diff options
author | Hugo Landau <hlandau@openssl.org> | 2022-11-17 15:26:39 +0000 |
---|---|---|
committer | Hugo Landau <hlandau@openssl.org> | 2023-01-13 13:20:14 +0000 |
commit | 3a37c9235de465fe8d557b32f0178bfad0c09908 (patch) | |
tree | 4ac72f71e6753c982555aa37cd9e555bd284ed59 | |
parent | f538b42155283879d1a55708292105437a96700d (diff) |
QUIC: Complete the implementation of the RX depacketiser in terms of QUIC_CHANNEL
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
-rw-r--r-- | include/internal/quic_rx_depack.h | 5 | ||||
-rw-r--r-- | ssl/quic/quic_rx_depack.c | 721 |
2 files changed, 424 insertions, 302 deletions
diff --git a/include/internal/quic_rx_depack.h b/include/internal/quic_rx_depack.h index 03bc007bf9..a9793a9338 100644 --- a/include/internal/quic_rx_depack.h +++ b/include/internal/quic_rx_depack.h @@ -10,9 +10,8 @@ #ifndef OSSL_QUIC_RX_DEPACK_H # define OSSL_QUIC_RX_DEPACK_H -# include "internal/quic_ssl.h" +# include "internal/quic_channel.h" -int ossl_quic_handle_frames(QUIC_CONNECTION *qc, OSSL_QRX_PKT *qpacket); -__owur int ossl_quic_depacketize(QUIC_CONNECTION *qc); +int ossl_quic_handle_frames(QUIC_CHANNEL *qc, OSSL_QRX_PKT *qpacket); #endif diff --git a/ssl/quic/quic_rx_depack.c b/ssl/quic/quic_rx_depack.c index 0b00cac637..8652a6ed6a 100644 --- a/ssl/quic/quic_rx_depack.c +++ b/ssl/quic/quic_rx_depack.c @@ -15,144 +15,14 @@ #include "internal/quic_rx_depack.h" #include "internal/quic_error.h" #include "internal/quic_fc.h" +#include "internal/quic_channel.h" #include "internal/sockets.h" #include "quic_local.h" +#include "quic_channel_local.h" #include "../ssl_local.h" /* - * TODO(QUIC): ASSUMPTION: the QUIC_CONNECTION structure refers to other related - * components, such as OSSL_ACKM and OSSL_QRX, in some manner. These macros - * should be used to get those components. - */ -#define GET_CONN_ACKM(c) ((c)->ackm) -#define GET_CONN_QRX(c) ((c)->qrx) -#define GET_CONN_STATEM(c) ((c)->ssl.statem) - -#if 0 /* Currently unimplemented */ -# define GET_CONN_ACK_DELAY_EXP(c) (QUIC_CONNECTION_get_ack_delay_exponent(c)) -#else -/* 3 is the default, see RFC 9000, 18.2. Transport Parameter Definitions */ -# define GET_CONN_ACK_DELAY_EXP(c) 3 -#endif - -/* - * TODO(QUIC): In MVP the QUIC_CONNECTION is the only supported stream. - */ -static QUIC_STREAM *ssl_get_stream(QUIC_CONNECTION *conn, uint64_t stream_id) -{ - return stream_id == 0 ? &conn->stream : NULL; -} - -/* - * TODO(QUIC): ASSUMPTION: ssl_get_stream_type() gets a stream type from a - * QUIC_STREAM - */ -/* Receive */ -#define SSL_STREAM_TYPE_R 1 -/* Send */ -#define SSL_STREAM_TYPE_S 2 -/* Bidirectional */ -#define SSL_STREAM_TYPE_B (SSL_STREAM_TYPE_R|SSL_STREAM_TYPE_S) -static int ssl_get_stream_type(QUIC_STREAM *stream) -{ - return SSL_STREAM_TYPE_B; -} - -/* - * We assume that queuing of the data has to be done without copying, thus - * we get the reference counting QRX packet wrapper so it can increment the - * reference count. When the data is consumed (i.e. as a result of, say, - * SSL_read()), ossl_qrx_pkt_wrap_free() must be called. - */ -static int ssl_queue_data(QUIC_STREAM *stream, OSSL_QRX_PKT *pkt, - const unsigned char *data, uint64_t data_len, - uint64_t logical_offset, int is_fin) -{ - /* Notify stream flow controller */ - if (stream->rxfc != NULL - && (!ossl_quic_rxfc_on_rx_stream_frame(stream->rxfc, - logical_offset + data_len, - is_fin) - || ossl_quic_rxfc_get_error(stream->rxfc, 0) != QUIC_ERR_NO_ERROR)) - /* QUIC_ERR_FLOW_CONTROL_ERROR or QUIC_ERR_FINAL_SIZE detected */ - return 0; - - return stream->rstream == NULL - || ossl_quic_rstream_queue_data(stream->rstream, pkt, - logical_offset, data, data_len, - is_fin); -} - -/* - * TODO(QUIC): ASSUMPTION: ssl_close_stream() detaches the QUIC_STREAM from - * the QUIC_CONNECTION it's attached to, and then destroys that QUIC_STREAM - * (as well as its SSL object). |how| works the same way as in shutdown(2), - * i.e. |SHUT_RD| closes the reader part, |SHUT_WR| closes the writer part. - */ -static int ssl_close_stream(QUIC_STREAM *stream, int how) -{ - return 1; -} - -/* - * TODO(QUIC): ASSUMPTION: ssl_close_connection() closes all the streams that - * are attached to it, then closes the QUIC_CONNECTION as well. - * Actual cleanup / destruction of the QUIC_CONNECTION is assumed to be done - * higher up in the call stack (state machine, for example?). - */ -static int ssl_close_connection(QUIC_CONNECTION *connection) -{ - return 1; -} - -/* - * TODO(QUIC): ASSUMPTION: ossl_statem_set_error_state() sets an overall error - * state in the state machine. It's up to the state machine to determine what - * to do with it. - */ -#define QUIC_STREAM_STATE_ERROR 1 - -/* - * QUICfatal() et al is the same as SSLfatal(), but for QUIC. We define a - * placeholder here as long as it's not defined elsewhere. - * - * ossl_quic_fatal() is an error reporting building block used instead of - * ERR_set_error(). In addition to what ERR_set_error() does, this puts - * the state machine into an error state and sends an alert if appropriate, - * and also closes the current connection. - * This is a permanent error for the current connection. - */ -#ifndef QUICfatal - -static void ossl_quic_fatal(QUIC_CONNECTION *c, int al, int reason, - const char *fmt, ...) -{ - va_list args; - - va_start(args, fmt); - ERR_vset_error(ERR_LIB_SSL, reason, fmt, args); - va_end(args); - - /* - * TODO(QUIC): ADD CODE to set the state machine error. - * It's assumed that you can get the state machine with - * GET_CONN_STATEM(c) - */ - - ssl_close_connection(c); - -} -# define QUICfatal(c, al, r) QUICfatal_data((c), (al), (r), NULL) -# define QUICfatal_data \ - (ERR_new(), \ - ERR_set_debug(OPENSSL_FILE, OPENSSL_LINE, OPENSSL_FUNC), \ - ossl_quic_fatal) -#endif - -/* TODO(QUIC): [END: TO BE REMOVED] */ - -/* * Helper functions to process different frame types. * * Typically, those that are ACK eliciting will take an OSSL_ACKM_RX_PKT @@ -163,127 +33,178 @@ static void ossl_quic_fatal(QUIC_CONNECTION *c, int al, int reason, static int depack_do_frame_padding(PACKET *pkt) { /* We ignore this frame */ - return ossl_quic_wire_decode_padding(pkt); + ossl_quic_wire_decode_padding(pkt); + return 1; } -static int depack_do_frame_ping(PACKET *pkt, OSSL_ACKM_RX_PKT *ackm_data) +static int depack_do_frame_ping(PACKET *pkt, QUIC_CHANNEL *ch, + OSSL_ACKM_RX_PKT *ackm_data) { /* We ignore this frame, apart from eliciting an ACK */ - if (!ossl_quic_wire_decode_frame_ping(pkt)) + if (!ossl_quic_wire_decode_frame_ping(pkt)) { + ossl_quic_channel_raise_protocol_error(ch, + QUIC_ERR_FRAME_ENCODING_ERROR, + OSSL_QUIC_FRAME_TYPE_PING, + "decode error"); return 0; + } + /* This frame makes the packet ACK eliciting */ ackm_data->is_ack_eliciting = 1; return 1; } -static int depack_do_frame_ack(PACKET *pkt, QUIC_CONNECTION *connection, - int packet_space, OSSL_TIME received) +static int depack_do_frame_ack(PACKET *pkt, QUIC_CHANNEL *ch, + int packet_space, OSSL_TIME received, + uint64_t frame_type) { OSSL_QUIC_FRAME_ACK ack; - OSSL_QUIC_ACK_RANGE *ack_ranges; + OSSL_QUIC_ACK_RANGE *ack_ranges = NULL; uint64_t total_ranges = 0; - uint32_t ack_delay_exp = GET_CONN_ACK_DELAY_EXP(connection); - int ok = 1; /* Assume the best */ + uint32_t ack_delay_exp = ch->rx_ack_delay_exp; if (!ossl_quic_wire_peek_frame_ack_num_ranges(pkt, &total_ranges) /* In case sizeof(uint64_t) > sizeof(size_t) */ || total_ranges > SIZE_MAX / sizeof(ack_ranges[0]) || (ack_ranges = OPENSSL_zalloc(sizeof(ack_ranges[0]) * (size_t)total_ranges)) == NULL) - return 0; + goto malformed; ack.ack_ranges = ack_ranges; ack.num_ack_ranges = (size_t)total_ranges; if (!ossl_quic_wire_decode_frame_ack(pkt, ack_delay_exp, &ack, NULL)) - ok = 0; - if (ok - && !ossl_ackm_on_rx_ack_frame(GET_CONN_ACKM(connection), &ack, - packet_space, received)) - ok = 0; + goto malformed; + + if (!ossl_ackm_on_rx_ack_frame(ch->ackm, &ack, + packet_space, received)) + goto malformed; OPENSSL_free(ack_ranges); - if (!ok) - return 0; return 1; + +malformed: + ossl_quic_channel_raise_protocol_error(ch, + QUIC_ERR_FRAME_ENCODING_ERROR, + frame_type, + "decode error"); + OPENSSL_free(ack_ranges); + return 0; } static int depack_do_frame_reset_stream(PACKET *pkt, - QUIC_CONNECTION *connection, + QUIC_CHANNEL *ch, OSSL_ACKM_RX_PKT *ackm_data) { OSSL_QUIC_FRAME_RESET_STREAM frame_data; QUIC_STREAM *stream = NULL; - int stream_type = 0; - if (!ossl_quic_wire_decode_frame_reset_stream(pkt, &frame_data)) + if (!ossl_quic_wire_decode_frame_reset_stream(pkt, &frame_data)) { + ossl_quic_channel_raise_protocol_error(ch, + QUIC_ERR_FRAME_ENCODING_ERROR, + OSSL_QUIC_FRAME_TYPE_RESET_STREAM, + "decode error"); return 0; + } /* This frame makes the packet ACK eliciting */ ackm_data->is_ack_eliciting = 1; - if ((stream = ssl_get_stream(connection, frame_data.stream_id)) == NULL) - return 0; - stream_type = ssl_get_stream_type(stream); - - ssl_close_stream(stream, SHUT_WR); /* Reuse shutdown(2) symbols */ - if ((stream_type & SSL_STREAM_TYPE_S) != 0) { - QUICfatal(connection, QUIC_STREAM_STATE_ERROR, ERR_R_INTERNAL_ERROR); + stream = ossl_quic_stream_map_get_by_id(&ch->qsm, frame_data.stream_id); + if (stream == NULL || stream->rstream == NULL) { + ossl_quic_channel_raise_protocol_error(ch, + QUIC_ERR_STREAM_STATE_ERROR, + OSSL_QUIC_FRAME_TYPE_RESET_STREAM, + "RESET_STREAM frame for nonexistent or " + "TX only stream"); return 0; } + + stream->peer_reset_stream = 1; + ossl_quic_stream_map_update_state(&ch->qsm, stream); return 1; } static int depack_do_frame_stop_sending(PACKET *pkt, - QUIC_CONNECTION *connection, + QUIC_CHANNEL *ch, OSSL_ACKM_RX_PKT *ackm_data) { OSSL_QUIC_FRAME_STOP_SENDING frame_data; QUIC_STREAM *stream = NULL; - int stream_type = 0; - if (!ossl_quic_wire_decode_frame_stop_sending(pkt, &frame_data)) + if (!ossl_quic_wire_decode_frame_stop_sending(pkt, &frame_data)) { + ossl_quic_channel_raise_protocol_error(ch, + QUIC_ERR_FRAME_ENCODING_ERROR, + OSSL_QUIC_FRAME_TYPE_STOP_SENDING, + "decode error"); return 0; + } /* This frame makes the packet ACK eliciting */ ackm_data->is_ack_eliciting = 1; - if ((stream = ssl_get_stream(connection, frame_data.stream_id)) == NULL) - return 0; - stream_type = ssl_get_stream_type(stream); - - ssl_close_stream(stream, SHUT_RD); /* Reuse shutdown(2) symbols */ - if ((stream_type & SSL_STREAM_TYPE_R) != 0) { - QUICfatal(connection, QUIC_STREAM_STATE_ERROR, ERR_R_INTERNAL_ERROR); + stream = ossl_quic_stream_map_get_by_id(&ch->qsm, frame_data.stream_id); + if (stream == NULL || stream->sstream == NULL) { + ossl_quic_channel_raise_protocol_error(ch, + QUIC_ERR_STREAM_STATE_ERROR, + OSSL_QUIC_FRAME_TYPE_STOP_SENDING, + "STOP_SENDING frame for nonexistent or " + "RX only stream"); return 0; } + + stream->peer_stop_sending = 1; + ossl_quic_stream_map_update_state(&ch->qsm, stream); return 1; } -static int depack_do_frame_crypto(PACKET *pkt, QUIC_CONNECTION *connection, +static int depack_do_frame_crypto(PACKET *pkt, QUIC_CHANNEL *ch, + OSSL_QRX_PKT *parent_pkt, OSSL_ACKM_RX_PKT *ackm_data) { - OSSL_QUIC_FRAME_CRYPTO frame_data; - - if (!ossl_quic_wire_decode_frame_crypto(pkt, &frame_data)) + OSSL_QUIC_FRAME_CRYPTO f; + QUIC_RSTREAM *rstream; + + if (!ossl_quic_wire_decode_frame_crypto(pkt, &f)) { + ossl_quic_channel_raise_protocol_error(ch, + QUIC_ERR_FRAME_ENCODING_ERROR, + OSSL_QUIC_FRAME_TYPE_CRYPTO, + "decode error"); return 0; + } /* This frame makes the packet ACK eliciting */ ackm_data->is_ack_eliciting = 1; - /* TODO(QUIC): ADD CODE to send |frame_data.data| to the handshake manager */ + rstream = ch->crypto_recv[ackm_data->pkt_space]; + if (!ossl_assert(rstream != NULL)) + /* + * This should not happen; we should only have a NULL stream here if + * the EL has been discarded, and if the EL has been discarded we + * shouldn't be here. + */ + return 0; + + if (!ossl_quic_rstream_queue_data(rstream, parent_pkt, + f.offset, f.data, f.len, 0)) + return 0; return 1; } -static int depack_do_frame_new_token(PACKET *pkt, QUIC_CONNECTION *connection, +static int depack_do_frame_new_token(PACKET *pkt, QUIC_CHANNEL *ch, OSSL_ACKM_RX_PKT *ackm_data) { const uint8_t *token; size_t token_len; - if (!ossl_quic_wire_decode_frame_new_token(pkt, &token, &token_len)) + if (!ossl_quic_wire_decode_frame_new_token(pkt, &token, &token_len)) { + ossl_quic_channel_raise_protocol_error(ch, + QUIC_ERR_FRAME_ENCODING_ERROR, + OSSL_QUIC_FRAME_TYPE_NEW_TOKEN, + "decode error"); return 0; + } /* This frame makes the packet ACK eliciting */ ackm_data->is_ack_eliciting = 1; @@ -293,94 +214,197 @@ static int depack_do_frame_new_token(PACKET *pkt, QUIC_CONNECTION *connection, return 1; } -static int depack_do_frame_stream(PACKET *pkt, QUIC_CONNECTION *connection, +static int depack_do_frame_stream(PACKET *pkt, QUIC_CHANNEL *ch, OSSL_QRX_PKT *parent_pkt, - OSSL_ACKM_RX_PKT *ackm_data) + OSSL_ACKM_RX_PKT *ackm_data, + uint64_t frame_type) { OSSL_QUIC_FRAME_STREAM frame_data; QUIC_STREAM *stream; + uint64_t fce; - if (!ossl_quic_wire_decode_frame_stream(pkt, &frame_data)) + if (!ossl_quic_wire_decode_frame_stream(pkt, &frame_data)) { + ossl_quic_channel_raise_protocol_error(ch, + QUIC_ERR_FRAME_ENCODING_ERROR, + frame_type, + "decode error"); return 0; + } /* This frame makes the packet ACK eliciting */ ackm_data->is_ack_eliciting = 1; - /* - * TODO(QUIC): ASSUMPTION: ssl_get_stream() gets a QUIC_STREAM from a - * QUIC_CONNECTION by stream ID. - */ - if ((stream = ssl_get_stream(connection, frame_data.stream_id)) == NULL) + stream = ossl_quic_stream_map_get_by_id(&ch->qsm, frame_data.stream_id); + if (stream == NULL || stream->rstream == NULL) { + ossl_quic_channel_raise_protocol_error(ch, + QUIC_ERR_STREAM_STATE_ERROR, + frame_type, + "STREAM frame for nonexistent or" + " TX only stream"); + return 0; + } + + /* Notify stream flow controller. */ + if (!ossl_quic_rxfc_on_rx_stream_frame(&stream->rxfc, + frame_data.offset + frame_data.len, + frame_data.is_fin)) { + ossl_quic_channel_raise_protocol_error(ch, + QUIC_ERR_INTERNAL_ERROR, + frame_type, + "internal error (flow control)"); + return 0; + } + + /* Has a flow control error occurred? */ + fce = ossl_quic_rxfc_get_error(&stream->rxfc, 0); + if (fce != QUIC_ERR_NO_ERROR) { + ossl_quic_channel_raise_protocol_error(ch, + fce, + frame_type, + "flow control violation"); return 0; + } + /* - * TODO(QUIC): ASSUMPTION: ssl_queue_data() knows what to do with - * |frame_data.offset| and |frame_data.is_fin|. + * The receive stream buffer may or may not choose to consume the data + * without copying by reffing the OSSL_QRX_PKT. In this case + * ossl_qrx_pkt_release() will be eventually called when the data is no + * longer needed. */ - if (!ssl_queue_data(stream, parent_pkt, frame_data.data, frame_data.len, - frame_data.offset, frame_data.is_fin)) + if (!ossl_quic_rstream_queue_data(stream->rstream, parent_pkt, + frame_data.offset, + frame_data.data, + frame_data.len, + frame_data.is_fin)) return 0; + return 1; } -static int depack_do_frame_max_data(PACKET *pkt, QUIC_CONNECTION *connection, +static int depack_do_frame_max_data(PACKET *pkt, QUIC_CHANNEL *ch, OSSL_ACKM_RX_PKT *ackm_data) { uint64_t max_data = 0; - if (!ossl_quic_wire_decode_frame_max_data(pkt, &max_data)) + if (!ossl_quic_wire_decode_frame_max_data(pkt, &max_data)) { + ossl_quic_channel_raise_protocol_error(ch, + QUIC_ERR_FRAME_ENCODING_ERROR, + OSSL_QUIC_FRAME_TYPE_MAX_DATA, + "decode error"); return 0; + } /* This frame makes the packet ACK eliciting */ ackm_data->is_ack_eliciting = 1; - /* No-op - informative/debugging frame. */ + ossl_quic_txfc_bump_cwm(&ch->conn_txfc, max_data); + ossl_quic_stream_map_update_state(&ch->qsm, ch->stream0); return 1; } static int depack_do_frame_max_stream_data(PACKET *pkt, - QUIC_CONNECTION *connection, + QUIC_CHANNEL *ch, OSSL_ACKM_RX_PKT *ackm_data) { uint64_t stream_id = 0; uint64_t max_stream_data = 0; + QUIC_STREAM *stream; if (!ossl_quic_wire_decode_frame_max_stream_data(pkt, &stream_id, - &max_stream_data)) + &max_stream_data)) { + ossl_quic_channel_raise_protocol_error(ch, + QUIC_ERR_FRAME_ENCODING_ERROR, + OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA, + "decode error"); return 0; + } /* This frame makes the packet ACK eliciting */ ackm_data->is_ack_eliciting = 1; - /* TODO(QUIC): ADD CODE to send |max_stream_data| to flow control */ + stream = ossl_quic_stream_map_get_by_id(&ch->qsm, stream_id); + if (stream == NULL || stream->sstream == NULL) { + ossl_quic_channel_raise_protocol_error(ch, + QUIC_ERR_STREAM_STATE_ERROR, + OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA, + "MAX_STREAM_DATA for nonexistent" + " or TX only stream"); + return 0; + } + ossl_quic_txfc_bump_cwm(&stream->txfc, max_stream_data); + ossl_quic_stream_map_update_state(&ch->qsm, stream); return 1; } static int depack_do_frame_max_streams(PACKET *pkt, - QUIC_CONNECTION *connection, - OSSL_ACKM_RX_PKT *ackm_data) + QUIC_CHANNEL *ch, + OSSL_ACKM_RX_PKT *ackm_data, + uint64_t frame_type) { uint64_t max_streams = 0; - if (!ossl_quic_wire_decode_frame_max_streams(pkt, &max_streams)) + if (!ossl_quic_wire_decode_frame_max_streams(pkt, &max_streams)) { + ossl_quic_channel_raise_protocol_error(ch, + QUIC_ERR_FRAME_ENCODING_ERROR, + frame_type, + "decode error"); return 0; + } /* This frame makes the packet ACK eliciting */ ackm_data->is_ack_eliciting = 1; - /* TODO(QUIC): ADD CODE to send |max_streams| to the connection manager */ + if (max_streams > (((uint64_t)1) << 60)) { + /* TODO: Protocol violation (FRAME_ENCODING_ERROR) */ + ossl_quic_channel_raise_protocol_error(ch, + QUIC_ERR_FRAME_ENCODING_ERROR, + frame_type, + "invalid max streams value"); + return 0; + } + + switch (frame_type) { + case OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_BIDI: + if (max_streams > ch->max_local_streams_bidi) + ch->max_local_streams_bidi = max_streams; + + /* Stream may now be able to send */ + ossl_quic_stream_map_update_state(&ch->qsm, + ch->stream0); + break; + case OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_UNI: + if (max_streams > ch->max_local_streams_uni) + ch->max_local_streams_uni = max_streams; + + /* Stream may now be able to send */ + ossl_quic_stream_map_update_state(&ch->qsm, + ch->stream0); + break; + default: + ossl_quic_channel_raise_protocol_error(ch, + QUIC_ERR_FRAME_ENCODING_ERROR, + frame_type, + "decode error"); + return 0; + } return 1; } static int depack_do_frame_data_blocked(PACKET *pkt, - QUIC_CONNECTION *connection, + QUIC_CHANNEL *ch, OSSL_ACKM_RX_PKT *ackm_data) { uint64_t max_data = 0; - if (!ossl_quic_wire_decode_frame_data_blocked(pkt, &max_data)) + if (!ossl_quic_wire_decode_frame_data_blocked(pkt, &max_data)) { + ossl_quic_channel_raise_protocol_error(ch, + QUIC_ERR_FRAME_ENCODING_ERROR, + OSSL_QUIC_FRAME_TYPE_DATA_BLOCKED, + "decode error"); return 0; + } /* This frame makes the packet ACK eliciting */ ackm_data->is_ack_eliciting = 1; @@ -390,32 +414,42 @@ static int depack_do_frame_data_blocked(PACKET *pkt, } static int depack_do_frame_stream_data_blocked(PACKET *pkt, - QUIC_CONNECTION *connection, + QUIC_CHANNEL *ch, OSSL_ACKM_RX_PKT *ackm_data) { uint64_t stream_id = 0; uint64_t max_data = 0; if (!ossl_quic_wire_decode_frame_stream_data_blocked(pkt, &stream_id, - &max_data)) + &max_data)) { + ossl_quic_channel_raise_protocol_error(ch, + QUIC_ERR_FRAME_ENCODING_ERROR, + OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED, + "decode error"); return 0; + } /* This frame makes the packet ACK eliciting */ ackm_data->is_ack_eliciting = 1; - /* TODO(QUIC): ADD CODE to send |max_data| to flow control */ - + /* No-op - informative/debugging frame. */ return 1; } static int depack_do_frame_streams_blocked(PACKET *pkt, - QUIC_CONNECTION *connection, - OSSL_ACKM_RX_PKT *ackm_data) + QUIC_CHANNEL *ch, + OSSL_ACKM_RX_PKT *ackm_data, + uint64_t frame_type) { uint64_t max_data = 0; - if (!ossl_quic_wire_decode_frame_streams_blocked(pkt, &max_data)) + if (!ossl_quic_wire_decode_frame_streams_blocked(pkt, &max_data)) { + ossl_quic_channel_raise_protocol_error(ch, + QUIC_ERR_FRAME_ENCODING_ERROR, + frame_type, + "decode error"); return 0; + } /* This frame makes the packet ACK eliciting */ ackm_data->is_ack_eliciting = 1; @@ -425,86 +459,105 @@ static int depack_do_frame_streams_blocked(PACKET *pkt, } static int depack_do_frame_new_conn_id(PACKET *pkt, - QUIC_CONNECTION *connection, + QUIC_CHANNEL *ch, OSSL_ACKM_RX_PKT *ackm_data) { OSSL_QUIC_FRAME_NEW_CONN_ID