]> git.ipfire.org Git - thirdparty/openssl.git/blob - ssl/quic/quic_rx_depack.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Fix 32-bit Windows issues related to QUIC_ACKM / QUIC_CC
[thirdparty/openssl.git] / ssl / quic / quic_rx_depack.c
1 /*
2 * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include "internal/packet.h"
11 #include "internal/nelem.h"
12 #include "internal/quic_wire.h"
13 #include "internal/quic_record_rx.h"
14 #include "internal/quic_ackm.h"
15 #include "internal/quic_rx_depack.h"
16 #include "internal/sockets.h"
17
18 #include "quic_record_rx_wrap.h"
19 #include "quic_local.h"
20 #include "../ssl_local.h"
21
22 /*
23 * TODO(QUIC): ASSUMPTION: the QUIC_CONNECTION structure refers to other related
24 * components, such as OSSL_ACKM and OSSL_QRX, in some manner. These macros
25 * should be used to get those components.
26 */
27 #define GET_CONN_ACKM(c) ((c)->ackm)
28 #define GET_CONN_QRX(c) ((c)->qrx)
29 #define GET_CONN_STATEM(c) ((c)->ssl.statem)
30
31 #if 0 /* Currently unimplemented */
32 # define GET_CONN_ACK_DELAY_EXP(c) (QUIC_CONNECTION_get_ack_delay_exponent(c))
33 #else
34 /* 3 is the default, see RFC 9000, 18.2. Transport Parameter Definitions */
35 # define GET_CONN_ACK_DELAY_EXP(c) 3
36 #endif
37
38 /* TODO(QUIC): [BEGIN: TO BE REMOVED] placeholder macros and functions */
39
40 /* Diverse things that should be implemented elsewhere, bur currently aren't. */
41
42 typedef struct quic_stream_st QUIC_STREAM;
43
44 /*
45 * TODO(QUIC): ASSUMPTION: ssl_get_stream() gets a QUIC_STREAM from a connection
46 * by stream ID. For now, we simply return a fake stream.
47 */
48 static QUIC_STREAM *ssl_get_stream(QUIC_CONNECTION *conn, uint64_t stream_id)
49 {
50 static uint64_t fake_stream = 0;
51
52 return (QUIC_STREAM *)&fake_stream;
53 }
54
55 /*
56 * TODO(QUIC): ASSUMPTION: ssl_get_stream_type() gets a stream type from a
57 * QUIC_STREAM
58 */
59 /* Receive */
60 #define SSL_STREAM_TYPE_R 1
61 /* Send */
62 #define SSL_STREAM_TYPE_S 2
63 /* Bidirectional */
64 #define SSL_STREAM_TYPE_B (SSL_STREAM_TYPE_R|SSL_STREAM_TYPE_S)
65 static int ssl_get_stream_type(QUIC_STREAM *stream)
66 {
67 return SSL_STREAM_TYPE_B;
68 }
69
70 /*
71 * TODO(QUIC): ASSUMPTION: ssl_queue_data() adds data to a QUIC_STREAM, to be
72 * consumed by the application when doing an SSL_read().
73 *
74 * We assume that queuing of the data has to be done without copying, thus
75 * we get the reference counting QRX packet wrapper so it can increment the
76 * reference count. When the data is consumed (i.e. as a result of, say,
77 * SSL_read()), ossl_qrx_pkt_wrap_free() must be called.
78 */
79 static int ssl_queue_data(QUIC_STREAM *stream, OSSL_QRX_PKT_WRAP *pkt_wrap,
80 const unsigned char *data, uint64_t data_len,
81 uint64_t logical_offset, int is_fin)
82 {
83 /*
84 * Since this function is just a placeholder that doesn't actually queue
85 * anything, we do nothing here, not even the reference count increment.
86 */
87
88 /*
89 * 1. Queuing the data and the parent packet wrapper should happen here,
90 * and this call with it:
91 *
92 * ossl_qrx_pkt_wrap_up_ref(pkt_wrap);
93 *
94 * 2. Dequeuing the data happens somewhere else, and this call with it
95 * (|pkt_wrap| replaced with the pointer from the queue):
96 *
97 * ossl_qrx_pkt_wrap_free(pkt_wrap);
98 */
99 return 1;
100 }
101
102 /*
103 * TODO(QUIC): ASSUMPTION: ssl_close_stream() detaches the QUIC_STREAM from
104 * the QUIC_CONNECTION it's attached to, and then destroys that QUIC_STREAM
105 * (as well as its SSL object). |how| works the same way as in shutdown(2),
106 * i.e. |SHUT_RD| closes the reader part, |SHUT_WR| closes the writer part.
