]> git.ipfire.org Git - thirdparty/openssl.git/blob - ssl/quic/quic_rx_depack.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
QUIC RX: Support refcounted packets and eliminate wrapper
[thirdparty/openssl.git] / ssl / quic / quic_rx_depack.c
1 /*
2 * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include "internal/packet.h"
11 #include "internal/nelem.h"
12 #include "internal/quic_wire.h"
13 #include "internal/quic_record_rx.h"
14 #include "internal/quic_ackm.h"
15 #include "internal/quic_rx_depack.h"
16 #include "internal/quic_error.h"
17 #include "internal/quic_fc.h"
18 #include "internal/sockets.h"
19
20 #include "quic_local.h"
21 #include "../ssl_local.h"
22
23 /*
24 * TODO(QUIC): ASSUMPTION: the QUIC_CONNECTION structure refers to other related
25 * components, such as OSSL_ACKM and OSSL_QRX, in some manner. These macros
26 * should be used to get those components.
27 */
28 #define GET_CONN_ACKM(c) ((c)->ackm)
29 #define GET_CONN_QRX(c) ((c)->qrx)
30 #define GET_CONN_STATEM(c) ((c)->ssl.statem)
31
32 #if 0 /* Currently unimplemented */
33 # define GET_CONN_ACK_DELAY_EXP(c) (QUIC_CONNECTION_get_ack_delay_exponent(c))
34 #else
35 /* 3 is the default, see RFC 9000, 18.2. Transport Parameter Definitions */
36 # define GET_CONN_ACK_DELAY_EXP(c) 3
37 #endif
38
39 /*
40 * TODO(QUIC): In MVP the QUIC_CONNECTION is the only supported stream.
41 */
42 static QUIC_STREAM *ssl_get_stream(QUIC_CONNECTION *conn, uint64_t stream_id)
43 {
44 return stream_id == 0 ? &conn->stream : NULL;
45 }
46
47 /*
48 * TODO(QUIC): ASSUMPTION: ssl_get_stream_type() gets a stream type from a
49 * QUIC_STREAM
50 */
51 /* Receive */
52 #define SSL_STREAM_TYPE_R 1
53 /* Send */
54 #define SSL_STREAM_TYPE_S 2
55 /* Bidirectional */
56 #define SSL_STREAM_TYPE_B (SSL_STREAM_TYPE_R|SSL_STREAM_TYPE_S)
57 static int ssl_get_stream_type(QUIC_STREAM *stream)
58 {
59 return SSL_STREAM_TYPE_B;
60 }
61
62 /*
63 * We assume that queuing of the data has to be done without copying, thus
64 * we get the reference counting QRX packet wrapper so it can increment the
65 * reference count. When the data is consumed (i.e. as a result of, say,
66 * SSL_read()), ossl_qrx_pkt_wrap_free() must be called.
67 */
68 static int ssl_queue_data(QUIC_STREAM *stream, OSSL_QRX_PKT *pkt,
69 const unsigned char *data, uint64_t data_len,
70 uint64_t logical_offset, int is_fin)
71 {
72 /* Notify stream flow controller */
73 if (stream->rxfc != NULL
74 && (!ossl_quic_rxfc_on_rx_stream_frame(stream->rxfc,
75 logical_offset + data_len,
76 is_fin)
77 || ossl_quic_rxfc_get_error(stream->rxfc, 0) != QUIC_ERR_NO_ERROR))
78 /* QUIC_ERR_FLOW_CONTROL_ERROR or QUIC_ERR_FINAL_SIZE detected */
79 return 0;
80
81 return stream->rstream == NULL
82 || ossl_quic_rstream_queue_data(stream->rstream, pkt,
83 logical_offset, data, data_len,
84 is_fin);
85 }
86
87 /*
88 * TODO(QUIC): ASSUMPTION: ssl_close_stream() detaches the QUIC_STREAM from
89 * the QUIC_CONNECTION it's attached to, and then destroys that QUIC_STREAM
90 * (as well as its SSL object). |how| works the same way as in shutdown(2),
91 * i.e. |SHUT_RD| closes the reader part, |SHUT_WR| closes the writer part.
