
6085 return false;
6086 }
6087
6088 frame->error_code =
6089 IetfResetStreamErrorCodeToRstStreamErrorCode(frame->ietf_error_code);
6090
6091 if (!reader->ReadVarInt62(&frame->byte_offset)) {
6092 set_detailed_error("Unable to read rst stream sent byte offset.");
6093 return false;
6094 }
6095 return true;
6096 }
6097
ProcessStopSendingFrame(QuicDataReader * reader,QuicStopSendingFrame * stop_sending_frame)6098 bool QuicFramer::ProcessStopSendingFrame(
6099 QuicDataReader* reader, QuicStopSendingFrame* stop_sending_frame) {
6100 if (!ReadUint32FromVarint62(reader, IETF_STOP_SENDING,
6101 &stop_sending_frame->stream_id)) {
6102 return false;
6103 }
6104
6105 if (!reader->ReadVarInt62(&stop_sending_frame->ietf_error_code)) {
6106 set_detailed_error("Unable to read stop sending application error code.");
6107 return false;
6108 }
6109
6110 stop_sending_frame->error_code = IetfResetStreamErrorCodeToRstStreamErrorCode(
6111 stop_sending_frame->ietf_error_code);
6112 return true;
6113 }
6114
AppendStopSendingFrame(const QuicStopSendingFrame & stop_sending_frame,QuicDataWriter * writer)6115 bool QuicFramer::AppendStopSendingFrame(
6116 const QuicStopSendingFrame& stop_sending_frame, QuicDataWriter* writer) {
6117 if (!writer->WriteVarInt62(stop_sending_frame.stream_id)) {
6118 set_detailed_error("Can not write stop sending stream id");
6119 return false;
6120 }
6121 if (!writer->WriteVarInt62(
6122 static_cast<uint64_t>(stop_sending_frame.ietf_error_code))) {
6123 set_detailed_error("Can not write application error code");
6124 return false;
6125 }
6126 return true;
6127 }
6128
6129 // Append/process IETF-Format MAX_DATA Frame
AppendMaxDataFrame(const QuicWindowUpdateFrame & frame,QuicDataWriter * writer)6130 bool QuicFramer::AppendMaxDataFrame(const QuicWindowUpdateFrame& frame,
6131 QuicDataWriter* writer) {
6132 if (!writer->WriteVarInt62(frame.max_data)) {
6133 set_detailed_error("Can not write MAX_DATA byte-offset");
6134 return false;
6135 }
6136 return true;
6137 }
6138
ProcessMaxDataFrame(QuicDataReader * reader,QuicWindowUpdateFrame * frame)6139 bool QuicFramer::ProcessMaxDataFrame(QuicDataReader* reader,
6140 QuicWindowUpdateFrame* frame) {
6141 frame->stream_id = QuicUtils::GetInvalidStreamId(transport_version());
6142 if (!reader->ReadVarInt62(&frame->max_data)) {
6143 set_detailed_error("Can not read MAX_DATA byte-offset");
6144 return false;
6145 }
6146 return true;
6147 }
6148
6149 // Append/process IETF-Format MAX_STREAM_DATA Frame
AppendMaxStreamDataFrame(const QuicWindowUpdateFrame & frame,QuicDataWriter * writer)6150 bool QuicFramer::AppendMaxStreamDataFrame(const QuicWindowUpdateFrame& frame,
6151 QuicDataWriter* writer) {
6152 if (!writer->WriteVarInt62(frame.stream_id)) {
6153 set_detailed_error("Can not write MAX_STREAM_DATA stream id");
6154 return false;
6155 }
6156 if (!writer->WriteVarInt62(frame.max_data)) {
6157 set_detailed_error("Can not write MAX_STREAM_DATA byte-offset");
6158 return false;
6159 }
6160 return true;
6161 }
6162
ProcessMaxStreamDataFrame(QuicDataReader * reader,QuicWindowUpdateFrame * frame)6163 bool QuicFramer::ProcessMaxStreamDataFrame(QuicDataReader* reader,
6164 QuicWindowUpdateFrame* frame) {
6165 if (!ReadUint32FromVarint62(reader, IETF_MAX_STREAM_DATA,
6166 &frame->stream_id)) {
6167 return false;
6168 }
6169 if (!reader->ReadVarInt62(&frame->max_data)) {
6170 set_detailed_error("Can not read MAX_STREAM_DATA byte-count");
6171 return false;
6172 }
6173 return true;
6174 }
6175
AppendMaxStreamsFrame(const QuicMaxStreamsFrame & frame,QuicDataWriter * writer)6176 bool QuicFramer::AppendMaxStreamsFrame(const QuicMaxStreamsFrame& frame,
6177 QuicDataWriter* writer) {
6178 if (!writer->WriteVarInt62(frame.stream_count)) {
6179 set_detailed_error("Can not write MAX_STREAMS stream count");
6180 return false;
6181 }
6182 return true;
6183 }
6184
ProcessMaxStreamsFrame(QuicDataReader * reader,QuicMaxStreamsFrame * frame,uint64_t frame_type)6185 bool QuicFramer::ProcessMaxStreamsFrame(QuicDataReader* reader,
6186 QuicMaxStreamsFrame* frame,
6187 uint64_t frame_type) {
6188 if (!ReadUint32FromVarint62(reader,
6189 static_cast<QuicIetfFrameType>(frame_type),
6190 &frame->stream_count)) {
6191 return false;
6192 }
6193 frame->unidirectional = (frame_type == IETF_MAX_STREAMS_UNIDIRECTIONAL);
6194 return true;
6195 }
6196
AppendDataBlockedFrame(const QuicBlockedFrame & frame,QuicDataWriter * writer)6197 bool QuicFramer::AppendDataBlockedFrame(const QuicBlockedFrame& frame,
6198 QuicDataWriter* writer) {
6199 if (!writer->WriteVarInt62(frame.offset)) {
6200 set_detailed_error("Can not write blocked offset.");
6201 return false;
6202 }
6203 return true;
6204 }
6205
ProcessDataBlockedFrame(QuicDataReader * reader,QuicBlockedFrame * frame)6206 bool QuicFramer::ProcessDataBlockedFrame(QuicDataReader* reader,
6207 QuicBlockedFrame* frame) {
6208 // Indicates that it is a BLOCKED frame (as opposed to STREAM_BLOCKED).
