xref: /aosp_15_r20/external/cronet/net/third_party/quiche/src/quiche/quic/core/quic_framer.cc (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b)
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "quiche/quic/core/quic_framer.h"
6 
7 #include <sys/types.h>
8 
9 #include <cstddef>
10 #include <cstdint>
11 #include <limits>
12 #include <memory>
13 #include <optional>
14 #include <string>
15 #include <type_traits>
16 #include <utility>
17 
18 #include "absl/base/attributes.h"
19 #include "absl/base/macros.h"
20 #include "absl/base/optimization.h"
21 #include "absl/cleanup/cleanup.h"
22 #include "absl/status/status.h"
23 #include "absl/strings/escaping.h"
24 #include "absl/strings/numbers.h"
25 #include "absl/strings/str_cat.h"
26 #include "absl/strings/str_split.h"
27 #include "absl/strings/string_view.h"
28 #include "quiche/quic/core/crypto/crypto_framer.h"
29 #include "quiche/quic/core/crypto/crypto_handshake.h"
30 #include "quiche/quic/core/crypto/crypto_handshake_message.h"
31 #include "quiche/quic/core/crypto/crypto_protocol.h"
32 #include "quiche/quic/core/crypto/crypto_utils.h"
33 #include "quiche/quic/core/crypto/null_decrypter.h"
34 #include "quiche/quic/core/crypto/null_encrypter.h"
35 #include "quiche/quic/core/crypto/quic_decrypter.h"
36 #include "quiche/quic/core/crypto/quic_encrypter.h"
37 #include "quiche/quic/core/crypto/quic_random.h"
38 #include "quiche/quic/core/frames/quic_ack_frequency_frame.h"
39 #include "quiche/quic/core/frames/quic_reset_stream_at_frame.h"
40 #include "quiche/quic/core/quic_connection_context.h"
41 #include "quiche/quic/core/quic_connection_id.h"
42 #include "quiche/quic/core/quic_constants.h"
43 #include "quiche/quic/core/quic_data_reader.h"
44 #include "quiche/quic/core/quic_data_writer.h"
45 #include "quiche/quic/core/quic_error_codes.h"
46 #include "quiche/quic/core/quic_packets.h"
47 #include "quiche/quic/core/quic_socket_address_coder.h"
48 #include "quiche/quic/core/quic_stream_frame_data_producer.h"
49 #include "quiche/quic/core/quic_time.h"
50 #include "quiche/quic/core/quic_types.h"
51 #include "quiche/quic/core/quic_utils.h"
52 #include "quiche/quic/core/quic_versions.h"
53 #include "quiche/quic/platform/api/quic_bug_tracker.h"
54 #include "quiche/quic/platform/api/quic_client_stats.h"
55 #include "quiche/quic/platform/api/quic_flag_utils.h"
56 #include "quiche/quic/platform/api/quic_flags.h"
57 #include "quiche/quic/platform/api/quic_ip_address_family.h"
58 #include "quiche/quic/platform/api/quic_logging.h"
59 #include "quiche/quic/platform/api/quic_stack_trace.h"
60 #include "quiche/common/quiche_text_utils.h"
61 #include "quiche/common/wire_serialization.h"
62 
63 namespace quic {
64 
65 namespace {
66 
67 #define ENDPOINT \
68   (perspective_ == Perspective::IS_SERVER ? "Server: " : "Client: ")
69 
70 // There are two interpretations for the Frame Type byte in the QUIC protocol,
71 // resulting in two Frame Types: Special Frame Types and Regular Frame Types.
72 //
73 // Regular Frame Types use the Frame Type byte simply. Currently defined
74 // Regular Frame Types are:
75 // Padding            : 0b 00000000 (0x00)
76 // ResetStream        : 0b 00000001 (0x01)
77 // ConnectionClose    : 0b 00000010 (0x02)
78 // GoAway             : 0b 00000011 (0x03)
79 // WindowUpdate       : 0b 00000100 (0x04)
80 // Blocked            : 0b 00000101 (0x05)
81 //
82 // Special Frame Types encode both a Frame Type and corresponding flags
83 // all in the Frame Type byte. Currently defined Special Frame Types
84 // are:
85 // Stream             : 0b 1xxxxxxx
86 // Ack                : 0b 01xxxxxx
87 //
88 // Semantics of the flag bits above (the x bits) depends on the frame type.
89 
90 // Masks to determine if the frame type is a special use
91 // and for specific special frame types.
92 const uint8_t kQuicFrameTypeSpecialMask = 0xC0;  // 0b 11000000
93 const uint8_t kQuicFrameTypeStreamMask = 0x80;
94 const uint8_t kQuicFrameTypeAckMask = 0x40;
95 static_assert(kQuicFrameTypeSpecialMask ==
96                   (kQuicFrameTypeStreamMask | kQuicFrameTypeAckMask),
97               "Invalid kQuicFrameTypeSpecialMask");
98 
99 // The stream type format is 1FDOOOSS, where
100 //    F is the fin bit.
101 //    D is the data length bit (0 or 2 bytes).
102 //    OO/OOO are the size of the offset.
103 //    SS is the size of the stream ID.
104 // Note that the stream encoding can not be determined by inspection. It can
105 // be determined only by knowing the QUIC Version.
106 // Stream frame relative shifts and masks for interpreting the stream flags.
107 // StreamID may be 1, 2, 3, or 4 bytes.
108 const uint8_t kQuicStreamIdShift = 2;
109 const uint8_t kQuicStreamIDLengthMask = 0x03;
110 
111 // Offset may be 0, 2, 4, or 8 bytes.
112 const uint8_t kQuicStreamShift = 3;
113 const uint8_t kQuicStreamOffsetMask = 0x07;
114 
115 // Data length may be 0 or 2 bytes.
116 const uint8_t kQuicStreamDataLengthShift = 1;
117 const uint8_t kQuicStreamDataLengthMask = 0x01;
118 
119 // Fin bit may be set or not.
120 const uint8_t kQuicStreamFinShift = 1;
121 const uint8_t kQuicStreamFinMask = 0x01;
122 
123 // The format is 01M0LLOO, where
124 //   M if set, there are multiple ack blocks in the frame.
125 //  LL is the size of the largest ack field.
126 //  OO is the size of the ack blocks offset field.
127 // packet number size shift used in AckFrames.
128 const uint8_t kQuicSequenceNumberLengthNumBits = 2;
129 const uint8_t kActBlockLengthOffset = 0;
130 const uint8_t kLargestAckedOffset = 2;
131 
132 // Acks may have only one ack block.
133 const uint8_t kQuicHasMultipleAckBlocksOffset = 5;
134 
135 // Timestamps are 4 bytes followed by 2 bytes.
136 const uint8_t kQuicNumTimestampsLength = 1;
137 const uint8_t kQuicFirstTimestampLength = 4;
138 const uint8_t kQuicTimestampLength = 2;
139 // Gaps between packet numbers are 1 byte.
140 const uint8_t kQuicTimestampPacketNumberGapLength = 1;
141 
142 // Maximum length of encoded error strings.
143 const int kMaxErrorStringLength = 256;
144 
145 const uint8_t kConnectionIdLengthAdjustment = 3;
146 const uint8_t kDestinationConnectionIdLengthMask = 0xF0;
147 const uint8_t kSourceConnectionIdLengthMask = 0x0F;
148 
149 // Returns the absolute value of the difference between |a| and |b|.
Delta(uint64_t a,uint64_t b)150 uint64_t Delta(uint64_t a, uint64_t b) {
151   // Since these are unsigned numbers, we can't just return abs(a - b)
152   if (a < b) {
153     return b - a;
154   }
155   return a - b;
156 }
157 
ClosestTo(uint64_t target,uint64_t a,uint64_t b)158 uint64_t ClosestTo(uint64_t target, uint64_t a, uint64_t b) {
159   return (Delta(target, a) < Delta(target, b)) ? a : b;
160 }
161 
ReadAckPacketNumberLength(uint8_t flags)162 QuicPacketNumberLength ReadAckPacketNumberLength(uint8_t flags) {
163   switch (flags & PACKET_FLAGS_8BYTE_PACKET) {
164     case PACKET_FLAGS_8BYTE_PACKET:
165       return PACKET_6BYTE_PACKET_NUMBER;
166     case PACKET_FLAGS_4BYTE_PACKET:
167       return PACKET_4BYTE_PACKET_NUMBER;
168     case PACKET_FLAGS_2BYTE_PACKET:
169       return PACKET_2BYTE_PACKET_NUMBER;
170     case PACKET_FLAGS_1BYTE_PACKET:
171       return PACKET_1BYTE_PACKET_NUMBER;
172     default:
173       QUIC_BUG(quic_bug_10850_2) << "Unreachable case statement.";
174       return PACKET_6BYTE_PACKET_NUMBER;
175   }
176 }
177 
PacketNumberLengthToOnWireValue(QuicPacketNumberLength packet_number_length)178 uint8_t PacketNumberLengthToOnWireValue(
179     QuicPacketNumberLength packet_number_length) {
180   return packet_number_length - 1;
181 }
182 
GetShortHeaderPacketNumberLength(uint8_t type)183 QuicPacketNumberLength GetShortHeaderPacketNumberLength(uint8_t type) {
184   QUICHE_DCHECK(!(type & FLAGS_LONG_HEADER));
185   return static_cast<QuicPacketNumberLength>((type & 0x03) + 1);
186 }
187 
LongHeaderTypeToOnWireValue(QuicLongHeaderType type,const ParsedQuicVersion & version)188 uint8_t LongHeaderTypeToOnWireValue(QuicLongHeaderType type,
189                                     const ParsedQuicVersion& version) {
190   switch (type) {
191     case INITIAL:
192       return version.UsesV2PacketTypes() ? (1 << 4) : 0;
193     case ZERO_RTT_PROTECTED:
194       return version.UsesV2PacketTypes() ? (2 << 4) : (1 << 4);
195     case HANDSHAKE:
196       return version.UsesV2PacketTypes() ? (3 << 4) : (2 << 4);
197     case RETRY:
198       return version.UsesV2PacketTypes() ? 0 : (3 << 4);
199     case VERSION_NEGOTIATION:
200       return 0xF0;  // Value does not matter
201     default:
202       QUIC_BUG(quic_bug_10850_3) << "Invalid long header type: " << type;
203       return 0xFF;
204   }
205 }
206 
GetLongHeaderType(uint8_t type,const ParsedQuicVersion & version)207 QuicLongHeaderType GetLongHeaderType(uint8_t type,
208                                      const ParsedQuicVersion& version) {
209   QUICHE_DCHECK((type & FLAGS_LONG_HEADER));
210   switch ((type & 0x30) >> 4) {
211     case 0:
212       return version.UsesV2PacketTypes() ? RETRY : INITIAL;
213     case 1:
214       return version.UsesV2PacketTypes() ? INITIAL : ZERO_RTT_PROTECTED;
215     case 2:
216       return version.UsesV2PacketTypes() ? ZERO_RTT_PROTECTED : HANDSHAKE;
217     case 3:
218       return version.UsesV2PacketTypes() ? HANDSHAKE : RETRY;
219     default:
220       QUIC_BUG(quic_bug_10850_4) << "Unreachable statement";
221       return INVALID_PACKET_TYPE;
222   }
223 }
224 
GetLongHeaderPacketNumberLength(uint8_t type)225 QuicPacketNumberLength GetLongHeaderPacketNumberLength(uint8_t type) {
226   return static_cast<QuicPacketNumberLength>((type & 0x03) + 1);
227 }
228 
229 // Used to get packet number space before packet gets decrypted.
GetPacketNumberSpace(const QuicPacketHeader & header)230 PacketNumberSpace GetPacketNumberSpace(const QuicPacketHeader& header) {
231   switch (header.form) {
232     case GOOGLE_QUIC_PACKET:
233       QUIC_BUG(quic_bug_10850_5)
234           << "Try to get packet number space of Google QUIC packet";
235       break;
236     case IETF_QUIC_SHORT_HEADER_PACKET:
237       return APPLICATION_DATA;
238     case IETF_QUIC_LONG_HEADER_PACKET:
239       switch (header.long_packet_type) {
240         case INITIAL:
241           return INITIAL_DATA;
242         case HANDSHAKE:
243           return HANDSHAKE_DATA;
244         case ZERO_RTT_PROTECTED:
245           return APPLICATION_DATA;
246         case VERSION_NEGOTIATION:
247         case RETRY:
248         case INVALID_PACKET_TYPE:
249           QUIC_BUG(quic_bug_10850_6)
250               << "Try to get packet number space of long header type: "
251               << QuicUtils::QuicLongHeaderTypetoString(header.long_packet_type);
252           break;
253       }
254   }
255 
256   return NUM_PACKET_NUMBER_SPACES;
257 }
258 
GetEncryptionLevel(const QuicPacketHeader & header)259 EncryptionLevel GetEncryptionLevel(const QuicPacketHeader& header) {
260   switch (header.form) {
261     case GOOGLE_QUIC_PACKET:
262       QUIC_BUG(quic_bug_10850_7)
263           << "Cannot determine EncryptionLevel from Google QUIC header";
264       break;
265     case IETF_QUIC_SHORT_HEADER_PACKET:
266       return ENCRYPTION_FORWARD_SECURE;
267     case IETF_QUIC_LONG_HEADER_PACKET:
268       switch (header.long_packet_type) {
269         case INITIAL:
270           return ENCRYPTION_INITIAL;
271         case HANDSHAKE:
272           return ENCRYPTION_HANDSHAKE;
273         case ZERO_RTT_PROTECTED:
274           return ENCRYPTION_ZERO_RTT;
275         case VERSION_NEGOTIATION:
276         case RETRY:
277         case INVALID_PACKET_TYPE:
278           QUIC_BUG(quic_bug_10850_8)
279               << "No encryption used with type "
280               << QuicUtils::QuicLongHeaderTypetoString(header.long_packet_type);
281       }
282   }
283   return NUM_ENCRYPTION_LEVELS;
284 }
285 
TruncateErrorString(absl::string_view error)286 absl::string_view TruncateErrorString(absl::string_view error) {
287   if (error.length() <= kMaxErrorStringLength) {
288     return error;
289   }
290   return absl::string_view(error.data(), kMaxErrorStringLength);
291 }
292 
TruncatedErrorStringSize(const absl::string_view & error)293 size_t TruncatedErrorStringSize(const absl::string_view& error) {
294   if (error.length() < kMaxErrorStringLength) {
295     return error.length();
296   }
297   return kMaxErrorStringLength;
298 }
299 
GetConnectionIdLengthValue(uint8_t length)300 uint8_t GetConnectionIdLengthValue(uint8_t length) {
301   if (length == 0) {
302     return 0;
303   }
304   return static_cast<uint8_t>(length - kConnectionIdLengthAdjustment);
305 }
306 
IsValidPacketNumberLength(QuicPacketNumberLength packet_number_length)307 bool IsValidPacketNumberLength(QuicPacketNumberLength packet_number_length) {
308   size_t length = packet_number_length;
309   return length == 1 || length == 2 || length == 4 || length == 6 ||
310          length == 8;
311 }
312 
IsValidFullPacketNumber(uint64_t full_packet_number,ParsedQuicVersion version)313 bool IsValidFullPacketNumber(uint64_t full_packet_number,
314                              ParsedQuicVersion version) {
315   return full_packet_number > 0 || version.HasIetfQuicFrames();
316 }
317 
AppendIetfConnectionIds(bool version_flag,bool use_length_prefix,QuicConnectionId destination_connection_id,QuicConnectionId source_connection_id,QuicDataWriter * writer)318 bool AppendIetfConnectionIds(bool version_flag, bool use_length_prefix,
319                              QuicConnectionId destination_connection_id,
320                              QuicConnectionId source_connection_id,
321                              QuicDataWriter* writer) {
322   if (!version_flag) {
323     return writer->WriteConnectionId(destination_connection_id);
324   }
325 
326   if (use_length_prefix) {
327     return writer->WriteLengthPrefixedConnectionId(destination_connection_id) &&
328            writer->WriteLengthPrefixedConnectionId(source_connection_id);
329   }
330 
331   // Compute connection ID length byte.
332   uint8_t dcil = GetConnectionIdLengthValue(destination_connection_id.length());
333   uint8_t scil = GetConnectionIdLengthValue(source_connection_id.length());
334   uint8_t connection_id_length = dcil << 4 | scil;
335 
336   return writer->WriteUInt8(connection_id_length) &&
337          writer->WriteConnectionId(destination_connection_id) &&
338          writer->WriteConnectionId(source_connection_id);
339 }
340 
341 enum class DroppedPacketReason {
342   // General errors
343   INVALID_PUBLIC_HEADER,
344   VERSION_MISMATCH,
345   // Version negotiation packet errors
346   INVALID_VERSION_NEGOTIATION_PACKET,
347   // Public reset packet errors, pre-v44
348   INVALID_PUBLIC_RESET_PACKET,
349   // Data packet errors
350   INVALID_PACKET_NUMBER,
351   INVALID_DIVERSIFICATION_NONCE,
352   DECRYPTION_FAILURE,
353   NUM_REASONS,
354 };
355 
RecordDroppedPacketReason(DroppedPacketReason reason)356 void RecordDroppedPacketReason(DroppedPacketReason reason) {
357   QUIC_CLIENT_HISTOGRAM_ENUM("QuicDroppedPacketReason", reason,
358                              DroppedPacketReason::NUM_REASONS,
359                              "The reason a packet was not processed. Recorded "
360                              "each time such a packet is dropped");
361 }
362 
GetIetfPacketHeaderFormat(uint8_t type_byte)363 PacketHeaderFormat GetIetfPacketHeaderFormat(uint8_t type_byte) {
364   return type_byte & FLAGS_LONG_HEADER ? IETF_QUIC_LONG_HEADER_PACKET
365                                        : IETF_QUIC_SHORT_HEADER_PACKET;
366 }
367 
GenerateErrorString(std::string initial_error_string,QuicErrorCode quic_error_code)368 std::string GenerateErrorString(std::string initial_error_string,
369                                 QuicErrorCode quic_error_code) {
370   if (quic_error_code == QUIC_IETF_GQUIC_ERROR_MISSING) {
371     // QUIC_IETF_GQUIC_ERROR_MISSING is special -- it means not to encode
372     // the error value in the string.
373     return initial_error_string;
374   }
375   return absl::StrCat(std::to_string(static_cast<unsigned>(quic_error_code)),
376                       ":", initial_error_string);
377 }
378 
379 // Return the minimum size of the ECN fields in an ACK frame
AckEcnCountSize(const QuicAckFrame & ack_frame)380 size_t AckEcnCountSize(const QuicAckFrame& ack_frame) {
381   if (!ack_frame.ecn_counters.has_value()) {
382     return 0;
383   }
384   return (QuicDataWriter::GetVarInt62Len(ack_frame.ecn_counters->ect0) +
385           QuicDataWriter::GetVarInt62Len(ack_frame.ecn_counters->ect1) +
386           QuicDataWriter::GetVarInt62Len(ack_frame.ecn_counters->ce));
387 }
388 
389 }  // namespace
390 
QuicFramer(const ParsedQuicVersionVector & supported_versions,QuicTime creation_time,Perspective perspective,uint8_t expected_server_connection_id_length)391 QuicFramer::QuicFramer(const ParsedQuicVersionVector& supported_versions,
392                        QuicTime creation_time, Perspective perspective,
393                        uint8_t expected_server_connection_id_length)
394     : visitor_(nullptr),
395       error_(QUIC_NO_ERROR),
396       last_serialized_server_connection_id_(EmptyQuicConnectionId()),
397       version_(ParsedQuicVersion::Unsupported()),
398       supported_versions_(supported_versions),
399       decrypter_level_(ENCRYPTION_INITIAL),
400       alternative_decrypter_level_(NUM_ENCRYPTION_LEVELS),
401       alternative_decrypter_latch_(false),
402       perspective_(perspective),
403       validate_flags_(true),
404       process_timestamps_(false),
405       max_receive_timestamps_per_ack_(std::numeric_limits<uint32_t>::max()),
406       receive_timestamps_exponent_(0),
407       process_reset_stream_at_(false),
408       creation_time_(creation_time),
409       last_timestamp_(QuicTime::Delta::Zero()),
410       support_key_update_for_connection_(false),
411       current_key_phase_bit_(false),
412       potential_peer_key_update_attempt_count_(0),
413       first_sending_packet_number_(FirstSendingPacketNumber()),
414       data_producer_(nullptr),
415       expected_server_connection_id_length_(
416           expected_server_connection_id_length),
417       expected_client_connection_id_length_(0),
418       supports_multiple_packet_number_spaces_(false),
419       last_written_packet_number_length_(0),
420       peer_ack_delay_exponent_(kDefaultAckDelayExponent),
421       local_ack_delay_exponent_(kDefaultAckDelayExponent),
422       current_received_frame_type_(0),
423       previously_received_frame_type_(0) {
424   QUICHE_DCHECK(!supported_versions.empty());
425   version_ = supported_versions_[0];
426   QUICHE_DCHECK(version_.IsKnown())
427       << ParsedQuicVersionVectorToString(supported_versions_);
428 }
429 
~QuicFramer()430 QuicFramer::~QuicFramer() {}
431 
432 // static
GetMinStreamFrameSize(QuicTransportVersion version,QuicStreamId stream_id,QuicStreamOffset offset,bool last_frame_in_packet,size_t data_length)433 size_t QuicFramer::GetMinStreamFrameSize(QuicTransportVersion version,
434                                          QuicStreamId stream_id,
435                                          QuicStreamOffset offset,
436                                          bool last_frame_in_packet,
437                                          size_t data_length) {
438   if (VersionHasIetfQuicFrames(version)) {
439     return kQuicFrameTypeSize + QuicDataWriter::GetVarInt62Len(stream_id) +
440            (last_frame_in_packet
441                 ? 0
442                 : QuicDataWriter::GetVarInt62Len(data_length)) +
443            (offset != 0 ? QuicDataWriter::GetVarInt62Len(offset) : 0);
444   }
445   return kQuicFrameTypeSize + GetStreamIdSize(stream_id) +
446          GetStreamOffsetSize(offset) +
447          (last_frame_in_packet ? 0 : kQuicStreamPayloadLengthSize);
448 }
449 
450 // static
GetMinCryptoFrameSize(QuicStreamOffset offset,QuicPacketLength data_length)451 size_t QuicFramer::GetMinCryptoFrameSize(QuicStreamOffset offset,
452                                          QuicPacketLength data_length) {
453   return kQuicFrameTypeSize + QuicDataWriter::GetVarInt62Len(offset) +
454          QuicDataWriter::GetVarInt62Len(data_length);
455 }
456 
457 // static
GetMessageFrameSize(bool last_frame_in_packet,QuicByteCount length)458 size_t QuicFramer::GetMessageFrameSize(bool last_frame_in_packet,
459                                        QuicByteCount length) {
460   return kQuicFrameTypeSize +
461          (last_frame_in_packet ? 0 : QuicDataWriter::GetVarInt62Len(length)) +
462          length;
463 }
464 
465 // static
GetMinAckFrameSize(QuicTransportVersion version,const QuicAckFrame & ack_frame,uint32_t local_ack_delay_exponent,bool use_ietf_ack_with_receive_timestamp)466 size_t QuicFramer::GetMinAckFrameSize(
467     QuicTransportVersion version, const QuicAckFrame& ack_frame,
468     uint32_t local_ack_delay_exponent,
469     bool use_ietf_ack_with_receive_timestamp) {
470   if (VersionHasIetfQuicFrames(version)) {
471     // The minimal ack frame consists of the following fields: Largest
472     // Acknowledged, ACK Delay, 0 ACK Block Count, First ACK Block and either 0
473     // Timestamp Range Count or ECN counts.
474     // Type byte + largest acked.
475     size_t min_size =
476         kQuicFrameTypeSize +
477         QuicDataWriter::GetVarInt62Len(LargestAcked(ack_frame).ToUint64());
478     // Ack delay.
479     min_size += QuicDataWriter::GetVarInt62Len(
480         ack_frame.ack_delay_time.ToMicroseconds() >> local_ack_delay_exponent);
481     // 0 ack block count.
482     min_size += QuicDataWriter::GetVarInt62Len(0);
483     // First ack block.
484     min_size += QuicDataWriter::GetVarInt62Len(
485         ack_frame.packets.Empty() ? 0
486                                   : ack_frame.packets.rbegin()->Length() - 1);
487 
488     if (use_ietf_ack_with_receive_timestamp) {
489       // 0 Timestamp Range Count.
490       min_size += QuicDataWriter::GetVarInt62Len(0);
491     } else {
492       min_size += AckEcnCountSize(ack_frame);
493     }
494     return min_size;
495   }
496   return kQuicFrameTypeSize +
497          GetMinPacketNumberLength(LargestAcked(ack_frame)) +
498          kQuicDeltaTimeLargestObservedSize + kQuicNumTimestampsSize;
499 }
500 
501 // static
GetStopWaitingFrameSize(QuicPacketNumberLength packet_number_length)502 size_t QuicFramer::GetStopWaitingFrameSize(
503     QuicPacketNumberLength packet_number_length) {
504   size_t min_size = kQuicFrameTypeSize + packet_number_length;
505   return min_size;
506 }
507 
508 // static
GetRstStreamFrameSize(QuicTransportVersion version,const QuicRstStreamFrame & frame)509 size_t QuicFramer::GetRstStreamFrameSize(QuicTransportVersion version,
510                                          const QuicRstStreamFrame& frame) {
511   if (VersionHasIetfQuicFrames(version)) {
512     return QuicDataWriter::GetVarInt62Len(frame.stream_id) +
513            QuicDataWriter::GetVarInt62Len(frame.byte_offset) +
514            kQuicFrameTypeSize +
515            QuicDataWriter::GetVarInt62Len(frame.ietf_error_code);
516   }
517   return kQuicFrameTypeSize + kQuicMaxStreamIdSize + kQuicMaxStreamOffsetSize +
518          kQuicErrorCodeSize;
519 }
520 
521 // static
GetConnectionCloseFrameSize(QuicTransportVersion version,const QuicConnectionCloseFrame & frame)522 size_t QuicFramer::GetConnectionCloseFrameSize(
523     QuicTransportVersion version, const QuicConnectionCloseFrame& frame) {
524   if (!VersionHasIetfQuicFrames(version)) {
525     // Not IETF QUIC, return Google QUIC CONNECTION CLOSE frame size.
526     return kQuicFrameTypeSize + kQuicErrorCodeSize +
527            kQuicErrorDetailsLengthSize +
528            TruncatedErrorStringSize(frame.error_details);
529   }
530 
531   // Prepend the extra error information to the string and get the result's
532   // length.
533   const size_t truncated_error_string_size = TruncatedErrorStringSize(
534       GenerateErrorString(frame.error_details, frame.quic_error_code));
535 
536   const size_t frame_size =
537       truncated_error_string_size +
538       QuicDataWriter::GetVarInt62Len(truncated_error_string_size) +
539       kQuicFrameTypeSize +
540       QuicDataWriter::GetVarInt62Len(frame.wire_error_code);
541   if (frame.close_type == IETF_QUIC_APPLICATION_CONNECTION_CLOSE) {
542     return frame_size;
543   }
544   // The Transport close frame has the transport_close_frame_type, so include
545   // its length.
546   return frame_size +
547          QuicDataWriter::GetVarInt62Len(frame.transport_close_frame_type);
548 }
549 
550 // static
GetMinGoAwayFrameSize()551 size_t QuicFramer::GetMinGoAwayFrameSize() {
552   return kQuicFrameTypeSize + kQuicErrorCodeSize + kQuicErrorDetailsLengthSize +
553          kQuicMaxStreamIdSize;
554 }
555 
556 // static
GetWindowUpdateFrameSize(QuicTransportVersion version,const QuicWindowUpdateFrame & frame)557 size_t QuicFramer::GetWindowUpdateFrameSize(
558     QuicTransportVersion version, const QuicWindowUpdateFrame& frame) {
559   if (!VersionHasIetfQuicFrames(version)) {
560     return kQuicFrameTypeSize + kQuicMaxStreamIdSize + kQuicMaxStreamOffsetSize;
561   }
562   if (frame.stream_id == QuicUtils::GetInvalidStreamId(version)) {
563     // Frame would be a MAX DATA frame, which has only a Maximum Data field.
564     return kQuicFrameTypeSize + QuicDataWriter::GetVarInt62Len(frame.max_data);
565   }
566   // Frame would be MAX STREAM DATA, has Maximum Stream Data and Stream ID
567   // fields.
568   return kQuicFrameTypeSize + QuicDataWriter::GetVarInt62Len(frame.max_data) +
569          QuicDataWriter::GetVarInt62Len(frame.stream_id);
570 }
571 
572 // static
GetMaxStreamsFrameSize(QuicTransportVersion version,const QuicMaxStreamsFrame & frame)573 size_t QuicFramer::GetMaxStreamsFrameSize(QuicTransportVersion version,
574                                           const QuicMaxStreamsFrame& frame) {
575   if (!VersionHasIetfQuicFrames(version)) {
576     QUIC_BUG(quic_bug_10850_9)
577         << "In version " << version
578         << ", which does not support IETF Frames, and tried to serialize "
579            "MaxStreams Frame.";
580   }
581   return kQuicFrameTypeSize +
582          QuicDataWriter::GetVarInt62Len(frame.stream_count);
583 }
584 
585 // static
GetStreamsBlockedFrameSize(QuicTransportVersion version,const QuicStreamsBlockedFrame & frame)586 size_t QuicFramer::GetStreamsBlockedFrameSize(
587     QuicTransportVersion version, const QuicStreamsBlockedFrame& frame) {
588   if (!VersionHasIetfQuicFrames(version)) {
589     QUIC_BUG(quic_bug_10850_10)
590         << "In version " << version
591         << ", which does not support IETF frames, and tried to serialize "
592            "StreamsBlocked Frame.";
593   }
594 
595   return kQuicFrameTypeSize +
596          QuicDataWriter::GetVarInt62Len(frame.stream_count);
597 }
598 
599 // static
GetBlockedFrameSize(QuicTransportVersion version,const QuicBlockedFrame & frame)600 size_t QuicFramer::GetBlockedFrameSize(QuicTransportVersion version,
601                                        const QuicBlockedFrame& frame) {
602   if (!VersionHasIetfQuicFrames(version)) {
603     return kQuicFrameTypeSize + kQuicMaxStreamIdSize;
604   }
605   if (frame.stream_id == QuicUtils::GetInvalidStreamId(version)) {
606     // return size of IETF QUIC Blocked frame
607     return kQuicFrameTypeSize + QuicDataWriter::GetVarInt62Len(frame.offset);
608   }
609   // return size of IETF QUIC Stream Blocked frame.
610   return kQuicFrameTypeSize + QuicDataWriter::GetVarInt62Len(frame.offset) +
611          QuicDataWriter::GetVarInt62Len(frame.stream_id);
612 }
613 
614 // static
GetStopSendingFrameSize(const QuicStopSendingFrame & frame)615 size_t QuicFramer::GetStopSendingFrameSize(const QuicStopSendingFrame& frame) {
616   return kQuicFrameTypeSize + QuicDataWriter::GetVarInt62Len(frame.stream_id) +
617          QuicDataWriter::GetVarInt62Len(frame.ietf_error_code);
618 }
619 
620 // static
GetAckFrequencyFrameSize(const QuicAckFrequencyFrame & frame)621 size_t QuicFramer::GetAckFrequencyFrameSize(
622     const QuicAckFrequencyFrame& frame) {
623   return QuicDataWriter::GetVarInt62Len(IETF_ACK_FREQUENCY) +
624          QuicDataWriter::GetVarInt62Len(frame.sequence_number) +
625          QuicDataWriter::GetVarInt62Len(frame.packet_tolerance) +
626          QuicDataWriter::GetVarInt62Len(frame.max_ack_delay.ToMicroseconds()) +
627          // One byte for encoding boolean
628          1;
629 }
630 
631 // static
GetResetStreamAtFrameSize(const QuicResetStreamAtFrame & frame)632 size_t QuicFramer::GetResetStreamAtFrameSize(
633     const QuicResetStreamAtFrame& frame) {
634   return QuicDataWriter::GetVarInt62Len(IETF_RESET_STREAM_AT) +
635          QuicDataWriter::GetVarInt62Len(frame.stream_id) +
636          QuicDataWriter::GetVarInt62Len(frame.error) +
637          QuicDataWriter::GetVarInt62Len(frame.final_offset) +
638          QuicDataWriter::GetVarInt62Len(frame.reliable_offset);
639 }
640 
641 // static
GetPathChallengeFrameSize(const QuicPathChallengeFrame & frame)642 size_t QuicFramer::GetPathChallengeFrameSize(
643     const QuicPathChallengeFrame& frame) {
644   return kQuicFrameTypeSize + sizeof(frame.data_buffer);
645 }
646 
647 // static
GetPathResponseFrameSize(const QuicPathResponseFrame & frame)648 size_t QuicFramer::GetPathResponseFrameSize(
649     const QuicPathResponseFrame& frame) {
650   return kQuicFrameTypeSize + sizeof(frame.data_buffer);
651 }
652 
653 // static
GetRetransmittableControlFrameSize(QuicTransportVersion version,const QuicFrame & frame)654 size_t QuicFramer::GetRetransmittableControlFrameSize(
655     QuicTransportVersion version, const QuicFrame& frame) {
656   switch (frame.type) {
657     case PING_FRAME:
658       // Ping has no payload.
659       return kQuicFrameTypeSize;
660     case RST_STREAM_FRAME:
661       return GetRstStreamFrameSize(version, *frame.rst_stream_frame);
662     case CONNECTION_CLOSE_FRAME:
663       return GetConnectionCloseFrameSize(version,
664                                          *frame.connection_close_frame);
665     case GOAWAY_FRAME:
666       return GetMinGoAwayFrameSize() +
667              TruncatedErrorStringSize(frame.goaway_frame->reason_phrase);
668     case WINDOW_UPDATE_FRAME:
669       // For IETF QUIC, this could be either a MAX DATA or MAX STREAM DATA.
670       // GetWindowUpdateFrameSize figures this out and returns the correct
671       // length.
672       return GetWindowUpdateFrameSize(version, frame.window_update_frame);
673     case BLOCKED_FRAME:
674       return GetBlockedFrameSize(version, frame.blocked_frame);
675     case NEW_CONNECTION_ID_FRAME:
676       return GetNewConnectionIdFrameSize(*frame.new_connection_id_frame);
677     case RETIRE_CONNECTION_ID_FRAME:
678       return GetRetireConnectionIdFrameSize(*frame.retire_connection_id_frame);
679     case NEW_TOKEN_FRAME:
680       return GetNewTokenFrameSize(*frame.new_token_frame);
681     case MAX_STREAMS_FRAME:
682       return GetMaxStreamsFrameSize(version, frame.max_streams_frame);
683     case STREAMS_BLOCKED_FRAME:
684       return GetStreamsBlockedFrameSize(version, frame.streams_blocked_frame);
685     case PATH_RESPONSE_FRAME:
686       return GetPathResponseFrameSize(frame.path_response_frame);
687     case PATH_CHALLENGE_FRAME:
688       return GetPathChallengeFrameSize(frame.path_challenge_frame);
689     case STOP_SENDING_FRAME:
690       return GetStopSendingFrameSize(frame.stop_sending_frame);
691     case HANDSHAKE_DONE_FRAME:
692       // HANDSHAKE_DONE has no payload.
693       return kQuicFrameTypeSize;
694     case ACK_FREQUENCY_FRAME:
695       return GetAckFrequencyFrameSize(*frame.ack_frequency_frame);
696     case RESET_STREAM_AT_FRAME:
697       return GetResetStreamAtFrameSize(*frame.reset_stream_at_frame);
698     case STREAM_FRAME:
699     case ACK_FRAME:
700     case STOP_WAITING_FRAME:
701     case MTU_DISCOVERY_FRAME:
702     case PADDING_FRAME:
703     case MESSAGE_FRAME:
704     case CRYPTO_FRAME:
705     case NUM_FRAME_TYPES:
706       QUICHE_DCHECK(false);
707       return 0;
708   }
709 
710   // Not reachable, but some Chrome compilers can't figure that out.  *sigh*
711   QUICHE_DCHECK(false);
712   return 0;
713 }
714 
715 // static
GetStreamIdSize(QuicStreamId stream_id)716 size_t QuicFramer::GetStreamIdSize(QuicStreamId stream_id) {
717   // Sizes are 1 through 4 bytes.
718   for (int i = 1; i <= 4; ++i) {
719     stream_id >>= 8;
720     if (stream_id == 0) {
721       return i;
722     }
723   }
724   QUIC_BUG(quic_bug_10850_11) << "Failed to determine StreamIDSize.";
725   return 4;
726 }
727 
728 // static
GetStreamOffsetSize(QuicStreamOffset offset)729 size_t QuicFramer::GetStreamOffsetSize(QuicStreamOffset offset) {
730   // 0 is a special case.
731   if (offset == 0) {
732     return 0;
733   }
734   // 2 through 8 are the remaining sizes.
735   offset >>= 8;
736   for (int i = 2; i <= 8; ++i) {
737     offset >>= 8;
738     if (offset == 0) {
739       return i;
740     }
741   }
742   QUIC_BUG(quic_bug_10850_12) << "Failed to determine StreamOffsetSize.";
743   return 8;
744 }
745 
746 // static
GetNewConnectionIdFrameSize(const QuicNewConnectionIdFrame & frame)747 size_t QuicFramer::GetNewConnectionIdFrameSize(
748     const QuicNewConnectionIdFrame& frame) {
749   return kQuicFrameTypeSize +
750          QuicDataWriter::GetVarInt62Len(frame.sequence_number) +
751          QuicDataWriter::GetVarInt62Len(frame.retire_prior_to) +
752          kConnectionIdLengthSize + frame.connection_id.length() +
753          sizeof(frame.stateless_reset_token);
754 }
755 
756 // static
GetRetireConnectionIdFrameSize(const QuicRetireConnectionIdFrame & frame)757 size_t QuicFramer::GetRetireConnectionIdFrameSize(
758     const QuicRetireConnectionIdFrame& frame) {
759   return kQuicFrameTypeSize +
760          QuicDataWriter::GetVarInt62Len(frame.sequence_number);
761 }
762 
763 // static
GetNewTokenFrameSize(const QuicNewTokenFrame & frame)764 size_t QuicFramer::GetNewTokenFrameSize(const QuicNewTokenFrame& frame) {
765   return kQuicFrameTypeSize +
766          QuicDataWriter::GetVarInt62Len(frame.token.length()) +
767          frame.token.length();
768 }
769 
IsSupportedVersion(const ParsedQuicVersion version) const770 bool QuicFramer::IsSupportedVersion(const ParsedQuicVersion version) const {
771   for (const ParsedQuicVersion& supported_version : supported_versions_) {
772     if (version == supported_version) {
773       return true;
774     }
775   }
776   return false;
777 }
778 
GetSerializedFrameLength(const QuicFrame & frame,size_t free_bytes,bool first_frame,bool last_frame,QuicPacketNumberLength packet_number_length)779 size_t QuicFramer::GetSerializedFrameLength(
780     const QuicFrame& frame, size_t free_bytes, bool first_frame,
781     bool last_frame, QuicPacketNumberLength packet_number_length) {
782   // Prevent a rare crash reported in b/19458523.
783   if (frame.type == ACK_FRAME && frame.ack_frame == nullptr) {
784     QUIC_BUG(quic_bug_10850_13)
785         << "Cannot compute the length of a null ack frame. free_bytes:"
786         << free_bytes << " first_frame:" << first_frame
787         << " last_frame:" << last_frame
788         << " seq num length:" << packet_number_length;
789     set_error(QUIC_INTERNAL_ERROR);
790     visitor_->OnError(this);
791     return 0;
792   }
793   if (frame.type == PADDING_FRAME) {
794     if (frame.padding_frame.num_padding_bytes == -1) {
795       // Full padding to the end of the packet.
796       return free_bytes;
797     } else {
798       // Lite padding.
799       return free_bytes <
800                      static_cast<size_t>(frame.padding_frame.num_padding_bytes)
801                  ? free_bytes
802                  : frame.padding_frame.num_padding_bytes;
803     }
804   }
805 
806   size_t frame_len =
807       ComputeFrameLength(frame, last_frame, packet_number_length);
808   if (frame_len <= free_bytes) {
809     // Frame fits within packet. Note that acks may be truncated.
810     return frame_len;
811   }
812   // Only truncate the first frame in a packet, so if subsequent ones go
813   // over, stop including more frames.
814   if (!first_frame) {
815     return 0;
816   }
817   bool can_truncate =
818       frame.type == ACK_FRAME &&
819       free_bytes >=
820           GetMinAckFrameSize(version_.transport_version, *frame.ack_frame,
821                              local_ack_delay_exponent_,
822                              UseIetfAckWithReceiveTimestamp(*frame.ack_frame));
823   if (can_truncate) {
824     // Truncate the frame so the packet will not exceed kMaxOutgoingPacketSize.
825     // Note that we may not use every byte of the writer in this case.
