gamzinav/haproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MINOR: quic: Import C source code files for QUIC protocol.

Browse Source 
This patch imports all the C files for QUIC protocol implementation with few
modifications from 20200720-quic branch of quic-dev repository found at
https://github.com/haproxytech/quic-dev.

Traces were implemented to help with the development.
This commit is contained in:
Frdric Lcaille 2020-11-23 14:14:04 +01:00 committed by Willy Tarreau
parent 0c4e3b09b0
commit a7e7ce957d
5 changed files with 5740 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
src/quic_cc.c Normal file
View File

@ -0,0 +1,52 @@
/*
* Congestion controller handling.
*
* This file contains definitions for QUIC congestion control.
*
* Copyright 2019 HAProxy Technologies, Frédéric Lécaille <flecaille@haproxy.com>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation, version 2.1
* exclusively.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
#include <haproxy/buf.h>
#include <haproxy/quic_cc-t.h>
#include <haproxy/xprt_quic-t.h>
struct quic_cc_algo *default_quic_cc_algo = &quic_cc_algo_nr;
/*
* Initialize <cc> congestion control with <algo> as algorithm depending on <ipv4>
* a boolean which is true for an IPv4 path.
*/
void quic_cc_init(struct quic_cc *cc,
struct quic_cc_algo *algo, struct quic_conn *qc)
{
cc->qc = qc;
cc->algo = algo;
if (cc->algo->init)
(cc->algo->init(cc));
}
/* Send <ev> event to <cc> congestion controller. */
void quic_cc_event(struct quic_cc *cc, struct quic_cc_event *ev)
{
cc->algo->event(cc, ev);
}
void quic_cc_state_trace(struct buffer *buf, const struct quic_cc *cc)
{
cc->algo->state_trace(buf, cc);
}

153
src/quic_cc_newreno.c Normal file
View File

@ -0,0 +1,153 @@
/*
* NewReno congestion control algorithm.
*
* This file contains definitions for QUIC congestion control.
*
* Copyright 2019 HAProxy Technologies, Frédéric Lécaille <flecaille@haproxy.com>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation, version 2.1
* exclusively.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
#include <haproxy/quic_cc.h>
#include <haproxy/trace.h>
#include <haproxy/xprt_quic.h>
#define TRACE_SOURCE &trace_quic
static int quic_cc_nr_init(struct quic_cc *cc)
{
struct quic_path *path;
path = container_of(cc, struct quic_path, cc);
cc->algo_state.nr.state = QUIC_CC_ST_SS;
cc->algo_state.nr.cwnd = path->cwnd;
cc->algo_state.nr.ssthresh = QUIC_CC_INFINITE_SSTHESH;
cc->algo_state.nr.recovery_start_time = 0;
return 1;
}
/* Slow start callback. */
static void quic_cc_nr_ss_cb(struct quic_cc *cc, struct quic_cc_event *ev)
{
struct quic_path *path;
TRACE_ENTER(QUIC_EV_CONN_CC, cc->qc->conn, ev);
path = container_of(cc, struct quic_path, cc);
switch (ev->type) {
case QUIC_CC_EVT_ACK:
path->in_flight -= ev->ack.acked;
/* Do not increase the congestion window in recovery period. */
if (ev->ack.time_sent <= cc->algo_state.nr.recovery_start_time)
return;
cc->algo_state.nr.cwnd += ev->ack.acked;
/* Exit to congestion avoidance if slow start threshold is reached. */
if (cc->algo_state.nr.cwnd > cc->algo_state.nr.ssthresh)
cc->algo_state.nr.state = QUIC_CC_ST_CA;
path->cwnd = cc->algo_state.nr.cwnd;
break;
case QUIC_CC_EVT_LOSS:
path->in_flight -= ev->loss.lost_bytes;
cc->algo_state.nr.cwnd = QUIC_MAX(cc->algo_state.nr.cwnd >> 1, path->min_cwnd);
path->cwnd = cc->algo_state.nr.ssthresh = cc->algo_state.nr.cwnd;
/* Exit to congestion avoidance. */
cc->algo_state.nr.state = QUIC_CC_ST_CA;
break;
case QUIC_CC_EVT_ECN_CE:
/* XXX TO DO XXX */
break;
}
TRACE_LEAVE(QUIC_EV_CONN_CC, cc->qc->conn,, cc);
}
/* Congestion avoidance callback. */
static void quic_cc_nr_ca_cb(struct quic_cc *cc, struct quic_cc_event *ev)
{
struct quic_path *path;
TRACE_ENTER(QUIC_EV_CONN_CC, cc->qc->conn);
path = container_of(cc, struct quic_path, cc);
switch (ev->type) {
case QUIC_CC_EVT_ACK:
path->in_flight -= ev->ack.acked;
/* Do not increase the congestion window in recovery period. */
if (ev->ack.time_sent <= cc->algo_state.nr.recovery_start_time)
goto out;
/* Increasing the congestion window by 1 maximum packet size by
* congestion window.
*/
cc->algo_state.nr.cwnd +=
path->mtu * QUIC_MAX(1ULL, (unsigned long long)ev->ack.acked / cc->algo_state.nr.cwnd);
path->cwnd = cc->algo_state.nr.cwnd;
break;
case QUIC_CC_EVT_LOSS:
path->in_flight -= ev->loss.lost_bytes;
if (ev->loss.newest_time_sent > cc->algo_state.nr.recovery_start_time) {
cc->algo_state.nr.recovery_start_time = ev->loss.now_ms;
cc->algo_state.nr.cwnd = QUIC_MAX(cc->algo_state.nr.cwnd >> 1, path->min_cwnd);
cc->algo_state.nr.ssthresh = cc->algo_state.nr.cwnd;
}
if (quic_loss_persistent_congestion(&path->loss,
ev->loss.period,
ev->loss.now_ms,
ev->loss.max_ack_delay)) {
cc->algo_state.nr.cwnd = path->min_cwnd;
/* Re-entering slow start state. */
cc->algo_state.nr.state = QUIC_CC_ST_SS;
}
path->cwnd = cc->algo_state.nr.cwnd;
break;
case QUIC_CC_EVT_ECN_CE:
/* XXX TO DO XXX */
break;
}
out:
TRACE_LEAVE(QUIC_EV_CONN_CC, cc->qc->conn);
}
static void quic_cc_nr_state_trace(struct buffer *buf, const struct quic_cc *cc)
{
chunk_appendf(buf, " state=%s cwnd=%llu ssthresh=%ld recovery_start_time=%llu",
quic_cc_state_str(cc->algo_state.nr.state),
(unsigned long long)cc->algo_state.nr.cwnd,
(long)cc->algo_state.nr.ssthresh,
(unsigned long long)cc->algo_state.nr.recovery_start_time);
}
static void (*quic_cc_nr_state_cbs[])(struct quic_cc *cc,
struct quic_cc_event *ev) = {
[QUIC_CC_ST_SS] = quic_cc_nr_ss_cb,
[QUIC_CC_ST_CA] = quic_cc_nr_ca_cb,
};
static void quic_cc_nr_event(struct quic_cc *cc, struct quic_cc_event *ev)
{
return quic_cc_nr_state_cbs[cc->algo_state.nr.state](cc, ev);
}
struct quic_cc_algo quic_cc_algo_nr = {
.type = QUIC_CC_ALGO_TP_NEWRENO,
.init = quic_cc_nr_init,
.event = quic_cc_nr_event,
.state_trace = quic_cc_nr_state_trace,
};

981
src/quic_frame.c Normal file
View File

@ -0,0 +1,981 @@
/*
* Copyright 2019 HAProxy Technologies, Frédéric Lécaille <flecaille@haproxy.com>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*/
#include <haproxy/quic_frame.h>
#include <haproxy/trace.h>
#include <haproxy/xprt_quic.h>
#define TRACE_SOURCE &trace_quic
const char *quic_frame_type_string(enum quic_frame_type ft)
{
switch (ft) {
case QUIC_FT_PADDING:
return "PADDING";
case QUIC_FT_PING:
return "PING";
case QUIC_FT_ACK:
return "ACK";
case QUIC_FT_ACK_ECN:
return "ACK_ENC";
case QUIC_FT_RESET_STREAM:
return "RESET_STREAM";
case QUIC_FT_STOP_SENDING:
return "STOP_SENDING";
case QUIC_FT_CRYPTO:
return "CRYPTO";
case QUIC_FT_NEW_TOKEN:
return "NEW_TOKEN";
case QUIC_FT_STREAM_8:
return "STREAM_8";
case QUIC_FT_STREAM_9:
return "STREAM_9";
case QUIC_FT_STREAM_A:
return "STREAM_A";
case QUIC_FT_STREAM_B:
return "STREAM_B";
case QUIC_FT_STREAM_C:
return "STREAM_C";
case QUIC_FT_STREAM_D:
return "STREAM_D";
case QUIC_FT_STREAM_E:
return "STREAM_E";
case QUIC_FT_STREAM_F:
return "STREAM_F";
case QUIC_FT_MAX_DATA:
return "MAX_DATA";
case QUIC_FT_MAX_STREAM_DATA:
return "MAX_STREAM_DATA";
case QUIC_FT_MAX_STREAMS_BIDI:
return "MAX_STREAMS_BIDI";
case QUIC_FT_MAX_STREAMS_UNI:
return "MAX_STREAMS_UNI";
case QUIC_FT_DATA_BLOCKED:
return "DATA_BLOCKED";
case QUIC_FT_STREAM_DATA_BLOCKED:
return "STREAM_DATA_BLOCKED";
case QUIC_FT_STREAMS_BLOCKED_BIDI:
return "STREAMS_BLOCKED_BIDI";
case QUIC_FT_STREAMS_BLOCKED_UNI:
return "STREAMS_BLOCKED_UNI";
case QUIC_FT_NEW_CONNECTION_ID:
return "NEW_CONNECTION_ID";
case QUIC_FT_RETIRE_CONNECTION_ID:
return "RETIRE_CONNECTION_ID";
case QUIC_FT_PATH_CHALLENGE:
return "PATH_CHALLENGE";
case QUIC_FT_PATH_RESPONSE:
return "PATH_RESPONSE";
case QUIC_FT_CONNECTION_CLOSE:
return "CONNECTION_CLOSE";
case QUIC_FT_CONNECTION_CLOSE_APP:
return "CONNECTION_CLOSE_APP";
case QUIC_FT_HANDSHAKE_DONE:
return "HANDSHAKE_DONE";
default:
return "UNKNOWN";
}
}
/* Encode <frm> PADDING frame into <buf> buffer.