6209 frame->stream_id = QuicUtils::GetInvalidStreamId(transport_version());
6210 if (!reader->ReadVarInt62(&frame->offset)) {
6211 set_detailed_error("Can not read blocked offset.");
6212 return false;
6213 }
6214 return true;
6215 }
6216
AppendStreamDataBlockedFrame(const QuicBlockedFrame & frame,QuicDataWriter * writer)6217 bool QuicFramer::AppendStreamDataBlockedFrame(const QuicBlockedFrame& frame,
6218 QuicDataWriter* writer) {
6219 if (!writer->WriteVarInt62(frame.stream_id)) {
6220 set_detailed_error("Can not write stream blocked stream id.");
6221 return false;
6222 }
6223 if (!writer->WriteVarInt62(frame.offset)) {
6224 set_detailed_error("Can not write stream blocked offset.");
6225 return false;
6226 }
6227 return true;
6228 }
6229
ProcessStreamDataBlockedFrame(QuicDataReader * reader,QuicBlockedFrame * frame)6230 bool QuicFramer::ProcessStreamDataBlockedFrame(QuicDataReader* reader,
6231 QuicBlockedFrame* frame) {
6232 if (!ReadUint32FromVarint62(reader, IETF_STREAM_DATA_BLOCKED,
6233 &frame->stream_id)) {
6234 return false;
6235 }
6236 if (!reader->ReadVarInt62(&frame->offset)) {
6237 set_detailed_error("Can not read stream blocked offset.");
6238 return false;
6239 }
6240 return true;
6241 }
6242
AppendStreamsBlockedFrame(const QuicStreamsBlockedFrame & frame,QuicDataWriter * writer)6243 bool QuicFramer::AppendStreamsBlockedFrame(const QuicStreamsBlockedFrame& frame,
6244 QuicDataWriter* writer) {
6245 if (!writer->WriteVarInt62(frame.stream_count)) {
6246 set_detailed_error("Can not write STREAMS_BLOCKED stream count");
6247 return false;
6248 }
6249 return true;
6250 }
6251
ProcessStreamsBlockedFrame(QuicDataReader * reader,QuicStreamsBlockedFrame * frame,uint64_t frame_type)6252 bool QuicFramer::ProcessStreamsBlockedFrame(QuicDataReader* reader,
6253 QuicStreamsBlockedFrame* frame,
6254 uint64_t frame_type) {
6255 if (!ReadUint32FromVarint62(reader,
6256 static_cast<QuicIetfFrameType>(frame_type),
6257 &frame->stream_count)) {
6258 return false;
6259 }
6260 if (frame->stream_count > QuicUtils::GetMaxStreamCount()) {
6261 // If stream count is such that the resulting stream ID would exceed our
6262 // implementation limit, generate an error.
6263 set_detailed_error(
6264 "STREAMS_BLOCKED stream count exceeds implementation limit.");
6265 return false;
6266 }
6267 frame->unidirectional = (frame_type == IETF_STREAMS_BLOCKED_UNIDIRECTIONAL);
6268 return true;
6269 }
6270
AppendNewConnectionIdFrame(const QuicNewConnectionIdFrame & frame,QuicDataWriter * writer)6271 bool QuicFramer::AppendNewConnectionIdFrame(
6272 const QuicNewConnectionIdFrame& frame, QuicDataWriter* writer) {
6273 if (!writer->WriteVarInt62(frame.sequence_number)) {
6274 set_detailed_error("Can not write New Connection ID sequence number");
6275 return false;
6276 }
6277 if (!writer->WriteVarInt62(frame.retire_prior_to)) {
6278 set_detailed_error("Can not write New Connection ID retire_prior_to");
6279 return false;
6280 }
6281 if (!writer->WriteLengthPrefixedConnectionId(frame.connection_id)) {
6282 set_detailed_error("Can not write New Connection ID frame connection ID");
6283 return false;
6284 }
6285
6286 if (!writer->WriteBytes(
6287 static_cast<const void*>(&frame.stateless_reset_token),
6288 sizeof(frame.stateless_reset_token))) {
6289 set_detailed_error("Can not write New Connection ID Reset Token");
6290 return false;
6291 }
6292 return true;
6293 }
6294
ProcessNewConnectionIdFrame(QuicDataReader * reader,QuicNewConnectionIdFrame * frame)6295 bool QuicFramer::ProcessNewConnectionIdFrame(QuicDataReader* reader,
6296 QuicNewConnectionIdFrame* frame) {