826     QUIC_DLOG(INFO) << ENDPOINT
827                     << "Truncating large frame, free bytes: " << free_bytes;
828     return free_bytes;
829   }
830   return 0;
831 }
832 
AckFrameInfo()833 QuicFramer::AckFrameInfo::AckFrameInfo()
834     : max_block_length(0), first_block_length(0), num_ack_blocks(0) {}
835 
836 QuicFramer::AckFrameInfo::AckFrameInfo(const AckFrameInfo& other) = default;
837 
~AckFrameInfo()838 QuicFramer::AckFrameInfo::~AckFrameInfo() {}
839 
WriteIetfLongHeaderLength(const QuicPacketHeader & header,QuicDataWriter * writer,size_t length_field_offset,EncryptionLevel level)840 bool QuicFramer::WriteIetfLongHeaderLength(const QuicPacketHeader& header,
841                                            QuicDataWriter* writer,
842                                            size_t length_field_offset,
843                                            EncryptionLevel level) {
844   if (!QuicVersionHasLongHeaderLengths(transport_version()) ||
845       !header.version_flag || length_field_offset == 0) {
846     return true;
847   }
848   if (writer->length() < length_field_offset ||
849       writer->length() - length_field_offset <
850           quiche::kQuicheDefaultLongHeaderLengthLength) {
851     set_detailed_error("Invalid length_field_offset.");
852     QUIC_BUG(quic_bug_10850_14) << "Invalid length_field_offset.";
853     return false;
854   }
855   size_t length_to_write = writer->length() - length_field_offset -
856                            quiche::kQuicheDefaultLongHeaderLengthLength;
857   // Add length of auth tag.
858   length_to_write = GetCiphertextSize(level, length_to_write);
859 
860   QuicDataWriter length_writer(writer->length() - length_field_offset,
861                                writer->data() + length_field_offset);
862   if (!length_writer.WriteVarInt62WithForcedLength(
863           length_to_write, quiche::kQuicheDefaultLongHeaderLengthLength)) {
864     set_detailed_error("Failed to overwrite long header length.");
865     QUIC_BUG(quic_bug_10850_15) << "Failed to overwrite long header length.";
866     return false;
867   }
868   return true;
869 }
870 
BuildDataPacket(const QuicPacketHeader & header,const QuicFrames & frames,char * buffer,size_t packet_length,EncryptionLevel level)871 size_t QuicFramer::BuildDataPacket(const QuicPacketHeader& header,
872                                    const QuicFrames& frames, char* buffer,
873                                    size_t packet_length,
874                                    EncryptionLevel level) {
875   QUIC_BUG_IF(quic_bug_12975_2, header.version_flag &&
876                                     header.long_packet_type == RETRY &&
877                                     !frames.empty())
878       << "IETF RETRY packets cannot contain frames " << header;
879   QuicDataWriter writer(packet_length, buffer);
880   size_t length_field_offset = 0;
881   if (!AppendIetfPacketHeader(header, &writer, &length_field_offset)) {
882     QUIC_BUG(quic_bug_10850_16) << "AppendPacketHeader failed";
883     return 0;
884   }
885 
886   if (VersionHasIetfQuicFrames(transport_version())) {
887     if (AppendIetfFrames(frames, &writer) == 0) {
888       return 0;
889     }
890     if (!WriteIetfLongHeaderLength(header, &writer, length_field_offset,
891                                    level)) {
892       return 0;
893     }
894     return writer.length();
895   }
896 
897   size_t i = 0;
898   for (const QuicFrame& frame : frames) {
899     // Determine if we should write stream frame length in header.
900     const bool last_frame_in_packet = i == frames.size() - 1;
901     if (!AppendTypeByte(frame, last_frame_in_packet, &writer)) {
902       QUIC_BUG(quic_bug_10850_17) << "AppendTypeByte failed";
903       return 0;
904     }
905 
906     switch (frame.type) {
907       case PADDING_FRAME:
908         if (!AppendPaddingFrame(frame.padding_frame, &writer)) {
909           QUIC_BUG(quic_bug_10850_18)
910               << "AppendPaddingFrame of "
911               << frame.padding_frame.num_padding_bytes << " failed";
912           return 0;
913         }
914         break;
915       case STREAM_FRAME:
916         if (!AppendStreamFrame(frame.stream_frame, last_frame_in_packet,
917                                &writer)) {
918           QUIC_BUG(quic_bug_10850_19) << "AppendStreamFrame failed";
919           return 0;
920         }
921         break;
922       case ACK_FRAME:
923         if (!AppendAckFrameAndTypeByte(*frame.ack_frame, &writer)) {
924           QUIC_BUG(quic_bug_10850_20)
925               << "AppendAckFrameAndTypeByte failed: " << detailed_error_;
926           return 0;
927         }
928         break;
929       case MTU_DISCOVERY_FRAME:
930         // MTU discovery frames are serialized as ping frames.
931         ABSL_FALLTHROUGH_INTENDED;
932       case PING_FRAME:
933         // Ping has no payload.
934         break;
935       case RST_STREAM_FRAME:
936         if (!AppendRstStreamFrame(*frame.rst_stream_frame, &writer)) {
937           QUIC_BUG(quic_bug_10850_22) << "AppendRstStreamFrame failed";
938           return 0;
939         }
940         break;
941       case CONNECTION_CLOSE_FRAME:
942         if (!AppendConnectionCloseFrame(*frame.connection_close_frame,
943                                         &writer)) {
944           QUIC_BUG(quic_bug_10850_23) << "AppendConnectionCloseFrame failed";
945           return 0;
946         }
947         break;
948       case GOAWAY_FRAME:
949         if (!AppendGoAwayFrame(*frame.goaway_frame, &writer)) {
950           QUIC_BUG(quic_bug_10850_24) << "AppendGoAwayFrame failed";
951           return 0;
952         }
953         break;
954       case WINDOW_UPDATE_FRAME:
955         if (!AppendWindowUpdateFrame(frame.window_update_frame, &writer)) {
956           QUIC_BUG(quic_bug_10850_25) << "AppendWindowUpdateFrame failed";
957           return 0;
958         }
959         break;
960       case BLOCKED_FRAME:
961         if (!AppendBlockedFrame(frame.blocked_frame, &writer)) {
962           QUIC_BUG(quic_bug_10850_26) << "AppendBlockedFrame failed";
963           return 0;
964         }
965         break;
966       case NEW_CONNECTION_ID_FRAME:
967         set_detailed_error(
968             "Attempt to append NEW_CONNECTION_ID frame and not in IETF QUIC.");
969         return RaiseError(QUIC_INTERNAL_ERROR);
970       case RETIRE_CONNECTION_ID_FRAME:
971         set_detailed_error(
972             "Attempt to append RETIRE_CONNECTION_ID frame and not in IETF "
973             "QUIC.");
974         return RaiseError(QUIC_INTERNAL_ERROR);
975       case NEW_TOKEN_FRAME:
976         set_detailed_error(
977             "Attempt to append NEW_TOKEN_ID frame and not in IETF QUIC.");
978         return RaiseError(QUIC_INTERNAL_ERROR);
979       case MAX_STREAMS_FRAME:
980         set_detailed_error(
981             "Attempt to append MAX_STREAMS frame and not in IETF QUIC.");
982         return RaiseError(QUIC_INTERNAL_ERROR);
983       case STREAMS_BLOCKED_FRAME:
984         set_detailed_error(
985             "Attempt to append STREAMS_BLOCKED frame and not in IETF QUIC.");
986         return RaiseError(QUIC_INTERNAL_ERROR);
987       case PATH_RESPONSE_FRAME:
988         set_detailed_error(
989             "Attempt to append PATH_RESPONSE frame and not in IETF QUIC.");
990         return RaiseError(QUIC_INTERNAL_ERROR);
991       case PATH_CHALLENGE_FRAME:
992         set_detailed_error(
993             "Attempt to append PATH_CHALLENGE frame and not in IETF QUIC.");
994         return RaiseError(QUIC_INTERNAL_ERROR);
995       case STOP_SENDING_FRAME:
996         set_detailed_error(
997             "Attempt to append STOP_SENDING frame and not in IETF QUIC.");
998         return RaiseError(QUIC_INTERNAL_ERROR);
999       case MESSAGE_FRAME:
1000         if (!AppendMessageFrameAndTypeByte(*frame.message_frame,
1001                                            last_frame_in_packet, &writer)) {
1002           QUIC_BUG(quic_bug_10850_27) << "AppendMessageFrame failed";
1003           return 0;
1004         }
1005         break;
1006       case CRYPTO_FRAME:
1007         if (!QuicVersionUsesCryptoFrames(version_.transport_version)) {
1008           set_detailed_error(
1009               "Attempt to append CRYPTO frame in version prior to 47.");
1010           return RaiseError(QUIC_INTERNAL_ERROR);
1011         }
1012         if (!AppendCryptoFrame(*frame.crypto_frame, &writer)) {
1013           QUIC_BUG(quic_bug_10850_28) << "AppendCryptoFrame failed";
1014           return 0;
1015         }
1016         break;
1017       case HANDSHAKE_DONE_FRAME:
1018         // HANDSHAKE_DONE has no payload.
1019         break;
1020       default:
1021         RaiseError(QUIC_INVALID_FRAME_DATA);
1022         QUIC_BUG(quic_bug_10850_29) << "QUIC_INVALID_FRAME_DATA";
1023         return 0;
1024     }
1025     ++i;
1026   }
1027 
1028   if (!WriteIetfLongHeaderLength(header, &writer, length_field_offset, level)) {
1029     return 0;
1030   }
1031 
1032   return writer.length();
1033 }
1034 
AppendIetfFrames(const QuicFrames & frames,QuicDataWriter * writer)1035 size_t QuicFramer::AppendIetfFrames(const QuicFrames& frames,
1036                                     QuicDataWriter* writer) {
1037   size_t i = 0;
1038   for (const QuicFrame& frame : frames) {
1039     // Determine if we should write stream frame length in header.
1040     const bool last_frame_in_packet = i == frames.size() - 1;
1041     if (!AppendIetfFrameType(frame, last_frame_in_packet, writer)) {
1042       QUIC_BUG(quic_bug_10850_30)
1043           << "AppendIetfFrameType failed: " << detailed_error();
1044       return 0;
1045     }
1046 
1047     switch (frame.type) {
1048       case PADDING_FRAME:
1049         if (!AppendPaddingFrame(frame.padding_frame, writer)) {
1050           QUIC_BUG(quic_bug_10850_31) << "AppendPaddingFrame of "
1051                                       << frame.padding_frame.num_padding_bytes
1052                                       << " failed: " << detailed_error();
1053           return 0;
1054         }
1055         break;
1056       case STREAM_FRAME:
1057         if (!AppendStreamFrame(frame.stream_frame, last_frame_in_packet,
1058                                writer)) {
1059           QUIC_BUG(quic_bug_10850_32)
1060               << "AppendStreamFrame " << frame.stream_frame
1061               << " failed: " << detailed_error();
1062           return 0;
1063         }
1064         break;
1065       case ACK_FRAME:
1066         if (!AppendIetfAckFrameAndTypeByte(*frame.ack_frame, writer)) {
1067           QUIC_BUG(quic_bug_10850_33)
1068               << "AppendIetfAckFrameAndTypeByte failed: " << detailed_error();
1069           return 0;
1070         }
1071         break;
1072       case STOP_WAITING_FRAME:
1073         set_detailed_error(
1074             "Attempt to append STOP WAITING frame in IETF QUIC.");
1075         RaiseError(QUIC_INTERNAL_ERROR);
1076         QUIC_BUG(quic_bug_10850_34) << detailed_error();
1077         return 0;
1078       case MTU_DISCOVERY_FRAME:
1079         // MTU discovery frames are serialized as ping frames.
1080         ABSL_FALLTHROUGH_INTENDED;
1081       case PING_FRAME:
1082         // Ping has no payload.
1083         break;
1084       case RST_STREAM_FRAME:
1085         if (!AppendRstStreamFrame(*frame.rst_stream_frame, writer)) {
1086           QUIC_BUG(quic_bug_10850_35)
1087               << "AppendRstStreamFrame failed: " << detailed_error();
1088           return 0;
1089         }
1090         break;
1091       case CONNECTION_CLOSE_FRAME:
1092         if (!AppendIetfConnectionCloseFrame(*frame.connection_close_frame,
1093                                             writer)) {
1094           QUIC_BUG(quic_bug_10850_36)
1095               << "AppendIetfConnectionCloseFrame failed: " << detailed_error();
1096           return 0;
1097         }
1098         break;
1099       case GOAWAY_FRAME:
1100         set_detailed_error("Attempt to append GOAWAY frame in IETF QUIC.");
1101         RaiseError(QUIC_INTERNAL_ERROR);
1102         QUIC_BUG(quic_bug_10850_37) << detailed_error();
1103         return 0;
1104       case WINDOW_UPDATE_FRAME:
1105         // Depending on whether there is a stream ID or not, will be either a
1106         // MAX STREAM DATA frame or a MAX DATA frame.
1107         if (frame.window_update_frame.stream_id ==
1108             QuicUtils::GetInvalidStreamId(transport_version())) {
1109           if (!AppendMaxDataFrame(frame.window_update_frame, writer)) {
1110             QUIC_BUG(quic_bug_10850_38)
1111                 << "AppendMaxDataFrame failed: " << detailed_error();
1112             return 0;
1113           }
1114         } else {
1115           if (!AppendMaxStreamDataFrame(frame.window_update_frame, writer)) {
1116             QUIC_BUG(quic_bug_10850_39)
1117                 << "AppendMaxStreamDataFrame failed: " << detailed_error();
1118             return 0;
1119           }
1120         }
1121         break;
1122       case BLOCKED_FRAME:
1123         if (!AppendBlockedFrame(frame.blocked_frame, writer)) {
1124           QUIC_BUG(quic_bug_10850_40)
1125               << "AppendBlockedFrame failed: " << detailed_error();
1126           return 0;
1127         }
1128         break;
1129       case MAX_STREAMS_FRAME:
1130         if (!AppendMaxStreamsFrame(frame.max_streams_frame, writer)) {
1131           QUIC_BUG(quic_bug_10850_41)
1132               << "AppendMaxStreamsFrame failed: " << detailed_error();
1133           return 0;
1134         }
1135         break;
1136       case STREAMS_BLOCKED_FRAME:
1137         if (!AppendStreamsBlockedFrame(frame.streams_blocked_frame, writer)) {
1138           QUIC_BUG(quic_bug_10850_42)
1139               << "AppendStreamsBlockedFrame failed: " << detailed_error();
1140           return 0;
1141         }
1142         break;
1143       case NEW_CONNECTION_ID_FRAME:
1144         if (!AppendNewConnectionIdFrame(*frame.new_connection_id_frame,
1145                                         writer)) {
1146           QUIC_BUG(quic_bug_10850_43)
1147               << "AppendNewConnectionIdFrame failed: " << detailed_error();
1148           return 0;
1149         }
1150         break;
1151       case RETIRE_CONNECTION_ID_FRAME:
1152         if (!AppendRetireConnectionIdFrame(*frame.retire_connection_id_frame,
1153                                            writer)) {
1154           QUIC_BUG(quic_bug_10850_44)
1155               << "AppendRetireConnectionIdFrame failed: " << detailed_error();
1156           return 0;
1157         }
1158         break;
1159       case NEW_TOKEN_FRAME:
1160         if (!AppendNewTokenFrame(*frame.new_token_frame, writer)) {
1161           QUIC_BUG(quic_bug_10850_45)
1162               << "AppendNewTokenFrame failed: " << detailed_error();
1163           return 0;
1164         }
1165         break;
1166       case STOP_SENDING_FRAME:
1167         if (!AppendStopSendingFrame(frame.stop_sending_frame, writer)) {
1168           QUIC_BUG(quic_bug_10850_46)
1169               << "AppendStopSendingFrame failed: " << detailed_error();
1170           return 0;
1171         }
1172         break;
1173       case PATH_CHALLENGE_FRAME:
1174         if (!AppendPathChallengeFrame(frame.path_challenge_frame, writer)) {
1175           QUIC_BUG(quic_bug_10850_47)
1176               << "AppendPathChallengeFrame failed: " << detailed_error();
1177           return 0;
1178         }
1179         break;
1180       case PATH_RESPONSE_FRAME:
1181         if (!AppendPathResponseFrame(frame.path_response_frame, writer)) {
1182           QUIC_BUG(quic_bug_10850_48)
1183               << "AppendPathResponseFrame failed: " << detailed_error();
1184           return 0;
1185         }
1186         break;
1187       case MESSAGE_FRAME:
1188         if (!AppendMessageFrameAndTypeByte(*frame.message_frame,
1189                                            last_frame_in_packet, writer)) {
1190           QUIC_BUG(quic_bug_10850_49)
1191               << "AppendMessageFrame failed: " << detailed_error();
1192           return 0;
1193         }
1194         break;
1195       case CRYPTO_FRAME:
1196         if (!AppendCryptoFrame(*frame.crypto_frame, writer)) {
1197           QUIC_BUG(quic_bug_10850_50)
1198               << "AppendCryptoFrame failed: " << detailed_error();
1199           return 0;
1200         }
1201         break;
1202       case HANDSHAKE_DONE_FRAME:
1203         // HANDSHAKE_DONE has no payload.
1204         break;
1205       case ACK_FREQUENCY_FRAME:
1206         if (!AppendAckFrequencyFrame(*frame.ack_frequency_frame, writer)) {
1207           QUIC_BUG(quic_bug_10850_51)
1208               << "AppendAckFrequencyFrame failed: " << detailed_error();
1209           return 0;
1210         }
1211         break;
1212       case RESET_STREAM_AT_FRAME:
1213         QUIC_BUG_IF(reset_stream_at_appended_while_disabled,
1214                     !process_reset_stream_at_)
1215             << "Requested serialization of RESET_STREAM_AT_FRAME while it is "
1216                "not explicitly enabled in the framer";
1217         if (!AppendResetFrameAtFrame(*frame.reset_stream_at_frame, *writer)) {
1218           QUIC_BUG(cannot_append_reset_stream_at)
1219               << "AppendResetStreamAtFram failed: " << detailed_error();
1220           return 0;
1221         }
1222         break;
1223       default:
1224         set_detailed_error("Tried to append unknown frame type.");
1225         RaiseError(QUIC_INVALID_FRAME_DATA);
1226         QUIC_BUG(quic_bug_10850_52)
1227             << "QUIC_INVALID_FRAME_DATA: " << frame.type;
1228         return 0;
1229     }
1230     ++i;
1231   }
1232 
1233   return writer->length();
1234 }
1235 
1236 // static
BuildPublicResetPacket(const QuicPublicResetPacket & packet)1237 std::unique_ptr<QuicEncryptedPacket> QuicFramer::BuildPublicResetPacket(
1238     const QuicPublicResetPacket& packet) {
1239   CryptoHandshakeMessage reset;
1240   reset.set_tag(kPRST);
1241   reset.SetValue(kRNON, packet.nonce_proof);
1242   if (packet.client_address.host().address_family() !=
1243       IpAddressFamily::IP_UNSPEC) {
1244     // packet.client_address is non-empty.
1245     QuicSocketAddressCoder address_coder(packet.client_address);
1246     std::string serialized_address = address_coder.Encode();
1247     if (serialized_address.empty()) {
1248       return nullptr;
1249     }
1250     reset.SetStringPiece(kCADR, serialized_address);
1251   }
1252   if (!packet.endpoint_id.empty()) {
1253     reset.SetStringPiece(kEPID, packet.endpoint_id);
1254   }
1255   const QuicData& reset_serialized = reset.GetSerialized();
1256 
1257   size_t len = kPublicFlagsSize + packet.connection_id.length() +
1258                reset_serialized.length();
1259   std::unique_ptr<char[]> buffer(new char[len]);
1260   QuicDataWriter writer(len, buffer.get());
1261 
1262   uint8_t flags = static_cast<uint8_t>(PACKET_PUBLIC_FLAGS_RST |
1263                                        PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID);
1264   // This hack makes post-v33 public reset packet look like pre-v33 packets.
1265   flags |= static_cast<uint8_t>(PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID_OLD);
1266   if (!writer.WriteUInt8(flags)) {
1267     return nullptr;
1268   }
1269 
1270   if (!writer.WriteConnectionId(packet.connection_id)) {
1271     return nullptr;
1272   }
1273 
1274   if (!writer.WriteBytes(reset_serialized.data(), reset_serialized.length())) {
1275     return nullptr;
1276   }
1277 
1278   return std::make_unique<QuicEncryptedPacket>(buffer.release(), len, true);
1279 }
1280 
1281 // static
GetMinStatelessResetPacketLength()1282 size_t QuicFramer::GetMinStatelessResetPacketLength() {
1283   // 5 bytes (40 bits) = 2 Fixed Bits (01) + 38 Unpredictable bits
1284   return 5 + kStatelessResetTokenLength;
1285 }
1286 
1287 // static
BuildIetfStatelessResetPacket(QuicConnectionId connection_id,size_t received_packet_length,StatelessResetToken stateless_reset_token)1288 std::unique_ptr<QuicEncryptedPacket> QuicFramer::BuildIetfStatelessResetPacket(
1289     QuicConnectionId connection_id, size_t received_packet_length,
1290     StatelessResetToken stateless_reset_token) {
1291   return BuildIetfStatelessResetPacket(connection_id, received_packet_length,
1292                                        stateless_reset_token,
1293                                        QuicRandom::GetInstance());
1294 }
1295 
1296 // static
BuildIetfStatelessResetPacket(QuicConnectionId,size_t received_packet_length,StatelessResetToken stateless_reset_token,QuicRandom * random)1297 std::unique_ptr<QuicEncryptedPacket> QuicFramer::BuildIetfStatelessResetPacket(
1298     QuicConnectionId /*connection_id*/, size_t received_packet_length,
1299     StatelessResetToken stateless_reset_token, QuicRandom* random) {
1300   QUIC_DVLOG(1) << "Building IETF stateless reset packet.";
1301   if (received_packet_length <= GetMinStatelessResetPacketLength()) {
1302     QUICHE_DLOG(ERROR)
1303         << "Tried to build stateless reset packet with received packet "
1304            "length "
1305         << received_packet_length;
1306     return nullptr;
1307   }
1308   // To ensure stateless reset is indistinguishable from a valid packet,
1309   // include the max connection ID length.
1310   size_t len = std::min(received_packet_length - 1,
1311                         GetMinStatelessResetPacketLength() + 1 +
1312                             kQuicMaxConnectionIdWithLengthPrefixLength);
1313   std::unique_ptr<char[]> buffer(new char[len]);
1314   QuicDataWriter writer(len, buffer.get());
1315   // Append random bytes. This randomness only exists to prevent middleboxes
1316   // from comparing the entire packet to a known value. Therefore it has no
1317   // cryptographic use, and does not need a secure cryptographic pseudo-random
1318   // number generator. It's therefore safe to use WriteInsecureRandomBytes.
1319   const size_t random_bytes_size = len - kStatelessResetTokenLength;
1320   if (!writer.WriteInsecureRandomBytes(random, random_bytes_size)) {
1321     QUIC_BUG(362045737_2) << "Failed to append random bytes of length: "
1322                           << random_bytes_size;
1323     return nullptr;
1324   }
1325   // Change first 2 fixed bits to 01.
1326   buffer[0] &= ~FLAGS_LONG_HEADER;
1327   buffer[0] |= FLAGS_FIXED_BIT;
1328 
1329   // Append stateless reset token.
1330   if (!writer.WriteBytes(&stateless_reset_token,
1331                          sizeof(stateless_reset_token))) {
1332     QUIC_BUG(362045737_3) << "Failed to write stateless reset token";
1333     return nullptr;
1334   }
1335   return std::make_unique<QuicEncryptedPacket>(buffer.release(), len,
1336                                                /*owns_buffer=*/true);
1337 }
1338 
1339 // static
BuildVersionNegotiationPacket(QuicConnectionId server_connection_id,QuicConnectionId client_connection_id,bool ietf_quic,bool use_length_prefix,const ParsedQuicVersionVector & versions)1340 std::unique_ptr<QuicEncryptedPacket> QuicFramer::BuildVersionNegotiationPacket(
1341     QuicConnectionId server_connection_id,
1342     QuicConnectionId client_connection_id, bool ietf_quic,
1343     bool use_length_prefix, const ParsedQuicVersionVector& versions) {
1344   QUIC_CODE_COUNT(quic_build_version_negotiation);
1345   if (use_length_prefix) {
1346     QUICHE_DCHECK(ietf_quic);
1347     QUIC_CODE_COUNT(quic_build_version_negotiation_ietf);
1348   } else if (ietf_quic) {
1349     QUIC_CODE_COUNT(quic_build_version_negotiation_old_ietf);
1350   } else {
1351     QUIC_CODE_COUNT(quic_build_version_negotiation_old_gquic);
1352   }
1353   ParsedQuicVersionVector wire_versions = versions;
1354   // Add a version reserved for negotiation as suggested by the
1355   // "Using Reserved Versions" section of draft-ietf-quic-transport.
1356   if (wire_versions.empty()) {
1357     // Ensure that version negotiation packets we send have at least two
1358     // versions. This guarantees that, under all circumstances, all QUIC
1359     // packets we send are at least 14 bytes long.
1360     wire_versions = {QuicVersionReservedForNegotiation(),
1361                      QuicVersionReservedForNegotiation()};
1362   } else {
1363     // This is not uniformely distributed but is acceptable since no security
1364     // depends on this randomness.
1365     size_t version_index = 0;
1366     const bool disable_randomness =
1367         GetQuicFlag(quic_disable_version_negotiation_grease_randomness);
1368     if (!disable_randomness) {
1369       version_index =
1370           QuicRandom::GetInstance()->RandUint64() % (wire_versions.size() + 1);
1371     }
1372     wire_versions.insert(wire_versions.begin() + version_index,
1373                          QuicVersionReservedForNegotiation());
1374   }
1375   if (ietf_quic) {
1376     return BuildIetfVersionNegotiationPacket(
1377         use_length_prefix, server_connection_id, client_connection_id,
1378         wire_versions);
1379   }
1380 
1381   // The GQUIC encoding does not support encoding client connection IDs.
1382   QUICHE_DCHECK(client_connection_id.IsEmpty());
1383   // The GQUIC encoding does not support length-prefixed connection IDs.
1384   QUICHE_DCHECK(!use_length_prefix);
1385 
1386   QUICHE_DCHECK(!wire_versions.empty());
1387   size_t len = kPublicFlagsSize + server_connection_id.length() +
1388                wire_versions.size() * kQuicVersionSize;
1389   std::unique_ptr<char[]> buffer(new char[len]);
1390   QuicDataWriter writer(len, buffer.get());
1391 
1392   uint8_t flags = static_cast<uint8_t>(
1393       PACKET_PUBLIC_FLAGS_VERSION | PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID |
1394       PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID_OLD);
1395   if (!writer.WriteUInt8(flags)) {
1396     return nullptr;
1397   }
1398 
1399   if (!writer.WriteConnectionId(server_connection_id)) {
1400     return nullptr;
1401   }
1402 
1403   for (const ParsedQuicVersion& version : wire_versions) {
1404     if (!writer.WriteUInt32(CreateQuicVersionLabel(version))) {
1405       return nullptr;
1406     }
1407   }
1408 
1409   return std::make_unique<QuicEncryptedPacket>(buffer.release(), len, true);
1410 }
1411 
1412 // static
1413 std::unique_ptr<QuicEncryptedPacket>
BuildIetfVersionNegotiationPacket(bool use_length_prefix,QuicConnectionId server_connection_id,QuicConnectionId client_connection_id,const ParsedQuicVersionVector & versions)1414 QuicFramer::BuildIetfVersionNegotiationPacket(
1415     bool use_length_prefix, QuicConnectionId server_connection_id,
1416     QuicConnectionId client_connection_id,
1417     const ParsedQuicVersionVector& versions) {
1418   QUIC_DVLOG(1) << "Building IETF version negotiation packet with"
1419                 << (use_length_prefix ? "" : "out")
1420                 << " length prefix, server_connection_id "
1421                 << server_connection_id << " client_connection_id "
1422                 << client_connection_id << " versions "
1423                 << ParsedQuicVersionVectorToString(versions);
1424   QUICHE_DCHECK(!versions.empty());
1425   size_t len = kPacketHeaderTypeSize + kConnectionIdLengthSize +
1426                client_connection_id.length() + server_connection_id.length() +
1427                (versions.size() + 1) * kQuicVersionSize;
1428   if (use_length_prefix) {
1429     // When using length-prefixed connection IDs, packets carry two lengths
1430     // instead of one.
1431     len += kConnectionIdLengthSize;
1432   }
1433   std::unique_ptr<char[]> buffer(new char[len]);
1434   QuicDataWriter writer(len, buffer.get());
1435 
1436   // TODO(fayang): Randomly select a value for the type.
1437   uint8_t type = static_cast<uint8_t>(FLAGS_LONG_HEADER | FLAGS_FIXED_BIT);
1438   if (!writer.WriteUInt8(type)) {
1439     return nullptr;
1440   }
1441 
1442   if (!writer.WriteUInt32(0)) {
1443     return nullptr;
1444   }
1445 
1446   if (!AppendIetfConnectionIds(true, use_length_prefix, client_connection_id,
1447                                server_connection_id, &writer)) {
1448     return nullptr;
1449   }
1450 
1451   for (const ParsedQuicVersion& version : versions) {
1452     if (!writer.WriteUInt32(CreateQuicVersionLabel(version))) {
1453       return nullptr;
1454     }
1455   }
1456 
1457   return std::make_unique<QuicEncryptedPacket>(buffer.release(), len, true);
1458 }
1459 
ProcessPacket(const QuicEncryptedPacket & packet)1460 bool QuicFramer::ProcessPacket(const QuicEncryptedPacket& packet) {
1461   QUICHE_DCHECK(!is_processing_packet_) << ENDPOINT << "Nested ProcessPacket";
1462   is_processing_packet_ = true;
1463   bool result = ProcessPacketInternal(packet);
1464   is_processing_packet_ = false;
1465   return result;
1466 }
1467 
ProcessPacketInternal(const QuicEncryptedPacket & packet)1468 bool QuicFramer::ProcessPacketInternal(const QuicEncryptedPacket& packet) {
1469   QuicDataReader reader(packet.data(), packet.length());
1470   QUIC_DVLOG(1) << ENDPOINT << "Processing IETF QUIC packet.";
1471 
1472   visitor_->OnPacket();
1473 
1474   QuicPacketHeader header;
1475   if (!ProcessIetfPacketHeader(&reader, &header)) {
1476     QUICHE_DCHECK_NE("", detailed_error_);
1477     QUIC_DVLOG(1) << ENDPOINT << "Unable to process public header. Error: "
1478                   << detailed_error_;
1479     QUICHE_DCHECK_NE("", detailed_error_);
1480     RecordDroppedPacketReason(DroppedPacketReason::INVALID_PUBLIC_HEADER);
1481     return RaiseError(QUIC_INVALID_PACKET_HEADER);
1482   }
1483 
1484   if (!visitor_->OnUnauthenticatedPublicHeader(header)) {
1485     // The visitor suppresses further processing of the packet.
1486     return true;
1487   }
1488 
1489   if (IsVersionNegotiation(header)) {
1490     if (perspective_ == Perspective::IS_CLIENT) {
1491       QUIC_DVLOG(1) << "Client received version negotiation packet";
1492       return ProcessVersionNegotiationPacket(&reader, header);
1493     } else {
1494       QUIC_DLOG(ERROR) << "Server received version negotiation packet";
1495       set_detailed_error("Server received version negotiation packet.");
1496       return RaiseError(QUIC_INVALID_VERSION_NEGOTIATION_PACKET);
1497     }
1498   }
1499 
1500   if (header.version_flag && header.version != version_) {
1501     if (perspective_ == Perspective::IS_SERVER) {
1502       if (!visitor_->OnProtocolVersionMismatch(header.version)) {
1503         RecordDroppedPacketReason(DroppedPacketReason::VERSION_MISMATCH);
1504         return true;
1505       }
1506     } else {
1507       // A client received a packet of a different version but that packet is
1508       // not a version negotiation packet. It is therefore invalid and dropped.
1509       QUIC_DLOG(ERROR) << "Client received unexpected version "
1510                        << ParsedQuicVersionToString(header.version)
1511                        << " instead of " << ParsedQuicVersionToString(version_);
1512       set_detailed_error("Client received unexpected version.");
1513       return RaiseError(QUIC_PACKET_WRONG_VERSION);
1514     }
1515   }
1516 
1517   bool rv;
1518   if (header.long_packet_type == RETRY) {
1519     rv = ProcessRetryPacket(&reader, header);
1520   } else if (packet.length() <= kMaxIncomingPacketSize) {
1521     // The optimized decryption algorithm implementations run faster when
1522     // operating on aligned memory.
1523     ABSL_CACHELINE_ALIGNED char buffer[kMaxIncomingPacketSize];
1524     rv = ProcessIetfDataPacket(&reader, &header, packet, buffer,
1525                                ABSL_ARRAYSIZE(buffer));
1526   } else {
1527     std::unique_ptr<char[]> large_buffer(new char[packet.length()]);
1528     rv = ProcessIetfDataPacket(&reader, &header, packet, large_buffer.get(),
1529                                packet.length());
1530     QUIC_BUG_IF(quic_bug_10850_53, rv)
1531         << "QUIC should never successfully process packets larger"
1532         << "than kMaxIncomingPacketSize. packet size:" << packet.length();
1533   }
1534   return rv;
1535 }
1536 
ProcessVersionNegotiationPacket(QuicDataReader * reader,const QuicPacketHeader & header)1537 bool QuicFramer::ProcessVersionNegotiationPacket(
1538     QuicDataReader* reader, const QuicPacketHeader& header) {
1539   QUICHE_DCHECK_EQ(Perspective::IS_CLIENT, perspective_);
1540 
1541   QuicVersionNegotiationPacket packet(
1542       GetServerConnectionIdAsRecipient(header, perspective_));
1543   // Try reading at least once to raise error if the packet is invalid.
1544   do {
1545     QuicVersionLabel version_label;
1546     if (!ProcessVersionLabel(reader, &version_label)) {
1547       set_detailed_error("Unable to read supported version in negotiation.");
1548       RecordDroppedPacketReason(
1549           DroppedPacketReason::INVALID_VERSION_NEGOTIATION_PACKET);
1550       return RaiseError(QUIC_INVALID_VERSION_NEGOTIATION_PACKET);
1551     }
1552     ParsedQuicVersion parsed_version = ParseQuicVersionLabel(version_label);
1553     if (parsed_version != UnsupportedQuicVersion()) {
1554       packet.versions.push_back(parsed_version);
1555     }
1556   } while (!reader->IsDoneReading());
1557 
1558   QUIC_DLOG(INFO) << ENDPOINT << "parsed version negotiation: "
1559                   << ParsedQuicVersionVectorToString(packet.versions);
1560 
1561   visitor_->OnVersionNegotiationPacket(packet);
1562   return true;
1563 }
1564 
ProcessRetryPacket(QuicDataReader * reader,const QuicPacketHeader & header)1565 bool QuicFramer::ProcessRetryPacket(QuicDataReader* reader,
1566                                     const QuicPacketHeader& header) {
1567   QUICHE_DCHECK_EQ(Perspective::IS_CLIENT, perspective_);
1568   if (drop_incoming_retry_packets_) {
1569     QUIC_DLOG(INFO) << "Ignoring received RETRY packet";
1570     return true;
1571   }
1572 
1573   if (version_.UsesTls()) {
1574     QUICHE_DCHECK(version_.HasLengthPrefixedConnectionIds()) << version_;
1575     const size_t bytes_remaining = reader->BytesRemaining();
1576     if (bytes_remaining <= kRetryIntegrityTagLength) {
1577       set_detailed_error("Retry packet too short to parse integrity tag.");
1578       return false;
1579     }
1580     const size_t retry_token_length =
1581         bytes_remaining - kRetryIntegrityTagLength;
1582     QUICHE_DCHECK_GT(retry_token_length, 0u);
1583     absl::string_view retry_token;
1584     if (!reader->ReadStringPiece(&retry_token, retry_token_length)) {
1585       set_detailed_error("Failed to read retry token.");
1586       return false;
1587     }
1588     absl::string_view retry_without_tag = reader->PreviouslyReadPayload();
1589     absl::string_view integrity_tag = reader->ReadRemainingPayload();
1590     QUICHE_DCHECK_EQ(integrity_tag.length(), kRetryIntegrityTagLength);
1591     visitor_->OnRetryPacket(EmptyQuicConnectionId(),
1592                             header.source_connection_id, retry_token,
1593                             integrity_tag, retry_without_tag);
1594     return true;
1595   }
1596 
1597   QuicConnectionId original_destination_connection_id;
1598   if (version_.HasLengthPrefixedConnectionIds()) {
1599     // Parse Original Destination Connection ID.
1600     if (!reader->ReadLengthPrefixedConnectionId(
1601             &original_destination_connection_id)) {
1602       set_detailed_error("Unable to read Original Destination ConnectionId.");
1603       return false;
1604     }
1605   } else {
1606     // Parse Original Destination Connection ID Length.
1607     uint8_t odcil = header.type_byte & 0xf;
1608     if (odcil != 0) {
1609       odcil += kConnectionIdLengthAdjustment;
1610     }
1611 
1612     // Parse Original Destination Connection ID.
1613     if (!reader->ReadConnectionId(&original_destination_connection_id, odcil)) {
1614       set_detailed_error("Unable to read Original Destination ConnectionId.");
1615       return false;
1616     }
1617   }
1618 
1619   if (!QuicUtils::IsConnectionIdValidForVersion(
1620           original_destination_connection_id, transport_version())) {
1621     set_detailed_error(
1622         "Received Original Destination ConnectionId with invalid length.");
1623     return false;
1624   }
1625 
1626   absl::string_view retry_token = reader->ReadRemainingPayload();
1627   visitor_->OnRetryPacket(original_destination_connection_id,
1628                           header.source_connection_id, retry_token,
1629                           /*retry_integrity_tag=*/absl::string_view(),
1630                           /*retry_without_tag=*/absl::string_view());
1631   return true;
1632 }
1633 
1634 // Seeks the current packet to check for a coalesced packet at the end.
1635 // If the IETF length field only spans part of the outer packet,
1636 // then there is a coalesced packet after this one.
MaybeProcessCoalescedPacket(const QuicDataReader & encrypted_reader,uint64_t remaining_bytes_length,const QuicPacketHeader & header)1637 void QuicFramer::MaybeProcessCoalescedPacket(
1638     const QuicDataReader& encrypted_reader, uint64_t remaining_bytes_length,
1639     const QuicPacketHeader& header) {
1640   if (header.remaining_packet_length >= remaining_bytes_length) {
1641     // There is no coalesced packet.
1642     return;
1643   }
1644 
1645   absl::string_view remaining_data = encrypted_reader.PeekRemainingPayload();
1646   QUICHE_DCHECK_EQ(remaining_data.length(), remaining_bytes_length);
1647 
1648   const char* coalesced_data =
1649       remaining_data.data() + header.remaining_packet_length;
1650   uint64_t coalesced_data_length =
1651       remaining_bytes_length - header.remaining_packet_length;
1652   QuicDataReader coalesced_reader(coalesced_data, coalesced_data_length);
1653 
1654   QuicPacketHeader coalesced_header;
1655   if (!ProcessIetfPacketHeader(&coalesced_reader, &coalesced_header)) {
1656     // Some implementations pad their INITIAL packets by sending random invalid
1657     // data after the INITIAL, and that is allowed by the specification. If we
1658     // fail to parse a subsequent coalesced packet, simply ignore it.
1659     QUIC_DLOG(INFO) << ENDPOINT
1660                     << "Failed to parse received coalesced header of length "
1661                     << coalesced_data_length
1662                     << " with error: " << detailed_error_ << ": "
1663                     << absl::BytesToHexString(absl::string_view(
1664                            coalesced_data, coalesced_data_length))
1665                     << " previous header was " << header;
1666     return;
1667   }
1668 
1669   if (coalesced_header.destination_connection_id !=
1670       header.destination_connection_id) {
1671     // Drop coalesced packets with mismatched connection IDs.