107 */
108 static int ssl_close_stream(QUIC_STREAM *stream, int how)
109 {
110 return 1;
111 }
112
113 /*
114 * TODO(QUIC): ASSUMPTION: ssl_close_connection() closes all the streams that
115 * are attached to it, then closes the QUIC_CONNECTION as well.
116 * Actual cleanup / destruction of the QUIC_CONNECTION is assumed to be done
117 * higher up in the call stack (state machine, for example?).
118 */
119 static int ssl_close_connection(QUIC_CONNECTION *connection)
120 {
121 return 1;
122 }
123
124 /*
125 * TODO(QUIC): ASSUMPTION: ossl_statem_set_error_state() sets an overall error
126 * state in the state machine. It's up to the state machine to determine what
127 * to do with it.
128 */
129 #define QUIC_STREAM_STATE_ERROR 1
130
131 /*
132 * QUICfatal() et al is the same as SSLfatal(), but for QUIC. We define a
133 * placeholder here as long as it's not defined elsewhere.
134 *
135 * ossl_quic_fatal() is an error reporting building block used instead of
136 * ERR_set_error(). In addition to what ERR_set_error() does, this puts
137 * the state machine into an error state and sends an alert if appropriate,
138 * and also closes the current connection.
139 * This is a permanent error for the current connection.
140 */
141 #ifndef QUICfatal
142
143 static void ossl_quic_fatal(QUIC_CONNECTION *c, int al, int reason,
144 const char *fmt, ...)
145 {
146 va_list args;
147
148 va_start(args, fmt);
149 ERR_vset_error(ERR_LIB_SSL, reason, fmt, args);
150 va_end(args);
151
152 /*
153 * TODO(QUIC): ADD CODE to set the state machine error.
154 * It's assumed that you can get the state machine with
155 * GET_CONN_STATEM(c)
156 */
157
158 ssl_close_connection(c);
159
160 }
161 # define QUICfatal(c, al, r) QUICfatal_data((c), (al), (r), NULL)
162 # define QUICfatal_data \
163 (ERR_new(), \
164 ERR_set_debug(OPENSSL_FILE, OPENSSL_LINE, OPENSSL_FUNC), \
165 ossl_quic_fatal)
166 #endif
167
168 /* TODO(QUIC): [END: TO BE REMOVED] */
169
170 /*
171 * Helper functions to process different frame types.
172 *
173 * Typically, those that are ACK eliciting will take an OSSL_ACKM_RX_PKT
174 * pointer argument, the few that aren't ACK eliciting will not. This makes
175 * them a verifiable pattern against tables where this is specified.
176 */
177
178 static int depack_do_frame_padding(PACKET *pkt)
179 {
180 /* We ignore this frame */
181 return ossl_quic_wire_decode_padding(pkt);
182 }
183
184 static int depack_do_frame_ping(PACKET *pkt, OSSL_ACKM_RX_PKT *ackm_data)
185 {
186 /* We ignore this frame, apart from eliciting an ACK */
187 if (!ossl_quic_wire_decode_frame_ping(pkt))
188 return 0;
189 /* This frame makes the packet ACK eliciting */
190 ackm_data->is_ack_eliciting = 1;
191 return 1;
192 }
193
194 static int depack_do_frame_ack(PACKET *pkt, QUIC_CONNECTION *connection,
195 int packet_space, OSSL_TIME received)
196 {
197 OSSL_QUIC_FRAME_ACK ack;
198 OSSL_QUIC_ACK_RANGE *ack_ranges;
199 uint64_t total_ranges = 0;
200 uint32_t ack_delay_exp = GET_CONN_ACK_DELAY_EXP(connection);
201 int ok = 1; /* Assume the best */
202
203 if (!ossl_quic_wire_peek_frame_ack_num_ranges(pkt, &total_ranges)
204 /* In case sizeof(uint64_t) > sizeof(size_t) */
205 || total_ranges > SIZE_MAX / sizeof(ack_ranges[0])
206 || (ack_ranges = OPENSSL_zalloc(sizeof(ack_ranges[0])
207 * (size_t)total_ranges)) == NULL)
208 return 0;
209
210 ack.ack_ranges = ack_ranges;