* Returns 1 if succeded (enough room in <buf> to encode the frame), 0 if not.
*/
static int quic_build_padding_frame(unsigned char **buf, const unsigned char *end,
struct quic_frame *frm, struct quic_conn *conn)
{
struct quic_padding *padding = &frm->padding;
if (end - *buf < padding->len - 1)
return 0;
memset(*buf, 0, padding->len - 1);
*buf += padding->len - 1;
return 1;
}
/* Parse a PADDING frame from <buf> buffer with <end> as end into <frm> frame.
* Return 1 if succeeded (enough room to parse this frame), 0 if not.
*/
static int quic_parse_padding_frame(struct quic_frame *frm,
const unsigned char **buf, const unsigned char *end)
{
const unsigned char *beg;
struct quic_padding *padding = &frm->padding;
beg = *buf;
padding->len = 1;
while (*buf < end && !**buf)
(*buf)++;
padding->len += *buf - beg;
return 1;
}
/* Encode a ACK frame into <buf> buffer.
* Always succeeds.
*/
static int quic_build_ping_frame(unsigned char **buf, const unsigned char *end,
struct quic_frame *frm, struct quic_conn *conn)
{
/* No field */
return 1;
}
/* Parse a PADDING frame from <buf> buffer with <end> as end into <frm> frame.
* Always succeeds.
*/
static int quic_parse_ping_frame(struct quic_frame *frm,
const unsigned char **buf, const unsigned char *end)
{
/* No field */
return 1;
}
/* Encode a ACK frame.
* Returns 1 if succeded (enough room in <buf> to encode the frame), 0 if not.
*/
static int quic_build_ack_frame(unsigned char **buf, const unsigned char *end,
struct quic_frame *frm, struct quic_conn *conn)
{
struct quic_tx_ack *tx_ack = &frm->tx_ack;
struct quic_ack_range *ack_range, *next_ack_range;
ack_range = LIST_NEXT(&tx_ack->ack_ranges->list, struct quic_ack_range *, list);
TRACE_PROTO("ack range", QUIC_EV_CONN_PRSAFRM, conn->conn,, &ack_range->last, &ack_range->first);
if (!quic_enc_int(buf, end, ack_range->last) ||
!quic_enc_int(buf, end, tx_ack->ack_delay) ||
!quic_enc_int(buf, end, tx_ack->ack_ranges->sz - 1) ||
!quic_enc_int(buf, end, ack_range->last - ack_range->first))
return 0;
next_ack_range = LIST_NEXT(&ack_range->list, struct quic_ack_range *, list);
while (&next_ack_range->list != &tx_ack->ack_ranges->list) {
TRACE_PROTO("ack range", QUIC_EV_CONN_PRSAFRM, conn->conn,,
&next_ack_range->last, &next_ack_range->first);
if (!quic_enc_int(buf, end, ack_range->first - next_ack_range->last - 2) ||
!quic_enc_int(buf, end, next_ack_range->last - next_ack_range->first))
return 0;
ack_range = next_ack_range;
next_ack_range = LIST_NEXT(&ack_range->list, struct quic_ack_range *, list);
}
return 1;
}
/* Parse an ACK frame header from <buf> buffer with <end> as end into <frm> frame.
* Return 1 if succeeded (enough room to parse this frame), 0 if not.
*/
static int quic_parse_ack_frame_header(struct quic_frame *frm,
const unsigned char **buf, const unsigned char *end)
{
int ret;
struct quic_ack *ack = &frm->ack;
ret = quic_dec_int(&ack->largest_ack, buf, end);
if (!ret)
return 0;
ret = quic_dec_int(&ack->ack_delay, buf, end);
if (!ret)
return 0;
ret = quic_dec_int(&ack->ack_range_num, buf, end);
if (!ret)
return 0;
ret = quic_dec_int(&ack->first_ack_range, buf, end);
if (!ret)
return 0;
return 1;
}
/* Encode a ACK_ECN frame.
* Returns 1 if succeded (enough room in <buf> to encode the frame), 0 if not.
*/
static int quic_build_ack_ecn_frame(unsigned char **buf, const unsigned char *end,
struct quic_frame *frm, struct quic_conn *conn)
{
struct quic_ack *ack = &frm->ack;
return quic_enc_int(buf, end, ack->largest_ack) &&
quic_enc_int(buf, end, ack->ack_delay) &&
quic_enc_int(buf, end, ack->first_ack_range) &&
quic_enc_int(buf, end, ack->ack_range_num);
}
/* Parse an ACK_ECN frame from <buf> buffer with <end> as end into <frm> frame.
* Return 1 if succeeded (enough room to parse this frame), 0 if not.
*/
static int quic_parse_ack_ecn_frame(struct quic_frame *frm,
const unsigned char **buf, const unsigned char *end)
{
struct quic_ack *ack = &frm->ack;
return quic_dec_int(&ack->largest_ack, buf, end) &&
quic_dec_int(&ack->ack_delay, buf, end) &&
quic_dec_int(&ack->first_ack_range, buf, end) &&
quic_dec_int(&ack->ack_range_num, buf, end);
}
/* Encode a RESET_STREAM frame into <buf> buffer.
* Returns 1 if succeded (enough room in <buf> to encode the frame), 0 if not.
*/
static int quic_build_reset_stream_frame(unsigned char **buf, const unsigned char *end,
struct quic_frame *frm, struct quic_conn *conn)
{
struct quic_reset_stream *reset_stream = &frm->reset_stream;
return quic_enc_int(buf, end, reset_stream->id) &&
quic_enc_int(buf, end, reset_stream->app_error_code) &&
quic_enc_int(buf, end, reset_stream->final_size);
}
/* Parse a RESET_STREAM frame from <buf> buffer with <end> as end into <frm> frame.
* Return 1 if succeeded (enough room to parse this frame), 0 if not.
*/
static int quic_parse_reset_stream_frame(struct quic_frame *frm,
const unsigned char **buf, const unsigned char *end)
{
struct quic_reset_stream *reset_stream = &frm->reset_stream;
return quic_dec_int(&reset_stream->id, buf, end) &&
quic_dec_int(&reset_stream->app_error_code, buf, end) &&
quic_dec_int(&reset_stream->final_size, buf, end);
}
/* Encode a STOP_SENDING frame.