92 */
93 static int ssl_close_stream(QUIC_STREAM *stream, int how)
94 {
95 return 1;
96 }
97
98 /*
99 * TODO(QUIC): ASSUMPTION: ssl_close_connection() closes all the streams that
100 * are attached to it, then closes the QUIC_CONNECTION as well.
101 * Actual cleanup / destruction of the QUIC_CONNECTION is assumed to be done
102 * higher up in the call stack (state machine, for example?).
103 */
104 static int ssl_close_connection(QUIC_CONNECTION *connection)
105 {
106 return 1;
107 }
108
109 /*
110 * TODO(QUIC): ASSUMPTION: ossl_statem_set_error_state() sets an overall error
111 * state in the state machine. It's up to the state machine to determine what
112 * to do with it.
113 */
114 #define QUIC_STREAM_STATE_ERROR 1
115
116 /*
117 * QUICfatal() et al is the same as SSLfatal(), but for QUIC. We define a
118 * placeholder here as long as it's not defined elsewhere.
119 *
120 * ossl_quic_fatal() is an error reporting building block used instead of
121 * ERR_set_error(). In addition to what ERR_set_error() does, this puts
122 * the state machine into an error state and sends an alert if appropriate,
123 * and also closes the current connection.
124 * This is a permanent error for the current connection.
125 */
126 #ifndef QUICfatal
127
128 static void ossl_quic_fatal(QUIC_CONNECTION *c, int al, int reason,
129 const char *fmt, ...)
130 {
131 va_list args;
132
133 va_start(args, fmt);
134 ERR_vset_error(ERR_LIB_SSL, reason, fmt, args);
135 va_end(args);
136
137 /*
138 * TODO(QUIC): ADD CODE to set the state machine error.
139 * It's assumed that you can get the state machine with
140 * GET_CONN_STATEM(c)
141 */
142
143 ssl_close_connection(c);
144
145 }
146 # define QUICfatal(c, al, r) QUICfatal_data((c), (al), (r), NULL)
147 # define QUICfatal_data \
148 (ERR_new(), \
149 ERR_set_debug(OPENSSL_FILE, OPENSSL_LINE, OPENSSL_FUNC), \
150 ossl_quic_fatal)
151 #endif
152
153 /* TODO(QUIC): [END: TO BE REMOVED] */
154
155 /*
156 * Helper functions to process different frame types.
157 *
158 * Typically, those that are ACK eliciting will take an OSSL_ACKM_RX_PKT
159 * pointer argument, the few that aren't ACK eliciting will not. This makes
160 * them a verifiable pattern against tables where this is specified.
161 */
162
163 static int depack_do_frame_padding(PACKET *pkt)
164 {
165 /* We ignore this frame */
166 return ossl_quic_wire_decode_padding(pkt);
167 }
168
169 static int depack_do_frame_ping(PACKET *pkt, OSSL_ACKM_RX_PKT *ackm_data)
170 {
171 /* We ignore this frame, apart from eliciting an ACK */
172 if (!ossl_quic_wire_decode_frame_ping(pkt))
173 return 0;
174 /* This frame makes the packet ACK eliciting */
175 ackm_data->is_ack_eliciting = 1;
176 return 1;
177 }
178
179 static int depack_do_frame_ack(PACKET *pkt, QUIC_CONNECTION *connection,
180 int packet_space, OSSL_TIME received)
181 {
182 OSSL_QUIC_FRAME_ACK ack;
183 OSSL_QUIC_ACK_RANGE *ack_ranges;
184 uint64_t total_ranges = 0;
185 uint32_t ack_delay_exp = GET_CONN_ACK_DELAY_EXP(connection);
186 int ok = 1; /* Assume the best */
187
188 if (!ossl_quic_wire_peek_frame_ack_num_ranges(pkt, &total_ranges)
189 /* In case sizeof(uint64_t) > sizeof(size_t) */
190 || total_ranges > SIZE_MAX / sizeof(ack_ranges[0])
191 || (ack_ranges = OPENSSL_zalloc(sizeof(ack_ranges[0])
192 * (size_t)total_ranges)) == NULL)
193 return 0;
194
195 ack.ack_ranges = ack_ranges;