211 ack.num_ack_ranges = (size_t)total_ranges;
212
213 if (!ossl_quic_wire_decode_frame_ack(pkt, ack_delay_exp, &ack, NULL))
214 ok = 0;
215 if (ok
216 && !ossl_ackm_on_rx_ack_frame(GET_CONN_ACKM(connection), &ack,
217 packet_space, received))
218 ok = 0;
219
220 OPENSSL_free(ack_ranges);
221 if (!ok)
222 return 0;
223 return 1;
224 }
225
226 static int depack_do_frame_reset_stream(PACKET *pkt,
227 QUIC_CONNECTION *connection,
228 OSSL_ACKM_RX_PKT *ackm_data)
229 {
230 OSSL_QUIC_FRAME_RESET_STREAM frame_data;
231 QUIC_STREAM *stream = NULL;
232 int stream_type = 0;
233
234 if (!ossl_quic_wire_decode_frame_reset_stream(pkt, &frame_data))
235 return 0;
236
237 /* This frame makes the packet ACK eliciting */
238 ackm_data->is_ack_eliciting = 1;
239
240 if ((stream = ssl_get_stream(connection, frame_data.stream_id)) == NULL)
241 return 0;
242 stream_type = ssl_get_stream_type(stream);
243
244 ssl_close_stream(stream, SHUT_WR); /* Reuse shutdown(2) symbols */
245 if ((stream_type & SSL_STREAM_TYPE_S) != 0) {
246 QUICfatal(connection, QUIC_STREAM_STATE_ERROR, ERR_R_INTERNAL_ERROR);
247 return 0;
248 }
249 return 1;
250 }
251
252 static int depack_do_frame_stop_sending(PACKET *pkt,
253 QUIC_CONNECTION *connection,
254 OSSL_ACKM_RX_PKT *ackm_data)
255 {
256 OSSL_QUIC_FRAME_STOP_SENDING frame_data;
257 QUIC_STREAM *stream = NULL;
258 int stream_type = 0;
259
260 if (!ossl_quic_wire_decode_frame_stop_sending(pkt, &frame_data))
261 return 0;
262
263 /* This frame makes the packet ACK eliciting */
264 ackm_data->is_ack_eliciting = 1;
265
266 if ((stream = ssl_get_stream(connection, frame_data.stream_id)) == NULL)
267 return 0;
268 stream_type = ssl_get_stream_type(stream);
269
270 ssl_close_stream(stream, SHUT_RD); /* Reuse shutdown(2) symbols */
271 if ((stream_type & SSL_STREAM_TYPE_R) != 0) {
272 QUICfatal(connection, QUIC_STREAM_STATE_ERROR, ERR_R_INTERNAL_ERROR);
273 return 0;
274 }
275 return 1;
276 }
277
278 static int depack_do_frame_crypto(PACKET *pkt, QUIC_CONNECTION *connection,
279 OSSL_ACKM_RX_PKT *ackm_data)
280 {
281 OSSL_QUIC_FRAME_CRYPTO frame_data;
282
283 if (!ossl_quic_wire_decode_frame_crypto(pkt, &frame_data))
284 return 0;
285
286 /* This frame makes the packet ACK eliciting */
287 ackm_data->is_ack_eliciting = 1;
288
289 /* TODO(QUIC): ADD CODE to send |frame_data.data| to the handshake manager */
290
291 return 1;
292 }
293
294 static int depack_do_frame_new_token(PACKET *pkt, QUIC_CONNECTION *connection,
295 OSSL_ACKM_RX_PKT *ackm_data)
296 {
297 const uint8_t *token;
298 size_t token_len;
299
300 if (!ossl_quic_wire_decode_frame_new_token(pkt, &token, &token_len))
301 return 0;
302
303 /* This frame makes the packet ACK eliciting */
304 ackm_data->is_ack_eliciting = 1;
305
306 /* TODO(QUIC): ADD CODE to send |token| to the session manager */
307
308 return 1;
309 }
310
311 static int depack_do_frame_stream(PACKET *pkt, QUIC_CONNECTION *connection,
312 OSSL_QRX_PKT_WRAP *parent_pkt,
313 OSSL_ACKM_RX_PKT *ackm_data)
314 {
315 OSSL_QUIC_FRAME_STREAM frame_data;
316 QUIC_STREAM *stream;
317
318 if (!ossl_quic_wire_decode_frame_stream(pkt, &frame_data))
319 return 0;
320
321 /* This frame makes the packet ACK eliciting */
322 ackm_data->is_ack_eliciting = 1;
323
324 /*
325 * TODO(QUIC): ASSUMPTION: ssl_get_stream() gets a QUIC_STREAM from a
326 * QUIC_CONNECTION by stream ID.
