| /* |
| * QUIC transport layer over SOCK_DGRAM sockets. |
| * |
| * Copyright 2020 HAProxy Technologies, Frédéric Lécaille <flecaille@haproxy.com> |
| * |
| * This program is free software; you can redistribute it and/or |
| * modify it under the terms of the GNU General Public License |
| * as published by the Free Software Foundation; either version |
| * 2 of the License, or (at your option) any later version. |
| * |
| */ |
| |
| #define _GNU_SOURCE |
| #include <errno.h> |
| #include <fcntl.h> |
| #include <stdio.h> |
| #include <stdlib.h> |
| |
| #include <sys/socket.h> |
| #include <sys/stat.h> |
| #include <sys/types.h> |
| |
| #include <netinet/tcp.h> |
| |
| #include <haproxy/buf-t.h> |
| #include <haproxy/compat.h> |
| #include <haproxy/api.h> |
| #include <haproxy/debug.h> |
| #include <haproxy/tools.h> |
| #include <haproxy/ticks.h> |
| #include <haproxy/time.h> |
| |
| #include <haproxy/connection.h> |
| #include <haproxy/fd.h> |
| #include <haproxy/freq_ctr.h> |
| #include <haproxy/global.h> |
| #include <haproxy/h3.h> |
| #include <haproxy/log.h> |
| #include <haproxy/mux_quic.h> |
| #include <haproxy/pipe.h> |
| #include <haproxy/proxy.h> |
| #include <haproxy/quic_cc.h> |
| #include <haproxy/quic_frame.h> |
| #include <haproxy/quic_loss.h> |
| #include <haproxy/quic_tls.h> |
| #include <haproxy/ssl_sock.h> |
| #include <haproxy/stream_interface.h> |
| #include <haproxy/task.h> |
| #include <haproxy/trace.h> |
| #include <haproxy/xprt_quic.h> |
| |
| struct quic_transport_params quic_dflt_transport_params = { |
| .max_udp_payload_size = QUIC_DFLT_MAX_UDP_PAYLOAD_SIZE, |
| .ack_delay_exponent = QUIC_DFLT_ACK_DELAY_COMPONENT, |
| .max_ack_delay = QUIC_DFLT_MAX_ACK_DELAY, |
| }; |
| |
| /* trace source and events */ |
| static void quic_trace(enum trace_level level, uint64_t mask, \ |
| const struct trace_source *src, |
| const struct ist where, const struct ist func, |
| const void *a1, const void *a2, const void *a3, const void *a4); |
| |
| static const struct trace_event quic_trace_events[] = { |
| { .mask = QUIC_EV_CONN_NEW, .name = "new_conn", .desc = "new QUIC connection" }, |
| { .mask = QUIC_EV_CONN_INIT, .name = "new_conn_init", .desc = "new QUIC connection initialization" }, |
| { .mask = QUIC_EV_CONN_ISEC, .name = "init_secs", .desc = "initial secrets derivation" }, |
| { .mask = QUIC_EV_CONN_RSEC, .name = "read_secs", .desc = "read secrets derivation" }, |
| { .mask = QUIC_EV_CONN_WSEC, .name = "write_secs", .desc = "write secrets derivation" }, |
| { .mask = QUIC_EV_CONN_LPKT, .name = "lstnr_packet", .desc = "new listener received packet" }, |
| { .mask = QUIC_EV_CONN_SPKT, .name = "srv_packet", .desc = "new server received packet" }, |
| { .mask = QUIC_EV_CONN_ENCPKT, .name = "enc_hdshk_pkt", .desc = "handhshake packet encryption" }, |
| { .mask = QUIC_EV_CONN_HPKT, .name = "hdshk_pkt", .desc = "handhshake packet building" }, |
| { .mask = QUIC_EV_CONN_PAPKT, .name = "phdshk_apkt", .desc = "post handhshake application packet preparation" }, |
| { .mask = QUIC_EV_CONN_PAPKTS, .name = "phdshk_apkts", .desc = "post handhshake application packets preparation" }, |
| { .mask = QUIC_EV_CONN_HDSHK, .name = "hdshk", .desc = "SSL handhshake processing" }, |
| { .mask = QUIC_EV_CONN_RMHP, .name = "rm_hp", .desc = "Remove header protection" }, |
| { .mask = QUIC_EV_CONN_PRSHPKT, .name = "parse_hpkt", .desc = "parse handshake packet" }, |
| { .mask = QUIC_EV_CONN_PRSAPKT, .name = "parse_apkt", .desc = "parse application packet" }, |
| { .mask = QUIC_EV_CONN_PRSFRM, .name = "parse_frm", .desc = "parse frame" }, |
| { .mask = QUIC_EV_CONN_PRSAFRM, .name = "parse_ack_frm", .desc = "parse ACK frame" }, |
| { .mask = QUIC_EV_CONN_BFRM, .name = "build_frm", .desc = "build frame" }, |
| { .mask = QUIC_EV_CONN_PHPKTS, .name = "phdshk_pkts", .desc = "handhshake packets preparation" }, |
| { .mask = QUIC_EV_CONN_TRMHP, .name = "rm_hp_try", .desc = "header protection removing try" }, |
| { .mask = QUIC_EV_CONN_ELRMHP, .name = "el_rm_hp", .desc = "handshake enc. level header protection removing" }, |
| { .mask = QUIC_EV_CONN_ELRXPKTS, .name = "el_treat_rx_pkts", .desc = "handshake enc. level rx packets treatment" }, |
| { .mask = QUIC_EV_CONN_SSLDATA, .name = "ssl_provide_data", .desc = "CRYPTO data provision to TLS stack" }, |
| { .mask = QUIC_EV_CONN_RXCDATA, .name = "el_treat_rx_cfrms",.desc = "enc. level RX CRYPTO frames processing"}, |
| { .mask = QUIC_EV_CONN_ADDDATA, .name = "add_hdshk_data", .desc = "TLS stack ->add_handshake_data() call"}, |
| { .mask = QUIC_EV_CONN_FFLIGHT, .name = "flush_flight", .desc = "TLS stack ->flush_flight() call"}, |
| { .mask = QUIC_EV_CONN_SSLALERT, .name = "send_alert", .desc = "TLS stack ->send_alert() call"}, |
| { .mask = QUIC_EV_CONN_RTTUPDT, .name = "rtt_updt", .desc = "RTT sampling" }, |
| { .mask = QUIC_EV_CONN_SPPKTS, .name = "sppkts", .desc = "send prepared packets" }, |
| { .mask = QUIC_EV_CONN_PKTLOSS, .name = "pktloss", .desc = "detect packet loss" }, |
| { .mask = QUIC_EV_CONN_STIMER, .name = "stimer", .desc = "set timer" }, |
| { .mask = QUIC_EV_CONN_PTIMER, .name = "ptimer", .desc = "process timer" }, |
| { .mask = QUIC_EV_CONN_SPTO, .name = "spto", .desc = "set PTO" }, |
| { .mask = QUIC_EV_CONN_BCFRMS, .name = "bcfrms", .desc = "build CRYPTO data frames" }, |
| { /* end */ } |
| }; |
| |
| static const struct name_desc quic_trace_lockon_args[4] = { |
| /* arg1 */ { /* already used by the connection */ }, |
| /* arg2 */ { .name="quic", .desc="QUIC transport" }, |
| /* arg3 */ { }, |
| /* arg4 */ { } |
| }; |
| |
| static const struct name_desc quic_trace_decoding[] = { |
| #define QUIC_VERB_CLEAN 1 |
| { .name="clean", .desc="only user-friendly stuff, generally suitable for level \"user\"" }, |
| { /* end */ } |
| }; |
| |
| |
| struct trace_source trace_quic = { |
| .name = IST("quic"), |
| .desc = "QUIC xprt", |
| .arg_def = TRC_ARG1_CONN, /* TRACE()'s first argument is always a connection */ |
| .default_cb = quic_trace, |
| .known_events = quic_trace_events, |
| .lockon_args = quic_trace_lockon_args, |
| .decoding = quic_trace_decoding, |
| .report_events = ~0, /* report everything by default */ |
| }; |
| |
| #define TRACE_SOURCE &trace_quic |
| INITCALL1(STG_REGISTER, trace_register_source, TRACE_SOURCE); |
| |
| static BIO_METHOD *ha_quic_meth; |
| |
| DECLARE_STATIC_POOL(pool_head_quic_conn_ctx, |
| "quic_conn_ctx_pool", sizeof(struct ssl_sock_ctx)); |
| |
| DECLARE_STATIC_POOL(pool_head_quic_conn, "quic_conn", sizeof(struct quic_conn)); |
| |
| DECLARE_POOL(pool_head_quic_connection_id, |
| "quic_connnection_id_pool", sizeof(struct quic_connection_id)); |
| |
| DECLARE_POOL(pool_head_quic_rx_packet, "quic_rx_packet_pool", sizeof(struct quic_rx_packet)); |
| |
| DECLARE_POOL(pool_head_quic_tx_packet, "quic_tx_packet_pool", sizeof(struct quic_tx_packet)); |
| |
| DECLARE_STATIC_POOL(pool_head_quic_rx_crypto_frm, "quic_rx_crypto_frm_pool", sizeof(struct quic_rx_crypto_frm)); |
| |
| DECLARE_POOL(pool_head_quic_rx_strm_frm, "quic_rx_strm_frm", sizeof(struct quic_rx_strm_frm)); |
| |
| DECLARE_POOL(pool_head_quic_tx_frm, "quic_tx_frm_pool", sizeof(struct quic_tx_frm)); |
| |
| DECLARE_STATIC_POOL(pool_head_quic_crypto_buf, "quic_crypto_buf_pool", sizeof(struct quic_crypto_buf)); |
| |
| DECLARE_STATIC_POOL(pool_head_quic_frame, "quic_frame_pool", sizeof(struct quic_frame)); |
| |
| DECLARE_STATIC_POOL(pool_head_quic_arng, "quic_arng_pool", sizeof(struct quic_arng_node)); |
| |
| static ssize_t qc_build_hdshk_pkt(struct q_buf *buf, struct quic_conn *qc, int pkt_type, |
| struct quic_enc_level *qel); |
| |
| int qc_prep_phdshk_pkts(struct quic_conn *qc); |
| |
| /* Add traces to <buf> depending on <frm> TX frame type. */ |
| static inline void chunk_tx_frm_appendf(struct buffer *buf, |
| const struct quic_tx_frm *frm) |
| { |
| switch (frm->type) { |
| case QUIC_FT_CRYPTO: |
| chunk_appendf(buf, " cfoff=%llu cflen=%llu", |
| (unsigned long long)frm->crypto.offset, |
| (unsigned long long)frm->crypto.len); |
| break; |
| default: |
| chunk_appendf(buf, " %s", quic_frame_type_string(frm->type)); |
| } |
| } |
| |
| /* Only for debug purpose */ |
| struct enc_debug_info { |
| unsigned char *payload; |
| size_t payload_len; |
| unsigned char *aad; |
| size_t aad_len; |
| uint64_t pn; |
| }; |
| |
| /* Initializes a enc_debug_info struct (only for debug purpose) */ |
| static inline void enc_debug_info_init(struct enc_debug_info *edi, |
| unsigned char *payload, size_t payload_len, |
| unsigned char *aad, size_t aad_len, uint64_t pn) |
| { |
| edi->payload = payload; |
| edi->payload_len = payload_len; |
| edi->aad = aad; |
| edi->aad_len = aad_len; |
| edi->pn = pn; |
| } |
| |
| /* Trace callback for QUIC. |
| * These traces always expect that arg1, if non-null, is of type connection. |
| */ |
| static void quic_trace(enum trace_level level, uint64_t mask, const struct trace_source *src, |
| const struct ist where, const struct ist func, |
| const void *a1, const void *a2, const void *a3, const void *a4) |
| { |
| const struct connection *conn = a1; |
| |
| if (conn) { |
| struct quic_tls_secrets *secs; |
| struct quic_conn *qc; |
| |
| qc = conn->qc; |
| chunk_appendf(&trace_buf, " : conn@%p", conn); |
| if ((mask & QUIC_EV_CONN_INIT) && qc) { |
| chunk_appendf(&trace_buf, "\n odcid"); |
| quic_cid_dump(&trace_buf, &qc->odcid); |
| chunk_appendf(&trace_buf, "\n dcid"); |
| quic_cid_dump(&trace_buf, &qc->dcid); |
| chunk_appendf(&trace_buf, "\n scid"); |
| quic_cid_dump(&trace_buf, &qc->scid); |
| } |
| |
| if (mask & QUIC_EV_CONN_ADDDATA) { |
| const enum ssl_encryption_level_t *level = a2; |
| const size_t *len = a3; |
| |
| if (level) { |
| enum quic_tls_enc_level lvl = ssl_to_quic_enc_level(*level); |
| |
| chunk_appendf(&trace_buf, " el=%c(%d)", quic_enc_level_char(lvl), lvl); |
| } |
| if (len) |
| chunk_appendf(&trace_buf, " len=%llu", (unsigned long long)*len); |
| } |
| if ((mask & QUIC_EV_CONN_ISEC) && qc) { |
| /* Initial read & write secrets. */ |
| enum quic_tls_enc_level level = QUIC_TLS_ENC_LEVEL_INITIAL; |
| const unsigned char *rx_sec = a2; |
| const unsigned char *tx_sec = a3; |
| |
| secs = &qc->els[level].tls_ctx.rx; |
| if (secs->flags & QUIC_FL_TLS_SECRETS_SET) { |
| chunk_appendf(&trace_buf, "\n RX el=%c", quic_enc_level_char(level)); |
| if (rx_sec) |
| quic_tls_secret_hexdump(&trace_buf, rx_sec, 32); |
| quic_tls_keys_hexdump(&trace_buf, secs); |
| } |
| secs = &qc->els[level].tls_ctx.tx; |
| if (secs->flags & QUIC_FL_TLS_SECRETS_SET) { |
| chunk_appendf(&trace_buf, "\n TX el=%c", quic_enc_level_char(level)); |
| if (tx_sec) |
| quic_tls_secret_hexdump(&trace_buf, tx_sec, 32); |
| quic_tls_keys_hexdump(&trace_buf, secs); |
| } |
| } |
| if (mask & (QUIC_EV_CONN_RSEC|QUIC_EV_CONN_RWSEC)) { |
| const enum ssl_encryption_level_t *level = a2; |
| const unsigned char *secret = a3; |
| const size_t *secret_len = a4; |
| |
| if (level) { |
| enum quic_tls_enc_level lvl = ssl_to_quic_enc_level(*level); |
| |
| chunk_appendf(&trace_buf, "\n RX el=%c", quic_enc_level_char(lvl)); |
| if (secret && secret_len) |
| quic_tls_secret_hexdump(&trace_buf, secret, *secret_len); |
| secs = &qc->els[lvl].tls_ctx.rx; |
| if (secs->flags & QUIC_FL_TLS_SECRETS_SET) |
| quic_tls_keys_hexdump(&trace_buf, secs); |
| } |
| } |
| |
| if (mask & (QUIC_EV_CONN_WSEC|QUIC_EV_CONN_RWSEC)) { |
| const enum ssl_encryption_level_t *level = a2; |
| const unsigned char *secret = a3; |
| const size_t *secret_len = a4; |
| |
| if (level) { |
| enum quic_tls_enc_level lvl = ssl_to_quic_enc_level(*level); |
| |
| chunk_appendf(&trace_buf, "\n TX el=%c", quic_enc_level_char(lvl)); |
| if (secret && secret_len) |
| quic_tls_secret_hexdump(&trace_buf, secret, *secret_len); |
| secs = &qc->els[lvl].tls_ctx.tx; |
| if (secs->flags & QUIC_FL_TLS_SECRETS_SET) |
| quic_tls_keys_hexdump(&trace_buf, secs); |
| } |
| |
| } |
| |
| if (mask & (QUIC_EV_CONN_HPKT|QUIC_EV_CONN_PAPKT)) { |
| const struct quic_tx_packet *pkt = a2; |
| const struct quic_enc_level *qel = a3; |
| const ssize_t *room = a4; |
| |
| if (qel) { |
| struct quic_pktns *pktns; |
| |
| pktns = qc->pktns; |
| chunk_appendf(&trace_buf, " qel=%c cwnd=%llu ppif=%lld pif=%llu " |
| "if=%llu pp=%u pdg=%d", |
| quic_enc_level_char_from_qel(qel, qc), |
| (unsigned long long)qc->path->cwnd, |
| (unsigned long long)qc->path->prep_in_flight, |
| (unsigned long long)qc->path->in_flight, |
| (unsigned long long)pktns->tx.in_flight, |
| pktns->tx.pto_probe, qc->tx.nb_pto_dgrams); |
| } |
| if (pkt) { |
| const struct quic_tx_frm *frm; |
| chunk_appendf(&trace_buf, " pn=%llu cdlen=%u", |
| (unsigned long long)pkt->pn_node.key, pkt->cdata_len); |
| list_for_each_entry(frm, &pkt->frms, list) |
| chunk_tx_frm_appendf(&trace_buf, frm); |
| chunk_appendf(&trace_buf, " tx.bytes=%llu", (unsigned long long)qc->tx.bytes); |
| } |
| |
| if (room) { |
| chunk_appendf(&trace_buf, " room=%lld", (long long)*room); |
| chunk_appendf(&trace_buf, " dcid.len=%llu scid.len=%llu", |
| (unsigned long long)qc->dcid.len, (unsigned long long)qc->scid.len); |
| } |
| } |
| |
| if (mask & QUIC_EV_CONN_HDSHK) { |
| const enum quic_handshake_state *state = a2; |
| const int *err = a3; |
| |
| if (state) |
| chunk_appendf(&trace_buf, " state=%s", quic_hdshk_state_str(*state)); |
| if (err) |
| chunk_appendf(&trace_buf, " err=%s", ssl_error_str(*err)); |
| } |
| |
| if (mask & (QUIC_EV_CONN_TRMHP|QUIC_EV_CONN_ELRMHP|QUIC_EV_CONN_SPKT)) { |
| const struct quic_rx_packet *pkt = a2; |
| const unsigned long *pktlen = a3; |
| const SSL *ssl = a4; |
| |
| if (pkt) { |
| chunk_appendf(&trace_buf, " pkt@%p el=%c", |
| pkt, quic_packet_type_enc_level_char(pkt->type)); |
| if (pkt->pnl) |
| chunk_appendf(&trace_buf, " pnl=%u pn=%llu", pkt->pnl, |
| (unsigned long long)pkt->pn); |
| if (pkt->token_len) |
| chunk_appendf(&trace_buf, " toklen=%llu", |
| (unsigned long long)pkt->token_len); |
| if (pkt->aad_len) |
| chunk_appendf(&trace_buf, " aadlen=%llu", |
| (unsigned long long)pkt->aad_len); |
| chunk_appendf(&trace_buf, " flags=0x%x len=%llu", |
| pkt->flags, (unsigned long long)pkt->len); |
| } |
| if (pktlen) |
| chunk_appendf(&trace_buf, " (%ld)", *pktlen); |
| if (ssl) { |
| enum ssl_encryption_level_t level = SSL_quic_read_level(ssl); |
| chunk_appendf(&trace_buf, " el=%c", |
| quic_enc_level_char(ssl_to_quic_enc_level(level))); |
| } |
| } |
| |
| if (mask & (QUIC_EV_CONN_ELRXPKTS|QUIC_EV_CONN_PRSHPKT|QUIC_EV_CONN_SSLDATA)) { |
| const struct quic_rx_packet *pkt = a2; |
| const struct quic_rx_crypto_frm *cf = a3; |
| const SSL *ssl = a4; |
| |
| if (pkt) |
| chunk_appendf(&trace_buf, " pkt@%p el=%c pn=%llu", pkt, |
| quic_packet_type_enc_level_char(pkt->type), |
| (unsigned long long)pkt->pn); |
| if (cf) |
| chunk_appendf(&trace_buf, " cfoff=%llu cflen=%llu", |
| (unsigned long long)cf->offset_node.key, |
| (unsigned long long)cf->len); |
| if (ssl) { |
| enum ssl_encryption_level_t level = SSL_quic_read_level(ssl); |
| chunk_appendf(&trace_buf, " el=%c", |
| quic_enc_level_char(ssl_to_quic_enc_level(level))); |
| } |
| } |
| |
| if (mask & (QUIC_EV_CONN_PRSFRM|QUIC_EV_CONN_BFRM)) { |
| const struct quic_frame *frm = a2; |
| |
| if (frm) |
| chunk_appendf(&trace_buf, " %s", quic_frame_type_string(frm->type)); |
| } |
| |
| if (mask & QUIC_EV_CONN_PHPKTS) { |
| const struct quic_enc_level *qel = a2; |
| |
| if (qel) { |
| struct quic_pktns *pktns; |
| |
| pktns = qc->pktns; |
| chunk_appendf(&trace_buf, |
| " qel=%c ack?%d cwnd=%llu ppif=%lld pif=%llu if=%llu pp=%u pdg=%llu", |
| quic_enc_level_char_from_qel(qel, qc), |
| !!(pktns->flags & QUIC_FL_PKTNS_ACK_REQUIRED), |
| (unsigned long long)qc->path->cwnd, |
| (unsigned long long)qc->path->prep_in_flight, |
| (unsigned long long)qc->path->in_flight, |
| (unsigned long long)pktns->tx.in_flight, pktns->tx.pto_probe, |
| (unsigned long long)qc->tx.nb_pto_dgrams); |
| } |
| } |
| |
| if (mask & QUIC_EV_CONN_ENCPKT) { |
| const struct enc_debug_info *edi = a2; |
| |
| if (edi) |
| chunk_appendf(&trace_buf, |
| " payload=@%p payload_len=%llu" |
| " aad=@%p aad_len=%llu pn=%llu", |
| edi->payload, (unsigned long long)edi->payload_len, |
| edi->aad, (unsigned long long)edi->aad_len, |
| (unsigned long long)edi->pn); |
| } |
| |
| if (mask & QUIC_EV_CONN_RMHP) { |
| const struct quic_rx_packet *pkt = a2; |
| |
| if (pkt) { |
| const int *ret = a3; |
| |
| chunk_appendf(&trace_buf, " pkt@%p", pkt); |
| if (ret && *ret) |
| chunk_appendf(&trace_buf, " pnl=%u pn=%llu", |
| pkt->pnl, (unsigned long long)pkt->pn); |
| } |
| } |
| |
| if (mask & QUIC_EV_CONN_PRSAFRM) { |
| const struct quic_tx_frm *frm = a2; |
| const unsigned long *val1 = a3; |
| const unsigned long *val2 = a4; |
| |
| if (frm) |
| chunk_tx_frm_appendf(&trace_buf, frm); |
| if (val1) |
| chunk_appendf(&trace_buf, " %lu", *val1); |
| if (val2) |
| chunk_appendf(&trace_buf, "..%lu", *val2); |
| } |
| |
| if (mask & QUIC_EV_CONN_RTTUPDT) { |
| const unsigned int *rtt_sample = a2; |
| const unsigned int *ack_delay = a3; |
| const struct quic_loss *ql = a4; |
| |
| if (rtt_sample) |
| chunk_appendf(&trace_buf, " rtt_sample=%ums", *rtt_sample); |
| if (ack_delay) |
| chunk_appendf(&trace_buf, " ack_delay=%ums", *ack_delay); |
| if (ql) |
| chunk_appendf(&trace_buf, |
| " srtt=%ums rttvar=%ums min_rtt=%ums", |
| ql->srtt >> 3, ql->rtt_var >> 2, ql->rtt_min); |
| } |
| if (mask & QUIC_EV_CONN_CC) { |
| const struct quic_cc_event *ev = a2; |
| const struct quic_cc *cc = a3; |
| |
| if (a2) |
| quic_cc_event_trace(&trace_buf, ev); |
| if (a3) |
| quic_cc_state_trace(&trace_buf, cc); |
| } |
| |
| if (mask & QUIC_EV_CONN_PKTLOSS) { |
| const struct quic_pktns *pktns = a2; |
| const struct list *lost_pkts = a3; |
| struct quic_conn *qc = conn->qc; |
| |
| if (pktns) { |
| chunk_appendf(&trace_buf, " pktns=%s", |
| pktns == &qc->pktns[QUIC_TLS_PKTNS_INITIAL] ? "I" : |
| pktns == &qc->pktns[QUIC_TLS_PKTNS_01RTT] ? "01RTT": "H"); |
| if (pktns->tx.loss_time) |
| chunk_appendf(&trace_buf, " loss_time=%dms", |
| TICKS_TO_MS(tick_remain(now_ms, pktns->tx.loss_time))); |
| } |
| if (lost_pkts && !LIST_ISEMPTY(lost_pkts)) { |
| struct quic_tx_packet *pkt; |
| |
| chunk_appendf(&trace_buf, " lost_pkts:"); |
| list_for_each_entry(pkt, lost_pkts, list) |
| chunk_appendf(&trace_buf, " %lu", (unsigned long)pkt->pn_node.key); |
| } |
| } |
| |