196 ack.num_ack_ranges = (size_t)total_ranges;
197
198 if (!ossl_quic_wire_decode_frame_ack(pkt, ack_delay_exp, &ack, NULL))
199 ok = 0;
200 if (ok
201 && !ossl_ackm_on_rx_ack_frame(GET_CONN_ACKM(connection), &ack,
202 packet_space, received))
203 ok = 0;
204
205 OPENSSL_free(ack_ranges);
206 if (!ok)
207 return 0;
208 return 1;
209 }
210
211 static int depack_do_frame_reset_stream(PACKET *pkt,
212 QUIC_CONNECTION *connection,
213 OSSL_ACKM_RX_PKT *ackm_data)
214 {
215 OSSL_QUIC_FRAME_RESET_STREAM frame_data;
216 QUIC_STREAM *stream = NULL;
217 int stream_type = 0;
218
219 if (!ossl_quic_wire_decode_frame_reset_stream(pkt, &frame_data))
220 return 0;
221
222 /* This frame makes the packet ACK eliciting */
223 ackm_data->is_ack_eliciting = 1;
224
225 if ((stream = ssl_get_stream(connection, frame_data.stream_id)) == NULL)
226 return 0;
227 stream_type = ssl_get_stream_type(stream);
228
229 ssl_close_stream(stream, SHUT_WR); /* Reuse shutdown(2) symbols */
230 if ((stream_type & SSL_STREAM_TYPE_S) != 0) {
231 QUICfatal(connection, QUIC_STREAM_STATE_ERROR, ERR_R_INTERNAL_ERROR);
232 return 0;
233 }
234 return 1;
235 }
236
237 static int depack_do_frame_stop_sending(PACKET *pkt,
238 QUIC_CONNECTION *connection,
239 OSSL_ACKM_RX_PKT *ackm_data)
240 {
241 OSSL_QUIC_FRAME_STOP_SENDING frame_data;
242 QUIC_STREAM *stream = NULL;
243 int stream_type = 0;
244
245 if (!ossl_quic_wire_decode_frame_stop_sending(pkt, &frame_data))
246 return 0;
247
248 /* This frame makes the packet ACK eliciting */
249 ackm_data->is_ack_eliciting = 1;
250
251 if ((stream = ssl_get_stream(connection, frame_data.stream_id)) == NULL)
252 return 0;
253 stream_type = ssl_get_stream_type(stream);
254
255 ssl_close_stream(stream, SHUT_RD); /* Reuse shutdown(2) symbols */
256 if ((stream_type & SSL_STREAM_TYPE_R) != 0) {
257 QUICfatal(connection, QUIC_STREAM_STATE_ERROR, ERR_R_INTERNAL_ERROR);
258 return 0;
259 }
260 return 1;
261 }
262
263 static int depack_do_frame_crypto(PACKET *pkt, QUIC_CONNECTION *connection,
264 OSSL_ACKM_RX_PKT *ackm_data)
265 {
266 OSSL_QUIC_FRAME_CRYPTO frame_data;
267
268 if (!ossl_quic_wire_decode_frame_crypto(pkt, &frame_data))
269 return 0;
270
271 /* This frame makes the packet ACK eliciting */
272 ackm_data->is_ack_eliciting = 1;
273
274 /* TODO(QUIC): ADD CODE to send |frame_data.data| to the handshake manager */
275
276 return 1;
277 }
278
279 static int depack_do_frame_new_token(PACKET *pkt, QUIC_CONNECTION *connection,
280 OSSL_ACKM_RX_PKT *ackm_data)
281 {
282 const uint8_t *token;
283 size_t token_len;
284
285 if (!ossl_quic_wire_decode_frame_new_token(pkt, &token, &token_len))
286 return 0;
287
288 /* This frame makes the packet ACK eliciting */
289 ackm_data->is_ack_eliciting = 1;
290
291 /* TODO(QUIC): ADD CODE to send |token| to the session manager */
292
293 return 1;
294 }
295
296 static int depack_do_frame_stream(PACKET *pkt, QUIC_CONNECTION *connection,
297 OSSL_QRX_PKT *parent_pkt,
298 OSSL_ACKM_RX_PKT *ackm_data)
299 {
300 OSSL_QUIC_FRAME_STREAM frame_data;
301 QUIC_STREAM *stream;
302
303 if (!ossl_quic_wire_decode_frame_stream(pkt, &frame_data))
304 return 0;
305
306 /* This frame makes the packet ACK eliciting */
307 ackm_data->is_ack_eliciting = 1;
308
309 /*
310 * TODO(QUIC): ASSUMPTION: ssl_get_stream() gets a QUIC_STREAM from a
311 * QUIC_CONNECTION by stream ID.