327 */
328 if ((stream = ssl_get_stream(connection, frame_data.stream_id)) == NULL)
329 return 0;
330 /*
331 * TODO(QUIC): ASSUMPTION: ssl_queue_data() knows what to do with
332 * |frame_data.offset| and |frame_data.is_fin|.
333 */
334 if (!ssl_queue_data(stream, parent_pkt, frame_data.data, frame_data.len,
335 frame_data.offset, frame_data.is_fin))
336 return 0;
337 return 1;
338 }
339
340 static int depack_do_frame_max_data(PACKET *pkt, QUIC_CONNECTION *connection,
341 OSSL_ACKM_RX_PKT *ackm_data)
342 {
343 uint64_t max_data = 0;
344
345 if (!ossl_quic_wire_decode_frame_max_data(pkt, &max_data))
346 return 0;
347
348 /* This frame makes the packet ACK eliciting */
349 ackm_data->is_ack_eliciting = 1;
350
351 /* TODO(QUIC): ADD CODE to send |max_data| to flow control */
352
353 return 1;
354 }
355
356 static int depack_do_frame_max_stream_data(PACKET *pkt,
357 QUIC_CONNECTION *connection,
358 OSSL_ACKM_RX_PKT *ackm_data)
359 {
360 uint64_t stream_id = 0;
361 uint64_t max_stream_data = 0;
362
363 if (!ossl_quic_wire_decode_frame_max_stream_data(pkt, &stream_id,
364 &max_stream_data))
365 return 0;
366
367 /* This frame makes the packet ACK eliciting */
368 ackm_data->is_ack_eliciting = 1;
369
370 /* TODO(QUIC): ADD CODE to send |max_stream_data| to flow control */
371
372 return 1;
373 }
374
375 static int depack_do_frame_max_streams(PACKET *pkt,
376 QUIC_CONNECTION *connection,
377 OSSL_ACKM_RX_PKT *ackm_data)
378 {
379 uint64_t max_streams = 0;
380
381 if (!ossl_quic_wire_decode_frame_max_streams(pkt, &max_streams))
382 return 0;
383
384 /* This frame makes the packet ACK eliciting */
385 ackm_data->is_ack_eliciting = 1;
386
387 /* TODO(QUIC): ADD CODE to send |max_streams| to the connection manager */
388
389 return 1;
390 }
391
392 static int depack_do_frame_data_blocked(PACKET *pkt,
393 QUIC_CONNECTION *connection,
394 OSSL_ACKM_RX_PKT *ackm_data)
395 {
396 uint64_t max_data = 0;
397
398 if (!ossl_quic_wire_decode_frame_data_blocked(pkt, &max_data))
399 return 0;
400
401 /* This frame makes the packet ACK eliciting */
402 ackm_data->is_ack_eliciting = 1;
403
404 /* TODO(QUIC): ADD CODE to send |max_data| to flow control */
405
406 return 1;
407 }
408
409 static int depack_do_frame_stream_data_blocked(PACKET *pkt,
410 QUIC_CONNECTION *connection,
411 OSSL_ACKM_RX_PKT *ackm_data)
412 {
413 uint64_t stream_id = 0;
414 uint64_t max_data = 0;
415
416 if (!ossl_quic_wire_decode_frame_stream_data_blocked(pkt, &stream_id,
417 &max_data))
418 return 0;
419
420 /* This frame makes the packet ACK eliciting */
421 ackm_data->is_ack_eliciting = 1;
422
423 /* TODO(QUIC): ADD CODE to send |max_data| to flow control */
424
425 return 1;
426 }
427
428 static int depack_do_frame_streams_blocked(PACKET *pkt,
429 QUIC_CONNECTION *connection,
430 OSSL_ACKM_RX_PKT *ackm_data)
431 {
432 uint64_t max_data = 0;
433
434 if (!ossl_quic_wire_decode_frame_streams_blocked(pkt, &max_data))
435 return 0;
436
437 /* This frame makes the packet ACK eliciting */
438 ackm_data->is_ack_eliciting = 1;
439
440 /* TODO(QUIC): ADD CODE to send |max_data| to connection manager */
441
442 return 1;
443 }
444