| if (mask & (QUIC_EV_CONN_STIMER|QUIC_EV_CONN_PTIMER|QUIC_EV_CONN_SPTO)) { |
| struct quic_conn *qc = conn->qc; |
| const struct quic_pktns *pktns = a2; |
| const int *duration = a3; |
| const uint64_t *ifae_pkts = a4; |
| |
| if (ifae_pkts) |
| chunk_appendf(&trace_buf, " ifae_pkts=%llu", |
| (unsigned long long)*ifae_pkts); |
| if (pktns) { |
| chunk_appendf(&trace_buf, " pktns=%s pp=%d", |
| pktns == &qc->pktns[QUIC_TLS_PKTNS_INITIAL] ? "I" : |
| pktns == &qc->pktns[QUIC_TLS_PKTNS_01RTT] ? "01RTT": "H", |
| pktns->tx.pto_probe); |
| if (mask & QUIC_EV_CONN_STIMER) { |
| if (pktns->tx.loss_time) |
| chunk_appendf(&trace_buf, " loss_time=%dms", |
| TICKS_TO_MS(pktns->tx.loss_time - now_ms)); |
| } |
| if (mask & QUIC_EV_CONN_SPTO) { |
| if (pktns->tx.time_of_last_eliciting) |
| chunk_appendf(&trace_buf, " tole=%dms", |
| TICKS_TO_MS(pktns->tx.time_of_last_eliciting - now_ms)); |
| if (duration) |
| chunk_appendf(&trace_buf, " dur=%dms", TICKS_TO_MS(*duration)); |
| } |
| } |
| |
| if (!(mask & QUIC_EV_CONN_SPTO) && qc->timer_task) { |
| chunk_appendf(&trace_buf, |
| " expire=%dms", TICKS_TO_MS(qc->timer - now_ms)); |
| } |
| } |
| |
| if (mask & QUIC_EV_CONN_SPPKTS) { |
| const struct quic_tx_packet *pkt = a2; |
| |
| chunk_appendf(&trace_buf, " cwnd=%llu ppif=%llu pif=%llu", |
| (unsigned long long)qc->path->cwnd, |
| (unsigned long long)qc->path->prep_in_flight, |
| (unsigned long long)qc->path->in_flight); |
| if (pkt) { |
| chunk_appendf(&trace_buf, " pn=%lu(%s) iflen=%llu cdlen=%llu", |
| (unsigned long)pkt->pn_node.key, |
| pkt->pktns == &qc->pktns[QUIC_TLS_PKTNS_INITIAL] ? "I" : |
| pkt->pktns == &qc->pktns[QUIC_TLS_PKTNS_01RTT] ? "01RTT": "H", |
| (unsigned long long)pkt->in_flight_len, |
| (unsigned long long)pkt->cdata_len); |
| } |
| } |
| |
| if (mask & QUIC_EV_CONN_SSLALERT) { |
| const uint8_t *alert = a2; |
| const enum ssl_encryption_level_t *level = a3; |
| |
| if (alert) |
| chunk_appendf(&trace_buf, " alert=0x%02x", *alert); |
| if (level) |
| chunk_appendf(&trace_buf, " el=%c", |
| quic_enc_level_char(ssl_to_quic_enc_level(*level))); |
| } |
| |
| if (mask & QUIC_EV_CONN_BCFRMS) { |
| const size_t *sz1 = a2; |
| const size_t *sz2 = a3; |
| const size_t *sz3 = a4; |
| |
| if (sz1) |
| chunk_appendf(&trace_buf, " %llu", (unsigned long long)*sz1); |
| if (sz2) |
| chunk_appendf(&trace_buf, " %llu", (unsigned long long)*sz2); |
| if (sz3) |
| chunk_appendf(&trace_buf, " %llu", (unsigned long long)*sz3); |
| } |
| |
| if (mask & QUIC_EV_CONN_PSTRM) { |
| const struct quic_frame *frm = a2; |
| |
| if (a2) { |
| const struct quic_stream *s = &frm->stream; |
| |
| chunk_appendf(&trace_buf, " uni=%d fin=%d id=%llu off=%llu len=%llu", |
| !!(s->id & QUIC_STREAM_FRAME_ID_DIR_BIT), |
| !!(frm->type & QUIC_STREAM_FRAME_TYPE_FIN_BIT), |
| (unsigned long long)s->id, |
| (unsigned long long)s->offset, |
| (unsigned long long)s->len); |
| } |
| } |
| } |
| if (mask & QUIC_EV_CONN_LPKT) { |
| const struct quic_rx_packet *pkt = a2; |
| |
| if (conn) |
| chunk_appendf(&trace_buf, " xprt_ctx@%p qc@%p", conn->xprt_ctx, conn->qc); |
| if (pkt) |
| chunk_appendf(&trace_buf, " pkt@%p type=0x%02x %s pkt->qc@%p", |
| pkt, pkt->type, qc_pkt_long(pkt) ? "long" : "short", pkt->qc); |
| } |
| |
| } |
| |
| /* Returns 1 if the peer has validated <qc> QUIC connection address, 0 if not. */ |
| static inline int quic_peer_validated_addr(struct ssl_sock_ctx *ctx) |
| { |
| struct quic_conn *qc; |
| |
| qc = ctx->conn->qc; |
| if (objt_server(qc->conn->target)) |
| return 1; |
| |
| if ((qc->els[QUIC_TLS_ENC_LEVEL_HANDSHAKE].pktns->flags & QUIC_FL_PKTNS_ACK_RECEIVED) || |
| (qc->els[QUIC_TLS_ENC_LEVEL_APP].pktns->flags & QUIC_FL_PKTNS_ACK_RECEIVED) || |
| (qc->state & QUIC_HS_ST_COMPLETE)) |
| return 1; |
| |
| return 0; |
| } |
| |
| /* Set the timer attached to the QUIC connection with <ctx> as I/O handler and used for |
| * both loss detection and PTO and schedule the task assiated to this timer if needed. |
| */ |
| static inline void qc_set_timer(struct ssl_sock_ctx *ctx) |
| { |
| struct quic_conn *qc; |
| struct quic_pktns *pktns; |
| unsigned int pto; |
| |
| TRACE_ENTER(QUIC_EV_CONN_STIMER, ctx->conn, |
| NULL, NULL, &ctx->conn->qc->path->ifae_pkts); |
| qc = ctx->conn->qc; |
| pktns = quic_loss_pktns(qc); |
| if (tick_isset(pktns->tx.loss_time)) { |
| qc->timer = pktns->tx.loss_time; |
| goto out; |
| } |
| |
| /* XXX TODO: anti-amplification: the timer must be |
| * cancelled for a server which reached the anti-amplification limit. |
| */ |
| |
| if (!qc->path->ifae_pkts && quic_peer_validated_addr(ctx)) { |
| TRACE_PROTO("timer cancellation", QUIC_EV_CONN_STIMER, ctx->conn); |
| /* Timer cancellation. */ |
| qc->timer = TICK_ETERNITY; |
| goto out; |
| } |
| |
| pktns = quic_pto_pktns(qc, qc->state & QUIC_HS_ST_COMPLETE, &pto); |
| if (tick_isset(pto)) |
| qc->timer = pto; |
| out: |
| task_schedule(qc->timer_task, qc->timer); |
| TRACE_LEAVE(QUIC_EV_CONN_STIMER, ctx->conn, pktns); |
| } |
| |
| #ifndef OPENSSL_IS_BORINGSSL |
| int ha_quic_set_encryption_secrets(SSL *ssl, enum ssl_encryption_level_t level, |
| const uint8_t *read_secret, |
| const uint8_t *write_secret, size_t secret_len) |
| { |
| struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index); |
| struct quic_tls_ctx *tls_ctx = |
| &conn->qc->els[ssl_to_quic_enc_level(level)].tls_ctx; |
| const SSL_CIPHER *cipher = SSL_get_current_cipher(ssl); |
| |
| TRACE_ENTER(QUIC_EV_CONN_RWSEC, conn); |
| tls_ctx->rx.aead = tls_ctx->tx.aead = tls_aead(cipher); |
| tls_ctx->rx.md = tls_ctx->tx.md = tls_md(cipher); |
| tls_ctx->rx.hp = tls_ctx->tx.hp = tls_hp(cipher); |
| |
| if (!quic_tls_derive_keys(tls_ctx->rx.aead, tls_ctx->rx.hp, tls_ctx->rx.md, |
| tls_ctx->rx.key, sizeof tls_ctx->rx.key, |
| tls_ctx->rx.iv, sizeof tls_ctx->rx.iv, |
| tls_ctx->rx.hp_key, sizeof tls_ctx->rx.hp_key, |
| read_secret, secret_len)) { |
| TRACE_DEVEL("RX key derivation failed", QUIC_EV_CONN_RWSEC, conn); |
| return 0; |
| } |
| |
| tls_ctx->rx.flags |= QUIC_FL_TLS_SECRETS_SET; |
| if (!quic_tls_derive_keys(tls_ctx->tx.aead, tls_ctx->tx.hp, tls_ctx->tx.md, |
| tls_ctx->tx.key, sizeof tls_ctx->tx.key, |
| tls_ctx->tx.iv, sizeof tls_ctx->tx.iv, |
| tls_ctx->tx.hp_key, sizeof tls_ctx->tx.hp_key, |
| write_secret, secret_len)) { |
| TRACE_DEVEL("TX key derivation failed", QUIC_EV_CONN_RWSEC, conn); |
| return 0; |
| } |
| |
| tls_ctx->tx.flags |= QUIC_FL_TLS_SECRETS_SET; |
| if (objt_server(conn->target) && level == ssl_encryption_application) { |
| const unsigned char *buf; |
| size_t buflen; |
| |
| SSL_get_peer_quic_transport_params(ssl, &buf, &buflen); |
| if (!buflen) |
| return 0; |
| |
| if (!quic_transport_params_store(conn->qc, 1, buf, buf + buflen)) |
| return 0; |
| } |
| TRACE_LEAVE(QUIC_EV_CONN_RWSEC, conn, &level); |
| |
| return 1; |
| } |
| #else |
| /* ->set_read_secret callback to derive the RX secrets at <level> encryption |
| * level. |
| * Returns 1 if succeeded, 0 if not. |
| */ |
| int ha_set_rsec(SSL *ssl, enum ssl_encryption_level_t level, |
| const SSL_CIPHER *cipher, |
| const uint8_t *secret, size_t secret_len) |
| { |
| struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index); |
| struct quic_tls_ctx *tls_ctx = |
| &conn->qc->els[ssl_to_quic_enc_level(level)].tls_ctx; |
| |
| TRACE_ENTER(QUIC_EV_CONN_RSEC, conn); |
| tls_ctx->rx.aead = tls_aead(cipher); |
| tls_ctx->rx.md = tls_md(cipher); |
| tls_ctx->rx.hp = tls_hp(cipher); |
| |
| if (!quic_tls_derive_keys(tls_ctx->rx.aead, tls_ctx->rx.hp, tls_ctx->rx.md, |
| tls_ctx->rx.key, sizeof tls_ctx->rx.key, |
| tls_ctx->rx.iv, sizeof tls_ctx->rx.iv, |
| tls_ctx->rx.hp_key, sizeof tls_ctx->rx.hp_key, |
| secret, secret_len)) { |
| TRACE_DEVEL("RX key derivation failed", QUIC_EV_CONN_RSEC, conn); |
| goto err; |
| } |
| |
| if (objt_server(conn->target) && level == ssl_encryption_application) { |
| const unsigned char *buf; |
| size_t buflen; |
| |
| SSL_get_peer_quic_transport_params(ssl, &buf, &buflen); |
| if (!buflen) |
| goto err; |
| |
| if (!quic_transport_params_store(conn->qc, 1, buf, buf + buflen)) |
| goto err; |
| } |
| |
| tls_ctx->rx.flags |= QUIC_FL_TLS_SECRETS_SET; |
| TRACE_LEAVE(QUIC_EV_CONN_RSEC, conn, &level, secret, &secret_len); |
| |
| return 1; |
| |
| err: |
| TRACE_DEVEL("leaving in error", QUIC_EV_CONN_RSEC, conn); |
| return 0; |
| } |
| |
| /* ->set_write_secret callback to derive the TX secrets at <level> |
| * encryption level. |
| * Returns 1 if succeeded, 0 if not. |
| */ |
| int ha_set_wsec(SSL *ssl, enum ssl_encryption_level_t level, |
| const SSL_CIPHER *cipher, |
| const uint8_t *secret, size_t secret_len) |
| { |
| struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index); |
| struct quic_tls_ctx *tls_ctx = |
| &conn->qc->els[ssl_to_quic_enc_level(level)].tls_ctx; |
| |
| TRACE_ENTER(QUIC_EV_CONN_WSEC, conn); |
| tls_ctx->tx.aead = tls_aead(cipher); |
| tls_ctx->tx.md = tls_md(cipher); |
| tls_ctx->tx.hp = tls_hp(cipher); |
| |
| if (!quic_tls_derive_keys(tls_ctx->tx.aead, tls_ctx->tx.hp, tls_ctx->tx.md, |
| tls_ctx->tx.key, sizeof tls_ctx->tx.key, |
| tls_ctx->tx.iv, sizeof tls_ctx->tx.iv, |
| tls_ctx->tx.hp_key, sizeof tls_ctx->tx.hp_key, |
| secret, secret_len)) { |
| TRACE_DEVEL("TX key derivation failed", QUIC_EV_CONN_WSEC, conn); |
| goto err; |
| } |
| |
| tls_ctx->tx.flags |= QUIC_FL_TLS_SECRETS_SET; |
| TRACE_LEAVE(QUIC_EV_CONN_WSEC, conn, &level, secret, &secret_len); |
| |
| return 1; |
| |
| err: |
| TRACE_DEVEL("leaving in error", QUIC_EV_CONN_WSEC, conn); |
| return 0; |
| } |
| #endif |
| |
| /* This function copies the CRYPTO data provided by the TLS stack found at <data> |
| * with <len> as size in CRYPTO buffers dedicated to store the information about |
| * outgoing CRYPTO frames so that to be able to replay the CRYPTO data streams. |
| * It fails only if it could not managed to allocate enough CRYPTO buffers to |
| * store all the data. |
| * Note that CRYPTO data may exist at any encryption level except at 0-RTT. |
| */ |
| static int quic_crypto_data_cpy(struct quic_enc_level *qel, |
| const unsigned char *data, size_t len) |
| { |
| struct quic_crypto_buf **qcb; |
| /* The remaining byte to store in CRYPTO buffers. */ |
| size_t cf_offset, cf_len, *nb_buf; |
| unsigned char *pos; |
| |
| nb_buf = &qel->tx.crypto.nb_buf; |
| qcb = &qel->tx.crypto.bufs[*nb_buf - 1]; |
| cf_offset = (*nb_buf - 1) * QUIC_CRYPTO_BUF_SZ + (*qcb)->sz; |
| cf_len = len; |
| |
| while (len) { |
| size_t to_copy, room; |
| |
| pos = (*qcb)->data + (*qcb)->sz; |
| room = QUIC_CRYPTO_BUF_SZ - (*qcb)->sz; |
| to_copy = len > room ? room : len; |
| if (to_copy) { |
| memcpy(pos, data, to_copy); |
| /* Increment the total size of this CRYPTO buffers by <to_copy>. */ |
| qel->tx.crypto.sz += to_copy; |
| (*qcb)->sz += to_copy; |
| pos += to_copy; |
| len -= to_copy; |
| data += to_copy; |
| } |
| else { |
| struct quic_crypto_buf **tmp; |
| |
| tmp = realloc(qel->tx.crypto.bufs, |
| (*nb_buf + 1) * sizeof *qel->tx.crypto.bufs); |
| if (tmp) { |
| qel->tx.crypto.bufs = tmp; |
| qcb = &qel->tx.crypto.bufs[*nb_buf]; |
| *qcb = pool_alloc(pool_head_quic_crypto_buf); |
| if (!*qcb) |
| return 0; |
| |
| (*qcb)->sz = 0; |
| ++*nb_buf; |
| } |
| else { |
| break; |
| } |
| } |
| } |
| |
| /* Allocate a TX CRYPTO frame only if all the CRYPTO data |
| * have been buffered. |
| */ |
| if (!len) { |
| struct quic_tx_frm *frm; |
| |
| frm = pool_alloc(pool_head_quic_tx_frm); |
| if (!frm) |
| return 0; |
| |
| frm->type = QUIC_FT_CRYPTO; |
| frm->crypto.offset = cf_offset; |
| frm->crypto.len = cf_len; |
| LIST_APPEND(&qel->pktns->tx.frms, &frm->list); |
| } |
| |
| return len == 0; |
| } |
| |
| |
| /* ->add_handshake_data QUIC TLS callback used by the QUIC TLS stack when it |
| * wants to provide the QUIC layer with CRYPTO data. |
| * Returns 1 if succeeded, 0 if not. |
| */ |
| int ha_quic_add_handshake_data(SSL *ssl, enum ssl_encryption_level_t level, |
| const uint8_t *data, size_t len) |
| { |
| struct connection *conn; |
| enum quic_tls_enc_level tel; |
| struct quic_enc_level *qel; |
| |
| conn = SSL_get_ex_data(ssl, ssl_app_data_index); |
| TRACE_ENTER(QUIC_EV_CONN_ADDDATA, conn); |
| tel = ssl_to_quic_enc_level(level); |
| qel = &conn->qc->els[tel]; |
| |
| if (tel == -1) { |
| TRACE_PROTO("Wrong encryption level", QUIC_EV_CONN_ADDDATA, conn); |
| goto err; |
| } |
| |
| if (!quic_crypto_data_cpy(qel, data, len)) { |
| TRACE_PROTO("Could not bufferize", QUIC_EV_CONN_ADDDATA, conn); |
| goto err; |
| } |
| |
| TRACE_PROTO("CRYPTO data buffered", QUIC_EV_CONN_ADDDATA, |
| conn, &level, &len); |
| |
| TRACE_LEAVE(QUIC_EV_CONN_ADDDATA, conn); |
| return 1; |
| |
| err: |
| TRACE_DEVEL("leaving in error", QUIC_EV_CONN_ADDDATA, conn); |
| return 0; |
| } |
| |
| int ha_quic_flush_flight(SSL *ssl) |
| { |
| struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index); |
| |
| TRACE_ENTER(QUIC_EV_CONN_FFLIGHT, conn); |
| TRACE_LEAVE(QUIC_EV_CONN_FFLIGHT, conn); |
| |
| return 1; |
| } |
| |
| int ha_quic_send_alert(SSL *ssl, enum ssl_encryption_level_t level, uint8_t alert) |
| { |
| struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index); |
| |
| TRACE_DEVEL("SSL alert", QUIC_EV_CONN_SSLALERT, conn, &alert, &level); |
| return 1; |
| } |
| |
| /* QUIC TLS methods */ |
| static SSL_QUIC_METHOD ha_quic_method = { |
| #ifdef OPENSSL_IS_BORINGSSL |
| .set_read_secret = ha_set_rsec, |
| .set_write_secret = ha_set_wsec, |
| #else |
| .set_encryption_secrets = ha_quic_set_encryption_secrets, |
| #endif |
| .add_handshake_data = ha_quic_add_handshake_data, |
| .flush_flight = ha_quic_flush_flight, |
| .send_alert = ha_quic_send_alert, |
| }; |
| |
| /* Initialize the TLS context of a listener with <bind_conf> as configuration. |
| * Returns an error count. |
| */ |
| int ssl_quic_initial_ctx(struct bind_conf *bind_conf) |
| { |
| struct proxy *curproxy = bind_conf->frontend; |
| struct ssl_bind_conf __maybe_unused *ssl_conf_cur; |
| int cfgerr = 0; |
| |
| #if 0 |
| /* XXX Did not manage to use this. */ |
| const char *ciphers = |
| "TLS_AES_128_GCM_SHA256:" |
| "TLS_AES_256_GCM_SHA384:" |
| "TLS_CHACHA20_POLY1305_SHA256:" |
| "TLS_AES_128_CCM_SHA256"; |
| #endif |
| const char *groups = "P-256:X25519:P-384:P-521"; |
| long options = |
| (SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) | |
| SSL_OP_SINGLE_ECDH_USE | |
| SSL_OP_CIPHER_SERVER_PREFERENCE; |
| SSL_CTX *ctx; |
| |
| ctx = SSL_CTX_new(TLS_server_method()); |
| bind_conf->initial_ctx = ctx; |
| |
| SSL_CTX_set_options(ctx, options); |
| #if 0 |
| if (SSL_CTX_set_cipher_list(ctx, ciphers) != 1) { |
| ha_alert("Proxy '%s': unable to set TLS 1.3 cipher list to '%s' " |
| "for bind '%s' at [%s:%d].\n", |
| curproxy->id, ciphers, |
| bind_conf->arg, bind_conf->file, bind_conf->line); |
| cfgerr++; |
| } |
| #endif |
| |
| if (SSL_CTX_set1_curves_list(ctx, groups) != 1) { |
| ha_alert("Proxy '%s': unable to set TLS 1.3 curves list to '%s' " |
| "for bind '%s' at [%s:%d].\n", |
| curproxy->id, groups, |
| bind_conf->arg, bind_conf->file, bind_conf->line); |
| cfgerr++; |
| } |
| |
| SSL_CTX_set_mode(ctx, SSL_MODE_RELEASE_BUFFERS); |
| SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION); |
| SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION); |
| SSL_CTX_set_default_verify_paths(ctx); |
| |
| #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME |
| #ifdef OPENSSL_IS_BORINGSSL |
| SSL_CTX_set_select_certificate_cb(ctx, ssl_sock_switchctx_cbk); |
| SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk); |
| #elif (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) |
| if (bind_conf->ssl_conf.early_data) { |
| SSL_CTX_set_options(ctx, SSL_OP_NO_ANTI_REPLAY); |
| SSL_CTX_set_max_early_data(ctx, global.tune.bufsize - global.tune.maxrewrite); |
| } |
| SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL); |
| SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk); |
| #else |
| SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_cbk); |
| #endif |
| SSL_CTX_set_tlsext_servername_arg(ctx, bind_conf); |
| #endif |
| SSL_CTX_set_quic_method(ctx, &ha_quic_method); |
| |
| return cfgerr; |
| } |
| |
| /* Decode an expected packet number from <truncated_on> its truncated value, |
| * depending on <largest_pn> the largest received packet number, and <pn_nbits> |
| * the number of bits used to encode this packet number (its length in bytes * 8). |
| * See https://quicwg.org/base-drafts/draft-ietf-quic-transport.html#packet-encoding |
| */ |
| static uint64_t decode_packet_number(uint64_t largest_pn, |
| uint32_t truncated_pn, unsigned int pn_nbits) |
| { |
| uint64_t expected_pn = largest_pn + 1; |
| uint64_t pn_win = (uint64_t)1 << pn_nbits; |
| uint64_t pn_hwin = pn_win / 2; |
| uint64_t pn_mask = pn_win - 1; |
| uint64_t candidate_pn; |
| |
| |
| candidate_pn = (expected_pn & ~pn_mask) | truncated_pn; |
| /* Note that <pn_win> > <pn_hwin>. */ |
| if (candidate_pn < QUIC_MAX_PACKET_NUM - pn_win && |
| candidate_pn + pn_hwin <= expected_pn) |
| return candidate_pn + pn_win; |
| |
| if (candidate_pn > expected_pn + pn_hwin && candidate_pn >= pn_win) |
| return candidate_pn - pn_win; |
| |
| return candidate_pn; |
| } |
| |
| /* Remove the header protection of <pkt> QUIC packet using <tls_ctx> as QUIC TLS |
| * cryptographic context. |
| * <largest_pn> is the largest received packet number and <pn> the address of |
| * the packet number field for this packet with <byte0> address of its first byte. |
| * <end> points to one byte past the end of this packet. |
| * Returns 1 if succeeded, 0 if not. |
| */ |
| static int qc_do_rm_hp(struct quic_rx_packet *pkt, struct quic_tls_ctx *tls_ctx, |
| int64_t largest_pn, unsigned char *pn, |
| unsigned char *byte0, const unsigned char *end, |
| struct ssl_sock_ctx *ctx) |
| { |
| int ret, outlen, i, pnlen; |
| uint64_t packet_number; |
| uint32_t truncated_pn = 0; |
| unsigned char mask[5] = {0}; |
| unsigned char *sample; |
| EVP_CIPHER_CTX *cctx; |
| unsigned char *hp_key; |
| |
| /* Check there is enough data in this packet. */ |
| if (end - pn < QUIC_PACKET_PN_MAXLEN + sizeof mask) { |
| TRACE_DEVEL("too short packet", QUIC_EV_CONN_RMHP, ctx->conn, pkt); |
| return 0; |
| } |
| |
| cctx = EVP_CIPHER_CTX_new(); |
| if (!cctx) { |
| TRACE_DEVEL("memory allocation failed", QUIC_EV_CONN_RMHP, ctx->conn, pkt); |
| return 0; |
| } |