312 */
313 if ((stream = ssl_get_stream(connection, frame_data.stream_id)) == NULL)
314 return 0;
315 /*
316 * TODO(QUIC): ASSUMPTION: ssl_queue_data() knows what to do with
317 * |frame_data.offset| and |frame_data.is_fin|.
318 */
319 if (!ssl_queue_data(stream, parent_pkt, frame_data.data, frame_data.len,
320 frame_data.offset, frame_data.is_fin))
321 return 0;
322 return 1;
323 }
324
325 static int depack_do_frame_max_data(PACKET *pkt, QUIC_CONNECTION *connection,
326 OSSL_ACKM_RX_PKT *ackm_data)
327 {
328 uint64_t max_data = 0;
329
330 if (!ossl_quic_wire_decode_frame_max_data(pkt, &max_data))
331 return 0;
332
333 /* This frame makes the packet ACK eliciting */
334 ackm_data->is_ack_eliciting = 1;
335
336 /* TODO(QUIC): ADD CODE to send |max_data| to flow control */
337
338 return 1;
339 }
340
341 static int depack_do_frame_max_stream_data(PACKET *pkt,
342 QUIC_CONNECTION *connection,
343 OSSL_ACKM_RX_PKT *ackm_data)
344 {
345 uint64_t stream_id = 0;
346 uint64_t max_stream_data = 0;
347
348 if (!ossl_quic_wire_decode_frame_max_stream_data(pkt, &stream_id,
349 &max_stream_data))
350 return 0;
351
352 /* This frame makes the packet ACK eliciting */
353 ackm_data->is_ack_eliciting = 1;
354
355 /* TODO(QUIC): ADD CODE to send |max_stream_data| to flow control */
356
357 return 1;
358 }
359
360 static int depack_do_frame_max_streams(PACKET *pkt,
361 QUIC_CONNECTION *connection,
362 OSSL_ACKM_RX_PKT *ackm_data)
363 {
364 uint64_t max_streams = 0;
365
366 if (!ossl_quic_wire_decode_frame_max_streams(pkt, &max_streams))
367 return 0;
368
369 /* This frame makes the packet ACK eliciting */
370 ackm_data->is_ack_eliciting = 1;
371
372 /* TODO(QUIC): ADD CODE to send |max_streams| to the connection manager */
373
374 return 1;
375 }
376
377 static int depack_do_frame_data_blocked(PACKET *pkt,
378 QUIC_CONNECTION *connection,
379 OSSL_ACKM_RX_PKT *ackm_data)
380 {
381 uint64_t max_data = 0;
382
383 if (!ossl_quic_wire_decode_frame_data_blocked(pkt, &max_data))
384 return 0;
385
386 /* This frame makes the packet ACK eliciting */
387 ackm_data->is_ack_eliciting = 1;
388
389 /* TODO(QUIC): ADD CODE to send |max_data| to flow control */
390
391 return 1;
392 }
393
394 static int depack_do_frame_stream_data_blocked(PACKET *pkt,
395 QUIC_CONNECTION *connection,
396 OSSL_ACKM_RX_PKT *ackm_data)
397 {
398 uint64_t stream_id = 0;
399 uint64_t max_data = 0;
400
401 if (!ossl_quic_wire_decode_frame_stream_data_blocked(pkt, &stream_id,
402 &max_data))
403 return 0;
404
405 /* This frame makes the packet ACK eliciting */
406 ackm_data->is_ack_eliciting = 1;
407
408 /* TODO(QUIC): ADD CODE to send |max_data| to flow control */
409
410 return 1;
411 }
412
413 static int depack_do_frame_streams_blocked(PACKET *pkt,
414 QUIC_CONNECTION *connection,
415 OSSL_ACKM_RX_PKT *ackm_data)
416 {
417 uint64_t max_data = 0;
418
419 if (!ossl_quic_wire_decode_frame_streams_blocked(pkt, &max_data))
420 return 0;
421
422 /* This frame makes the packet ACK eliciting */
423 ackm_data->is_ack_eliciting = 1;
424
425 /* TODO(QUIC): ADD CODE to send |max_data| to connection manager */
426
427 return 1;
428 }
429