* Returns 1 if succeded (enough room in <buf> to encode the frame), 0 if not.
*/
static int quic_build_stop_sending_frame(unsigned char **buf, const unsigned char *end,
struct quic_frame *frm, struct quic_conn *conn)
{
struct quic_stop_sending_frame *stop_sending_frame = &frm->stop_sending_frame;
return quic_enc_int(buf, end, stop_sending_frame->id) &&
quic_enc_int(buf, end, stop_sending_frame->app_error_code);
}
/* Parse a STOP_SENDING frame from <buf> buffer with <end> as end into <frm> frame.
* Return 1 if succeeded (enough room to parse this frame), 0 if not.
*/
static int quic_parse_stop_sending_frame(struct quic_frame *frm,
const unsigned char **buf, const unsigned char *end)
{
struct quic_stop_sending_frame *stop_sending_frame = &frm->stop_sending_frame;
return quic_dec_int(&stop_sending_frame->id, buf, end) &&
quic_dec_int(&stop_sending_frame->app_error_code, buf, end);
}
/* Encode a CRYPTO frame into <buf> buffer.
* Returns 1 if succeded (enough room in <buf> to encode the frame), 0 if not.
*/
static int quic_build_crypto_frame(unsigned char **buf, const unsigned char *end,
struct quic_frame *frm, struct quic_conn *conn)
{
struct quic_crypto *crypto = &frm->crypto;
const struct quic_enc_level *qel = crypto->qel;
size_t offset, len;
if (!quic_enc_int(buf, end, crypto->offset) ||
!quic_enc_int(buf, end, crypto->len) || end - *buf < crypto->len)
return 0;
len = crypto->len;
offset = crypto->offset;
while (len) {
int idx;
size_t to_copy;
const unsigned char *data;
idx = offset >> QUIC_CRYPTO_BUF_SHIFT;
to_copy = qel->tx.crypto.bufs[idx]->sz - (offset & QUIC_CRYPTO_BUF_MASK);
if (to_copy > len)
to_copy = len;
data = qel->tx.crypto.bufs[idx]->data + (offset & QUIC_CRYPTO_BUF_MASK);
memcpy(*buf, data, to_copy);
*buf += to_copy;
offset += to_copy;
len -= to_copy;
}
return 1;
}
/* Parse a CRYPTO frame from <buf> buffer with <end> as end into <frm> frame.
* Return 1 if succeeded (enough room to parse this frame), 0 if not.
*/
static int quic_parse_crypto_frame(struct quic_frame *frm,
const unsigned char **buf, const unsigned char *end)
{
struct quic_crypto *crypto = &frm->crypto;
if (!quic_dec_int(&crypto->offset, buf, end) ||
!quic_dec_int(&crypto->len, buf, end) || end - *buf < crypto->len)
return 0;
crypto->data = *buf;
*buf += crypto->len;
return 1;
}
/* Encode a NEW_TOKEN frame into <buf> buffer.
* Returns 1 if succeded (enough room in <buf> to encode the frame), 0 if not.
*/
static int quic_build_new_token_frame(unsigned char **buf, const unsigned char *end,
struct quic_frame *frm, struct quic_conn *conn)
{
struct quic_new_token *new_token = &frm->new_token;
if (!quic_enc_int(buf, end, new_token->len) || end - *buf < new_token->len)
return 0;
memcpy(*buf, new_token->data, new_token->len);
return 1;
}
/* Parse a NEW_TOKEN frame from <buf> buffer with <end> as end into <frm> frame.
* Return 1 if succeeded (enough room to parse this frame), 0 if not.
*/
static int quic_parse_new_token_frame(struct quic_frame *frm,
const unsigned char **buf, const unsigned char *end)
{
struct quic_new_token *new_token = &frm->new_token;
if (!quic_dec_int(&new_token->len, buf, end) || end - *buf < new_token->len)
return 0;
new_token->data = *buf;
*buf += new_token->len;
return 1;
}
/* Encode a STREAM frame into <buf> buffer.
* Returns 1 if succeded (enough room in <buf> to encode the frame), 0 if not.
*/
static int quic_build_stream_frame(unsigned char **buf, const unsigned char *end,
struct quic_frame *frm, struct quic_conn *conn)
{
struct quic_stream *stream = &frm->stream;
if (!quic_enc_int(buf, end, stream->id) ||
((frm->type & QUIC_STREAM_FRAME_OFF_BIT) && !quic_enc_int(buf, end, stream->offset)) ||
((frm->type & QUIC_STREAM_FRAME_LEN_BIT) &&
(!quic_enc_int(buf, end, stream->len) || end - *buf < stream->len)))
return 0;
memcpy(*buf, stream->data, stream->len);
*buf += stream->len;
return 1;
}
/* Parse a STREAM frame from <buf> buffer with <end> as end into <frm> frame.
* Return 1 if succeeded (enough room to parse this frame), 0 if not.
*/
static int quic_parse_stream_frame(struct quic_frame *frm,
const unsigned char **buf, const unsigned char *end)
{
struct quic_stream *stream = &frm->stream;
if (!quic_dec_int(&stream->id, buf, end) ||
((frm->type & QUIC_STREAM_FRAME_OFF_BIT) && !quic_dec_int(&stream->offset, buf, end)) ||
((frm->type & QUIC_STREAM_FRAME_LEN_BIT) &&
(!quic_dec_int(&stream->len, buf, end) || end - *buf < stream->len)))
return 0;
stream->data = *buf;
*buf += stream->len;
return 1;
}
/* Encode a MAX_DATA frame into <buf> buffer.
* Returns 1 if succeded (enough room in <buf> to encode the frame), 0 if not.
*/
static int quic_build_max_data_frame(unsigned char **buf, const unsigned char *end,
struct quic_frame *frm, struct quic_conn *conn)
{
struct quic_max_data *max_data = &frm->max_data;
return quic_enc_int(buf, end, max_data->max_data);
}
/* Parse a MAX_DATA frame from <buf> buffer with <end> as end into <frm> frame.
* Return 1 if succeeded (enough room to parse this frame), 0 if not.
*/
static int quic_parse_max_data_frame(struct quic_frame *frm,
const unsigned char **buf, const unsigned char *end)
{
struct quic_max_data *max_data = &frm->max_data;
return quic_dec_int(&max_data->max_data, buf, end);
}
/* Encode a MAX_STREAM_DATA frame into <buf> buffer.
* Returns 1 if succeded (enough room in <buf> to encode the frame), 0 if not.
*/
static int quic_build_max_stream_data_frame(unsigned char **buf, const unsigned char *end,
struct quic_frame *frm, struct quic_conn *conn)
{
struct quic_max_stream_data *max_stream_data = &frm->max_stream_data;
return quic_enc_int(buf, end, max_stream_data->id) &&
quic_enc_int(buf, end, max_stream_data->max_stream_data);
}
/* Parse a MAX_STREAM_DATA frame from <buf> buffer with <end> as end into <frm> frame.
* Return 1 if succeeded (enough room to parse this frame), 0 if not.
*/
static int quic_parse_max_stream_data_frame(struct quic_frame *frm,
const unsigned char **buf, const unsigned char *end)
{
struct quic_max_stream_data *max_stream_data = &frm->max_stream_data;
return quic_dec_int(&max_stream_data->id, buf, end) &&
quic_dec_int(&max_stream_data->max_stream_data, buf, end);
}
/* Encode a MAX_STREAMS frame for bidirectional streams into <buf> buffer.
* Returns 1 if succeded (enough room in <buf> to encode the frame), 0 if not.
*/
static int quic_build_max_streams_bidi_frame(unsigned char **buf, const unsigned char *end,
struct quic_frame *frm, struct quic_conn *conn)
{
struct quic_max_streams *max_streams_bidi = &frm->max_streams_bidi;
return quic_enc_int(buf, end, max_streams_bidi->max_streams);
}
/* Parse a MAX_STREAMS frame for bidirectional streams from <buf> buffer with <end>
* as end into <frm> frame.
* Return 1 if succeeded (enough room to parse this frame), 0 if not.
*/
static int quic_parse_max_streams_bidi_frame(struct quic_frame *frm,
const unsigned char **buf, const unsigned char *end)
{
struct quic_max_streams *max_streams_bidi = &frm->max_streams_bidi;
return quic_dec_int(&max_streams_bidi->max_streams, buf, end);
}
/* Encode a MAX_STREAMS frame for unidirectional streams into <buf> buffer.