frame_data; - if (!ossl_quic_wire_decode_frame_new_conn_id(pkt, &frame_data)) + if (!ossl_quic_wire_decode_frame_new_conn_id(pkt, &frame_data)) { + ossl_quic_channel_raise_protocol_error(ch, + QUIC_ERR_FRAME_ENCODING_ERROR, + OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID, + "decode error"); return 0; + } /* This frame makes the packet ACK eliciting */ ackm_data->is_ack_eliciting = 1; - /* TODO(QUIC): ADD CODE to send |frame_data.data| to the connection manager */ + /* TODO(QUIC): ADD CODE to send |frame_data.data| to the ch manager */ return 1; } static int depack_do_frame_retire_conn_id(PACKET *pkt, - QUIC_CONNECTION *connection, + QUIC_CHANNEL *ch, OSSL_ACKM_RX_PKT *ackm_data) { uint64_t seq_num; - if (!ossl_quic_wire_decode_frame_retire_conn_id(pkt, &seq_num)) + if (!ossl_quic_wire_decode_frame_retire_conn_id(pkt, &seq_num)) { + ossl_quic_channel_raise_protocol_error(ch, + QUIC_ERR_FRAME_ENCODING_ERROR, + OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID, + "decode error"); return 0; + } /* This frame makes the packet ACK eliciting */ ackm_data->is_ack_eliciting = 1; - /* TODO(QUIC): ADD CODE to send |seq_num| to the connection manager */ + /* TODO(QUIC): ADD CODE to send |seq_num| to the ch manager */ return 1; } static int depack_do_frame_path_challenge(PACKET *pkt, - QUIC_CONNECTION *connection, + QUIC_CHANNEL *ch, OSSL_ACKM_RX_PKT *ackm_data) { uint64_t frame_data = 0; - if (!ossl_quic_wire_decode_frame_path_challenge(pkt, &frame_data)) + if (!ossl_quic_wire_decode_frame_path_challenge(pkt, &frame_data)) { + ossl_quic_channel_raise_protocol_error(ch, + QUIC_ERR_FRAME_ENCODING_ERROR, + OSSL_QUIC_FRAME_TYPE_PATH_CHALLENGE, + "decode error"); return 0; + } /* This frame makes the packet ACK eliciting */ ackm_data->is_ack_eliciting = 1; - /* TODO(QUIC): ADD CODE to send |frame_data| to the connection manager */ + /* TODO(QUIC): ADD CODE to send |frame_data| to the ch manager */ return 1; } static int depack_do_frame_path_response(PACKET *pkt, - QUIC_CONNECTION *connection, + QUIC_CHANNEL *ch, OSSL_ACKM_RX_PKT *ackm_data) { uint64_t frame_data = 0; - if (!ossl_quic_wire_decode_frame_path_response(pkt, &frame_data)) + if (!ossl_quic_wire_decode_frame_path_response(pkt, &frame_data)) { + ossl_quic_channel_raise_protocol_error(ch, + QUIC_ERR_FRAME_ENCODING_ERROR, + OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE, + "decode error"); return 0; + } /* This frame makes the packet ACK eliciting */ ackm_data->is_ack_eliciting = 1; - /* TODO(QUIC): ADD CODE to send |frame_data| to the connection manager */ + /* TODO(QUIC): ADD CODE to send |frame_data| to the ch manager */ return 1; } -static int depack_do_frame_conn_close(PACKET *pkt, QUIC_CONNECTION *connection) +static int depack_do_frame_conn_close(PACKET *pkt, QUIC_CHANNEL *ch) { OSSL_QUIC_FRAME_CONN_CLOSE frame_data; if (!ossl_quic_wire_decode_frame_conn_close(pkt, &frame_data)) return 0; - /* TODO(QUIC): ADD CODE to send |frame_data| to the connection manager */ - + ossl_quic_channel_on_remote_conn_close(ch, &frame_data); return 1; } static int depack_do_frame_handshake_done(PACKET *pkt, - QUIC_CONNECTION *connection, + QUIC_CHANNEL *ch, OSSL_ACKM_RX_PKT *ackm_data) { if (!ossl_quic_wire_decode_frame_handshake_done(pkt)) @@ -513,13 +566,12 @@ static int depack_do_frame_handshake_done(PACKET *pkt, /* This frame makes the packet ACK eliciting */ ackm_data->is_ack_eliciting = 1; - /* TODO(QUIC): ADD CODE to tell the handshake manager that we're done */ - + ossl_quic_channel_on_handshake_confirmed(ch); return 1; } static int depack_do_frame_unknown_extension(PACKET *pkt, - QUIC_CONNECTION *connection, + QUIC_CHANNEL *ch, OSSL_ACKM_RX_PKT *ackm_data) { /* @@ -542,7 +594,7 @@ static int depack_do_frame_unknown_extension(PACKET *pkt, /* Main frame processor */ -static int depack_process_frames(QUIC_CONNECTION *connection, PACKET *pkt, +static int depack_process_frames(QUIC_CHANNEL *ch, PACKET *pkt, OSSL_QRX_PKT *parent_pkt, int packet_space, OSSL_TIME received, OSSL_ACKM_RX_PKT *ackm_data) { @@ -557,7 +609,7 @@ static int depack_process_frames(QUIC_CONNECTION *connection, PACKET *pkt, switch (frame_type) { case OSSL_QUIC_FRAME_TYPE_PING: /* Allowed in all packet types */ - if (!depack_do_frame_ping(pkt, ackm_data)) + if (!depack_do_frame_ping(pkt, ch, ackm_data)) return 0; break; case OSSL_QUIC_FRAME_TYPE_PADDING: @@ -569,40 +621,68 @@ static int depack_process_frames(QUIC_CONNECTION *connection, PACKET *pkt, case OSSL_QUIC_FRAME_TYPE_ACK_WITHOUT_ECN: case OSSL_QUIC_FRAME_TYPE_ACK_WITH_ECN: /* ACK frames are valid everywhere except in 0RTT packets */ - if (pkt_type == QUIC_PKT_TYPE_0RTT) + if (pkt_type == QUIC_PKT_TYPE_0RTT) { + ossl_quic_channel_raise_protocol_error(ch, + QUIC_ERR_PROTOCOL_VIOLATION, + frame_type, + "ACK not valid in 0-RTT"); return 0; - if (!depack_do_frame_ack(pkt, connection, packet_space, received)) + } + if (!depack_do_frame_ack(pkt, ch, packet_space, received, + frame_type)) return 0; break; case OSSL_QUIC_FRAME_TYPE_RESET_STREAM: /* RESET_STREAM frames are valid in 0RTT and 1RTT packets */ if (pkt_type != QUIC_PKT_TYPE_0RTT - && pkt_type != QUIC_PKT_TYPE_1RTT) + && pkt_type != QUIC_PKT_TYPE_1RTT) { + ossl_quic_channel_raise_protocol_error(ch, + QUIC_ERR_PROTOCOL_VIOLATION, + frame_type, + "RESET_STREAM not valid in " + "INITIAL/HANDSHAKE"); return 0; - if (!depack_do_frame_reset_stream(pkt, connection, ackm_data)) + } + if (!depack_do_frame_reset_stream(pkt, ch, ackm_data)) return 0; break; case OSSL_QUIC_FRAME_TYPE_STOP_SENDING: /* STOP_SENDING frames are valid in 0RTT and 1RTT packets */ if (pkt_type != QUIC_PKT_TYPE_0RTT - && pkt_type != QUIC_PKT_TYPE_1RTT) + && pkt_type != QUIC_PKT_TYPE_1RTT) { + ossl_quic_channel_raise_protocol_error(ch, + QUIC_ERR_PROTOCOL_VIOLATION, + frame_type, + "STOP_SENDING not valid in " + "INITIAL/HANDSHAKE"); return 0; - if (!depack_do_frame_stop_sending(pkt, connection, ackm_data)) + } + if (!depack_do_frame_stop_sending(pkt, ch, ackm_data)) return 0; break; case OSSL_QUIC_FRAME_TYPE_CRYPTO: /* CRYPTO frames are valid everywhere except in 0RTT packets */ - if (pkt_type == QUIC_PKT_TYPE_0RTT) + if (pkt_type == QUIC_PKT_TYPE_0RTT) { + ossl_quic_channel_raise_protocol_error(ch, + QUIC_ERR_PROTOCOL_VIOLATION, + frame_type, + "CRYPTO frame not valid in 0-RTT"); return 0; - if (!depack_do_frame_crypto(pkt, connection, ackm_data)) + } + if (!depack_do_frame_crypto(pkt, ch, parent_pkt, ackm_data)) return 0; break; case OSSL_QUIC_FRAME_TYPE_NEW_TOKEN: /* NEW_TOKEN frames are valid in 1RTT packets */ - if (pkt_type != QUIC_PKT_TYPE_1RTT) + if (pkt_type != QUIC_PKT_TYPE_1RTT) { + ossl_quic_channel_raise_protocol_error(ch, + QUIC_ERR_PROTOCOL_VIOLATION, + frame_type, + "NEW_TOKEN valid only in 1-RTT"); return 0; - if (!depack_do_frame_new_token(pkt, connection, |