430 static int depack_do_frame_new_conn_id(PACKET *pkt,
431 QUIC_CONNECTION *connection,
432 OSSL_ACKM_RX_PKT *ackm_data)
433 {
434 OSSL_QUIC_FRAME_NEW_CONN_ID frame_data;
435
436 if (!ossl_quic_wire_decode_frame_new_conn_id(pkt, &frame_data))
437 return 0;
438
439 /* This frame makes the packet ACK eliciting */
440 ackm_data->is_ack_eliciting = 1;
441
442 /* TODO(QUIC): ADD CODE to send |frame_data.data| to the connection manager */
443
444 return 1;
445 }
446
447 static int depack_do_frame_retire_conn_id(PACKET *pkt,
448 QUIC_CONNECTION *connection,
449 OSSL_ACKM_RX_PKT *ackm_data)
450 {
451 uint64_t seq_num;
452
453 if (!ossl_quic_wire_decode_frame_retire_conn_id(pkt, &seq_num))
454 return 0;
455
456 /* This frame makes the packet ACK eliciting */
457 ackm_data->is_ack_eliciting = 1;
458
459 /* TODO(QUIC): ADD CODE to send |seq_num| to the connection manager */
460 return 1;
461 }
462
463 static int depack_do_frame_path_challenge(PACKET *pkt,
464 QUIC_CONNECTION *connection,
465 OSSL_ACKM_RX_PKT *ackm_data)
466 {
467 uint64_t frame_data = 0;
468
469 if (!ossl_quic_wire_decode_frame_path_challenge(pkt, &frame_data))
470 return 0;
471
472 /* This frame makes the packet ACK eliciting */
473 ackm_data->is_ack_eliciting = 1;
474
475 /* TODO(QUIC): ADD CODE to send |frame_data| to the connection manager */
476
477 return 1;
478 }
479
480 static int depack_do_frame_path_response(PACKET *pkt,
481 QUIC_CONNECTION *connection,
482 OSSL_ACKM_RX_PKT *ackm_data)
483 {
484 uint64_t frame_data = 0;
485
486 if (!ossl_quic_wire_decode_frame_path_response(pkt, &frame_data))
487 return 0;
488
489 /* This frame makes the packet ACK eliciting */
490 ackm_data->is_ack_eliciting = 1;
491
492 /* TODO(QUIC): ADD CODE to send |frame_data| to the connection manager */
493
494 return 1;
495 }
496
497 static int depack_do_frame_conn_close(PACKET *pkt, QUIC_CONNECTION *connection)
498 {
499 OSSL_QUIC_FRAME_CONN_CLOSE frame_data;
500
501 if (!ossl_quic_wire_decode_frame_conn_close(pkt, &frame_data))
502 return 0;
503
504 /* TODO(QUIC): ADD CODE to send |frame_data| to the connection manager */
505
506 return 1;
507 }
508
509 static int depack_do_frame_handshake_done(PACKET *pkt,
510 QUIC_CONNECTION *connection,
511 OSSL_ACKM_RX_PKT *ackm_data)
512 {
513 if (!ossl_quic_wire_decode_frame_handshake_done(pkt))
514 return 0;
515
516 /* This frame makes the packet ACK eliciting */
517 ackm_data->is_ack_eliciting = 1;
518
519 /* TODO(QUIC): ADD CODE to tell the handshake manager that we're done */
520
521 return 1;
522 }
523
524 static int depack_do_frame_unknown_extension(PACKET *pkt,
525 QUIC_CONNECTION *connection,
526 OSSL_ACKM_RX_PKT *ackm_data)
527 {
528 /*
529 * According to RFC 9000, 19.21. Extension Frames, extension frames
530 * should be ACK eliciting. It might be over zealous to do so for
531 * extensions OpenSSL doesn't know how to handle, but shouldn't hurt
532 * either.
533 */
534
535 /* This frame makes the packet ACK eliciting */
536 ackm_data->is_ack_eliciting = 1;
537
538 /*
539 * Because we have no idea how to advance to the next frame, we return 0
540 * everywhere, thereby stopping the depacketizing process.