* Returns 1 if succeded (enough room in <buf> to encode the frame), 0 if not.
*/
static int quic_build_max_streams_uni_frame(unsigned char **buf, const unsigned char *end,
struct quic_frame *frm, struct quic_conn *conn)
{
struct quic_max_streams *max_streams_uni = &frm->max_streams_uni;
return quic_enc_int(buf, end, max_streams_uni->max_streams);
}
/* Parse a MAX_STREAMS frame for undirectional streams from <buf> buffer with <end>
* as end into <frm> frame.
* Return 1 if succeeded (enough room to parse this frame), 0 if not.
*/
static int quic_parse_max_streams_uni_frame(struct quic_frame *frm,
const unsigned char **buf, const unsigned char *end)
{
struct quic_max_streams *max_streams_uni = &frm->max_streams_uni;
return quic_dec_int(&max_streams_uni->max_streams, buf, end);
}
/* Encode a DATA_BLOCKED frame into <buf> buffer.
* Returns 1 if succeded (enough room in <buf> to encode the frame), 0 if not.
*/
static int quic_build_data_blocked_frame(unsigned char **buf, const unsigned char *end,
struct quic_frame *frm, struct quic_conn *conn)
{
struct quic_data_blocked *data_blocked = &frm->data_blocked;
return quic_enc_int(buf, end, data_blocked->limit);
}
/* Parse a DATA_BLOCKED frame from <buf> buffer with <end> as end into <frm> frame.
* Return 1 if succeeded (enough room to parse this frame), 0 if not.
*/
static int quic_parse_data_blocked_frame(struct quic_frame *frm,
const unsigned char **buf, const unsigned char *end)
{
struct quic_data_blocked *data_blocked = &frm->data_blocked;
return quic_dec_int(&data_blocked->limit, buf, end);
}
/* Encode a STREAM_DATA_BLOCKED into <buf> buffer.
* Returns 1 if succeded (enough room in <buf> to encode the frame), 0 if not.
*/
static int quic_build_stream_data_blocked_frame(unsigned char **buf, const unsigned char *end,
struct quic_frame *frm, struct quic_conn *conn)
{
struct quic_stream_data_blocked *stream_data_blocked = &frm->stream_data_blocked;
return quic_enc_int(buf, end, stream_data_blocked->id) &&
quic_enc_int(buf, end, stream_data_blocked->limit);
}
/* Parse a STREAM_DATA_BLOCKED frame from <buf> buffer with <end> as end into <frm> frame.
* Return 1 if succeeded (enough room to parse this frame), 0 if not.
*/
static int quic_parse_stream_data_blocked_frame(struct quic_frame *frm,
const unsigned char **buf, const unsigned char *end)
{
struct quic_stream_data_blocked *stream_data_blocked = &frm->stream_data_blocked;
return quic_dec_int(&stream_data_blocked->id, buf, end) &&
quic_dec_int(&stream_data_blocked->limit, buf, end);
}
/* Encode a STREAMS_BLOCKED frame for bidirectional streams into <buf> buffer.
* Returns 1 if succeded (enough room in <buf> to encode the frame), 0 if not.
*/
static int quic_build_streams_blocked_bidi_frame(unsigned char **buf, const unsigned char *end,
struct quic_frame *frm, struct quic_conn *conn)
{
struct quic_streams_blocked *streams_blocked_bidi = &frm->streams_blocked_bidi;
return quic_enc_int(buf, end, streams_blocked_bidi->limit);
}
/* Parse a STREAMS_BLOCKED frame for bidirectional streams from <buf> buffer with <end>
* as end into <frm> frame.
* Return 1 if succeeded (enough room to parse this frame), 0 if not.
*/
static int quic_parse_streams_blocked_bidi_frame(struct quic_frame *frm,
const unsigned char **buf, const unsigned char *end)
{
struct quic_streams_blocked *streams_blocked_bidi = &frm->streams_blocked_bidi;
return quic_dec_int(&streams_blocked_bidi->limit, buf, end);
}
/* Encode a STREAMS_BLOCKED frame for unidirectional streams into <buf> buffer.
* Returns 1 if succeded (enough room in <buf> to encode the frame), 0 if not.
*/
static int quic_build_streams_blocked_uni_frame(unsigned char **buf, const unsigned char *end,
struct quic_frame *frm, struct quic_conn *conn)
{
struct quic_streams_blocked *streams_blocked_uni = &frm->streams_blocked_uni;
return quic_enc_int(buf, end, streams_blocked_uni->limit);
}
/* Parse a STREAMS_BLOCKED frame for unidirectional streams from <buf> buffer with <end>
* as end into <frm> frame.
* Return 1 if succeeded (enough room to parse this frame), 0 if not.
*/
static int quic_parse_streams_blocked_uni_frame(struct quic_frame *frm,
const unsigned char **buf, const unsigned char *end)
{
struct quic_streams_blocked *streams_blocked_uni = &frm->streams_blocked_uni;
return quic_dec_int(&streams_blocked_uni->limit, buf, end);
}
/* Encode a NEW_CONNECTION_ID frame into <buf> buffer.
* Returns 1 if succeded (enough room in <buf> to encode the frame), 0 if not.
*/
static int quic_build_new_connection_id_frame(unsigned char **buf, const unsigned char *end,
struct quic_frame *frm, struct quic_conn *conn)
{
struct quic_new_connection_id *new_cid = &frm->new_connection_id;
if (!quic_enc_int(buf, end, new_cid->seq_num) ||
!quic_enc_int(buf, end, new_cid->retire_prior_to) ||
end - *buf < sizeof new_cid->cid.len + new_cid->cid.len + QUIC_STATELESS_RESET_TOKEN_LEN)
return 0;
*(*buf)++ = new_cid->cid.len;
if (new_cid->cid.len) {
memcpy(*buf, new_cid->cid.data, new_cid->cid.len);
*buf += new_cid->cid.len;
}
memcpy(*buf, new_cid->stateless_reset_token, QUIC_STATELESS_RESET_TOKEN_LEN);
*buf += QUIC_STATELESS_RESET_TOKEN_LEN;
return 1;
}
/* Parse a NEW_CONNECTION_ID frame from <buf> buffer with <end> as end into <frm> frame.
* Return 1 if succeeded (enough room to parse this frame), 0 if not.
*/
static int quic_parse_new_connection_id_frame(struct quic_frame *frm,
const unsigned char **buf, const unsigned char *end)
{
struct quic_new_connection_id *new_cid = &frm->new_connection_id;
if (!quic_dec_int(&new_cid->seq_num, buf, end) ||
!quic_dec_int(&new_cid->retire_prior_to, buf, end) || end <= *buf)
return 0;
new_cid->cid.len = *(*buf)++;
if (end - *buf < new_cid->cid.len + QUIC_STATELESS_RESET_TOKEN_LEN)
return 0;
if (new_cid->cid.len) {
new_cid->cid.data = *buf;
*buf += new_cid->cid.len;
}
new_cid->stateless_reset_token = *buf;
*buf += QUIC_STATELESS_RESET_TOKEN_LEN;
return 1;
}
/* Encode a RETIRE_CONNECTION_ID frame into <buf> buffer.
* Returns 1 if succeded (enough room in <buf> to encode the frame), 0 if not.
*/
static int quic_build_retire_connection_id_frame(unsigned char **buf, const unsigned char *end,
struct quic_frame *frm, struct quic_conn *conn)
{
struct quic_retire_connection_id *retire_connection_id = &frm->retire_connection_id;
return quic_enc_int(buf, end, retire_connection_id->seq_num);
}
/* Parse a RETIRE_CONNECTION_ID frame from <buf> buffer with <end> as end into <frm> frame.
* Return 1 if succeeded (enough room to parse this frame), 0 if not.
*/
static int quic_parse_retire_connection_id_frame(struct quic_frame *frm,
const unsigned char **buf, const unsigned char *end)
{
struct quic_retire_connection_id *retire_connection_id = &frm->retire_connection_id;
return quic_dec_int(&retire_connection_id->seq_num, buf, end);
}
/* Encode a PATH_CHALLENGE frame into <buf> buffer.
* Returns 1 if succeded (enough room in <buf> to encode the frame), 0 if not.
*/
static int quic_build_path_challenge_frame(unsigned char **buf, const unsigned char *end,
struct quic_frame *frm, struct quic_conn *conn)
{
struct quic_path_challenge *path_challenge = &frm->path_challenge;
if (end - *buf < sizeof path_challenge->data)
return 0;
memcpy(*buf, path_challenge->data, sizeof path_challenge->data);
*buf += sizeof path_challenge->data;
return 1;
}
/* Parse a PATH_CHALLENGE frame from <buf> buffer with <end> as end into <frm> frame.