6297 if (!reader->ReadVarInt62(&frame->sequence_number)) {
6298 set_detailed_error(
6299 "Unable to read new connection ID frame sequence number.");
6300 return false;
6301 }
6302
6303 if (!reader->ReadVarInt62(&frame->retire_prior_to)) {
6304 set_detailed_error(
6305 "Unable to read new connection ID frame retire_prior_to.");
6306 return false;
6307 }
6308 if (frame->retire_prior_to > frame->sequence_number) {
6309 set_detailed_error("Retire_prior_to > sequence_number.");
6310 return false;
6311 }
6312
6313 if (!reader->ReadLengthPrefixedConnectionId(&frame->connection_id)) {
6314 set_detailed_error("Unable to read new connection ID frame connection id.");
6315 return false;
6316 }
6317
6318 if (!QuicUtils::IsConnectionIdValidForVersion(frame->connection_id,
6319 transport_version())) {
6320 set_detailed_error("Invalid new connection ID length for version.");
6321 return false;
6322 }
6323
6324 if (!reader->ReadBytes(&frame->stateless_reset_token,
6325 sizeof(frame->stateless_reset_token))) {
6326 set_detailed_error("Can not read new connection ID frame reset token.");
6327 return false;
6328 }
6329 return true;
6330 }
6331
AppendRetireConnectionIdFrame(const QuicRetireConnectionIdFrame & frame,QuicDataWriter * writer)6332 bool QuicFramer::AppendRetireConnectionIdFrame(
6333 const QuicRetireConnectionIdFrame& frame, QuicDataWriter* writer) {
6334 if (!writer->WriteVarInt62(frame.sequence_number)) {
6335 set_detailed_error("Can not write Retire Connection ID sequence number");
6336 return false;
6337 }
6338 return true;
6339 }
6340
ProcessRetireConnectionIdFrame(QuicDataReader * reader,QuicRetireConnectionIdFrame * frame)6341 bool QuicFramer::ProcessRetireConnectionIdFrame(
6342 QuicDataReader* reader, QuicRetireConnectionIdFrame* frame) {
6343 if (!reader->ReadVarInt62(&frame->sequence_number)) {
6344 set_detailed_error(
6345 "Unable to read retire connection ID frame sequence number.");
6346 return false;
6347 }
6348 return true;
6349 }
6350
ReadUint32FromVarint62(QuicDataReader * reader,QuicIetfFrameType type,QuicStreamId * id)6351 bool QuicFramer::ReadUint32FromVarint62(QuicDataReader* reader,
6352 QuicIetfFrameType type,
6353 QuicStreamId* id) {
6354 uint64_t temp_uint64;
6355 if (!reader->ReadVarInt62(&temp_uint64)) {
6356 set_detailed_error("Unable to read " + QuicIetfFrameTypeString(type) +
6357 " frame stream id/count.");
6358 return false;
6359 }
6360 if (temp_uint64 > kMaxQuicStreamId) {
6361 set_detailed_error("Stream id/count of " + QuicIetfFrameTypeString(type) +
6362 "frame is too large.");
6363 return false;
6364 }
6365 *id = static_cast<uint32_t>(temp_uint64);
6366 return true;
6367 }
6368
GetStreamFrameTypeByte(const QuicStreamFrame & frame,bool last_frame_in_packet) const6369 uint8_t QuicFramer::GetStreamFrameTypeByte(const QuicStreamFrame& frame,
6370 bool last_frame_in_packet) const {
6371 if (VersionHasIetfQuicFrames(version_.transport_version)) {
6372 return GetIetfStreamFrameTypeByte(frame, last_frame_in_packet);
6373 }
6374 uint8_t type_byte = 0;
6375 // Fin bit.
6376 type_byte |= frame.fin ? kQuicStreamFinMask : 0;
6377
6378 // Data Length bit.
6379 type_byte <<= kQuicStreamDataLengthShift;
6380 type_byte |= last_frame_in_packet ? 0 : kQuicStreamDataLengthMask;
6381
6382 // Offset 3 bits.
6383 type_byte <<= kQuicStreamShift;
6384 const size_t offset_len = GetStreamOffsetSize(frame.offset);
6385 if (offset_len > 0) {
6386 type_byte |= offset_len - 1;
6387 }
6388
6389 // stream id 2 bits.
6390 type_byte <<= kQuicStreamIdShift;
6391 type_byte |= GetStreamIdSize(frame.stream_id) - 1;
6392 type_byte |= kQuicFrameTypeStreamMask; // Set Stream Frame Type to 1.