541 */
542
543 return 0;
544 }
545
546 /* Main frame processor */
547
548 static int depack_process_frames(QUIC_CONNECTION *connection, PACKET *pkt,
549 OSSL_QRX_PKT *parent_pkt, int packet_space,
550 OSSL_TIME received, OSSL_ACKM_RX_PKT *ackm_data)
551 {
552 uint32_t pkt_type = parent_pkt->hdr->type;
553
554 while (PACKET_remaining(pkt) > 0) {
555 uint64_t frame_type;
556
557 if (!ossl_quic_wire_peek_frame_header(pkt, &frame_type))
558 return 0;
559
560 switch (frame_type) {
561 case OSSL_QUIC_FRAME_TYPE_PING:
562 /* Allowed in all packet types */
563 if (!depack_do_frame_ping(pkt, ackm_data))
564 return 0;
565 break;
566 case OSSL_QUIC_FRAME_TYPE_PADDING:
567 /* Allowed in all packet types */
568 if (!depack_do_frame_padding(pkt))
569 return 0;
570 break;
571
572 case OSSL_QUIC_FRAME_TYPE_ACK_WITHOUT_ECN:
573 case OSSL_QUIC_FRAME_TYPE_ACK_WITH_ECN:
574 /* ACK frames are valid everywhere except in 0RTT packets */
575 if (pkt_type == QUIC_PKT_TYPE_0RTT)
576 return 0;
577 if (!depack_do_frame_ack(pkt, connection, packet_space, received))
578 return 0;
579 break;
580
581 case OSSL_QUIC_FRAME_TYPE_RESET_STREAM:
582 /* RESET_STREAM frames are valid in 0RTT and 1RTT packets */
583 if (pkt_type != QUIC_PKT_TYPE_0RTT
584 && pkt_type != QUIC_PKT_TYPE_1RTT)
585 return 0;
586 if (!depack_do_frame_reset_stream(pkt, connection, ackm_data))
587 return 0;
588 break;
589 case OSSL_QUIC_FRAME_TYPE_STOP_SENDING:
590 /* STOP_SENDING frames are valid in 0RTT and 1RTT packets */
591 if (pkt_type != QUIC_PKT_TYPE_0RTT
592 && pkt_type != QUIC_PKT_TYPE_1RTT)
593 return 0;
594 if (!depack_do_frame_stop_sending(pkt, connection, ackm_data))
595 return 0;
596 break;
597 case OSSL_QUIC_FRAME_TYPE_CRYPTO:
598 /* CRYPTO frames are valid everywhere except in 0RTT packets */
599 if (pkt_type == QUIC_PKT_TYPE_0RTT)
600 return 0;
601 if (!depack_do_frame_crypto(pkt, connection, ackm_data))
602 return 0;
603 break;
604 case OSSL_QUIC_FRAME_TYPE_NEW_TOKEN:
605 /* NEW_TOKEN frames are valid in 1RTT packets */
606 if (pkt_type != QUIC_PKT_TYPE_1RTT)
607 return 0;
608 if (!depack_do_frame_new_token(pkt, connection, ackm_data))
609 return 0;
610 break;
611
612 case OSSL_QUIC_FRAME_TYPE_STREAM:
613 case OSSL_QUIC_FRAME_TYPE_STREAM_FIN:
614 case OSSL_QUIC_FRAME_TYPE_STREAM_LEN:
615 case OSSL_QUIC_FRAME_TYPE_STREAM_LEN_FIN:
616 case OSSL_QUIC_FRAME_TYPE_STREAM_OFF:
617 case OSSL_QUIC_FRAME_TYPE_STREAM_OFF_FIN:
618 case OSSL_QUIC_FRAME_TYPE_STREAM_OFF_LEN:
619 case OSSL_QUIC_FRAME_TYPE_STREAM_OFF_LEN_FIN:
620 /* STREAM frames are valid in 0RTT and 1RTT packets */
621 if (pkt_type != QUIC_PKT_TYPE_0RTT
622 && pkt_type != QUIC_PKT_TYPE_1RTT)
623 return 0;
624 if (!depack_do_frame_stream(pkt, connection, parent_pkt, ackm_data))
625 return 0;
626 break;
627
628 case OSSL_QUIC_FRAME_TYPE_MAX_DATA:
629 /* MAX_DATA frames are valid in 0RTT and 1RTT packets */
630 if (pkt_type != QUIC_PKT_TYPE_0RTT
631 && pkt_type != QUIC_PKT_TYPE_1RTT)
632 return 0;
633 if (!depack_do_frame_max_data(pkt, connection, ackm_data))
634 return 0;
635 break;
636 case OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA:
637 /* MAX_STREAM_DATA frames are valid in 0RTT and 1RTT packets */
638 if (pkt_type != QUIC_PKT_TYPE_0RTT