1672     QUIC_DLOG(INFO) << ENDPOINT << "Received mismatched coalesced header "
1673                     << coalesced_header << " previous header was " << header;
1674     QUIC_CODE_COUNT(
1675         quic_received_coalesced_packets_with_mismatched_connection_id);
1676     return;
1677   }
1678 
1679   QuicEncryptedPacket coalesced_packet(coalesced_data, coalesced_data_length,
1680                                        /*owns_buffer=*/false);
1681   visitor_->OnCoalescedPacket(coalesced_packet);
1682 }
1683 
MaybeProcessIetfLength(QuicDataReader * encrypted_reader,QuicPacketHeader * header)1684 bool QuicFramer::MaybeProcessIetfLength(QuicDataReader* encrypted_reader,
1685                                         QuicPacketHeader* header) {
1686   if (!QuicVersionHasLongHeaderLengths(header->version.transport_version) ||
1687       header->form != IETF_QUIC_LONG_HEADER_PACKET ||
1688       (header->long_packet_type != INITIAL &&
1689        header->long_packet_type != HANDSHAKE &&
1690        header->long_packet_type != ZERO_RTT_PROTECTED)) {
1691     return true;
1692   }
1693   header->length_length = encrypted_reader->PeekVarInt62Length();
1694   if (!encrypted_reader->ReadVarInt62(&header->remaining_packet_length)) {
1695     set_detailed_error("Unable to read long header payload length.");
1696     return RaiseError(QUIC_INVALID_PACKET_HEADER);
1697   }
1698   uint64_t remaining_bytes_length = encrypted_reader->BytesRemaining();
1699   if (header->remaining_packet_length > remaining_bytes_length) {
1700     set_detailed_error("Long header payload length longer than packet.");
1701     return RaiseError(QUIC_INVALID_PACKET_HEADER);
1702   }
1703 
1704   MaybeProcessCoalescedPacket(*encrypted_reader, remaining_bytes_length,
1705                               *header);
1706 
1707   if (!encrypted_reader->TruncateRemaining(header->remaining_packet_length)) {
1708     set_detailed_error("Length TruncateRemaining failed.");
1709     QUIC_BUG(quic_bug_10850_54) << "Length TruncateRemaining failed.";
1710     return RaiseError(QUIC_INVALID_PACKET_HEADER);
1711   }
1712   return true;
1713 }
1714 
ProcessIetfDataPacket(QuicDataReader * encrypted_reader,QuicPacketHeader * header,const QuicEncryptedPacket & packet,char * decrypted_buffer,size_t buffer_length)1715 bool QuicFramer::ProcessIetfDataPacket(QuicDataReader* encrypted_reader,
1716                                        QuicPacketHeader* header,
1717                                        const QuicEncryptedPacket& packet,
1718                                        char* decrypted_buffer,
1719                                        size_t buffer_length) {
1720   QUICHE_DCHECK_NE(GOOGLE_QUIC_PACKET, header->form);
1721   QUICHE_DCHECK(!header->has_possible_stateless_reset_token);
1722   header->length_length = quiche::VARIABLE_LENGTH_INTEGER_LENGTH_0;
1723   header->remaining_packet_length = 0;
1724   if (header->form == IETF_QUIC_SHORT_HEADER_PACKET &&
1725       perspective_ == Perspective::IS_CLIENT) {
1726     // Peek possible stateless reset token. Will only be used on decryption
1727     // failure.
1728     absl::string_view remaining = encrypted_reader->PeekRemainingPayload();
1729     if (remaining.length() >= sizeof(header->possible_stateless_reset_token)) {
1730       header->has_possible_stateless_reset_token = true;
1731       memcpy(&header->possible_stateless_reset_token,
1732              &remaining.data()[remaining.length() -
1733                                sizeof(header->possible_stateless_reset_token)],
1734              sizeof(header->possible_stateless_reset_token));
1735     }
1736   }
1737 
1738   if (!MaybeProcessIetfLength(encrypted_reader, header)) {
1739     return false;
1740   }
1741 
1742   absl::string_view associated_data;
1743   AssociatedDataStorage ad_storage;
1744   QuicPacketNumber base_packet_number;
1745   if (header->form == IETF_QUIC_SHORT_HEADER_PACKET ||
1746       header->long_packet_type != VERSION_NEGOTIATION) {
1747     QUICHE_DCHECK(header->form == IETF_QUIC_SHORT_HEADER_PACKET ||
1748                   header->long_packet_type == INITIAL ||
1749                   header->long_packet_type == HANDSHAKE ||
1750                   header->long_packet_type == ZERO_RTT_PROTECTED);
1751     // Process packet number.
1752     if (supports_multiple_packet_number_spaces_) {
1753       PacketNumberSpace pn_space = GetPacketNumberSpace(*header);
1754       if (pn_space == NUM_PACKET_NUMBER_SPACES) {
1755         return RaiseError(QUIC_INVALID_PACKET_HEADER);
1756       }
1757       base_packet_number = largest_decrypted_packet_numbers_[pn_space];
1758     } else {
1759       base_packet_number = largest_packet_number_;
1760     }
1761     uint64_t full_packet_number;
1762     bool hp_removal_failed = false;
1763     if (version_.HasHeaderProtection()) {
1764       if (!RemoveHeaderProtection(encrypted_reader, packet, header,
1765                                   &full_packet_number, ad_storage)) {
1766         hp_removal_failed = true;
1767       }
1768       associated_data = absl::string_view(ad_storage.data(), ad_storage.size());
1769     } else if (!ProcessAndCalculatePacketNumber(
1770                    encrypted_reader, header->packet_number_length,
1771                    base_packet_number, &full_packet_number)) {
1772       set_detailed_error("Unable to read packet number.");
1773       RecordDroppedPacketReason(DroppedPacketReason::INVALID_PACKET_NUMBER);
1774       return RaiseError(QUIC_INVALID_PACKET_HEADER);
1775     }
1776 
1777     if (hp_removal_failed ||
1778         !IsValidFullPacketNumber(full_packet_number, version())) {
1779       if (IsIetfStatelessResetPacket(*header)) {
1780         // This is a stateless reset packet.
1781         QuicIetfStatelessResetPacket reset_packet(
1782             *header, header->possible_stateless_reset_token);
1783         visitor_->OnAuthenticatedIetfStatelessResetPacket(reset_packet);
1784         return true;
1785       }
1786       if (hp_removal_failed) {
1787         const EncryptionLevel decryption_level = GetEncryptionLevel(*header);
1788         const bool has_decryption_key = decrypter_[decryption_level] != nullptr;
1789         visitor_->OnUndecryptablePacket(
1790             QuicEncryptedPacket(encrypted_reader->FullPayload()),
1791             decryption_level, has_decryption_key);
1792         RecordDroppedPacketReason(DroppedPacketReason::DECRYPTION_FAILURE);
1793         set_detailed_error(absl::StrCat(
1794             "Unable to decrypt ", EncryptionLevelToString(decryption_level),
1795             " header protection", has_decryption_key ? "" : " (missing key)",
1796             "."));
1797         return RaiseError(QUIC_DECRYPTION_FAILURE);
1798       }
1799       RecordDroppedPacketReason(DroppedPacketReason::INVALID_PACKET_NUMBER);
1800       set_detailed_error("packet numbers cannot be 0.");
1801       return RaiseError(QUIC_INVALID_PACKET_HEADER);
1802     }
1803     header->packet_number = QuicPacketNumber(full_packet_number);
1804   }
1805 
1806   // A nonce should only present in SHLO from the server to the client when
1807   // using QUIC crypto.
1808   if (header->form == IETF_QUIC_LONG_HEADER_PACKET &&
1809       header->long_packet_type == ZERO_RTT_PROTECTED &&
1810       perspective_ == Perspective::IS_CLIENT &&
1811       version_.handshake_protocol == PROTOCOL_QUIC_CRYPTO) {
1812     if (!encrypted_reader->ReadBytes(
1813             reinterpret_cast<uint8_t*>(last_nonce_.data()),
1814             last_nonce_.size())) {
1815       set_detailed_error("Unable to read nonce.");
1816       RecordDroppedPacketReason(
1817           DroppedPacketReason::INVALID_DIVERSIFICATION_NONCE);
1818       return RaiseError(QUIC_INVALID_PACKET_HEADER);
1819     }
1820 
1821     header->nonce = &last_nonce_;
1822   } else {
1823     header->nonce = nullptr;
1824   }
1825 
1826   if (!visitor_->OnUnauthenticatedHeader(*header)) {
1827     set_detailed_error(
1828         "Visitor asked to stop processing of unauthenticated header.");
1829     return false;
1830   }
1831 
1832   absl::string_view encrypted = encrypted_reader->ReadRemainingPayload();
1833   if (!version_.HasHeaderProtection()) {
1834     associated_data = GetAssociatedDataFromEncryptedPacket(
1835         version_.transport_version, packet,
1836         GetIncludedDestinationConnectionIdLength(*header),
1837         GetIncludedSourceConnectionIdLength(*header), header->version_flag,
1838         header->nonce != nullptr, header->packet_number_length,
1839         header->retry_token_length_length, header->retry_token.length(),
1840         header->length_length);
1841   }
1842 
1843   size_t decrypted_length = 0;
1844   EncryptionLevel decrypted_level;
1845   if (!DecryptPayload(packet.length(), encrypted, associated_data, *header,
1846                       decrypted_buffer, buffer_length, &decrypted_length,
1847                       &decrypted_level)) {
1848     if (IsIetfStatelessResetPacket(*header)) {
1849       // This is a stateless reset packet.
1850       QuicIetfStatelessResetPacket reset_packet(
1851           *header, header->possible_stateless_reset_token);
1852       visitor_->OnAuthenticatedIetfStatelessResetPacket(reset_packet);
1853       return true;
1854     }
1855     const EncryptionLevel decryption_level = GetEncryptionLevel(*header);
1856     const bool has_decryption_key = version_.KnowsWhichDecrypterToUse() &&
1857                                     decrypter_[decryption_level] != nullptr;
1858     visitor_->OnUndecryptablePacket(
1859         QuicEncryptedPacket(encrypted_reader->FullPayload()), decryption_level,
1860         has_decryption_key);
1861     set_detailed_error(absl::StrCat(
1862         "Unable to decrypt ", EncryptionLevelToString(decryption_level),
1863         " payload with reconstructed packet number ",
1864         header->packet_number.ToString(), " (largest decrypted was ",
1865         base_packet_number.ToString(), ")",
1866         has_decryption_key || !version_.KnowsWhichDecrypterToUse()
1867             ? ""
1868             : " (missing key)",
1869         "."));
1870     RecordDroppedPacketReason(DroppedPacketReason::DECRYPTION_FAILURE);
1871     return RaiseError(QUIC_DECRYPTION_FAILURE);
1872   }
1873   QuicDataReader reader(decrypted_buffer, decrypted_length);
1874 
1875   // Remember decrypted_payload in the current connection context until the end
1876   // of this function.
1877   auto* connection_context = QuicConnectionContext::Current();
1878   if (connection_context != nullptr) {
1879     connection_context->process_packet_context.decrypted_payload =
1880         reader.FullPayload();
1881     connection_context->process_packet_context.current_frame_offset = 0;
1882   }
1883   auto clear_decrypted_payload = absl::MakeCleanup([&]() {
1884     if (connection_context != nullptr) {
1885       connection_context->process_packet_context.decrypted_payload =
1886           absl::string_view();
1887     }
1888   });
1889 
1890   // Update the largest packet number after we have decrypted the packet
1891   // so we are confident is not attacker controlled.
1892   if (supports_multiple_packet_number_spaces_) {
1893     largest_decrypted_packet_numbers_[QuicUtils::GetPacketNumberSpace(
1894                                           decrypted_level)]
1895         .UpdateMax(header->packet_number);
1896   } else {
1897     largest_packet_number_.UpdateMax(header->packet_number);
1898   }
1899 
1900   if (!visitor_->OnPacketHeader(*header)) {
1901     RecordDroppedPacketReason(DroppedPacketReason::INVALID_PACKET_NUMBER);
1902     // The visitor suppresses further processing of the packet.
1903     return true;
1904   }
1905 
1906   if (packet.length() > kMaxIncomingPacketSize) {
1907     set_detailed_error("Packet too large.");
1908     return RaiseError(QUIC_PACKET_TOO_LARGE);
1909   }
1910 
1911   // Handle the payload.
1912   if (VersionHasIetfQuicFrames(version_.transport_version)) {
1913     current_received_frame_type_ = 0;
1914     previously_received_frame_type_ = 0;
1915     if (!ProcessIetfFrameData(&reader, *header, decrypted_level)) {
1916       current_received_frame_type_ = 0;
1917       previously_received_frame_type_ = 0;
1918       QUICHE_DCHECK_NE(QUIC_NO_ERROR,
1919                        error_);  // ProcessIetfFrameData sets the error.
1920       QUICHE_DCHECK_NE("", detailed_error_);
1921       QUIC_DLOG(WARNING) << ENDPOINT << "Unable to process frame data. Error: "
1922                          << detailed_error_;
1923       return false;
1924     }
1925     current_received_frame_type_ = 0;
1926     previously_received_frame_type_ = 0;
1927   } else {
1928     if (!ProcessFrameData(&reader, *header)) {
1929       QUICHE_DCHECK_NE(QUIC_NO_ERROR,
1930                        error_);  // ProcessFrameData sets the error.
1931       QUICHE_DCHECK_NE("", detailed_error_);
1932       QUIC_DLOG(WARNING) << ENDPOINT << "Unable to process frame data. Error: "
1933                          << detailed_error_;
1934       return false;
1935     }
1936   }
1937 
1938   visitor_->OnPacketComplete();
1939   return true;
1940 }
1941 
IsIetfStatelessResetPacket(const QuicPacketHeader & header) const1942 bool QuicFramer::IsIetfStatelessResetPacket(
1943     const QuicPacketHeader& header) const {
1944   QUIC_BUG_IF(quic_bug_12975_3, header.has_possible_stateless_reset_token &&
1945                                     perspective_ != Perspective::IS_CLIENT)
1946       << "has_possible_stateless_reset_token can only be true at client side.";
1947   return header.form == IETF_QUIC_SHORT_HEADER_PACKET &&
1948          header.has_possible_stateless_reset_token &&
1949          visitor_->IsValidStatelessResetToken(
1950              header.possible_stateless_reset_token);
1951 }
1952 
HasEncrypterOfEncryptionLevel(EncryptionLevel level) const1953 bool QuicFramer::HasEncrypterOfEncryptionLevel(EncryptionLevel level) const {
1954   return encrypter_[level] != nullptr;
1955 }
1956 
HasDecrypterOfEncryptionLevel(EncryptionLevel level) const1957 bool QuicFramer::HasDecrypterOfEncryptionLevel(EncryptionLevel level) const {
1958   return decrypter_[level] != nullptr;
1959 }
1960 
HasAnEncrypterForSpace(PacketNumberSpace space) const1961 bool QuicFramer::HasAnEncrypterForSpace(PacketNumberSpace space) const {
1962   switch (space) {
1963     case INITIAL_DATA:
1964       return HasEncrypterOfEncryptionLevel(ENCRYPTION_INITIAL);
1965     case HANDSHAKE_DATA:
1966       return HasEncrypterOfEncryptionLevel(ENCRYPTION_HANDSHAKE);
1967     case APPLICATION_DATA:
1968       return HasEncrypterOfEncryptionLevel(ENCRYPTION_ZERO_RTT) ||
1969              HasEncrypterOfEncryptionLevel(ENCRYPTION_FORWARD_SECURE);
1970     case NUM_PACKET_NUMBER_SPACES:
1971       break;
1972   }
1973   QUIC_BUG(quic_bug_10850_55)
1974       << ENDPOINT
1975       << "Try to send data of space: " << PacketNumberSpaceToString(space);
1976   return false;
1977 }
1978 
GetEncryptionLevelToSendApplicationData() const1979 EncryptionLevel QuicFramer::GetEncryptionLevelToSendApplicationData() const {
1980   if (!HasAnEncrypterForSpace(APPLICATION_DATA)) {
1981     QUIC_BUG(quic_bug_12975_4)
1982         << "Tried to get encryption level to send application data with no "
1983            "encrypter available.";
1984     return NUM_ENCRYPTION_LEVELS;
1985   }
1986   if (HasEncrypterOfEncryptionLevel(ENCRYPTION_FORWARD_SECURE)) {
1987     return ENCRYPTION_FORWARD_SECURE;
1988   }
1989   QUICHE_DCHECK(HasEncrypterOfEncryptionLevel(ENCRYPTION_ZERO_RTT));
1990   return ENCRYPTION_ZERO_RTT;
1991 }
1992 
AppendIetfHeaderTypeByte(const QuicPacketHeader & header,QuicDataWriter * writer)1993 bool QuicFramer::AppendIetfHeaderTypeByte(const QuicPacketHeader& header,
1994                                           QuicDataWriter* writer) {
1995   uint8_t type = 0;
1996   if (header.version_flag) {
1997     type = static_cast<uint8_t>(
1998         FLAGS_LONG_HEADER | FLAGS_FIXED_BIT |
1999         LongHeaderTypeToOnWireValue(header.long_packet_type, version_) |
2000         PacketNumberLengthToOnWireValue(header.packet_number_length));
2001   } else {
2002     type = static_cast<uint8_t>(
2003         FLAGS_FIXED_BIT | (current_key_phase_bit_ ? FLAGS_KEY_PHASE_BIT : 0) |
2004         PacketNumberLengthToOnWireValue(header.packet_number_length));
2005   }
2006   return writer->WriteUInt8(type);
2007 }
2008 
AppendIetfPacketHeader(const QuicPacketHeader & header,QuicDataWriter * writer,size_t * length_field_offset)2009 bool QuicFramer::AppendIetfPacketHeader(const QuicPacketHeader& header,
2010                                         QuicDataWriter* writer,
2011                                         size_t* length_field_offset) {
2012   QUIC_DVLOG(1) << ENDPOINT << "Appending IETF header: " << header;
2013   QuicConnectionId server_connection_id =
2014       GetServerConnectionIdAsSender(header, perspective_);
2015   QUIC_BUG_IF(quic_bug_12975_6, !QuicUtils::IsConnectionIdValidForVersion(
2016                                     server_connection_id, transport_version()))
2017       << "AppendIetfPacketHeader: attempted to use connection ID "
2018       << server_connection_id << " which is invalid with version " << version();
2019   if (!AppendIetfHeaderTypeByte(header, writer)) {
2020     return false;
2021   }
2022 
2023   if (header.version_flag) {
2024     QUICHE_DCHECK_NE(VERSION_NEGOTIATION, header.long_packet_type)
2025         << "QuicFramer::AppendIetfPacketHeader does not support sending "
2026            "version negotiation packets, use "
2027            "QuicFramer::BuildVersionNegotiationPacket instead "
2028         << header;
2029     // Append version for long header.
2030     QuicVersionLabel version_label = CreateQuicVersionLabel(version_);
2031     if (!writer->WriteUInt32(version_label)) {
2032       return false;
2033     }
2034   }
2035 
2036   // Append connection ID.
2037   if (!AppendIetfConnectionIds(
2038           header.version_flag, version_.HasLengthPrefixedConnectionIds(),
2039           header.destination_connection_id_included != CONNECTION_ID_ABSENT
2040               ? header.destination_connection_id
2041               : EmptyQuicConnectionId(),
2042           header.source_connection_id_included != CONNECTION_ID_ABSENT
2043               ? header.source_connection_id
2044               : EmptyQuicConnectionId(),
2045           writer)) {
2046     return false;
2047   }
2048 
2049   last_serialized_server_connection_id_ = server_connection_id;
2050 
2051   // TODO(b/141924462) Remove this QUIC_BUG once we do support sending RETRY.
2052   QUIC_BUG_IF(quic_bug_12975_7,
2053               header.version_flag && header.long_packet_type == RETRY)
2054       << "Sending IETF RETRY packets is not currently supported " << header;
2055 
2056   if (QuicVersionHasLongHeaderLengths(transport_version()) &&
2057       header.version_flag) {
2058     if (header.long_packet_type == INITIAL) {
2059       QUICHE_DCHECK_NE(quiche::VARIABLE_LENGTH_INTEGER_LENGTH_0,
2060                        header.retry_token_length_length)
2061           << ENDPOINT << ParsedQuicVersionToString(version_)
2062           << " bad retry token length length in header: " << header;
2063       // Write retry token length.
2064       if (!writer->WriteVarInt62WithForcedLength(
2065               header.retry_token.length(), header.retry_token_length_length)) {
2066         return false;
2067       }
2068       // Write retry token.
2069       if (!header.retry_token.empty() &&
2070           !writer->WriteStringPiece(header.retry_token)) {
2071         return false;
2072       }
2073     }
2074     if (length_field_offset != nullptr) {
2075       *length_field_offset = writer->length();
2076     }
2077     // Add fake length to reserve two bytes to add length in later.
2078     writer->WriteVarInt62(256);
2079   } else if (length_field_offset != nullptr) {
2080     *length_field_offset = 0;
2081   }
2082 
2083   // Append packet number.
2084   if (!AppendPacketNumber(header.packet_number_length, header.packet_number,
2085                           writer)) {
2086     return false;
2087   }
2088   last_written_packet_number_length_ = header.packet_number_length;
2089 
2090   if (!header.version_flag) {
2091     return true;
2092   }
2093 
2094   if (header.nonce != nullptr) {
2095     QUICHE_DCHECK(header.version_flag);
2096     QUICHE_DCHECK_EQ(ZERO_RTT_PROTECTED, header.long_packet_type);
2097     QUICHE_DCHECK_EQ(Perspective::IS_SERVER, perspective_);
2098     if (!writer->WriteBytes(header.nonce, kDiversificationNonceSize)) {
2099       return false;
2100     }
2101   }
2102 
2103   return true;
2104 }
2105 
CalculateTimestampFromWire(uint32_t time_delta_us)2106 const QuicTime::Delta QuicFramer::CalculateTimestampFromWire(
2107     uint32_t time_delta_us) {
2108   // The new time_delta might have wrapped to the next epoch, or it
2109   // might have reverse wrapped to the previous epoch, or it might
2110   // remain in the same epoch. Select the time closest to the previous
2111   // time.
2112   //
2113   // epoch_delta is the delta between epochs. A delta is 4 bytes of
2114   // microseconds.
2115   const uint64_t epoch_delta = UINT64_C(1) << 32;
2116   uint64_t epoch = last_timestamp_.ToMicroseconds() & ~(epoch_delta - 1);
2117   // Wrapping is safe here because a wrapped value will not be ClosestTo below.
2118   uint64_t prev_epoch = epoch - epoch_delta;
2119   uint64_t next_epoch = epoch + epoch_delta;
2120 
2121   uint64_t time = ClosestTo(
2122       last_timestamp_.ToMicroseconds(), epoch + time_delta_us,
2123       ClosestTo(last_timestamp_.ToMicroseconds(), prev_epoch + time_delta_us,
2124                 next_epoch + time_delta_us));
2125 
2126   return QuicTime::Delta::FromMicroseconds(time);
2127 }
2128 
CalculatePacketNumberFromWire(QuicPacketNumberLength packet_number_length,QuicPacketNumber base_packet_number,uint64_t packet_number) const2129 uint64_t QuicFramer::CalculatePacketNumberFromWire(
2130     QuicPacketNumberLength packet_number_length,
2131     QuicPacketNumber base_packet_number, uint64_t packet_number) const {
2132   // The new packet number might have wrapped to the next epoch, or
2133   // it might have reverse wrapped to the previous epoch, or it might
2134   // remain in the same epoch.  Select the packet number closest to the
2135   // next expected packet number, the previous packet number plus 1.
2136 
2137   // epoch_delta is the delta between epochs the packet number was serialized
2138   // with, so the correct value is likely the same epoch as the last sequence
2139   // number or an adjacent epoch.
2140   if (!base_packet_number.IsInitialized()) {
2141     return packet_number;
2142   }
2143   const uint64_t epoch_delta = UINT64_C(1) << (8 * packet_number_length);
2144   uint64_t next_packet_number = base_packet_number.ToUint64() + 1;
2145   uint64_t epoch = base_packet_number.ToUint64() & ~(epoch_delta - 1);
2146   uint64_t prev_epoch = epoch - epoch_delta;
2147   uint64_t next_epoch = epoch + epoch_delta;
2148 
2149   return ClosestTo(next_packet_number, epoch + packet_number,
2150                    ClosestTo(next_packet_number, prev_epoch + packet_number,
2151                              next_epoch + packet_number));
2152 }
2153 
2154 // static
GetMinPacketNumberLength(QuicPacketNumber packet_number)2155 QuicPacketNumberLength QuicFramer::GetMinPacketNumberLength(
2156     QuicPacketNumber packet_number) {
2157   QUICHE_DCHECK(packet_number.IsInitialized());
2158   if (packet_number < QuicPacketNumber(1 << (PACKET_1BYTE_PACKET_NUMBER * 8))) {
2159     return PACKET_1BYTE_PACKET_NUMBER;
2160   } else if (packet_number <
2161              QuicPacketNumber(1 << (PACKET_2BYTE_PACKET_NUMBER * 8))) {
2162     return PACKET_2BYTE_PACKET_NUMBER;
2163   } else if (packet_number <
2164              QuicPacketNumber(UINT64_C(1)
2165                               << (PACKET_4BYTE_PACKET_NUMBER * 8))) {
2166     return PACKET_4BYTE_PACKET_NUMBER;
2167   } else {
2168     return PACKET_6BYTE_PACKET_NUMBER;
2169   }
2170 }
2171 
2172 // static
GetPacketNumberFlags(QuicPacketNumberLength packet_number_length)2173 uint8_t QuicFramer::GetPacketNumberFlags(
2174     QuicPacketNumberLength packet_number_length) {
2175   switch (packet_number_length) {
2176     case PACKET_1BYTE_PACKET_NUMBER:
2177       return PACKET_FLAGS_1BYTE_PACKET;
2178     case PACKET_2BYTE_PACKET_NUMBER:
2179       return PACKET_FLAGS_2BYTE_PACKET;
2180     case PACKET_4BYTE_PACKET_NUMBER:
2181       return PACKET_FLAGS_4BYTE_PACKET;
2182     case PACKET_6BYTE_PACKET_NUMBER:
2183     case PACKET_8BYTE_PACKET_NUMBER:
2184       return PACKET_FLAGS_8BYTE_PACKET;
2185     default:
2186       QUIC_BUG(quic_bug_10850_56) << "Unreachable case statement.";
2187       return PACKET_FLAGS_8BYTE_PACKET;
2188   }
2189 }
2190 
2191 // static
GetAckFrameInfo(const QuicAckFrame & frame)2192 QuicFramer::AckFrameInfo QuicFramer::GetAckFrameInfo(
2193     const QuicAckFrame& frame) {
2194   AckFrameInfo new_ack_info;
2195   if (frame.packets.Empty()) {
2196     return new_ack_info;
2197   }
2198   // The first block is the last interval. It isn't encoded with the gap-length
2199   // encoding, so skip it.
2200   new_ack_info.first_block_length = frame.packets.LastIntervalLength();
2201   auto itr = frame.packets.rbegin();
2202   QuicPacketNumber previous_start = itr->min();
2203   new_ack_info.max_block_length = itr->Length();
2204   ++itr;
2205 
2206   // Don't do any more work after getting information for 256 ACK blocks; any
2207   // more can't be encoded anyway.
2208   for (; itr != frame.packets.rend() &&
2209          new_ack_info.num_ack_blocks < std::numeric_limits<uint8_t>::max();
2210        previous_start = itr->min(), ++itr) {
2211     const auto& interval = *itr;
2212     const QuicPacketCount total_gap = previous_start - interval.max();
2213     new_ack_info.num_ack_blocks +=
2214         (total_gap + std::numeric_limits<uint8_t>::max() - 1) /
2215         std::numeric_limits<uint8_t>::max();
2216     new_ack_info.max_block_length =
2217         std::max(new_ack_info.max_block_length, interval.Length());
2218   }
2219   return new_ack_info;
2220 }
2221 
ProcessIetfHeaderTypeByte(QuicDataReader * reader,QuicPacketHeader * header)2222 bool QuicFramer::ProcessIetfHeaderTypeByte(QuicDataReader* reader,
2223                                            QuicPacketHeader* header) {
2224   uint8_t type;
2225   if (!reader->ReadBytes(&type, 1)) {
2226     set_detailed_error("Unable to read first byte.");
2227     return false;
2228   }
2229   header->type_byte = type;
2230   // Determine whether this is a long or short header.
2231   header->form = GetIetfPacketHeaderFormat(type);
2232   if (header->form == IETF_QUIC_LONG_HEADER_PACKET) {
2233     // Version is always present in long headers.
2234     header->version_flag = true;
2235     // In versions that do not support client connection IDs, we mark the
2236     // corresponding connection ID as absent.
2237     header->destination_connection_id_included =
2238         (perspective_ == Perspective::IS_SERVER ||
2239          version_.SupportsClientConnectionIds())
2240             ? CONNECTION_ID_PRESENT
2241             : CONNECTION_ID_ABSENT;
2242     header->source_connection_id_included =
2243         (perspective_ == Perspective::IS_CLIENT ||
2244          version_.SupportsClientConnectionIds())
2245             ? CONNECTION_ID_PRESENT
2246             : CONNECTION_ID_ABSENT;
2247     // Read version tag.
2248     QuicVersionLabel version_label;
2249     if (!ProcessVersionLabel(reader, &version_label)) {
2250       set_detailed_error("Unable to read protocol version.");
2251       return false;
2252     }
2253     if (!version_label) {
2254       // Version label is 0 indicating this is a version negotiation packet.
2255       header->long_packet_type = VERSION_NEGOTIATION;
2256     } else {
2257       header->version = ParseQuicVersionLabel(version_label);
2258       if (header->version.IsKnown()) {
2259         if (!(type & FLAGS_FIXED_BIT)) {
2260           set_detailed_error("Fixed bit is 0 in long header.");
2261           return false;
2262         }
2263         header->long_packet_type = GetLongHeaderType(type, header->version);
2264         switch (header->long_packet_type) {
2265           case INVALID_PACKET_TYPE:
2266             set_detailed_error("Illegal long header type value.");
2267             return false;
2268           case RETRY:
2269             if (!version().SupportsRetry()) {
2270               set_detailed_error("RETRY not supported in this version.");
2271               return false;
2272             }
2273             if (perspective_ == Perspective::IS_SERVER) {
2274               set_detailed_error("Client-initiated RETRY is invalid.");
2275               return false;
2276             }
2277             break;
2278           default:
2279             if (!header->version.HasHeaderProtection()) {
2280               header->packet_number_length =
2281                   GetLongHeaderPacketNumberLength(type);
2282             }
2283             break;
2284         }
2285       }
2286     }
2287 
2288     QUIC_DVLOG(1) << ENDPOINT << "Received IETF long header: "
2289                   << QuicUtils::QuicLongHeaderTypetoString(
2290                          header->long_packet_type);
2291     return true;
2292   }
2293 
2294   QUIC_DVLOG(1) << ENDPOINT << "Received IETF short header";
2295   // Version is not present in short headers.
2296   header->version_flag = false;
2297   // In versions that do not support client connection IDs, the client will not
2298   // receive destination connection IDs.
2299   header->destination_connection_id_included =
2300       (perspective_ == Perspective::IS_SERVER ||
2301        version_.SupportsClientConnectionIds())
2302           ? CONNECTION_ID_PRESENT
2303           : CONNECTION_ID_ABSENT;
2304   header->source_connection_id_included = CONNECTION_ID_ABSENT;
2305   if (!(type & FLAGS_FIXED_BIT)) {
2306     set_detailed_error("Fixed bit is 0 in short header.");
2307     return false;
2308   }
2309   if (!version_.HasHeaderProtection()) {
2310     header->packet_number_length = GetShortHeaderPacketNumberLength(type);
2311   }
2312   QUIC_DVLOG(1) << "packet_number_length = " << header->packet_number_length;
2313   return true;
2314 }
2315 
2316 // static
ProcessVersionLabel(QuicDataReader * reader,QuicVersionLabel * version_label)2317 bool QuicFramer::ProcessVersionLabel(QuicDataReader* reader,
2318                                      QuicVersionLabel* version_label) {
2319   if (!reader->ReadUInt32(version_label)) {
2320     return false;
2321   }
2322   return true;
2323 }
2324 
2325 // static
ProcessAndValidateIetfConnectionIdLength(QuicDataReader * reader,ParsedQuicVersion version,Perspective perspective,bool should_update_expected_server_connection_id_length,uint8_t * expected_server_connection_id_length,uint8_t * destination_connection_id_length,uint8_t * source_connection_id_length,std::string * detailed_error)2326 bool QuicFramer::ProcessAndValidateIetfConnectionIdLength(
2327     QuicDataReader* reader, ParsedQuicVersion version, Perspective perspective,
2328     bool should_update_expected_server_connection_id_length,
2329     uint8_t* expected_server_connection_id_length,
2330     uint8_t* destination_connection_id_length,
2331     uint8_t* source_connection_id_length, std::string* detailed_error) {
2332   uint8_t connection_id_lengths_byte;
2333   if (!reader->ReadBytes(&connection_id_lengths_byte, 1)) {
2334     *detailed_error = "Unable to read ConnectionId length.";
2335     return false;
2336   }
2337   uint8_t dcil =
2338       (connection_id_lengths_byte & kDestinationConnectionIdLengthMask) >> 4;
2339   if (dcil != 0) {
2340     dcil += kConnectionIdLengthAdjustment;
2341   }
2342   uint8_t scil = connection_id_lengths_byte & kSourceConnectionIdLengthMask;
2343   if (scil != 0) {
2344     scil += kConnectionIdLengthAdjustment;
2345   }
2346   if (should_update_expected_server_connection_id_length) {
2347     uint8_t server_connection_id_length =
2348         perspective == Perspective::IS_SERVER ? dcil : scil;
2349     if (*expected_server_connection_id_length != server_connection_id_length) {
2350       QUIC_DVLOG(1) << "Updating expected_server_connection_id_length: "
2351                     << static_cast<int>(*expected_server_connection_id_length)
2352                     << " -> " << static_cast<int>(server_connection_id_length);
2353       *expected_server_connection_id_length = server_connection_id_length;
2354     }
2355   }
2356   if (!should_update_expected_server_connection_id_length &&
2357       (dcil != *destination_connection_id_length ||
2358        scil != *source_connection_id_length) &&
2359       version.IsKnown() && !version.AllowsVariableLengthConnectionIds()) {
2360     QUIC_DVLOG(1) << "dcil: " << static_cast<uint32_t>(dcil)
2361                   << ", scil: " << static_cast<uint32_t>(scil);
2362     *detailed_error = "Invalid ConnectionId length.";
2363     return false;
2364   }
2365   *destination_connection_id_length = dcil;
2366   *source_connection_id_length = scil;
2367   return true;
2368 }
2369 
ValidateReceivedConnectionIds(const QuicPacketHeader & header)2370 bool QuicFramer::ValidateReceivedConnectionIds(const QuicPacketHeader& header) {
2371   bool skip_server_connection_id_validation =
2372       perspective_ == Perspective::IS_CLIENT &&
2373       header.form == IETF_QUIC_SHORT_HEADER_PACKET;
2374   if (!skip_server_connection_id_validation &&
2375       !QuicUtils::IsConnectionIdValidForVersion(
2376           GetServerConnectionIdAsRecipient(header, perspective_),
2377           transport_version())) {
2378     set_detailed_error("Received server connection ID with invalid length.");
2379     return false;
2380   }
2381 
2382   bool skip_client_connection_id_validation =
2383       perspective_ == Perspective::IS_SERVER &&
2384       header.form == IETF_QUIC_SHORT_HEADER_PACKET;
2385   if (!skip_client_connection_id_validation &&
2386       version_.SupportsClientConnectionIds() &&
2387       !QuicUtils::IsConnectionIdValidForVersion(
2388           GetClientConnectionIdAsRecipient(header, perspective_),
2389           transport_version())) {
2390     set_detailed_error("Received client connection ID with invalid length.");
2391     return false;
2392   }
2393   return true;
2394 }
2395 
ProcessIetfPacketHeader(QuicDataReader * reader,QuicPacketHeader * header)2396 bool QuicFramer::ProcessIetfPacketHeader(QuicDataReader* reader,
2397                                          QuicPacketHeader* header) {
2398   if (version_.HasLengthPrefixedConnectionIds()) {
2399     uint8_t expected_destination_connection_id_length =
2400         perspective_ == Perspective::IS_CLIENT
2401             ? expected_client_connection_id_length_
2402             : expected_server_connection_id_length_;
2403     QuicVersionLabel version_label;
2404     bool has_length_prefix;
2405     std::string detailed_error;
2406     QuicErrorCode parse_result = QuicFramer::ParsePublicHeader(
2407         reader, expected_destination_connection_id_length, /*ietf_format=*/true,
2408         &header->type_byte, &header->form, &header->version_flag,
2409         &has_length_prefix, &version_label, &header->version,
2410         &header->destination_connection_id, &header->source_connection_id,
2411         &header->long_packet_type, &header->retry_token_length_length,
2412         &header->retry_token, &detailed_error);
2413     if (parse_result != QUIC_NO_ERROR) {
2414       set_detailed_error(detailed_error);
2415       return false;
2416     }
2417     header->destination_connection_id_included = CONNECTION_ID_PRESENT;
2418     header->source_connection_id_included =
2419         header->version_flag ? CONNECTION_ID_PRESENT : CONNECTION_ID_ABSENT;
2420 
2421     if (!ValidateReceivedConnectionIds(*header)) {
2422       return false;
2423     }
2424 
2425     if (header->version_flag &&
2426         header->long_packet_type != VERSION_NEGOTIATION &&
2427         !(header->type_byte & FLAGS_FIXED_BIT)) {
2428       set_detailed_error("Fixed bit is 0 in long header.");
2429       return false;
2430     }
2431     if (!header->version_flag && !(header->type_byte & FLAGS_FIXED_BIT)) {
2432       set_detailed_error("Fixed bit is 0 in short header.");
2433       return false;
2434     }
2435     if (!header->version_flag) {
2436       if (!version_.HasHeaderProtection()) {
2437         header->packet_number_length =
2438             GetShortHeaderPacketNumberLength(header->type_byte);
2439       }
2440       return true;
2441     }
2442     if (header->long_packet_type == RETRY) {
2443       if (!version().SupportsRetry()) {
2444         set_detailed_error("RETRY not supported in this version.");
2445         return false;
2446       }
2447       if (perspective_ == Perspective::IS_SERVER) {
2448         set_detailed_error("Client-initiated RETRY is invalid.");
2449         return false;
2450       }
2451       return true;
2452     }
2453     if (header->version.IsKnown() && !header->version.HasHeaderProtection()) {
2454       header->packet_number_length =
2455           GetLongHeaderPacketNumberLength(header->type_byte);
2456     }
2457 
2458     return true;
2459   }
2460 
2461   if (!ProcessIetfHeaderTypeByte(reader, header)) {
2462     return false;
2463   }
2464 
2465   uint8_t destination_connection_id_length =
2466       header->destination_connection_id_included == CONNECTION_ID_PRESENT
2467           ? (perspective_ == Perspective::IS_SERVER
2468                  ? expected_server_connection_id_length_
2469                  : expected_client_connection_id_length_)
2470           : 0;
2471   uint8_t source_connection_id_length =
2472       header->source_connection_id_included == CONNECTION_ID_PRESENT
2473           ? (perspective_ == Perspective::IS_CLIENT
2474                  ? expected_server_connection_id_length_
2475                  : expected_client_connection_id_length_)
2476           : 0;
2477   if (header->form == IETF_QUIC_LONG_HEADER_PACKET) {
2478     if (!ProcessAndValidateIetfConnectionIdLength(
2479             reader, header->version, perspective_,
2480             /*should_update_expected_server_connection_id_length=*/false,
2481             &expected_server_connection_id_length_,
2482             &destination_connection_id_length, &source_connection_id_length,
2483             &detailed_error_)) {
2484       return false;
2485     }
2486   }
2487 
2488   // Read connection ID.
2489   if (!reader->ReadConnectionId(&header->destination_connection_id,
2490                                 destination_connection_id_length)) {
2491     set_detailed_error("Unable to read destination connection ID.");
2492     return false;
2493   }
2494 
2495   if (!reader->ReadConnectionId(&header->source_connection_id,
2496                                 source_connection_id_length)) {
2497     set_detailed_error("Unable to read source connection ID.");
2498     return false;
2499   }
2500 
2501   if (header->source_connection_id_included == CONNECTION_ID_ABSENT) {
2502     if (!header->source_connection_id.IsEmpty()) {
2503       QUICHE_DCHECK(!version_.SupportsClientConnectionIds());
2504       set_detailed_error("Client connection ID not supported in this version.");
2505       return false;
2506     }
2507   }
2508 
2509   return ValidateReceivedConnectionIds(*header);
2510 }
2511 
ProcessAndCalculatePacketNumber(QuicDataReader * reader,QuicPacketNumberLength packet_number_length,QuicPacketNumber base_packet_number,uint64_t * packet_number)2512 bool QuicFramer::ProcessAndCalculatePacketNumber(
2513     QuicDataReader* reader, QuicPacketNumberLength packet_number_length,
2514     QuicPacketNumber base_packet_number, uint64_t* packet_number) {
2515   uint64_t wire_packet_number;
2516   if (!reader->ReadBytesToUInt64(packet_number_length, &wire_packet_number)) {
2517     return false;
2518   }
2519 
2520   // TODO(ianswett): Explore the usefulness of trying multiple packet numbers
2521   // in case the first guess is incorrect.