| |
| ret = 0; |
| sample = pn + QUIC_PACKET_PN_MAXLEN; |
| |
| hp_key = tls_ctx->rx.hp_key; |
| if (!EVP_DecryptInit_ex(cctx, tls_ctx->rx.hp, NULL, hp_key, sample) || |
| !EVP_DecryptUpdate(cctx, mask, &outlen, mask, sizeof mask) || |
| !EVP_DecryptFinal_ex(cctx, mask, &outlen)) { |
| TRACE_DEVEL("decryption failed", QUIC_EV_CONN_RMHP, ctx->conn, pkt); |
| goto out; |
| } |
| |
| *byte0 ^= mask[0] & (*byte0 & QUIC_PACKET_LONG_HEADER_BIT ? 0xf : 0x1f); |
| pnlen = (*byte0 & QUIC_PACKET_PNL_BITMASK) + 1; |
| for (i = 0; i < pnlen; i++) { |
| pn[i] ^= mask[i + 1]; |
| truncated_pn = (truncated_pn << 8) | pn[i]; |
| } |
| |
| packet_number = decode_packet_number(largest_pn, truncated_pn, pnlen * 8); |
| /* Store remaining information for this unprotected header */ |
| pkt->pn = packet_number; |
| pkt->pnl = pnlen; |
| |
| ret = 1; |
| |
| out: |
| EVP_CIPHER_CTX_free(cctx); |
| |
| return ret; |
| } |
| |
| /* Encrypt the payload of a QUIC packet with <pn> as number found at <payload> |
| * address, with <payload_len> as payload length, <aad> as address of |
| * the ADD and <aad_len> as AAD length depending on the <tls_ctx> QUIC TLS |
| * context. |
| * Returns 1 if succeeded, 0 if not. |
| */ |
| static int quic_packet_encrypt(unsigned char *payload, size_t payload_len, |
| unsigned char *aad, size_t aad_len, uint64_t pn, |
| struct quic_tls_ctx *tls_ctx, struct connection *conn) |
| { |
| unsigned char iv[12]; |
| unsigned char *tx_iv = tls_ctx->tx.iv; |
| size_t tx_iv_sz = sizeof tls_ctx->tx.iv; |
| struct enc_debug_info edi; |
| |
| if (!quic_aead_iv_build(iv, sizeof iv, tx_iv, tx_iv_sz, pn)) { |
| TRACE_DEVEL("AEAD IV building for encryption failed", QUIC_EV_CONN_HPKT, conn); |
| goto err; |
| } |
| |
| if (!quic_tls_encrypt(payload, payload_len, aad, aad_len, |
| tls_ctx->tx.aead, tls_ctx->tx.key, iv)) { |
| TRACE_DEVEL("QUIC packet encryption failed", QUIC_EV_CONN_HPKT, conn); |
| goto err; |
| } |
| |
| return 1; |
| |
| err: |
| enc_debug_info_init(&edi, payload, payload_len, aad, aad_len, pn); |
| TRACE_DEVEL("leaving in error", QUIC_EV_CONN_ENCPKT, conn, &edi); |
| return 0; |
| } |
| |
| /* Decrypt <pkt> QUIC packet with <tls_ctx> as QUIC TLS cryptographic context. |
| * Returns 1 if succeeded, 0 if not. |
| */ |
| static int qc_pkt_decrypt(struct quic_rx_packet *pkt, struct quic_tls_ctx *tls_ctx) |
| { |
| int ret; |
| unsigned char iv[12]; |
| unsigned char *rx_iv = tls_ctx->rx.iv; |
| size_t rx_iv_sz = sizeof tls_ctx->rx.iv; |
| |
| if (!quic_aead_iv_build(iv, sizeof iv, rx_iv, rx_iv_sz, pkt->pn)) |
| return 0; |
| |
| ret = quic_tls_decrypt(pkt->data + pkt->aad_len, pkt->len - pkt->aad_len, |
| pkt->data, pkt->aad_len, |
| tls_ctx->rx.aead, tls_ctx->rx.key, iv); |
| if (!ret) |
| return 0; |
| |
| /* Update the packet length (required to parse the frames). */ |
| pkt->len = pkt->aad_len + ret; |
| |
| return 1; |
| } |
| |
| /* Treat <frm> frame whose packet it is attached to has just been acknowledged. */ |
| static inline void qc_treat_acked_tx_frm(struct quic_tx_frm *frm, |
| struct ssl_sock_ctx *ctx) |
| { |
| TRACE_PROTO("Removing frame", QUIC_EV_CONN_PRSAFRM, ctx->conn, frm); |
| LIST_DELETE(&frm->list); |
| pool_free(pool_head_quic_tx_frm, frm); |
| } |
| |
| /* Remove <largest> down to <smallest> node entries from <pkts> tree of TX packet, |
| * deallocating them, and their TX frames. |
| * Returns the last node reached to be used for the next range. |
| * May be NULL if <largest> node could not be found. |
| */ |
| static inline struct eb64_node *qc_ackrng_pkts(struct eb_root *pkts, unsigned int *pkt_flags, |
| struct list *newly_acked_pkts, |
| struct eb64_node *largest_node, |
| uint64_t largest, uint64_t smallest, |
| struct ssl_sock_ctx *ctx) |
| { |
| struct eb64_node *node; |
| struct quic_tx_packet *pkt; |
| |
| if (largest_node) |
| node = largest_node; |
| else { |
| node = eb64_lookup(pkts, largest); |
| while (!node && largest > smallest) { |
| node = eb64_lookup(pkts, --largest); |
| } |
| } |
| |
| while (node && node->key >= smallest) { |
| struct quic_tx_frm *frm, *frmbak; |
| |
| pkt = eb64_entry(&node->node, struct quic_tx_packet, pn_node); |
| *pkt_flags |= pkt->flags; |
| LIST_INSERT(newly_acked_pkts, &pkt->list); |
| TRACE_PROTO("Removing packet #", QUIC_EV_CONN_PRSAFRM, ctx->conn,, &pkt->pn_node.key); |
| list_for_each_entry_safe(frm, frmbak, &pkt->frms, list) |
| qc_treat_acked_tx_frm(frm, ctx); |
| node = eb64_prev(node); |
| eb64_delete(&pkt->pn_node); |
| } |
| |
| return node; |
| } |
| |
| /* Treat <frm> frame whose packet it is attached to has just been detected as non |
| * acknowledged. |
| */ |
| static inline void qc_treat_nacked_tx_frm(struct quic_tx_frm *frm, |
| struct quic_pktns *pktns, |
| struct ssl_sock_ctx *ctx) |
| { |
| TRACE_PROTO("to resend frame", QUIC_EV_CONN_PRSAFRM, ctx->conn, frm); |
| LIST_DELETE(&frm->list); |
| LIST_INSERT(&pktns->tx.frms, &frm->list); |
| } |
| |
| |
| /* Free the TX packets of <pkts> list */ |
| static inline void free_quic_tx_pkts(struct list *pkts) |
| { |
| struct quic_tx_packet *pkt, *tmp; |
| |
| list_for_each_entry_safe(pkt, tmp, pkts, list) { |
| LIST_DELETE(&pkt->list); |
| eb64_delete(&pkt->pn_node); |
| pool_free(pool_head_quic_tx_packet, pkt); |
| } |
| } |
| |
| /* Send a packet loss event nofification to the congestion controller |
| * attached to <qc> connection with <lost_bytes> the number of lost bytes, |
| * <oldest_lost>, <newest_lost> the oldest lost packet and newest lost packet |
| * at <now_us> current time. |
| * Always succeeds. |
| */ |
| static inline void qc_cc_loss_event(struct quic_conn *qc, |
| unsigned int lost_bytes, |
| unsigned int newest_time_sent, |
| unsigned int period, |
| unsigned int now_us) |
| { |
| struct quic_cc_event ev = { |
| .type = QUIC_CC_EVT_LOSS, |
| .loss.now_ms = now_ms, |
| .loss.max_ack_delay = qc->max_ack_delay, |
| .loss.lost_bytes = lost_bytes, |
| .loss.newest_time_sent = newest_time_sent, |
| .loss.period = period, |
| }; |
| |
| quic_cc_event(&qc->path->cc, &ev); |
| } |
| |
| /* Send a packet ack event nofication for each newly acked packet of |
| * <newly_acked_pkts> list and free them. |
| * Always succeeds. |
| */ |
| static inline void qc_treat_newly_acked_pkts(struct ssl_sock_ctx *ctx, |
| struct list *newly_acked_pkts) |
| { |
| struct quic_conn *qc = ctx->conn->qc; |
| struct quic_tx_packet *pkt, *tmp; |
| struct quic_cc_event ev = { .type = QUIC_CC_EVT_ACK, }; |
| |
| list_for_each_entry_safe(pkt, tmp, newly_acked_pkts, list) { |
| pkt->pktns->tx.in_flight -= pkt->in_flight_len; |
| qc->path->prep_in_flight -= pkt->in_flight_len; |
| if (pkt->flags & QUIC_FL_TX_PACKET_ACK_ELICITING) |
| qc->path->ifae_pkts--; |
| ev.ack.acked = pkt->in_flight_len; |
| ev.ack.time_sent = pkt->time_sent; |
| quic_cc_event(&qc->path->cc, &ev); |
| LIST_DELETE(&pkt->list); |
| eb64_delete(&pkt->pn_node); |
| pool_free(pool_head_quic_tx_packet, pkt); |
| } |
| |
| } |
| |
| /* Handle <pkts> list of lost packets detected at <now_us> handling |
| * their TX frames. |
| * Send a packet loss event to the congestion controller if |
| * in flight packet have been lost. |
| * Also frees the packet in <pkts> list. |
| * Never fails. |
| */ |
| static inline void qc_release_lost_pkts(struct quic_pktns *pktns, |
| struct ssl_sock_ctx *ctx, |
| struct list *pkts, |
| uint64_t now_us) |
| { |
| struct quic_conn *qc = ctx->conn->qc; |
| struct quic_tx_packet *pkt, *tmp, *oldest_lost, *newest_lost; |
| struct quic_tx_frm *frm, *frmbak; |
| uint64_t lost_bytes; |
| |
| lost_bytes = 0; |
| oldest_lost = newest_lost = NULL; |
| list_for_each_entry_safe(pkt, tmp, pkts, list) { |
| lost_bytes += pkt->in_flight_len; |
| pkt->pktns->tx.in_flight -= pkt->in_flight_len; |
| qc->path->prep_in_flight -= pkt->in_flight_len; |
| if (pkt->flags & QUIC_FL_TX_PACKET_ACK_ELICITING) |
| qc->path->ifae_pkts--; |
| /* Treat the frames of this lost packet. */ |
| list_for_each_entry_safe(frm, frmbak, &pkt->frms, list) |
| qc_treat_nacked_tx_frm(frm, pktns, ctx); |
| LIST_DELETE(&pkt->list); |
| if (!oldest_lost) { |
| oldest_lost = newest_lost = pkt; |
| } |
| else { |
| if (newest_lost != oldest_lost) |
| pool_free(pool_head_quic_tx_packet, newest_lost); |
| newest_lost = pkt; |
| } |
| } |
| |
| if (lost_bytes) { |
| /* Sent a packet loss event to the congestion controller. */ |
| qc_cc_loss_event(ctx->conn->qc, lost_bytes, newest_lost->time_sent, |
| newest_lost->time_sent - oldest_lost->time_sent, now_us); |
| pool_free(pool_head_quic_tx_packet, oldest_lost); |
| if (newest_lost != oldest_lost) |
| pool_free(pool_head_quic_tx_packet, newest_lost); |
| } |
| } |
| |
| /* Look for packet loss from sent packets for <qel> encryption level of a |
| * connection with <ctx> as I/O handler context. If remove is true, remove them from |
| * their tree if deemed as lost or set the <loss_time> value the packet number |
| * space if any not deemed lost. |
| * Should be called after having received an ACK frame with newly acknowledged |
| * packets or when the the loss detection timer has expired. |
| * Always succeeds. |
| */ |
| static void qc_packet_loss_lookup(struct quic_pktns *pktns, |
| struct quic_conn *qc, |
| struct list *lost_pkts) |
| { |
| struct eb_root *pkts; |
| struct eb64_node *node; |
| struct quic_loss *ql; |
| unsigned int loss_delay; |
| |
| TRACE_ENTER(QUIC_EV_CONN_PKTLOSS, qc->conn, pktns); |
| pkts = &pktns->tx.pkts; |
| pktns->tx.loss_time = TICK_ETERNITY; |
| if (eb_is_empty(pkts)) |
| goto out; |
| |
| ql = &qc->path->loss; |
| loss_delay = QUIC_MAX(ql->latest_rtt, ql->srtt >> 3); |
| loss_delay += loss_delay >> 3; |
| loss_delay = QUIC_MAX(loss_delay, MS_TO_TICKS(QUIC_TIMER_GRANULARITY)); |
| |
| node = eb64_first(pkts); |
| while (node) { |
| struct quic_tx_packet *pkt; |
| int64_t largest_acked_pn; |
| unsigned int loss_time_limit, time_sent; |
| |
| pkt = eb64_entry(&node->node, struct quic_tx_packet, pn_node); |
| largest_acked_pn = pktns->tx.largest_acked_pn; |
| node = eb64_next(node); |
| if ((int64_t)pkt->pn_node.key > largest_acked_pn) |
| break; |
| |
| time_sent = pkt->time_sent; |
| loss_time_limit = tick_add(time_sent, loss_delay); |
| if (tick_is_le(time_sent, now_ms) || |
| (int64_t)largest_acked_pn >= pkt->pn_node.key + QUIC_LOSS_PACKET_THRESHOLD) { |
| eb64_delete(&pkt->pn_node); |
| LIST_APPEND(lost_pkts, &pkt->list); |
| } |
| else { |
| pktns->tx.loss_time = tick_first(pktns->tx.loss_time, loss_time_limit); |
| } |
| } |
| |
| out: |
| TRACE_LEAVE(QUIC_EV_CONN_PKTLOSS, qc->conn, pktns, lost_pkts); |
| } |
| |
| /* Parse ACK frame into <frm> from a buffer at <buf> address with <end> being at |
| * one byte past the end of this buffer. Also update <rtt_sample> if needed, i.e. |
| * if the largest acked packet was newly acked and if there was at least one newly |
| * acked ack-eliciting packet. |
| * Return 1, if succeeded, 0 if not. |
| */ |
| static inline int qc_parse_ack_frm(struct quic_frame *frm, struct ssl_sock_ctx *ctx, |
| struct quic_enc_level *qel, |
| unsigned int *rtt_sample, |
| const unsigned char **pos, const unsigned char *end) |
| { |
| struct quic_ack *ack = &frm->ack; |
| uint64_t smallest, largest; |
| struct eb_root *pkts; |
| struct eb64_node *largest_node; |
| unsigned int time_sent, pkt_flags; |
| struct list newly_acked_pkts = LIST_HEAD_INIT(newly_acked_pkts); |
| struct list lost_pkts = LIST_HEAD_INIT(lost_pkts); |
| |
| if (ack->largest_ack > qel->pktns->tx.next_pn) { |
| TRACE_DEVEL("ACK for not sent packet", QUIC_EV_CONN_PRSAFRM, |
| ctx->conn,, &ack->largest_ack); |
| goto err; |
| } |
| |
| if (ack->first_ack_range > ack->largest_ack) { |
| TRACE_DEVEL("too big first ACK range", QUIC_EV_CONN_PRSAFRM, |
| ctx->conn,, &ack->first_ack_range); |
| goto err; |
| } |
| |
| largest = ack->largest_ack; |
| smallest = largest - ack->first_ack_range; |
| pkts = &qel->pktns->tx.pkts; |
| pkt_flags = 0; |
| largest_node = NULL; |
| time_sent = 0; |
| |
| if ((int64_t)ack->largest_ack > qel->pktns->tx.largest_acked_pn) { |
| largest_node = eb64_lookup(pkts, largest); |
| if (!largest_node) { |
| TRACE_DEVEL("Largest acked packet not found", |
| QUIC_EV_CONN_PRSAFRM, ctx->conn); |
| goto err; |
| } |
| |
| time_sent = eb64_entry(&largest_node->node, |
| struct quic_tx_packet, pn_node)->time_sent; |
| } |
| |
| TRACE_PROTO("ack range", QUIC_EV_CONN_PRSAFRM, |
| ctx->conn,, &largest, &smallest); |
| do { |
| uint64_t gap, ack_range; |
| |
| qc_ackrng_pkts(pkts, &pkt_flags, &newly_acked_pkts, |
| largest_node, largest, smallest, ctx); |
| if (!ack->ack_range_num--) |
| break; |
| |
| if (!quic_dec_int(&gap, pos, end)) |
| goto err; |
| |
| if (smallest < gap + 2) { |
| TRACE_DEVEL("wrong gap value", QUIC_EV_CONN_PRSAFRM, |
| ctx->conn,, &gap, &smallest); |
| goto err; |
| } |
| |
| largest = smallest - gap - 2; |
| if (!quic_dec_int(&ack_range, pos, end)) |
| goto err; |
| |
| if (largest < ack_range) { |
| TRACE_DEVEL("wrong ack range value", QUIC_EV_CONN_PRSAFRM, |
| ctx->conn,, &largest, &ack_range); |
| goto err; |
| } |
| |
| /* Do not use this node anymore. */ |
| largest_node = NULL; |
| /* Next range */ |
| smallest = largest - ack_range; |
| |
| TRACE_PROTO("ack range", QUIC_EV_CONN_PRSAFRM, |
| ctx->conn,, &largest, &smallest); |
| } while (1); |
| |
| /* Flag this packet number space as having received an ACK. */ |
| qel->pktns->flags |= QUIC_FL_PKTNS_ACK_RECEIVED; |
| |
| if (time_sent && (pkt_flags & QUIC_FL_TX_PACKET_ACK_ELICITING)) { |
| *rtt_sample = tick_remain(time_sent, now_ms); |
| qel->pktns->tx.largest_acked_pn = ack->largest_ack; |
| } |
| |
| if (!LIST_ISEMPTY(&newly_acked_pkts)) { |
| if (!eb_is_empty(&qel->pktns->tx.pkts)) { |
| qc_packet_loss_lookup(qel->pktns, ctx->conn->qc, &lost_pkts); |
| if (!LIST_ISEMPTY(&lost_pkts)) |
| qc_release_lost_pkts(qel->pktns, ctx, &lost_pkts, now_ms); |
| } |
| qc_treat_newly_acked_pkts(ctx, &newly_acked_pkts); |
| if (quic_peer_validated_addr(ctx)) |
| ctx->conn->qc->path->loss.pto_count = 0; |
| qc_set_timer(ctx); |
| } |
| |
| |
| return 1; |
| |
| err: |
| free_quic_tx_pkts(&newly_acked_pkts); |
| TRACE_DEVEL("leaving in error", QUIC_EV_CONN_PRSAFRM, ctx->conn); |
| return 0; |
| } |
| |
| /* Provide CRYPTO data to the TLS stack found at <data> with <len> as length |
| * from <qel> encryption level with <ctx> as QUIC connection context. |
| * Remaining parameter are there for debugging purposes. |
| * Return 1 if succeeded, 0 if not. |
| */ |
| static inline int qc_provide_cdata(struct quic_enc_level *el, |
| struct ssl_sock_ctx *ctx, |
| const unsigned char *data, size_t len, |
| struct quic_rx_packet *pkt, |
| struct quic_rx_crypto_frm *cf) |
| { |
| int ssl_err; |
| struct quic_conn *qc; |
| |
| TRACE_ENTER(QUIC_EV_CONN_SSLDATA, ctx->conn); |
| ssl_err = SSL_ERROR_NONE; |
| qc = ctx->conn->qc; |
| if (SSL_provide_quic_data(ctx->ssl, el->level, data, len) != 1) { |
| TRACE_PROTO("SSL_provide_quic_data() error", |
| QUIC_EV_CONN_SSLDATA, ctx->conn, pkt, cf, ctx->ssl); |
| goto err; |
| } |
| |
| el->rx.crypto.offset += len; |
| TRACE_PROTO("in order CRYPTO data", |
| QUIC_EV_CONN_SSLDATA, ctx->conn,, cf, ctx->ssl); |
| |
| if (qc->state < QUIC_HS_ST_COMPLETE) { |
| ssl_err = SSL_do_handshake(ctx->ssl); |
| if (ssl_err != 1) { |
| ssl_err = SSL_get_error(ctx->ssl, ssl_err); |
| if (ssl_err == SSL_ERROR_WANT_READ || ssl_err == SSL_ERROR_WANT_WRITE) { |
| TRACE_PROTO("SSL handshake", |
| QUIC_EV_CONN_HDSHK, ctx->conn, &qc->state, &ssl_err); |
| goto out; |
| } |
| |
| TRACE_DEVEL("SSL handshake error", |
| QUIC_EV_CONN_HDSHK, ctx->conn, &qc->state, &ssl_err); |
| goto err; |
| } |
| |
| TRACE_PROTO("SSL handshake OK", QUIC_EV_CONN_HDSHK, ctx->conn, &qc->state); |
| if (objt_listener(ctx->conn->target)) |
| qc->state = QUIC_HS_ST_CONFIRMED; |
| else |
| qc->state = QUIC_HS_ST_COMPLETE; |
| } else { |
| ssl_err = SSL_process_quic_post_handshake(ctx->ssl); |
| if (ssl_err != 1) { |
| ssl_err = SSL_get_error(ctx->ssl, ssl_err); |
| if (ssl_err == SSL_ERROR_WANT_READ || ssl_err == SSL_ERROR_WANT_WRITE) { |
| TRACE_DEVEL("SSL post handshake", |
| QUIC_EV_CONN_HDSHK, ctx->conn, &qc->state, &ssl_err); |
| goto out; |
| } |
| |
| TRACE_DEVEL("SSL post handshake error", |
| QUIC_EV_CONN_HDSHK, ctx->conn, &qc->state, &ssl_err); |
| goto err; |
| } |
| |
| TRACE_PROTO("SSL post handshake succeeded", |
| QUIC_EV_CONN_HDSHK, ctx->conn, &qc->state); |
| } |
| |
| out: |
| TRACE_LEAVE(QUIC_EV_CONN_SSLDATA, ctx->conn); |
| return 1; |
| |
| err: |
| TRACE_DEVEL("leaving in error", QUIC_EV_CONN_SSLDATA, ctx->conn); |
| return 0; |
| } |
| |
| /* Allocate a new STREAM RX frame from <stream_fm> STREAM frame attached to |
| * <pkt> RX packet. |
| * Return it if succeeded, NULL if not. |
| */ |
| static inline |
| struct quic_rx_strm_frm *new_quic_rx_strm_frm(struct quic_stream *stream_frm, |
| struct quic_rx_packet *pkt) |
| { |
| struct quic_rx_strm_frm *frm; |
| |
| frm = pool_alloc(pool_head_quic_rx_strm_frm); |
| if (frm) { |
| frm->offset_node.key = stream_frm->offset; |
| frm->len = stream_frm->len; |
| frm->data = stream_frm->data; |
| frm->pkt = pkt; |
| } |
| |
| return frm; |
| } |
| |
| /* Retrieve as an ebtree node the stream with <id> as ID, possibly allocates |
| * several streams, depending on the already open onces. |
| * Return this node if succeeded, NULL if not. |
| */ |
| static struct eb64_node *qcc_get_qcs(struct qcc *qcc, uint64_t id) |
| { |
| unsigned int strm_type; |
| int64_t sub_id; |
| struct eb64_node *strm_node; |
| |
| TRACE_ENTER(QUIC_EV_CONN_PSTRM, qcc->conn); |
| |
| strm_type = id & QCS_ID_TYPE_MASK; |
| sub_id = id >> QCS_ID_TYPE_SHIFT; |
| strm_node = NULL; |
| if (qc_local_stream_id(qcc, id)) { |
| /* Local streams: this stream must be already opened. */ |
| strm_node = eb64_lookup(&qcc->streams_by_id, id); |
| if (!strm_node) { |
| TRACE_PROTO("Unknown stream ID", QUIC_EV_CONN_PSTRM, qcc->conn); |
| goto out; |
| } |
| } |
| else { |
| /* Remote streams. */ |
| struct eb_root *strms; |
| uint64_t largest_id; |
| enum qcs_type qcs_type; |
| |
| strms = &qcc->streams_by_id; |
| qcs_type = qcs_id_type(id); |
| if (sub_id + 1 > qcc->strms[qcs_type].max_streams) { |
| TRACE_PROTO("Streams limit reached", QUIC_EV_CONN_PSTRM, qcc->conn); |
| goto out; |
| } |
| |
| /* Note: ->largest_id was initialized with (uint64_t)-1 as value, 0 being a |