6393
6394 return type_byte;
6395 }
6396
GetIetfStreamFrameTypeByte(const QuicStreamFrame & frame,bool last_frame_in_packet) const6397 uint8_t QuicFramer::GetIetfStreamFrameTypeByte(
6398 const QuicStreamFrame& frame, bool last_frame_in_packet) const {
6399 QUICHE_DCHECK(VersionHasIetfQuicFrames(version_.transport_version));
6400 uint8_t type_byte = IETF_STREAM;
6401 if (!last_frame_in_packet) {
6402 type_byte |= IETF_STREAM_FRAME_LEN_BIT;
6403 }
6404 if (frame.offset != 0) {
6405 type_byte |= IETF_STREAM_FRAME_OFF_BIT;
6406 }
6407 if (frame.fin) {
6408 type_byte |= IETF_STREAM_FRAME_FIN_BIT;
6409 }
6410 return type_byte;
6411 }
6412
EnableMultiplePacketNumberSpacesSupport()6413 void QuicFramer::EnableMultiplePacketNumberSpacesSupport() {
6414 if (supports_multiple_packet_number_spaces_) {
6415 QUIC_BUG(quic_bug_10850_91)
6416 << "Multiple packet number spaces has already been enabled";
6417 return;
6418 }
6419 if (largest_packet_number_.IsInitialized()) {
6420 QUIC_BUG(quic_bug_10850_92)
6421 << "Try to enable multiple packet number spaces support after any "
6422 "packet has been received.";
6423 return;
6424 }
6425
6426 supports_multiple_packet_number_spaces_ = true;
6427 }
6428
6429 // static
ParsePublicHeaderDispatcher(const QuicEncryptedPacket & packet,uint8_t expected_destination_connection_id_length,PacketHeaderFormat * format,QuicLongHeaderType * long_packet_type,bool * version_present,bool * has_length_prefix,QuicVersionLabel * version_label,ParsedQuicVersion * parsed_version,QuicConnectionId * destination_connection_id,QuicConnectionId * source_connection_id,std::optional<absl::string_view> * retry_token,std::string * detailed_error)6430 QuicErrorCode QuicFramer::ParsePublicHeaderDispatcher(
6431 const QuicEncryptedPacket& packet,
6432 uint8_t expected_destination_connection_id_length,
6433 PacketHeaderFormat* format, QuicLongHeaderType* long_packet_type,
6434 bool* version_present, bool* has_length_prefix,
6435 QuicVersionLabel* version_label, ParsedQuicVersion* parsed_version,
6436 QuicConnectionId* destination_connection_id,
6437 QuicConnectionId* source_connection_id,
6438 std::optional<absl::string_view>* retry_token,
6439 std::string* detailed_error) {
6440 QuicDataReader reader(packet.data(), packet.length());
6441 if (reader.IsDoneReading()) {
6442 *detailed_error = "Unable to read first byte.";
6443 return QUIC_INVALID_PACKET_HEADER;
6444 }
6445 const uint8_t first_byte = reader.PeekByte();
6446 if ((first_byte & FLAGS_LONG_HEADER) == 0 &&
6447 (first_byte & FLAGS_FIXED_BIT) == 0 &&
6448 (first_byte & FLAGS_DEMULTIPLEXING_BIT) == 0) {
6449 // All versions of Google QUIC up to and including Q043 set
6450 // FLAGS_DEMULTIPLEXING_BIT to one on all client-to-server packets. Q044
6451 // and Q045 were never default-enabled in production. All subsequent
6452 // versions of Google QUIC (starting with Q046) require FLAGS_FIXED_BIT to
6453 // be set to one on all packets. All versions of IETF QUIC (since
6454 // draft-ietf-quic-transport-17 which was earlier than the first IETF QUIC
6455 // version that was deployed in production by any implementation) also
6456 // require FLAGS_FIXED_BIT to be set to one on all packets. If a packet
6457 // has the FLAGS_LONG_HEADER bit set to one, it could be a first flight
6458 // from an unknown future version that allows the other two bits to be set
6459 // to zero. Based on this, packets that have all three of those bits set
6460 // to zero are known to be invalid.
6461 *detailed_error = "Invalid flags.";
6462 return QUIC_INVALID_PACKET_HEADER;
6463 }
6464 const bool ietf_format = QuicUtils::IsIetfPacketHeader(first_byte);
6465 uint8_t unused_first_byte;
6466 quiche::QuicheVariableLengthIntegerLength retry_token_length_length;
6467 absl::string_view maybe_retry_token;
6468 QuicErrorCode error_code = ParsePublicHeader(
6469 &reader, expected_destination_connection_id_length, ietf_format,
6470 &unused_first_byte, format, version_present, has_length_prefix,
6471 version_label, parsed_version, destination_connection_id,
6472 source_connection_id, long_packet_type, &retry_token_length_length,
6473 &maybe_retry_token, detailed_error);
6474 if (retry_token_length_length != quiche::VARIABLE_LENGTH_INTEGER_LENGTH_0) {
6475 *retry_token = maybe_retry_token;
6476 } else {
6477 retry_token->reset();
6478 }
6479 return error_code;
6480 }
6481
6482 // static
ParsePublicHeaderDispatcherShortHeaderLengthUnknown(const QuicEncryptedPacket & packet,PacketHeaderFormat * format,QuicLongHeaderType * long_packet_type,bool * version_present,bool * has_length_prefix,QuicVersionLabel * version_label,ParsedQuicVersion * parsed_version,QuicConnectionId * destination_connection_id,QuicConnectionId * source_connection_id,std::optional<absl::string_view> * retry_token,std::string * detailed_error,ConnectionIdGeneratorInterface & generator)6483 QuicErrorCode QuicFramer::ParsePublicHeaderDispatcherShortHeaderLengthUnknown(
6484 const QuicEncryptedPacket& packet, PacketHeaderFormat* format,
6485 QuicLongHeaderType* long_packet_type, bool* version_present,
6486 bool* has_length_prefix, QuicVersionLabel* version_label,
6487 ParsedQuicVersion* parsed_version,
6488 QuicConnectionId* destination_connection_id,
6489 QuicConnectionId* source_connection_id,
6490 std::optional<absl::string_view>* retry_token, std::string* detailed_error,
6491 ConnectionIdGeneratorInterface& generator) {
6492 QuicDataReader reader(packet.data(), packet.length());
6493 // Get the first two bytes.