2522   *packet_number = CalculatePacketNumberFromWire(
2523       packet_number_length, base_packet_number, wire_packet_number);
2524   return true;
2525 }
2526 
ProcessFrameData(QuicDataReader * reader,const QuicPacketHeader & header)2527 bool QuicFramer::ProcessFrameData(QuicDataReader* reader,
2528                                   const QuicPacketHeader& header) {
2529   QUICHE_DCHECK(!VersionHasIetfQuicFrames(version_.transport_version))
2530       << "IETF QUIC Framing negotiated but attempting to process frames as "
2531          "non-IETF QUIC.";
2532   if (reader->IsDoneReading()) {
2533     set_detailed_error("Packet has no frames.");
2534     return RaiseError(QUIC_MISSING_PAYLOAD);
2535   }
2536   QUIC_DVLOG(2) << ENDPOINT << "Processing packet with header " << header;
2537   while (!reader->IsDoneReading()) {
2538     uint8_t frame_type;
2539     if (!reader->ReadBytes(&frame_type, 1)) {
2540       set_detailed_error("Unable to read frame type.");
2541       return RaiseError(QUIC_INVALID_FRAME_DATA);
2542     }
2543     if (frame_type & kQuicFrameTypeSpecialMask) {
2544       // Stream Frame
2545       if (frame_type & kQuicFrameTypeStreamMask) {
2546         QuicStreamFrame frame;
2547         if (!ProcessStreamFrame(reader, frame_type, &frame)) {
2548           return RaiseError(QUIC_INVALID_STREAM_DATA);
2549         }
2550         QUIC_DVLOG(2) << ENDPOINT << "Processing stream frame " << frame;
2551         if (!visitor_->OnStreamFrame(frame)) {
2552           QUIC_DVLOG(1) << ENDPOINT
2553                         << "Visitor asked to stop further processing.";
2554           // Returning true since there was no parsing error.
2555           return true;
2556         }
2557         continue;
2558       }
2559 
2560       // Ack Frame
2561       if (frame_type & kQuicFrameTypeAckMask) {
2562         if (!ProcessAckFrame(reader, frame_type)) {
2563           return RaiseError(QUIC_INVALID_ACK_DATA);
2564         }
2565         QUIC_DVLOG(2) << ENDPOINT << "Processing ACK frame";
2566         continue;
2567       }
2568 
2569       // This was a special frame type that did not match any
2570       // of the known ones. Error.
2571       set_detailed_error("Illegal frame type.");
2572       QUIC_DLOG(WARNING) << ENDPOINT << "Illegal frame type: "
2573                          << static_cast<int>(frame_type);
2574       return RaiseError(QUIC_INVALID_FRAME_DATA);
2575     }
2576 
2577     switch (frame_type) {
2578       case PADDING_FRAME: {
2579         QuicPaddingFrame frame;
2580         ProcessPaddingFrame(reader, &frame);
2581         QUIC_DVLOG(2) << ENDPOINT << "Processing padding frame " << frame;
2582         if (!visitor_->OnPaddingFrame(frame)) {
2583           QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
2584           // Returning true since there was no parsing error.
2585           return true;
2586         }
2587         continue;
2588       }
2589 
2590       case RST_STREAM_FRAME: {
2591         QuicRstStreamFrame frame;
2592         if (!ProcessRstStreamFrame(reader, &frame)) {
2593           return RaiseError(QUIC_INVALID_RST_STREAM_DATA);
2594         }
2595         QUIC_DVLOG(2) << ENDPOINT << "Processing reset stream frame " << frame;
2596         if (!visitor_->OnRstStreamFrame(frame)) {
2597           QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
2598           // Returning true since there was no parsing error.
2599           return true;
2600         }
2601         continue;
2602       }
2603 
2604       case CONNECTION_CLOSE_FRAME: {
2605         QuicConnectionCloseFrame frame;
2606         if (!ProcessConnectionCloseFrame(reader, &frame)) {
2607           return RaiseError(QUIC_INVALID_CONNECTION_CLOSE_DATA);
2608         }
2609 
2610         QUIC_DVLOG(2) << ENDPOINT << "Processing connection close frame "
2611                       << frame;
2612         if (!visitor_->OnConnectionCloseFrame(frame)) {
2613           QUIC_DVLOG(1) << ENDPOINT
2614                         << "Visitor asked to stop further processing.";
2615           // Returning true since there was no parsing error.
2616           return true;
2617         }
2618         continue;
2619       }
2620 
2621       case GOAWAY_FRAME: {
2622         QuicGoAwayFrame goaway_frame;
2623         if (!ProcessGoAwayFrame(reader, &goaway_frame)) {
2624           return RaiseError(QUIC_INVALID_GOAWAY_DATA);
2625         }
2626         QUIC_DVLOG(2) << ENDPOINT << "Processing go away frame "
2627                       << goaway_frame;
2628         if (!visitor_->OnGoAwayFrame(goaway_frame)) {
2629           QUIC_DVLOG(1) << ENDPOINT
2630                         << "Visitor asked to stop further processing.";
2631           // Returning true since there was no parsing error.
2632           return true;
2633         }
2634         continue;
2635       }
2636 
2637       case WINDOW_UPDATE_FRAME: {
2638         QuicWindowUpdateFrame window_update_frame;
2639         if (!ProcessWindowUpdateFrame(reader, &window_update_frame)) {
2640           return RaiseError(QUIC_INVALID_WINDOW_UPDATE_DATA);
2641         }
2642         QUIC_DVLOG(2) << ENDPOINT << "Processing window update frame "
2643                       << window_update_frame;
2644         if (!visitor_->OnWindowUpdateFrame(window_update_frame)) {
2645           QUIC_DVLOG(1) << ENDPOINT
2646                         << "Visitor asked to stop further processing.";
2647           // Returning true since there was no parsing error.
2648           return true;
2649         }
2650         continue;
2651       }
2652 
2653       case BLOCKED_FRAME: {
2654         QuicBlockedFrame blocked_frame;
2655         if (!ProcessBlockedFrame(reader, &blocked_frame)) {
2656           return RaiseError(QUIC_INVALID_BLOCKED_DATA);
2657         }
2658         QUIC_DVLOG(2) << ENDPOINT << "Processing blocked frame "
2659                       << blocked_frame;
2660         if (!visitor_->OnBlockedFrame(blocked_frame)) {
2661           QUIC_DVLOG(1) << ENDPOINT
2662                         << "Visitor asked to stop further processing.";
2663           // Returning true since there was no parsing error.
2664           return true;
2665         }
2666         continue;
2667       }
2668 
2669       case STOP_WAITING_FRAME: {
2670         QuicStopWaitingFrame stop_waiting_frame;
2671         if (!ProcessStopWaitingFrame(reader, header, &stop_waiting_frame)) {
2672           return RaiseError(QUIC_INVALID_STOP_WAITING_DATA);
2673         }
2674         QUIC_DVLOG(2) << ENDPOINT << "Processing stop waiting frame "
2675                       << stop_waiting_frame;
2676         if (!visitor_->OnStopWaitingFrame(stop_waiting_frame)) {
2677           QUIC_DVLOG(1) << ENDPOINT
2678                         << "Visitor asked to stop further processing.";
2679           // Returning true since there was no parsing error.
2680           return true;
2681         }
2682         continue;
2683       }
2684       case PING_FRAME: {
2685         // Ping has no payload.
2686         QuicPingFrame ping_frame;
2687         if (!visitor_->OnPingFrame(ping_frame)) {
2688           QUIC_DVLOG(1) << ENDPOINT
2689                         << "Visitor asked to stop further processing.";
2690           // Returning true since there was no parsing error.
2691           return true;
2692         }
2693         QUIC_DVLOG(2) << ENDPOINT << "Processing ping frame " << ping_frame;
2694         continue;
2695       }
2696       case IETF_EXTENSION_MESSAGE_NO_LENGTH:
2697         ABSL_FALLTHROUGH_INTENDED;
2698       case IETF_EXTENSION_MESSAGE: {
2699         QUIC_CODE_COUNT(quic_legacy_message_frame_codepoint_read);
2700         QuicMessageFrame message_frame;
2701         if (!ProcessMessageFrame(reader,
2702                                  frame_type == IETF_EXTENSION_MESSAGE_NO_LENGTH,
2703                                  &message_frame)) {
2704           return RaiseError(QUIC_INVALID_MESSAGE_DATA);
2705         }
2706         QUIC_DVLOG(2) << ENDPOINT << "Processing message frame "
2707                       << message_frame;
2708         if (!visitor_->OnMessageFrame(message_frame)) {
2709           QUIC_DVLOG(1) << ENDPOINT
2710                         << "Visitor asked to stop further processing.";
2711           // Returning true since there was no parsing error.
2712           return true;
2713         }
2714         break;
2715       }
2716       case CRYPTO_FRAME: {
2717         if (!QuicVersionUsesCryptoFrames(version_.transport_version)) {
2718           set_detailed_error("Illegal frame type.");
2719           return RaiseError(QUIC_INVALID_FRAME_DATA);
2720         }
2721         QuicCryptoFrame frame;
2722         if (!ProcessCryptoFrame(reader, GetEncryptionLevel(header), &frame)) {
2723           return RaiseError(QUIC_INVALID_FRAME_DATA);
2724         }
2725         QUIC_DVLOG(2) << ENDPOINT << "Processing crypto frame " << frame;
2726         if (!visitor_->OnCryptoFrame(frame)) {
2727           QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
2728           // Returning true since there was no parsing error.
2729           return true;
2730         }
2731         break;
2732       }
2733       case HANDSHAKE_DONE_FRAME: {
2734         // HANDSHAKE_DONE has no payload.
2735         QuicHandshakeDoneFrame handshake_done_frame;
2736         QUIC_DVLOG(2) << ENDPOINT << "Processing handshake done frame "
2737                       << handshake_done_frame;
2738         if (!visitor_->OnHandshakeDoneFrame(handshake_done_frame)) {
2739           QUIC_DVLOG(1) << ENDPOINT
2740                         << "Visitor asked to stop further processing.";
2741           // Returning true since there was no parsing error.
2742           return true;
2743         }
2744         break;
2745       }
2746 
2747       default:
2748         set_detailed_error("Illegal frame type.");
2749         QUIC_DLOG(WARNING) << ENDPOINT << "Illegal frame type: "
2750                            << static_cast<int>(frame_type);
2751         return RaiseError(QUIC_INVALID_FRAME_DATA);
2752     }
2753   }
2754 
2755   return true;
2756 }
2757 
2758 // static
IsIetfFrameTypeExpectedForEncryptionLevel(uint64_t frame_type,EncryptionLevel level)2759 bool QuicFramer::IsIetfFrameTypeExpectedForEncryptionLevel(
2760     uint64_t frame_type, EncryptionLevel level) {
2761   // IETF_CRYPTO is allowed for any level here and is separately checked in
2762   // QuicCryptoStream::OnCryptoFrame.
2763   switch (level) {
2764     case ENCRYPTION_INITIAL:
2765     case ENCRYPTION_HANDSHAKE:
2766       return frame_type == IETF_CRYPTO || frame_type == IETF_ACK ||
2767              frame_type == IETF_ACK_ECN ||
2768              frame_type == IETF_ACK_RECEIVE_TIMESTAMPS ||
2769              frame_type == IETF_PING || frame_type == IETF_PADDING ||
2770              frame_type == IETF_CONNECTION_CLOSE;
2771     case ENCRYPTION_ZERO_RTT:
2772       return !(frame_type == IETF_ACK || frame_type == IETF_ACK_ECN ||
2773                frame_type == IETF_ACK_RECEIVE_TIMESTAMPS ||
2774                frame_type == IETF_HANDSHAKE_DONE ||
2775                frame_type == IETF_NEW_TOKEN ||
2776                frame_type == IETF_PATH_RESPONSE ||
2777                frame_type == IETF_RETIRE_CONNECTION_ID);
2778     case ENCRYPTION_FORWARD_SECURE:
2779       return true;
2780     default:
2781       QUIC_BUG(quic_bug_10850_57) << "Unknown encryption level: " << level;
2782   }
2783   return false;
2784 }
2785 
ProcessIetfFrameData(QuicDataReader * reader,const QuicPacketHeader & header,EncryptionLevel decrypted_level)2786 bool QuicFramer::ProcessIetfFrameData(QuicDataReader* reader,
2787                                       const QuicPacketHeader& header,
2788                                       EncryptionLevel decrypted_level) {
2789   QUICHE_DCHECK(VersionHasIetfQuicFrames(version_.transport_version))
2790       << "Attempt to process frames as IETF frames but version ("
2791       << version_.transport_version << ") does not support IETF Framing.";
2792 
2793   if (reader->IsDoneReading()) {
2794     set_detailed_error("Packet has no frames.");
2795     return RaiseError(QUIC_MISSING_PAYLOAD);
2796   }
2797 
2798   QUIC_DVLOG(2) << ENDPOINT << "Processing IETF packet with header " << header;
2799   auto* connection_context = QuicConnectionContext::Current();
2800   while (!reader->IsDoneReading()) {
2801     if (connection_context != nullptr) {
2802       connection_context->process_packet_context.current_frame_offset =
2803           connection_context->process_packet_context.decrypted_payload.size() -
2804           reader->BytesRemaining();
2805     }
2806     uint64_t frame_type;
2807     // Will be the number of bytes into which frame_type was encoded.
2808     size_t encoded_bytes = reader->BytesRemaining();
2809     if (!reader->ReadVarInt62(&frame_type)) {
2810       set_detailed_error("Unable to read frame type.");
2811       return RaiseError(QUIC_INVALID_FRAME_DATA);
2812     }
2813     if (!IsIetfFrameTypeExpectedForEncryptionLevel(frame_type,
2814                                                    decrypted_level)) {
2815       set_detailed_error(absl::StrCat(
2816           "IETF frame type ",
2817           QuicIetfFrameTypeString(static_cast<QuicIetfFrameType>(frame_type)),
2818           " is unexpected at encryption level ",
2819           EncryptionLevelToString(decrypted_level)));
2820       return RaiseError(IETF_QUIC_PROTOCOL_VIOLATION);
2821     }
2822     previously_received_frame_type_ = current_received_frame_type_;
2823     current_received_frame_type_ = frame_type;
2824 
2825     // Is now the number of bytes into which the frame type was encoded.
2826     encoded_bytes -= reader->BytesRemaining();
2827 
2828     // Check that the frame type is minimally encoded.
2829     if (encoded_bytes !=
2830         static_cast<size_t>(QuicDataWriter::GetVarInt62Len(frame_type))) {
2831       // The frame type was not minimally encoded.
2832       set_detailed_error("Frame type not minimally encoded.");
2833       return RaiseError(IETF_QUIC_PROTOCOL_VIOLATION);
2834     }
2835 
2836     if (IS_IETF_STREAM_FRAME(frame_type)) {
2837       QuicStreamFrame frame;
2838       if (!ProcessIetfStreamFrame(reader, frame_type, &frame)) {
2839         return RaiseError(QUIC_INVALID_STREAM_DATA);
2840       }
2841       QUIC_DVLOG(2) << ENDPOINT << "Processing IETF stream frame " << frame;
2842       if (!visitor_->OnStreamFrame(frame)) {
2843         QUIC_DVLOG(1) << ENDPOINT
2844                       << "Visitor asked to stop further processing.";
2845         // Returning true since there was no parsing error.
2846         return true;
2847       }
2848     } else {
2849       switch (frame_type) {
2850         case IETF_PADDING: {
2851           QuicPaddingFrame frame;
2852           ProcessPaddingFrame(reader, &frame);
2853           QUIC_DVLOG(2) << ENDPOINT << "Processing IETF padding frame "
2854                         << frame;
2855           if (!visitor_->OnPaddingFrame(frame)) {
2856             QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
2857             // Returning true since there was no parsing error.
2858             return true;
2859           }
2860           break;
2861         }
2862         case IETF_RST_STREAM: {
2863           QuicRstStreamFrame frame;
2864           if (!ProcessIetfResetStreamFrame(reader, &frame)) {
2865             return RaiseError(QUIC_INVALID_RST_STREAM_DATA);
2866           }
2867           QUIC_DVLOG(2) << ENDPOINT << "Processing IETF reset stream frame "
2868                         << frame;
2869           if (!visitor_->OnRstStreamFrame(frame)) {
2870             QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
2871             // Returning true since there was no parsing error.
2872             return true;
2873           }
2874           break;
2875         }
2876         case IETF_APPLICATION_CLOSE:
2877         case IETF_CONNECTION_CLOSE: {
2878           QuicConnectionCloseFrame frame;
2879           if (!ProcessIetfConnectionCloseFrame(
2880                   reader,
2881                   (frame_type == IETF_CONNECTION_CLOSE)
2882                       ? IETF_QUIC_TRANSPORT_CONNECTION_CLOSE
2883                       : IETF_QUIC_APPLICATION_CONNECTION_CLOSE,
2884                   &frame)) {
2885             return RaiseError(QUIC_INVALID_CONNECTION_CLOSE_DATA);
2886           }
2887           QUIC_DVLOG(2) << ENDPOINT << "Processing IETF connection close frame "
2888                         << frame;
2889           if (!visitor_->OnConnectionCloseFrame(frame)) {
2890             QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
2891             // Returning true since there was no parsing error.
2892             return true;
2893           }
2894           break;
2895         }
2896         case IETF_MAX_DATA: {
2897           QuicWindowUpdateFrame frame;
2898           if (!ProcessMaxDataFrame(reader, &frame)) {
2899             return RaiseError(QUIC_INVALID_MAX_DATA_FRAME_DATA);
2900           }
2901           QUIC_DVLOG(2) << ENDPOINT << "Processing IETF max data frame "
2902                         << frame;
2903           if (!visitor_->OnWindowUpdateFrame(frame)) {
2904             QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
2905             // Returning true since there was no parsing error.
2906             return true;
2907           }
2908           break;
2909         }
2910         case IETF_MAX_STREAM_DATA: {
2911           QuicWindowUpdateFrame frame;
2912           if (!ProcessMaxStreamDataFrame(reader, &frame)) {
2913             return RaiseError(QUIC_INVALID_MAX_STREAM_DATA_FRAME_DATA);
2914           }
2915           QUIC_DVLOG(2) << ENDPOINT << "Processing IETF max stream data frame "
2916                         << frame;
2917           if (!visitor_->OnWindowUpdateFrame(frame)) {
2918             QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
2919             // Returning true since there was no parsing error.
2920             return true;
2921           }
2922           break;
2923         }
2924         case IETF_MAX_STREAMS_BIDIRECTIONAL:
2925         case IETF_MAX_STREAMS_UNIDIRECTIONAL: {
2926           QuicMaxStreamsFrame frame;
2927           if (!ProcessMaxStreamsFrame(reader, &frame, frame_type)) {
2928             return RaiseError(QUIC_MAX_STREAMS_DATA);
2929           }
2930           QUIC_CODE_COUNT_N(quic_max_streams_received, 1, 2);
2931           QUIC_DVLOG(2) << ENDPOINT << "Processing IETF max streams frame "
2932                         << frame;
2933           if (!visitor_->OnMaxStreamsFrame(frame)) {
2934             QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
2935             // Returning true since there was no parsing error.
2936             return true;
2937           }
2938           break;
2939         }
2940         case IETF_PING: {
2941           // Ping has no payload.
2942           QuicPingFrame ping_frame;
2943           QUIC_DVLOG(2) << ENDPOINT << "Processing IETF ping frame "
2944                         << ping_frame;
2945           if (!visitor_->OnPingFrame(ping_frame)) {
2946             QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
2947             // Returning true since there was no parsing error.
2948             return true;
2949           }
2950           break;
2951         }
2952         case IETF_DATA_BLOCKED: {
2953           QuicBlockedFrame frame;
2954           if (!ProcessDataBlockedFrame(reader, &frame)) {
2955             return RaiseError(QUIC_INVALID_BLOCKED_DATA);
2956           }
2957           QUIC_DVLOG(2) << ENDPOINT << "Processing IETF blocked frame "
2958                         << frame;
2959           if (!visitor_->OnBlockedFrame(frame)) {
2960             QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
2961             // Returning true since there was no parsing error.
2962             return true;
2963           }
2964           break;
2965         }
2966         case IETF_STREAM_DATA_BLOCKED: {
2967           QuicBlockedFrame frame;
2968           if (!ProcessStreamDataBlockedFrame(reader, &frame)) {
2969             return RaiseError(QUIC_INVALID_STREAM_BLOCKED_DATA);
2970           }
2971           QUIC_DVLOG(2) << ENDPOINT << "Processing IETF stream blocked frame "
2972                         << frame;
2973           if (!visitor_->OnBlockedFrame(frame)) {
2974             QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
2975             // Returning true since there was no parsing error.
2976             return true;
2977           }
2978           break;
2979         }
2980         case IETF_STREAMS_BLOCKED_UNIDIRECTIONAL:
2981         case IETF_STREAMS_BLOCKED_BIDIRECTIONAL: {
2982           QuicStreamsBlockedFrame frame;
2983           if (!ProcessStreamsBlockedFrame(reader, &frame, frame_type)) {
2984             return RaiseError(QUIC_STREAMS_BLOCKED_DATA);
2985           }
2986           QUIC_DVLOG(2) << ENDPOINT << "Processing IETF streams blocked frame "
2987                         << frame;
2988           if (!visitor_->OnStreamsBlockedFrame(frame)) {
2989             QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
2990             // Returning true since there was no parsing error.
2991             return true;
2992           }
2993           break;
2994         }
2995         case IETF_NEW_CONNECTION_ID: {
2996           QuicNewConnectionIdFrame frame;
2997           if (!ProcessNewConnectionIdFrame(reader, &frame)) {
2998             return RaiseError(QUIC_INVALID_NEW_CONNECTION_ID_DATA);
2999           }
3000           QUIC_DVLOG(2) << ENDPOINT
3001                         << "Processing IETF new connection ID frame " << frame;
3002           if (!visitor_->OnNewConnectionIdFrame(frame)) {
3003             QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
3004             // Returning true since there was no parsing error.
3005             return true;
3006           }
3007           break;
3008         }
3009         case IETF_RETIRE_CONNECTION_ID: {
3010           QuicRetireConnectionIdFrame frame;
3011           if (!ProcessRetireConnectionIdFrame(reader, &frame)) {
3012             return RaiseError(QUIC_INVALID_RETIRE_CONNECTION_ID_DATA);
3013           }
3014           QUIC_DVLOG(2) << ENDPOINT
3015                         << "Processing IETF retire connection ID frame "
3016                         << frame;
3017           if (!visitor_->OnRetireConnectionIdFrame(frame)) {
3018             QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
3019             // Returning true since there was no parsing error.
3020             return true;
3021           }
3022           break;
3023         }
3024         case IETF_NEW_TOKEN: {
3025           QuicNewTokenFrame frame;
3026           if (!ProcessNewTokenFrame(reader, &frame)) {
3027             return RaiseError(QUIC_INVALID_NEW_TOKEN);
3028           }
3029           QUIC_DVLOG(2) << ENDPOINT << "Processing IETF new token frame "
3030                         << frame;
3031           if (!visitor_->OnNewTokenFrame(frame)) {
3032             QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
3033             // Returning true since there was no parsing error.
3034             return true;
3035           }
3036           break;
3037         }
3038         case IETF_STOP_SENDING: {
3039           QuicStopSendingFrame frame;
3040           if (!ProcessStopSendingFrame(reader, &frame)) {
3041             return RaiseError(QUIC_INVALID_STOP_SENDING_FRAME_DATA);
3042           }
3043           QUIC_DVLOG(2) << ENDPOINT << "Processing IETF stop sending frame "
3044                         << frame;
3045           if (!visitor_->OnStopSendingFrame(frame)) {
3046             QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
3047             // Returning true since there was no parsing error.
3048             return true;
3049           }
3050           break;
3051         }
3052         case IETF_ACK_RECEIVE_TIMESTAMPS:
3053           if (!process_timestamps_) {
3054             set_detailed_error("Unsupported frame type.");
3055             QUIC_DLOG(WARNING)
3056                 << ENDPOINT << "IETF_ACK_RECEIVE_TIMESTAMPS not supported";
3057             return RaiseError(QUIC_INVALID_FRAME_DATA);
3058           }
3059           ABSL_FALLTHROUGH_INTENDED;
3060         case IETF_ACK_ECN:
3061         case IETF_ACK: {
3062           QuicAckFrame frame;
3063           if (!ProcessIetfAckFrame(reader, frame_type, &frame)) {
3064             return RaiseError(QUIC_INVALID_ACK_DATA);
3065           }
3066           QUIC_DVLOG(2) << ENDPOINT << "Processing IETF ACK frame " << frame;
3067           break;
3068         }
3069         case IETF_PATH_CHALLENGE: {
3070           QuicPathChallengeFrame frame;
3071           if (!ProcessPathChallengeFrame(reader, &frame)) {
3072             return RaiseError(QUIC_INVALID_PATH_CHALLENGE_DATA);
3073           }
3074           QUIC_DVLOG(2) << ENDPOINT << "Processing IETF path challenge frame "
3075                         << frame;
3076           if (!visitor_->OnPathChallengeFrame(frame)) {
3077             QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
3078             // Returning true since there was no parsing error.
3079             return true;
3080           }
3081           break;
3082         }
3083         case IETF_PATH_RESPONSE: {
3084           QuicPathResponseFrame frame;
3085           if (!ProcessPathResponseFrame(reader, &frame)) {
3086             return RaiseError(QUIC_INVALID_PATH_RESPONSE_DATA);
3087           }
3088           QUIC_DVLOG(2) << ENDPOINT << "Processing IETF path response frame "
3089                         << frame;
3090           if (!visitor_->OnPathResponseFrame(frame)) {
3091             QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
3092             // Returning true since there was no parsing error.
3093             return true;
3094           }
3095           break;
3096         }
3097         case IETF_EXTENSION_MESSAGE_NO_LENGTH_V99:
3098           ABSL_FALLTHROUGH_INTENDED;
3099         case IETF_EXTENSION_MESSAGE_V99: {
3100           QuicMessageFrame message_frame;
3101           if (!ProcessMessageFrame(
3102                   reader, frame_type == IETF_EXTENSION_MESSAGE_NO_LENGTH_V99,
3103                   &message_frame)) {
3104             return RaiseError(QUIC_INVALID_MESSAGE_DATA);
3105           }
3106           QUIC_DVLOG(2) << ENDPOINT << "Processing IETF message frame "
3107                         << message_frame;
3108           if (!visitor_->OnMessageFrame(message_frame)) {
3109             QUIC_DVLOG(1) << ENDPOINT
3110                           << "Visitor asked to stop further processing.";
3111             // Returning true since there was no parsing error.
3112             return true;
3113           }
3114           break;
3115         }
3116         case IETF_CRYPTO: {
3117           QuicCryptoFrame frame;
3118           if (!ProcessCryptoFrame(reader, GetEncryptionLevel(header), &frame)) {
3119             return RaiseError(QUIC_INVALID_FRAME_DATA);
3120           }
3121           QUIC_DVLOG(2) << ENDPOINT << "Processing IETF crypto frame " << frame;
3122           if (!visitor_->OnCryptoFrame(frame)) {
3123             QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
3124             // Returning true since there was no parsing error.
3125             return true;
3126           }
3127           break;
3128         }
3129         case IETF_HANDSHAKE_DONE: {
3130           // HANDSHAKE_DONE has no payload.
3131           QuicHandshakeDoneFrame handshake_done_frame;
3132           if (!visitor_->OnHandshakeDoneFrame(handshake_done_frame)) {
3133             QUIC_DVLOG(1) << ENDPOINT
3134                           << "Visitor asked to stop further processing.";
3135             // Returning true since there was no parsing error.
3136             return true;
3137           }
3138           QUIC_DVLOG(2) << ENDPOINT << "Processing handshake done frame "
3139                         << handshake_done_frame;
3140           break;
3141         }
3142         case IETF_ACK_FREQUENCY: {
3143           QuicAckFrequencyFrame frame;
3144           if (!ProcessAckFrequencyFrame(reader, &frame)) {
3145             return RaiseError(QUIC_INVALID_FRAME_DATA);
3146           }
3147           QUIC_DVLOG(2) << ENDPOINT << "Processing IETF ack frequency frame "
3148                         << frame;
3149           if (!visitor_->OnAckFrequencyFrame(frame)) {
3150             QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
3151             // Returning true since there was no parsing error.
3152             return true;
3153           }
3154           break;
3155         }
3156         case IETF_RESET_STREAM_AT: {
3157           if (!process_reset_stream_at_) {
3158             set_detailed_error("RESET_STREAM_AT not enabled.");
3159             return RaiseError(QUIC_INVALID_FRAME_DATA);
3160           }
3161           QuicResetStreamAtFrame frame;
3162           if (!ProcessResetStreamAtFrame(*reader, frame)) {
3163             return RaiseError(QUIC_INVALID_FRAME_DATA);
3164           }
3165           QUIC_DVLOG(2) << ENDPOINT << "Processing RESET_STREAM_AT frame "
3166                         << frame;
3167           if (!visitor_->OnResetStreamAtFrame(frame)) {
3168             QUIC_DVLOG(1) << "Visitor asked to stop further processing.";
3169             // Returning true since there was no parsing error.
3170             return true;
3171           }
3172           break;
3173         }
3174         default:
3175           set_detailed_error("Illegal frame type.");
3176           QUIC_DLOG(WARNING)
3177               << ENDPOINT
3178               << "Illegal frame type: " << static_cast<int>(frame_type);
3179           return RaiseError(QUIC_INVALID_FRAME_DATA);
3180       }
3181     }
3182   }
3183   return true;
3184 }
3185 
3186 namespace {
3187 // Create a mask that sets the last |num_bits| to 1 and the rest to 0.
GetMaskFromNumBits(uint8_t num_bits)3188 inline uint8_t GetMaskFromNumBits(uint8_t num_bits) {
3189   return (1u << num_bits) - 1;
3190 }
3191 
3192 // Extract |num_bits| from |flags| offset by |offset|.
ExtractBits(uint8_t flags,uint8_t num_bits,uint8_t offset)3193 uint8_t ExtractBits(uint8_t flags, uint8_t num_bits, uint8_t offset) {
3194   return (flags >> offset) & GetMaskFromNumBits(num_bits);
3195 }
3196 
3197 // Extract the bit at position |offset| from |flags| as a bool.
ExtractBit(uint8_t flags,uint8_t offset)3198 bool ExtractBit(uint8_t flags, uint8_t offset) {
3199   return ((flags >> offset) & GetMaskFromNumBits(1)) != 0;
3200 }
3201 
3202 // Set |num_bits|, offset by |offset| to |val| in |flags|.
SetBits(uint8_t * flags,uint8_t val,uint8_t num_bits,uint8_t offset)3203 void SetBits(uint8_t* flags, uint8_t val, uint8_t num_bits, uint8_t offset) {
3204   QUICHE_DCHECK_LE(val, GetMaskFromNumBits(num_bits));
3205   *flags |= val << offset;
3206 }
3207 
3208 // Set the bit at position |offset| to |val| in |flags|.
SetBit(uint8_t * flags,bool val,uint8_t offset)3209 void SetBit(uint8_t* flags, bool val, uint8_t offset) {
3210   SetBits(flags, val ? 1 : 0, 1, offset);
3211 }
3212 }  // namespace
3213 
ProcessStreamFrame(QuicDataReader * reader,uint8_t frame_type,QuicStreamFrame * frame)3214 bool QuicFramer::ProcessStreamFrame(QuicDataReader* reader, uint8_t frame_type,
3215                                     QuicStreamFrame* frame) {
3216   uint8_t stream_flags = frame_type;
3217 
3218   uint8_t stream_id_length = 0;
3219   uint8_t offset_length = 4;
3220   bool has_data_length = true;
3221   stream_flags &= ~kQuicFrameTypeStreamMask;
3222 
3223   // Read from right to left: StreamID, Offset, Data Length, Fin.
3224   stream_id_length = (stream_flags & kQuicStreamIDLengthMask) + 1;
3225   stream_flags >>= kQuicStreamIdShift;
3226 
3227   offset_length = (stream_flags & kQuicStreamOffsetMask);
3228   // There is no encoding for 1 byte, only 0 and 2 through 8.
3229   if (offset_length > 0) {
3230     offset_length += 1;
3231   }
3232   stream_flags >>= kQuicStreamShift;
3233 
3234   has_data_length =
3235       (stream_flags & kQuicStreamDataLengthMask) == kQuicStreamDataLengthMask;
3236   stream_flags >>= kQuicStreamDataLengthShift;
3237 
3238   frame->fin = (stream_flags & kQuicStreamFinMask) == kQuicStreamFinShift;
3239 
3240   uint64_t stream_id;
3241   if (!reader->ReadBytesToUInt64(stream_id_length, &stream_id)) {
3242     set_detailed_error("Unable to read stream_id.");
3243     return false;
3244   }
3245   frame->stream_id = static_cast<QuicStreamId>(stream_id);
3246 
3247   if (!reader->ReadBytesToUInt64(offset_length, &frame->offset)) {
3248     set_detailed_error("Unable to read offset.");
3249     return false;
3250   }
3251 
3252   // TODO(ianswett): Don't use absl::string_view as an intermediary.
3253   absl::string_view data;
3254   if (has_data_length) {
3255     if (!reader->ReadStringPiece16(&data)) {
3256       set_detailed_error("Unable to read frame data.");
3257       return false;
3258     }
3259   } else {
3260     if (!reader->ReadStringPiece(&data, reader->BytesRemaining())) {
3261       set_detailed_error("Unable to read frame data.");
3262       return false;
3263     }
3264   }
3265   frame->data_buffer = data.data();
3266   frame->data_length = static_cast<uint16_t>(data.length());
3267 
3268   return true;
3269 }
3270 
ProcessIetfStreamFrame(QuicDataReader * reader,uint8_t frame_type,QuicStreamFrame * frame)3271 bool QuicFramer::ProcessIetfStreamFrame(QuicDataReader* reader,
3272                                         uint8_t frame_type,
3273                                         QuicStreamFrame* frame) {
3274   // Read stream id from the frame. It's always present.
3275   if (!ReadUint32FromVarint62(reader, IETF_STREAM, &frame->stream_id)) {
3276     return false;
3277   }
3278 
3279   // If we have a data offset, read it. If not, set to 0.
3280   if (frame_type & IETF_STREAM_FRAME_OFF_BIT) {
3281     if (!reader->ReadVarInt62(&frame->offset)) {
3282       set_detailed_error("Unable to read stream data offset.");
3283       return false;
3284     }
3285   } else {
3286     // no offset in the frame, ensure it's 0 in the Frame.
3287     frame->offset = 0;
3288   }
3289 
3290   // If we have a data length, read it. If not, set to 0.
3291   if (frame_type & IETF_STREAM_FRAME_LEN_BIT) {
3292     uint64_t length;
3293     if (!reader->ReadVarInt62(&length)) {
3294       set_detailed_error("Unable to read stream data length.");
3295       return false;
3296     }
3297     if (length > std::numeric_limits<decltype(frame->data_length)>::max()) {
3298       set_detailed_error("Stream data length is too large.");
3299       return false;
3300     }
3301     frame->data_length = length;
3302   } else {
3303     // no length in the frame, it is the number of bytes remaining in the
3304     // packet.
3305     frame->data_length = reader->BytesRemaining();
3306   }
3307 
3308   if (frame_type & IETF_STREAM_FRAME_FIN_BIT) {
3309     frame->fin = true;
3310   } else {
3311     frame->fin = false;
3312   }
3313 
3314   // TODO(ianswett): Don't use absl::string_view as an intermediary.
3315   absl::string_view data;
3316   if (!reader->ReadStringPiece(&data, frame->data_length)) {
3317     set_detailed_error("Unable to read frame data.");
3318     return false;
3319   }
3320   frame->data_buffer = data.data();
3321   QUICHE_DCHECK_EQ(frame->data_length, data.length());
3322 
3323   return true;
3324 }
3325 
ProcessCryptoFrame(QuicDataReader * reader,EncryptionLevel encryption_level,QuicCryptoFrame * frame)3326 bool QuicFramer::ProcessCryptoFrame(QuicDataReader* reader,
3327                                     EncryptionLevel encryption_level,
3328                                     QuicCryptoFrame* frame) {
3329   frame->level = encryption_level;
3330   if (!reader->ReadVarInt62(&frame->offset)) {
3331     set_detailed_error("Unable to read crypto data offset.");
3332     return false;
3333   }
3334   uint64_t len;
3335   if (!reader->ReadVarInt62(&len) ||
3336       len > std::numeric_limits<QuicPacketLength>::max()) {
3337     set_detailed_error("Invalid data length.");
3338     return false;
3339   }
3340   frame->data_length = len;
3341 
3342   // TODO(ianswett): Don't use absl::string_view as an intermediary.
3343   absl::string_view data;
3344   if (!reader->ReadStringPiece(&data, frame->data_length)) {
3345     set_detailed_error("Unable to read frame data.");
3346     return false;
3347   }
3348   frame->data_buffer = data.data();
3349   return true;
3350 }
3351 
ProcessAckFrequencyFrame(QuicDataReader * reader,QuicAckFrequencyFrame * frame)3352 bool QuicFramer::ProcessAckFrequencyFrame(QuicDataReader* reader,
3353                                           QuicAckFrequencyFrame* frame) {
3354   if (!reader->ReadVarInt62(&frame->sequence_number)) {
3355     set_detailed_error("Unable to read sequence number.");
3356     return false;
3357   }
3358 
3359   if (!reader->ReadVarInt62(&frame->packet_tolerance)) {
3360     set_detailed_error("Unable to read packet tolerance.");
3361     return false;
3362   }
3363   if (frame->packet_tolerance == 0) {
3364     set_detailed_error("Invalid packet tolerance.");
3365     return false;
3366   }
3367   uint64_t max_ack_delay_us;
3368   if (!reader->ReadVarInt62(&max_ack_delay_us)) {
3369     set_detailed_error("Unable to read max_ack_delay_us.");
3370     return false;
3371   }
3372   constexpr uint64_t kMaxAckDelayUsBound = 1u << 24;
3373   if (max_ack_delay_us > kMaxAckDelayUsBound) {
3374     set_detailed_error("Invalid max_ack_delay_us.");
3375     return false;
3376   }
3377   frame->max_ack_delay = QuicTime::Delta::FromMicroseconds(max_ack_delay_us);
3378 
3379   uint8_t ignore_order;
3380   if (!reader->ReadUInt8(&ignore_order)) {
3381     set_detailed_error("Unable to read ignore_order.");
3382     return false;
3383   }
3384   if (ignore_order > 1) {
3385     set_detailed_error("Invalid ignore_order.");
3386     return false;
3387   }
3388   frame->ignore_order = ignore_order;
3389 
3390   return true;
3391 }
3392 
ProcessResetStreamAtFrame(QuicDataReader & reader,QuicResetStreamAtFrame & frame)3393 bool QuicFramer::ProcessResetStreamAtFrame(QuicDataReader& reader,
3394                                            QuicResetStreamAtFrame& frame) {
3395   if (!ReadUint32FromVarint62(&reader, IETF_RESET_STREAM_AT,
3396                               &frame.stream_id)) {
3397     return false;
3398   }
3399   if (!reader.ReadVarInt62(&frame.error)) {
3400     set_detailed_error("Failed to read the error code.");
3401     return false;
3402   }
3403   if (!reader.ReadVarInt62(&frame.final_offset)) {
3404     set_detailed_error("Failed to read the final offset.");
3405     return false;
3406   }
3407   if (!reader.ReadVarInt62(&frame.reliable_offset)) {
3408     set_detailed_error("Failed to read the reliable offset.");
3409     return false;
3410   }
3411   if (frame.reliable_offset > frame.final_offset) {
3412     set_detailed_error("reliable_offset > final_offset");
3413     return false;
3414   }
3415   return true;
3416 }
3417 
ProcessAckFrame(QuicDataReader * reader,uint8_t frame_type)3418 bool QuicFramer::ProcessAckFrame(QuicDataReader* reader, uint8_t frame_type) {
3419   const bool has_ack_blocks =
3420       ExtractBit(frame_type, kQuicHasMultipleAckBlocksOffset);
3421   uint8_t num_ack_blocks = 0;
3422   uint8_t num_received_packets = 0;
3423 
3424   // Determine the two lengths from the frame type: largest acked length,
3425   // ack block length.
3426   const QuicPacketNumberLength ack_block_length =
3427       ReadAckPacketNumberLength(ExtractBits(
3428           frame_type, kQuicSequenceNumberLengthNumBits, kActBlockLengthOffset));
3429   const QuicPacketNumberLength largest_acked_length =
3430       ReadAckPacketNumberLength(ExtractBits(
3431           frame_type, kQuicSequenceNumberLengthNumBits, kLargestAckedOffset));
3432 
3433   uint64_t largest_acked;
3434   if (!reader->ReadBytesToUInt64(largest_acked_length, &largest_acked)) {
3435     set_detailed_error("Unable to read largest acked.");
3436     return false;
3437   }
3438 
3439   if (largest_acked < first_sending_packet_number_.ToUint64()) {
3440     // Connection always sends packet starting from kFirstSendingPacketNumber >
3441     // 0, peer has observed an unsent packet.