| * correct value. |
| */ |
| largest_id = qcc->strms[qcs_type].largest_id; |
| if (sub_id > (int64_t)largest_id) { |
| /* RFC: "A stream ID that is used out of order results in all streams |
| * of that type with lower-numbered stream IDs also being opened". |
| * So, let's "open" these streams. |
| */ |
| int64_t i; |
| struct qcs *qcs; |
| |
| qcs = NULL; |
| for (i = largest_id + 1; i <= sub_id; i++) { |
| qcs = qcs_new(qcc, (i << QCS_ID_TYPE_SHIFT) | strm_type); |
| if (!qcs) { |
| TRACE_PROTO("Could not allocate a new stream", |
| QUIC_EV_CONN_PSTRM, qcc->conn); |
| goto out; |
| } |
| |
| qcc->strms[qcs_type].largest_id = i; |
| } |
| if (qcs) |
| strm_node = &qcs->by_id; |
| } |
| else { |
| strm_node = eb64_lookup(strms, id); |
| } |
| } |
| |
| TRACE_LEAVE(QUIC_EV_CONN_PSTRM, qcc->conn); |
| return strm_node; |
| |
| out: |
| TRACE_LEAVE(QUIC_EV_CONN_PSTRM, qcc->conn); |
| return NULL; |
| } |
| |
| /* Copy as most as possible STREAM data from <strm_frm> into <strm> stream. |
| * Returns the number of bytes copied or -1 if failed. Also update <strm_frm> frame |
| * to reflect the data which have been consumed. |
| */ |
| static size_t qc_strm_cpy(struct buffer *buf, struct quic_stream *strm_frm) |
| { |
| size_t ret; |
| |
| ret = 0; |
| while (strm_frm->len) { |
| size_t try; |
| |
| try = b_contig_space(buf); |
| if (!try) |
| break; |
| |
| if (try > strm_frm->len) |
| try = strm_frm->len; |
| memcpy(b_tail(buf), strm_frm->data, try); |
| strm_frm->len -= try; |
| strm_frm->offset += try; |
| b_add(buf, try); |
| ret += try; |
| } |
| |
| return ret; |
| } |
| |
| /* Handle <strm_frm> bidirectional STREAM frame. Depending on its ID, several |
| * streams may be open. The data are copied to the stream RX buffer if possible. |
| * If not, the STREAM frame is stored to be treated again later. |
| * We rely on the flow control so that not to store too much STREAM frames. |
| * Return 1 if succeeded, 0 if not. |
| */ |
| static int qc_handle_bidi_strm_frm(struct quic_rx_packet *pkt, |
| struct quic_stream *strm_frm, |
| struct quic_conn *qc) |
| { |
| struct qcs *strm; |
| struct eb64_node *strm_node, *frm_node; |
| struct quic_rx_strm_frm *frm; |
| |
| strm_node = qcc_get_qcs(qc->qcc, strm_frm->id); |
| if (!strm_node) { |
| TRACE_PROTO("Stream not found", QUIC_EV_CONN_PSTRM, qc->conn); |
| return 0; |
| } |
| |
| strm = eb64_entry(&strm_node->node, struct qcs, by_id); |
| frm_node = eb64_lookup(&strm->frms, strm_frm->offset); |
| /* FIXME: handle the case where this frame overlap others */ |
| if (frm_node) { |
| TRACE_PROTO("Already existing stream data", |
| QUIC_EV_CONN_PSTRM, qc->conn); |
| goto out; |
| } |
| |
| if (strm_frm->offset == strm->rx.offset) { |
| int ret; |
| |
| if (!qc_get_buf(qc->qcc, &strm->rx.buf)) |
| goto store_frm; |
| |
| ret = qc_strm_cpy(&strm->rx.buf, strm_frm); |
| if (ret && qc->qcc->app_ops->decode_qcs(strm, qc->qcc->ctx) == -1) { |
| TRACE_PROTO("Decoding error", QUIC_EV_CONN_PSTRM); |
| return 0; |
| } |
| |
| strm->rx.offset += ret; |
| } |
| |
| if (!strm_frm->len) |
| goto out; |
| |
| store_frm: |
| frm = new_quic_rx_strm_frm(strm_frm, pkt); |
| if (!frm) { |
| TRACE_PROTO("Could not alloc RX STREAM frame", |
| QUIC_EV_CONN_PSTRM, qc->conn); |
| return 0; |
| } |
| |
| eb64_insert(&strm->frms, &frm->offset_node); |
| quic_rx_packet_refinc(pkt); |
| |
| out: |
| return 1; |
| } |
| |
| /* Handle <strm_frm> unidirectional STREAM frame. Depending on its ID, several |
| * streams may be open. The data are copied to the stream RX buffer if possible. |
| * If not, the STREAM frame is stored to be treated again later. |
| * We rely on the flow control so that not to store too much STREAM frames. |
| * Return 1 if succeeded, 0 if not. |
| */ |
| static int qc_handle_uni_strm_frm(struct quic_rx_packet *pkt, |
| struct quic_stream *strm_frm, |
| struct quic_conn *qc) |
| { |
| struct qcs *strm; |
| struct eb64_node *strm_node, *frm_node; |
| struct quic_rx_strm_frm *frm; |
| size_t strm_frm_len; |
| |
| strm_node = qcc_get_qcs(qc->qcc, strm_frm->id); |
| if (!strm_node) { |
| TRACE_PROTO("Stream not found", QUIC_EV_CONN_PSTRM, qc->conn); |
| return 0; |
| } |
| |
| strm = eb64_entry(&strm_node->node, struct qcs, by_id); |
| frm_node = eb64_lookup(&strm->frms, strm_frm->offset); |
| /* FIXME: handle the case where this frame overlap others */ |
| if (frm_node) { |
| TRACE_PROTO("Already existing stream data", |
| QUIC_EV_CONN_PSTRM, qc->conn); |
| goto out; |
| } |
| |
| strm_frm_len = strm_frm->len; |
| if (strm_frm->offset == strm->rx.offset) { |
| int ret; |
| |
| if (!qc_get_buf(qc->qcc, &strm->rx.buf)) |
| goto store_frm; |
| |
| /* qc_strm_cpy() will modify the offset, depending on the number |
| * of bytes copied. |
| */ |
| ret = qc_strm_cpy(&strm->rx.buf, strm_frm); |
| /* Inform the application of the arrival of this new stream */ |
| if (!strm->rx.offset && !qc->qcc->app_ops->attach_ruqs(strm, qc->qcc->ctx)) { |
| TRACE_PROTO("Could not set an uni-stream", QUIC_EV_CONN_PSTRM, qc->conn); |
| return 0; |
| } |
| |
| if (ret) |
| ruqs_notify_recv(strm); |
| |
| strm_frm->offset += ret; |
| } |
| /* Take this frame into an account for the stream flow control */ |
| strm->rx.offset += strm_frm_len; |
| /* It all the data were provided to the application, there is no need to |
| * store any more inforamtion for it. |
| */ |
| if (!strm_frm->len) |
| goto out; |
| |
| store_frm: |
| frm = new_quic_rx_strm_frm(strm_frm, pkt); |
| if (!frm) { |
| TRACE_PROTO("Could not alloc RX STREAM frame", |
| QUIC_EV_CONN_PSTRM, qc->conn); |
| return 0; |
| } |
| |
| eb64_insert(&strm->frms, &frm->offset_node); |
| quic_rx_packet_refinc(pkt); |
| |
| out: |
| return 1; |
| } |
| |
| static inline int qc_handle_strm_frm(struct quic_rx_packet *pkt, |
| struct quic_stream *strm_frm, |
| struct quic_conn *qc) |
| { |
| if (strm_frm->id & QCS_ID_DIR_BIT) |
| return qc_handle_uni_strm_frm(pkt, strm_frm, qc); |
| else |
| return qc_handle_bidi_strm_frm(pkt, strm_frm, qc); |
| } |
| |
| /* Parse all the frames of <pkt> QUIC packet for QUIC connection with <ctx> |
| * as I/O handler context and <qel> as encryption level. |
| * Returns 1 if succeeded, 0 if failed. |
| */ |
| static int qc_parse_pkt_frms(struct quic_rx_packet *pkt, struct ssl_sock_ctx *ctx, |
| struct quic_enc_level *qel) |
| { |
| struct quic_frame frm; |
| const unsigned char *pos, *end; |
| struct quic_conn *conn = ctx->conn->qc; |
| |
| TRACE_ENTER(QUIC_EV_CONN_PRSHPKT, ctx->conn); |
| /* Skip the AAD */ |
| pos = pkt->data + pkt->aad_len; |
| end = pkt->data + pkt->len; |
| |
| while (pos < end) { |
| if (!qc_parse_frm(&frm, pkt, &pos, end, conn)) |
| goto err; |
| |
| switch (frm.type) { |
| case QUIC_FT_PADDING: |
| if (pos != end) { |
| TRACE_DEVEL("wrong frame", QUIC_EV_CONN_PRSHPKT, ctx->conn, pkt); |
| goto err; |
| } |
| break; |
| case QUIC_FT_PING: |
| break; |
| case QUIC_FT_ACK: |
| { |
| unsigned int rtt_sample; |
| |
| rtt_sample = 0; |
| if (!qc_parse_ack_frm(&frm, ctx, qel, &rtt_sample, &pos, end)) |
| goto err; |
| |
| if (rtt_sample) { |
| unsigned int ack_delay; |
| |
| ack_delay = !quic_application_pktns(qel->pktns, conn) ? 0 : |
| MS_TO_TICKS(QUIC_MIN(quic_ack_delay_ms(&frm.ack, conn), conn->max_ack_delay)); |
| quic_loss_srtt_update(&conn->path->loss, rtt_sample, ack_delay, conn); |
| } |
| break; |
| } |
| case QUIC_FT_CRYPTO: |
| if (frm.crypto.offset != qel->rx.crypto.offset) { |
| struct quic_rx_crypto_frm *cf; |
| |
| cf = pool_alloc(pool_head_quic_rx_crypto_frm); |
| if (!cf) { |
| TRACE_DEVEL("CRYPTO frame allocation failed", |
| QUIC_EV_CONN_PRSHPKT, ctx->conn); |
| goto err; |
| } |
| |
| cf->offset_node.key = frm.crypto.offset; |
| cf->len = frm.crypto.len; |
| cf->data = frm.crypto.data; |
| cf->pkt = pkt; |
| eb64_insert(&qel->rx.crypto.frms, &cf->offset_node); |
| quic_rx_packet_refinc(pkt); |
| } |
| else { |
| /* XXX TO DO: <cf> is used only for the traces. */ |
| struct quic_rx_crypto_frm cf = { }; |
| |
| cf.offset_node.key = frm.crypto.offset; |
| cf.len = frm.crypto.len; |
| if (!qc_provide_cdata(qel, ctx, |
| frm.crypto.data, frm.crypto.len, |
| pkt, &cf)) |
| goto err; |
| } |
| break; |
| case QUIC_FT_STREAM_8: |
| case QUIC_FT_STREAM_9: |
| case QUIC_FT_STREAM_A: |
| case QUIC_FT_STREAM_B: |
| case QUIC_FT_STREAM_C: |
| case QUIC_FT_STREAM_D: |
| case QUIC_FT_STREAM_E: |
| case QUIC_FT_STREAM_F: |
| { |
| struct quic_stream *stream = &frm.stream; |
| |
| TRACE_PROTO("STREAM frame", QUIC_EV_CONN_PSTRM, ctx->conn, &frm); |
| if (objt_listener(ctx->conn->target)) { |
| if (stream->id & QUIC_STREAM_FRAME_ID_INITIATOR_BIT) |
| goto err; |
| } else if (!(stream->id & QUIC_STREAM_FRAME_ID_INITIATOR_BIT)) |
| goto err; |
| |
| if (!qc_handle_strm_frm(pkt, stream, ctx->conn->qc)) |
| goto err; |
| |
| break; |
| } |
| case QUIC_FT_NEW_CONNECTION_ID: |
| break; |
| case QUIC_FT_CONNECTION_CLOSE: |
| case QUIC_FT_CONNECTION_CLOSE_APP: |
| break; |
| case QUIC_FT_HANDSHAKE_DONE: |
| if (objt_listener(ctx->conn->target)) |
| goto err; |
| |
| conn->state = QUIC_HS_ST_CONFIRMED; |
| break; |
| default: |
| goto err; |
| } |
| } |
| |
| /* The server must switch from INITIAL to HANDSHAKE handshake state when it |
| * has successfully parse a Handshake packet. The Initial encryption must also |
| * be discarded. |
| */ |
| if (conn->state == QUIC_HS_ST_SERVER_INITIAL && |
| pkt->type == QUIC_PACKET_TYPE_HANDSHAKE) { |
| quic_tls_discard_keys(&conn->els[QUIC_TLS_ENC_LEVEL_INITIAL]); |
| quic_pktns_discard(conn->els[QUIC_TLS_ENC_LEVEL_INITIAL].pktns, conn); |
| qc_set_timer(ctx); |
| conn->state = QUIC_HS_ST_SERVER_HANDSHAKE; |
| } |
| |
| TRACE_LEAVE(QUIC_EV_CONN_PRSHPKT, ctx->conn); |
| return 1; |
| |
| err: |
| TRACE_DEVEL("leaving in error", QUIC_EV_CONN_PRSHPKT, ctx->conn); |
| return 0; |
| } |
| |
| /* Prepare as much as possible handshake packets for the QUIC connection |
| * with <ctx> as I/O handler context. |
| * Returns 1 if succeeded, or 0 if something wrong happened. |
| */ |
| static int qc_prep_hdshk_pkts(struct ssl_sock_ctx *ctx) |
| { |
| struct quic_conn *qc; |
| enum quic_tls_enc_level tel, next_tel; |
| struct quic_enc_level *qel; |
| struct q_buf *wbuf; |
| /* A boolean to flag <wbuf> as reusable, even if not empty. */ |
| int reuse_wbuf; |
| |
| TRACE_ENTER(QUIC_EV_CONN_PHPKTS, ctx->conn); |
| qc = ctx->conn->qc; |
| if (!quic_get_tls_enc_levels(&tel, &next_tel, qc->state)) { |
| TRACE_DEVEL("unknown enc. levels", |
| QUIC_EV_CONN_PHPKTS, ctx->conn); |
| goto err; |
| } |
| |
| reuse_wbuf = 0; |
| wbuf = q_wbuf(qc); |
| qel = &qc->els[tel]; |
| /* When entering this function, the writer buffer must be empty. |
| * Most of the time it points to the reader buffer. |
| */ |
| while ((q_buf_empty(wbuf) || reuse_wbuf)) { |
| ssize_t ret; |
| enum quic_pkt_type pkt_type; |
| |
| TRACE_POINT(QUIC_EV_CONN_PHPKTS, ctx->conn, qel); |
| /* Do not build any more packet f the TX secrets are not available or |
| * f there is nothing to send, i.e. if no ACK are required |
| * and if there is no more packets to send upon PTO expiration |
| * and if there is no more CRYPTO data available or in flight |
| * congestion control limit is reached for prepared data |
| */ |
| if (!(qel->tls_ctx.tx.flags & QUIC_FL_TLS_SECRETS_SET) || |
| (!(qel->pktns->flags & QUIC_FL_PKTNS_ACK_REQUIRED) && |
| !qc->tx.nb_pto_dgrams && |
| (LIST_ISEMPTY(&qel->pktns->tx.frms) || |
| qc->path->prep_in_flight >= qc->path->cwnd))) { |
| TRACE_DEVEL("nothing more to do", QUIC_EV_CONN_PHPKTS, ctx->conn); |
| /* Consume the buffer if we were supposed to reuse it. */ |
| if (reuse_wbuf) |
| wbuf = q_next_wbuf(qc); |
| break; |
| } |
| |
| pkt_type = quic_tls_level_pkt_type(tel); |
| ret = qc_build_hdshk_pkt(wbuf, qc, pkt_type, qel); |
| switch (ret) { |
| case -2: |
| goto err; |
| case -1: |
| if (!reuse_wbuf) |
| goto out; |
| |
| /* Not enough room in <wbuf>. */ |
| wbuf = q_next_wbuf(qc); |
| reuse_wbuf = 0; |
| continue; |
| case 0: |
| goto out; |
| default: |
| reuse_wbuf = 0; |
| /* Discard the Initial encryption keys as soon as |
| * a handshake packet could be built. |
| */ |
| if (qc->state == QUIC_HS_ST_CLIENT_INITIAL && |
| pkt_type == QUIC_PACKET_TYPE_HANDSHAKE) { |
| quic_tls_discard_keys(&qc->els[QUIC_TLS_ENC_LEVEL_INITIAL]); |
| quic_pktns_discard(qc->els[QUIC_TLS_ENC_LEVEL_INITIAL].pktns, qc); |
| qc_set_timer(ctx); |
| qc->state = QUIC_HS_ST_CLIENT_HANDSHAKE; |
| } |
| /* Special case for Initial packets: when they have all |
| * been sent, select the next level. |
| */ |
| if ((LIST_ISEMPTY(&qel->pktns->tx.frms) || qc->els[next_tel].pktns->tx.in_flight) && |
| tel == QUIC_TLS_ENC_LEVEL_INITIAL) { |
| tel = next_tel; |
| qel = &qc->els[tel]; |
| if (LIST_ISEMPTY(&qel->pktns->tx.frms)) { |
| /* If there is no more data for the next level, let's |
| * consume a buffer. This is the case for a client |
| * which sends only one Initial packet, then wait |
| * for additional CRYPTO data from the server to enter the |
| * next level. |
| */ |
| wbuf = q_next_wbuf(qc); |
| } |
| else { |
| /* Let's try to reuse this buffer. */ |
| reuse_wbuf = 1; |
| } |
| } |
| else { |
| wbuf = q_next_wbuf(qc); |
| } |
| } |
| } |
| |
| out: |
| TRACE_LEAVE(QUIC_EV_CONN_PHPKTS, ctx->conn); |
| return 1; |
| |
| err: |
| TRACE_DEVEL("leaving in error", QUIC_EV_CONN_PHPKTS, ctx->conn); |
| return 0; |
| } |
| |
| /* Send the QUIC packets which have been prepared for QUIC connections |
| * with <ctx> as I/O handler context. |
| */ |
| int qc_send_ppkts(struct ssl_sock_ctx *ctx) |
| { |
| struct quic_conn *qc; |
| struct buffer tmpbuf = { }; |
| struct q_buf *rbuf; |
| |
| qc = ctx->conn->qc; |
| for (rbuf = q_rbuf(qc); !q_buf_empty(rbuf) ; rbuf = q_next_rbuf(qc)) { |
| struct quic_tx_packet *p, *q; |
| unsigned int time_sent; |
| |
| tmpbuf.area = (char *)rbuf->area; |
| tmpbuf.size = tmpbuf.data = rbuf->data; |
| TRACE_PROTO("to send", QUIC_EV_CONN_SPPKTS, ctx->conn); |
| if (ctx->xprt->snd_buf(qc->conn, qc->conn->xprt_ctx, |
| &tmpbuf, tmpbuf.data, 0) <= 0) |
| break; |
| |
| qc->tx.bytes += tmpbuf.data; |
| time_sent = now_ms; |
| /* Reset this buffer to make it available for the next packet to prepare. */ |
| q_buf_reset(rbuf); |
| /* Remove from <rbuf> the packets which have just been sent. */ |
| list_for_each_entry_safe(p, q, &rbuf->pkts, list) { |
| p->time_sent = time_sent; |
| if (p->flags & QUIC_FL_TX_PACKET_ACK_ELICITING) { |
| p->pktns->tx.time_of_last_eliciting = time_sent; |
| qc->path->ifae_pkts++; |
| } |
| qc->path->in_flight += p->in_flight_len; |
| p->pktns->tx.in_flight += p->in_flight_len; |
| if (p->in_flight_len) |
| qc_set_timer(ctx); |
| TRACE_PROTO("sent pkt", QUIC_EV_CONN_SPPKTS, ctx->conn, p); |
| LIST_DELETE(&p->list); |
| } |
| } |
| |
| return 1; |
| } |
| |
| /* Build all the frames which must be sent just after the handshake have succeeded. |
| * This is essentially NEW_CONNECTION_ID frames. A QUIC server must also send |
| * a HANDSHAKE_DONE frame. |
| * Return 1 if succeeded, 0 if not. |
| */ |
| static int quic_build_post_handshake_frames(struct quic_conn *conn) |
| { |
| int i; |
| struct quic_frame *frm; |
| |
| /* Only servers must send a HANDSHAKE_DONE frame. */ |
| if (!objt_server(conn->conn->target)) { |
| frm = pool_alloc(pool_head_quic_frame); |
| if (!frm) |
| return 0; |
| |
| frm->type = QUIC_FT_HANDSHAKE_DONE; |
| LIST_APPEND(&conn->tx.frms_to_send, &frm->list); |
| } |
| |
| for (i = 1; i < conn->tx.params.active_connection_id_limit; i++) { |
| struct quic_connection_id *cid; |
| |
| frm = pool_alloc(pool_head_quic_frame); |
| cid = new_quic_cid(&conn->cids, i); |
| if (!frm || !cid) |
| goto err; |
| |
| quic_connection_id_to_frm_cpy(frm, cid); |
| LIST_APPEND(&conn->tx.frms_to_send, &frm->list); |
| } |
| |
| return 1; |
| |
| err: |
| free_quic_conn_cids(conn); |
| return 0; |
| } |
| |
| /* Deallocate <l> list of ACK ranges. */ |
| void free_quic_arngs(struct quic_arngs *arngs) |
| { |
| struct eb64_node *n; |
| struct quic_arng_node *ar; |
| |
| n = eb64_first(&arngs->root); |
| while (n) { |
| struct eb64_node *next; |
| |
| ar = eb64_entry(&n->node, struct quic_arng_node, first); |
| next = eb64_next(n); |
| eb64_delete(n); |
| free(ar); |
| n = next; |
| } |
| } |
| |
| /* Return the gap value between <p> and <q> ACK ranges where <q> follows <p> in |
| * descending order. |
| */ |
| static inline size_t sack_gap(struct quic_arng_node *p, |
| struct quic_arng_node *q) |
| { |
| return p->first.key - q->last - 2; |
| } |
| |
| |
| /* Remove the last elements of <ack_ranges> list of ack range updating its |
| * encoded size until it goes below <limit>. |
| * Returns 1 if succeeded, 0 if not (no more element to remove). |
| */ |
| static int quic_rm_last_ack_ranges(struct quic_arngs *arngs, size_t limit) |
| { |
| struct eb64_node *last, *prev; |
| |
| last = eb64_last(&arngs->root); |
| while (last && arngs->enc_sz > limit) { |
| struct quic_arng_node *last_node, *prev_node; |
| |
| prev = eb64_prev(last); |
| if (!prev) |
| return 0; |
| |
| last_node = eb64_entry(&last->node, struct quic_arng_node, first); |
| prev_node = eb64_entry(&prev->node, struct quic_arng_node, first); |
| arngs->enc_sz -= quic_int_getsize(last_node->last - last_node->first.key); |
| arngs->enc_sz -= quic_int_getsize(sack_gap(prev_node, last_node)); |
| arngs->enc_sz -= quic_decint_size_diff(arngs->sz); |
| --arngs->sz; |
| eb64_delete(last); |
| pool_free(pool_head_quic_arng, last); |
| last = prev; |
| } |
| |
| return 1; |
| } |
| |
| /* Set the encoded size of <arngs> QUIC ack ranges. */ |
| static void quic_arngs_set_enc_sz(struct quic_arngs *arngs) |
| { |
| struct eb64_node *node, *next; |
| struct quic_arng_node *ar, *ar_next; |
| |
| node = eb64_last(&arngs->root); |
| if (!node) |
| return; |
| |
| ar = eb64_entry(&node->node, struct quic_arng_node, first); |
| arngs->enc_sz = quic_int_getsize(ar->last) + |
| quic_int_getsize(ar->last - ar->first.key) + quic_int_getsize(arngs->sz - 1); |
| |
| while ((next = eb64_prev(node))) { |
| ar_next = eb64_entry(&next->node, struct quic_arng_node, first); |
| arngs->enc_sz += quic_int_getsize(sack_gap(ar, ar_next)) + |
| quic_int_getsize(ar_next->last - ar_next->first.key); |
| node = next; |
| ar = eb64_entry(&node->node, struct quic_arng_node, first); |
| } |
| } |
| |
| /* Insert <ar> ack range into <argns> tree of ack ranges. |