* Return 1 if succeeded (enough room to parse this frame), 0 if not.
*/
static int quic_parse_path_challenge_frame(struct quic_frame *frm,
const unsigned char **buf, const unsigned char *end)
{
struct quic_path_challenge *path_challenge = &frm->path_challenge;
if (end - *buf < sizeof path_challenge->data)
return 0;
memcpy(path_challenge->data, *buf, sizeof path_challenge->data);
*buf += sizeof path_challenge->data;
return 1;
}
/* Encode a PATH_RESPONSE frame into <buf> buffer.
* Returns 1 if succeded (enough room in <buf> to encode the frame), 0 if not.
*/
static int quic_build_path_response_frame(unsigned char **buf, const unsigned char *end,
struct quic_frame *frm, struct quic_conn *conn)
{
struct quic_path_challenge_response *path_challenge_response = &frm->path_challenge_response;
if (end - *buf < sizeof path_challenge_response->data)
return 0;
memcpy(*buf, path_challenge_response->data, sizeof path_challenge_response->data);
*buf += sizeof path_challenge_response->data;
return 1;
}
/* Parse a PATH_RESPONSE frame from <buf> buffer with <end> as end into <frm> frame.
* Return 1 if succeeded (enough room to parse this frame), 0 if not.
*/
static int quic_parse_path_response_frame(struct quic_frame *frm,
const unsigned char **buf, const unsigned char *end)
{
struct quic_path_challenge_response *path_challenge_response = &frm->path_challenge_response;
if (end - *buf < sizeof path_challenge_response->data)
return 0;
memcpy(path_challenge_response->data, *buf, sizeof path_challenge_response->data);
*buf += sizeof path_challenge_response->data;
return 1;
}
/* Encode a CONNECTION_CLOSE frame at QUIC layer into <buf> buffer.
* Note there exist two types of CONNECTION_CLOSE frame, one for the application layer
* and another at QUIC layer.
* Returns 1 if succeded (enough room in <buf> to encode the frame), 0 if not.
*/
static int quic_build_connection_close_frame(unsigned char **buf, const unsigned char *end,
struct quic_frame *frm, struct quic_conn *conn)
{
struct quic_connection_close *connection_close = &frm->connection_close;
if (!quic_enc_int(buf, end, connection_close->error_code) ||
!quic_enc_int(buf, end, connection_close->frame_type) ||
!quic_enc_int(buf, end, connection_close->reason_phrase_len) ||
end - *buf < connection_close->reason_phrase_len)
return 0;
memcpy(*buf, connection_close->reason_phrase, connection_close->reason_phrase_len);
*buf += connection_close->reason_phrase_len;
return 1;
}
/* Parse a CONNECTION_CLOSE frame at QUIC layer from <buf> buffer with <end> as end into <frm> frame.
* Note there exist two types of CONNECTION_CLOSE frame, one for the application layer
* and another at QUIC layer.
* Return 1 if succeeded (enough room to parse this frame), 0 if not.
*/
static int quic_parse_connection_close_frame(struct quic_frame *frm,
const unsigned char **buf, const unsigned char *end)
{
struct quic_connection_close *connection_close = &frm->connection_close;
if (!quic_dec_int(&connection_close->error_code, buf, end) ||
!quic_dec_int(&connection_close->frame_type, buf, end) ||
!quic_dec_int(&connection_close->reason_phrase_len, buf, end) ||
end - *buf < connection_close->reason_phrase_len)
return 0;
if (connection_close->reason_phrase_len) {
memcpy(connection_close->reason_phrase, *buf, connection_close->reason_phrase_len);
*buf += connection_close->reason_phrase_len;
}
return 1;
}
/* Encode a CONNECTION_CLOSE frame at application layer into <buf> buffer.
* Note there exist two types of CONNECTION_CLOSE frame, one for application layer
* and another at QUIC layer.
* Returns 1 if succeded (enough room in <buf> to encode the frame), 0 if not.
*/
static int quic_build_connection_close_app_frame(unsigned char **buf, const unsigned char *end,
struct quic_frame *frm, struct quic_conn *conn)
{
struct quic_connection_close_app *connection_close_app = &frm->connection_close_app;
if (!quic_enc_int(buf, end, connection_close_app->error_code) ||
!quic_enc_int(buf, end, connection_close_app->reason_phrase_len) ||
end - *buf < connection_close_app->reason_phrase_len)
return 0;
if (connection_close_app->reason_phrase_len) {
memcpy(*buf, connection_close_app->reason_phrase, connection_close_app->reason_phrase_len);
*buf += connection_close_app->reason_phrase_len;
}
return 1;
}
/* Parse a CONNECTION_CLOSE frame at QUIC layer from <buf> buffer with <end> as end into <frm> frame.
* Note there exist two types of CONNECTION_CLOSE frame, one for the application layer
* and another at QUIC layer.
* Return 1 if succeeded (enough room to parse this frame), 0 if not.
*/
static int quic_parse_connection_close_app_frame(struct quic_frame *frm,
const unsigned char **buf, const unsigned char *end)
{
struct quic_connection_close_app *connection_close_app = &frm->connection_close_app;
if (!quic_dec_int(&connection_close_app->error_code, buf, end) ||
!quic_dec_int(&connection_close_app->reason_phrase_len, buf, end) ||
end - *buf < connection_close_app->reason_phrase_len)
return 0;
memcpy(connection_close_app->reason_phrase, *buf, connection_close_app->reason_phrase_len);
*buf += connection_close_app->reason_phrase_len;
return 1;
}
/* Encode a HANDSHAKE_DONE frame into <buf> buffer.
* Always succeeds.
*/
static int quic_build_handshake_done_frame(unsigned char **buf, const unsigned char *end,
struct quic_frame *frm, struct quic_conn *conn)
{
/* No field */
return 1;
}
/* Parse a HANDSHAKE_DONE frame at QUIC layer from <buf> buffer with <end> as end into <frm> frame.
* Always succeed.