6494 if (reader.BytesRemaining() < 2) {
6495 *detailed_error = "Unable to read first two bytes.";
6496 return QUIC_INVALID_PACKET_HEADER;
6497 }
6498 uint8_t two_bytes[2];
6499 reader.ReadBytes(two_bytes, 2);
6500 uint8_t expected_destination_connection_id_length =
6501 (!QuicUtils::IsIetfPacketHeader(two_bytes[0]) ||
6502 two_bytes[0] & FLAGS_LONG_HEADER)
6503 ? 0
6504 : generator.ConnectionIdLength(two_bytes[1]);
6505 return ParsePublicHeaderDispatcher(
6506 packet, expected_destination_connection_id_length, format,
6507 long_packet_type, version_present, has_length_prefix, version_label,
6508 parsed_version, destination_connection_id, source_connection_id,
6509 retry_token, detailed_error);
6510 }
6511
6512 // static
ParsePublicHeaderGoogleQuic(QuicDataReader * reader,uint8_t * first_byte,PacketHeaderFormat * format,bool * version_present,QuicVersionLabel * version_label,ParsedQuicVersion * parsed_version,QuicConnectionId * destination_connection_id,std::string * detailed_error)6513 QuicErrorCode QuicFramer::ParsePublicHeaderGoogleQuic(
6514 QuicDataReader* reader, uint8_t* first_byte, PacketHeaderFormat* format,
6515 bool* version_present, QuicVersionLabel* version_label,
6516 ParsedQuicVersion* parsed_version,
6517 QuicConnectionId* destination_connection_id, std::string* detailed_error) {
6518 *format = GOOGLE_QUIC_PACKET;
6519 *version_present = (*first_byte & PACKET_PUBLIC_FLAGS_VERSION) != 0;
6520 uint8_t destination_connection_id_length = 0;
6521 if ((*first_byte & PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID) != 0) {
6522 destination_connection_id_length = kQuicDefaultConnectionIdLength;
6523 }
6524 if (!reader->ReadConnectionId(destination_connection_id,
6525 destination_connection_id_length)) {
6526 *detailed_error = "Unable to read ConnectionId.";
6527 return QUIC_INVALID_PACKET_HEADER;
6528 }
6529 if (*version_present) {
6530 if (!ProcessVersionLabel(reader, version_label)) {
6531 *detailed_error = "Unable to read protocol version.";
6532 return QUIC_INVALID_PACKET_HEADER;
6533 }
6534 *parsed_version = ParseQuicVersionLabel(*version_label);
6535 }
6536 return QUIC_NO_ERROR;
6537 }
6538
6539 namespace {
6540
6541 const QuicVersionLabel kProxVersionLabel = 0x50524F58; // "PROX"
6542
PacketHasLengthPrefixedConnectionIds(const QuicDataReader & reader,ParsedQuicVersion parsed_version,QuicVersionLabel version_label,uint8_t first_byte)6543 inline bool PacketHasLengthPrefixedConnectionIds(
6544 const QuicDataReader& reader, ParsedQuicVersion parsed_version,
6545 QuicVersionLabel version_label, uint8_t first_byte) {
6546 if (parsed_version.IsKnown()) {
6547 return parsed_version.HasLengthPrefixedConnectionIds();
6548 }
6549
6550 // Received unsupported version, check known old unsupported versions.
6551 if (QuicVersionLabelUses4BitConnectionIdLength(version_label)) {
6552 return false;
6553 }
6554
6555 // Received unknown version, check connection ID length byte.
6556 if (reader.IsDoneReading()) {
6557 // This check is required to safely peek the connection ID length byte.
6558 return true;
6559 }
6560 const uint8_t connection_id_length_byte = reader.PeekByte();
6561
6562 // Check for packets produced by older versions of
6563 // QuicFramer::WriteClientVersionNegotiationProbePacket
6564 if (first_byte == 0xc0 && (connection_id_length_byte & 0x0f) == 0 &&
6565 connection_id_length_byte >= 0x50 && version_label == 0xcabadaba) {
6566 return false;
6567 }
6568
6569 // Check for munged packets with version tag PROX.
6570 if ((connection_id_length_byte & 0x0f) == 0 &&
6571 connection_id_length_byte >= 0x20 && version_label == kProxVersionLabel) {
6572 return false;
6573 }
6574
6575 return true;
6576 }
6577
ParseLongHeaderConnectionIds(QuicDataReader & reader,bool has_length_prefix,QuicVersionLabel version_label,QuicConnectionId & destination_connection_id,QuicConnectionId & source_connection_id,std::string & detailed_error)6578 inline bool ParseLongHeaderConnectionIds(
6579 QuicDataReader& reader, bool has_length_prefix,
6580 QuicVersionLabel version_label, QuicConnectionId& destination_connection_id,
6581 QuicConnectionId& source_connection_id, std::string& detailed_error) {
6582 if (has_length_prefix) {
6583 if (!reader.ReadLengthPrefixedConnectionId(&destination_connection_id)) {
6584 detailed_error = "Unable to read destination connection ID.";
6585 return false;
6586 }
6587 if (!reader.ReadLengthPrefixedConnectionId(&source_connection_id)) {
6588 if (version_label == kProxVersionLabel) {
6589 // The "PROX" version does not follow the length-prefixed invariants,
6590 // and can therefore attempt to read a payload byte and interpret it
6591 // as the source connection ID length, which could fail to parse.