445 static int depack_do_frame_new_conn_id(PACKET *pkt,
446 QUIC_CONNECTION *connection,
447 OSSL_ACKM_RX_PKT *ackm_data)
448 {
449 OSSL_QUIC_FRAME_NEW_CONN_ID frame_data;
450
451 if (!ossl_quic_wire_decode_frame_new_conn_id(pkt, &frame_data))
452 return 0;
453
454 /* This frame makes the packet ACK eliciting */
455 ackm_data->is_ack_eliciting = 1;
456
457 /* TODO(QUIC): ADD CODE to send |frame_data.data| to the connection manager */
458
459 return 1;
460 }
461
462 static int depack_do_frame_retire_conn_id(PACKET *pkt,
463 QUIC_CONNECTION *connection,
464 OSSL_ACKM_RX_PKT *ackm_data)
465 {
466 uint64_t seq_num;
467
468 if (!ossl_quic_wire_decode_frame_retire_conn_id(pkt, &seq_num))
469 return 0;
470
471 /* This frame makes the packet ACK eliciting */
472 ackm_data->is_ack_eliciting = 1;
473
474 /* TODO(QUIC): ADD CODE to send |seq_num| to the connection manager */
475 return 1;
476 }
477
478 static int depack_do_frame_path_challenge(PACKET *pkt,
479 QUIC_CONNECTION *connection,
480 OSSL_ACKM_RX_PKT *ackm_data)
481 {
482 uint64_t frame_data = 0;
483
484 if (!ossl_quic_wire_decode_frame_path_challenge(pkt, &frame_data))
485 return 0;
486
487 /* This frame makes the packet ACK eliciting */
488 ackm_data->is_ack_eliciting = 1;
489
490 /* TODO(QUIC): ADD CODE to send |frame_data| to the connection manager */
491
492 return 1;
493 }
494
495 static int depack_do_frame_path_response(PACKET *pkt,
496 QUIC_CONNECTION *connection,
497 OSSL_ACKM_RX_PKT *ackm_data)
498 {
499 uint64_t frame_data = 0;
500
501 if (!ossl_quic_wire_decode_frame_path_response(pkt, &frame_data))
502 return 0;
503
504 /* This frame makes the packet ACK eliciting */
505 ackm_data->is_ack_eliciting = 1;
506
507 /* TODO(QUIC): ADD CODE to send |frame_data| to the connection manager */
508
509 return 1;
510 }
511
512 static int depack_do_frame_conn_close(PACKET *pkt, QUIC_CONNECTION *connection)
513 {
514 OSSL_QUIC_FRAME_CONN_CLOSE frame_data;
515
516 if (!ossl_quic_wire_decode_frame_conn_close(pkt, &frame_data))
517 return 0;
518
519 /* TODO(QUIC): ADD CODE to send |frame_data| to the connection manager */
520
521 return 1;
522 }
523
524 static int depack_do_frame_handshake_done(PACKET *pkt,
525 QUIC_CONNECTION *connection,
526 OSSL_ACKM_RX_PKT *ackm_data)
527 {
528 if (!ossl_quic_wire_decode_frame_handshake_done(pkt))
529 return 0;
530
531 /* This frame makes the packet ACK eliciting */
532 ackm_data->is_ack_eliciting = 1;
533
534 /* TODO(QUIC): ADD CODE to tell the handshake manager that we're done */
535
536 return 1;
537 }
538
539 static int depack_do_frame_unknown_extension(PACKET *pkt,
540 QUIC_CONNECTION *connection,
541 OSSL_ACKM_RX_PKT *ackm_data)
542 {
543 /*
544 * According to RFC 9000, 19.21. Extension Frames, extension frames
545 * should be ACK eliciting. It might be over zealous to do so for
546 * extensions OpenSSL doesn't know how to handle, but shouldn't hurt
547 * either.
548 */
549
550 /* This frame makes the packet ACK eliciting */
551 ackm_data->is_ack_eliciting = 1;
552
553 /*
554 * Because we have no idea how to advance to the next frame, we return 0
555 * everywhere, thereby stopping the depacketizing process.