639 && pkt_type != QUIC_PKT_TYPE_1RTT)
640 return 0;
641 if (!depack_do_frame_max_stream_data(pkt, connection, ackm_data))
642 return 0;
643 break;
644
645 case OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_BIDI:
646 case OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_UNI:
647 /* MAX_STREAMS frames are valid in 0RTT and 1RTT packets */
648 if (pkt_type != QUIC_PKT_TYPE_0RTT
649 && pkt_type != QUIC_PKT_TYPE_1RTT)
650 return 0;
651 if (!depack_do_frame_max_streams(pkt, connection, ackm_data))
652 return 0;
653 break;
654
655 case OSSL_QUIC_FRAME_TYPE_DATA_BLOCKED:
656 /* DATA_BLOCKED frames are valid in 0RTT and 1RTT packets */
657 if (pkt_type != QUIC_PKT_TYPE_0RTT
658 && pkt_type != QUIC_PKT_TYPE_1RTT)
659 return 0;
660 if (!depack_do_frame_data_blocked(pkt, connection, ackm_data))
661 return 0;
662 break;
663 case OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED:
664 /* STREAM_DATA_BLOCKED frames are valid in 0RTT and 1RTT packets */
665 if (pkt_type != QUIC_PKT_TYPE_0RTT
666 && pkt_type != QUIC_PKT_TYPE_1RTT)
667 return 0;
668 if (!depack_do_frame_stream_data_blocked(pkt, connection, ackm_data))
669 return 0;
670 break;
671
672 case OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_BIDI:
673 case OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_UNI:
674 /* STREAMS_BLOCKED frames are valid in 0RTT and 1RTT packets */
675 if (pkt_type != QUIC_PKT_TYPE_0RTT
676 && pkt_type != QUIC_PKT_TYPE_1RTT)
677 return 0;
678 if (!depack_do_frame_streams_blocked(pkt, connection, ackm_data))
679 return 0;
680 break;
681
682 case OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID:
683 /* NEW_CONN_ID frames are valid in 0RTT and 1RTT packets */
684 if (pkt_type != QUIC_PKT_TYPE_0RTT
685 && pkt_type != QUIC_PKT_TYPE_1RTT)
686 return 0;
687 if (!depack_do_frame_new_conn_id(pkt, connection, ackm_data))
688 return 0;
689 break;
690 case OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID:
691 /* RETIRE_CONN_ID frames are valid in 0RTT and 1RTT packets */
692 if (pkt_type != QUIC_PKT_TYPE_0RTT
693 && pkt_type != QUIC_PKT_TYPE_1RTT)
694 return 0;
695 if (!depack_do_frame_retire_conn_id(pkt, connection, ackm_data))
696 return 0;
697 break;
698 case OSSL_QUIC_FRAME_TYPE_PATH_CHALLENGE:
699 /* PATH_CHALLENGE frames are valid in 0RTT and 1RTT packets */
700 if (pkt_type != QUIC_PKT_TYPE_0RTT
701 && pkt_type != QUIC_PKT_TYPE_1RTT)
702 return 0;
703 if (!depack_do_frame_path_challenge(pkt, connection, ackm_data))
704 return 0;
705 break;
706 case OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE:
707 /* PATH_RESPONSE frames are valid in 1RTT packets */
708 if (pkt_type != QUIC_PKT_TYPE_1RTT)
709 return 0;
710 if (!depack_do_frame_path_response(pkt, connection, ackm_data))
711 return 0;
712 break;
713
714 case OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_APP:
715 /* CONN_CLOSE_APP frames are valid in 0RTT and 1RTT packets */
716 if (pkt_type != QUIC_PKT_TYPE_0RTT
717 && pkt_type != QUIC_PKT_TYPE_1RTT)
718 return 0;
719 /* FALLTHRU */
720 case OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_TRANSPORT:
721 /* CONN_CLOSE_TRANSPORT frames are valid in all packets */