6592 // In that scenario we keep the source connection ID empty but mark
6593 // parsing as successful.
6594 return true;
6595 }
6596 detailed_error = "Unable to read source connection ID.";
6597 return false;
6598 }
6599 } else {
6600 // Parse connection ID lengths.
6601 uint8_t connection_id_lengths_byte;
6602 if (!reader.ReadUInt8(&connection_id_lengths_byte)) {
6603 detailed_error = "Unable to read connection ID lengths.";
6604 return false;
6605 }
6606 uint8_t destination_connection_id_length =
6607 (connection_id_lengths_byte & kDestinationConnectionIdLengthMask) >> 4;
6608 if (destination_connection_id_length != 0) {
6609 destination_connection_id_length += kConnectionIdLengthAdjustment;
6610 }
6611 uint8_t source_connection_id_length =
6612 connection_id_lengths_byte & kSourceConnectionIdLengthMask;
6613 if (source_connection_id_length != 0) {
6614 source_connection_id_length += kConnectionIdLengthAdjustment;
6615 }
6616
6617 // Read destination connection ID.
6618 if (!reader.ReadConnectionId(&destination_connection_id,
6619 destination_connection_id_length)) {
6620 detailed_error = "Unable to read destination connection ID.";
6621 return false;
6622 }
6623
6624 // Read source connection ID.
6625 if (!reader.ReadConnectionId(&source_connection_id,
6626 source_connection_id_length)) {
6627 detailed_error = "Unable to read source connection ID.";
6628 return false;
6629 }
6630 }
6631 return true;
6632 }
6633
6634 } // namespace
6635
6636 // static
ParsePublicHeader(QuicDataReader * reader,uint8_t expected_destination_connection_id_length,bool ietf_format,uint8_t * first_byte,PacketHeaderFormat * format,bool * version_present,bool * has_length_prefix,QuicVersionLabel * version_label,ParsedQuicVersion * parsed_version,QuicConnectionId * destination_connection_id,QuicConnectionId * source_connection_id,QuicLongHeaderType * long_packet_type,quiche::QuicheVariableLengthIntegerLength * retry_token_length_length,absl::string_view * retry_token,std::string * detailed_error)6637 QuicErrorCode QuicFramer::ParsePublicHeader(
6638 QuicDataReader* reader, uint8_t expected_destination_connection_id_length,
6639 bool ietf_format, uint8_t* first_byte, PacketHeaderFormat* format,
6640 bool* version_present, bool* has_length_prefix,
6641 QuicVersionLabel* version_label, ParsedQuicVersion* parsed_version,
6642 QuicConnectionId* destination_connection_id,
6643 QuicConnectionId* source_connection_id,
6644 QuicLongHeaderType* long_packet_type,
6645 quiche::QuicheVariableLengthIntegerLength* retry_token_length_length,
6646 absl::string_view* retry_token, std::string* detailed_error) {
6647 *version_present = false;
6648 *has_length_prefix = false;
6649 *version_label = 0;
6650 *parsed_version = UnsupportedQuicVersion();
6651 *source_connection_id = EmptyQuicConnectionId();
6652 *long_packet_type = INVALID_PACKET_TYPE;
6653 *retry_token_length_length = quiche::VARIABLE_LENGTH_INTEGER_LENGTH_0;
6654 *retry_token = absl::string_view();
6655 *detailed_error = "";
6656
6657 if (!reader->ReadUInt8(first_byte)) {
6658 *detailed_error = "Unable to read first byte.";
6659 return QUIC_INVALID_PACKET_HEADER;
6660 }
6661
6662 if (!ietf_format) {
6663 return ParsePublicHeaderGoogleQuic(
6664 reader, first_byte, format, version_present, version_label,
6665 parsed_version, destination_connection_id, detailed_error);
6666 }
6667
6668 *format = GetIetfPacketHeaderFormat(*first_byte);
6669
6670 if (*format == IETF_QUIC_SHORT_HEADER_PACKET) {
6671 if (!reader->ReadConnectionId(destination_connection_id,
6672 expected_destination_connection_id_length)) {
6673 *detailed_error = "Unable to read destination connection ID.";
6674 return QUIC_INVALID_PACKET_HEADER;
6675 }
6676 return QUIC_NO_ERROR;
6677 }
6678
6679 QUICHE_DCHECK_EQ(IETF_QUIC_LONG_HEADER_PACKET, *format);
6680 *version_present = true;
6681 if (!ProcessVersionLabel(reader, version_label)) {
6682 *detailed_error = "Unable to read protocol version.";
6683 return QUIC_INVALID_PACKET_HEADER;
6684 }
6685
6686 if (*version_label == 0) {
6687 *long_packet_type = VERSION_NEGOTIATION;
6688 }
6689
6690 // Parse version.
6691 *parsed_version = ParseQuicVersionLabel(*version_label);
6692
6693 // Figure out which IETF QUIC invariants this packet follows.
6694 *has_length_prefix = PacketHasLengthPrefixedConnectionIds(
6695 *reader, *parsed_version, *version_label, *first_byte);
6696
6697 // Parse connection IDs.
6698 if (!ParseLongHeaderConnectionIds(*reader, *has_length_prefix, *version_label,
6699 *destination_connection_id,
6700 *source_connection_id, *detailed_error)) {
6701 return QUIC_INVALID_PACKET_HEADER;
6702 }
6703
6704 if (!parsed_version->IsKnown()) {
6705 // Skip parsing of long packet type and retry token for unknown versions.