*/
static int quic_parse_handshake_done_frame(struct quic_frame *frm,
const unsigned char **buf, const unsigned char *end)
{
/* No field */
return 1;
}
struct quic_frame_builder {
int (*func)(unsigned char **buf, const unsigned char *end,
struct quic_frame *frm, struct quic_conn *conn);
unsigned char flags;
};
struct quic_frame_builder quic_frame_builders[] = {
[QUIC_FT_PADDING] = { .func = quic_build_padding_frame, .flags = QUIC_FL_TX_PACKET_PADDING, },
[QUIC_FT_PING] = { .func = quic_build_ping_frame, .flags = QUIC_FL_TX_PACKET_ACK_ELICITING, },
[QUIC_FT_ACK] = { .func = quic_build_ack_frame, .flags = 0, },
[QUIC_FT_ACK_ECN] = { .func = quic_build_ack_ecn_frame, .flags = 0, },
[QUIC_FT_RESET_STREAM] = { .func = quic_build_reset_stream_frame, .flags = QUIC_FL_TX_PACKET_ACK_ELICITING, },
[QUIC_FT_STOP_SENDING] = { .func = quic_build_stop_sending_frame, .flags = QUIC_FL_TX_PACKET_ACK_ELICITING, },
[QUIC_FT_CRYPTO] = { .func = quic_build_crypto_frame, .flags = QUIC_FL_TX_PACKET_ACK_ELICITING, },
[QUIC_FT_NEW_TOKEN] = { .func = quic_build_new_token_frame, .flags = QUIC_FL_TX_PACKET_ACK_ELICITING, },
[QUIC_FT_STREAM_8] = { .func = quic_build_stream_frame, .flags = QUIC_FL_TX_PACKET_ACK_ELICITING, },
[QUIC_FT_STREAM_9] = { .func = quic_build_stream_frame, .flags = QUIC_FL_TX_PACKET_ACK_ELICITING, },
[QUIC_FT_STREAM_A] = { .func = quic_build_stream_frame, .flags = QUIC_FL_TX_PACKET_ACK_ELICITING, },
[QUIC_FT_STREAM_B] = { .func = quic_build_stream_frame, .flags = QUIC_FL_TX_PACKET_ACK_ELICITING, },
[QUIC_FT_STREAM_C] = { .func = quic_build_stream_frame, .flags = QUIC_FL_TX_PACKET_ACK_ELICITING, },
[QUIC_FT_STREAM_D] = { .func = quic_build_stream_frame, .flags = QUIC_FL_TX_PACKET_ACK_ELICITING, },
[QUIC_FT_STREAM_E] = { .func = quic_build_stream_frame, .flags = QUIC_FL_TX_PACKET_ACK_ELICITING, },
[QUIC_FT_STREAM_F] = { .func = quic_build_stream_frame, .flags = QUIC_FL_TX_PACKET_ACK_ELICITING, },
[QUIC_FT_MAX_DATA] = { .func = quic_build_max_data_frame, .flags = QUIC_FL_TX_PACKET_ACK_ELICITING, },
[QUIC_FT_MAX_STREAM_DATA] = { .func = quic_build_max_stream_data_frame, .flags = QUIC_FL_TX_PACKET_ACK_ELICITING, },
[QUIC_FT_MAX_STREAMS_BIDI] = { .func = quic_build_max_streams_bidi_frame, .flags = QUIC_FL_TX_PACKET_ACK_ELICITING, },
[QUIC_FT_MAX_STREAMS_UNI] = { .func = quic_build_max_streams_uni_frame, .flags = QUIC_FL_TX_PACKET_ACK_ELICITING, },
[QUIC_FT_DATA_BLOCKED] = { .func = quic_build_data_blocked_frame, .flags = QUIC_FL_TX_PACKET_ACK_ELICITING, },
[QUIC_FT_STREAM_DATA_BLOCKED] = { .func = quic_build_stream_data_blocked_frame, .flags = QUIC_FL_TX_PACKET_ACK_ELICITING, },
[QUIC_FT_STREAMS_BLOCKED_BIDI] = { .func = quic_build_streams_blocked_bidi_frame, .flags = QUIC_FL_TX_PACKET_ACK_ELICITING, },
[QUIC_FT_STREAMS_BLOCKED_UNI] = { .func = quic_build_streams_blocked_uni_frame, .flags = QUIC_FL_TX_PACKET_ACK_ELICITING, },
[QUIC_FT_NEW_CONNECTION_ID] = { .func = quic_build_new_connection_id_frame, .flags = QUIC_FL_TX_PACKET_ACK_ELICITING, },
[QUIC_FT_RETIRE_CONNECTION_ID] = { .func = quic_build_retire_connection_id_frame, .flags = QUIC_FL_TX_PACKET_ACK_ELICITING, },
[QUIC_FT_PATH_CHALLENGE] = { .func = quic_build_path_challenge_frame, .flags = QUIC_FL_TX_PACKET_ACK_ELICITING, },
[QUIC_FT_PATH_RESPONSE] = { .func = quic_build_path_response_frame, .flags = QUIC_FL_TX_PACKET_ACK_ELICITING, },
[QUIC_FT_CONNECTION_CLOSE] = { .func = quic_build_connection_close_frame, .flags = 0, },
[QUIC_FT_CONNECTION_CLOSE_APP] = { .func = quic_build_connection_close_app_frame, .flags = 0, },
[QUIC_FT_HANDSHAKE_DONE] = { .func = quic_build_handshake_done_frame, .flags = QUIC_FL_TX_PACKET_ACK_ELICITING, },
};
struct quic_frame_parser {
int (*func)(struct quic_frame *frm,
const unsigned char **, const unsigned char *);
unsigned char mask;
};
struct quic_frame_parser quic_frame_parsers[] = {
[QUIC_FT_PADDING] = { .func = quic_parse_padding_frame, .mask = QUIC_FT_PKT_TYPE_IH01_BITMASK, },
[QUIC_FT_PING] = { .func = quic_parse_ping_frame, .mask = QUIC_FT_PKT_TYPE_IH01_BITMASK, },
[QUIC_FT_ACK] = { .func = quic_parse_ack_frame_header, .mask = QUIC_FT_PKT_TYPE_IH_1_BITMASK, },
[QUIC_FT_ACK_ECN] = { .func = quic_parse_ack_ecn_frame, .mask = QUIC_FT_PKT_TYPE_IH_1_BITMASK, },
[QUIC_FT_RESET_STREAM] = { .func = quic_parse_reset_stream_frame, .mask = QUIC_FT_PKT_TYPE___01_BITMASK, },
[QUIC_FT_STOP_SENDING] = { .func = quic_parse_stop_sending_frame, .mask = QUIC_FT_PKT_TYPE___01_BITMASK, },
[QUIC_FT_CRYPTO] = { .func = quic_parse_crypto_frame, .mask = QUIC_FT_PKT_TYPE_IH_1_BITMASK, },
[QUIC_FT_NEW_TOKEN] = { .func = quic_parse_new_token_frame, .mask = QUIC_FT_PKT_TYPE____1_BITMASK, },
[QUIC_FT_STREAM_8] = { .func = quic_parse_stream_frame, .mask = QUIC_FT_PKT_TYPE___01_BITMASK, },
[QUIC_FT_STREAM_9] = { .func = quic_parse_stream_frame, .mask = QUIC_FT_PKT_TYPE___01_BITMASK, },
[QUIC_FT_STREAM_A] = { .func = quic_parse_stream_frame, .mask = QUIC_FT_PKT_TYPE___01_BITMASK, },
[QUIC_FT_STREAM_B] = { .func = quic_parse_stream_frame, .mask = QUIC_FT_PKT_TYPE___01_BITMASK, },
[QUIC_FT_STREAM_C] = { .func = quic_parse_stream_frame, .mask = QUIC_FT_PKT_TYPE___01_BITMASK, },
[QUIC_FT_STREAM_D] = { .func = quic_parse_stream_frame, .mask = QUIC_FT_PKT_TYPE___01_BITMASK, },
[QUIC_FT_STREAM_E] = { .func = quic_parse_stream_frame, .mask = QUIC_FT_PKT_TYPE___01_BITMASK, },
[QUIC_FT_STREAM_F] = { .func = quic_parse_stream_frame, .mask = QUIC_FT_PKT_TYPE___01_BITMASK, },
[QUIC_FT_MAX_DATA] = { .func = quic_parse_max_data_frame, .mask = QUIC_FT_PKT_TYPE___01_BITMASK, },
[QUIC_FT_MAX_STREAM_DATA] = { .func = quic_parse_max_stream_data_frame, .mask = QUIC_FT_PKT_TYPE___01_BITMASK, },
[QUIC_FT_MAX_STREAMS_BIDI] = { .func = quic_parse_max_streams_bidi_frame, .mask = QUIC_FT_PKT_TYPE___01_BITMASK, },
[QUIC_FT_MAX_STREAMS_UNI] = { .func = quic_parse_max_streams_uni_frame, .mask = QUIC_FT_PKT_TYPE___01_BITMASK, },
[QUIC_FT_DATA_BLOCKED] = { .func = quic_parse_data_blocked_frame, .mask = QUIC_FT_PKT_TYPE___01_BITMASK, },
[QUIC_FT_STREAM_DATA_BLOCKED] = { .func = quic_parse_stream_data_blocked_frame, .mask = QUIC_FT_PKT_TYPE___01_BITMASK, },
[QUIC_FT_STREAMS_BLOCKED_BIDI] = { .func = quic_parse_streams_blocked_bidi_frame, .mask = QUIC_FT_PKT_TYPE___01_BITMASK, },
[QUIC_FT_STREAMS_BLOCKED_UNI] = { .func = quic_parse_streams_blocked_uni_frame, .mask = QUIC_FT_PKT_TYPE___01_BITMASK, },
[QUIC_FT_NEW_CONNECTION_ID] = { .func = quic_parse_new_connection_id_frame, .mask = QUIC_FT_PKT_TYPE___01_BITMASK, },
[QUIC_FT_RETIRE_CONNECTION_ID] = { .func = quic_parse_retire_connection_id_frame, .mask = QUIC_FT_PKT_TYPE___01_BITMASK, },
[QUIC_FT_PATH_CHALLENGE] = { .func = quic_parse_path_challenge_frame, .mask = QUIC_FT_PKT_TYPE___01_BITMASK, },
[QUIC_FT_PATH_RESPONSE] = { .func = quic_parse_path_response_frame, .mask = QUIC_FT_PKT_TYPE___01_BITMASK, },
[QUIC_FT_CONNECTION_CLOSE] = { .func = quic_parse_connection_close_frame, .mask = QUIC_FT_PKT_TYPE_IH01_BITMASK, },
[QUIC_FT_CONNECTION_CLOSE_APP] = { .func = quic_parse_connection_close_app_frame, .mask = QUIC_FT_PKT_TYPE___01_BITMASK, },
[QUIC_FT_HANDSHAKE_DONE] = { .func = quic_parse_handshake_done_frame, .mask = QUIC_FT_PKT_TYPE____1_BITMASK, },
};
/* Decode a QUIC frame from <buf> buffer into <frm> frame.