556 */
557
558 return 0;
559 }
560
561 /* Main frame processor */
562
563 static int depack_process_frames(QUIC_CONNECTION *connection, PACKET *pkt,
564 OSSL_QRX_PKT_WRAP *parent_pkt, int packet_space,
565 OSSL_TIME received, OSSL_ACKM_RX_PKT *ackm_data)
566 {
567 uint32_t pkt_type = parent_pkt->pkt->hdr->type;
568
569 while (PACKET_remaining(pkt) > 0) {
570 uint64_t frame_type;
571
572 if (!ossl_quic_wire_peek_frame_header(pkt, &frame_type))
573 return 0;
574
575 switch (frame_type) {
576 case OSSL_QUIC_FRAME_TYPE_PING:
577 /* Allowed in all packet types */
578 if (!depack_do_frame_ping(pkt, ackm_data))
579 return 0;
580 break;
581 case OSSL_QUIC_FRAME_TYPE_PADDING:
582 /* Allowed in all packet types */
583 if (!depack_do_frame_padding(pkt))
584 return 0;
585 break;
586
587 case OSSL_QUIC_FRAME_TYPE_ACK_WITHOUT_ECN:
588 case OSSL_QUIC_FRAME_TYPE_ACK_WITH_ECN:
589 /* ACK frames are valid everywhere except in 0RTT packets */
590 if (pkt_type == QUIC_PKT_TYPE_0RTT)
591 return 0;
592 if (!depack_do_frame_ack(pkt, connection, packet_space, received))
593 return 0;
594 break;
595
596 case OSSL_QUIC_FRAME_TYPE_RESET_STREAM:
597 /* RESET_STREAM frames are valid in 0RTT and 1RTT packets */
598 if (pkt_type != QUIC_PKT_TYPE_0RTT
599 && pkt_type != QUIC_PKT_TYPE_1RTT)
600 return 0;
601 if (!depack_do_frame_reset_stream(pkt, connection, ackm_data))
602 return 0;
603 break;
604 case OSSL_QUIC_FRAME_TYPE_STOP_SENDING:
605 /* STOP_SENDING frames are valid in 0RTT and 1RTT packets */
606 if (pkt_type != QUIC_PKT_TYPE_0RTT
607 && pkt_type != QUIC_PKT_TYPE_1RTT)
608 return 0;
609 if (!depack_do_frame_stop_sending(pkt, connection, ackm_data))
610 return 0;
611 break;
612 case OSSL_QUIC_FRAME_TYPE_CRYPTO:
613 /* CRYPTO frames are valid everywhere except in 0RTT packets */
614 if (pkt_type == QUIC_PKT_TYPE_0RTT)
615 return 0;
616 if (!depack_do_frame_crypto(pkt, connection, ackm_data))
617 return 0;
618 break;
619 case OSSL_QUIC_FRAME_TYPE_NEW_TOKEN:
620 /* NEW_TOKEN frames are valid in 1RTT packets */
621 if (pkt_type != QUIC_PKT_TYPE_1RTT)
622 return 0;
623 if (!depack_do_frame_new_token(pkt, connection, ackm_data))
624 return 0;
625 break;
626
627 case OSSL_QUIC_FRAME_TYPE_STREAM:
628 case OSSL_QUIC_FRAME_TYPE_STREAM_FIN:
629 case OSSL_QUIC_FRAME_TYPE_STREAM_LEN:
630 case OSSL_QUIC_FRAME_TYPE_STREAM_LEN_FIN:
631 case OSSL_QUIC_FRAME_TYPE_STREAM_OFF:
632 case OSSL_QUIC_FRAME_TYPE_STREAM_OFF_FIN:
633 case OSSL_QUIC_FRAME_TYPE_STREAM_OFF_LEN:
634 case OSSL_QUIC_FRAME_TYPE_STREAM_OFF_LEN_FIN:
635 /* STREAM frames are valid in 0RTT and 1RTT packets */
636 if (pkt_type != QUIC_PKT_TYPE_0RTT
637 && pkt_type != QUIC_PKT_TYPE_1RTT)
638 return 0;
639 if (!depack_do_frame_stream(pkt, connection, parent_pkt, ackm_data))
640 return 0;
641 break;
642
643 case OSSL_QUIC_FRAME_TYPE_MAX_DATA:
644 /* MAX_DATA frames are valid in 0RTT and 1RTT packets */
645 if (pkt_type != QUIC_PKT_TYPE_0RTT
646 && pkt_type != QUIC_PKT_TYPE_1RTT)
647 return 0;
648 if (!depack_do_frame_max_data(pkt, connection, ackm_data))
649 return 0;
650 break;
651 case OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA:
652 /* MAX_STREAM_DATA frames are valid in 0RTT and 1RTT packets */
653 if (pkt_type != QUIC_PKT_TYPE_0RTT
654 && pkt_type != QUIC_PKT_TYPE_1RTT)