6706 return QUIC_NO_ERROR;
6707 }
6708
6709 // Parse long packet type.
6710 *long_packet_type = GetLongHeaderType(*first_byte, *parsed_version);
6711
6712 switch (*long_packet_type) {
6713 case INVALID_PACKET_TYPE:
6714 *detailed_error = "Unable to parse long packet type.";
6715 return QUIC_INVALID_PACKET_HEADER;
6716 case INITIAL:
6717 if (!parsed_version->SupportsRetry()) {
6718 // Retry token is only present on initial packets for some versions.
6719 return QUIC_NO_ERROR;
6720 }
6721 break;
6722 default:
6723 return QUIC_NO_ERROR;
6724 }
6725
6726 *retry_token_length_length = reader->PeekVarInt62Length();
6727 uint64_t retry_token_length;
6728 if (!reader->ReadVarInt62(&retry_token_length)) {
6729 *retry_token_length_length = quiche::VARIABLE_LENGTH_INTEGER_LENGTH_0;
6730 *detailed_error = "Unable to read retry token length.";
6731 return QUIC_INVALID_PACKET_HEADER;
6732 }
6733
6734 if (!reader->ReadStringPiece(retry_token, retry_token_length)) {
6735 *detailed_error = "Unable to read retry token.";
6736 return QUIC_INVALID_PACKET_HEADER;
6737 }
6738
6739 return QUIC_NO_ERROR;
6740 }
6741
6742 // static
WriteClientVersionNegotiationProbePacket(char * packet_bytes,QuicByteCount packet_length,const char * destination_connection_id_bytes,uint8_t destination_connection_id_length)6743 bool QuicFramer::WriteClientVersionNegotiationProbePacket(
6744 char* packet_bytes, QuicByteCount packet_length,
6745 const char* destination_connection_id_bytes,
6746 uint8_t destination_connection_id_length) {
6747 if (packet_bytes == nullptr) {
6748 QUIC_BUG(quic_bug_10850_93) << "Invalid packet_bytes";
6749 return false;
6750 }
6751 if (packet_length < kMinPacketSizeForVersionNegotiation ||
6752 packet_length > 65535) {
6753 QUIC_BUG(quic_bug_10850_94) << "Invalid packet_length";
6754 return false;
6755 }
6756 if (destination_connection_id_length > kQuicMaxConnectionId4BitLength ||
6757 destination_connection_id_length < kQuicDefaultConnectionIdLength) {
6758 QUIC_BUG(quic_bug_10850_95) << "Invalid connection_id_length";
6759 return false;
6760 }
6761 // clang-format off
6762 const unsigned char packet_start_bytes[] = {
6763 // IETF long header with fixed bit set, type initial, all-0 encrypted bits.
6764 0xc0,
6765 // Version, part of the IETF space reserved for negotiation.
6766 // This intentionally differs from QuicVersionReservedForNegotiation()
6767 // to allow differentiating them over the wire.
6768 0xca, 0xba, 0xda, 0xda,
6769 };
6770 // clang-format on
6771 static_assert(sizeof(packet_start_bytes) == 5, "bad packet_start_bytes size");
6772 QuicDataWriter writer(packet_length, packet_bytes);
6773 if (!writer.WriteBytes(packet_start_bytes, sizeof(packet_start_bytes))) {
6774 QUIC_BUG(quic_bug_10850_96) << "Failed to write packet start";
6775 return false;
6776 }
6777
6778 QuicConnectionId destination_connection_id(destination_connection_id_bytes,
6779 destination_connection_id_length);
6780 if (!AppendIetfConnectionIds(
6781 /*version_flag=*/true, /*use_length_prefix=*/true,
6782 destination_connection_id, EmptyQuicConnectionId(), &writer)) {
6783 QUIC_BUG(quic_bug_10850_97) << "Failed to write connection IDs";
6784 return false;
6785 }
6786 // Add 8 bytes of zeroes followed by 8 bytes of ones to ensure that this does
6787 // not parse with any known version. The zeroes make sure that packet numbers,
6788 // retry token lengths and payload lengths are parsed as zero, and if the
6789 // zeroes are treated as padding frames, 0xff is known to not parse as a
6790 // valid frame type.
6791 if (!writer.WriteUInt64(0) ||
6792 !writer.WriteUInt64(std::numeric_limits<uint64_t>::max())) {
6793 QUIC_BUG(quic_bug_10850_98) << "Failed to write 18 bytes";
6794 return false;
6795 }
6796 // Make sure the polite greeting below is padded to a 16-byte boundary to
6797 // make it easier to read in tcpdump.
6798 while (writer.length() % 16 != 0) {
6799 if (!writer.WriteUInt8(0)) {
6800 QUIC_BUG(quic_bug_10850_99) << "Failed to write padding byte";
6801 return false;
6802 }
6803 }
6804 // Add a polite greeting in case a human sees this in tcpdump.
6805 static const char polite_greeting[] =
6806 "This packet only exists to trigger IETF QUIC version negotiation. "
6807 "Please respond with a Version Negotiation packet indicating what "
6808 "versions you support. Thank you and have a nice day.";
6809 if (!writer.WriteBytes(polite_greeting, sizeof(polite_greeting))) {
6810 QUIC_BUG(quic_bug_10850_100) << "Failed to write polite greeting";
6811 return false;
6812 }
6813 // Fill the rest of the packet with zeroes.