722 if (!depack_do_frame_conn_close(pkt, connection))
723 return 0;
724 break;
725
726 case OSSL_QUIC_FRAME_TYPE_HANDSHAKE_DONE:
727 /* HANDSHAKE_DONE frames are valid in 1RTT packets */
728 if (pkt_type != QUIC_PKT_TYPE_1RTT)
729 return 0;
730 if (!depack_do_frame_handshake_done(pkt, connection, ackm_data))
731 return 0;
732 break;
733
734 default:
735 /* Unknown frame type. */
736 if (!depack_do_frame_unknown_extension(pkt, connection, ackm_data))
737 return 0;
738
739 break;
740 }
741 }
742
743 return 1;
744 }
745
746 int ossl_quic_handle_frames(QUIC_CONNECTION *connection, OSSL_QRX_PKT *qpacket)
747 {
748 PACKET pkt;
749 OSSL_ACKM_RX_PKT ackm_data;
750 /*
751 * ok has three states:
752 * -1 error with ackm_data uninitialized
753 * 0 error with ackm_data initialized
754 * 1 success (ackm_data initialized)
755 */
756 int ok = -1; /* Assume the worst */
757
758 if (connection == NULL)
759 goto end;
760
761 /* Initialize |ackm_data| (and reinitialize |ok|)*/
762 memset(&ackm_data, 0, sizeof(ackm_data));
763 /*
764 * TODO(QUIC): ASSUMPTION: All packets that aren't special case have a
765 * packet number
766 */
767 ackm_data.pkt_num = qpacket->pn;
768 ackm_data.time = qpacket->time;
769 switch (qpacket->hdr->type) {
770 case QUIC_PKT_TYPE_INITIAL:
771 ackm_data.pkt_space = QUIC_PN_SPACE_INITIAL;
772 break;
773 case QUIC_PKT_TYPE_HANDSHAKE:
774 ackm_data.pkt_space = QUIC_PN_SPACE_HANDSHAKE;
775 break;
776 case QUIC_PKT_TYPE_0RTT:
777 case QUIC_PKT_TYPE_1RTT:
778 ackm_data.pkt_space = QUIC_PN_SPACE_APP;
779 break;
780 }
781 ok = 0; /* Still assume the worst */
782
783 /* Handle special cases */
784 if (qpacket->hdr->type == QUIC_PKT_TYPE_RETRY) {
785 /* TODO(QUIC): ADD CODE to handle a retry */
786 goto success;
787 } else if (qpacket->hdr->type == QUIC_PKT_TYPE_VERSION_NEG) {
788 /* TODO(QUIC): ADD CODE to handle version negotiation */
789 goto success;
790 }
791
792 /* Now that special cases are out of the way, parse frames */
793 if (!PACKET_buf_init(&pkt, qpacket->hdr->data, qpacket->hdr->len)
794 || !depack_process_frames(connection, &pkt, qpacket,
795 ackm_data.pkt_space, qpacket->time,
796 &ackm_data))
797 goto end;
798
799 success:
800 ok = 1;
801 end:
802 /*
803 * TODO(QUIC): ASSUMPTION: If this function is called at all, |qpacket| is
804 * a legitimate packet, even if its contents aren't.
805 * Therefore, we call ossl_ackm_on_rx_packet() unconditionally, as long as
806 * |ackm_data| has at least been initialized.
807 */
808 if (ok >= 0)
809 ossl_ackm_on_rx_packet(GET_CONN_ACKM(connection), &ackm_data);
810
811 /*
812 * Release the ref to the packet. This will free the packet unless something
813 * in our processing above has added a reference to it.
814 */
815 ossl_qrx_pkt_release(qpacket);
816 return ok > 0;
817 }
818
819 int ossl_quic_depacketize(QUIC_CONNECTION *connection)
820 {
821 OSSL_QRX_PKT *qpacket = NULL;
822
823 if (connection == NULL)
824 return 0;
825
826 /* Try to read a packet from the read record layer */
827 memset(&qpacket, 0, sizeof(qpacket));
828 if (ossl_qrx_read_pkt(GET_CONN_QRX(connection), &qpacket) <= 0)
829 return 0;
830
831 return ossl_quic_handle_frames(connection, qpacket);
832 }
A mirror of the official openssl repository