3442     set_detailed_error("Largest acked is 0.");
3443     return false;
3444   }
3445 
3446   uint64_t ack_delay_time_us;
3447   if (!reader->ReadUFloat16(&ack_delay_time_us)) {
3448     set_detailed_error("Unable to read ack delay time.");
3449     return false;
3450   }
3451 
3452   if (!visitor_->OnAckFrameStart(
3453           QuicPacketNumber(largest_acked),
3454           ack_delay_time_us == kUFloat16MaxValue
3455               ? QuicTime::Delta::Infinite()
3456               : QuicTime::Delta::FromMicroseconds(ack_delay_time_us))) {
3457     // The visitor suppresses further processing of the packet. Although this is
3458     // not a parsing error, returns false as this is in middle of processing an
3459     // ack frame,
3460     set_detailed_error("Visitor suppresses further processing of ack frame.");
3461     return false;
3462   }
3463 
3464   if (has_ack_blocks && !reader->ReadUInt8(&num_ack_blocks)) {
3465     set_detailed_error("Unable to read num of ack blocks.");
3466     return false;
3467   }
3468 
3469   uint64_t first_block_length;
3470   if (!reader->ReadBytesToUInt64(ack_block_length, &first_block_length)) {
3471     set_detailed_error("Unable to read first ack block length.");
3472     return false;
3473   }
3474 
3475   if (first_block_length == 0) {
3476     set_detailed_error("First block length is zero.");
3477     return false;
3478   }
3479   bool first_ack_block_underflow = first_block_length > largest_acked + 1;
3480   if (first_block_length + first_sending_packet_number_.ToUint64() >
3481       largest_acked + 1) {
3482     first_ack_block_underflow = true;
3483   }
3484   if (first_ack_block_underflow) {
3485     set_detailed_error(absl::StrCat("Underflow with first ack block length ",
3486                                     first_block_length, " largest acked is ",
3487                                     largest_acked, ".")
3488                            .c_str());
3489     return false;
3490   }
3491 
3492   uint64_t first_received = largest_acked + 1 - first_block_length;
3493   if (!visitor_->OnAckRange(QuicPacketNumber(first_received),
3494                             QuicPacketNumber(largest_acked + 1))) {
3495     // The visitor suppresses further processing of the packet. Although
3496     // this is not a parsing error, returns false as this is in middle
3497     // of processing an ack frame,
3498     set_detailed_error("Visitor suppresses further processing of ack frame.");
3499     return false;
3500   }
3501 
3502   if (num_ack_blocks > 0) {
3503     for (size_t i = 0; i < num_ack_blocks; ++i) {
3504       uint8_t gap = 0;
3505       if (!reader->ReadUInt8(&gap)) {
3506         set_detailed_error("Unable to read gap to next ack block.");
3507         return false;
3508       }
3509       uint64_t current_block_length;
3510       if (!reader->ReadBytesToUInt64(ack_block_length, &current_block_length)) {
3511         set_detailed_error("Unable to ack block length.");
3512         return false;
3513       }
3514       bool ack_block_underflow = first_received < gap + current_block_length;
3515       if (first_received < gap + current_block_length +
3516                                first_sending_packet_number_.ToUint64()) {
3517         ack_block_underflow = true;
3518       }
3519       if (ack_block_underflow) {
3520         set_detailed_error(absl::StrCat("Underflow with ack block length ",
3521                                         current_block_length,
3522                                         ", end of block is ",
3523                                         first_received - gap, ".")
3524                                .c_str());
3525         return false;
3526       }
3527 
3528       first_received -= (gap + current_block_length);
3529       if (current_block_length > 0) {
3530         if (!visitor_->OnAckRange(
3531                 QuicPacketNumber(first_received),
3532                 QuicPacketNumber(first_received) + current_block_length)) {
3533           // The visitor suppresses further processing of the packet. Although
3534           // this is not a parsing error, returns false as this is in middle
3535           // of processing an ack frame,
3536           set_detailed_error(
3537               "Visitor suppresses further processing of ack frame.");
3538           return false;
3539         }
3540       }
3541     }
3542   }
3543 
3544   if (!reader->ReadUInt8(&num_received_packets)) {
3545     set_detailed_error("Unable to read num received packets.");
3546     return false;
3547   }
3548 
3549   if (!ProcessTimestampsInAckFrame(num_received_packets,
3550                                    QuicPacketNumber(largest_acked), reader)) {
3551     return false;
3552   }
3553 
3554   // Done processing the ACK frame.
3555   std::optional<QuicEcnCounts> ecn_counts = std::nullopt;
3556   if (!visitor_->OnAckFrameEnd(QuicPacketNumber(first_received), ecn_counts)) {
3557     set_detailed_error(
3558         "Error occurs when visitor finishes processing the ACK frame.");
3559     return false;
3560   }
3561 
3562   return true;
3563 }
3564 
ProcessTimestampsInAckFrame(uint8_t num_received_packets,QuicPacketNumber largest_acked,QuicDataReader * reader)3565 bool QuicFramer::ProcessTimestampsInAckFrame(uint8_t num_received_packets,
3566                                              QuicPacketNumber largest_acked,
3567                                              QuicDataReader* reader) {
3568   if (num_received_packets == 0) {
3569     return true;
3570   }
3571   uint8_t delta_from_largest_observed;
3572   if (!reader->ReadUInt8(&delta_from_largest_observed)) {
3573     set_detailed_error("Unable to read sequence delta in received packets.");
3574     return false;
3575   }
3576 
3577   if (largest_acked.ToUint64() <= delta_from_largest_observed) {
3578     set_detailed_error(
3579         absl::StrCat("delta_from_largest_observed too high: ",
3580                      delta_from_largest_observed,
3581                      ", largest_acked: ", largest_acked.ToUint64())
3582             .c_str());
3583     return false;
3584   }
3585 
3586   // Time delta from the framer creation.
3587   uint32_t time_delta_us;
3588   if (!reader->ReadUInt32(&time_delta_us)) {
3589     set_detailed_error("Unable to read time delta in received packets.");
3590     return false;
3591   }
3592 
3593   QuicPacketNumber seq_num = largest_acked - delta_from_largest_observed;
3594   if (process_timestamps_) {
3595     last_timestamp_ = CalculateTimestampFromWire(time_delta_us);
3596 
3597     visitor_->OnAckTimestamp(seq_num, creation_time_ + last_timestamp_);
3598   }
3599 
3600   for (uint8_t i = 1; i < num_received_packets; ++i) {
3601     if (!reader->ReadUInt8(&delta_from_largest_observed)) {
3602       set_detailed_error("Unable to read sequence delta in received packets.");
3603       return false;
3604     }
3605     if (largest_acked.ToUint64() <= delta_from_largest_observed) {
3606       set_detailed_error(
3607           absl::StrCat("delta_from_largest_observed too high: ",
3608                        delta_from_largest_observed,
3609                        ", largest_acked: ", largest_acked.ToUint64())
3610               .c_str());
3611       return false;
3612     }
3613     seq_num = largest_acked - delta_from_largest_observed;
3614 
3615     // Time delta from the previous timestamp.
3616     uint64_t incremental_time_delta_us;
3617     if (!reader->ReadUFloat16(&incremental_time_delta_us)) {
3618       set_detailed_error(
3619           "Unable to read incremental time delta in received packets.");
3620       return false;
3621     }
3622 
3623     if (process_timestamps_) {
3624       last_timestamp_ = last_timestamp_ + QuicTime::Delta::FromMicroseconds(
3625                                               incremental_time_delta_us);
3626       visitor_->OnAckTimestamp(seq_num, creation_time_ + last_timestamp_);
3627     }
3628   }
3629   return true;
3630 }
3631 
ProcessIetfAckFrame(QuicDataReader * reader,uint64_t frame_type,QuicAckFrame * ack_frame)3632 bool QuicFramer::ProcessIetfAckFrame(QuicDataReader* reader,
3633                                      uint64_t frame_type,
3634                                      QuicAckFrame* ack_frame) {
3635   uint64_t largest_acked;
3636   if (!reader->ReadVarInt62(&largest_acked)) {
3637     set_detailed_error("Unable to read largest acked.");
3638     return false;
3639   }
3640   if (largest_acked < first_sending_packet_number_.ToUint64()) {
3641     // Connection always sends packet starting from kFirstSendingPacketNumber >
3642     // 0, peer has observed an unsent packet.
3643     set_detailed_error("Largest acked is 0.");
3644     return false;
3645   }
3646   ack_frame->largest_acked = static_cast<QuicPacketNumber>(largest_acked);
3647   uint64_t ack_delay_time_in_us;
3648   if (!reader->ReadVarInt62(&ack_delay_time_in_us)) {
3649     set_detailed_error("Unable to read ack delay time.");
3650     return false;
3651   }
3652 
3653   if (ack_delay_time_in_us >=
3654       (quiche::kVarInt62MaxValue >> peer_ack_delay_exponent_)) {
3655     ack_frame->ack_delay_time = QuicTime::Delta::Infinite();
3656   } else {
3657     ack_delay_time_in_us = (ack_delay_time_in_us << peer_ack_delay_exponent_);
3658     ack_frame->ack_delay_time =
3659         QuicTime::Delta::FromMicroseconds(ack_delay_time_in_us);
3660   }
3661   if (!visitor_->OnAckFrameStart(QuicPacketNumber(largest_acked),
3662                                  ack_frame->ack_delay_time)) {
3663     // The visitor suppresses further processing of the packet. Although this is
3664     // not a parsing error, returns false as this is in middle of processing an
3665     // ACK frame.
3666     set_detailed_error("Visitor suppresses further processing of ACK frame.");
3667     return false;
3668   }
3669 
3670   // Get number of ACK blocks from the packet.
3671   uint64_t ack_block_count;
3672   if (!reader->ReadVarInt62(&ack_block_count)) {
3673     set_detailed_error("Unable to read ack block count.");
3674     return false;
3675   }
3676   // There always is a first ACK block, which is the (number of packets being
3677   // acked)-1, up to and including the packet at largest_acked. Therefore if the
3678   // value is 0, then only largest is acked. If it is 1, then largest-1,
3679   // largest] are acked, etc
3680   uint64_t ack_block_value;
3681   if (!reader->ReadVarInt62(&ack_block_value)) {
3682     set_detailed_error("Unable to read first ack block length.");
3683     return false;
3684   }
3685   // Calculate the packets being acked in the first block.
3686   //  +1 because AddRange implementation requires [low,high)
3687   uint64_t block_high = largest_acked + 1;
3688   uint64_t block_low = largest_acked - ack_block_value;
3689 
3690   // ack_block_value is the number of packets preceding the
3691   // largest_acked packet which are in the block being acked. Thus,
3692   // its maximum value is largest_acked-1. Test this, reporting an
3693   // error if the value is wrong.
3694   if (ack_block_value + first_sending_packet_number_.ToUint64() >
3695       largest_acked) {
3696     set_detailed_error(absl::StrCat("Underflow with first ack block length ",
3697                                     ack_block_value + 1, " largest acked is ",
3698                                     largest_acked, ".")
3699                            .c_str());
3700     return false;
3701   }
3702 
3703   if (!visitor_->OnAckRange(QuicPacketNumber(block_low),
3704                             QuicPacketNumber(block_high))) {
3705     // The visitor suppresses further processing of the packet. Although
3706     // this is not a parsing error, returns false as this is in middle
3707     // of processing an ACK frame.
3708     set_detailed_error("Visitor suppresses further processing of ACK frame.");
3709     return false;
3710   }
3711 
3712   while (ack_block_count != 0) {
3713     uint64_t gap_block_value;
3714     // Get the sizes of the gap and ack blocks,
3715     if (!reader->ReadVarInt62(&gap_block_value)) {
3716       set_detailed_error("Unable to read gap block value.");
3717       return false;
3718     }
3719     // It's an error if the gap is larger than the space from packet
3720     // number 0 to the start of the block that's just been acked, PLUS
3721     // there must be space for at least 1 packet to be acked. For
3722     // example, if block_low is 10 and gap_block_value is 9, it means
3723     // the gap block is 10 packets long, leaving no room for a packet
3724     // to be acked. Thus, gap_block_value+2 can not be larger than
3725     // block_low.
3726     // The test is written this way to detect wrap-arounds.
3727     if ((gap_block_value + 2) > block_low) {
3728       set_detailed_error(
3729           absl::StrCat("Underflow with gap block length ", gap_block_value + 1,
3730                        " previous ack block start is ", block_low, ".")
3731               .c_str());
3732       return false;
3733     }
3734 
3735     // Adjust block_high to be the top of the next ack block.
3736     // There is a gap of |gap_block_value| packets between the bottom
3737     // of ack block N and top of block N+1.  Note that gap_block_value
3738     // is he size of the gap minus 1 (per the QUIC protocol), and
3739     // block_high is the packet number of the first packet of the gap
3740     // (per the implementation of OnAckRange/AddAckRange, below).
3741     block_high = block_low - 1 - gap_block_value;
3742 
3743     if (!reader->ReadVarInt62(&ack_block_value)) {
3744       set_detailed_error("Unable to read ack block value.");
3745       return false;
3746     }
3747     if (ack_block_value + first_sending_packet_number_.ToUint64() >
3748         (block_high - 1)) {
3749       set_detailed_error(
3750           absl::StrCat("Underflow with ack block length ", ack_block_value + 1,
3751                        " latest ack block end is ", block_high - 1, ".")
3752               .c_str());
3753       return false;
3754     }
3755     // Calculate the low end of the new nth ack block. The +1 is
3756     // because the encoded value is the blocksize-1.
3757     block_low = block_high - 1 - ack_block_value;
3758     if (!visitor_->OnAckRange(QuicPacketNumber(block_low),
3759                               QuicPacketNumber(block_high))) {
3760       // The visitor suppresses further processing of the packet. Although
3761       // this is not a parsing error, returns false as this is in middle
3762       // of processing an ACK frame.
3763       set_detailed_error("Visitor suppresses further processing of ACK frame.");
3764       return false;
3765     }
3766 
3767     // Another one done.
3768     ack_block_count--;
3769   }
3770 
3771   QUICHE_DCHECK(!ack_frame->ecn_counters.has_value());
3772   if (frame_type == IETF_ACK_RECEIVE_TIMESTAMPS) {
3773     QUICHE_DCHECK(process_timestamps_);
3774     if (!ProcessIetfTimestampsInAckFrame(ack_frame->largest_acked, reader)) {
3775       return false;
3776     }
3777   } else if (frame_type == IETF_ACK_ECN) {
3778     ack_frame->ecn_counters = QuicEcnCounts();
3779     if (!reader->ReadVarInt62(&ack_frame->ecn_counters->ect0)) {
3780       set_detailed_error("Unable to read ack ect_0_count.");
3781       return false;
3782     }
3783     if (!reader->ReadVarInt62(&ack_frame->ecn_counters->ect1)) {
3784       set_detailed_error("Unable to read ack ect_1_count.");
3785       return false;
3786     }
3787     if (!reader->ReadVarInt62(&ack_frame->ecn_counters->ce)) {
3788       set_detailed_error("Unable to read ack ecn_ce_count.");
3789       return false;
3790     }
3791   }
3792 
3793   if (!visitor_->OnAckFrameEnd(QuicPacketNumber(block_low),
3794                                ack_frame->ecn_counters)) {
3795     set_detailed_error(
3796         "Error occurs when visitor finishes processing the ACK frame.");
3797     return false;
3798   }
3799 
3800   return true;
3801 }
3802 
ProcessIetfTimestampsInAckFrame(QuicPacketNumber largest_acked,QuicDataReader * reader)3803 bool QuicFramer::ProcessIetfTimestampsInAckFrame(QuicPacketNumber largest_acked,
3804                                                  QuicDataReader* reader) {
3805   uint64_t timestamp_range_count;
3806   if (!reader->ReadVarInt62(&timestamp_range_count)) {
3807     set_detailed_error("Unable to read receive timestamp range count.");
3808     return false;
3809   }
3810   if (timestamp_range_count == 0) {
3811     return true;
3812   }
3813 
3814   QuicPacketNumber packet_number = largest_acked;
3815 
3816   // Iterate through all timestamp ranges, each of which represents a block of
3817   // contiguous packets for which receive timestamps are being reported. Each
3818   // range is of the form:
3819   //
3820   // Timestamp Range {
3821   //    Gap (i),
3822   //    Timestamp Delta Count (i),
3823   //    Timestamp Delta (i) ...,
3824   //  }
3825   for (uint64_t i = 0; i < timestamp_range_count; i++) {
3826     uint64_t gap;
3827     if (!reader->ReadVarInt62(&gap)) {
3828       set_detailed_error("Unable to read receive timestamp gap.");
3829       return false;
3830     }
3831     if (packet_number.ToUint64() < gap) {
3832       set_detailed_error("Receive timestamp gap too high.");
3833       return false;
3834     }
3835     packet_number = packet_number - gap;
3836     uint64_t timestamp_count;
3837     if (!reader->ReadVarInt62(&timestamp_count)) {
3838       set_detailed_error("Unable to read receive timestamp count.");
3839       return false;
3840     }
3841     if (packet_number.ToUint64() < timestamp_count) {
3842       set_detailed_error("Receive timestamp count too high.");
3843       return false;
3844     }
3845     for (uint64_t j = 0; j < timestamp_count; j++) {
3846       uint64_t timestamp_delta;
3847       if (!reader->ReadVarInt62(&timestamp_delta)) {
3848         set_detailed_error("Unable to read receive timestamp delta.");
3849         return false;
3850       }
3851       // The first timestamp delta is relative to framer creation time; whereas
3852       // subsequent deltas are relative to the previous delta in decreasing
3853       // packet order.
3854       timestamp_delta = timestamp_delta << receive_timestamps_exponent_;
3855       if (i == 0 && j == 0) {
3856         last_timestamp_ = QuicTime::Delta::FromMicroseconds(timestamp_delta);
3857       } else {
3858         last_timestamp_ = last_timestamp_ -
3859                           QuicTime::Delta::FromMicroseconds(timestamp_delta);
3860         if (last_timestamp_ < QuicTime::Delta::Zero()) {
3861           set_detailed_error("Receive timestamp delta too high.");
3862           return false;
3863         }
3864       }
3865       visitor_->OnAckTimestamp(packet_number, creation_time_ + last_timestamp_);
3866       packet_number--;
3867     }
3868     packet_number--;
3869   }
3870   return true;
3871 }
3872 
ProcessStopWaitingFrame(QuicDataReader * reader,const QuicPacketHeader & header,QuicStopWaitingFrame * stop_waiting)3873 bool QuicFramer::ProcessStopWaitingFrame(QuicDataReader* reader,
3874                                          const QuicPacketHeader& header,
3875                                          QuicStopWaitingFrame* stop_waiting) {
3876   uint64_t least_unacked_delta;
3877   if (!reader->ReadBytesToUInt64(header.packet_number_length,
3878                                  &least_unacked_delta)) {
3879     set_detailed_error("Unable to read least unacked delta.");
3880     return false;
3881   }
3882   if (header.packet_number.ToUint64() <= least_unacked_delta) {
3883     set_detailed_error("Invalid unacked delta.");
3884     return false;
3885   }
3886   stop_waiting->least_unacked = header.packet_number - least_unacked_delta;
3887 
3888   return true;
3889 }
3890 
ProcessRstStreamFrame(QuicDataReader * reader,QuicRstStreamFrame * frame)3891 bool QuicFramer::ProcessRstStreamFrame(QuicDataReader* reader,
3892                                        QuicRstStreamFrame* frame) {
3893   if (!reader->ReadUInt32(&frame->stream_id)) {
3894     set_detailed_error("Unable to read stream_id.");
3895     return false;
3896   }
3897 
3898   if (!reader->ReadUInt64(&frame->byte_offset)) {
3899     set_detailed_error("Unable to read rst stream sent byte offset.");
3900     return false;
3901   }
3902 
3903   uint32_t error_code;
3904   if (!reader->ReadUInt32(&error_code)) {
3905     set_detailed_error("Unable to read rst stream error code.");
3906     return false;
3907   }
3908 
3909   if (error_code >= QUIC_STREAM_LAST_ERROR) {
3910     // Ignore invalid stream error code if any.
3911     error_code = QUIC_STREAM_LAST_ERROR;
3912   }
3913 
3914   frame->error_code = static_cast<QuicRstStreamErrorCode>(error_code);
3915 
3916   return true;
3917 }
3918 
ProcessConnectionCloseFrame(QuicDataReader * reader,QuicConnectionCloseFrame * frame)3919 bool QuicFramer::ProcessConnectionCloseFrame(QuicDataReader* reader,
3920                                              QuicConnectionCloseFrame* frame) {
3921   uint32_t error_code;
3922   frame->close_type = GOOGLE_QUIC_CONNECTION_CLOSE;
3923 
3924   if (!reader->ReadUInt32(&error_code)) {
3925     set_detailed_error("Unable to read connection close error code.");
3926     return false;
3927   }
3928 
3929   // For Google QUIC connection closes, |wire_error_code| and |quic_error_code|
3930   // must have the same value.
3931   frame->wire_error_code = error_code;
3932   frame->quic_error_code = static_cast<QuicErrorCode>(error_code);
3933 
3934   absl::string_view error_details;
3935   if (!reader->ReadStringPiece16(&error_details)) {
3936     set_detailed_error("Unable to read connection close error details.");
3937     return false;
3938   }
3939   frame->error_details = std::string(error_details);
3940 
3941   return true;
3942 }
3943 
ProcessGoAwayFrame(QuicDataReader * reader,QuicGoAwayFrame * frame)3944 bool QuicFramer::ProcessGoAwayFrame(QuicDataReader* reader,
3945                                     QuicGoAwayFrame* frame) {
3946   uint32_t error_code;
3947   if (!reader->ReadUInt32(&error_code)) {
3948     set_detailed_error("Unable to read go away error code.");
3949     return false;
3950   }
3951 
3952   frame->error_code = static_cast<QuicErrorCode>(error_code);
3953 
3954   uint32_t stream_id;
3955   if (!reader->ReadUInt32(&stream_id)) {
3956     set_detailed_error("Unable to read last good stream id.");
3957     return false;
3958   }
3959   frame->last_good_stream_id = static_cast<QuicStreamId>(stream_id);
3960 
3961   absl::string_view reason_phrase;
3962   if (!reader->ReadStringPiece16(&reason_phrase)) {
3963     set_detailed_error("Unable to read goaway reason.");
3964     return false;
3965   }
3966   frame->reason_phrase = std::string(reason_phrase);
3967 
3968   return true;
3969 }
3970 
ProcessWindowUpdateFrame(QuicDataReader * reader,QuicWindowUpdateFrame * frame)3971 bool QuicFramer::ProcessWindowUpdateFrame(QuicDataReader* reader,
3972                                           QuicWindowUpdateFrame* frame) {
3973   if (!reader->ReadUInt32(&frame->stream_id)) {
3974     set_detailed_error("Unable to read stream_id.");
3975     return false;
3976   }
3977 
3978   if (!reader->ReadUInt64(&frame->max_data)) {
3979     set_detailed_error("Unable to read window byte_offset.");
3980     return false;
3981   }
3982 
3983   return true;
3984 }
3985 
ProcessBlockedFrame(QuicDataReader * reader,QuicBlockedFrame * frame)3986 bool QuicFramer::ProcessBlockedFrame(QuicDataReader* reader,
3987                                      QuicBlockedFrame* frame) {
3988   QUICHE_DCHECK(!VersionHasIetfQuicFrames(version_.transport_version))
3989       << "Attempt to process non-IETF QUIC frames in an IETF QUIC version.";
3990 
3991   if (!reader->ReadUInt32(&frame->stream_id)) {
3992     set_detailed_error("Unable to read stream_id.");
3993     return false;
3994   }
3995 
3996   return true;
3997 }
3998 
ProcessPaddingFrame(QuicDataReader * reader,QuicPaddingFrame * frame)3999 void QuicFramer::ProcessPaddingFrame(QuicDataReader* reader,
4000                                      QuicPaddingFrame* frame) {
4001   // Type byte has been read.
4002   frame->num_padding_bytes = 1;
4003   uint8_t next_byte;
4004   while (!reader->IsDoneReading() && reader->PeekByte() == 0x00) {
4005     reader->ReadBytes(&next_byte, 1);
4006     QUICHE_DCHECK_EQ(0x00, next_byte);
4007     ++frame->num_padding_bytes;
4008   }
4009 }
4010 
ProcessMessageFrame(QuicDataReader * reader,bool no_message_length,QuicMessageFrame * frame)4011 bool QuicFramer::ProcessMessageFrame(QuicDataReader* reader,
4012                                      bool no_message_length,
4013                                      QuicMessageFrame* frame) {
4014   if (no_message_length) {
4015     absl::string_view remaining(reader->ReadRemainingPayload());
4016     frame->data = remaining.data();
4017     frame->message_length = remaining.length();
4018     return true;
4019   }
4020 
4021   uint64_t message_length;
4022   if (!reader->ReadVarInt62(&message_length)) {
4023     set_detailed_error("Unable to read message length");
4024     return false;
4025   }
4026 
4027   absl::string_view message_piece;
4028   if (!reader->ReadStringPiece(&message_piece, message_length)) {
4029     set_detailed_error("Unable to read message data");
4030     return false;
4031   }
4032 
4033   frame->data = message_piece.data();
4034   frame->message_length = message_length;
4035 
4036   return true;
4037 }
4038 
4039 // static
GetAssociatedDataFromEncryptedPacket(QuicTransportVersion version,const QuicEncryptedPacket & encrypted,uint8_t destination_connection_id_length,uint8_t source_connection_id_length,bool includes_version,bool includes_diversification_nonce,QuicPacketNumberLength packet_number_length,quiche::QuicheVariableLengthIntegerLength retry_token_length_length,uint64_t retry_token_length,quiche::QuicheVariableLengthIntegerLength length_length)4040 absl::string_view QuicFramer::GetAssociatedDataFromEncryptedPacket(
4041     QuicTransportVersion version, const QuicEncryptedPacket& encrypted,
4042     uint8_t destination_connection_id_length,
4043     uint8_t source_connection_id_length, bool includes_version,
4044     bool includes_diversification_nonce,
4045     QuicPacketNumberLength packet_number_length,
4046     quiche::QuicheVariableLengthIntegerLength retry_token_length_length,
4047     uint64_t retry_token_length,
4048     quiche::QuicheVariableLengthIntegerLength length_length) {
4049   // TODO(ianswett): This is identical to QuicData::AssociatedData.
4050   return absl::string_view(
4051       encrypted.data(),
4052       GetStartOfEncryptedData(version, destination_connection_id_length,
4053                               source_connection_id_length, includes_version,
4054                               includes_diversification_nonce,
4055                               packet_number_length, retry_token_length_length,
4056                               retry_token_length, length_length));
4057 }
4058 
SetDecrypter(EncryptionLevel level,std::unique_ptr<QuicDecrypter> decrypter)4059 void QuicFramer::SetDecrypter(EncryptionLevel level,
4060                               std::unique_ptr<QuicDecrypter> decrypter) {
4061   QUICHE_DCHECK_GE(level, decrypter_level_);
4062   QUICHE_DCHECK(!version_.KnowsWhichDecrypterToUse());
4063   QUIC_DVLOG(1) << ENDPOINT << "Setting decrypter from level "
4064                 << decrypter_level_ << " to " << level;
4065   decrypter_[decrypter_level_] = nullptr;
4066   decrypter_[level] = std::move(decrypter);
4067   decrypter_level_ = level;
4068 }
4069 
SetAlternativeDecrypter(EncryptionLevel level,std::unique_ptr<QuicDecrypter> decrypter,bool latch_once_used)4070 void QuicFramer::SetAlternativeDecrypter(
4071     EncryptionLevel level, std::unique_ptr<QuicDecrypter> decrypter,
4072     bool latch_once_used) {
4073   QUICHE_DCHECK_NE(level, decrypter_level_);
4074   QUICHE_DCHECK(!version_.KnowsWhichDecrypterToUse());
4075   QUIC_DVLOG(1) << ENDPOINT << "Setting alternative decrypter from level "
4076                 << alternative_decrypter_level_ << " to " << level;
4077   if (alternative_decrypter_level_ != NUM_ENCRYPTION_LEVELS) {
4078     decrypter_[alternative_decrypter_level_] = nullptr;
4079   }
4080   decrypter_[level] = std::move(decrypter);
4081   alternative_decrypter_level_ = level;
4082   alternative_decrypter_latch_ = latch_once_used;
4083 }
4084 
InstallDecrypter(EncryptionLevel level,std::unique_ptr<QuicDecrypter> decrypter)4085 void QuicFramer::InstallDecrypter(EncryptionLevel level,
4086                                   std::unique_ptr<QuicDecrypter> decrypter) {
4087   QUICHE_DCHECK(version_.KnowsWhichDecrypterToUse());
4088   QUIC_DVLOG(1) << ENDPOINT << "Installing decrypter at level " << level;
4089   decrypter_[level] = std::move(decrypter);
4090 }
4091 
RemoveDecrypter(EncryptionLevel level)4092 void QuicFramer::RemoveDecrypter(EncryptionLevel level) {
4093   QUICHE_DCHECK(version_.KnowsWhichDecrypterToUse());
4094   QUIC_DVLOG(1) << ENDPOINT << "Removing decrypter at level " << level;
4095   decrypter_[level] = nullptr;
4096 }
4097 
SetKeyUpdateSupportForConnection(bool enabled)4098 void QuicFramer::SetKeyUpdateSupportForConnection(bool enabled) {
4099   QUIC_DVLOG(1) << ENDPOINT << "SetKeyUpdateSupportForConnection: " << enabled;
4100   support_key_update_for_connection_ = enabled;
4101 }
4102 
DiscardPreviousOneRttKeys()4103 void QuicFramer::DiscardPreviousOneRttKeys() {
4104   QUICHE_DCHECK(support_key_update_for_connection_);
4105   QUIC_DVLOG(1) << ENDPOINT << "Discarding previous set of 1-RTT keys";
4106   previous_decrypter_ = nullptr;
4107 }
4108 
DoKeyUpdate(KeyUpdateReason reason)4109 bool QuicFramer::DoKeyUpdate(KeyUpdateReason reason) {
4110   QUICHE_DCHECK(support_key_update_for_connection_);
4111   if (!next_decrypter_) {
4112     // If key update is locally initiated, next decrypter might not be created
4113     // yet.
4114     next_decrypter_ = visitor_->AdvanceKeysAndCreateCurrentOneRttDecrypter();
4115   }
4116   std::unique_ptr<QuicEncrypter> next_encrypter =
4117       visitor_->CreateCurrentOneRttEncrypter();
4118   if (!next_decrypter_ || !next_encrypter) {
4119     QUIC_BUG(quic_bug_10850_58) << "Failed to create next crypters";
4120     return false;
4121   }
4122   key_update_performed_ = true;
4123   current_key_phase_bit_ = !current_key_phase_bit_;
4124   QUIC_DLOG(INFO) << ENDPOINT << "DoKeyUpdate: new current_key_phase_bit_="
4125                   << current_key_phase_bit_;
4126   current_key_phase_first_received_packet_number_.Clear();
4127   previous_decrypter_ = std::move(decrypter_[ENCRYPTION_FORWARD_SECURE]);
4128   decrypter_[ENCRYPTION_FORWARD_SECURE] = std::move(next_decrypter_);
4129   encrypter_[ENCRYPTION_FORWARD_SECURE] = std::move(next_encrypter);
4130   switch (reason) {
4131     case KeyUpdateReason::kInvalid:
4132       QUIC_CODE_COUNT(quic_key_update_invalid);
4133       break;
4134     case KeyUpdateReason::kRemote:
4135       QUIC_CODE_COUNT(quic_key_update_remote);
4136       break;
4137     case KeyUpdateReason::kLocalForTests:
4138       QUIC_CODE_COUNT(quic_key_update_local_for_tests);
4139       break;
4140     case KeyUpdateReason::kLocalForInteropRunner:
4141       QUIC_CODE_COUNT(quic_key_update_local_for_interop_runner);
4142       break;
4143     case KeyUpdateReason::kLocalAeadConfidentialityLimit:
4144       QUIC_CODE_COUNT(quic_key_update_local_aead_confidentiality_limit);
4145       break;
4146     case KeyUpdateReason::kLocalKeyUpdateLimitOverride:
4147       QUIC_CODE_COUNT(quic_key_update_local_limit_override);
4148       break;
4149   }
4150   visitor_->OnKeyUpdate(reason);
4151   return true;
4152 }
4153 
PotentialPeerKeyUpdateAttemptCount() const4154 QuicPacketCount QuicFramer::PotentialPeerKeyUpdateAttemptCount() const {
4155   return potential_peer_key_update_attempt_count_;
4156 }
4157 
GetDecrypter(EncryptionLevel level) const4158 const QuicDecrypter* QuicFramer::GetDecrypter(EncryptionLevel level) const {
4159   QUICHE_DCHECK(version_.KnowsWhichDecrypterToUse());
4160   return decrypter_[level].get();
4161 }
4162 
decrypter() const4163 const QuicDecrypter* QuicFramer::decrypter() const {
4164   return decrypter_[decrypter_level_].get();
4165 }
4166 
alternative_decrypter() const4167 const QuicDecrypter* QuicFramer::alternative_decrypter() const {
4168   if (alternative_decrypter_level_ == NUM_ENCRYPTION_LEVELS) {
4169     return nullptr;
4170   }
4171   return decrypter_[alternative_decrypter_level_].get();
4172 }
4173 
SetEncrypter(EncryptionLevel level,std::unique_ptr<QuicEncrypter> encrypter)4174 void QuicFramer::SetEncrypter(EncryptionLevel level,
4175                               std::unique_ptr<QuicEncrypter> encrypter) {
4176   QUICHE_DCHECK_GE(level, 0);
4177   QUICHE_DCHECK_LT(level, NUM_ENCRYPTION_LEVELS);
4178   QUIC_DVLOG(1) << ENDPOINT << "Setting encrypter at level " << level;
4179   encrypter_[level] = std::move(encrypter);
4180 }
4181 
RemoveEncrypter(EncryptionLevel level)4182 void QuicFramer::RemoveEncrypter(EncryptionLevel level) {
4183   QUIC_DVLOG(1) << ENDPOINT << "Removing encrypter of " << level;
4184   encrypter_[level] = nullptr;
4185 }
4186 
SetInitialObfuscators(QuicConnectionId connection_id)4187 void QuicFramer::SetInitialObfuscators(QuicConnectionId connection_id) {
4188   CrypterPair crypters;
4189   CryptoUtils::CreateInitialObfuscators(perspective_, version_, connection_id,
4190                                         &crypters);
4191   encrypter_[ENCRYPTION_INITIAL] = std::move(crypters.encrypter);
4192   decrypter_[ENCRYPTION_INITIAL] = std::move(crypters.decrypter);
4193 }
4194 
EncryptInPlace(EncryptionLevel level,QuicPacketNumber packet_number,size_t ad_len,size_t total_len,size_t buffer_len,char * buffer)4195 size_t QuicFramer::EncryptInPlace(EncryptionLevel level,
4196                                   QuicPacketNumber packet_number, size_t ad_len,
4197                                   size_t total_len, size_t buffer_len,
4198                                   char* buffer) {
4199   QUICHE_DCHECK(packet_number.IsInitialized());
4200   if (encrypter_[level] == nullptr) {
4201     QUIC_BUG(quic_bug_10850_59)
4202         << ENDPOINT
4203         << "Attempted to encrypt in place without encrypter at level " << level;
4204     RaiseError(QUIC_ENCRYPTION_FAILURE);
4205     return 0;
4206   }
4207 
4208   size_t output_length = 0;
4209   if (!encrypter_[level]->EncryptPacket(
4210           packet_number.ToUint64(),
4211           absl::string_view(buffer, ad_len),  // Associated data
4212           absl::string_view(buffer + ad_len,
4213                             total_len - ad_len),  // Plaintext
4214           buffer + ad_len,                        // Destination buffer
4215           &output_length, buffer_len - ad_len)) {
4216     RaiseError(QUIC_ENCRYPTION_FAILURE);
4217     return 0;
4218   }
4219   if (version_.HasHeaderProtection() &&
4220       !ApplyHeaderProtection(level, buffer, ad_len + output_length, ad_len)) {
4221     QUIC_DLOG(ERROR) << "Applying header protection failed.";
4222     RaiseError(QUIC_ENCRYPTION_FAILURE);
4223     return 0;
4224   }
4225 
4226   return ad_len + output_length;
4227 }
4228 
4229 namespace {
4230 
4231 const size_t kHPSampleLen = 16;
4232 
IsLongHeader(uint8_t type_byte)4233 constexpr bool IsLongHeader(uint8_t type_byte) {
4234   return (type_byte & FLAGS_LONG_HEADER) != 0;
4235 }
4236 
4237 }  // namespace
4238 
ApplyHeaderProtection(EncryptionLevel level,char * buffer,size_t buffer_len,size_t ad_len)4239 bool QuicFramer::ApplyHeaderProtection(EncryptionLevel level, char* buffer,
4240                                        size_t buffer_len, size_t ad_len) {
4241   QuicDataReader buffer_reader(buffer, buffer_len);
4242   QuicDataWriter buffer_writer(buffer_len, buffer);
4243   // The sample starts 4 bytes after the start of the packet number.
4244   if (ad_len < last_written_packet_number_length_) {
4245     return false;
4246   }
4247   size_t pn_offset = ad_len - last_written_packet_number_length_;
4248   // Sample the ciphertext and generate the mask to use for header protection.
4249   size_t sample_offset = pn_offset + 4;
4250   QuicDataReader sample_reader(buffer, buffer_len);
4251   absl::string_view sample;
4252   if (!sample_reader.Seek(sample_offset) ||
4253       !sample_reader.ReadStringPiece(&sample, kHPSampleLen)) {
4254     QUIC_BUG(quic_bug_10850_60)
4255         << "Not enough bytes to sample: sample_offset " << sample_offset
4256         << ", sample len: " << kHPSampleLen << ", buffer len: " << buffer_len;
4257     return false;
4258   }
4259 
4260   if (encrypter_[level] == nullptr) {
4261     QUIC_BUG(quic_bug_12975_8)
4262         << ENDPOINT
4263         << "Attempted to apply header protection without encrypter at level "
4264         << level << " using " << version_;
4265     return false;
4266   }
4267 
4268   std::string mask = encrypter_[level]->GenerateHeaderProtectionMask(sample);
4269   if (mask.empty()) {
4270     QUIC_BUG(quic_bug_10850_61) << "Unable to generate header protection mask.";
4271     return false;
4272   }
4273   QuicDataReader mask_reader(mask.data(), mask.size());
4274 
4275   // Apply the mask to the 4 or 5 least significant bits of the first byte.
4276   uint8_t bitmask = 0x1f;
4277   uint8_t type_byte;
4278   if (!buffer_reader.ReadUInt8(&type_byte)) {
4279     return false;
4280   }
4281   QuicLongHeaderType header_type;
4282   if (IsLongHeader(type_byte)) {
4283     bitmask = 0x0f;
4284     header_type = GetLongHeaderType(type_byte, version_);
4285     if (header_type == INVALID_PACKET_TYPE) {
4286       return false;
4287     }
4288   }
4289   uint8_t mask_byte;
4290   if (!mask_reader.ReadUInt8(&mask_byte) ||
4291       !buffer_writer.WriteUInt8(type_byte ^ (mask_byte & bitmask))) {
4292     return false;
4293   }
4294 
4295   // Adjust |pn_offset| to account for the diversification nonce.
4296   if (IsLongHeader(type_byte) && header_type == ZERO_RTT_PROTECTED &&
4297       perspective_ == Perspective::IS_SERVER &&
4298       version_.handshake_protocol == PROTOCOL_QUIC_CRYPTO) {
4299     if (pn_offset <= kDiversificationNonceSize) {
4300       QUIC_BUG(quic_bug_10850_62)
4301           << "Expected diversification nonce, but not enough bytes";
4302       return false;
4303     }
4304     pn_offset -= kDiversificationNonceSize;
4305   }
4306   // Advance the reader and writer to the packet number. Both the reader and
4307   // writer have each read/written one byte.
4308   if (!buffer_writer.Seek(pn_offset - 1) ||
4309       !buffer_reader.Seek(pn_offset - 1)) {
4310     return false;
4311   }
4312   // Apply the rest of the mask to the packet number.
4313   for (size_t i = 0; i < last_written_packet_number_length_; ++i) {
4314     uint8_t buffer_byte;
4315     uint8_t pn_mask_byte;
4316     if (!mask_reader.ReadUInt8(&pn_mask_byte) ||
4317         !buffer_reader.ReadUInt8(&buffer_byte) ||
4318         !buffer_writer.WriteUInt8(buffer_byte ^ pn_mask_byte)) {
4319       return false;
4320     }
4321   }
4322   return true;
4323 }
4324 
RemoveHeaderProtection(QuicDataReader * reader,const QuicEncryptedPacket & packet,QuicPacketHeader * header,uint64_t * full_packet_number,AssociatedDataStorage & associated_data)4325 bool QuicFramer::RemoveHeaderProtection(
4326     QuicDataReader* reader, const QuicEncryptedPacket& packet,
4327     QuicPacketHeader* header, uint64_t* full_packet_number,
4328     AssociatedDataStorage& associated_data) {
4329   EncryptionLevel expected_decryption_level = GetEncryptionLevel(*header);
4330   QuicDecrypter* decrypter = decrypter_[expected_decryption_level].get();
4331   if (decrypter == nullptr) {
4332     QUIC_DVLOG(1)
4333         << ENDPOINT
4334         << "No decrypter available for removing header protection at level "
4335         << expected_decryption_level;
4336     return false;
4337   }
4338 
4339   bool has_diversification_nonce =
4340       header->form == IETF_QUIC_LONG_HEADER_PACKET &&
4341       header->long_packet_type == ZERO_RTT_PROTECTED &&
4342       perspective_ == Perspective::IS_CLIENT &&
4343       version_.handshake_protocol == PROTOCOL_QUIC_CRYPTO;
4344 
4345   // Read a sample from the ciphertext and compute the mask to use for header
4346   // protection.