| * Returns the ack range node which has been inserted if succeeded, NULL if not. |
| */ |
| static inline |
| struct quic_arng_node *quic_insert_new_range(struct quic_arngs *arngs, |
| struct quic_arng *ar) |
| { |
| struct quic_arng_node *new_ar; |
| |
| new_ar = pool_alloc(pool_head_quic_arng); |
| if (new_ar) { |
| new_ar->first.key = ar->first; |
| new_ar->last = ar->last; |
| eb64_insert(&arngs->root, &new_ar->first); |
| arngs->sz++; |
| } |
| |
| return new_ar; |
| } |
| |
| /* Update <arngs> tree of ACK ranges with <ar> as new ACK range value. |
| * Note that this function computes the number of bytes required to encode |
| * this tree of ACK ranges in descending order. |
| * |
| * Descending order |
| * -------------> |
| * range1 range2 |
| * ..........|--------|..............|--------| |
| * ^ ^ ^ ^ |
| * | | | | |
| * last1 first1 last2 first2 |
| * ..........+--------+--------------+--------+...... |
| * diff1 gap12 diff2 |
| * |
| * To encode the previous list of ranges we must encode integers as follows in |
| * descending order: |
| * enc(last2),enc(diff2),enc(gap12),enc(diff1) |
| * with diff1 = last1 - first1 |
| * diff2 = last2 - first2 |
| * gap12 = first1 - last2 - 2 (>= 0) |
| * |
| */ |
| int quic_update_ack_ranges_list(struct quic_arngs *arngs, |
| struct quic_arng *ar) |
| { |
| struct eb64_node *le; |
| struct quic_arng_node *new_node; |
| struct eb64_node *new; |
| |
| new = NULL; |
| if (eb_is_empty(&arngs->root)) { |
| new_node = quic_insert_new_range(arngs, ar); |
| if (!new_node) |
| return 0; |
| |
| goto out; |
| } |
| |
| le = eb64_lookup_le(&arngs->root, ar->first); |
| if (!le) { |
| new_node = quic_insert_new_range(arngs, ar); |
| if (!new_node) |
| return 0; |
| } |
| else { |
| struct quic_arng_node *le_ar = |
| eb64_entry(&le->node, struct quic_arng_node, first); |
| |
| /* Already existing range */ |
| if (le_ar->last >= ar->last) |
| return 1; |
| |
| if (le_ar->last + 1 >= ar->first) { |
| le_ar->last = ar->last; |
| new = le; |
| new_node = le_ar; |
| } |
| else { |
| new_node = quic_insert_new_range(arngs, ar); |
| if (!new_node) |
| return 0; |
| |
| new = &new_node->first; |
| } |
| } |
| |
| /* Verify that the new inserted node does not overlap the nodes |
| * which follow it. |
| */ |
| if (new) { |
| struct eb64_node *next; |
| struct quic_arng_node *next_node; |
| |
| while ((next = eb64_next(new))) { |
| next_node = |
| eb64_entry(&next->node, struct quic_arng_node, first); |
| if (new_node->last + 1 < next_node->first.key) |
| break; |
| |
| if (next_node->last > new_node->last) |
| new_node->last = next_node->last; |
| eb64_delete(next); |
| pool_free(pool_head_quic_arng, next_node); |
| /* Decrement the size of these ranges. */ |
| arngs->sz--; |
| } |
| } |
| |
| quic_arngs_set_enc_sz(arngs); |
| |
| out: |
| return 1; |
| } |
| /* Remove the header protection of packets at <el> encryption level. |
| * Always succeeds. |
| */ |
| static inline void qc_rm_hp_pkts(struct quic_enc_level *el, struct ssl_sock_ctx *ctx) |
| { |
| struct quic_tls_ctx *tls_ctx; |
| struct quic_rx_packet *pqpkt; |
| struct mt_list *pkttmp1, pkttmp2; |
| struct quic_enc_level *app_qel; |
| |
| TRACE_ENTER(QUIC_EV_CONN_ELRMHP, ctx->conn); |
| app_qel = &ctx->conn->qc->els[QUIC_TLS_ENC_LEVEL_APP]; |
| /* A server must not process incoming 1-RTT packets before the handshake is complete. */ |
| if (el == app_qel && objt_listener(ctx->conn->target) && |
| ctx->conn->qc->state < QUIC_HS_ST_COMPLETE) { |
| TRACE_PROTO("hp not removed (handshake not completed)", |
| QUIC_EV_CONN_ELRMHP, ctx->conn); |
| goto out; |
| } |
| tls_ctx = &el->tls_ctx; |
| mt_list_for_each_entry_safe(pqpkt, &el->rx.pqpkts, list, pkttmp1, pkttmp2) { |
| if (!qc_do_rm_hp(pqpkt, tls_ctx, el->pktns->rx.largest_pn, |
| pqpkt->data + pqpkt->pn_offset, |
| pqpkt->data, pqpkt->data + pqpkt->len, ctx)) { |
| TRACE_PROTO("hp removing error", QUIC_EV_CONN_ELRMHP, ctx->conn); |
| /* XXX TO DO XXX */ |
| } |
| else { |
| /* The AAD includes the packet number field */ |
| pqpkt->aad_len = pqpkt->pn_offset + pqpkt->pnl; |
| /* Store the packet into the tree of packets to decrypt. */ |
| pqpkt->pn_node.key = pqpkt->pn; |
| HA_RWLOCK_WRLOCK(QUIC_LOCK, &el->rx.rwlock); |
| quic_rx_packet_eb64_insert(&el->rx.pkts, &pqpkt->pn_node); |
| HA_RWLOCK_WRUNLOCK(QUIC_LOCK, &el->rx.rwlock); |
| TRACE_PROTO("hp removed", QUIC_EV_CONN_ELRMHP, ctx->conn, pqpkt); |
| } |
| MT_LIST_DELETE_SAFE(pkttmp1); |
| quic_rx_packet_refdec(pqpkt); |
| } |
| |
| out: |
| TRACE_LEAVE(QUIC_EV_CONN_ELRMHP, ctx->conn); |
| } |
| |
| /* Process all the CRYPTO frame at <el> encryption level. |
| * Return 1 if succeeded, 0 if not. |
| */ |
| static inline int qc_treat_rx_crypto_frms(struct quic_enc_level *el, |
| struct ssl_sock_ctx *ctx) |
| { |
| struct eb64_node *node; |
| |
| TRACE_ENTER(QUIC_EV_CONN_RXCDATA, ctx->conn); |
| node = eb64_first(&el->rx.crypto.frms); |
| while (node) { |
| struct quic_rx_crypto_frm *cf; |
| |
| cf = eb64_entry(&node->node, struct quic_rx_crypto_frm, offset_node); |
| if (cf->offset_node.key != el->rx.crypto.offset) |
| break; |
| |
| if (!qc_provide_cdata(el, ctx, cf->data, cf->len, cf->pkt, cf)) |
| goto err; |
| |
| node = eb64_next(node); |
| quic_rx_packet_refdec(cf->pkt); |
| eb64_delete(&cf->offset_node); |
| pool_free(pool_head_quic_rx_crypto_frm, cf); |
| } |
| |
| TRACE_LEAVE(QUIC_EV_CONN_RXCDATA, ctx->conn); |
| return 1; |
| |
| err: |
| TRACE_DEVEL("leaving in error", QUIC_EV_CONN_RXCDATA, ctx->conn); |
| return 0; |
| } |
| |
| /* Process all the packets at <el> encryption level. |
| * Return 1 if succeeded, 0 if not. |
| */ |
| int qc_treat_rx_pkts(struct quic_enc_level *el, struct ssl_sock_ctx *ctx) |
| { |
| struct quic_tls_ctx *tls_ctx; |
| struct eb64_node *node; |
| |
| TRACE_ENTER(QUIC_EV_CONN_ELRXPKTS, ctx->conn); |
| tls_ctx = &el->tls_ctx; |
| HA_RWLOCK_WRLOCK(QUIC_LOCK, &el->rx.rwlock); |
| node = eb64_first(&el->rx.pkts); |
| while (node) { |
| struct quic_rx_packet *pkt; |
| |
| pkt = eb64_entry(&node->node, struct quic_rx_packet, pn_node); |
| if (!qc_pkt_decrypt(pkt, tls_ctx)) { |
| /* Drop the packet */ |
| TRACE_PROTO("packet decryption failed -> dropped", |
| QUIC_EV_CONN_ELRXPKTS, ctx->conn, pkt); |
| } |
| else { |
| if (!qc_parse_pkt_frms(pkt, ctx, el)) { |
| /* Drop the packet */ |
| TRACE_PROTO("packet parsing failed -> dropped", |
| QUIC_EV_CONN_ELRXPKTS, ctx->conn, pkt); |
| } |
| else { |
| struct quic_arng ar = { .first = pkt->pn, .last = pkt->pn }; |
| |
| if (pkt->flags & QUIC_FL_RX_PACKET_ACK_ELICITING) { |
| el->pktns->rx.nb_ack_eliciting++; |
| if (!(el->pktns->rx.nb_ack_eliciting & 1)) |
| el->pktns->flags |= QUIC_FL_PKTNS_ACK_REQUIRED; |
| } |
| |
| /* Update the largest packet number. */ |
| if (pkt->pn > el->pktns->rx.largest_pn) |
| el->pktns->rx.largest_pn = pkt->pn; |
| |
| /* Update the list of ranges to acknowledge. */ |
| if (!quic_update_ack_ranges_list(&el->pktns->rx.arngs, &ar)) |
| TRACE_DEVEL("Could not update ack range list", |
| QUIC_EV_CONN_ELRXPKTS, ctx->conn); |
| } |
| } |
| node = eb64_next(node); |
| quic_rx_packet_eb64_delete(&pkt->pn_node); |
| } |
| HA_RWLOCK_WRUNLOCK(QUIC_LOCK, &el->rx.rwlock); |
| |
| if (!qc_treat_rx_crypto_frms(el, ctx)) |
| goto err; |
| |
| TRACE_LEAVE(QUIC_EV_CONN_ELRXPKTS, ctx->conn); |
| return 1; |
| |
| err: |
| TRACE_DEVEL("leaving in error", QUIC_EV_CONN_ELRXPKTS, ctx->conn); |
| return 0; |
| } |
| |
| /* Called during handshakes to parse and build Initial and Handshake packets for QUIC |
| * connections with <ctx> as I/O handler context. |
| * Returns 1 if succeeded, 0 if not. |
| */ |
| int qc_do_hdshk(struct ssl_sock_ctx *ctx) |
| { |
| int ssl_err; |
| struct quic_conn *qc; |
| enum quic_tls_enc_level tel, next_tel; |
| struct quic_enc_level *qel, *next_qel; |
| struct quic_tls_ctx *tls_ctx; |
| |
| qc = ctx->conn->qc; |
| TRACE_ENTER(QUIC_EV_CONN_HDSHK, ctx->conn, &qc->state); |
| ssl_err = SSL_ERROR_NONE; |
| if (!quic_get_tls_enc_levels(&tel, &next_tel, qc->state)) |
| goto err; |
| |
| qel = &qc->els[tel]; |
| next_qel = &qc->els[next_tel]; |
| |
| next_level: |
| tls_ctx = &qel->tls_ctx; |
| |
| /* If the header protection key for this level has been derived, |
| * remove the packet header protections. |
| */ |
| if (!MT_LIST_ISEMPTY(&qel->rx.pqpkts) && |
| (tls_ctx->rx.flags & QUIC_FL_TLS_SECRETS_SET)) |
| qc_rm_hp_pkts(qel, ctx); |
| |
| if (!eb_is_empty(&qel->rx.pkts) && |
| !qc_treat_rx_pkts(qel, ctx)) |
| goto err; |
| |
| if (!qc_prep_hdshk_pkts(ctx)) |
| goto err; |
| |
| if (!qc_send_ppkts(ctx)) |
| goto err; |
| |
| /* Check if there is something to do for the next level. |
| */ |
| if ((next_qel->tls_ctx.rx.flags & QUIC_FL_TLS_SECRETS_SET) && |
| (!MT_LIST_ISEMPTY(&next_qel->rx.pqpkts) || !eb_is_empty(&next_qel->rx.pkts))) { |
| qel = next_qel; |
| goto next_level; |
| } |
| |
| /* If the handshake has not been completed -> out! */ |
| if (qc->state < QUIC_HS_ST_COMPLETE) |
| goto out; |
| |
| /* Discard the Handshake keys. */ |
| quic_tls_discard_keys(&qc->els[QUIC_TLS_ENC_LEVEL_HANDSHAKE]); |
| quic_pktns_discard(qc->els[QUIC_TLS_ENC_LEVEL_HANDSHAKE].pktns, qc); |
| qc_set_timer(ctx); |
| if (!quic_build_post_handshake_frames(qc) || |
| !qc_prep_phdshk_pkts(qc) || |
| !qc_send_ppkts(ctx)) |
| goto err; |
| |
| out: |
| TRACE_LEAVE(QUIC_EV_CONN_HDSHK, ctx->conn, &qc->state); |
| return 1; |
| |
| err: |
| TRACE_DEVEL("leaving in error", QUIC_EV_CONN_HDSHK, ctx->conn, &qc->state, &ssl_err); |
| return 0; |
| } |
| |
| /* Uninitialize <qel> QUIC encryption level. Never fails. */ |
| static void quic_conn_enc_level_uninit(struct quic_enc_level *qel) |
| { |
| int i; |
| |
| for (i = 0; i < qel->tx.crypto.nb_buf; i++) { |
| if (qel->tx.crypto.bufs[i]) { |
| pool_free(pool_head_quic_crypto_buf, qel->tx.crypto.bufs[i]); |
| qel->tx.crypto.bufs[i] = NULL; |
| } |
| } |
| ha_free(&qel->tx.crypto.bufs); |
| } |
| |
| /* Initialize QUIC TLS encryption level with <level<> as level for <qc> QUIC |
| * connection allocating everything needed. |
| * Returns 1 if succeeded, 0 if not. |
| */ |
| static int quic_conn_enc_level_init(struct quic_conn *qc, |
| enum quic_tls_enc_level level) |
| { |
| struct quic_enc_level *qel; |
| |
| qel = &qc->els[level]; |
| qel->level = quic_to_ssl_enc_level(level); |
| qel->tls_ctx.rx.aead = qel->tls_ctx.tx.aead = NULL; |
| qel->tls_ctx.rx.md = qel->tls_ctx.tx.md = NULL; |
| qel->tls_ctx.rx.hp = qel->tls_ctx.tx.hp = NULL; |
| qel->tls_ctx.rx.flags = 0; |
| qel->tls_ctx.tx.flags = 0; |
| |
| qel->rx.pkts = EB_ROOT; |
| HA_RWLOCK_INIT(&qel->rx.rwlock); |
| MT_LIST_INIT(&qel->rx.pqpkts); |
| |
| /* Allocate only one buffer. */ |
| qel->tx.crypto.bufs = malloc(sizeof *qel->tx.crypto.bufs); |
| if (!qel->tx.crypto.bufs) |
| goto err; |
| |
| qel->tx.crypto.bufs[0] = pool_alloc(pool_head_quic_crypto_buf); |
| if (!qel->tx.crypto.bufs[0]) |
| goto err; |
| |
| qel->tx.crypto.bufs[0]->sz = 0; |
| qel->tx.crypto.nb_buf = 1; |
| |
| qel->tx.crypto.sz = 0; |
| qel->tx.crypto.offset = 0; |
| |
| return 1; |
| |
| err: |
| ha_free(&qel->tx.crypto.bufs); |
| return 0; |
| } |
| |
| /* Release the memory allocated for <buf> array of buffers, with <nb> as size. |
| * Never fails. |
| */ |
| static inline void free_quic_conn_tx_bufs(struct q_buf **bufs, size_t nb) |
| { |
| struct q_buf **p; |
| |
| if (!bufs) |
| return; |
| |
| p = bufs; |
| while (--nb) { |
| if (!*p) { |
| p++; |
| continue; |
| } |
| ha_free(&(*p)->area); |
| ha_free(p); |
| p++; |
| } |
| free(bufs); |
| } |
| |
| /* Allocate an array or <nb> buffers of <sz> bytes each. |
| * Return this array if succeeded, NULL if failed. |
| */ |
| static inline struct q_buf **quic_conn_tx_bufs_alloc(size_t nb, size_t sz) |
| { |
| int i; |
| struct q_buf **bufs, **p; |
| |
| bufs = calloc(nb, sizeof *bufs); |
| if (!bufs) |
| return NULL; |
| |
| i = 0; |
| p = bufs; |
| while (i++ < nb) { |
| *p = calloc(1, sizeof **p); |
| if (!*p) |
| goto err; |
| |
| (*p)->area = malloc(sz); |
| if (!(*p)->area) |
| goto err; |
| |
| (*p)->pos = (*p)->area; |
| (*p)->end = (*p)->area + sz; |
| (*p)->data = 0; |
| LIST_INIT(&(*p)->pkts); |
| p++; |
| } |
| |
| return bufs; |
| |
| err: |
| free_quic_conn_tx_bufs(bufs, nb); |
| return NULL; |
| } |
| |
| /* Release all the memory allocated for <conn> QUIC connection. */ |
| static void quic_conn_free(struct quic_conn *conn) |
| { |
| int i; |
| |
| if (!conn) |
| return; |
| |
| free_quic_conn_cids(conn); |
| for (i = 0; i < QUIC_TLS_ENC_LEVEL_MAX; i++) |
| quic_conn_enc_level_uninit(&conn->els[i]); |
| free_quic_conn_tx_bufs(conn->tx.bufs, conn->tx.nb_buf); |
| if (conn->timer_task) |
| task_destroy(conn->timer_task); |
| pool_free(pool_head_quic_conn, conn); |
| } |
| |
| /* Callback called upon loss detection and PTO timer expirations. */ |
| static struct task *process_timer(struct task *task, void *ctx, unsigned int state) |
| { |
| struct ssl_sock_ctx *conn_ctx; |
| struct quic_conn *qc; |
| struct quic_pktns *pktns; |
| |
| |
| conn_ctx = task->context; |
| qc = conn_ctx->conn->qc; |
| TRACE_ENTER(QUIC_EV_CONN_PTIMER, conn_ctx->conn, |
| NULL, NULL, &qc->path->ifae_pkts); |
| task->expire = TICK_ETERNITY; |
| pktns = quic_loss_pktns(qc); |
| if (tick_isset(pktns->tx.loss_time)) { |
| struct list lost_pkts = LIST_HEAD_INIT(lost_pkts); |
| |
| qc_packet_loss_lookup(pktns, qc, &lost_pkts); |
| if (!LIST_ISEMPTY(&lost_pkts)) |
| qc_release_lost_pkts(pktns, ctx, &lost_pkts, now_ms); |
| qc_set_timer(conn_ctx); |
| goto out; |
| } |
| |
| if (qc->path->in_flight) { |
| pktns = quic_pto_pktns(qc, qc->state >= QUIC_HS_ST_COMPLETE, NULL); |
| pktns->tx.pto_probe = 1; |
| } |
| else if (objt_server(qc->conn->target) && qc->state <= QUIC_HS_ST_COMPLETE) { |
| struct quic_enc_level *iel = &qc->els[QUIC_TLS_ENC_LEVEL_INITIAL]; |
| struct quic_enc_level *hel = &qc->els[QUIC_TLS_ENC_LEVEL_HANDSHAKE]; |
| |
| if (hel->tls_ctx.rx.flags == QUIC_FL_TLS_SECRETS_SET) |
| hel->pktns->tx.pto_probe = 1; |
| if (iel->tls_ctx.rx.flags == QUIC_FL_TLS_SECRETS_SET) |
| iel->pktns->tx.pto_probe = 1; |
| } |
| qc->tx.nb_pto_dgrams = QUIC_MAX_NB_PTO_DGRAMS; |
| tasklet_wakeup(conn_ctx->wait_event.tasklet); |
| qc->path->loss.pto_count++; |
| |
| out: |
| TRACE_LEAVE(QUIC_EV_CONN_PTIMER, conn_ctx->conn, pktns); |
| |
| return task; |
| } |
| |
| /* Initialize <conn> QUIC connection with <quic_initial_clients> as root of QUIC |
| * connections used to identify the first Initial packets of client connecting |
| * to listeners. This parameter must be NULL for QUIC connections attached |
| * to listeners. <dcid> is the destination connection ID with <dcid_len> as length. |
| * <scid> is the source connection ID with <scid_len> as length. |
| * Returns 1 if succeeded, 0 if not. |
| */ |
| static struct quic_conn *qc_new_conn(unsigned int version, int ipv4, |
| unsigned char *dcid, size_t dcid_len, |
| unsigned char *scid, size_t scid_len, int server) |
| { |
| int i; |
| struct quic_conn *qc; |
| /* Initial CID. */ |
| struct quic_connection_id *icid; |
| |
| TRACE_ENTER(QUIC_EV_CONN_INIT); |
| qc = pool_zalloc(pool_head_quic_conn); |
| if (!qc) { |
| TRACE_PROTO("Could not allocate a new connection", QUIC_EV_CONN_INIT); |
| goto err; |
| } |
| |
| qc->cids = EB_ROOT; |
| /* QUIC Server (or listener). */ |
| if (server) { |
| qc->state = QUIC_HS_ST_SERVER_INITIAL; |
| /* Copy the initial DCID. */ |
| qc->odcid.len = dcid_len; |
| if (qc->odcid.len) |
| memcpy(qc->odcid.data, dcid, dcid_len); |
| |
| /* Copy the SCID as our DCID for this connection. */ |
| if (scid_len) |
| memcpy(qc->dcid.data, scid, scid_len); |
| qc->dcid.len = scid_len; |
| } |
| /* QUIC Client (outgoing connection to servers) */ |
| else { |
| qc->state = QUIC_HS_ST_CLIENT_INITIAL; |
| if (dcid_len) |
| memcpy(qc->dcid.data, dcid, dcid_len); |
| qc->dcid.len = dcid_len; |
| } |
| |
| /* Initialize the output buffer */ |
| qc->obuf.pos = qc->obuf.data; |
| |
| icid = new_quic_cid(&qc->cids, 0); |
| if (!icid) { |
| TRACE_PROTO("Could not allocate a new connection ID", QUIC_EV_CONN_INIT); |
| goto err; |
| } |
| |
| /* Select our SCID which is the first CID with 0 as sequence number. */ |
| qc->scid = icid->cid; |
| |
| /* Packet number spaces initialization. */ |
| for (i = 0; i < QUIC_TLS_PKTNS_MAX; i++) |
| quic_pktns_init(&qc->pktns[i]); |
| /* QUIC encryption level context initialization. */ |
| for (i = 0; i < QUIC_TLS_ENC_LEVEL_MAX; i++) { |
| if (!quic_conn_enc_level_init(qc, i)) { |
| TRACE_PROTO("Could not initialize an encryption level", QUIC_EV_CONN_INIT); |
| goto err; |
| } |
| /* Initialize the packet number space. */ |
| qc->els[i].pktns = &qc->pktns[quic_tls_pktns(i)]; |
| } |
| |
| /* TX part. */ |
| LIST_INIT(&qc->tx.frms_to_send); |
| qc->tx.bufs = quic_conn_tx_bufs_alloc(QUIC_CONN_TX_BUFS_NB, QUIC_CONN_TX_BUF_SZ); |
| if (!qc->tx.bufs) { |
| TRACE_PROTO("Could not allocate TX bufs", QUIC_EV_CONN_INIT); |
| goto err; |
| } |
| |
| qc->version = version; |
| qc->tx.nb_buf = QUIC_CONN_TX_BUFS_NB; |
| qc->tx.wbuf = qc->tx.rbuf = 0; |
| qc->tx.bytes = 0; |
| qc->tx.nb_pto_dgrams = 0; |
| /* RX part. */ |
| qc->rx.bytes = 0; |
| |
| /* XXX TO DO: Only one path at this time. */ |
| qc->path = &qc->paths[0]; |
| quic_path_init(qc->path, ipv4, default_quic_cc_algo, qc); |
| |
| TRACE_LEAVE(QUIC_EV_CONN_INIT); |
| |
| return qc; |
| |
| err: |
| TRACE_DEVEL("leaving in error", QUIC_EV_CONN_INIT); |
| quic_conn_free(qc); |
| return NULL; |
| } |
| |
| /* Initialize the timer task of <qc> QUIC connection. |
| * Returns 1 if succeeded, 0 if not. |
| */ |
| static int quic_conn_init_timer(struct quic_conn *qc) |
| { |
| qc->timer_task = task_new(MAX_THREADS_MASK); |
| if (!qc->timer_task) |
| return 0; |
| |
| qc->timer = TICK_ETERNITY; |
| qc->timer_task->process = process_timer; |
| qc->timer_task->context = qc->conn->xprt_ctx; |
| |
| return 1; |
| } |
| |
| /* Parse into <pkt> a long header located at <*buf> buffer, <end> begin a pointer to the end |
| * past one byte of this buffer. |
| */ |
| static inline int quic_packet_read_long_header(unsigned char **buf, const unsigned char *end, |
| struct quic_rx_packet *pkt) |
| { |
| unsigned char dcid_len, scid_len; |
| |
| /* Version */ |
| if (!quic_read_uint32(&pkt->version, (const unsigned char **)buf, end)) |
| return 0; |
| |
| if (!pkt->version) { /* XXX TO DO XXX Version negotiation packet */ }; |