655 return 0;
656 if (!depack_do_frame_max_stream_data(pkt, connection, ackm_data))
657 return 0;
658 break;
659
660 case OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_BIDI:
661 case OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_UNI:
662 /* MAX_STREAMS frames are valid in 0RTT and 1RTT packets */
663 if (pkt_type != QUIC_PKT_TYPE_0RTT
664 && pkt_type != QUIC_PKT_TYPE_1RTT)
665 return 0;
666 if (!depack_do_frame_max_streams(pkt, connection, ackm_data))
667 return 0;
668 break;
669
670 case OSSL_QUIC_FRAME_TYPE_DATA_BLOCKED:
671 /* DATA_BLOCKED frames are valid in 0RTT and 1RTT packets */
672 if (pkt_type != QUIC_PKT_TYPE_0RTT
673 && pkt_type != QUIC_PKT_TYPE_1RTT)
674 return 0;
675 if (!depack_do_frame_data_blocked(pkt, connection, ackm_data))
676 return 0;
677 break;
678 case OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED:
679 /* STREAM_DATA_BLOCKED frames are valid in 0RTT and 1RTT packets */
680 if (pkt_type != QUIC_PKT_TYPE_0RTT
681 && pkt_type != QUIC_PKT_TYPE_1RTT)
682 return 0;
683 if (!depack_do_frame_stream_data_blocked(pkt, connection, ackm_data))
684 return 0;
685 break;
686
687 case OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_BIDI:
688 case OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_UNI:
689 /* STREAMS_BLOCKED frames are valid in 0RTT and 1RTT packets */
690 if (pkt_type != QUIC_PKT_TYPE_0RTT
691 && pkt_type != QUIC_PKT_TYPE_1RTT)
692 return 0;
693 if (!depack_do_frame_streams_blocked(pkt, connection, ackm_data))
694 return 0;
695 break;
696
697 case OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID:
698 /* NEW_CONN_ID frames are valid in 0RTT and 1RTT packets */
699 if (pkt_type != QUIC_PKT_TYPE_0RTT
700 && pkt_type != QUIC_PKT_TYPE_1RTT)
701 return 0;
702 if (!depack_do_frame_new_conn_id(pkt, connection, ackm_data))
703 return 0;
704 break;
705 case OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID:
706 /* RETIRE_CONN_ID frames are valid in 0RTT and 1RTT packets */
707 if (pkt_type != QUIC_PKT_TYPE_0RTT
708 && pkt_type != QUIC_PKT_TYPE_1RTT)
709 return 0;
710 if (!depack_do_frame_retire_conn_id(pkt, connection, ackm_data))
711 return 0;
712 break;
713 case OSSL_QUIC_FRAME_TYPE_PATH_CHALLENGE:
714 /* PATH_CHALLENGE frames are valid in 0RTT and 1RTT packets */
715 if (pkt_type != QUIC_PKT_TYPE_0RTT
716 && pkt_type != QUIC_PKT_TYPE_1RTT)
717 return 0;
718 if (!depack_do_frame_path_challenge(pkt, connection, ackm_data))
719 return 0;
720 break;
721 case OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE:
722 /* PATH_RESPONSE frames are valid in 1RTT packets */
723 if (pkt_type != QUIC_PKT_TYPE_1RTT)
724 return 0;
725 if (!depack_do_frame_path_response(pkt, connection, ackm_data))
726 return 0;
727 break;
728
729 case OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_APP:
730 /* CONN_CLOSE_APP frames are valid in 0RTT and 1RTT packets */
731 if (pkt_type != QUIC_PKT_TYPE_0RTT
732 && pkt_type != QUIC_PKT_TYPE_1RTT)
733 return 0;
734 /* FALLTHRU */
735 case OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_TRANSPORT:
736 /* CONN_CLOSE_TRANSPORT frames are valid in all packets */
737 if (!depack_do_frame_conn_close(pkt, connection))
738 return 0;
739 break;
740
741 case OSSL_QUIC_FRAME_TYPE_HANDSHAKE_DONE:
742 /* HANDSHAKE_DONE frames are valid in 1RTT packets */
743 if (pkt_type != QUIC_PKT_TYPE_1RTT)
744 return 0;
745 if (!depack_do_frame_handshake_done(pkt, connection, ackm_data))
746 return 0;
747 break;
748
749 default:
750 /* Unknown frame type. */
751 if (!depack_do_frame_unknown_extension(pkt, connection, ackm_data))
752 return 0;
753
754 break;
755 }
756 }
757
758 return 1;
759 }
760
761 int ossl_quic_handle_frames(QUIC_CONNECTION *connection, OSSL_QRX_PKT *qpacket)
762 {
763 PACKET pkt;
764 OSSL_ACKM_RX_PKT ackm_data;
765 OSSL_QRX_PKT_WRAP *qpkt_wrap = NULL;
766 /*
767 * ok has three states:
768 * -1 error with ackm_data uninitialized
769 * 0 error with ackm_data initialized
770 * 1 success (ackm_data initialized)
771 */
772 int ok = -1; /* Assume the worst */
773
774 if (connection == NULL)
775 goto end;
776
777 if ((qpkt_wrap = ossl_qrx_pkt_wrap_new(qpacket)) == NULL)
778 goto end;
779
780 /* Initialize |ackm_data| (and reinitialize |ok|)*/
781 memset(&ackm_data, 0, sizeof(ackm_data));
782 /*
783 * TODO(QUIC): ASSUMPTION: All packets that aren't special case have a
784 * packet number
785 */
786 ackm_data.pkt_num = qpacket->pn;
787 ackm_data.time = qpacket->time;
788 switch (qpacket->hdr->type) {
789 case QUIC_PKT_TYPE_INITIAL:
790 ackm_data.pkt_space = QUIC_PN_SPACE_INITIAL;
791 break;
792 case QUIC_PKT_TYPE_HANDSHAKE:
793 ackm_data.pkt_space = QUIC_PN_SPACE_HANDSHAKE;
794 break;
795 case QUIC_PKT_TYPE_0RTT:
796 case QUIC_PKT_TYPE_1RTT:
797 ackm_data.pkt_space = QUIC_PN_SPACE_APP;
798 break;
799 }
800 ok = 0; /* Still assume the worst */
801
802 /* Handle special cases */
803 if (qpacket->hdr->type == QUIC_PKT_TYPE_RETRY) {
804 /* TODO(QUIC): ADD CODE to handle a retry */
805 goto success;
806 } else if (qpacket->hdr->type == QUIC_PKT_TYPE_VERSION_NEG) {
807 /* TODO(QUIC): ADD CODE to handle version negotiation */
808 goto success;
809 }
810
811 /* Now that special cases are out of the way, parse frames */
812 if (!PACKET_buf_init(&pkt, qpacket->hdr->data, qpacket->hdr->len)
813 || !depack_process_frames(connection, &pkt, qpkt_wrap,
814 ackm_data.pkt_space, qpacket->time,
815 &ackm_data))
816 goto end;
817
818 success:
819 ok = 1;
820 end:
821 /*
822 * TODO(QUIC): ASSUMPTION: If this function is called at all, |qpacket| is
823 * a legitimate packet, even if its contents aren't.
824 * Therefore, we call ossl_ackm_on_rx_packet() unconditionally, as long as
825 * |ackm_data| has at least been initialized.
826 */
827 if (ok >= 0)
828 ossl_ackm_on_rx_packet(GET_CONN_ACKM(connection), &ackm_data);
829
830 /*
831 * Let go of the packet pointer in |qpkt_wrap|. This means that the
832 * reference counter can't be incremented any more.
833 */
834 if (qpkt_wrap != NULL)
835 qpkt_wrap->pkt = NULL;
836
837 ossl_qrx_pkt_wrap_free(GET_CONN_QRX(connection), qpkt_wrap);
838 return ok > 0;
839 }
840
841 int ossl_quic_depacketize(QUIC_CONNECTION *connection)
842 {
843 OSSL_QRX_PKT qpacket;
844
845 if (connection == NULL)
846 return 0;
847
848 /* Try to read a packet from the read record layer */
849 memset(&qpacket, 0, sizeof(qpacket));
850 if (ossl_qrx_read_pkt(GET_CONN_QRX(connection), &qpacket) <= 0)
851 return 0;
852
853 return ossl_quic_handle_frames(connection, &qpacket);
854 }
A mirror of the official openssl repository