quic: handle retry packets

author Philippe Antoine <pantoine@oisf.net>

Wed, 19 Feb 2025 12:01:36 +0000 (13:01 +0100)

committer Victor Julien <victor@inliniac.net>

Wed, 19 Feb 2025 15:34:12 +0000 (16:34 +0100)
author Philippe Antoine <pantoine@oisf.net>
Wed, 19 Feb 2025 12:01:36 +0000 (13:01 +0100)
committer Victor Julien <victor@inliniac.net>
Wed, 19 Feb 2025 15:34:12 +0000 (16:34 +0100)
diff --git a/rust/src/quic/parser.rs b/rust/src/quic/parser.rs

index 25527439941333c14d23e2818b7ff0e0d00457cc..3fba85040b375a6554e2b84a09874677e0b1fd6f 100644 (file)
--- a/rust/src/quic/parser.rs
+++ b/rust/src/quic/parser.rs
@@ -357,6 +357,10 @@ impl QuicHeader {
                          rest
                      }
                  }
+                QuicType::Retry => {
+                    // opaque retry token and 16 bytes retry integrity tag
+                    &rest[rest.len()..]
+                }
                  _ => rest,
              };
              let (rest, length) = if has_length {
diff --git a/rust/src/quic/quic.rs b/rust/src/quic/quic.rs

index 606f962bebb1f29df6358ebba22982496a91e3fb..c636e8d1bb18ef8feb62dec92d6a8c30504c3095 100644 (file)
--- a/rust/src/quic/quic.rs
+++ b/rust/src/quic/quic.rs
@@ -339,12 +339,16 @@ impl QuicState {
                      // unprotect/decrypt packet
                      if self.keys.is_none() && header.ty == QuicType::Initial {
                          self.keys = quic_keys_initial(u32::from(header.version), &header.dcid);
+                    } else if !to_server && self.keys.is_some() && header.ty == QuicType::Retry {
+                        // a retry packet discards the current keys, client will resend an initial packet with new keys
+                        self.hello_ts = false;
+                        self.keys = None;
                      }
                      // header.length was checked against rest.len() during parsing
                      let (mut framebuf, next_buf) = rest.split_at(header.length.into());
                      let hlen = buf.len() - rest.len();
                      let mut output;
-                    if self.keys.is_some() {
+                    if self.keys.is_some() && !framebuf.is_empty() {
                          output = Vec::with_capacity(framebuf.len() + 4);
                          if let Ok(dlen) =
                              self.decrypt(to_server, &header, framebuf, buf, hlen, &mut output)
author	Philippe Antoine <pantoine@oisf.net>
	Wed, 19 Feb 2025 12:01:36 +0000 (13:01 +0100)
committer	Victor Julien <victor@inliniac.net>
	Wed, 19 Feb 2025 15:34:12 +0000 (16:34 +0100)
rust/src/quic/parser.rs		patch \| blob \| blame \| history
rust/src/quic/quic.rs		patch \| blob \| blame \| history