| |
| /* Destination Connection ID Length */ |
| dcid_len = *(*buf)++; |
| /* We want to be sure we can read <dcid_len> bytes and one more for <scid_len> value */ |
| if (dcid_len > QUIC_CID_MAXLEN || end - *buf < dcid_len + 1) |
| /* XXX MUST BE DROPPED */ |
| return 0; |
| |
| if (dcid_len) { |
| /* Check that the length of this received DCID matches the CID lengths |
| * of our implementation for non Initials packets only. |
| */ |
| if (pkt->type != QUIC_PACKET_TYPE_INITIAL && dcid_len != QUIC_CID_LEN) |
| return 0; |
| |
| memcpy(pkt->dcid.data, *buf, dcid_len); |
| } |
| |
| pkt->dcid.len = dcid_len; |
| *buf += dcid_len; |
| |
| /* Source Connection ID Length */ |
| scid_len = *(*buf)++; |
| if (scid_len > QUIC_CID_MAXLEN || end - *buf < scid_len) |
| /* XXX MUST BE DROPPED */ |
| return 0; |
| |
| if (scid_len) |
| memcpy(pkt->scid.data, *buf, scid_len); |
| pkt->scid.len = scid_len; |
| *buf += scid_len; |
| |
| return 1; |
| } |
| |
| /* If the header protection of <pkt> packet attached to <qc> connection with <ctx> |
| * as context may be removed, return 1, 0 if not. Also set <*qel> to the associated |
| * encryption level matching with the packet type. <*qel> may be null if not found. |
| * Note that <ctx> may be null (for Initial packets). |
| */ |
| static int qc_pkt_may_rm_hp(struct quic_rx_packet *pkt, |
| struct quic_conn *qc, struct ssl_sock_ctx *ctx, |
| struct quic_enc_level **qel) |
| { |
| enum quic_tls_enc_level tel; |
| |
| /* Special case without connection context (firt Initial packets) */ |
| if (!ctx) { |
| *qel = &qc->els[QUIC_TLS_ENC_LEVEL_INITIAL]; |
| return 1; |
| } |
| |
| tel = quic_packet_type_enc_level(pkt->type); |
| if (tel == QUIC_TLS_ENC_LEVEL_NONE) { |
| *qel = NULL; |
| return 0; |
| } |
| |
| *qel = &qc->els[tel]; |
| if ((*qel)->tls_ctx.rx.flags & QUIC_FL_TLS_SECRETS_DCD) { |
| TRACE_DEVEL("Discarded keys", QUIC_EV_CONN_TRMHP, ctx->conn); |
| return 0; |
| } |
| |
| if (((*qel)->tls_ctx.rx.flags & QUIC_FL_TLS_SECRETS_SET) && |
| (tel != QUIC_TLS_ENC_LEVEL_APP || ctx->conn->qc->state >= QUIC_HS_ST_COMPLETE)) |
| return 1; |
| |
| return 0; |
| } |
| |
| /* Try to remove the header protecttion of <pkt> QUIC packet attached to <conn> |
| * QUIC connection with <buf> as packet number field address, <end> a pointer to one |
| * byte past the end of the buffer containing this packet and <beg> the address of |
| * the packet first byte. |
| * If succeeded, this function updates <*buf> to point to the next packet in the buffer. |
| * Returns 1 if succeeded, 0 if not. |
| */ |
| static inline int qc_try_rm_hp(struct quic_rx_packet *pkt, |
| unsigned char **buf, unsigned char *beg, |
| const unsigned char *end, |
| struct quic_conn *qc, struct ssl_sock_ctx *ctx) |
| { |
| unsigned char *pn = NULL; /* Packet number field */ |
| struct quic_enc_level *qel; |
| /* Only for traces. */ |
| struct quic_rx_packet *qpkt_trace; |
| |
| qpkt_trace = NULL; |
| TRACE_ENTER(QUIC_EV_CONN_TRMHP, ctx ? ctx->conn : NULL); |
| /* The packet number is here. This is also the start minus |
| * QUIC_PACKET_PN_MAXLEN of the sample used to add/remove the header |
| * protection. |
| */ |
| pn = *buf; |
| if (qc_pkt_may_rm_hp(pkt, qc, ctx, &qel)) { |
| /* Note that the following function enables us to unprotect the packet |
| * number and its length subsequently used to decrypt the entire |
| * packets. |
| */ |
| if (!qc_do_rm_hp(pkt, &qel->tls_ctx, |
| qel->pktns->rx.largest_pn, pn, beg, end, ctx)) { |
| TRACE_PROTO("hp error", QUIC_EV_CONN_TRMHP, ctx ? ctx->conn : NULL); |
| goto err; |
| } |
| |
| /* The AAD includes the packet number field found at <pn>. */ |
| pkt->aad_len = pn - beg + pkt->pnl; |
| qpkt_trace = pkt; |
| /* Store the packet */ |
| pkt->pn_node.key = pkt->pn; |
| HA_RWLOCK_WRLOCK(QUIC_LOCK, &qel->rx.rwlock); |
| quic_rx_packet_eb64_insert(&qel->rx.pkts, &pkt->pn_node); |
| HA_RWLOCK_WRUNLOCK(QUIC_LOCK, &qel->rx.rwlock); |
| } |
| else if (qel) { |
| TRACE_PROTO("hp not removed", QUIC_EV_CONN_TRMHP, ctx ? ctx->conn : NULL, pkt); |
| pkt->pn_offset = pn - beg; |
| quic_rx_packet_list_addq(&qel->rx.pqpkts, pkt); |
| } |
| |
| memcpy(pkt->data, beg, pkt->len); |
| /* Updtate the offset of <*buf> for the next QUIC packet. */ |
| *buf = beg + pkt->len; |
| |
| TRACE_LEAVE(QUIC_EV_CONN_TRMHP, ctx ? ctx->conn : NULL, qpkt_trace); |
| return 1; |
| |
| err: |
| TRACE_DEVEL("leaving in error", QUIC_EV_CONN_TRMHP, ctx ? ctx->conn : NULL, qpkt_trace); |
| return 0; |
| } |
| |
| /* Parse the header form from <byte0> first byte of <pkt> pacekt to set type. |
| * Also set <*long_header> to 1 if this form is long, 0 if not. |
| */ |
| static inline void qc_parse_hd_form(struct quic_rx_packet *pkt, |
| unsigned char byte0, int *long_header) |
| { |
| if (byte0 & QUIC_PACKET_LONG_HEADER_BIT) { |
| pkt->type = |
| (byte0 >> QUIC_PACKET_TYPE_SHIFT) & QUIC_PACKET_TYPE_BITMASK; |
| *long_header = 1; |
| } |
| else { |
| pkt->type = QUIC_PACKET_TYPE_SHORT; |
| *long_header = 0; |
| } |
| } |
| |
| static ssize_t qc_srv_pkt_rcv(unsigned char **buf, const unsigned char *end, |
| struct quic_rx_packet *pkt, |
| struct quic_dgram_ctx *dgram_ctx, |
| struct sockaddr_storage *saddr) |
| { |
| unsigned char *beg; |
| uint64_t len; |
| struct quic_conn *qc; |
| struct eb_root *cids; |
| struct ebmb_node *node; |
| struct connection *srv_conn; |
| struct ssl_sock_ctx *conn_ctx; |
| int long_header; |
| |
| qc = NULL; |
| TRACE_ENTER(QUIC_EV_CONN_SPKT); |
| if (end <= *buf) |
| goto err; |
| |
| /* Fixed bit */ |
| if (!(**buf & QUIC_PACKET_FIXED_BIT)) |
| /* XXX TO BE DISCARDED */ |
| goto err; |
| |
| srv_conn = dgram_ctx->owner; |
| beg = *buf; |
| /* Header form */ |
| qc_parse_hd_form(pkt, *(*buf)++, &long_header); |
| if (long_header) { |
| size_t cid_lookup_len; |
| |
| if (!quic_packet_read_long_header(buf, end, pkt)) |
| goto err; |
| |
| /* For Initial packets, and for servers (QUIC clients connections), |
| * there is no Initial connection IDs storage. |
| */ |
| if (pkt->type == QUIC_PACKET_TYPE_INITIAL) { |
| cids = &((struct server *)__objt_server(srv_conn->target))->cids; |
| cid_lookup_len = pkt->dcid.len; |
| } |
| else { |
| cids = &((struct server *)__objt_server(srv_conn->target))->cids; |
| cid_lookup_len = QUIC_CID_LEN; |
| } |
| |
| node = ebmb_lookup(cids, pkt->dcid.data, cid_lookup_len); |
| if (!node) |
| goto err; |
| |
| qc = ebmb_entry(node, struct quic_conn, scid_node); |
| |
| if (pkt->type == QUIC_PACKET_TYPE_INITIAL) { |
| qc->dcid.len = pkt->scid.len; |
| if (pkt->scid.len) |
| memcpy(qc->dcid.data, pkt->scid.data, pkt->scid.len); |
| } |
| |
| if (pkt->type == QUIC_PACKET_TYPE_INITIAL) { |
| uint64_t token_len; |
| |
| if (!quic_dec_int(&token_len, (const unsigned char **)buf, end) || end - *buf < token_len) |
| goto err; |
| |
| /* XXX TO DO XXX 0 value means "the token is not present". |
| * A server which sends an Initial packet must not set the token. |
| * So, a client which receives an Initial packet with a token |
| * MUST discard the packet or generate a connection error with |
| * PROTOCOL_VIOLATION as type. |
| * The token must be provided in a Retry packet or NEW_TOKEN frame. |
| */ |
| pkt->token_len = token_len; |
| } |
| } |
| else { |
| /* XXX TO DO: Short header XXX */ |
| if (end - *buf < QUIC_CID_LEN) |
| goto err; |
| |
| cids = &((struct server *)__objt_server(srv_conn->target))->cids; |
| node = ebmb_lookup(cids, *buf, QUIC_CID_LEN); |
| if (!node) |
| goto err; |
| |
| qc = ebmb_entry(node, struct quic_conn, scid_node); |
| *buf += QUIC_CID_LEN; |
| } |
| /* Store the DCID used for this packet to check the packet which |
| * come in this UDP datagram match with it. |
| */ |
| if (!dgram_ctx->dcid_node) |
| dgram_ctx->dcid_node = node; |
| /* Only packets packets with long headers and not RETRY or VERSION as type |
| * have a length field. |
| */ |
| if (long_header && pkt->type != QUIC_PACKET_TYPE_RETRY && pkt->version) { |
| if (!quic_dec_int(&len, (const unsigned char **)buf, end) || end - *buf < len) |
| goto err; |
| |
| pkt->len = len; |
| } |
| else if (!long_header) { |
| /* A short packet is the last one of an UDP datagram. */ |
| pkt->len = end - *buf; |
| } |
| |
| conn_ctx = qc->conn->xprt_ctx; |
| |
| /* Increase the total length of this packet by the header length. */ |
| pkt->len += *buf - beg; |
| /* Do not check the DCID node before the length. */ |
| if (dgram_ctx->dcid_node != node) { |
| TRACE_PROTO("Packet dropped", QUIC_EV_CONN_SPKT, qc->conn); |
| goto err; |
| } |
| |
| if (pkt->len > sizeof pkt->data) { |
| TRACE_PROTO("Too big packet", QUIC_EV_CONN_SPKT, qc->conn, pkt, &pkt->len); |
| goto err; |
| } |
| |
| if (!qc_try_rm_hp(pkt, buf, beg, end, qc, conn_ctx)) |
| goto err; |
| |
| /* Wake the tasklet of the QUIC connection packet handler. */ |
| if (conn_ctx) |
| tasklet_wakeup(conn_ctx->wait_event.tasklet); |
| |
| TRACE_LEAVE(QUIC_EV_CONN_SPKT, qc->conn); |
| |
| return pkt->len; |
| |
| err: |
| TRACE_DEVEL("Leaing in error", QUIC_EV_CONN_SPKT, qc ? qc->conn : NULL); |
| return -1; |
| } |
| |
| static ssize_t qc_lstnr_pkt_rcv(unsigned char **buf, const unsigned char *end, |
| struct quic_rx_packet *pkt, |
| struct quic_dgram_ctx *dgram_ctx, |
| struct sockaddr_storage *saddr) |
| { |
| unsigned char *beg; |
| uint64_t len; |
| struct quic_conn *qc; |
| struct eb_root *cids; |
| struct ebmb_node *node; |
| struct listener *l; |
| struct ssl_sock_ctx *conn_ctx; |
| int long_header = 0; |
| /* boolean to denote if a connection exists for this packet. |
| * This does not mean there is an xprt context for it. |
| */ |
| int found_conn = 0; |
| |
| qc = NULL; |
| conn_ctx = NULL; |
| TRACE_ENTER(QUIC_EV_CONN_LPKT, NULL, pkt); |
| if (end <= *buf) |
| goto err; |
| |
| /* Fixed bit */ |
| if (!(**buf & QUIC_PACKET_FIXED_BIT)) { |
| /* XXX TO BE DISCARDED */ |
| TRACE_PROTO("Packet dropped", QUIC_EV_CONN_LPKT); |
| goto err; |
| } |
| |
| l = dgram_ctx->owner; |
| beg = *buf; |
| /* Header form */ |
| qc_parse_hd_form(pkt, *(*buf)++, &long_header); |
| if (long_header) { |
| unsigned char dcid_len; |
| |
| if (!quic_packet_read_long_header(buf, end, pkt)) { |
| TRACE_PROTO("Packet dropped", QUIC_EV_CONN_LPKT); |
| goto err; |
| } |
| |
| dcid_len = pkt->dcid.len; |
| /* For Initial packets, and for servers (QUIC clients connections), |
| * there is no Initial connection IDs storage. |
| */ |
| if (pkt->type == QUIC_PACKET_TYPE_INITIAL) { |
| /* DCIDs of first packets coming from clients may have the same values. |
| * Let's distinguish them concatenating the socket addresses to the DCIDs. |
| */ |
| quic_cid_saddr_cat(&pkt->dcid, saddr); |
| cids = &l->rx.odcids; |
| } |
| else { |
| if (pkt->dcid.len != QUIC_CID_LEN) { |
| TRACE_PROTO("Packet dropped", QUIC_EV_CONN_LPKT); |
| goto err; |
| } |
| |
| cids = &l->rx.cids; |
| } |
| |
| node = ebmb_lookup(cids, pkt->dcid.data, pkt->dcid.len); |
| if (!node && pkt->type == QUIC_PACKET_TYPE_INITIAL && dcid_len == QUIC_CID_LEN && |
| cids == &l->rx.odcids) { |
| /* Switch to the definitive tree ->cids containing the final CIDs. */ |
| node = ebmb_lookup(&l->rx.cids, pkt->dcid.data, dcid_len); |
| if (node) { |
| /* If found, signal this with NULL as special value for <cids>. */ |
| pkt->dcid.len = dcid_len; |
| cids = NULL; |
| } |
| } |
| |
| if (!node) { |
| int ipv4; |
| struct quic_cid *odcid; |
| |
| if (pkt->type != QUIC_PACKET_TYPE_INITIAL) { |
| TRACE_PROTO("Non Initiial packet", QUIC_EV_CONN_LPKT); |
| goto err; |
| } |
| |
| pkt->saddr = *saddr; |
| /* Note that here, odcid_len equals to pkt->dcid.len minus the length |
| * of <saddr>. |
| */ |
| pkt->odcid_len = dcid_len; |
| ipv4 = saddr->ss_family == AF_INET; |
| qc = qc_new_conn(pkt->version, ipv4, pkt->dcid.data, pkt->dcid.len, |
| pkt->scid.data, pkt->scid.len, 1); |
| if (qc == NULL) |
| goto err; |
| |
| /* Insert the DCID the QUIC client has chosen (only for listeners) */ |
| ebmb_insert(&l->rx.odcids, &qc->odcid_node, qc->odcid.len); |
| /* Insert our SCID, the connection ID for the QUIC client. */ |
| ebmb_insert(&l->rx.cids, &qc->scid_node, qc->scid.len); |
| |
| odcid = &qc->rx.params.original_destination_connection_id; |
| /* Copy the transport parameters. */ |
| qc->rx.params = l->bind_conf->quic_params; |
| /* Copy original_destination_connection_id transport parameter. */ |
| memcpy(odcid->data, &pkt->dcid, pkt->odcid_len); |
| odcid->len = pkt->odcid_len; |
| /* Copy the initial source connection ID. */ |
| quic_cid_cpy(&qc->rx.params.initial_source_connection_id, &qc->scid); |
| qc->enc_params_len = |
| quic_transport_params_encode(qc->enc_params, |
| qc->enc_params + sizeof qc->enc_params, |
| &qc->rx.params, 1); |
| if (!qc->enc_params_len) |
| goto err; |
| |
| /* NOTE: the socket address has been concatenated to the destination ID |
| * chosen by the client for Initial packets. |
| */ |
| if (!qc_new_isecs(qc, pkt->dcid.data, pkt->odcid_len, 1)) { |
| TRACE_PROTO("Packet dropped", QUIC_EV_CONN_LPKT, qc->conn); |
| goto err; |
| } |
| |
| pkt->qc = qc; |
| /* This is the DCID node sent in this packet by the client. */ |
| node = &qc->odcid_node; |
| } |
| else { |
| if (pkt->type == QUIC_PACKET_TYPE_INITIAL && cids == &l->rx.odcids) |
| qc = ebmb_entry(node, struct quic_conn, odcid_node); |
| else |
| qc = ebmb_entry(node, struct quic_conn, scid_node); |
| conn_ctx = qc->conn->xprt_ctx; |
| found_conn = 1; |
| } |
| |
| if (pkt->type == QUIC_PACKET_TYPE_INITIAL) { |
| uint64_t token_len; |
| |
| if (!quic_dec_int(&token_len, (const unsigned char **)buf, end) || |
| end - *buf < token_len) { |
| TRACE_PROTO("Packet dropped", QUIC_EV_CONN_LPKT, qc->conn); |
| goto err; |
| } |
| |
| /* XXX TO DO XXX 0 value means "the token is not present". |
| * A server which sends an Initial packet must not set the token. |
| * So, a client which receives an Initial packet with a token |
| * MUST discard the packet or generate a connection error with |
| * PROTOCOL_VIOLATION as type. |
| * The token must be provided in a Retry packet or NEW_TOKEN frame. |
| */ |
| pkt->token_len = token_len; |
| } |
| } |
| else { |
| if (end - *buf < QUIC_CID_LEN) { |
| TRACE_PROTO("Packet dropped", QUIC_EV_CONN_LPKT); |
| goto err; |
| } |
| |
| cids = &l->rx.cids; |
| node = ebmb_lookup(cids, *buf, QUIC_CID_LEN); |
| if (!node) { |
| TRACE_PROTO("Packet dropped", QUIC_EV_CONN_LPKT); |
| goto err; |
| } |
| |
| found_conn = 1; |
| qc = ebmb_entry(node, struct quic_conn, scid_node); |
| conn_ctx = qc->conn->xprt_ctx; |
| *buf += QUIC_CID_LEN; |
| } |
| |
| /* Store the DCID used for this packet to check the packet which |
| * come in this UDP datagram match with it. |
| */ |
| if (!dgram_ctx->dcid_node) { |
| dgram_ctx->dcid_node = node; |
| dgram_ctx->qc = qc; |
| } |
| |
| /* Only packets packets with long headers and not RETRY or VERSION as type |
| * have a length field. |
| */ |
| if (long_header && pkt->type != QUIC_PACKET_TYPE_RETRY && pkt->version) { |
| if (!quic_dec_int(&len, (const unsigned char **)buf, end) || |
| end - *buf < len) { |
| TRACE_PROTO("Packet dropped", QUIC_EV_CONN_LPKT, qc->conn); |
| goto err; |
| } |
| |
| pkt->len = len; |
| } |
| else if (!long_header) { |
| /* A short packet is the last one of an UDP datagram. */ |
| pkt->len = end - *buf; |
| } |
| |
| /* Increase the total length of this packet by the header length. */ |
| pkt->len += *buf - beg; |
| /* Do not check the DCID node before the length. */ |
| if (dgram_ctx->dcid_node != node) { |
| TRACE_PROTO("Packet dropped", QUIC_EV_CONN_LPKT, qc->conn); |
| goto err; |
| } |
| |
| if (pkt->len > sizeof pkt->data) { |
| TRACE_PROTO("Too big packet", QUIC_EV_CONN_LPKT, qc->conn, pkt, &pkt->len); |
| goto err; |
| } |
| |
| if (!qc_try_rm_hp(pkt, buf, beg, end, qc, conn_ctx)) { |
| TRACE_PROTO("Packet dropped", QUIC_EV_CONN_LPKT, qc->conn); |
| goto err; |
| } |
| |
| |
| TRACE_PROTO("New packet", QUIC_EV_CONN_LPKT, qc->conn, pkt); |
| if (conn_ctx) { |
| /* Wake the tasklet of the QUIC connection packet handler. */ |
| tasklet_wakeup(conn_ctx->wait_event.tasklet); |
| } |
| else if (!found_conn) { |
| /* Enqueue this packet. */ |
| MT_LIST_APPEND(&l->rx.pkts, &pkt->rx_list); |
| /* Try to accept a new connection. */ |
| listener_accept(l); |
| } |
| |
| TRACE_LEAVE(QUIC_EV_CONN_LPKT, qc->conn, pkt); |
| |
| return pkt->len; |
| |
| err: |
| TRACE_DEVEL("Leaving in error", QUIC_EV_CONN_LPKT, |
| qc ? qc->conn : NULL, pkt); |
| return -1; |
| } |
| |
| /* This function builds into <buf> buffer a QUIC long packet header whose size may be computed |
| * in advance. This is the reponsability of the caller to check there is enough room in this |
| * buffer to build a long header. |
| * Returns 0 if <type> QUIC packet type is not supported by long header, or 1 if succeeded. |
| */ |
| static int quic_build_packet_long_header(unsigned char **buf, const unsigned char *end, |
| int type, size_t pn_len, struct quic_conn *conn) |
| { |
| if (type > QUIC_PACKET_TYPE_RETRY) |
| return 0; |
| |
| /* #0 byte flags */ |
| *(*buf)++ = QUIC_PACKET_FIXED_BIT | QUIC_PACKET_LONG_HEADER_BIT | |
| (type << QUIC_PACKET_TYPE_SHIFT) | (pn_len - 1); |
| /* Version */ |
| quic_write_uint32(buf, end, conn->version); |
| *(*buf)++ = conn->dcid.len; |
| /* Destination connection ID */ |
| if (conn->dcid.len) { |
| memcpy(*buf, conn->dcid.data, conn->dcid.len); |
| *buf += conn->dcid.len; |
| } |
| /* Source connection ID */ |
| *(*buf)++ = conn->scid.len; |
| if (conn->scid.len) { |
| memcpy(*buf, conn->scid.data, conn->scid.len); |
| *buf += conn->scid.len; |
| } |
| |
| return 1; |
| } |
| |
| /* This function builds into <buf> buffer a QUIC long packet header whose size may be computed |
| * in advance. This is the reponsability of the caller to check there is enough room in this |
| * buffer to build a long header. |
| * Returns 0 if <type> QUIC packet type is not supported by long header, or 1 if succeeded. |
| */ |
| static int quic_build_packet_short_header(unsigned char **buf, const unsigned char *end, |
| size_t pn_len, struct quic_conn *conn) |
| { |
| /* #0 byte flags */ |
| *(*buf)++ = QUIC_PACKET_FIXED_BIT | (pn_len - 1); |
| /* Destination connection ID */ |
| if (conn->dcid.len) { |
| memcpy(*buf, conn->dcid.data, conn->dcid.len); |
| *buf += conn->dcid.len; |
| } |
| |
| return 1; |
| } |
| |