4347   absl::string_view remaining_packet = reader->PeekRemainingPayload();
4348   QuicDataReader sample_reader(remaining_packet);
4349 
4350   // The sample starts 4 bytes after the start of the packet number.
4351   absl::string_view pn;
4352   if (!sample_reader.ReadStringPiece(&pn, 4)) {
4353     QUIC_DVLOG(1) << "Not enough data to sample";
4354     return false;
4355   }
4356   if (has_diversification_nonce) {
4357     // In Google QUIC, the diversification nonce comes between the packet number
4358     // and the sample.
4359     if (!sample_reader.Seek(kDiversificationNonceSize)) {
4360       QUIC_DVLOG(1) << "No diversification nonce to skip over";
4361       return false;
4362     }
4363   }
4364   std::string mask = decrypter->GenerateHeaderProtectionMask(&sample_reader);
4365   QuicDataReader mask_reader(mask.data(), mask.size());
4366   if (mask.empty()) {
4367     QUIC_DVLOG(1) << "Failed to compute mask";
4368     return false;
4369   }
4370 
4371   // Unmask the rest of the type byte.
4372   uint8_t bitmask = 0x1f;
4373   if (IsLongHeader(header->type_byte)) {
4374     bitmask = 0x0f;
4375   }
4376   uint8_t mask_byte;
4377   if (!mask_reader.ReadUInt8(&mask_byte)) {
4378     QUIC_DVLOG(1) << "No first byte to read from mask";
4379     return false;
4380   }
4381   header->type_byte ^= (mask_byte & bitmask);
4382 
4383   // Compute the packet number length.
4384   header->packet_number_length =
4385       static_cast<QuicPacketNumberLength>((header->type_byte & 0x03) + 1);
4386 
4387   char pn_buffer[IETF_MAX_PACKET_NUMBER_LENGTH] = {};
4388   QuicDataWriter pn_writer(ABSL_ARRAYSIZE(pn_buffer), pn_buffer);
4389 
4390   // Read the (protected) packet number from the reader and unmask the packet
4391   // number.
4392   for (size_t i = 0; i < header->packet_number_length; ++i) {
4393     uint8_t protected_pn_byte, pn_mask_byte;
4394     if (!mask_reader.ReadUInt8(&pn_mask_byte) ||
4395         !reader->ReadUInt8(&protected_pn_byte) ||
4396         !pn_writer.WriteUInt8(protected_pn_byte ^ pn_mask_byte)) {
4397       QUIC_DVLOG(1) << "Failed to unmask packet number";
4398       return false;
4399     }
4400   }
4401   QuicDataReader packet_number_reader(pn_writer.data(), pn_writer.length());
4402   QuicPacketNumber base_packet_number;
4403   if (supports_multiple_packet_number_spaces_) {
4404     PacketNumberSpace pn_space = GetPacketNumberSpace(*header);
4405     if (pn_space == NUM_PACKET_NUMBER_SPACES) {
4406       return false;
4407     }
4408     base_packet_number = largest_decrypted_packet_numbers_[pn_space];
4409   } else {
4410     base_packet_number = largest_packet_number_;
4411   }
4412   if (!ProcessAndCalculatePacketNumber(
4413           &packet_number_reader, header->packet_number_length,
4414           base_packet_number, full_packet_number)) {
4415     return false;
4416   }
4417 
4418   // Get the associated data, and apply the same unmasking operations to it.
4419   absl::string_view ad = GetAssociatedDataFromEncryptedPacket(
4420       version_.transport_version, packet,
4421       GetIncludedDestinationConnectionIdLength(*header),
4422       GetIncludedSourceConnectionIdLength(*header), header->version_flag,
4423       has_diversification_nonce, header->packet_number_length,
4424       header->retry_token_length_length, header->retry_token.length(),
4425       header->length_length);
4426   associated_data.assign(ad.begin(), ad.end());
4427   QuicDataWriter ad_writer(associated_data.size(), associated_data.data());
4428 
4429   // Apply the unmasked type byte and packet number to |associated_data|.
4430   if (!ad_writer.WriteUInt8(header->type_byte)) {
4431     return false;
4432   }
4433   // Put the packet number at the end of the AD, or if there's a diversification
4434   // nonce, before that (which is at the end of the AD).
4435   size_t seek_len = ad_writer.remaining() - header->packet_number_length;
4436   if (has_diversification_nonce) {
4437     seek_len -= kDiversificationNonceSize;
4438   }
4439   if (!ad_writer.Seek(seek_len) ||
4440       !ad_writer.WriteBytes(pn_writer.data(), pn_writer.length())) {
4441     QUIC_DVLOG(1) << "Failed to apply unmasking operations to AD";
4442     return false;
4443   }
4444 
4445   return true;
4446 }
4447 
EncryptPayload(EncryptionLevel level,QuicPacketNumber packet_number,const QuicPacket & packet,char * buffer,size_t buffer_len)4448 size_t QuicFramer::EncryptPayload(EncryptionLevel level,
4449                                   QuicPacketNumber packet_number,
4450                                   const QuicPacket& packet, char* buffer,
4451                                   size_t buffer_len) {
4452   QUICHE_DCHECK(packet_number.IsInitialized());
4453   if (encrypter_[level] == nullptr) {
4454     QUIC_BUG(quic_bug_10850_63)
4455         << ENDPOINT << "Attempted to encrypt without encrypter at level "
4456         << level;
4457     RaiseError(QUIC_ENCRYPTION_FAILURE);
4458     return 0;
4459   }
4460 
4461   absl::string_view associated_data =
4462       packet.AssociatedData(version_.transport_version);
4463   // Copy in the header, because the encrypter only populates the encrypted
4464   // plaintext content.
4465   const size_t ad_len = associated_data.length();
4466   if (packet.length() < ad_len) {
4467     QUIC_BUG(quic_bug_10850_64)
4468         << ENDPOINT << "packet is shorter than associated data length. version:"
4469         << version() << ", packet length:" << packet.length()
4470         << ", associated data length:" << ad_len;
4471     RaiseError(QUIC_ENCRYPTION_FAILURE);
4472     return 0;
4473   }
4474   memmove(buffer, associated_data.data(), ad_len);
4475   // Encrypt the plaintext into the buffer.
4476   size_t output_length = 0;
4477   if (!encrypter_[level]->EncryptPacket(
4478           packet_number.ToUint64(), associated_data,
4479           packet.Plaintext(version_.transport_version), buffer + ad_len,
4480           &output_length, buffer_len - ad_len)) {
4481     RaiseError(QUIC_ENCRYPTION_FAILURE);
4482     return 0;
4483   }
4484   if (version_.HasHeaderProtection() &&
4485       !ApplyHeaderProtection(level, buffer, ad_len + output_length, ad_len)) {
4486     QUIC_DLOG(ERROR) << "Applying header protection failed.";
4487     RaiseError(QUIC_ENCRYPTION_FAILURE);
4488     return 0;
4489   }
4490 
4491   return ad_len + output_length;
4492 }
4493 
GetCiphertextSize(EncryptionLevel level,size_t plaintext_size) const4494 size_t QuicFramer::GetCiphertextSize(EncryptionLevel level,
4495                                      size_t plaintext_size) const {
4496   if (encrypter_[level] == nullptr) {
4497     QUIC_BUG(quic_bug_10850_65)
4498         << ENDPOINT
4499         << "Attempted to get ciphertext size without encrypter at level "
4500         << level << " using " << version_;
4501     return plaintext_size;
4502   }
4503   return encrypter_[level]->GetCiphertextSize(plaintext_size);
4504 }
4505 
GetMaxPlaintextSize(size_t ciphertext_size)4506 size_t QuicFramer::GetMaxPlaintextSize(size_t ciphertext_size) {
4507   // In order to keep the code simple, we don't have the current encryption
4508   // level to hand. Both the NullEncrypter and AES-GCM have a tag length of 12.
4509   size_t min_plaintext_size = ciphertext_size;
4510 
4511   for (int i = ENCRYPTION_INITIAL; i < NUM_ENCRYPTION_LEVELS; i++) {
4512     if (encrypter_[i] != nullptr) {
4513       size_t size = encrypter_[i]->GetMaxPlaintextSize(ciphertext_size);
4514       if (size < min_plaintext_size) {
4515         min_plaintext_size = size;
4516       }
4517     }
4518   }
4519 
4520   return min_plaintext_size;
4521 }
4522 
GetOneRttEncrypterConfidentialityLimit() const4523 QuicPacketCount QuicFramer::GetOneRttEncrypterConfidentialityLimit() const {
4524   if (!encrypter_[ENCRYPTION_FORWARD_SECURE]) {
4525     QUIC_BUG(quic_bug_10850_66) << "1-RTT encrypter not set";
4526     return 0;
4527   }
4528   return encrypter_[ENCRYPTION_FORWARD_SECURE]->GetConfidentialityLimit();
4529 }
4530 
DecryptPayload(size_t udp_packet_length,absl::string_view encrypted,absl::string_view associated_data,const QuicPacketHeader & header,char * decrypted_buffer,size_t buffer_length,size_t * decrypted_length,EncryptionLevel * decrypted_level)4531 bool QuicFramer::DecryptPayload(size_t udp_packet_length,
4532                                 absl::string_view encrypted,
4533                                 absl::string_view associated_data,
4534                                 const QuicPacketHeader& header,
4535                                 char* decrypted_buffer, size_t buffer_length,
4536                                 size_t* decrypted_length,
4537                                 EncryptionLevel* decrypted_level) {
4538   if (!EncryptionLevelIsValid(decrypter_level_)) {
4539     QUIC_BUG(quic_bug_10850_67)
4540         << "Attempted to decrypt with bad decrypter_level_";
4541     return false;
4542   }
4543   EncryptionLevel level = decrypter_level_;
4544   QuicDecrypter* decrypter = decrypter_[level].get();
4545   QuicDecrypter* alternative_decrypter = nullptr;
4546   bool key_phase_parsed = false;
4547   bool key_phase;
4548   bool attempt_key_update = false;
4549   if (version().KnowsWhichDecrypterToUse()) {
4550     if (header.form == GOOGLE_QUIC_PACKET) {
4551       QUIC_BUG(quic_bug_10850_68)
4552           << "Attempted to decrypt GOOGLE_QUIC_PACKET with a version that "
4553              "knows which decrypter to use";
4554       return false;
4555     }
4556     level = GetEncryptionLevel(header);
4557     if (!EncryptionLevelIsValid(level)) {
4558       QUIC_BUG(quic_bug_10850_69) << "Attempted to decrypt with bad level";
4559       return false;
4560     }
4561     decrypter = decrypter_[level].get();
4562     if (decrypter == nullptr) {
4563       return false;
4564     }
4565     if (level == ENCRYPTION_ZERO_RTT &&
4566         perspective_ == Perspective::IS_CLIENT && header.nonce != nullptr) {
4567       decrypter->SetDiversificationNonce(*header.nonce);
4568     }
4569     if (support_key_update_for_connection_ &&
4570         header.form == IETF_QUIC_SHORT_HEADER_PACKET) {
4571       QUICHE_DCHECK(version().UsesTls());
4572       QUICHE_DCHECK_EQ(level, ENCRYPTION_FORWARD_SECURE);
4573       key_phase = (header.type_byte & FLAGS_KEY_PHASE_BIT) != 0;
4574       key_phase_parsed = true;
4575       QUIC_DVLOG(1) << ENDPOINT << "packet " << header.packet_number
4576                     << " received key_phase=" << key_phase
4577                     << " current_key_phase_bit_=" << current_key_phase_bit_;
4578       if (key_phase != current_key_phase_bit_) {
4579         if ((current_key_phase_first_received_packet_number_.IsInitialized() &&
4580              header.packet_number >
4581                  current_key_phase_first_received_packet_number_) ||
4582             (!current_key_phase_first_received_packet_number_.IsInitialized() &&
4583              !key_update_performed_)) {
4584           if (!next_decrypter_) {
4585             next_decrypter_ =
4586                 visitor_->AdvanceKeysAndCreateCurrentOneRttDecrypter();
4587             if (!next_decrypter_) {
4588               QUIC_BUG(quic_bug_10850_70) << "Failed to create next_decrypter";
4589               return false;
4590             }
4591           }
4592           QUIC_DVLOG(1) << ENDPOINT << "packet " << header.packet_number
4593                         << " attempt_key_update=true";
4594           attempt_key_update = true;
4595           potential_peer_key_update_attempt_count_++;
4596           decrypter = next_decrypter_.get();
4597         } else {
4598           if (previous_decrypter_) {
4599             QUIC_DVLOG(1) << ENDPOINT
4600                           << "trying previous_decrypter_ for packet "
4601                           << header.packet_number;
4602             decrypter = previous_decrypter_.get();
4603           } else {
4604             QUIC_DVLOG(1) << ENDPOINT << "dropping packet "
4605                           << header.packet_number << " with old key phase";
4606             return false;
4607           }
4608         }
4609       }
4610     }
4611   } else if (alternative_decrypter_level_ != NUM_ENCRYPTION_LEVELS) {
4612     if (!EncryptionLevelIsValid(alternative_decrypter_level_)) {
4613       QUIC_BUG(quic_bug_10850_71)
4614           << "Attempted to decrypt with bad alternative_decrypter_level_";
4615       return false;
4616     }
4617     alternative_decrypter = decrypter_[alternative_decrypter_level_].get();
4618   }
4619 
4620   if (decrypter == nullptr) {
4621     QUIC_BUG(quic_bug_10850_72)
4622         << "Attempting to decrypt without decrypter, encryption level:" << level
4623         << " version:" << version();
4624     return false;
4625   }
4626 
4627   bool success = decrypter->DecryptPacket(
4628       header.packet_number.ToUint64(), associated_data, encrypted,
4629       decrypted_buffer, decrypted_length, buffer_length);
4630   if (success) {
4631     visitor_->OnDecryptedPacket(udp_packet_length, level);
4632     if (level == ENCRYPTION_ZERO_RTT &&
4633         current_key_phase_first_received_packet_number_.IsInitialized() &&
4634         header.packet_number >
4635             current_key_phase_first_received_packet_number_) {
4636       set_detailed_error(absl::StrCat(
4637           "Decrypted a 0-RTT packet with a packet number ",
4638           header.packet_number.ToString(),
4639           " which is higher than a 1-RTT packet number ",
4640           current_key_phase_first_received_packet_number_.ToString()));
4641       return RaiseError(QUIC_INVALID_0RTT_PACKET_NUMBER_OUT_OF_ORDER);
4642     }
4643     *decrypted_level = level;
4644     potential_peer_key_update_attempt_count_ = 0;
4645     if (attempt_key_update) {
4646       if (!DoKeyUpdate(KeyUpdateReason::kRemote)) {
4647         set_detailed_error("Key update failed due to internal error");
4648         return RaiseError(QUIC_INTERNAL_ERROR);
4649       }
4650       QUICHE_DCHECK_EQ(current_key_phase_bit_, key_phase);
4651     }
4652     if (key_phase_parsed &&
4653         !current_key_phase_first_received_packet_number_.IsInitialized() &&
4654         key_phase == current_key_phase_bit_) {
4655       // Set packet number for current key phase if it hasn't been initialized
4656       // yet. This is set outside of attempt_key_update since the key update
4657       // may have been initiated locally, and in that case we don't know yet
4658       // which packet number from the remote side to use until we receive a
4659       // packet with that phase.
4660       QUIC_DVLOG(1) << ENDPOINT
4661                     << "current_key_phase_first_received_packet_number_ = "
4662                     << header.packet_number;
4663       current_key_phase_first_received_packet_number_ = header.packet_number;
4664       visitor_->OnDecryptedFirstPacketInKeyPhase();
4665     }
4666   } else if (alternative_decrypter != nullptr) {
4667     if (header.nonce != nullptr) {
4668       QUICHE_DCHECK_EQ(perspective_, Perspective::IS_CLIENT);
4669       alternative_decrypter->SetDiversificationNonce(*header.nonce);
4670     }
4671     bool try_alternative_decryption = true;
4672     if (alternative_decrypter_level_ == ENCRYPTION_ZERO_RTT) {
4673       if (perspective_ == Perspective::IS_CLIENT) {
4674         if (header.nonce == nullptr) {
4675           // Can not use INITIAL decryption without a diversification nonce.
4676           try_alternative_decryption = false;
4677         }
4678       } else {
4679         QUICHE_DCHECK(header.nonce == nullptr);
4680       }
4681     }
4682 
4683     if (try_alternative_decryption) {
4684       success = alternative_decrypter->DecryptPacket(
4685           header.packet_number.ToUint64(), associated_data, encrypted,
4686           decrypted_buffer, decrypted_length, buffer_length);
4687     }
4688     if (success) {
4689       visitor_->OnDecryptedPacket(udp_packet_length,
4690                                   alternative_decrypter_level_);
4691       *decrypted_level = decrypter_level_;
4692       if (alternative_decrypter_latch_) {
4693         if (!EncryptionLevelIsValid(alternative_decrypter_level_)) {
4694           QUIC_BUG(quic_bug_10850_73)
4695               << "Attempted to latch alternate decrypter with bad "
4696                  "alternative_decrypter_level_";
4697           return false;
4698         }
4699         // Switch to the alternative decrypter and latch so that we cannot
4700         // switch back.
4701         decrypter_level_ = alternative_decrypter_level_;
4702         alternative_decrypter_level_ = NUM_ENCRYPTION_LEVELS;
4703       } else {
4704         // Switch the alternative decrypter so that we use it first next time.
4705         EncryptionLevel alt_level = alternative_decrypter_level_;
4706         alternative_decrypter_level_ = decrypter_level_;
4707         decrypter_level_ = alt_level;
4708       }
4709     }
4710   }
4711 
4712   if (!success) {
4713     QUIC_DVLOG(1) << ENDPOINT << "DecryptPacket failed for: " << header;
4714     return false;
4715   }
4716 
4717   return true;
4718 }
4719 
GetIetfAckFrameSize(const QuicAckFrame & frame)4720 size_t QuicFramer::GetIetfAckFrameSize(const QuicAckFrame& frame) {
4721   // Type byte, largest_acked, and delay_time are straight-forward.
4722   size_t ack_frame_size = kQuicFrameTypeSize;
4723   QuicPacketNumber largest_acked = LargestAcked(frame);
4724   ack_frame_size += QuicDataWriter::GetVarInt62Len(largest_acked.ToUint64());
4725   uint64_t ack_delay_time_us;
4726   ack_delay_time_us = frame.ack_delay_time.ToMicroseconds();
4727   ack_delay_time_us = ack_delay_time_us >> local_ack_delay_exponent_;
4728   ack_frame_size += QuicDataWriter::GetVarInt62Len(ack_delay_time_us);
4729 
4730   if (frame.packets.Empty() || frame.packets.Max() != largest_acked) {
4731     QUIC_BUG(quic_bug_10850_74) << "Malformed ack frame";
4732     // ACK frame serialization will fail and connection will be closed.
4733     return ack_frame_size;
4734   }
4735 
4736   // Ack block count.
4737   ack_frame_size +=
4738       QuicDataWriter::GetVarInt62Len(frame.packets.NumIntervals() - 1);
4739 
4740   // First Ack range.
4741   auto iter = frame.packets.rbegin();
4742   ack_frame_size += QuicDataWriter::GetVarInt62Len(iter->Length() - 1);
4743   QuicPacketNumber previous_smallest = iter->min();
4744   ++iter;
4745 
4746   // Ack blocks.
4747   for (; iter != frame.packets.rend(); ++iter) {
4748     const uint64_t gap = previous_smallest - iter->max() - 1;
4749     const uint64_t ack_range = iter->Length() - 1;
4750     ack_frame_size += (QuicDataWriter::GetVarInt62Len(gap) +
4751                        QuicDataWriter::GetVarInt62Len(ack_range));
4752     previous_smallest = iter->min();
4753   }
4754 
4755   if (UseIetfAckWithReceiveTimestamp(frame)) {
4756     ack_frame_size += GetIetfAckFrameTimestampSize(frame);
4757   } else {
4758     ack_frame_size += AckEcnCountSize(frame);
4759   }
4760 
4761   return ack_frame_size;
4762 }
4763 
GetIetfAckFrameTimestampSize(const QuicAckFrame & ack)4764 size_t QuicFramer::GetIetfAckFrameTimestampSize(const QuicAckFrame& ack) {
4765   QUICHE_DCHECK(!ack.received_packet_times.empty());
4766   std::string detailed_error;
4767   absl::InlinedVector<AckTimestampRange, 2> timestamp_ranges =
4768       GetAckTimestampRanges(ack, detailed_error);
4769   if (!detailed_error.empty()) {
4770     return 0;
4771   }
4772 
4773   int64_t size =
4774       FrameAckTimestampRanges(ack, timestamp_ranges, /*writer=*/nullptr);
4775   return std::max<int64_t>(0, size);
4776 }
4777 
GetAckFrameSize(const QuicAckFrame & ack,QuicPacketNumberLength)4778 size_t QuicFramer::GetAckFrameSize(
4779     const QuicAckFrame& ack, QuicPacketNumberLength /*packet_number_length*/) {
4780   QUICHE_DCHECK(!ack.packets.Empty());
4781   size_t ack_size = 0;
4782 
4783   if (VersionHasIetfQuicFrames(version_.transport_version)) {
4784     return GetIetfAckFrameSize(ack);
4785   }
4786   AckFrameInfo ack_info = GetAckFrameInfo(ack);
4787   QuicPacketNumberLength ack_block_length =
4788       GetMinPacketNumberLength(QuicPacketNumber(ack_info.max_block_length));
4789 
4790   ack_size = GetMinAckFrameSize(version_.transport_version, ack,
4791                                 local_ack_delay_exponent_,
4792                                 UseIetfAckWithReceiveTimestamp(ack));
4793   // First ack block length.
4794   ack_size += ack_block_length;
4795   if (ack_info.num_ack_blocks != 0) {
4796     ack_size += kNumberOfAckBlocksSize;
4797     ack_size += std::min(ack_info.num_ack_blocks, kMaxAckBlocks) *
4798                 (ack_block_length + PACKET_1BYTE_PACKET_NUMBER);
4799   }
4800 
4801   // Include timestamps.
4802   if (process_timestamps_) {
4803     ack_size += GetAckFrameTimeStampSize(ack);
4804   }
4805 
4806   return ack_size;
4807 }
4808 
GetAckFrameTimeStampSize(const QuicAckFrame & ack)4809 size_t QuicFramer::GetAckFrameTimeStampSize(const QuicAckFrame& ack) {
4810   if (ack.received_packet_times.empty()) {
4811     return 0;
4812   }
4813 
4814   return kQuicNumTimestampsLength + kQuicFirstTimestampLength +
4815          (kQuicTimestampLength + kQuicTimestampPacketNumberGapLength) *
4816              (ack.received_packet_times.size() - 1);
4817 }
4818 
ComputeFrameLength(const QuicFrame & frame,bool last_frame_in_packet,QuicPacketNumberLength packet_number_length)4819 size_t QuicFramer::ComputeFrameLength(
4820     const QuicFrame& frame, bool last_frame_in_packet,
4821     QuicPacketNumberLength packet_number_length) {
4822   switch (frame.type) {
4823     case STREAM_FRAME:
4824       return GetMinStreamFrameSize(
4825                  version_.transport_version, frame.stream_frame.stream_id,
4826                  frame.stream_frame.offset, last_frame_in_packet,
4827                  frame.stream_frame.data_length) +
4828              frame.stream_frame.data_length;
4829     case CRYPTO_FRAME:
4830       return GetMinCryptoFrameSize(frame.crypto_frame->offset,
4831                                    frame.crypto_frame->data_length) +
4832              frame.crypto_frame->data_length;
4833     case ACK_FRAME: {
4834       return GetAckFrameSize(*frame.ack_frame, packet_number_length);
4835     }
4836     case STOP_WAITING_FRAME:
4837       return GetStopWaitingFrameSize(packet_number_length);
4838     case MTU_DISCOVERY_FRAME:
4839       // MTU discovery frames are serialized as ping frames.
4840       return kQuicFrameTypeSize;
4841     case MESSAGE_FRAME:
4842       return GetMessageFrameSize(last_frame_in_packet,
4843                                  frame.message_frame->message_length);
4844     case PADDING_FRAME:
4845       QUICHE_DCHECK(false);
4846       return 0;
4847     default:
4848       return GetRetransmittableControlFrameSize(version_.transport_version,
4849                                                 frame);
4850   }
4851 }
4852 
AppendTypeByte(const QuicFrame & frame,bool last_frame_in_packet,QuicDataWriter * writer)4853 bool QuicFramer::AppendTypeByte(const QuicFrame& frame,
4854                                 bool last_frame_in_packet,
4855                                 QuicDataWriter* writer) {
4856   if (VersionHasIetfQuicFrames(version_.transport_version)) {
4857     return AppendIetfFrameType(frame, last_frame_in_packet, writer);
4858   }
4859   uint8_t type_byte = 0;
4860   switch (frame.type) {
4861     case STREAM_FRAME:
4862       type_byte =
4863           GetStreamFrameTypeByte(frame.stream_frame, last_frame_in_packet);
4864       break;
4865     case ACK_FRAME:
4866       return true;
4867     case MTU_DISCOVERY_FRAME:
4868       type_byte = static_cast<uint8_t>(PING_FRAME);
4869       break;
4870     case NEW_CONNECTION_ID_FRAME:
4871       set_detailed_error(
4872           "Attempt to append NEW_CONNECTION_ID frame and not in IETF QUIC.");
4873       return RaiseError(QUIC_INTERNAL_ERROR);
4874     case RETIRE_CONNECTION_ID_FRAME:
4875       set_detailed_error(
4876           "Attempt to append RETIRE_CONNECTION_ID frame and not in IETF QUIC.");
4877       return RaiseError(QUIC_INTERNAL_ERROR);
4878     case NEW_TOKEN_FRAME:
4879       set_detailed_error(
4880           "Attempt to append NEW_TOKEN frame and not in IETF QUIC.");
4881       return RaiseError(QUIC_INTERNAL_ERROR);
4882     case MAX_STREAMS_FRAME:
4883       set_detailed_error(
4884           "Attempt to append MAX_STREAMS frame and not in IETF QUIC.");
4885       return RaiseError(QUIC_INTERNAL_ERROR);
4886     case STREAMS_BLOCKED_FRAME:
4887       set_detailed_error(
4888           "Attempt to append STREAMS_BLOCKED frame and not in IETF QUIC.");
4889       return RaiseError(QUIC_INTERNAL_ERROR);
4890     case PATH_RESPONSE_FRAME:
4891       set_detailed_error(
4892           "Attempt to append PATH_RESPONSE frame and not in IETF QUIC.");
4893       return RaiseError(QUIC_INTERNAL_ERROR);
4894     case PATH_CHALLENGE_FRAME:
4895       set_detailed_error(
4896           "Attempt to append PATH_CHALLENGE frame and not in IETF QUIC.");
4897       return RaiseError(QUIC_INTERNAL_ERROR);
4898     case STOP_SENDING_FRAME:
4899       set_detailed_error(
4900           "Attempt to append STOP_SENDING frame and not in IETF QUIC.");
4901       return RaiseError(QUIC_INTERNAL_ERROR);
4902     case MESSAGE_FRAME:
4903       return true;
4904 
4905     default:
4906       type_byte = static_cast<uint8_t>(frame.type);
4907       break;
4908   }
4909 
4910   return writer->WriteUInt8(type_byte);
4911 }
4912 
AppendIetfFrameType(const QuicFrame & frame,bool last_frame_in_packet,QuicDataWriter * writer)4913 bool QuicFramer::AppendIetfFrameType(const QuicFrame& frame,
4914                                      bool last_frame_in_packet,
4915                                      QuicDataWriter* writer) {
4916   uint8_t type_byte = 0;
4917   switch (frame.type) {
4918     case PADDING_FRAME:
4919       type_byte = IETF_PADDING;
4920       break;
4921     case RST_STREAM_FRAME:
4922       type_byte = IETF_RST_STREAM;
4923       break;
4924     case CONNECTION_CLOSE_FRAME:
4925       switch (frame.connection_close_frame->close_type) {
4926         case IETF_QUIC_APPLICATION_CONNECTION_CLOSE:
4927           type_byte = IETF_APPLICATION_CLOSE;
4928           break;
4929         case IETF_QUIC_TRANSPORT_CONNECTION_CLOSE:
4930           type_byte = IETF_CONNECTION_CLOSE;
4931           break;
4932         default:
4933           set_detailed_error(absl::StrCat(
4934               "Invalid QuicConnectionCloseFrame type: ",
4935               static_cast<int>(frame.connection_close_frame->close_type)));
4936           return RaiseError(QUIC_INTERNAL_ERROR);
4937       }
4938       break;
4939     case GOAWAY_FRAME:
4940       set_detailed_error(
4941           "Attempt to create non-IETF QUIC GOAWAY frame in IETF QUIC.");
4942       return RaiseError(QUIC_INTERNAL_ERROR);
4943     case WINDOW_UPDATE_FRAME:
4944       // Depending on whether there is a stream ID or not, will be either a
4945       // MAX_STREAM_DATA frame or a MAX_DATA frame.
4946       if (frame.window_update_frame.stream_id ==
4947           QuicUtils::GetInvalidStreamId(transport_version())) {
4948         type_byte = IETF_MAX_DATA;
4949       } else {
4950         type_byte = IETF_MAX_STREAM_DATA;
4951       }
4952       break;
4953     case BLOCKED_FRAME:
4954       if (frame.blocked_frame.stream_id ==
4955           QuicUtils::GetInvalidStreamId(transport_version())) {
4956         type_byte = IETF_DATA_BLOCKED;
4957       } else {
4958         type_byte = IETF_STREAM_DATA_BLOCKED;
4959       }
4960       break;
4961     case STOP_WAITING_FRAME:
4962       set_detailed_error(
4963           "Attempt to append type byte of STOP WAITING frame in IETF QUIC.");
4964       return RaiseError(QUIC_INTERNAL_ERROR);
4965     case PING_FRAME:
4966       type_byte = IETF_PING;
4967       break;
4968     case STREAM_FRAME:
4969       type_byte =
4970           GetStreamFrameTypeByte(frame.stream_frame, last_frame_in_packet);
4971       break;
4972     case ACK_FRAME:
4973       // Do nothing here, AppendIetfAckFrameAndTypeByte() will put the type byte
4974       // in the buffer.
4975       return true;
4976     case MTU_DISCOVERY_FRAME:
4977       // The path MTU discovery frame is encoded as a PING frame on the wire.
4978       type_byte = IETF_PING;
4979       break;
4980     case NEW_CONNECTION_ID_FRAME:
4981       type_byte = IETF_NEW_CONNECTION_ID;
4982       break;
4983     case RETIRE_CONNECTION_ID_FRAME:
4984       type_byte = IETF_RETIRE_CONNECTION_ID;
4985       break;
4986     case NEW_TOKEN_FRAME:
4987       type_byte = IETF_NEW_TOKEN;
4988       break;
4989     case MAX_STREAMS_FRAME:
4990       if (frame.max_streams_frame.unidirectional) {
4991         type_byte = IETF_MAX_STREAMS_UNIDIRECTIONAL;
4992       } else {
4993         type_byte = IETF_MAX_STREAMS_BIDIRECTIONAL;
4994       }
4995       break;
4996     case STREAMS_BLOCKED_FRAME:
4997       if (frame.streams_blocked_frame.unidirectional) {
4998         type_byte = IETF_STREAMS_BLOCKED_UNIDIRECTIONAL;
4999       } else {
5000         type_byte = IETF_STREAMS_BLOCKED_BIDIRECTIONAL;
5001       }
5002       break;
5003     case PATH_RESPONSE_FRAME:
5004       type_byte = IETF_PATH_RESPONSE;
5005       break;
5006     case PATH_CHALLENGE_FRAME:
5007       type_byte = IETF_PATH_CHALLENGE;
5008       break;
5009     case STOP_SENDING_FRAME:
5010       type_byte = IETF_STOP_SENDING;
5011       break;
5012     case MESSAGE_FRAME:
5013       return true;
5014     case CRYPTO_FRAME:
5015       type_byte = IETF_CRYPTO;
5016       break;
5017     case HANDSHAKE_DONE_FRAME:
5018       type_byte = IETF_HANDSHAKE_DONE;
5019       break;
5020     case ACK_FREQUENCY_FRAME:
5021       type_byte = IETF_ACK_FREQUENCY;
5022       break;
5023     case RESET_STREAM_AT_FRAME:
5024       type_byte = IETF_RESET_STREAM_AT;
5025       break;
5026     default:
5027       QUIC_BUG(quic_bug_10850_75)
5028           << "Attempt to generate a frame type for an unsupported value: "
5029           << frame.type;
5030       return false;
5031   }
5032   return writer->WriteVarInt62(type_byte);
5033 }
5034 
5035 // static
AppendPacketNumber(QuicPacketNumberLength packet_number_length,QuicPacketNumber packet_number,QuicDataWriter * writer)5036 bool QuicFramer::AppendPacketNumber(QuicPacketNumberLength packet_number_length,
5037                                     QuicPacketNumber packet_number,
5038                                     QuicDataWriter* writer) {
5039   QUICHE_DCHECK(packet_number.IsInitialized());
5040   if (!IsValidPacketNumberLength(packet_number_length)) {
5041     QUIC_BUG(quic_bug_10850_76)
5042         << "Invalid packet_number_length: " << packet_number_length;
5043     return false;
5044   }
5045   return writer->WriteBytesToUInt64(packet_number_length,
5046                                     packet_number.ToUint64());
5047 }
5048 
5049 // static
AppendStreamId(size_t stream_id_length,QuicStreamId stream_id,QuicDataWriter * writer)5050 bool QuicFramer::AppendStreamId(size_t stream_id_length, QuicStreamId stream_id,
5051                                 QuicDataWriter* writer) {
5052   if (stream_id_length == 0 || stream_id_length > 4) {
5053     QUIC_BUG(quic_bug_10850_77)
5054         << "Invalid stream_id_length: " << stream_id_length;
5055     return false;
5056   }
5057   return writer->WriteBytesToUInt64(stream_id_length, stream_id);
5058 }
5059 
5060 // static
AppendStreamOffset(size_t offset_length,QuicStreamOffset offset,QuicDataWriter * writer)5061 bool QuicFramer::AppendStreamOffset(size_t offset_length,
5062                                     QuicStreamOffset offset,
5063                                     QuicDataWriter* writer) {
5064   if (offset_length == 1 || offset_length > 8) {
5065     QUIC_BUG(quic_bug_10850_78)
5066         << "Invalid stream_offset_length: " << offset_length;
5067     return false;
5068   }
5069 
5070   return writer->WriteBytesToUInt64(offset_length, offset);
5071 }
5072 
5073 // static
AppendAckBlock(uint8_t gap,QuicPacketNumberLength length_length,uint64_t length,QuicDataWriter * writer)5074 bool QuicFramer::AppendAckBlock(uint8_t gap,
5075                                 QuicPacketNumberLength length_length,
5076                                 uint64_t length, QuicDataWriter* writer) {
5077   if (length == 0) {
5078     if (!IsValidPacketNumberLength(length_length)) {
5079       QUIC_BUG(quic_bug_10850_79)
5080           << "Invalid packet_number_length: " << length_length;
5081       return false;
5082     }
5083     return writer->WriteUInt8(gap) &&
5084            writer->WriteBytesToUInt64(length_length, length);
5085   }
5086   return writer->WriteUInt8(gap) &&
5087          AppendPacketNumber(length_length, QuicPacketNumber(length), writer);
5088 }
5089 
AppendStreamFrame(const QuicStreamFrame & frame,bool no_stream_frame_length,QuicDataWriter * writer)5090 bool QuicFramer::AppendStreamFrame(const QuicStreamFrame& frame,
5091                                    bool no_stream_frame_length,
5092                                    QuicDataWriter* writer) {
5093   if (VersionHasIetfQuicFrames(version_.transport_version)) {
5094     return AppendIetfStreamFrame(frame, no_stream_frame_length, writer);
5095   }
5096   if (!AppendStreamId(GetStreamIdSize(frame.stream_id), frame.stream_id,
5097                       writer)) {
5098     QUIC_BUG(quic_bug_10850_80) << "Writing stream id size failed.";
5099     return false;
5100   }
5101   if (!AppendStreamOffset(GetStreamOffsetSize(frame.offset), frame.offset,
5102                           writer)) {
5103     QUIC_BUG(quic_bug_10850_81) << "Writing offset size failed.";
5104     return false;
5105   }
5106   if (!no_stream_frame_length) {
5107     static_assert(
5108         std::numeric_limits<decltype(frame.data_length)>::max() <=
5109             std::numeric_limits<uint16_t>::max(),
5110         "If frame.data_length can hold more than a uint16_t than we need to "
5111         "check that frame.data_length <= std::numeric_limits<uint16_t>::max()");
5112     if (!writer->WriteUInt16(static_cast<uint16_t>(frame.data_length))) {
5113       QUIC_BUG(quic_bug_10850_82) << "Writing stream frame length failed";
5114       return false;
5115     }
5116   }
5117 
5118   if (data_producer_ != nullptr) {
5119     QUICHE_DCHECK_EQ(nullptr, frame.data_buffer);
5120     if (frame.data_length == 0) {
5121       return true;
5122     }
5123     if (data_producer_->WriteStreamData(frame.stream_id, frame.offset,
5124                                         frame.data_length,
5125                                         writer) != WRITE_SUCCESS) {
5126       QUIC_BUG(quic_bug_10850_83) << "Writing frame data failed.";
5127       return false;
5128     }
5129     return true;
5130   }
5131 
5132   if (!writer->WriteBytes(frame.data_buffer, frame.data_length)) {
5133     QUIC_BUG(quic_bug_10850_84) << "Writing frame data failed.";
5134     return false;
5135   }
5136   return true;
5137 }
5138 
AppendNewTokenFrame(const QuicNewTokenFrame & frame,QuicDataWriter * writer)5139 bool QuicFramer::AppendNewTokenFrame(const QuicNewTokenFrame& frame,
5140                                      QuicDataWriter* writer) {
5141   if (!writer->WriteVarInt62(static_cast<uint64_t>(frame.token.length()))) {
5142     set_detailed_error("Writing token length failed.");
5143     return false;
5144   }
5145   if (!writer->WriteBytes(frame.token.data(), frame.token.length())) {
5146     set_detailed_error("Writing token buffer failed.");
5147     return false;
5148   }
5149   return true;
5150 }
5151 
ProcessNewTokenFrame(QuicDataReader * reader,QuicNewTokenFrame * frame)5152 bool QuicFramer::ProcessNewTokenFrame(QuicDataReader* reader,
5153                                       QuicNewTokenFrame* frame) {
5154   uint64_t length;
5155   if (!reader->ReadVarInt62(&length)) {
5156     set_detailed_error("Unable to read new token length.");
5157     return false;
5158   }
5159   if (length > kMaxNewTokenTokenLength) {
5160     set_detailed_error("Token length larger than maximum.");
5161     return false;
5162   }
5163 
5164   // TODO(ianswett): Don't use absl::string_view as an intermediary.
5165   absl::string_view data;
5166   if (!reader->ReadStringPiece(&data, length)) {
5167     set_detailed_error("Unable to read new token data.");
5168     return false;
5169   }
5170   frame->token = std::string(data);
5171   return true;
5172 }
5173 
5174 // Add a new ietf-format stream frame.
5175 // Bits controlling whether there is a frame-length and frame-offset
5176 // are in the QuicStreamFrame.