* Returns 1 if succeded (enough data to parse the frame), 0 if not.
*/
int qc_parse_frm(struct quic_frame *frm, struct quic_rx_packet *pkt,
const unsigned char **buf, const unsigned char *end,
struct quic_conn *conn)
{
struct quic_frame_parser *parser;
if (end <= *buf) {
TRACE_DEVEL("wrong frame", QUIC_EV_CONN_PRSFRM, conn->conn);
return 0;
}
frm->type = *(*buf)++;
if (frm->type > QUIC_FT_MAX) {
TRACE_DEVEL("wrong frame type", QUIC_EV_CONN_PRSFRM, conn->conn, frm);
return 0;
}
parser = &quic_frame_parsers[frm->type];
if (!(parser->mask & (1 << pkt->type))) {
TRACE_DEVEL("unauthorized frame", QUIC_EV_CONN_PRSFRM, conn->conn, frm);
return 0;
}
TRACE_PROTO("frame", QUIC_EV_CONN_PRSFRM, conn->conn, frm);
if (!quic_frame_parsers[frm->type].func(frm, buf, end)) {
TRACE_DEVEL("parsing error", QUIC_EV_CONN_PRSFRM, conn->conn, frm);
return 0;
}
return 1;
}
/* Encode <frm> QUIC frame into <buf> buffer.
* Returns 1 if succeded (enough room in <buf> to encode the frame), 0 if not.
*/
int qc_build_frm(unsigned char **buf, const unsigned char *end,
struct quic_frame *frm, struct quic_tx_packet *pkt,
struct quic_conn *conn)
{
if (end <= *buf) {
TRACE_DEVEL("not enough room", QUIC_EV_CONN_BFRM, conn->conn, frm);
return 0;
}
TRACE_PROTO("frame", QUIC_EV_CONN_BFRM, conn->conn, frm);
*(*buf)++ = frm->type;
if (!quic_frame_builders[frm->type].func(buf, end, frm, conn)) {
TRACE_DEVEL("frame building error", QUIC_EV_CONN_BFRM, conn->conn, frm);
return 0;
}
pkt->flags |= quic_frame_builders[frm->type].flags;
return 1;
}

388
src/quic_tls.c Normal file
View File

@ -0,0 +1,388 @@
#include <string.h>
#include <openssl/ssl.h>
#if defined(OPENSSL_IS_BORINGSSL)
#include <openssl/hkdf.h>
#else
#include <openssl/evp.h>
#include <openssl/kdf.h>
#endif
#include <haproxy/buf.h>
#include <haproxy/chunk.h>
//#include <haproxy/quic_tls-t.h>
#include <haproxy/xprt_quic.h>
__attribute__((format (printf, 3, 4)))
void hexdump(const void *buf, size_t buflen, const char *title_fmt, ...);
/* Initial salt depending on QUIC version to derive client/server initial secrets.
* This one is for draft-23 QUIC version.
*/
unsigned char initial_salt[20] = {
0xc3, 0xee, 0xf7, 0x12, 0xc7, 0x2e, 0xbb, 0x5a,
0x11, 0xa7, 0xd2, 0x43, 0x2b, 0xb4, 0x63, 0x65,
0xbe, 0xf9, 0xf5, 0x02,
};
/* Dump the RX/TX secrets of <secs> QUIC TLS secrets. */
void quic_tls_keys_hexdump(struct buffer *buf, struct quic_tls_secrets *secs)
{
int i;
size_t aead_keylen = (size_t)EVP_CIPHER_key_length(secs->aead);
size_t aead_ivlen = (size_t)EVP_CIPHER_iv_length(secs->aead);
size_t hp_len = (size_t)EVP_CIPHER_key_length(secs->hp);
chunk_appendf(buf, "\n key=");
for (i = 0; i < aead_keylen; i++)
chunk_appendf(buf, "%02x", secs->key[i]);
chunk_appendf(buf, "\n iv=");
for (i = 0; i < aead_ivlen; i++)
chunk_appendf(buf, "%02x", secs->iv[i]);
chunk_appendf(buf, "\n hp=");
for (i = 0; i < hp_len; i++)
chunk_appendf(buf, "%02x", secs->hp_key[i]);
}
/* Dump <secret> TLS secret. */
void quic_tls_secret_hexdump(struct buffer *buf,
const unsigned char *secret, size_t secret_len)
{
int i;
chunk_appendf(buf, " secret=");
for (i = 0; i < secret_len; i++)
chunk_appendf(buf, "%02x", secret[i]);
}
#if defined(OPENSSL_IS_BORINGSSL)
int quic_hkdf_extract(const EVP_MD *md,
unsigned char *buf, size_t *buflen,
const unsigned char *key, size_t keylen,
unsigned char *salt, size_t saltlen)
{
return HKDF_extract(buf, buflen, md, key, keylen, salt, saltlen);
}
int quic_hkdf_expand(const EVP_MD *md,
unsigned char *buf, size_t buflen,
const unsigned char *key, size_t keylen,
const unsigned char *label, size_t labellen)
{
return HKDF_expand(buf, buflen, md, key, keylen, label, labellen);
}
#else
int quic_hkdf_extract(const EVP_MD *md,
unsigned char *buf, size_t *buflen,
const unsigned char *key, size_t keylen,
unsigned char *salt, size_t saltlen)
{
EVP_PKEY_CTX *ctx;
ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
if (!ctx)
return 0;
if (EVP_PKEY_derive_init(ctx) <= 0 ||
EVP_PKEY_CTX_hkdf_mode(ctx, EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY) <= 0 ||
EVP_PKEY_CTX_set_hkdf_md(ctx, md) <= 0 ||
EVP_PKEY_CTX_set1_hkdf_salt(ctx, salt, saltlen) <= 0 ||
EVP_PKEY_CTX_set1_hkdf_key(ctx, key, keylen) <= 0 ||
EVP_PKEY_derive(ctx, buf, buflen) <= 0)
goto err;
EVP_PKEY_CTX_free(ctx);
return 1;
err:
EVP_PKEY_CTX_free(ctx);
return 0;
}
int quic_hkdf_expand(const EVP_MD *md,
unsigned char *buf, size_t buflen,
const unsigned char *key, size_t keylen,
const unsigned char *label, size_t labellen)
{
EVP_PKEY_CTX *ctx;
ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
if (!ctx)
return 0;
if (EVP_PKEY_derive_init(ctx) <= 0 ||
EVP_PKEY_CTX_hkdf_mode(ctx, EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) <= 0 ||
EVP_PKEY_CTX_set_hkdf_md(ctx, md) <= 0 ||
EVP_PKEY_CTX_set1_hkdf_key(ctx, key, keylen) <= 0 ||
EVP_PKEY_CTX_add1_hkdf_info(ctx, label, labellen) <= 0 ||
EVP_PKEY_derive(ctx, buf, &buflen) <= 0)
goto err;
EVP_PKEY_CTX_free(ctx);
return 1;
err:
EVP_PKEY_CTX_free(ctx);
return 0;
}
#endif
/* https://quicwg.org/base-drafts/draft-ietf-quic-tls.html#protection-keys
* refers to:
*
* https://tools.ietf.org/html/rfc8446#section-7.1:
* 7.1. Key Schedule
*
* The key derivation process makes use of the HKDF-Extract and
* HKDF-Expand functions as defined for HKDF [RFC5869], as well as the
* functions defined below:
*
* HKDF-Expand-Label(Secret, Label, Context, Length) =
* HKDF-Expand(Secret, HkdfLabel, Length)
*
* Where HkdfLabel is specified as:
*
* struct {
* uint16 length = Length;
* opaque label<7..255> = "tls13 " + Label;
* opaque context<0..255> = Context;
* } HkdfLabel;
*
* Derive-Secret(Secret, Label, Messages) =
* HKDF-Expand-Label(Secret, Label,
* Transcript-Hash(Messages), Hash.length)
*
*/
int quic_hkdf_expand_label(const EVP_MD *md,
unsigned char *buf, size_t buflen,
const unsigned char *key, size_t keylen,
const unsigned char *label, size_t labellen)
{
unsigned char hdkf_label[256], *pos;
const unsigned char hdkf_label_label[] = "tls13 ";
size_t hdkf_label_label_sz = sizeof hdkf_label_label - 1;
pos = hdkf_label;
*pos++ = buflen >> 8;
*pos++ = buflen & 0xff;
*pos++ = hdkf_label_label_sz + labellen;
memcpy(pos, hdkf_label_label, hdkf_label_label_sz);
pos += hdkf_label_label_sz;
memcpy(pos, label, labellen);
pos += labellen;
*pos++ = '\0';
return quic_hkdf_expand(md, buf, buflen,
key, keylen, hdkf_label, pos - hdkf_label);
}
/*
* This function derives two keys from <secret> is <ctx> as TLS cryptographic context.