| /* Apply QUIC header protection to the packet with <buf> as first byte address, |
| * <pn> as address of the Packet number field, <pnlen> being this field length |
| * with <aead> as AEAD cipher and <key> as secret key. |
| * Returns 1 if succeeded or 0 if failed. |
| */ |
| static int quic_apply_header_protection(unsigned char *buf, unsigned char *pn, size_t pnlen, |
| const EVP_CIPHER *aead, const unsigned char *key) |
| { |
| int i, ret, outlen; |
| EVP_CIPHER_CTX *ctx; |
| /* We need an IV of at least 5 bytes: one byte for bytes #0 |
| * and at most 4 bytes for the packet number |
| */ |
| unsigned char mask[5] = {0}; |
| |
| ret = 0; |
| ctx = EVP_CIPHER_CTX_new(); |
| if (!ctx) |
| return 0; |
| |
| if (!EVP_EncryptInit_ex(ctx, aead, NULL, key, pn + QUIC_PACKET_PN_MAXLEN) || |
| !EVP_EncryptUpdate(ctx, mask, &outlen, mask, sizeof mask) || |
| !EVP_EncryptFinal_ex(ctx, mask, &outlen)) |
| goto out; |
| |
| *buf ^= mask[0] & (*buf & QUIC_PACKET_LONG_HEADER_BIT ? 0xf : 0x1f); |
| for (i = 0; i < pnlen; i++) |
| pn[i] ^= mask[i + 1]; |
| |
| ret = 1; |
| |
| out: |
| EVP_CIPHER_CTX_free(ctx); |
| |
| return ret; |
| } |
| |
| /* Reduce the encoded size of <ack_frm> ACK frame removing the last |
| * ACK ranges if needed to a value below <limit> in bytes. |
| * Return 1 if succeeded, 0 if not. |
| */ |
| static int quic_ack_frm_reduce_sz(struct quic_frame *ack_frm, size_t limit) |
| { |
| size_t room, ack_delay_sz; |
| |
| ack_delay_sz = quic_int_getsize(ack_frm->tx_ack.ack_delay); |
| /* A frame is made of 1 byte for the frame type. */ |
| room = limit - ack_delay_sz - 1; |
| if (!quic_rm_last_ack_ranges(ack_frm->tx_ack.arngs, room)) |
| return 0; |
| |
| return 1 + ack_delay_sz + ack_frm->tx_ack.arngs->enc_sz; |
| } |
| |
| /* Prepare as most as possible CRYPTO frames from prebuilt CRYPTO frames for <qel> |
| * encryption level to be encoded in a buffer with <room> as available room, |
| * and <*len> the packet Length field initialized with the number of bytes already present |
| * in this buffer which must be taken into an account for the Length packet field value. |
| * <headlen> is the number of bytes already present in this packet before building |
| * CRYPTO frames. |
| * This is the responsibility of the caller to check that <*len> < <room> as this is |
| * the responsibility to check that <headlen> < quic_path_prep_data(conn->path). |
| * Update consequently <*len> to reflect the size of these CRYPTO frames built |
| * by this function. Also attach these CRYPTO frames to <pkt> QUIC packet. |
| * Return 1 if succeeded, 0 if not. |
| */ |
| static inline int qc_build_cfrms(struct quic_tx_packet *pkt, |
| size_t room, size_t *len, size_t headlen, |
| struct quic_enc_level *qel, |
| struct quic_conn *conn) |
| { |
| int ret; |
| struct quic_tx_frm *cf, *cfbak; |
| |
| ret = 0; |
| /* If we are not probing we must take into an account the congestion |
| * control window. |
| */ |
| if (!conn->tx.nb_pto_dgrams) |
| room = QUIC_MIN(room, quic_path_prep_data(conn->path) - headlen); |
| TRACE_PROTO("************** CRYPTO frames build (headlen)", |
| QUIC_EV_CONN_BCFRMS, conn->conn, &headlen); |
| list_for_each_entry_safe(cf, cfbak, &qel->pktns->tx.frms, list) { |
| /* header length, data length, frame length. */ |
| size_t hlen, dlen, cflen; |
| |
| TRACE_PROTO(" New CRYPTO frame build (room, len)", |
| QUIC_EV_CONN_BCFRMS, conn->conn, &room, len); |
| if (!room) |
| break; |
| |
| /* Compute the length of this CRYPTO frame header */ |
| hlen = 1 + quic_int_getsize(cf->crypto.offset); |
| /* Compute the data length of this CRyPTO frame. */ |
| dlen = max_stream_data_size(room, *len + hlen, cf->crypto.len); |
| TRACE_PROTO(" CRYPTO data length (hlen, crypto.len, dlen)", |
| QUIC_EV_CONN_BCFRMS, conn->conn, &hlen, &cf->crypto.len, &dlen); |
| if (!dlen) |
| break; |
| |
| pkt->cdata_len += dlen; |
| /* CRYPTO frame length. */ |
| cflen = hlen + quic_int_getsize(dlen) + dlen; |
| TRACE_PROTO(" CRYPTO frame length (cflen)", |
| QUIC_EV_CONN_BCFRMS, conn->conn, &cflen); |
| /* Add the CRYPTO data length and its encoded length to the packet |
| * length and the length of this length. |
| */ |
| *len += cflen; |
| room -= cflen; |
| if (dlen == cf->crypto.len) { |
| /* <cf> CRYPTO data have been consumed. */ |
| LIST_DELETE(&cf->list); |
| LIST_APPEND(&pkt->frms, &cf->list); |
| } |
| else { |
| struct quic_tx_frm *new_cf; |
| |
| new_cf = pool_alloc(pool_head_quic_tx_frm); |
| if (!new_cf) { |
| TRACE_PROTO("No memory for new crypto frame", QUIC_EV_CONN_BCFRMS, conn->conn); |
| return 0; |
| } |
| |
| new_cf->type = QUIC_FT_CRYPTO; |
| new_cf->crypto.len = dlen; |
| new_cf->crypto.offset = cf->crypto.offset; |
| LIST_APPEND(&pkt->frms, &new_cf->list); |
| /* Consume <dlen> bytes of the current frame. */ |
| cf->crypto.len -= dlen; |
| cf->crypto.offset += dlen; |
| } |
| ret = 1; |
| } |
| |
| return ret; |
| } |
| |
| /* This function builds a clear handshake packet used during a QUIC TLS handshakes |
| * into <wbuf> the current <wbuf> for <conn> QUIC connection with <qel> as QUIC |
| * TLS encryption level for outgoing packets filling it with as much as CRYPTO |
| * data as possible from <offset> offset in the CRYPTO data stream. Note that |
| * this offset value is updated by the length of the CRYPTO frame used to embed |
| * the CRYPTO data if this packet and only if the packet is successfully built. |
| * The trailing QUIC_TLS_TAG_LEN bytes of this packet are not built. But they are |
| * reserved so that to be sure there is enough room to build this AEAD TAG after |
| * having successfully returned from this function and to be sure the position |
| * pointer of <wbuf> may be safely incremented by QUIC_TLS_TAG_LEN. After having |
| * returned from this function, <wbuf> position will point one past the last |
| * byte of the payload with the confidence there is at least QUIC_TLS_TAG_LEN bytes |
| * available packet to encrypt this packet. |
| * This function also update the value of <buf_pn> pointer to point to the packet |
| * number field in this packet. <pn_len> will also have the packet number |
| * length as value. |
| * |
| * Return the length of the packet if succeeded minus QUIC_TLS_TAG_LEN, or -1 if |
| * failed (not enough room in <wbuf> to build this packet plus QUIC_TLS_TAG_LEN |
| * bytes), -2 if there are too much CRYPTO data in flight to build a packet. |
| */ |
| static ssize_t qc_do_build_hdshk_pkt(struct q_buf *wbuf, |
| struct quic_tx_packet *pkt, int pkt_type, |
| int64_t pn, size_t *pn_len, |
| unsigned char **buf_pn, |
| struct quic_enc_level *qel, |
| struct quic_conn *conn) |
| { |
| unsigned char *beg, *pos; |
| const unsigned char *end; |
| size_t len, len_frms, token_fields_len, padding_len; |
| struct quic_frame frm = { .type = QUIC_FT_CRYPTO, }; |
| struct quic_frame ack_frm = { .type = QUIC_FT_ACK, }; |
| struct quic_crypto *crypto = &frm.crypto; |
| size_t ack_frm_len; |
| int64_t largest_acked_pn; |
| int add_ping_frm; |
| |
| /* Length field value with CRYPTO frames if present. */ |
| len_frms = 0; |
| beg = pos = q_buf_getpos(wbuf); |
| end = q_buf_end(wbuf); |
| /* When not probing and not acking, reduce the size of this buffer to respect |
| * the congestion controller window. |
| */ |
| if (!conn->tx.nb_pto_dgrams && !(qel->pktns->flags & QUIC_FL_PKTNS_ACK_REQUIRED)) { |
| size_t path_room; |
| |
| path_room = quic_path_prep_data(conn->path); |
| if (end - beg > path_room) |
| end = beg + path_room; |
| } |
| |
| /* For a server, the token field of an Initial packet is empty. */ |
| token_fields_len = pkt_type == QUIC_PACKET_TYPE_INITIAL ? 1 : 0; |
| |
| /* Check there is enough room to build the header followed by a token. */ |
| if (end - pos < QUIC_LONG_PACKET_MINLEN + conn->dcid.len + |
| conn->scid.len + token_fields_len + QUIC_TLS_TAG_LEN) { |
| ssize_t room = end - pos; |
| TRACE_PROTO("Not enough room", QUIC_EV_CONN_HPKT, |
| conn->conn, NULL, NULL, &room); |
| goto err; |
| } |
| |
| /* Reserve enough room at the end of the packet for the AEAD TAG. */ |
| end -= QUIC_TLS_TAG_LEN; |
| largest_acked_pn = qel->pktns->tx.largest_acked_pn; |
| /* packet number length */ |
| *pn_len = quic_packet_number_length(pn, largest_acked_pn); |
| |
| quic_build_packet_long_header(&pos, end, pkt_type, *pn_len, conn); |
| |
| /* Encode the token length (0) for an Initial packet. */ |
| if (pkt_type == QUIC_PACKET_TYPE_INITIAL) |
| *pos++ = 0; |
| |
| /* Build an ACK frame if required. */ |
| ack_frm_len = 0; |
| if ((qel->pktns->flags & QUIC_FL_PKTNS_ACK_REQUIRED) && |
| !eb_is_empty(&qel->pktns->rx.arngs.root)) { |
| ack_frm.tx_ack.ack_delay = 0; |
| ack_frm.tx_ack.arngs = &qel->pktns->rx.arngs; |
| ack_frm_len = quic_ack_frm_reduce_sz(&ack_frm, end - pos); |
| if (!ack_frm_len) { |
| ssize_t room = end - pos; |
| TRACE_PROTO("Not enough room", QUIC_EV_CONN_HPKT, |
| conn->conn, NULL, NULL, &room); |
| goto err; |
| } |
| |
| qel->pktns->flags &= ~QUIC_FL_PKTNS_ACK_REQUIRED; |
| } |
| |
| /* Length field value without the CRYPTO frames data length. */ |
| len = ack_frm_len + *pn_len; |
| if (!LIST_ISEMPTY(&qel->pktns->tx.frms)) { |
| ssize_t room = end - pos; |
| |
| len_frms = len + QUIC_TLS_TAG_LEN; |
| if (!qc_build_cfrms(pkt, end - pos, &len_frms, pos - beg, qel, conn)) { |
| TRACE_PROTO("Not enough room", QUIC_EV_CONN_HPKT, |
| conn->conn, NULL, NULL, &room); |
| goto err; |
| } |
| } |
| |
| add_ping_frm = 0; |
| padding_len = 0; |
| if (objt_server(conn->conn->target) && |
| pkt_type == QUIC_PACKET_TYPE_INITIAL && |
| len < QUIC_INITIAL_PACKET_MINLEN) { |
| len += padding_len = QUIC_INITIAL_PACKET_MINLEN - len; |
| } |
| else if (LIST_ISEMPTY(&pkt->frms)) { |
| if (qel->pktns->tx.pto_probe) { |
| /* If we cannot send a CRYPTO frame, we send a PING frame. */ |
| add_ping_frm = 1; |
| len += 1; |
| } |
| /* If there is no frame at all to follow, add at least a PADDING frame. */ |
| if (!ack_frm_len) |
| len += padding_len = QUIC_PACKET_PN_MAXLEN - *pn_len; |
| } |
| |
| /* Length (of the remaining data). Must not fail because, the buffer size |
| * has been checked above. Note that we have reserved QUIC_TLS_TAG_LEN bytes |
| * for the encryption TAG. It must be taken into an account for the length |
| * of this packet. |
| */ |
| if (len_frms) |
| len = len_frms; |
| else |
| len += QUIC_TLS_TAG_LEN; |
| quic_enc_int(&pos, end, len); |
| |
| /* Packet number field address. */ |
| *buf_pn = pos; |
| |
| /* Packet number encoding. */ |
| quic_packet_number_encode(&pos, end, pn, *pn_len); |
| |
| if (ack_frm_len && !qc_build_frm(&pos, end, &ack_frm, pkt, conn)) { |
| ssize_t room = end - pos; |
| TRACE_PROTO("Not enough room", QUIC_EV_CONN_HPKT, |
| conn->conn, NULL, NULL, &room); |
| goto err; |
| } |
| |
| /* Crypto frame */ |
| if (!LIST_ISEMPTY(&pkt->frms)) { |
| struct quic_tx_frm *cf; |
| |
| list_for_each_entry(cf, &pkt->frms, list) { |
| crypto->offset = cf->crypto.offset; |
| crypto->len = cf->crypto.len; |
| crypto->qel = qel; |
| if (!qc_build_frm(&pos, end, &frm, pkt, conn)) { |
| ssize_t room = end - pos; |
| TRACE_PROTO("Not enough room", QUIC_EV_CONN_HPKT, |
| conn->conn, NULL, NULL, &room); |
| goto err; |
| } |
| } |
| } |
| |
| /* Build a PING frame if needed. */ |
| if (add_ping_frm) { |
| frm.type = QUIC_FT_PING; |
| if (!qc_build_frm(&pos, end, &frm, pkt, conn)) { |
| ssize_t room = end - pos; |
| TRACE_PROTO("Not enough room", QUIC_EV_CONN_HPKT, |
| conn->conn, NULL, NULL, &room); |
| goto err; |
| } |
| } |
| |
| /* Build a PADDING frame if needed. */ |
| if (padding_len) { |
| frm.type = QUIC_FT_PADDING; |
| frm.padding.len = padding_len; |
| if (!qc_build_frm(&pos, end, &frm, pkt, conn)) { |
| ssize_t room = end - pos; |
| TRACE_PROTO("Not enough room", QUIC_EV_CONN_HPKT, |
| conn->conn, NULL, NULL, &room); |
| goto err; |
| } |
| } |
| |
| /* Always reset this variable as this function has no idea |
| * if it was set. It is handle by the loss detection timer. |
| */ |
| qel->pktns->tx.pto_probe = 0; |
| |
| out: |
| return pos - beg; |
| |
| err: |
| return -1; |
| } |
| |
| static inline void quic_tx_packet_init(struct quic_tx_packet *pkt) |
| { |
| pkt->cdata_len = 0; |
| pkt->in_flight_len = 0; |
| LIST_INIT(&pkt->frms); |
| } |
| |
| /* Free <pkt> TX packet which has not already attached to any tree. */ |
| static inline void free_quic_tx_packet(struct quic_tx_packet *pkt) |
| { |
| struct quic_tx_frm *frm, *frmbak; |
| |
| list_for_each_entry_safe(frm, frmbak, &pkt->frms, list) { |
| LIST_DELETE(&frm->list); |
| pool_free(pool_head_quic_tx_frm, frm); |
| } |
| pool_free(pool_head_quic_tx_packet, pkt); |
| } |
| |
| /* Build a handshake packet into <buf> packet buffer with <pkt_type> as packet |
| * type for <qc> QUIC connection from CRYPTO data stream at <*offset> offset to |
| * be encrypted at <qel> encryption level. |
| * Return -2 if the packet could not be encrypted for any reason, -1 if there was |
| * not enough room in <buf> to build the packet, or the size of the built packet |
| * if succeeded (may be zero if there is too much crypto data in flight to build the packet). |
| */ |
| static ssize_t qc_build_hdshk_pkt(struct q_buf *buf, struct quic_conn *qc, int pkt_type, |
| struct quic_enc_level *qel) |
| { |
| /* The pointer to the packet number field. */ |
| unsigned char *buf_pn; |
| unsigned char *beg, *end, *payload; |
| int64_t pn; |
| size_t pn_len, payload_len, aad_len; |
| ssize_t pkt_len; |
| struct quic_tls_ctx *tls_ctx; |
| struct quic_tx_packet *pkt; |
| |
| TRACE_ENTER(QUIC_EV_CONN_HPKT, qc->conn, NULL, qel); |
| pkt = pool_alloc(pool_head_quic_tx_packet); |
| if (!pkt) { |
| TRACE_DEVEL("Not enough memory for a new packet", QUIC_EV_CONN_HPKT, qc->conn); |
| return -2; |
| } |
| |
| quic_tx_packet_init(pkt); |
| beg = q_buf_getpos(buf); |
| pn_len = 0; |
| buf_pn = NULL; |
| pn = qel->pktns->tx.next_pn + 1; |
| pkt_len = qc_do_build_hdshk_pkt(buf, pkt, pkt_type, pn, &pn_len, &buf_pn, qel, qc); |
| if (pkt_len <= 0) { |
| free_quic_tx_packet(pkt); |
| return pkt_len; |
| } |
| |
| end = beg + pkt_len; |
| payload = buf_pn + pn_len; |
| payload_len = end - payload; |
| aad_len = payload - beg; |
| |
| tls_ctx = &qel->tls_ctx; |
| if (!quic_packet_encrypt(payload, payload_len, beg, aad_len, pn, tls_ctx, qc->conn)) |
| goto err; |
| |
| end += QUIC_TLS_TAG_LEN; |
| pkt_len += QUIC_TLS_TAG_LEN; |
| if (!quic_apply_header_protection(beg, buf_pn, pn_len, |
| tls_ctx->tx.hp, tls_ctx->tx.hp_key)) { |
| TRACE_DEVEL("Could not apply the header protection", QUIC_EV_CONN_HPKT, qc->conn); |
| goto err; |
| } |
| |
| /* Now that a correct packet is built, let us set the position pointer of |
| * <buf> buffer for the next packet. |
| */ |
| q_buf_setpos(buf, end); |
| /* Consume a packet number. */ |
| ++qel->pktns->tx.next_pn; |
| /* Attach the built packet to its tree. */ |
| pkt->pn_node.key = qel->pktns->tx.next_pn; |
| /* Set the packet in fligth length for in flight packet only. */ |
| if (pkt->flags & QUIC_FL_TX_PACKET_IN_FLIGHT) { |
| pkt->in_flight_len = pkt_len; |
| qc->path->prep_in_flight += pkt_len; |
| } |
| pkt->pktns = qel->pktns; |
| eb64_insert(&qel->pktns->tx.pkts, &pkt->pn_node); |
| /* Increment the number of bytes in <buf> buffer by the length of this packet. */ |
| buf->data += pkt_len; |
| /* Attach this packet to <buf>. */ |
| LIST_APPEND(&buf->pkts, &pkt->list); |
| TRACE_LEAVE(QUIC_EV_CONN_HPKT, qc->conn, pkt); |
| |
| return pkt_len; |
| |
| err: |
| free_quic_tx_packet(pkt); |
| TRACE_DEVEL("leaving in error", QUIC_EV_CONN_HPKT, qc->conn); |
| return -2; |
| } |
| |
| /* Prepare a clear post handhskake packet for <conn> QUIC connection. |
| * Return the length of this packet if succeeded, -1 <wbuf> was full. |
| */ |
| static ssize_t qc_do_build_phdshk_apkt(struct q_buf *wbuf, |
| struct quic_tx_packet *pkt, |
| int64_t pn, size_t *pn_len, |
| unsigned char **buf_pn, struct quic_enc_level *qel, |
| struct quic_conn *conn) |
| { |
| const unsigned char *beg, *end; |
| unsigned char *pos; |
| struct quic_frame *frm, *sfrm; |
| struct quic_frame ack_frm = { .type = QUIC_FT_ACK, }; |
| size_t fake_len, ack_frm_len; |
| int64_t largest_acked_pn; |
| |
| TRACE_ENTER(QUIC_EV_CONN_PAPKT, conn->conn); |
| beg = pos = q_buf_getpos(wbuf); |
| end = q_buf_end(wbuf); |
| /* When not probing and not acking, reduce the size of this buffer to respect |
| * the congestion controller window. |
| */ |
| if (!conn->tx.nb_pto_dgrams && !(qel->pktns->flags & QUIC_FL_PKTNS_ACK_REQUIRED)) { |
| size_t path_room; |
| |
| path_room = quic_path_prep_data(conn->path); |
| if (end - beg > path_room) |
| end = beg + path_room; |
| } |
| largest_acked_pn = qel->pktns->tx.largest_acked_pn; |
| /* Packet number length */ |
| *pn_len = quic_packet_number_length(pn, largest_acked_pn); |
| /* Check there is enough room to build this packet (without payload). */ |
| if (end - pos < QUIC_SHORT_PACKET_MINLEN + sizeof_quic_cid(&conn->dcid) + |
| *pn_len + QUIC_TLS_TAG_LEN) { |
| ssize_t room = end - pos; |
| TRACE_PROTO("Not enough room", QUIC_EV_CONN_PAPKT, |
| conn->conn, NULL, NULL, &room); |
| goto err; |
| } |
| |
| /* Reserve enough room at the end of the packet for the AEAD TAG. */ |
| end -= QUIC_TLS_TAG_LEN; |
| quic_build_packet_short_header(&pos, end, *pn_len, conn); |
| /* Packet number field. */ |
| *buf_pn = pos; |
| /* Packet number encoding. */ |
| quic_packet_number_encode(&pos, end, pn, *pn_len); |
| |
| /* Build an ACK frame if required. */ |
| ack_frm_len = 0; |
| if ((qel->pktns->flags & QUIC_FL_PKTNS_ACK_REQUIRED) && |
| !eb_is_empty(&qel->pktns->rx.arngs.root)) { |
| ack_frm.tx_ack.ack_delay = 0; |
| ack_frm.tx_ack.arngs = &qel->pktns->rx.arngs; |
| ack_frm_len = quic_ack_frm_reduce_sz(&ack_frm, end - pos); |
| if (!ack_frm_len) |
| goto err; |
| |
| qel->pktns->flags &= ~QUIC_FL_PKTNS_ACK_REQUIRED; |
| } |
| |
| if (ack_frm_len && !qc_build_frm(&pos, end, &ack_frm, pkt, conn)) { |
| ssize_t room = end - pos; |
| TRACE_PROTO("Not enough room", QUIC_EV_CONN_PAPKT, |
| conn->conn, NULL, NULL, &room); |
| goto err; |
| } |
| |
| fake_len = ack_frm_len; |
| if (!LIST_ISEMPTY(&qel->pktns->tx.frms) && |
| !qc_build_cfrms(pkt, end - pos, &fake_len, pos - beg, qel, conn)) { |
| ssize_t room = end - pos; |
| TRACE_PROTO("some CRYPTO frames could not be built", |
| QUIC_EV_CONN_PAPKT, conn->conn, NULL, NULL, &room); |
| goto err; |