AppendIetfStreamFrame(const QuicStreamFrame & frame,bool last_frame_in_packet,QuicDataWriter * writer)5177 bool QuicFramer::AppendIetfStreamFrame(const QuicStreamFrame& frame,
5178                                        bool last_frame_in_packet,
5179                                        QuicDataWriter* writer) {
5180   if (!writer->WriteVarInt62(static_cast<uint64_t>(frame.stream_id))) {
5181     set_detailed_error("Writing stream id failed.");
5182     return false;
5183   }
5184 
5185   if (frame.offset != 0) {
5186     if (!writer->WriteVarInt62(static_cast<uint64_t>(frame.offset))) {
5187       set_detailed_error("Writing data offset failed.");
5188       return false;
5189     }
5190   }
5191 
5192   if (!last_frame_in_packet) {
5193     if (!writer->WriteVarInt62(frame.data_length)) {
5194       set_detailed_error("Writing data length failed.");
5195       return false;
5196     }
5197   }
5198 
5199   if (frame.data_length == 0) {
5200     return true;
5201   }
5202   if (data_producer_ == nullptr) {
5203     if (!writer->WriteBytes(frame.data_buffer, frame.data_length)) {
5204       set_detailed_error("Writing frame data failed.");
5205       return false;
5206     }
5207   } else {
5208     QUICHE_DCHECK_EQ(nullptr, frame.data_buffer);
5209 
5210     if (data_producer_->WriteStreamData(frame.stream_id, frame.offset,
5211                                         frame.data_length,
5212                                         writer) != WRITE_SUCCESS) {
5213       set_detailed_error("Writing frame data from producer failed.");
5214       return false;
5215     }
5216   }
5217   return true;
5218 }
5219 
AppendCryptoFrame(const QuicCryptoFrame & frame,QuicDataWriter * writer)5220 bool QuicFramer::AppendCryptoFrame(const QuicCryptoFrame& frame,
5221                                    QuicDataWriter* writer) {
5222   if (!writer->WriteVarInt62(static_cast<uint64_t>(frame.offset))) {
5223     set_detailed_error("Writing data offset failed.");
5224     return false;
5225   }
5226   if (!writer->WriteVarInt62(static_cast<uint64_t>(frame.data_length))) {
5227     set_detailed_error("Writing data length failed.");
5228     return false;
5229   }
5230   if (data_producer_ == nullptr) {
5231     if (frame.data_buffer == nullptr ||
5232         !writer->WriteBytes(frame.data_buffer, frame.data_length)) {
5233       set_detailed_error("Writing frame data failed.");
5234       return false;
5235     }
5236   } else {
5237     QUICHE_DCHECK_EQ(nullptr, frame.data_buffer);
5238     if (!data_producer_->WriteCryptoData(frame.level, frame.offset,
5239                                          frame.data_length, writer)) {
5240       return false;
5241     }
5242   }
5243   return true;
5244 }
5245 
AppendAckFrequencyFrame(const QuicAckFrequencyFrame & frame,QuicDataWriter * writer)5246 bool QuicFramer::AppendAckFrequencyFrame(const QuicAckFrequencyFrame& frame,
5247                                          QuicDataWriter* writer) {
5248   if (!writer->WriteVarInt62(frame.sequence_number)) {
5249     set_detailed_error("Writing sequence number failed.");
5250     return false;
5251   }
5252   if (!writer->WriteVarInt62(frame.packet_tolerance)) {
5253     set_detailed_error("Writing packet tolerance failed.");
5254     return false;
5255   }
5256   if (!writer->WriteVarInt62(
5257           static_cast<uint64_t>(frame.max_ack_delay.ToMicroseconds()))) {
5258     set_detailed_error("Writing max_ack_delay_us failed.");
5259     return false;
5260   }
5261   if (!writer->WriteUInt8(static_cast<uint8_t>(frame.ignore_order))) {
5262     set_detailed_error("Writing ignore_order failed.");
5263     return false;
5264   }
5265 
5266   return true;
5267 }
5268 
AppendResetFrameAtFrame(const QuicResetStreamAtFrame & frame,QuicDataWriter & writer)5269 bool QuicFramer::AppendResetFrameAtFrame(const QuicResetStreamAtFrame& frame,
5270                                          QuicDataWriter& writer) {
5271   if (frame.reliable_offset > frame.final_offset) {
5272     QUIC_BUG(AppendResetFrameAtFrame_offset_mismatch)
5273         << "reliable_offset > final_offset";
5274     set_detailed_error("reliable_offset > final_offset");
5275     return false;
5276   }
5277   absl::Status status =
5278       quiche::SerializeIntoWriter(writer, quiche::WireVarInt62(frame.stream_id),
5279                                   quiche::WireVarInt62(frame.error),
5280                                   quiche::WireVarInt62(frame.final_offset),
5281                                   quiche::WireVarInt62(frame.reliable_offset));
5282   if (!status.ok()) {
5283     set_detailed_error(std::string(status.message()));
5284     return false;
5285   }
5286   return true;
5287 }
5288 
set_version(const ParsedQuicVersion version)5289 void QuicFramer::set_version(const ParsedQuicVersion version) {
5290   QUICHE_DCHECK(IsSupportedVersion(version))
5291       << ParsedQuicVersionToString(version);
5292   version_ = version;
5293 }
5294 
AppendAckFrameAndTypeByte(const QuicAckFrame & frame,QuicDataWriter * writer)5295 bool QuicFramer::AppendAckFrameAndTypeByte(const QuicAckFrame& frame,
5296                                            QuicDataWriter* writer) {
5297   if (VersionHasIetfQuicFrames(transport_version())) {
5298     return AppendIetfAckFrameAndTypeByte(frame, writer);
5299   }
5300 
5301   const AckFrameInfo new_ack_info = GetAckFrameInfo(frame);
5302   QuicPacketNumber largest_acked = LargestAcked(frame);
5303   QuicPacketNumberLength largest_acked_length =
5304       GetMinPacketNumberLength(largest_acked);
5305   QuicPacketNumberLength ack_block_length =
5306       GetMinPacketNumberLength(QuicPacketNumber(new_ack_info.max_block_length));
5307   // Calculate available bytes for timestamps and ack blocks.
5308   int32_t available_timestamp_and_ack_block_bytes =
5309       writer->capacity() - writer->length() - ack_block_length -
5310       GetMinAckFrameSize(version_.transport_version, frame,
5311                          local_ack_delay_exponent_,
5312                          UseIetfAckWithReceiveTimestamp(frame)) -
5313       (new_ack_info.num_ack_blocks != 0 ? kNumberOfAckBlocksSize : 0);
5314   QUICHE_DCHECK_LE(0, available_timestamp_and_ack_block_bytes);
5315 
5316   uint8_t type_byte = 0;
5317   SetBit(&type_byte, new_ack_info.num_ack_blocks != 0,
5318          kQuicHasMultipleAckBlocksOffset);
5319 
5320   SetBits(&type_byte, GetPacketNumberFlags(largest_acked_length),
5321           kQuicSequenceNumberLengthNumBits, kLargestAckedOffset);
5322 
5323   SetBits(&type_byte, GetPacketNumberFlags(ack_block_length),
5324           kQuicSequenceNumberLengthNumBits, kActBlockLengthOffset);
5325 
5326   type_byte |= kQuicFrameTypeAckMask;
5327 
5328   if (!writer->WriteUInt8(type_byte)) {
5329     return false;
5330   }
5331 
5332   size_t max_num_ack_blocks = available_timestamp_and_ack_block_bytes /
5333                               (ack_block_length + PACKET_1BYTE_PACKET_NUMBER);
5334 
5335   // Number of ack blocks.
5336   size_t num_ack_blocks =
5337       std::min(new_ack_info.num_ack_blocks, max_num_ack_blocks);
5338   if (num_ack_blocks > std::numeric_limits<uint8_t>::max()) {
5339     num_ack_blocks = std::numeric_limits<uint8_t>::max();
5340   }
5341 
5342   // Largest acked.
5343   if (!AppendPacketNumber(largest_acked_length, largest_acked, writer)) {
5344     return false;
5345   }
5346 
5347   // Largest acked delta time.
5348   uint64_t ack_delay_time_us = kUFloat16MaxValue;
5349   if (!frame.ack_delay_time.IsInfinite()) {
5350     QUICHE_DCHECK_LE(0u, frame.ack_delay_time.ToMicroseconds());
5351     ack_delay_time_us = frame.ack_delay_time.ToMicroseconds();
5352   }
5353   if (!writer->WriteUFloat16(ack_delay_time_us)) {
5354     return false;
5355   }
5356 
5357   if (num_ack_blocks > 0) {
5358     if (!writer->WriteBytes(&num_ack_blocks, 1)) {
5359       return false;
5360     }
5361   }
5362 
5363   // First ack block length.
5364   if (!AppendPacketNumber(ack_block_length,
5365                           QuicPacketNumber(new_ack_info.first_block_length),
5366                           writer)) {
5367     return false;
5368   }
5369 
5370   // Ack blocks.
5371   if (num_ack_blocks > 0) {
5372     size_t num_ack_blocks_written = 0;
5373     // Append, in descending order from the largest ACKed packet, a series of
5374     // ACK blocks that represents the successfully acknoweldged packets. Each
5375     // appended gap/block length represents a descending delta from the previous
5376     // block. i.e.:
5377     // |--- length ---|--- gap ---|--- length ---|--- gap ---|--- largest ---|
5378     // For gaps larger than can be represented by a single encoded gap, a 0
5379     // length gap of the maximum is used, i.e.:
5380     // |--- length ---|--- gap ---|- 0 -|--- gap ---|--- largest ---|
5381     auto itr = frame.packets.rbegin();
5382     QuicPacketNumber previous_start = itr->min();
5383     ++itr;
5384 
5385     for (;
5386          itr != frame.packets.rend() && num_ack_blocks_written < num_ack_blocks;
5387          previous_start = itr->min(), ++itr) {
5388       const auto& interval = *itr;
5389       const uint64_t total_gap = previous_start - interval.max();
5390       const size_t num_encoded_gaps =
5391           (total_gap + std::numeric_limits<uint8_t>::max() - 1) /
5392           std::numeric_limits<uint8_t>::max();
5393 
5394       // Append empty ACK blocks because the gap is longer than a single gap.
5395       for (size_t i = 1;
5396            i < num_encoded_gaps && num_ack_blocks_written < num_ack_blocks;
5397            ++i) {
5398         if (!AppendAckBlock(std::numeric_limits<uint8_t>::max(),
5399                             ack_block_length, 0, writer)) {
5400           return false;
5401         }
5402         ++num_ack_blocks_written;
5403       }
5404       if (num_ack_blocks_written >= num_ack_blocks) {
5405         if (ABSL_PREDICT_FALSE(num_ack_blocks_written != num_ack_blocks)) {
5406           QUIC_BUG(quic_bug_10850_85)
5407               << "Wrote " << num_ack_blocks_written << ", expected to write "
5408               << num_ack_blocks;
5409         }
5410         break;
5411       }
5412 
5413       const uint8_t last_gap =
5414           total_gap -
5415           (num_encoded_gaps - 1) * std::numeric_limits<uint8_t>::max();
5416       // Append the final ACK block with a non-empty size.
5417       if (!AppendAckBlock(last_gap, ack_block_length, interval.Length(),
5418                           writer)) {
5419         return false;
5420       }
5421       ++num_ack_blocks_written;
5422     }
5423     QUICHE_DCHECK_EQ(num_ack_blocks, num_ack_blocks_written);
5424   }
5425   // Timestamps.
5426   // If we don't process timestamps or if we don't have enough available space
5427   // to append all the timestamps, don't append any of them.
5428   if (process_timestamps_ && writer->capacity() - writer->length() >=
5429                                  GetAckFrameTimeStampSize(frame)) {
5430     if (!AppendTimestampsToAckFrame(frame, writer)) {
5431       return false;
5432     }
5433   } else {
5434     uint8_t num_received_packets = 0;
5435     if (!writer->WriteBytes(&num_received_packets, 1)) {
5436       return false;
5437     }
5438   }
5439 
5440   return true;
5441 }
5442 
AppendTimestampsToAckFrame(const QuicAckFrame & frame,QuicDataWriter * writer)5443 bool QuicFramer::AppendTimestampsToAckFrame(const QuicAckFrame& frame,
5444                                             QuicDataWriter* writer) {
5445   QUICHE_DCHECK_GE(std::numeric_limits<uint8_t>::max(),
5446                    frame.received_packet_times.size());
5447   // num_received_packets is only 1 byte.
5448   if (frame.received_packet_times.size() >
5449       std::numeric_limits<uint8_t>::max()) {
5450     return false;
5451   }
5452 
5453   uint8_t num_received_packets = frame.received_packet_times.size();
5454   if (!writer->WriteBytes(&num_received_packets, 1)) {
5455     return false;
5456   }
5457   if (num_received_packets == 0) {
5458     return true;
5459   }
5460 
5461   auto it = frame.received_packet_times.begin();
5462   QuicPacketNumber packet_number = it->first;
5463   uint64_t delta_from_largest_observed = LargestAcked(frame) - packet_number;
5464 
5465   QUICHE_DCHECK_GE(std::numeric_limits<uint8_t>::max(),
5466                    delta_from_largest_observed);
5467   if (delta_from_largest_observed > std::numeric_limits<uint8_t>::max()) {
5468     return false;
5469   }
5470 
5471   if (!writer->WriteUInt8(delta_from_largest_observed)) {
5472     return false;
5473   }
5474 
5475   // Use the lowest 4 bytes of the time delta from the creation_time_.
5476   const uint64_t time_epoch_delta_us = UINT64_C(1) << 32;
5477   uint32_t time_delta_us =
5478       static_cast<uint32_t>((it->second - creation_time_).ToMicroseconds() &
5479                             (time_epoch_delta_us - 1));
5480   if (!writer->WriteUInt32(time_delta_us)) {
5481     return false;
5482   }
5483 
5484   QuicTime prev_time = it->second;
5485 
5486   for (++it; it != frame.received_packet_times.end(); ++it) {
5487     packet_number = it->first;
5488     delta_from_largest_observed = LargestAcked(frame) - packet_number;
5489 
5490     if (delta_from_largest_observed > std::numeric_limits<uint8_t>::max()) {
5491       return false;
5492     }
5493 
5494     if (!writer->WriteUInt8(delta_from_largest_observed)) {
5495       return false;
5496     }
5497 
5498     uint64_t frame_time_delta_us = (it->second - prev_time).ToMicroseconds();
5499     prev_time = it->second;
5500     if (!writer->WriteUFloat16(frame_time_delta_us)) {
5501       return false;
5502     }
5503   }
5504   return true;
5505 }
5506 
5507 absl::InlinedVector<QuicFramer::AckTimestampRange, 2>
GetAckTimestampRanges(const QuicAckFrame & frame,std::string & detailed_error) const5508 QuicFramer::GetAckTimestampRanges(const QuicAckFrame& frame,
5509                                   std::string& detailed_error) const {
5510   detailed_error = "";
5511   if (frame.received_packet_times.empty()) {
5512     return {};
5513   }
5514 
5515   absl::InlinedVector<AckTimestampRange, 2> timestamp_ranges;
5516 
5517   for (size_t r = 0; r < std::min<size_t>(max_receive_timestamps_per_ack_,
5518                                           frame.received_packet_times.size());
5519        ++r) {
5520     const size_t i = frame.received_packet_times.size() - 1 - r;
5521     const QuicPacketNumber packet_number = frame.received_packet_times[i].first;
5522     const QuicTime receive_timestamp = frame.received_packet_times[i].second;
5523 
5524     if (timestamp_ranges.empty()) {
5525       if (receive_timestamp < creation_time_ ||
5526           LargestAcked(frame) < packet_number) {
5527         detailed_error =
5528             "The first packet is either received earlier than framer creation "
5529             "time, or larger than largest acked packet.";
5530         QUIC_BUG(quic_framer_ack_ts_first_packet_bad)
5531             << detailed_error << " receive_timestamp:" << receive_timestamp
5532             << ", framer_creation_time:" << creation_time_
5533             << ", packet_number:" << packet_number
5534             << ", largest_acked:" << LargestAcked(frame);
5535         return {};
5536       }
5537       timestamp_ranges.push_back(AckTimestampRange());
5538       timestamp_ranges.back().gap = LargestAcked(frame) - packet_number;
5539       timestamp_ranges.back().range_begin = i;
5540       timestamp_ranges.back().range_end = i;
5541       continue;
5542     }
5543 
5544     const size_t prev_i = timestamp_ranges.back().range_end;
5545     const QuicPacketNumber prev_packet_number =
5546         frame.received_packet_times[prev_i].first;
5547     const QuicTime prev_receive_timestamp =
5548         frame.received_packet_times[prev_i].second;
5549 
5550     QUIC_DVLOG(3) << "prev_packet_number:" << prev_packet_number
5551                   << ", packet_number:" << packet_number;
5552     if (prev_receive_timestamp < receive_timestamp ||
5553         prev_packet_number <= packet_number) {
5554       detailed_error = "Packet number and/or receive time not in order.";
5555       QUIC_BUG(quic_framer_ack_ts_packet_out_of_order)
5556           << detailed_error << " packet_number:" << packet_number
5557           << ", receive_timestamp:" << receive_timestamp
5558           << ", prev_packet_number:" << prev_packet_number
5559           << ", prev_receive_timestamp:" << prev_receive_timestamp;
5560       return {};
5561     }
5562 
5563     if (prev_packet_number == packet_number + 1) {
5564       timestamp_ranges.back().range_end = i;
5565     } else {
5566       timestamp_ranges.push_back(AckTimestampRange());
5567       timestamp_ranges.back().gap = prev_packet_number - 2 - packet_number;
5568       timestamp_ranges.back().range_begin = i;
5569       timestamp_ranges.back().range_end = i;
5570     }
5571   }
5572 
5573   return timestamp_ranges;
5574 }
5575 
FrameAckTimestampRanges(const QuicAckFrame & frame,const absl::InlinedVector<AckTimestampRange,2> & timestamp_ranges,QuicDataWriter * writer) const5576 int64_t QuicFramer::FrameAckTimestampRanges(
5577     const QuicAckFrame& frame,
5578     const absl::InlinedVector<AckTimestampRange, 2>& timestamp_ranges,
5579     QuicDataWriter* writer) const {
5580   int64_t size = 0;
5581   auto maybe_write_var_int62 = [&](uint64_t value) {
5582     size += QuicDataWriter::GetVarInt62Len(value);
5583     if (writer != nullptr && !writer->WriteVarInt62(value)) {
5584       return false;
5585     }
5586     return true;
5587   };
5588 
5589   if (!maybe_write_var_int62(timestamp_ranges.size())) {
5590     return -1;
5591   }
5592 
5593   // |effective_prev_time| is the exponent-encoded timestamp of the previous
5594   // packet.
5595   std::optional<QuicTime> effective_prev_time;
5596   for (const AckTimestampRange& range : timestamp_ranges) {
5597     QUIC_DVLOG(3) << "Range: gap:" << range.gap << ", beg:" << range.range_begin
5598                   << ", end:" << range.range_end;
5599     if (!maybe_write_var_int62(range.gap)) {
5600       return -1;
5601     }
5602 
5603     if (!maybe_write_var_int62(range.range_begin - range.range_end + 1)) {
5604       return -1;
5605     }
5606 
5607     for (int64_t i = range.range_begin; i >= range.range_end; --i) {
5608       const QuicTime receive_timestamp = frame.received_packet_times[i].second;
5609       uint64_t time_delta;
5610       if (effective_prev_time.has_value()) {
5611         time_delta =
5612             (*effective_prev_time - receive_timestamp).ToMicroseconds();
5613         QUIC_DVLOG(3) << "time_delta:" << time_delta
5614                       << ", exponent:" << receive_timestamps_exponent_
5615                       << ", effective_prev_time:" << *effective_prev_time
5616                       << ", recv_time:" << receive_timestamp;
5617         time_delta = time_delta >> receive_timestamps_exponent_;
5618         effective_prev_time = *effective_prev_time -
5619                               QuicTime::Delta::FromMicroseconds(
5620                                   time_delta << receive_timestamps_exponent_);
5621       } else {
5622         // The first delta is from framer creation to the current receive
5623         // timestamp (forward in time), whereas in the common case subsequent
5624         // deltas move backwards in time.
5625         time_delta = (receive_timestamp - creation_time_).ToMicroseconds();
5626         QUIC_DVLOG(3) << "First time_delta:" << time_delta
5627                       << ", exponent:" << receive_timestamps_exponent_
5628                       << ", recv_time:" << receive_timestamp
5629                       << ", creation_time:" << creation_time_;
5630         // Round up the first exponent-encoded time delta so that the next
5631         // receive timestamp is guaranteed to be decreasing.
5632         time_delta = ((time_delta - 1) >> receive_timestamps_exponent_) + 1;
5633         effective_prev_time =
5634             creation_time_ + QuicTime::Delta::FromMicroseconds(
5635                                  time_delta << receive_timestamps_exponent_);
5636       }
5637 
5638       if (!maybe_write_var_int62(time_delta)) {
5639         return -1;
5640       }
5641     }
5642   }
5643 
5644   return size;
5645 }
5646 
AppendIetfTimestampsToAckFrame(const QuicAckFrame & frame,QuicDataWriter * writer)5647 bool QuicFramer::AppendIetfTimestampsToAckFrame(const QuicAckFrame& frame,
5648                                                 QuicDataWriter* writer) {
5649   QUICHE_DCHECK(!frame.received_packet_times.empty());
5650   std::string detailed_error;
5651   const absl::InlinedVector<AckTimestampRange, 2> timestamp_ranges =
5652       GetAckTimestampRanges(frame, detailed_error);
5653   if (!detailed_error.empty()) {
5654     set_detailed_error(std::move(detailed_error));
5655     return false;
5656   }
5657 
5658   // Compute the size first using a null writer.
5659   int64_t size =
5660       FrameAckTimestampRanges(frame, timestamp_ranges, /*writer=*/nullptr);
5661   if (size > static_cast<int64_t>(writer->capacity() - writer->length())) {
5662     QUIC_DVLOG(1) << "Insufficient room to write IETF ack receive timestamps. "
5663                      "size_remain:"
5664                   << (writer->capacity() - writer->length())
5665                   << ", size_needed:" << size;
5666     // Write a Timestamp Range Count of 0.
5667     return writer->WriteVarInt62(0);
5668   }
5669 
5670   return FrameAckTimestampRanges(frame, timestamp_ranges, writer) > 0;
5671 }
5672 
AppendIetfAckFrameAndTypeByte(const QuicAckFrame & frame,QuicDataWriter * writer)5673 bool QuicFramer::AppendIetfAckFrameAndTypeByte(const QuicAckFrame& frame,
5674                                                QuicDataWriter* writer) {
5675   uint8_t type = IETF_ACK;
5676   uint64_t ecn_size = 0;
5677   if (UseIetfAckWithReceiveTimestamp(frame)) {
5678     type = IETF_ACK_RECEIVE_TIMESTAMPS;
5679   } else if (frame.ecn_counters.has_value()) {
5680     // Change frame type to ACK_ECN if any ECN count is available.
5681     type = IETF_ACK_ECN;
5682     ecn_size = AckEcnCountSize(frame);
5683   }
5684 
5685   if (!writer->WriteVarInt62(type)) {
5686     set_detailed_error("No room for frame-type");
5687     return false;
5688   }
5689 
5690   QuicPacketNumber largest_acked = LargestAcked(frame);
5691   if (!writer->WriteVarInt62(largest_acked.ToUint64())) {
5692     set_detailed_error("No room for largest-acked in ack frame");
5693     return false;
5694   }
5695 
5696   uint64_t ack_delay_time_us = quiche::kVarInt62MaxValue;
5697   if (!frame.ack_delay_time.IsInfinite()) {
5698     QUICHE_DCHECK_LE(0u, frame.ack_delay_time.ToMicroseconds());
5699     ack_delay_time_us = frame.ack_delay_time.ToMicroseconds();
5700     ack_delay_time_us = ack_delay_time_us >> local_ack_delay_exponent_;
5701   }
5702 
5703   if (!writer->WriteVarInt62(ack_delay_time_us)) {
5704     set_detailed_error("No room for ack-delay in ack frame");
5705     return false;
5706   }
5707 
5708   if (frame.packets.Empty() || frame.packets.Max() != largest_acked) {
5709     QUIC_BUG(quic_bug_10850_88) << "Malformed ack frame: " << frame;
5710     set_detailed_error("Malformed ack frame");
5711     return false;
5712   }
5713 
5714   // Latch ack_block_count for potential truncation.
5715   const uint64_t ack_block_count = frame.packets.NumIntervals() - 1;
5716   QuicDataWriter count_writer(QuicDataWriter::GetVarInt62Len(ack_block_count),
5717                               writer->data() + writer->length());
5718   if (!writer->WriteVarInt62(ack_block_count)) {
5719     set_detailed_error("No room for ack block count in ack frame");
5720     return false;
5721   }
5722   auto iter = frame.packets.rbegin();
5723   if (!writer->WriteVarInt62(iter->Length() - 1)) {
5724     set_detailed_error("No room for first ack block in ack frame");
5725     return false;
5726   }
5727   QuicPacketNumber previous_smallest = iter->min();
5728   ++iter;
5729   // Append remaining ACK blocks.
5730   uint64_t appended_ack_blocks = 0;
5731   for (; iter != frame.packets.rend(); ++iter) {
5732     const uint64_t gap = previous_smallest - iter->max() - 1;
5733     const uint64_t ack_range = iter->Length() - 1;
5734 
5735     if (type == IETF_ACK_RECEIVE_TIMESTAMPS &&
5736         writer->remaining() <
5737             static_cast<size_t>(QuicDataWriter::GetVarInt62Len(gap) +
5738                                 QuicDataWriter::GetVarInt62Len(ack_range) +
5739                                 QuicDataWriter::GetVarInt62Len(0))) {
5740       // If we write this ACK range we won't have space for a timestamp range
5741       // count of 0.
5742       break;
5743     } else if (writer->remaining() < ecn_size ||
5744                writer->remaining() - ecn_size <
5745                    static_cast<size_t>(
5746                        QuicDataWriter::GetVarInt62Len(gap) +
5747                        QuicDataWriter::GetVarInt62Len(ack_range))) {
5748       // ACK range does not fit, truncate it.
5749       break;
5750     }
5751     const bool success =
5752         writer->WriteVarInt62(gap) && writer->WriteVarInt62(ack_range);
5753     QUICHE_DCHECK(success);
5754     previous_smallest = iter->min();
5755     ++appended_ack_blocks;
5756   }
5757 
5758   if (appended_ack_blocks < ack_block_count) {
5759     // Truncation is needed, rewrite the ack block count.
5760     if (QuicDataWriter::GetVarInt62Len(appended_ack_blocks) !=
5761             QuicDataWriter::GetVarInt62Len(ack_block_count) ||
5762         !count_writer.WriteVarInt62(appended_ack_blocks)) {
5763       // This should never happen as ack_block_count is limited by
5764       // max_ack_ranges_.
5765       QUIC_BUG(quic_bug_10850_89)
5766           << "Ack frame truncation fails. ack_block_count: " << ack_block_count
5767           << ", appended count: " << appended_ack_blocks;
5768       set_detailed_error("ACK frame truncation fails");
5769       return false;
5770     }
5771     QUIC_DLOG(INFO) << ENDPOINT << "ACK ranges get truncated from "
5772                     << ack_block_count << " to " << appended_ack_blocks;
5773   }
5774 
5775   if (type == IETF_ACK_ECN) {
5776     // Encode the ECN counts.
5777     if (!writer->WriteVarInt62(frame.ecn_counters->ect0)) {
5778       set_detailed_error("No room for ect_0_count in ack frame");
5779       return false;
5780     }
5781     if (!writer->WriteVarInt62(frame.ecn_counters->ect1)) {
5782       set_detailed_error("No room for ect_1_count in ack frame");
5783       return false;
5784     }
5785     if (!writer->WriteVarInt62(frame.ecn_counters->ce)) {
5786       set_detailed_error("No room for ecn_ce_count in ack frame");
5787       return false;
5788     }
5789   }
5790 
5791   if (type == IETF_ACK_RECEIVE_TIMESTAMPS) {
5792     if (!AppendIetfTimestampsToAckFrame(frame, writer)) {
5793       return false;
5794     }
5795   }
5796 
5797   return true;
5798 }
5799 
AppendRstStreamFrame(const QuicRstStreamFrame & frame,QuicDataWriter * writer)5800 bool QuicFramer::AppendRstStreamFrame(const QuicRstStreamFrame& frame,
5801                                       QuicDataWriter* writer) {
5802   if (VersionHasIetfQuicFrames(version_.transport_version)) {
5803     return AppendIetfResetStreamFrame(frame, writer);
5804   }
5805   if (!writer->WriteUInt32(frame.stream_id)) {
5806     return false;
5807   }
5808 
5809   if (!writer->WriteUInt64(frame.byte_offset)) {
5810     return false;
5811   }
5812 
5813   uint32_t error_code = static_cast<uint32_t>(frame.error_code);
5814   if (!writer->WriteUInt32(error_code)) {
5815     return false;
5816   }
5817 
5818   return true;
5819 }
5820 
AppendConnectionCloseFrame(const QuicConnectionCloseFrame & frame,QuicDataWriter * writer)5821 bool QuicFramer::AppendConnectionCloseFrame(
5822     const QuicConnectionCloseFrame& frame, QuicDataWriter* writer) {
5823   if (VersionHasIetfQuicFrames(version_.transport_version)) {
5824     return AppendIetfConnectionCloseFrame(frame, writer);
5825   }
5826   uint32_t error_code = static_cast<uint32_t>(frame.wire_error_code);
5827   if (!writer->WriteUInt32(error_code)) {
5828     return false;
5829   }
5830   if (!writer->WriteStringPiece16(TruncateErrorString(frame.error_details))) {
5831     return false;
5832   }
5833   return true;
5834 }
5835 
AppendGoAwayFrame(const QuicGoAwayFrame & frame,QuicDataWriter * writer)5836 bool QuicFramer::AppendGoAwayFrame(const QuicGoAwayFrame& frame,
5837                                    QuicDataWriter* writer) {
5838   uint32_t error_code = static_cast<uint32_t>(frame.error_code);
5839   if (!writer->WriteUInt32(error_code)) {
5840     return false;
5841   }
5842   uint32_t stream_id = static_cast<uint32_t>(frame.last_good_stream_id);
5843   if (!writer->WriteUInt32(stream_id)) {
5844     return false;
5845   }
5846   if (!writer->WriteStringPiece16(TruncateErrorString(frame.reason_phrase))) {
5847     return false;
5848   }
5849   return true;
5850 }
5851 
AppendWindowUpdateFrame(const QuicWindowUpdateFrame & frame,QuicDataWriter * writer)5852 bool QuicFramer::AppendWindowUpdateFrame(const QuicWindowUpdateFrame& frame,
5853                                          QuicDataWriter* writer) {
5854   uint32_t stream_id = static_cast<uint32_t>(frame.stream_id);
5855   if (!writer->WriteUInt32(stream_id)) {
5856     return false;
5857   }
5858   if (!writer->WriteUInt64(frame.max_data)) {
5859     return false;
5860   }
5861   return true;
5862 }
5863 
AppendBlockedFrame(const QuicBlockedFrame & frame,QuicDataWriter * writer)5864 bool QuicFramer::AppendBlockedFrame(const QuicBlockedFrame& frame,
5865                                     QuicDataWriter* writer) {
5866   if (VersionHasIetfQuicFrames(version_.transport_version)) {
5867     if (frame.stream_id == QuicUtils::GetInvalidStreamId(transport_version())) {
5868       return AppendDataBlockedFrame(frame, writer);
5869     }
5870     return AppendStreamDataBlockedFrame(frame, writer);
5871   }
5872   uint32_t stream_id = static_cast<uint32_t>(frame.stream_id);
5873   if (!writer->WriteUInt32(stream_id)) {
5874     return false;
5875   }
5876   return true;
5877 }
5878 
AppendPaddingFrame(const QuicPaddingFrame & frame,QuicDataWriter * writer)5879 bool QuicFramer::AppendPaddingFrame(const QuicPaddingFrame& frame,
5880                                     QuicDataWriter* writer) {
5881   if (frame.num_padding_bytes == 0) {
5882     return false;
5883   }
5884   if (frame.num_padding_bytes < 0) {
5885     QUIC_BUG_IF(quic_bug_12975_9, frame.num_padding_bytes != -1);
5886     writer->WritePadding();
5887     return true;
5888   }
5889   // Please note, num_padding_bytes includes type byte which has been written.
5890   return writer->WritePaddingBytes(frame.num_padding_bytes - 1);
5891 }
5892 
AppendMessageFrameAndTypeByte(const QuicMessageFrame & frame,bool last_frame_in_packet,QuicDataWriter * writer)5893 bool QuicFramer::AppendMessageFrameAndTypeByte(const QuicMessageFrame& frame,
5894                                                bool last_frame_in_packet,
5895                                                QuicDataWriter* writer) {
5896   uint8_t type_byte;
5897   if (VersionHasIetfQuicFrames(version_.transport_version)) {
5898     type_byte = last_frame_in_packet ? IETF_EXTENSION_MESSAGE_NO_LENGTH_V99
5899                                      : IETF_EXTENSION_MESSAGE_V99;
5900   } else {
5901     QUIC_CODE_COUNT(quic_legacy_message_frame_codepoint_write);
5902     type_byte = last_frame_in_packet ? IETF_EXTENSION_MESSAGE_NO_LENGTH
5903                                      : IETF_EXTENSION_MESSAGE;
5904   }
5905   if (!writer->WriteUInt8(type_byte)) {
5906     return false;
5907   }
5908   if (!last_frame_in_packet && !writer->WriteVarInt62(frame.message_length)) {
5909     return false;
5910   }
5911   for (const auto& slice : frame.message_data) {
5912     if (!writer->WriteBytes(slice.data(), slice.length())) {
5913       return false;
5914     }
5915   }
5916   return true;
5917 }
5918 
RaiseError(QuicErrorCode error)5919 bool QuicFramer::RaiseError(QuicErrorCode error) {
5920   QUIC_DLOG(INFO) << ENDPOINT << "Error: " << QuicErrorCodeToString(error)
5921                   << " detail: " << detailed_error_;
5922   set_error(error);
5923   if (visitor_) {
5924     visitor_->OnError(this);
5925   }
5926   return false;
5927 }
5928 
IsVersionNegotiation(const QuicPacketHeader & header) const5929 bool QuicFramer::IsVersionNegotiation(const QuicPacketHeader& header) const {
5930   return header.form == IETF_QUIC_LONG_HEADER_PACKET &&
5931          header.long_packet_type == VERSION_NEGOTIATION;
5932 }
5933 
AppendIetfConnectionCloseFrame(const QuicConnectionCloseFrame & frame,QuicDataWriter * writer)5934 bool QuicFramer::AppendIetfConnectionCloseFrame(
5935     const QuicConnectionCloseFrame& frame, QuicDataWriter* writer) {
5936   if (frame.close_type != IETF_QUIC_TRANSPORT_CONNECTION_CLOSE &&
5937       frame.close_type != IETF_QUIC_APPLICATION_CONNECTION_CLOSE) {
5938     QUIC_BUG(quic_bug_10850_90)
5939         << "Invalid close_type for writing IETF CONNECTION CLOSE.";
5940     set_detailed_error("Invalid close_type for writing IETF CONNECTION CLOSE.");
5941     return false;
5942   }
5943 
5944   if (!writer->WriteVarInt62(frame.wire_error_code)) {
5945     set_detailed_error("Can not write connection close frame error code");
5946     return false;
5947   }
5948 
5949   if (frame.close_type == IETF_QUIC_TRANSPORT_CONNECTION_CLOSE) {
5950     // Write the frame-type of the frame causing the error only
5951     // if it's a CONNECTION_CLOSE/Transport.
5952     if (!writer->WriteVarInt62(frame.transport_close_frame_type)) {
5953       set_detailed_error("Writing frame type failed.");
5954       return false;
5955     }
5956   }
5957 
5958   // There may be additional error information available in the extracted error
5959   // code. Encode the error information in the reason phrase and serialize the
5960   // result.
5961   std::string final_error_string =
5962       GenerateErrorString(frame.error_details, frame.quic_error_code);
5963   if (!writer->WriteStringPieceVarInt62(
5964           TruncateErrorString(final_error_string))) {
5965     set_detailed_error("Can not write connection close phrase");
5966     return false;
5967   }
5968   return true;
5969 }
5970 
ProcessIetfConnectionCloseFrame(QuicDataReader * reader,QuicConnectionCloseType type,QuicConnectionCloseFrame * frame)5971 bool QuicFramer::ProcessIetfConnectionCloseFrame(
5972     QuicDataReader* reader, QuicConnectionCloseType type,
5973     QuicConnectionCloseFrame* frame) {
5974   frame->close_type = type;
5975 
5976   uint64_t error_code;
5977   if (!reader->ReadVarInt62(&error_code)) {
5978     set_detailed_error("Unable to read connection close error code.");
5979     return false;
5980   }
5981 
5982   frame->wire_error_code = error_code;
5983 
5984   if (type == IETF_QUIC_TRANSPORT_CONNECTION_CLOSE) {
5985     // The frame-type of the frame causing the error is present only
5986     // if it's a CONNECTION_CLOSE/Transport.
5987     if (!reader->ReadVarInt62(&frame->transport_close_frame_type)) {
5988       set_detailed_error("Unable to read connection close frame type.");
5989       return false;
5990     }
5991   }
5992 
5993   uint64_t phrase_length;
5994   if (!reader->ReadVarInt62(&phrase_length)) {
5995     set_detailed_error("Unable to read connection close error details.");
5996     return false;
5997   }
5998 
5999   absl::string_view phrase;
6000   if (!reader->ReadStringPiece(&phrase, static_cast<size_t>(phrase_length))) {
6001     set_detailed_error("Unable to read connection close error details.");
6002     return false;
6003   }
6004   frame->error_details = std::string(phrase);
6005 
6006   // The frame may have an extracted error code in it. Look for it and
6007   // extract it. If it's not present, MaybeExtract will return
6008   // QUIC_IETF_GQUIC_ERROR_MISSING.
6009   MaybeExtractQuicErrorCode(frame);
6010   return true;
6011 }
6012 
6013 // IETF Quic Path Challenge/Response frames.
ProcessPathChallengeFrame(QuicDataReader * reader,QuicPathChallengeFrame * frame)6014 bool QuicFramer::ProcessPathChallengeFrame(QuicDataReader* reader,
6015                                            QuicPathChallengeFrame* frame) {
6016   if (!reader->ReadBytes(frame->data_buffer.data(),
6017                          frame->data_buffer.size())) {
6018     set_detailed_error("Can not read path challenge data.");
6019     return false;
6020   }
6021   return true;
6022 }
6023 
ProcessPathResponseFrame(QuicDataReader * reader,QuicPathResponseFrame * frame)6024 bool QuicFramer::ProcessPathResponseFrame(QuicDataReader* reader,
6025                                           QuicPathResponseFrame* frame) {
6026   if (!reader->ReadBytes(frame->data_buffer.data(),
6027                          frame->data_buffer.size())) {
6028     set_detailed_error("Can not read path response data.");
6029     return false;
6030   }
6031   return true;
6032 }
6033 
AppendPathChallengeFrame(const QuicPathChallengeFrame & frame,QuicDataWriter * writer)6034 bool QuicFramer::AppendPathChallengeFrame(const QuicPathChallengeFrame& frame,
6035                                           QuicDataWriter* writer) {
6036   if (!writer->WriteBytes(frame.data_buffer.data(), frame.data_buffer.size())) {
6037     set_detailed_error("Writing Path Challenge data failed.");
6038     return false;
6039   }
6040   return true;
6041 }
6042 
AppendPathResponseFrame(const QuicPathResponseFrame & frame,QuicDataWriter * writer)6043 bool QuicFramer::AppendPathResponseFrame(const QuicPathResponseFrame& frame,
6044                                          QuicDataWriter* writer) {
6045   if (!writer->WriteBytes(frame.data_buffer.data(), frame.data_buffer.size())) {
6046     set_detailed_error("Writing Path Response data failed.");
6047     return false;
6048   }
6049   return true;
6050 }
6051 
6052 // Add a new ietf-format stream reset frame.
6053 // General format is
6054 //    stream id
6055 //    application error code
6056 //    final offset
AppendIetfResetStreamFrame(const QuicRstStreamFrame & frame,QuicDataWriter * writer)6057 bool QuicFramer::AppendIetfResetStreamFrame(const QuicRstStreamFrame& frame,
6058                                             QuicDataWriter* writer) {
6059   if (!writer->WriteVarInt62(static_cast<uint64_t>(frame.stream_id))) {
6060     set_detailed_error("Writing reset-stream stream id failed.");
6061     return false;
6062   }
6063   if (!writer->WriteVarInt62(static_cast<uint64_t>(frame.ietf_error_code))) {
6064     set_detailed_error("Writing reset-stream error code failed.");
6065     return false;
6066   }
6067   if (!writer->WriteVarInt62(static_cast<uint64_t>(frame.byte_offset))) {
6068     set_detailed_error("Writing reset-stream final-offset failed.");
6069     return false;
6070   }
6071   return true;
6072 }
6073 
ProcessIetfResetStreamFrame(QuicDataReader * reader,QuicRstStreamFrame * frame)6074 bool QuicFramer::ProcessIetfResetStreamFrame(QuicDataReader* reader,
6075                                              QuicRstStreamFrame* frame) {
6076   // Get Stream ID from frame. ReadVarIntStreamID returns false
6077   // if either A) there is a read error or B) the resulting value of
6078   // the Stream ID is larger than the maximum allowed value.