6814 writer.WritePadding();
6815 QUICHE_DCHECK_EQ(0u, writer.remaining());
6816 return true;
6817 }
6818
6819 // static
ParseServerVersionNegotiationProbeResponse(const char * packet_bytes,QuicByteCount packet_length,char * source_connection_id_bytes,uint8_t * source_connection_id_length_out,std::string * detailed_error)6820 bool QuicFramer::ParseServerVersionNegotiationProbeResponse(
6821 const char* packet_bytes, QuicByteCount packet_length,
6822 char* source_connection_id_bytes, uint8_t* source_connection_id_length_out,
6823 std::string* detailed_error) {
6824 if (detailed_error == nullptr) {
6825 QUIC_BUG(quic_bug_10850_101) << "Invalid error_details";
6826 return false;
6827 }
6828 *detailed_error = "";
6829 if (packet_bytes == nullptr) {
6830 *detailed_error = "Invalid packet_bytes";
6831 return false;
6832 }
6833 if (packet_length < 6) {
6834 *detailed_error = "Invalid packet_length";
6835 return false;
6836 }
6837 if (source_connection_id_bytes == nullptr) {
6838 *detailed_error = "Invalid source_connection_id_bytes";
6839 return false;
6840 }
6841 if (source_connection_id_length_out == nullptr) {
6842 *detailed_error = "Invalid source_connection_id_length_out";
6843 return false;
6844 }
6845 QuicDataReader reader(packet_bytes, packet_length);
6846 uint8_t type_byte = 0;
6847 if (!reader.ReadUInt8(&type_byte)) {
6848 *detailed_error = "Failed to read type byte";
6849 return false;
6850 }
6851 if ((type_byte & 0x80) == 0) {
6852 *detailed_error = "Packet does not have long header";
6853 return false;
6854 }
6855 uint32_t version = 0;
6856 if (!reader.ReadUInt32(&version)) {
6857 *detailed_error = "Failed to read version";
6858 return false;
6859 }
6860 if (version != 0) {
6861 *detailed_error = "Packet is not a version negotiation packet";
6862 return false;
6863 }
6864
6865 QuicConnectionId destination_connection_id, source_connection_id;
6866 if (!reader.ReadLengthPrefixedConnectionId(&destination_connection_id)) {
6867 *detailed_error = "Failed to read destination connection ID";
6868 return false;
6869 }
6870 if (!reader.ReadLengthPrefixedConnectionId(&source_connection_id)) {
6871 *detailed_error = "Failed to read source connection ID";
6872 return false;
6873 }
6874
6875 if (destination_connection_id.length() != 0) {
6876 *detailed_error = "Received unexpected destination connection ID length";
6877 return false;
6878 }
6879 if (*source_connection_id_length_out < source_connection_id.length()) {
6880 *detailed_error =
6881 absl::StrCat("*source_connection_id_length_out too small ",
6882 static_cast<int>(*source_connection_id_length_out), " < ",
6883 static_cast<int>(source_connection_id.length()));
6884 return false;
6885 }
6886
6887 memcpy(source_connection_id_bytes, source_connection_id.data(),
6888 source_connection_id.length());
6889 *source_connection_id_length_out = source_connection_id.length();
6890
6891 return true;
6892 }
6893
6894 // Look for and parse the error code from the "<quic_error_code>:" text that
6895 // may be present at the start of the CONNECTION_CLOSE error details string.
6896 // This text, inserted by the peer if it's using Google's QUIC implementation,
6897 // contains additional error information that narrows down the exact error. If
6898 // the string is not found, or is not properly formed, it returns
6899 // ErrorCode::QUIC_IETF_GQUIC_ERROR_MISSING
MaybeExtractQuicErrorCode(QuicConnectionCloseFrame * frame)6900 void MaybeExtractQuicErrorCode(QuicConnectionCloseFrame* frame) {
6901 std::vector<absl::string_view> ed = absl::StrSplit(frame->error_details, ':');
6902 uint64_t extracted_error_code;
6903 if (ed.size() < 2 || !quiche::QuicheTextUtils::IsAllDigits(ed[0]) ||
6904 !absl::SimpleAtoi(ed[0], &extracted_error_code) ||
6905 extracted_error_code >
6906 std::numeric_limits<
6907 std::underlying_type<QuicErrorCode>::type>::max()) {
6908 if (frame->close_type == IETF_QUIC_TRANSPORT_CONNECTION_CLOSE &&
6909 frame->wire_error_code == NO_IETF_QUIC_ERROR) {
6910 frame->quic_error_code = QUIC_NO_ERROR;
6911 } else {
6912 frame->quic_error_code = QUIC_IETF_GQUIC_ERROR_MISSING;
6913 }
6914 return;
6915 }
6916 // Return the error code (numeric) and the error details string without the
6917 // error code prefix. Note that Split returns everything up to, but not
6918 // including, the split character, so the length of ed[0] is just the number
6919 // of digits in the error number. In removing the prefix, 1 is added to the
6920 // length to account for the :
6921 absl::string_view x = absl::string_view(frame->error_details);
6922 x.remove_prefix(ed[0].length() + 1);
6923 frame->error_details = std::string(x);
6924 frame->quic_error_code = static_cast<QuicErrorCode>(extracted_error_code);
6925 }
6926
6927 #undef ENDPOINT // undef for jumbo builds
6928 } // namespace quic
6929