| } |
| |
| /* Crypto frame */ |
| if (!LIST_ISEMPTY(&pkt->frms)) { |
| struct quic_frame frm = { .type = QUIC_FT_CRYPTO, }; |
| struct quic_crypto *crypto = &frm.crypto; |
| struct quic_tx_frm *cf; |
| |
| list_for_each_entry(cf, &pkt->frms, list) { |
| crypto->offset = cf->crypto.offset; |
| crypto->len = cf->crypto.len; |
| crypto->qel = qel; |
| if (!qc_build_frm(&pos, end, &frm, pkt, conn)) { |
| ssize_t room = end - pos; |
| TRACE_PROTO("Not enough room", QUIC_EV_CONN_PAPKT, |
| conn->conn, NULL, NULL, &room); |
| goto err; |
| } |
| } |
| } |
| |
| /* Encode a maximum of frames. */ |
| list_for_each_entry_safe(frm, sfrm, &conn->tx.frms_to_send, list) { |
| unsigned char *ppos; |
| |
| ppos = pos; |
| if (!qc_build_frm(&ppos, end, frm, pkt, conn)) { |
| TRACE_DEVEL("Frames not built", QUIC_EV_CONN_PAPKT, conn->conn); |
| break; |
| } |
| |
| LIST_DELETE(&frm->list); |
| LIST_APPEND(&pkt->frms, &frm->list); |
| pos = ppos; |
| } |
| |
| out: |
| TRACE_LEAVE(QUIC_EV_CONN_PAPKT, conn->conn); |
| return pos - beg; |
| |
| err: |
| TRACE_DEVEL("leaving in error (buffer full)", QUIC_EV_CONN_PAPKT, conn->conn); |
| return -1; |
| } |
| |
| /* Prepare a post handhskake packet at Application encryption level for <conn> |
| * QUIC connection. |
| * Return the length of this packet if succeeded, -1 if <wbuf> was full, |
| * -2 in case of major error (encryption failure). |
| */ |
| static ssize_t qc_build_phdshk_apkt(struct q_buf *wbuf, struct quic_conn *qc) |
| { |
| /* A pointer to the packet number field in <buf> */ |
| unsigned char *buf_pn; |
| unsigned char *beg, *end, *payload; |
| int64_t pn; |
| size_t pn_len, aad_len, payload_len; |
| ssize_t pkt_len; |
| struct quic_tls_ctx *tls_ctx; |
| struct quic_enc_level *qel; |
| struct quic_tx_packet *pkt; |
| |
| TRACE_ENTER(QUIC_EV_CONN_PAPKT, qc->conn); |
| pkt = pool_alloc(pool_head_quic_tx_packet); |
| if (!pkt) { |
| TRACE_DEVEL("Not enough memory for a new packet", QUIC_EV_CONN_PAPKT, qc->conn); |
| return -2; |
| } |
| |
| quic_tx_packet_init(pkt); |
| beg = q_buf_getpos(wbuf); |
| qel = &qc->els[QUIC_TLS_ENC_LEVEL_APP]; |
| pn_len = 0; |
| buf_pn = NULL; |
| pn = qel->pktns->tx.next_pn + 1; |
| pkt_len = qc_do_build_phdshk_apkt(wbuf, pkt, pn, &pn_len, &buf_pn, qel, qc); |
| if (pkt_len <= 0) { |
| free_quic_tx_packet(pkt); |
| return pkt_len; |
| } |
| |
| end = beg + pkt_len; |
| payload = buf_pn + pn_len; |
| payload_len = end - payload; |
| aad_len = payload - beg; |
| |
| tls_ctx = &qel->tls_ctx; |
| if (!quic_packet_encrypt(payload, payload_len, beg, aad_len, pn, tls_ctx, qc->conn)) |
| goto err; |
| |
| end += QUIC_TLS_TAG_LEN; |
| pkt_len += QUIC_TLS_TAG_LEN; |
| if (!quic_apply_header_protection(beg, buf_pn, pn_len, |
| tls_ctx->tx.hp, tls_ctx->tx.hp_key)) |
| goto err; |
| |
| q_buf_setpos(wbuf, end); |
| /* Consume a packet number. */ |
| ++qel->pktns->tx.next_pn; |
| /* Attach the built packet to its tree. */ |
| pkt->pn_node.key = qel->pktns->tx.next_pn; |
| eb64_insert(&qel->pktns->tx.pkts, &pkt->pn_node); |
| /* Set the packet in fligth length for in flight packet only. */ |
| if (pkt->flags & QUIC_FL_TX_PACKET_IN_FLIGHT) { |
| pkt->in_flight_len = pkt_len; |
| qc->path->prep_in_flight += pkt_len; |
| } |
| pkt->pktns = qel->pktns; |
| /* Increment the number of bytes in <buf> buffer by the length of this packet. */ |
| wbuf->data += pkt_len; |
| /* Attach this packet to <buf>. */ |
| LIST_APPEND(&wbuf->pkts, &pkt->list); |
| |
| TRACE_LEAVE(QUIC_EV_CONN_PAPKT, qc->conn, pkt); |
| |
| return pkt_len; |
| |
| err: |
| free_quic_tx_packet(pkt); |
| TRACE_DEVEL("leaving in error", QUIC_EV_CONN_PAPKT, qc->conn); |
| return -2; |
| } |
| |
| /* Prepare a maximum of QUIC Application level packets from <ctx> QUIC |
| * connection I/O handler context. |
| * Returns 1 if succeeded, 0 if not. |
| */ |
| int qc_prep_phdshk_pkts(struct quic_conn *qc) |
| { |
| struct q_buf *wbuf; |
| struct quic_enc_level *qel; |
| |
| TRACE_ENTER(QUIC_EV_CONN_PAPKTS, qc->conn); |
| wbuf = q_wbuf(qc); |
| qel = &qc->els[QUIC_TLS_ENC_LEVEL_APP]; |
| while (q_buf_empty(wbuf)) { |
| ssize_t ret; |
| |
| if (!(qel->pktns->flags & QUIC_FL_PKTNS_ACK_REQUIRED) && |
| (LIST_ISEMPTY(&qel->pktns->tx.frms) || |
| qc->path->prep_in_flight >= qc->path->cwnd)) { |
| TRACE_DEVEL("nothing more to do", |
| QUIC_EV_CONN_PAPKTS, qc->conn); |
| break; |
| } |
| |
| ret = qc_build_phdshk_apkt(wbuf, qc); |
| switch (ret) { |
| case -1: |
| /* Not enough room left in <wbuf>. */ |
| wbuf = q_next_wbuf(qc); |
| continue; |
| case -2: |
| return 0; |
| default: |
| /* XXX TO CHECK: consume a buffer. */ |
| wbuf = q_next_wbuf(qc); |
| continue; |
| } |
| } |
| TRACE_LEAVE(QUIC_EV_CONN_PAPKTS, qc->conn); |
| |
| return 1; |
| } |
| |
| /* QUIC connection packet handler task. */ |
| struct task *quic_conn_io_cb(struct task *t, void *context, unsigned int state) |
| { |
| struct ssl_sock_ctx *ctx = context; |
| |
| if (ctx->conn->qc->state < QUIC_HS_ST_COMPLETE) { |
| qc_do_hdshk(ctx); |
| } |
| else { |
| struct quic_conn *qc = ctx->conn->qc; |
| |
| /* XXX TO DO: may fail!!! XXX */ |
| qc_treat_rx_pkts(&qc->els[QUIC_TLS_ENC_LEVEL_APP], ctx); |
| qc_prep_phdshk_pkts(qc); |
| qc_send_ppkts(ctx); |
| } |
| |
| return t; |
| } |
| |
| /* Copy up to <count> bytes from connection <conn> internal stream storage into buffer <buf>. |
| * Return the number of bytes which have been copied. |
| */ |
| static size_t quic_conn_to_buf(struct connection *conn, void *xprt_ctx, |
| struct buffer *buf, size_t count, int flags) |
| { |
| size_t try, done = 0; |
| |
| if (!conn_ctrl_ready(conn)) |
| return 0; |
| |
| if (!fd_recv_ready(conn->handle.fd)) |
| return 0; |
| |
| conn->flags &= ~CO_FL_WAIT_ROOM; |
| |
| /* read the largest possible block. For this, we perform only one call |
| * to recv() unless the buffer wraps and we exactly fill the first hunk, |
| * in which case we accept to do it once again. |
| */ |
| while (count > 0) { |
| try = b_contig_space(buf); |
| if (!try) |
| break; |
| |
| if (try > count) |
| try = count; |
| |
| b_add(buf, try); |
| done += try; |
| count -= try; |
| } |
| |
| if (unlikely(conn->flags & CO_FL_WAIT_L4_CONN) && done) |
| conn->flags &= ~CO_FL_WAIT_L4_CONN; |
| |
| leave: |
| return done; |
| |
| read0: |
| conn_sock_read0(conn); |
| conn->flags &= ~CO_FL_WAIT_L4_CONN; |
| |
| /* Now a final check for a possible asynchronous low-level error |
| * report. This can happen when a connection receives a reset |
| * after a shutdown, both POLL_HUP and POLL_ERR are queued, and |
| * we might have come from there by just checking POLL_HUP instead |
| * of recv()'s return value 0, so we have no way to tell there was |
| * an error without checking. |
| */ |
| if (unlikely(fdtab[conn->handle.fd].state & FD_POLL_ERR)) |
| conn->flags |= CO_FL_ERROR | CO_FL_SOCK_RD_SH | CO_FL_SOCK_WR_SH; |
| goto leave; |
| } |
| |
| |
| /* Send up to <count> pending bytes from buffer <buf> to connection <conn>'s |
| * socket. <flags> may contain some CO_SFL_* flags to hint the system about |
| * other pending data for example, but this flag is ignored at the moment. |
| * Only one call to send() is performed, unless the buffer wraps, in which case |
| * a second call may be performed. The connection's flags are updated with |
| * whatever special event is detected (error, empty). The caller is responsible |
| * for taking care of those events and avoiding the call if inappropriate. The |
| * function does not call the connection's polling update function, so the caller |
| * is responsible for this. It's up to the caller to update the buffer's contents |
| * based on the return value. |
| */ |
| static size_t quic_conn_from_buf(struct connection *conn, void *xprt_ctx, const struct buffer *buf, size_t count, int flags) |
| { |
| ssize_t ret; |
| size_t try, done; |
| int send_flag; |
| |
| if (!conn_ctrl_ready(conn)) |
| return 0; |
| |
| if (!fd_send_ready(conn->handle.fd)) |
| return 0; |
| |
| done = 0; |
| /* send the largest possible block. For this we perform only one call |
| * to send() unless the buffer wraps and we exactly fill the first hunk, |
| * in which case we accept to do it once again. |
| */ |
| while (count) { |
| try = b_contig_data(buf, done); |
| if (try > count) |
| try = count; |
| |
| send_flag = MSG_DONTWAIT | MSG_NOSIGNAL; |
| if (try < count || flags & CO_SFL_MSG_MORE) |
| send_flag |= MSG_MORE; |
| |
| ret = sendto(conn->handle.fd, b_peek(buf, done), try, send_flag, |
| (struct sockaddr *)conn->dst, get_addr_len(conn->dst)); |
| if (ret > 0) { |
| count -= ret; |
| done += ret; |
| |
| /* A send succeeded, so we can consider ourself connected */ |
| conn->flags |= CO_FL_WAIT_L4L6; |
| /* if the system buffer is full, don't insist */ |
| if (ret < try) |
| break; |
| } |
| else if (ret == 0 || errno == EAGAIN || errno == ENOTCONN || errno == EINPROGRESS) { |
| /* nothing written, we need to poll for write first */ |
| fd_cant_send(conn->handle.fd); |
| break; |
| } |
| else if (errno != EINTR) { |
| conn->flags |= CO_FL_ERROR | CO_FL_SOCK_RD_SH | CO_FL_SOCK_WR_SH; |
| break; |
| } |
| } |
| if (unlikely(conn->flags & CO_FL_WAIT_L4_CONN) && done) |
| conn->flags &= ~CO_FL_WAIT_L4_CONN; |
| |
| if (done > 0) { |
| /* we count the total bytes sent, and the send rate for 32-byte |
| * blocks. The reason for the latter is that freq_ctr are |
| * limited to 4GB and that it's not enough per second. |
| */ |
| _HA_ATOMIC_ADD(&global.out_bytes, done); |
| update_freq_ctr(&global.out_32bps, (done + 16) / 32); |
| } |
| return done; |
| } |
| |
| /* Called from the upper layer, to subscribe <es> to events <event_type>. The |
| * event subscriber <es> is not allowed to change from a previous call as long |
| * as at least one event is still subscribed. The <event_type> must only be a |
| * combination of SUB_RETRY_RECV and SUB_RETRY_SEND. It always returns 0. |
| */ |
| static int quic_conn_subscribe(struct connection *conn, void *xprt_ctx, int event_type, struct wait_event *es) |
| { |
| return conn_subscribe(conn, xprt_ctx, event_type, es); |
| } |
| |
| /* Called from the upper layer, to unsubscribe <es> from events <event_type>. |
| * The <es> pointer is not allowed to differ from the one passed to the |
| * subscribe() call. It always returns zero. |
| */ |
| static int quic_conn_unsubscribe(struct connection *conn, void *xprt_ctx, int event_type, struct wait_event *es) |
| { |
| return conn_unsubscribe(conn, xprt_ctx, event_type, es); |
| } |
| |
| /* Initialize a QUIC connection (quic_conn struct) to be attached to <conn> |
| * connection with <xprt_ctx> as address of the xprt context. |
| * Returns 1 if succeeded, 0 if not. |
| */ |
| static int qc_conn_init(struct connection *conn, void **xprt_ctx) |
| { |
| struct ssl_sock_ctx *ctx; |
| |
| TRACE_ENTER(QUIC_EV_CONN_NEW, conn); |
| |
| if (*xprt_ctx) |
| goto out; |
| |
| ctx = pool_alloc(pool_head_quic_conn_ctx); |
| if (!ctx) { |
| conn->err_code = CO_ER_SYS_MEMLIM; |
| goto err; |
| } |
| |
| ctx->wait_event.tasklet = tasklet_new(); |
| if (!ctx->wait_event.tasklet) { |
| conn->err_code = CO_ER_SYS_MEMLIM; |
| goto err; |
| } |
| |
| ctx->wait_event.tasklet->process = quic_conn_io_cb; |
| ctx->wait_event.tasklet->context = ctx; |
| ctx->wait_event.events = 0; |
| ctx->conn = conn; |
| ctx->subs = NULL; |
| ctx->xprt_ctx = NULL; |
| |
| ctx->xprt = xprt_get(XPRT_QUIC); |
| if (objt_server(conn->target)) { |
| /* Server */ |
| struct server *srv = __objt_server(conn->target); |
| unsigned char dcid[QUIC_CID_LEN]; |
| struct quic_conn *qc; |
| int ssl_err, ipv4; |
| |
| ssl_err = SSL_ERROR_NONE; |
| if (RAND_bytes(dcid, sizeof dcid) != 1) |
| goto err; |
| |
| ipv4 = conn->dst->ss_family == AF_INET; |
| qc = qc_new_conn(QUIC_PROTOCOL_VERSION_DRAFT_28, ipv4, |
| dcid, sizeof dcid, NULL, 0, 0); |
| if (qc == NULL) |
| goto err; |
| |
| /* Insert our SCID, the connection ID for the QUIC client. */ |
| ebmb_insert(&srv->cids, &qc->scid_node, qc->scid.len); |
| |
| conn->qc = qc; |
| qc->conn = conn; |
| if (!qc_new_isecs(qc, dcid, sizeof dcid, 0)) |
| goto err; |
| |
| if (ssl_bio_and_sess_init(conn, srv->ssl_ctx.ctx, |
| &ctx->ssl, &ctx->bio, ha_quic_meth, ctx) == -1) |
| goto err; |
| |
| qc->rx.params = srv->quic_params; |
| /* Copy the initial source connection ID. */ |
| quic_cid_cpy(&qc->rx.params.initial_source_connection_id, &qc->scid); |
| qc->enc_params_len = |
| quic_transport_params_encode(qc->enc_params, qc->enc_params + sizeof qc->enc_params, |
| &qc->rx.params, 0); |
| if (!qc->enc_params_len) |
| goto err; |
| |
| SSL_set_quic_transport_params(ctx->ssl, qc->enc_params, qc->enc_params_len); |
| SSL_set_connect_state(ctx->ssl); |
| ssl_err = SSL_do_handshake(ctx->ssl); |
| if (ssl_err != 1) { |
| ssl_err = SSL_get_error(ctx->ssl, ssl_err); |
| if (ssl_err == SSL_ERROR_WANT_READ || ssl_err == SSL_ERROR_WANT_WRITE) { |
| TRACE_PROTO("SSL handshake", |
| QUIC_EV_CONN_HDSHK, ctx->conn, &qc->state, &ssl_err); |
| } |
| else { |
| TRACE_DEVEL("SSL handshake error", |
| QUIC_EV_CONN_HDSHK, ctx->conn, &qc->state, &ssl_err); |
| goto err; |
| } |
| } |
| } |
| else if (objt_listener(conn->target)) { |
| /* Listener */ |
| struct bind_conf *bc = __objt_listener(conn->target)->bind_conf; |
| struct quic_conn *qc = ctx->conn->qc; |
| |
| if (ssl_bio_and_sess_init(conn, bc->initial_ctx, |
| &ctx->ssl, &ctx->bio, ha_quic_meth, ctx) == -1) |
| goto err; |
| |
| SSL_set_quic_transport_params(ctx->ssl, qc->enc_params, qc->enc_params_len); |
| SSL_set_accept_state(ctx->ssl); |
| } |
| |
| *xprt_ctx = ctx; |
| |
| /* Leave init state and start handshake */ |
| conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN; |
| |
| out: |
| TRACE_LEAVE(QUIC_EV_CONN_NEW, conn); |
| |
| return 0; |
| |
| err: |
| if (ctx && ctx->wait_event.tasklet) |
| tasklet_free(ctx->wait_event.tasklet); |
| pool_free(pool_head_quic_conn_ctx, ctx); |
| TRACE_DEVEL("leaving in error", QUIC_EV_CONN_NEW, conn); |
| return -1; |
| } |
| |
| /* Start the QUIC transport layer */ |
| static int qc_xprt_start(struct connection *conn, void *ctx) |
| { |
| struct quic_conn *qc; |
| struct ssl_sock_ctx *qctx = ctx; |
| |
| qc = conn->qc; |
| if (!quic_conn_init_timer(qc)) { |
| TRACE_PROTO("Non initialized timer", QUIC_EV_CONN_LPKT, conn); |
| return 0; |
| } |
| |
| tasklet_wakeup(qctx->wait_event.tasklet); |
| return 1; |
| } |
| |
| /* transport-layer operations for QUIC connections. */ |
| static struct xprt_ops ssl_quic = { |
| .snd_buf = quic_conn_from_buf, |
| .rcv_buf = quic_conn_to_buf, |
| .subscribe = quic_conn_subscribe, |
| .unsubscribe = quic_conn_unsubscribe, |
| .init = qc_conn_init, |
| .start = qc_xprt_start, |
| .prepare_bind_conf = ssl_sock_prepare_bind_conf, |
| .destroy_bind_conf = ssl_sock_destroy_bind_conf, |
| .name = "QUIC", |
| }; |
| |
| __attribute__((constructor)) |
| static void __quic_conn_init(void) |
| { |
| ha_quic_meth = BIO_meth_new(0x666, "ha QUIC methods"); |
| xprt_register(XPRT_QUIC, &ssl_quic); |
| } |
| |
| __attribute__((destructor)) |
| static void __quic_conn_deinit(void) |
| { |
| BIO_meth_free(ha_quic_meth); |
| } |
| |
| /* Read all the QUIC packets found in <buf> with <len> as length (typically a UDP |
| * datagram), <ctx> being the QUIC I/O handler context, from QUIC connections, |
| * calling <func> function; |
| * Return the number of bytes read if succeeded, -1 if not. |
| */ |
| static ssize_t quic_dgram_read(char *buf, size_t len, void *owner, |
| struct sockaddr_storage *saddr, qpkt_read_func *func) |
| { |
| unsigned char *pos; |
| const unsigned char *end; |
| struct quic_dgram_ctx dgram_ctx = { |
| .dcid_node = NULL, |
| .owner = owner, |
| }; |
| |
| pos = (unsigned char *)buf; |
| end = pos + len; |
| |
| do { |
| int ret; |
| struct quic_rx_packet *pkt; |
| |
| pkt = pool_zalloc(pool_head_quic_rx_packet); |
| if (!pkt) |
| goto err; |
| |
| quic_rx_packet_refinc(pkt); |
| ret = func(&pos, end, pkt, &dgram_ctx, saddr); |
| if (ret == -1) { |
| size_t pkt_len; |
| |
| pkt_len = pkt->len; |
| free_quic_rx_packet(pkt); |
| /* If the packet length could not be found, we cannot continue. */ |
| if (!pkt_len) |
| break; |
| } |
| } while (pos < end); |
| |
| /* Increasing the received bytes counter by the UDP datagram length |
| * if this datagram could be associated to a connection. |
| */ |
| if (dgram_ctx.qc) |
| dgram_ctx.qc->rx.bytes += len; |
| |
| return pos - (unsigned char *)buf; |
| |
| err: |
| return -1; |
| } |
| |
| ssize_t quic_lstnr_dgram_read(char *buf, size_t len, void *owner, |
| struct sockaddr_storage *saddr) |
| { |
| return quic_dgram_read(buf, len, owner, saddr, qc_lstnr_pkt_rcv); |
| } |
| |
| ssize_t quic_srv_dgram_read(char *buf, size_t len, void *owner, |
| struct sockaddr_storage *saddr) |
| { |
| return quic_dgram_read(buf, len, owner, saddr, qc_srv_pkt_rcv); |
| } |
| |
| /* QUIC I/O handler for connection to local listeners or remove servers |
| * depending on <listener> boolean value, with <fd> as socket file |
| * descriptor and <ctx> as context. |
| */ |
| static size_t quic_conn_handler(int fd, void *ctx, qpkt_read_func *func) |
| { |
| ssize_t ret; |
| size_t done = 0; |
| struct buffer *buf = get_trash_chunk(); |
| /* Source address */ |
| struct sockaddr_storage saddr = {0}; |
| socklen_t saddrlen = sizeof saddr; |
| |
| if (!fd_recv_ready(fd)) |
| return 0; |
| |
| do { |
| ret = recvfrom(fd, buf->area, buf->size, 0, |
| (struct sockaddr *)&saddr, &saddrlen); |
| if (ret < 0) { |
| if (errno == EINTR) |
| continue; |
| if (errno == EAGAIN) |
| fd_cant_recv(fd); |
| goto out; |
| } |
| } while (0); |
| |
| done = buf->data = ret; |
| quic_dgram_read(buf->area, buf->data, ctx, &saddr, func); |
| |
| out: |
| return done; |
| } |
| |
| /* QUIC I/O handler for connections to local listeners with <fd> as socket |
| * file descriptor. |
| */ |
| void quic_fd_handler(int fd) |
| { |
| if (fdtab[fd].state & FD_POLL_IN) |
| quic_conn_handler(fd, fdtab[fd].owner, &qc_lstnr_pkt_rcv); |
| } |
| |
| /* QUIC I/O handler for connections to remote servers with <fd> as socket |
| * file descriptor. |
| */ |
| void quic_conn_fd_handler(int fd) |
| { |
| if (fdtab[fd].state & FD_POLL_IN) |
| quic_conn_handler(fd, fdtab[fd].owner, &qc_srv_pkt_rcv); |
| } |
| |
| /* |
| * Local variables: |
| * c-indent-level: 8 |
| * c-basic-offset: 8 |
| * End: |
| */ |