* ->key is the TLS key to be derived to encrypt/decrypt data at TLS level.
* ->iv is the initialization vector to be used with ->key.
* ->hp_key is the key to be derived for header protection.
* Obviouly these keys have the same size becaused derived with the same TLS cryptographic context.
*/
int quic_tls_derive_keys(const EVP_CIPHER *aead, const EVP_CIPHER *hp,
const EVP_MD *md,
unsigned char *key, size_t keylen,
unsigned char *iv, size_t ivlen,
unsigned char *hp_key, size_t hp_keylen,
const unsigned char *secret, size_t secretlen)
{
size_t aead_keylen = (size_t)EVP_CIPHER_key_length(aead);
size_t aead_ivlen = (size_t)EVP_CIPHER_iv_length(aead);
size_t hp_len = (size_t)EVP_CIPHER_key_length(hp);
const unsigned char key_label[] = "quic key";
const unsigned char iv_label[] = "quic iv";
const unsigned char hp_key_label[] = "quic hp";
if (aead_keylen > keylen || aead_ivlen > ivlen || hp_len > hp_keylen)
return 0;
if (!quic_hkdf_expand_label(md, key, aead_keylen, secret, secretlen,
key_label, sizeof key_label - 1) ||
!quic_hkdf_expand_label(md, iv, aead_ivlen, secret, secretlen,
iv_label, sizeof iv_label - 1) ||
!quic_hkdf_expand_label(md, hp_key, hp_len, secret, secretlen,
hp_key_label, sizeof hp_key_label - 1))
return 0;
return 1;
}
/*
* Derive the initial secret from <secret> and QUIC version dependent salt.
* Returns the size of the derived secret if succeeded, 0 if not.
*/
int quic_derive_initial_secret(const EVP_MD *md,
unsigned char *initial_secret, size_t initial_secret_sz,
const unsigned char *secret, size_t secret_sz)
{
if (!quic_hkdf_extract(md, initial_secret, &initial_secret_sz, secret, secret_sz,
initial_salt, sizeof initial_salt))
return 0;
return 1;
}
/*
* Derive the client initial secret from the initial secret.
* Returns the size of the derived secret if succeeded, 0 if not.
*/
int quic_tls_derive_initial_secrets(const EVP_MD *md,
unsigned char *rx, size_t rx_sz,
unsigned char *tx, size_t tx_sz,
const unsigned char *secret, size_t secret_sz,
int server)
{
const unsigned char client_label[] = "client in";
const unsigned char server_label[] = "server in";
const unsigned char *tx_label, *rx_label;
size_t rx_label_sz, tx_label_sz;
if (server) {
rx_label = client_label;
rx_label_sz = sizeof client_label;
tx_label = server_label;
tx_label_sz = sizeof server_label;
}
else {
rx_label = server_label;
rx_label_sz = sizeof server_label;
tx_label = client_label;
tx_label_sz = sizeof client_label;
}
if (!quic_hkdf_expand_label(md, rx, rx_sz, secret, secret_sz,
rx_label, rx_label_sz - 1) ||
!quic_hkdf_expand_label(md, tx, tx_sz, secret, secret_sz,
tx_label, tx_label_sz - 1))
return 0;
return 1;
}
/*
* Build an IV into <iv> buffer with <ivlen> as size from <aead_iv> with
* <aead_ivlen> as size depending on <pn> packet number.
* This is the function which must be called to build an AEAD IV for the AEAD cryptographic algorithm
* used to encrypt/decrypt the QUIC packet payloads depending on the packet number <pn>.
* This function fails and return 0 only if the two buffer lengths are different, 1 if not.
*/
int quic_aead_iv_build(unsigned char *iv, size_t ivlen,
unsigned char *aead_iv, size_t aead_ivlen, uint64_t pn)
{
int i;
unsigned int shift;
unsigned char *pos = iv;
if (ivlen != aead_ivlen)
return 0;
for (i = 0; i < ivlen - sizeof pn; i++)
*pos++ = *aead_iv++;
/* Only the remaining (sizeof pn) bytes are XOR'ed. */
shift = 56;
for (i = aead_ivlen - sizeof pn; i < aead_ivlen ; i++, shift -= 8)
*pos++ = *aead_iv++ ^ (pn >> shift);
return 1;
}
/*
* https://quicwg.org/base-drafts/draft-ietf-quic-tls.html#aead
*
* 5.3. AEAD Usage
*
* Packets are protected prior to applying header protection (Section 5.4).
* The unprotected packet header is part of the associated data (A). When removing
* packet protection, an endpoint first removes the header protection.
* (...)
* These ciphersuites have a 16-byte authentication tag and produce an output 16
* bytes larger than their input.
* The key and IV for the packet are computed as described in Section 5.1. The nonce,
* N, is formed by combining the packet protection IV with the packet number. The 62
* bits of the reconstructed QUIC packet number in network byte order are left-padded
* with zeros to the size of the IV. The exclusive OR of the padded packet number and
* the IV forms the AEAD nonce.
*
* The associated data, A, for the AEAD is the contents of the QUIC header, starting
* from the flags byte in either the short or long header, up to and including the
* unprotected packet number.
*
* The input plaintext, P, for the AEAD is the payload of the QUIC packet, as described
* in [QUIC-TRANSPORT].
*
* The output ciphertext, C, of the AEAD is transmitted in place of P.
*
* Some AEAD functions have limits for how many packets can be encrypted under the same
* key and IV (see for example [AEBounds]). This might be lower than the packet number limit.
* An endpoint MUST initiate a key update (Section 6) prior to exceeding any limit set for
* the AEAD that is in use.
*/
int quic_tls_encrypt(unsigned char *buf, size_t len,
const unsigned char *aad, size_t aad_len,
const EVP_CIPHER *aead, const unsigned char *key, const unsigned char *iv)
{
EVP_CIPHER_CTX *ctx;
int ret, outlen;
ret = 0;
ctx = EVP_CIPHER_CTX_new();
if (!ctx)
return 0;
if (!EVP_EncryptInit_ex(ctx, aead, NULL, key, iv) ||
!EVP_EncryptUpdate(ctx, NULL, &outlen, aad, aad_len) ||
!EVP_EncryptUpdate(ctx, buf, &outlen, buf, len) ||
!EVP_EncryptFinal_ex(ctx, buf + outlen, &outlen) ||
!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, QUIC_TLS_TAG_LEN, buf + len))
goto out;
ret = 1;
out:
EVP_CIPHER_CTX_free(ctx);
return ret;
}
int quic_tls_decrypt(unsigned char *buf, size_t len,
unsigned char *aad, size_t aad_len,
const EVP_CIPHER *aead, const unsigned char *key, const unsigned char *iv)
{
int ret, outlen;
size_t off;
EVP_CIPHER_CTX *ctx;
ret = 0;
off = 0;
ctx = EVP_CIPHER_CTX_new();
if (!ctx)
return 0;
if (!EVP_DecryptInit_ex(ctx, aead, NULL, key, iv) ||
!EVP_DecryptUpdate(ctx, NULL, &outlen, aad, aad_len) ||
!EVP_DecryptUpdate(ctx, buf, &outlen, buf, len - QUIC_TLS_TAG_LEN))
goto out;
off += outlen;
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, QUIC_TLS_TAG_LEN,
buf + len - QUIC_TLS_TAG_LEN) ||
!EVP_DecryptFinal_ex(ctx, buf + off, &outlen))
goto out;
off += outlen;
ret = off;
out:
EVP_CIPHER_CTX_free(ctx);
return ret;
}

4166
src/xprt_quic.c Normal file
View File

File diff suppressed because it is too large Load Diff