6079   if (!ReadUint32FromVarint62(reader, IETF_RST_STREAM, &frame->stream_id)) {
6080     return false;
6081   }
6082 
6083   if (!reader->ReadVarInt62(&frame->ietf_error_code)) {
6084     set_detailed_error("Unable to read rst stream error code.");
6085     return false;
6086   }
6087 
6088   frame->error_code =
6089       IetfResetStreamErrorCodeToRstStreamErrorCode(frame->ietf_error_code);
6090 
6091   if (!reader->ReadVarInt62(&frame->byte_offset)) {
6092     set_detailed_error("Unable to read rst stream sent byte offset.");
6093     return false;
6094   }
6095   return true;
6096 }
6097 
ProcessStopSendingFrame(QuicDataReader * reader,QuicStopSendingFrame * stop_sending_frame)6098 bool QuicFramer::ProcessStopSendingFrame(
6099     QuicDataReader* reader, QuicStopSendingFrame* stop_sending_frame) {
6100   if (!ReadUint32FromVarint62(reader, IETF_STOP_SENDING,
6101                               &stop_sending_frame->stream_id)) {
6102     return false;
6103   }
6104 
6105   if (!reader->ReadVarInt62(&stop_sending_frame->ietf_error_code)) {
6106     set_detailed_error("Unable to read stop sending application error code.");
6107     return false;
6108   }
6109 
6110   stop_sending_frame->error_code = IetfResetStreamErrorCodeToRstStreamErrorCode(
6111       stop_sending_frame->ietf_error_code);
6112   return true;
6113 }
6114 
AppendStopSendingFrame(const QuicStopSendingFrame & stop_sending_frame,QuicDataWriter * writer)6115 bool QuicFramer::AppendStopSendingFrame(
6116     const QuicStopSendingFrame& stop_sending_frame, QuicDataWriter* writer) {
6117   if (!writer->WriteVarInt62(stop_sending_frame.stream_id)) {
6118     set_detailed_error("Can not write stop sending stream id");
6119     return false;
6120   }
6121   if (!writer->WriteVarInt62(
6122           static_cast<uint64_t>(stop_sending_frame.ietf_error_code))) {
6123     set_detailed_error("Can not write application error code");
6124     return false;
6125   }
6126   return true;
6127 }
6128 
6129 // Append/process IETF-Format MAX_DATA Frame
AppendMaxDataFrame(const QuicWindowUpdateFrame & frame,QuicDataWriter * writer)6130 bool QuicFramer::AppendMaxDataFrame(const QuicWindowUpdateFrame& frame,
6131                                     QuicDataWriter* writer) {
6132   if (!writer->WriteVarInt62(frame.max_data)) {
6133     set_detailed_error("Can not write MAX_DATA byte-offset");
6134     return false;
6135   }
6136   return true;
6137 }
6138 
ProcessMaxDataFrame(QuicDataReader * reader,QuicWindowUpdateFrame * frame)6139 bool QuicFramer::ProcessMaxDataFrame(QuicDataReader* reader,
6140                                      QuicWindowUpdateFrame* frame) {
6141   frame->stream_id = QuicUtils::GetInvalidStreamId(transport_version());
6142   if (!reader->ReadVarInt62(&frame->max_data)) {
6143     set_detailed_error("Can not read MAX_DATA byte-offset");
6144     return false;
6145   }
6146   return true;
6147 }
6148 
6149 // Append/process IETF-Format MAX_STREAM_DATA Frame
AppendMaxStreamDataFrame(const QuicWindowUpdateFrame & frame,QuicDataWriter * writer)6150 bool QuicFramer::AppendMaxStreamDataFrame(const QuicWindowUpdateFrame& frame,
6151                                           QuicDataWriter* writer) {
6152   if (!writer->WriteVarInt62(frame.stream_id)) {
6153     set_detailed_error("Can not write MAX_STREAM_DATA stream id");
6154     return false;
6155   }
6156   if (!writer->WriteVarInt62(frame.max_data)) {
6157     set_detailed_error("Can not write MAX_STREAM_DATA byte-offset");
6158     return false;
6159   }
6160   return true;
6161 }
6162 
ProcessMaxStreamDataFrame(QuicDataReader * reader,QuicWindowUpdateFrame * frame)6163 bool QuicFramer::ProcessMaxStreamDataFrame(QuicDataReader* reader,
6164                                            QuicWindowUpdateFrame* frame) {
6165   if (!ReadUint32FromVarint62(reader, IETF_MAX_STREAM_DATA,
6166                               &frame->stream_id)) {
6167     return false;
6168   }
6169   if (!reader->ReadVarInt62(&frame->max_data)) {
6170     set_detailed_error("Can not read MAX_STREAM_DATA byte-count");
6171     return false;
6172   }
6173   return true;
6174 }
6175 
AppendMaxStreamsFrame(const QuicMaxStreamsFrame & frame,QuicDataWriter * writer)6176 bool QuicFramer::AppendMaxStreamsFrame(const QuicMaxStreamsFrame& frame,
6177                                        QuicDataWriter* writer) {
6178   if (!writer->WriteVarInt62(frame.stream_count)) {
6179     set_detailed_error("Can not write MAX_STREAMS stream count");
6180     return false;
6181   }
6182   return true;
6183 }
6184 
ProcessMaxStreamsFrame(QuicDataReader * reader,QuicMaxStreamsFrame * frame,uint64_t frame_type)6185 bool QuicFramer::ProcessMaxStreamsFrame(QuicDataReader* reader,
6186                                         QuicMaxStreamsFrame* frame,
6187                                         uint64_t frame_type) {
6188   if (!ReadUint32FromVarint62(reader,
6189                               static_cast<QuicIetfFrameType>(frame_type),
6190                               &frame->stream_count)) {
6191     return false;
6192   }
6193   frame->unidirectional = (frame_type == IETF_MAX_STREAMS_UNIDIRECTIONAL);
6194   return true;
6195 }
6196 
AppendDataBlockedFrame(const QuicBlockedFrame & frame,QuicDataWriter * writer)6197 bool QuicFramer::AppendDataBlockedFrame(const QuicBlockedFrame& frame,
6198                                         QuicDataWriter* writer) {
6199   if (!writer->WriteVarInt62(frame.offset)) {
6200     set_detailed_error("Can not write blocked offset.");
6201     return false;
6202   }
6203   return true;
6204 }
6205 
ProcessDataBlockedFrame(QuicDataReader * reader,QuicBlockedFrame * frame)6206 bool QuicFramer::ProcessDataBlockedFrame(QuicDataReader* reader,
6207                                          QuicBlockedFrame* frame) {
6208   // Indicates that it is a BLOCKED frame (as opposed to STREAM_BLOCKED).
6209   frame->stream_id = QuicUtils::GetInvalidStreamId(transport_version());
6210   if (!reader->ReadVarInt62(&frame->offset)) {
6211     set_detailed_error("Can not read blocked offset.");
6212     return false;
6213   }
6214   return true;
6215 }
6216 
AppendStreamDataBlockedFrame(const QuicBlockedFrame & frame,QuicDataWriter * writer)6217 bool QuicFramer::AppendStreamDataBlockedFrame(const QuicBlockedFrame& frame,
6218                                               QuicDataWriter* writer) {
6219   if (!writer->WriteVarInt62(frame.stream_id)) {
6220     set_detailed_error("Can not write stream blocked stream id.");
6221     return false;
6222   }
6223   if (!writer->WriteVarInt62(frame.offset)) {
6224     set_detailed_error("Can not write stream blocked offset.");
6225     return false;
6226   }
6227   return true;
6228 }
6229 
ProcessStreamDataBlockedFrame(QuicDataReader * reader,QuicBlockedFrame * frame)6230 bool QuicFramer::ProcessStreamDataBlockedFrame(QuicDataReader* reader,
6231                                                QuicBlockedFrame* frame) {
6232   if (!ReadUint32FromVarint62(reader, IETF_STREAM_DATA_BLOCKED,
6233                               &frame->stream_id)) {
6234     return false;
6235   }
6236   if (!reader->ReadVarInt62(&frame->offset)) {
6237     set_detailed_error("Can not read stream blocked offset.");
6238     return false;
6239   }
6240   return true;
6241 }
6242 
AppendStreamsBlockedFrame(const QuicStreamsBlockedFrame & frame,QuicDataWriter * writer)6243 bool QuicFramer::AppendStreamsBlockedFrame(const QuicStreamsBlockedFrame& frame,
6244                                            QuicDataWriter* writer) {
6245   if (!writer->WriteVarInt62(frame.stream_count)) {
6246     set_detailed_error("Can not write STREAMS_BLOCKED stream count");
6247     return false;
6248   }
6249   return true;
6250 }
6251 
ProcessStreamsBlockedFrame(QuicDataReader * reader,QuicStreamsBlockedFrame * frame,uint64_t frame_type)6252 bool QuicFramer::ProcessStreamsBlockedFrame(QuicDataReader* reader,
6253                                             QuicStreamsBlockedFrame* frame,
6254                                             uint64_t frame_type) {
6255   if (!ReadUint32FromVarint62(reader,
6256                               static_cast<QuicIetfFrameType>(frame_type),
6257                               &frame->stream_count)) {
6258     return false;
6259   }
6260   if (frame->stream_count > QuicUtils::GetMaxStreamCount()) {
6261     // If stream count is such that the resulting stream ID would exceed our
6262     // implementation limit, generate an error.
6263     set_detailed_error(
6264         "STREAMS_BLOCKED stream count exceeds implementation limit.");
6265     return false;
6266   }
6267   frame->unidirectional = (frame_type == IETF_STREAMS_BLOCKED_UNIDIRECTIONAL);
6268   return true;
6269 }
6270 
AppendNewConnectionIdFrame(const QuicNewConnectionIdFrame & frame,QuicDataWriter * writer)6271 bool QuicFramer::AppendNewConnectionIdFrame(
6272     const QuicNewConnectionIdFrame& frame, QuicDataWriter* writer) {
6273   if (!writer->WriteVarInt62(frame.sequence_number)) {
6274     set_detailed_error("Can not write New Connection ID sequence number");
6275     return false;
6276   }
6277   if (!writer->WriteVarInt62(frame.retire_prior_to)) {
6278     set_detailed_error("Can not write New Connection ID retire_prior_to");
6279     return false;
6280   }
6281   if (!writer->WriteLengthPrefixedConnectionId(frame.connection_id)) {
6282     set_detailed_error("Can not write New Connection ID frame connection ID");
6283     return false;
6284   }
6285 
6286   if (!writer->WriteBytes(
6287           static_cast<const void*>(&frame.stateless_reset_token),
6288           sizeof(frame.stateless_reset_token))) {
6289     set_detailed_error("Can not write New Connection ID Reset Token");
6290     return false;
6291   }
6292   return true;
6293 }
6294 
ProcessNewConnectionIdFrame(QuicDataReader * reader,QuicNewConnectionIdFrame * frame)6295 bool QuicFramer::ProcessNewConnectionIdFrame(QuicDataReader* reader,
6296                                              QuicNewConnectionIdFrame* frame) {
6297   if (!reader->ReadVarInt62(&frame->sequence_number)) {
6298     set_detailed_error(
6299         "Unable to read new connection ID frame sequence number.");
6300     return false;
6301   }
6302 
6303   if (!reader->ReadVarInt62(&frame->retire_prior_to)) {
6304     set_detailed_error(
6305         "Unable to read new connection ID frame retire_prior_to.");
6306     return false;
6307   }
6308   if (frame->retire_prior_to > frame->sequence_number) {
6309     set_detailed_error("Retire_prior_to > sequence_number.");
6310     return false;
6311   }
6312 
6313   if (!reader->ReadLengthPrefixedConnectionId(&frame->connection_id)) {
6314     set_detailed_error("Unable to read new connection ID frame connection id.");
6315     return false;
6316   }
6317 
6318   if (!QuicUtils::IsConnectionIdValidForVersion(frame->connection_id,
6319                                                 transport_version())) {
6320     set_detailed_error("Invalid new connection ID length for version.");
6321     return false;
6322   }
6323 
6324   if (!reader->ReadBytes(&frame->stateless_reset_token,
6325                          sizeof(frame->stateless_reset_token))) {
6326     set_detailed_error("Can not read new connection ID frame reset token.");
6327     return false;
6328   }
6329   return true;
6330 }
6331 
AppendRetireConnectionIdFrame(const QuicRetireConnectionIdFrame & frame,QuicDataWriter * writer)6332 bool QuicFramer::AppendRetireConnectionIdFrame(
6333     const QuicRetireConnectionIdFrame& frame, QuicDataWriter* writer) {
6334   if (!writer->WriteVarInt62(frame.sequence_number)) {
6335     set_detailed_error("Can not write Retire Connection ID sequence number");
6336     return false;
6337   }
6338   return true;
6339 }
6340 
ProcessRetireConnectionIdFrame(QuicDataReader * reader,QuicRetireConnectionIdFrame * frame)6341 bool QuicFramer::ProcessRetireConnectionIdFrame(
6342     QuicDataReader* reader, QuicRetireConnectionIdFrame* frame) {
6343   if (!reader->ReadVarInt62(&frame->sequence_number)) {
6344     set_detailed_error(
6345         "Unable to read retire connection ID frame sequence number.");
6346     return false;
6347   }
6348   return true;
6349 }
6350 
ReadUint32FromVarint62(QuicDataReader * reader,QuicIetfFrameType type,QuicStreamId * id)6351 bool QuicFramer::ReadUint32FromVarint62(QuicDataReader* reader,
6352                                         QuicIetfFrameType type,
6353                                         QuicStreamId* id) {
6354   uint64_t temp_uint64;
6355   if (!reader->ReadVarInt62(&temp_uint64)) {
6356     set_detailed_error("Unable to read " + QuicIetfFrameTypeString(type) +
6357                        " frame stream id/count.");
6358     return false;
6359   }
6360   if (temp_uint64 > kMaxQuicStreamId) {
6361     set_detailed_error("Stream id/count of " + QuicIetfFrameTypeString(type) +
6362                        "frame is too large.");
6363     return false;
6364   }
6365   *id = static_cast<uint32_t>(temp_uint64);
6366   return true;
6367 }
6368 
GetStreamFrameTypeByte(const QuicStreamFrame & frame,bool last_frame_in_packet) const6369 uint8_t QuicFramer::GetStreamFrameTypeByte(const QuicStreamFrame& frame,
6370                                            bool last_frame_in_packet) const {
6371   if (VersionHasIetfQuicFrames(version_.transport_version)) {
6372     return GetIetfStreamFrameTypeByte(frame, last_frame_in_packet);
6373   }
6374   uint8_t type_byte = 0;
6375   // Fin bit.
6376   type_byte |= frame.fin ? kQuicStreamFinMask : 0;
6377 
6378   // Data Length bit.
6379   type_byte <<= kQuicStreamDataLengthShift;
6380   type_byte |= last_frame_in_packet ? 0 : kQuicStreamDataLengthMask;
6381 
6382   // Offset 3 bits.
6383   type_byte <<= kQuicStreamShift;
6384   const size_t offset_len = GetStreamOffsetSize(frame.offset);
6385   if (offset_len > 0) {
6386     type_byte |= offset_len - 1;
6387   }
6388 
6389   // stream id 2 bits.
6390   type_byte <<= kQuicStreamIdShift;
6391   type_byte |= GetStreamIdSize(frame.stream_id) - 1;
6392   type_byte |= kQuicFrameTypeStreamMask;  // Set Stream Frame Type to 1.
6393 
6394   return type_byte;
6395 }
6396 
GetIetfStreamFrameTypeByte(const QuicStreamFrame & frame,bool last_frame_in_packet) const6397 uint8_t QuicFramer::GetIetfStreamFrameTypeByte(
6398     const QuicStreamFrame& frame, bool last_frame_in_packet) const {
6399   QUICHE_DCHECK(VersionHasIetfQuicFrames(version_.transport_version));
6400   uint8_t type_byte = IETF_STREAM;
6401   if (!last_frame_in_packet) {
6402     type_byte |= IETF_STREAM_FRAME_LEN_BIT;
6403   }
6404   if (frame.offset != 0) {
6405     type_byte |= IETF_STREAM_FRAME_OFF_BIT;
6406   }
6407   if (frame.fin) {
6408     type_byte |= IETF_STREAM_FRAME_FIN_BIT;
6409   }
6410   return type_byte;
6411 }
6412 
EnableMultiplePacketNumberSpacesSupport()6413 void QuicFramer::EnableMultiplePacketNumberSpacesSupport() {
6414   if (supports_multiple_packet_number_spaces_) {
6415     QUIC_BUG(quic_bug_10850_91)
6416         << "Multiple packet number spaces has already been enabled";
6417     return;
6418   }
6419   if (largest_packet_number_.IsInitialized()) {
6420     QUIC_BUG(quic_bug_10850_92)
6421         << "Try to enable multiple packet number spaces support after any "
6422            "packet has been received.";
6423     return;
6424   }
6425 
6426   supports_multiple_packet_number_spaces_ = true;
6427 }
6428 
6429 // static
ParsePublicHeaderDispatcher(const QuicEncryptedPacket & packet,uint8_t expected_destination_connection_id_length,PacketHeaderFormat * format,QuicLongHeaderType * long_packet_type,bool * version_present,bool * has_length_prefix,QuicVersionLabel * version_label,ParsedQuicVersion * parsed_version,QuicConnectionId * destination_connection_id,QuicConnectionId * source_connection_id,std::optional<absl::string_view> * retry_token,std::string * detailed_error)6430 QuicErrorCode QuicFramer::ParsePublicHeaderDispatcher(
6431     const QuicEncryptedPacket& packet,
6432     uint8_t expected_destination_connection_id_length,
6433     PacketHeaderFormat* format, QuicLongHeaderType* long_packet_type,
6434     bool* version_present, bool* has_length_prefix,
6435     QuicVersionLabel* version_label, ParsedQuicVersion* parsed_version,
6436     QuicConnectionId* destination_connection_id,
6437     QuicConnectionId* source_connection_id,
6438     std::optional<absl::string_view>* retry_token,
6439     std::string* detailed_error) {
6440   QuicDataReader reader(packet.data(), packet.length());
6441   if (reader.IsDoneReading()) {
6442     *detailed_error = "Unable to read first byte.";
6443     return QUIC_INVALID_PACKET_HEADER;
6444   }
6445   const uint8_t first_byte = reader.PeekByte();
6446   if ((first_byte & FLAGS_LONG_HEADER) == 0 &&
6447       (first_byte & FLAGS_FIXED_BIT) == 0 &&
6448       (first_byte & FLAGS_DEMULTIPLEXING_BIT) == 0) {
6449     // All versions of Google QUIC up to and including Q043 set
6450     // FLAGS_DEMULTIPLEXING_BIT to one on all client-to-server packets. Q044
6451     // and Q045 were never default-enabled in production. All subsequent
6452     // versions of Google QUIC (starting with Q046) require FLAGS_FIXED_BIT to
6453     // be set to one on all packets. All versions of IETF QUIC (since
6454     // draft-ietf-quic-transport-17 which was earlier than the first IETF QUIC
6455     // version that was deployed in production by any implementation) also
6456     // require FLAGS_FIXED_BIT to be set to one on all packets. If a packet
6457     // has the FLAGS_LONG_HEADER bit set to one, it could be a first flight
6458     // from an unknown future version that allows the other two bits to be set
6459     // to zero. Based on this, packets that have all three of those bits set
6460     // to zero are known to be invalid.
6461     *detailed_error = "Invalid flags.";
6462     return QUIC_INVALID_PACKET_HEADER;
6463   }
6464   const bool ietf_format = QuicUtils::IsIetfPacketHeader(first_byte);
6465   uint8_t unused_first_byte;
6466   quiche::QuicheVariableLengthIntegerLength retry_token_length_length;
6467   absl::string_view maybe_retry_token;
6468   QuicErrorCode error_code = ParsePublicHeader(
6469       &reader, expected_destination_connection_id_length, ietf_format,
6470       &unused_first_byte, format, version_present, has_length_prefix,
6471       version_label, parsed_version, destination_connection_id,
6472       source_connection_id, long_packet_type, &retry_token_length_length,
6473       &maybe_retry_token, detailed_error);
6474   if (retry_token_length_length != quiche::VARIABLE_LENGTH_INTEGER_LENGTH_0) {
6475     *retry_token = maybe_retry_token;
6476   } else {
6477     retry_token->reset();
6478   }
6479   return error_code;
6480 }
6481 
6482 // static
ParsePublicHeaderDispatcherShortHeaderLengthUnknown(const QuicEncryptedPacket & packet,PacketHeaderFormat * format,QuicLongHeaderType * long_packet_type,bool * version_present,bool * has_length_prefix,QuicVersionLabel * version_label,ParsedQuicVersion * parsed_version,QuicConnectionId * destination_connection_id,QuicConnectionId * source_connection_id,std::optional<absl::string_view> * retry_token,std::string * detailed_error,ConnectionIdGeneratorInterface & generator)6483 QuicErrorCode QuicFramer::ParsePublicHeaderDispatcherShortHeaderLengthUnknown(
6484     const QuicEncryptedPacket& packet, PacketHeaderFormat* format,
6485     QuicLongHeaderType* long_packet_type, bool* version_present,
6486     bool* has_length_prefix, QuicVersionLabel* version_label,
6487     ParsedQuicVersion* parsed_version,
6488     QuicConnectionId* destination_connection_id,
6489     QuicConnectionId* source_connection_id,
6490     std::optional<absl::string_view>* retry_token, std::string* detailed_error,
6491     ConnectionIdGeneratorInterface& generator) {
6492   QuicDataReader reader(packet.data(), packet.length());
6493   // Get the first two bytes.
6494   if (reader.BytesRemaining() < 2) {
6495     *detailed_error = "Unable to read first two bytes.";
6496     return QUIC_INVALID_PACKET_HEADER;
6497   }
6498   uint8_t two_bytes[2];
6499   reader.ReadBytes(two_bytes, 2);
6500   uint8_t expected_destination_connection_id_length =
6501       (!QuicUtils::IsIetfPacketHeader(two_bytes[0]) ||
6502        two_bytes[0] & FLAGS_LONG_HEADER)
6503           ? 0
6504           : generator.ConnectionIdLength(two_bytes[1]);
6505   return ParsePublicHeaderDispatcher(
6506       packet, expected_destination_connection_id_length, format,
6507       long_packet_type, version_present, has_length_prefix, version_label,
6508       parsed_version, destination_connection_id, source_connection_id,
6509       retry_token, detailed_error);
6510 }
6511 
6512 // static
ParsePublicHeaderGoogleQuic(QuicDataReader * reader,uint8_t * first_byte,PacketHeaderFormat * format,bool * version_present,QuicVersionLabel * version_label,ParsedQuicVersion * parsed_version,QuicConnectionId * destination_connection_id,std::string * detailed_error)6513 QuicErrorCode QuicFramer::ParsePublicHeaderGoogleQuic(
6514     QuicDataReader* reader, uint8_t* first_byte, PacketHeaderFormat* format,
6515     bool* version_present, QuicVersionLabel* version_label,
6516     ParsedQuicVersion* parsed_version,
6517     QuicConnectionId* destination_connection_id, std::string* detailed_error) {
6518   *format = GOOGLE_QUIC_PACKET;
6519   *version_present = (*first_byte & PACKET_PUBLIC_FLAGS_VERSION) != 0;
6520   uint8_t destination_connection_id_length = 0;
6521   if ((*first_byte & PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID) != 0) {
6522     destination_connection_id_length = kQuicDefaultConnectionIdLength;
6523   }
6524   if (!reader->ReadConnectionId(destination_connection_id,
6525                                 destination_connection_id_length)) {
6526     *detailed_error = "Unable to read ConnectionId.";
6527     return QUIC_INVALID_PACKET_HEADER;
6528   }
6529   if (*version_present) {
6530     if (!ProcessVersionLabel(reader, version_label)) {
6531       *detailed_error = "Unable to read protocol version.";
6532       return QUIC_INVALID_PACKET_HEADER;
6533     }
6534     *parsed_version = ParseQuicVersionLabel(*version_label);
6535   }
6536   return QUIC_NO_ERROR;
6537 }
6538 
6539 namespace {
6540 
6541 const QuicVersionLabel kProxVersionLabel = 0x50524F58;  // "PROX"
6542 
PacketHasLengthPrefixedConnectionIds(const QuicDataReader & reader,ParsedQuicVersion parsed_version,QuicVersionLabel version_label,uint8_t first_byte)6543 inline bool PacketHasLengthPrefixedConnectionIds(
6544     const QuicDataReader& reader, ParsedQuicVersion parsed_version,
6545     QuicVersionLabel version_label, uint8_t first_byte) {
6546   if (parsed_version.IsKnown()) {
6547     return parsed_version.HasLengthPrefixedConnectionIds();
6548   }
6549 
6550   // Received unsupported version, check known old unsupported versions.
6551   if (QuicVersionLabelUses4BitConnectionIdLength(version_label)) {
6552     return false;
6553   }
6554 
6555   // Received unknown version, check connection ID length byte.
6556   if (reader.IsDoneReading()) {
6557     // This check is required to safely peek the connection ID length byte.
6558     return true;
6559   }
6560   const uint8_t connection_id_length_byte = reader.PeekByte();
6561 
6562   // Check for packets produced by older versions of
6563   // QuicFramer::WriteClientVersionNegotiationProbePacket
6564   if (first_byte == 0xc0 && (connection_id_length_byte & 0x0f) == 0 &&
6565       connection_id_length_byte >= 0x50 && version_label == 0xcabadaba) {
6566     return false;
6567   }
6568 
6569   // Check for munged packets with version tag PROX.
6570   if ((connection_id_length_byte & 0x0f) == 0 &&
6571       connection_id_length_byte >= 0x20 && version_label == kProxVersionLabel) {
6572     return false;
6573   }
6574 
6575   return true;
6576 }
6577 
ParseLongHeaderConnectionIds(QuicDataReader & reader,bool has_length_prefix,QuicVersionLabel version_label,QuicConnectionId & destination_connection_id,QuicConnectionId & source_connection_id,std::string & detailed_error)6578 inline bool ParseLongHeaderConnectionIds(
6579     QuicDataReader& reader, bool has_length_prefix,
6580     QuicVersionLabel version_label, QuicConnectionId& destination_connection_id,
6581     QuicConnectionId& source_connection_id, std::string& detailed_error) {
6582   if (has_length_prefix) {
6583     if (!reader.ReadLengthPrefixedConnectionId(&destination_connection_id)) {
6584       detailed_error = "Unable to read destination connection ID.";
6585       return false;
6586     }
6587     if (!reader.ReadLengthPrefixedConnectionId(&source_connection_id)) {
6588       if (version_label == kProxVersionLabel) {
6589         // The "PROX" version does not follow the length-prefixed invariants,
6590         // and can therefore attempt to read a payload byte and interpret it
6591         // as the source connection ID length, which could fail to parse.
6592         // In that scenario we keep the source connection ID empty but mark
6593         // parsing as successful.
6594         return true;
6595       }
6596       detailed_error = "Unable to read source connection ID.";
6597       return false;
6598     }
6599   } else {
6600     // Parse connection ID lengths.
6601     uint8_t connection_id_lengths_byte;
6602     if (!reader.ReadUInt8(&connection_id_lengths_byte)) {
6603       detailed_error = "Unable to read connection ID lengths.";
6604       return false;
6605     }
6606     uint8_t destination_connection_id_length =
6607         (connection_id_lengths_byte & kDestinationConnectionIdLengthMask) >> 4;
6608     if (destination_connection_id_length != 0) {
6609       destination_connection_id_length += kConnectionIdLengthAdjustment;
6610     }
6611     uint8_t source_connection_id_length =
6612         connection_id_lengths_byte & kSourceConnectionIdLengthMask;
6613     if (source_connection_id_length != 0) {
6614       source_connection_id_length += kConnectionIdLengthAdjustment;
6615     }
6616 
6617     // Read destination connection ID.
6618     if (!reader.ReadConnectionId(&destination_connection_id,
6619                                  destination_connection_id_length)) {
6620       detailed_error = "Unable to read destination connection ID.";
6621       return false;
6622     }
6623 
6624     // Read source connection ID.
6625     if (!reader.ReadConnectionId(&source_connection_id,
6626                                  source_connection_id_length)) {
6627       detailed_error = "Unable to read source connection ID.";
6628       return false;
6629     }
6630   }
6631   return true;
6632 }
6633 
6634 }  // namespace
6635 
6636 // static
ParsePublicHeader(QuicDataReader * reader,uint8_t expected_destination_connection_id_length,bool ietf_format,uint8_t * first_byte,PacketHeaderFormat * format,bool * version_present,bool * has_length_prefix,QuicVersionLabel * version_label,ParsedQuicVersion * parsed_version,QuicConnectionId * destination_connection_id,QuicConnectionId * source_connection_id,QuicLongHeaderType * long_packet_type,quiche::QuicheVariableLengthIntegerLength * retry_token_length_length,absl::string_view * retry_token,std::string * detailed_error)6637 QuicErrorCode QuicFramer::ParsePublicHeader(
6638     QuicDataReader* reader, uint8_t expected_destination_connection_id_length,
6639     bool ietf_format, uint8_t* first_byte, PacketHeaderFormat* format,
6640     bool* version_present, bool* has_length_prefix,
6641     QuicVersionLabel* version_label, ParsedQuicVersion* parsed_version,
6642     QuicConnectionId* destination_connection_id,
6643     QuicConnectionId* source_connection_id,
6644     QuicLongHeaderType* long_packet_type,
6645     quiche::QuicheVariableLengthIntegerLength* retry_token_length_length,
6646     absl::string_view* retry_token, std::string* detailed_error) {
6647   *version_present = false;
6648   *has_length_prefix = false;
6649   *version_label = 0;
6650   *parsed_version = UnsupportedQuicVersion();
6651   *source_connection_id = EmptyQuicConnectionId();
6652   *long_packet_type = INVALID_PACKET_TYPE;
6653   *retry_token_length_length = quiche::VARIABLE_LENGTH_INTEGER_LENGTH_0;
6654   *retry_token = absl::string_view();
6655   *detailed_error = "";
6656 
6657   if (!reader->ReadUInt8(first_byte)) {
6658     *detailed_error = "Unable to read first byte.";
6659     return QUIC_INVALID_PACKET_HEADER;
6660   }
6661 
6662   if (!ietf_format) {
6663     return ParsePublicHeaderGoogleQuic(
6664         reader, first_byte, format, version_present, version_label,
6665         parsed_version, destination_connection_id, detailed_error);
6666   }
6667 
6668   *format = GetIetfPacketHeaderFormat(*first_byte);
6669 
6670   if (*format == IETF_QUIC_SHORT_HEADER_PACKET) {
6671     if (!reader->ReadConnectionId(destination_connection_id,
6672                                   expected_destination_connection_id_length)) {
6673       *detailed_error = "Unable to read destination connection ID.";
6674       return QUIC_INVALID_PACKET_HEADER;
6675     }
6676     return QUIC_NO_ERROR;
6677   }
6678 
6679   QUICHE_DCHECK_EQ(IETF_QUIC_LONG_HEADER_PACKET, *format);
6680   *version_present = true;
6681   if (!ProcessVersionLabel(reader, version_label)) {
6682     *detailed_error = "Unable to read protocol version.";
6683     return QUIC_INVALID_PACKET_HEADER;
6684   }
6685 
6686   if (*version_label == 0) {
6687     *long_packet_type = VERSION_NEGOTIATION;
6688   }
6689 
6690   // Parse version.
6691   *parsed_version = ParseQuicVersionLabel(*version_label);
6692 
6693   // Figure out which IETF QUIC invariants this packet follows.
6694   *has_length_prefix = PacketHasLengthPrefixedConnectionIds(
6695       *reader, *parsed_version, *version_label, *first_byte);
6696 
6697   // Parse connection IDs.
6698   if (!ParseLongHeaderConnectionIds(*reader, *has_length_prefix, *version_label,
6699                                     *destination_connection_id,
6700                                     *source_connection_id, *detailed_error)) {
6701     return QUIC_INVALID_PACKET_HEADER;
6702   }
6703 
6704   if (!parsed_version->IsKnown()) {
6705     // Skip parsing of long packet type and retry token for unknown versions.
6706     return QUIC_NO_ERROR;
6707   }
6708 
6709   // Parse long packet type.
6710   *long_packet_type = GetLongHeaderType(*first_byte, *parsed_version);
6711 
6712   switch (*long_packet_type) {
6713     case INVALID_PACKET_TYPE:
6714       *detailed_error = "Unable to parse long packet type.";
6715       return QUIC_INVALID_PACKET_HEADER;
6716     case INITIAL:
6717       if (!parsed_version->SupportsRetry()) {
6718         // Retry token is only present on initial packets for some versions.
6719         return QUIC_NO_ERROR;
6720       }
6721       break;
6722     default:
6723       return QUIC_NO_ERROR;
6724   }
6725 
6726   *retry_token_length_length = reader->PeekVarInt62Length();
6727   uint64_t retry_token_length;
6728   if (!reader->ReadVarInt62(&retry_token_length)) {
6729     *retry_token_length_length = quiche::VARIABLE_LENGTH_INTEGER_LENGTH_0;
6730     *detailed_error = "Unable to read retry token length.";
6731     return QUIC_INVALID_PACKET_HEADER;
6732   }
6733 
6734   if (!reader->ReadStringPiece(retry_token, retry_token_length)) {
6735     *detailed_error = "Unable to read retry token.";
6736     return QUIC_INVALID_PACKET_HEADER;
6737   }
6738 
6739   return QUIC_NO_ERROR;
6740 }
6741 
6742 // static
WriteClientVersionNegotiationProbePacket(char * packet_bytes,QuicByteCount packet_length,const char * destination_connection_id_bytes,uint8_t destination_connection_id_length)6743 bool QuicFramer::WriteClientVersionNegotiationProbePacket(
6744     char* packet_bytes, QuicByteCount packet_length,
6745     const char* destination_connection_id_bytes,
6746     uint8_t destination_connection_id_length) {
6747   if (packet_bytes == nullptr) {
6748     QUIC_BUG(quic_bug_10850_93) << "Invalid packet_bytes";
6749     return false;
6750   }
6751   if (packet_length < kMinPacketSizeForVersionNegotiation ||
6752       packet_length > 65535) {
6753     QUIC_BUG(quic_bug_10850_94) << "Invalid packet_length";
6754     return false;
6755   }
6756   if (destination_connection_id_length > kQuicMaxConnectionId4BitLength ||
6757       destination_connection_id_length < kQuicDefaultConnectionIdLength) {
6758     QUIC_BUG(quic_bug_10850_95) << "Invalid connection_id_length";
6759     return false;
6760   }
6761   // clang-format off
6762   const unsigned char packet_start_bytes[] = {
6763     // IETF long header with fixed bit set, type initial, all-0 encrypted bits.
6764     0xc0,
6765     // Version, part of the IETF space reserved for negotiation.
6766     // This intentionally differs from QuicVersionReservedForNegotiation()
6767     // to allow differentiating them over the wire.
6768     0xca, 0xba, 0xda, 0xda,
6769   };
6770   // clang-format on
6771   static_assert(sizeof(packet_start_bytes) == 5, "bad packet_start_bytes size");
6772   QuicDataWriter writer(packet_length, packet_bytes);
6773   if (!writer.WriteBytes(packet_start_bytes, sizeof(packet_start_bytes))) {
6774     QUIC_BUG(quic_bug_10850_96) << "Failed to write packet start";
6775     return false;
6776   }
6777 
6778   QuicConnectionId destination_connection_id(destination_connection_id_bytes,
6779                                              destination_connection_id_length);
6780   if (!AppendIetfConnectionIds(
6781           /*version_flag=*/true, /*use_length_prefix=*/true,
6782           destination_connection_id, EmptyQuicConnectionId(), &writer)) {
6783     QUIC_BUG(quic_bug_10850_97) << "Failed to write connection IDs";
6784     return false;
6785   }
6786   // Add 8 bytes of zeroes followed by 8 bytes of ones to ensure that this does
6787   // not parse with any known version. The zeroes make sure that packet numbers,
6788   // retry token lengths and payload lengths are parsed as zero, and if the
6789   // zeroes are treated as padding frames, 0xff is known to not parse as a
6790   // valid frame type.
6791   if (!writer.WriteUInt64(0) ||
6792       !writer.WriteUInt64(std::numeric_limits<uint64_t>::max())) {
6793     QUIC_BUG(quic_bug_10850_98) << "Failed to write 18 bytes";
6794     return false;
6795   }
6796   // Make sure the polite greeting below is padded to a 16-byte boundary to
6797   // make it easier to read in tcpdump.
6798   while (writer.length() % 16 != 0) {
6799     if (!writer.WriteUInt8(0)) {
6800       QUIC_BUG(quic_bug_10850_99) << "Failed to write padding byte";
6801       return false;
6802     }
6803   }
6804   // Add a polite greeting in case a human sees this in tcpdump.
6805   static const char polite_greeting[] =
6806       "This packet only exists to trigger IETF QUIC version negotiation. "
6807       "Please respond with a Version Negotiation packet indicating what "
6808       "versions you support. Thank you and have a nice day.";
6809   if (!writer.WriteBytes(polite_greeting, sizeof(polite_greeting))) {
6810     QUIC_BUG(quic_bug_10850_100) << "Failed to write polite greeting";
6811     return false;
6812   }
6813   // Fill the rest of the packet with zeroes.
6814   writer.WritePadding();
6815   QUICHE_DCHECK_EQ(0u, writer.remaining());
6816   return true;
6817 }
6818 
6819 // static
ParseServerVersionNegotiationProbeResponse(const char * packet_bytes,QuicByteCount packet_length,char * source_connection_id_bytes,uint8_t * source_connection_id_length_out,std::string * detailed_error)6820 bool QuicFramer::ParseServerVersionNegotiationProbeResponse(
6821     const char* packet_bytes, QuicByteCount packet_length,
6822     char* source_connection_id_bytes, uint8_t* source_connection_id_length_out,
6823     std::string* detailed_error) {
6824   if (detailed_error == nullptr) {
6825     QUIC_BUG(quic_bug_10850_101) << "Invalid error_details";
6826     return false;
6827   }
6828   *detailed_error = "";
6829   if (packet_bytes == nullptr) {
6830     *detailed_error = "Invalid packet_bytes";
6831     return false;
6832   }
6833   if (packet_length < 6) {
6834     *detailed_error = "Invalid packet_length";
6835     return false;
6836   }
6837   if (source_connection_id_bytes == nullptr) {
6838     *detailed_error = "Invalid source_connection_id_bytes";
6839     return false;
6840   }
6841   if (source_connection_id_length_out == nullptr) {
6842     *detailed_error = "Invalid source_connection_id_length_out";
6843     return false;
6844   }
6845   QuicDataReader reader(packet_bytes, packet_length);
6846   uint8_t type_byte = 0;
6847   if (!reader.ReadUInt8(&type_byte)) {
6848     *detailed_error = "Failed to read type byte";
6849     return false;
6850   }
6851   if ((type_byte & 0x80) == 0) {
6852     *detailed_error = "Packet does not have long header";
6853     return false;
6854   }
6855   uint32_t version = 0;
6856   if (!reader.ReadUInt32(&version)) {
6857     *detailed_error = "Failed to read version";
6858     return false;
6859   }
6860   if (version != 0) {
6861     *detailed_error = "Packet is not a version negotiation packet";
6862     return false;
6863   }
6864 
6865   QuicConnectionId destination_connection_id, source_connection_id;
6866   if (!reader.ReadLengthPrefixedConnectionId(&destination_connection_id)) {
6867     *detailed_error = "Failed to read destination connection ID";
6868     return false;
6869   }
6870   if (!reader.ReadLengthPrefixedConnectionId(&source_connection_id)) {
6871     *detailed_error = "Failed to read source connection ID";
6872     return false;
6873   }
6874 
6875   if (destination_connection_id.length() != 0) {
6876     *detailed_error = "Received unexpected destination connection ID length";
6877     return false;
6878   }
6879   if (*source_connection_id_length_out < source_connection_id.length()) {
6880     *detailed_error =
6881         absl::StrCat("*source_connection_id_length_out too small ",
6882                      static_cast<int>(*source_connection_id_length_out), " < ",
6883                      static_cast<int>(source_connection_id.length()));
6884     return false;
6885   }
6886 
6887   memcpy(source_connection_id_bytes, source_connection_id.data(),
6888          source_connection_id.length());
6889   *source_connection_id_length_out = source_connection_id.length();
6890 
6891   return true;
6892 }
6893 
6894 // Look for and parse the error code from the "<quic_error_code>:" text that
6895 // may be present at the start of the CONNECTION_CLOSE error details string.
6896 // This text, inserted by the peer if it's using Google's QUIC implementation,
6897 // contains additional error information that narrows down the exact error.  If
6898 // the string is not found, or is not properly formed, it returns
6899 // ErrorCode::QUIC_IETF_GQUIC_ERROR_MISSING
MaybeExtractQuicErrorCode(QuicConnectionCloseFrame * frame)6900 void MaybeExtractQuicErrorCode(QuicConnectionCloseFrame* frame) {
6901   std::vector<absl::string_view> ed = absl::StrSplit(frame->error_details, ':');
6902   uint64_t extracted_error_code;
6903   if (ed.size() < 2 || !quiche::QuicheTextUtils::IsAllDigits(ed[0]) ||
6904       !absl::SimpleAtoi(ed[0], &extracted_error_code) ||
6905       extracted_error_code >
6906           std::numeric_limits<
6907               std::underlying_type<QuicErrorCode>::type>::max()) {
6908     if (frame->close_type == IETF_QUIC_TRANSPORT_CONNECTION_CLOSE &&
6909         frame->wire_error_code == NO_IETF_QUIC_ERROR) {
6910       frame->quic_error_code = QUIC_NO_ERROR;
6911     } else {
6912       frame->quic_error_code = QUIC_IETF_GQUIC_ERROR_MISSING;
6913     }
6914     return;
6915   }
6916   // Return the error code (numeric) and the error details string without the
6917   // error code prefix. Note that Split returns everything up to, but not
6918   // including, the split character, so the length of ed[0] is just the number
6919   // of digits in the error number. In removing the prefix, 1 is added to the
6920   // length to account for the :
6921   absl::string_view x = absl::string_view(frame->error_details);
6922   x.remove_prefix(ed[0].length() + 1);
6923   frame->error_details = std::string(x);
6924   frame->quic_error_code = static_cast<QuicErrorCode>(extracted_error_code);
6925 }
6926 
6927 #undef ENDPOINT  // undef for jumbo builds
6928 }  // namespace quic
6929