Frédéric Lécaille | b4672fb | 2021-03-03 16:13:10 +0100 | [diff] [blame] | 1 | /* |
| 2 | * QPACK decompressor |
| 3 | * |
| 4 | * Copyright 2021 HAProxy Technologies, Frédéric Lécaille <flecaille@haproxy.com> |
| 5 | * |
| 6 | * This library is free software; you can redistribute it and/or |
| 7 | * modify it under the terms of the GNU Lesser General Public |
| 8 | * License as published by the Free Software Foundation, version 2.1 |
| 9 | * exclusively. |
| 10 | * |
| 11 | * This library is distributed in the hope that it will be useful, |
| 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| 14 | * Lesser General Public License for more details. |
| 15 | * |
| 16 | * You should have received a copy of the GNU Lesser General Public |
| 17 | * License along with this library; if not, write to the Free Software |
| 18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
| 19 | */ |
| 20 | |
| 21 | #include <inttypes.h> |
| 22 | #include <stdio.h> |
| 23 | #include <stdlib.h> |
| 24 | #include <string.h> |
| 25 | |
| 26 | #include <import/ist.h> |
| 27 | #include <haproxy/buf.h> |
| 28 | #include <haproxy/chunk.h> |
| 29 | #include <haproxy/h3.h> |
| 30 | #include <haproxy/qpack-t.h> |
| 31 | #include <haproxy/qpack-dec.h> |
Amaury Denoyelle | fd7cdc3 | 2021-08-24 15:13:20 +0200 | [diff] [blame] | 32 | #include <haproxy/qpack-tbl.h> |
Frédéric Lécaille | b4672fb | 2021-03-03 16:13:10 +0100 | [diff] [blame] | 33 | #include <haproxy/hpack-huff.h> |
| 34 | #include <haproxy/hpack-tbl.h> |
Amaury Denoyelle | fd7cdc3 | 2021-08-24 15:13:20 +0200 | [diff] [blame] | 35 | #include <haproxy/http-hdr.h> |
Frédéric Lécaille | b4672fb | 2021-03-03 16:13:10 +0100 | [diff] [blame] | 36 | #include <haproxy/tools.h> |
| 37 | |
| 38 | #define DEBUG_HPACK |
| 39 | |
| 40 | #if defined(DEBUG_HPACK) |
| 41 | #define qpack_debug_printf fprintf |
| 42 | #define qpack_debug_hexdump debug_hexdump |
| 43 | #else |
| 44 | #define qpack_debug_printf(...) do { } while (0) |
| 45 | #define qpack_debug_hexdump(...) do { } while (0) |
| 46 | #endif |
| 47 | |
| 48 | /* Encoded field line bitmask */ |
| 49 | #define QPACK_EFL_BITMASK 0xf0 |
| 50 | #define QPACK_LFL_WPBNM 0x00 // Literal field line with post-base name reference |
| 51 | #define QPACK_IFL_WPBI 0x10 // Indexed field line with post-based index |
| 52 | #define QPACK_LFL_WLN_BIT 0x20 // Literal field line with literal name |
| 53 | #define QPACK_LFL_WNR_BIT 0x40 // Literal field line with name reference |
| 54 | #define QPACK_IFL_BIT 0x80 // Indexed field line |
| 55 | |
| 56 | /* reads a varint from <raw>'s lowest <b> bits and <len> bytes max (raw included). |
| 57 | * returns the 64-bit value on success after updating buf and len_in. Forces |
| 58 | * len_in to (uint64_t)-1 on truncated input. |
| 59 | * Note that this function is similar to the one used for HPACK (except that is supports |
| 60 | * up to 62-bits integers). |
| 61 | */ |
| 62 | static uint64_t qpack_get_varint(const unsigned char **buf, uint64_t *len_in, int b) |
| 63 | { |
| 64 | uint64_t ret = 0; |
| 65 | int len = *len_in; |
| 66 | const uint8_t *raw = *buf; |
| 67 | uint8_t shift = 0; |
| 68 | |
| 69 | len--; |
| 70 | ret = *raw++ & ((1 << b) - 1); |
| 71 | if (ret != (uint64_t)((1 << b) - 1)) |
| 72 | goto end; |
| 73 | |
| 74 | while (len && (*raw & 128)) { |
| 75 | ret += ((uint64_t)*raw++ & 127) << shift; |
| 76 | shift += 7; |
| 77 | len--; |
| 78 | } |
| 79 | |
| 80 | /* last 7 bits */ |
| 81 | if (!len) |
| 82 | goto too_short; |
| 83 | |
| 84 | len--; |
| 85 | ret += ((uint64_t)*raw++ & 127) << shift; |
| 86 | |
| 87 | end: |
| 88 | *buf = raw; |
| 89 | *len_in = len; |
| 90 | return ret; |
| 91 | |
| 92 | too_short: |
| 93 | *len_in = (uint64_t)-1; |
| 94 | return 0; |
| 95 | } |
| 96 | |
| 97 | /* Decode an encoder stream */ |
| 98 | int qpack_decode_enc(struct h3_uqs *h3_uqs, void *ctx) |
| 99 | { |
| 100 | size_t len; |
| 101 | struct buffer *rxbuf; |
| 102 | unsigned char inst; |
| 103 | |
| 104 | rxbuf = &h3_uqs->qcs->rx.buf; |
| 105 | len = b_data(rxbuf); |
| 106 | qpack_debug_hexdump(stderr, "[QPACK-DEC-ENC] ", b_head(rxbuf), 0, len); |
| 107 | |
| 108 | if (!len) { |
| 109 | qpack_debug_printf(stderr, "[QPACK-DEC-ENC] empty stream\n"); |
| 110 | return 0; |
| 111 | } |
| 112 | |
| 113 | inst = (unsigned char)*b_head(rxbuf) & QPACK_ENC_INST_BITMASK; |
| 114 | if (inst == QPACK_ENC_INST_DUP) { |
| 115 | /* Duplicate */ |
| 116 | } |
| 117 | else if (inst & QPACK_ENC_INST_IWNR_BIT) { |
| 118 | /* Insert With Name Reference */ |
| 119 | } |
| 120 | else if (inst & QPACK_ENC_INST_IWLN_BIT) { |
| 121 | /* Insert with literal name */ |
| 122 | } |
| 123 | else if (inst & QPACK_ENC_INST_SDTC_BIT) { |
| 124 | /* Set dynamic table capacity */ |
| 125 | } |
| 126 | |
| 127 | return 1; |
| 128 | } |
| 129 | |
| 130 | /* Decode an decoder stream */ |
| 131 | int qpack_decode_dec(struct h3_uqs *h3_uqs, void *ctx) |
| 132 | { |
| 133 | size_t len; |
| 134 | struct buffer *rxbuf; |
| 135 | unsigned char inst; |
| 136 | |
| 137 | rxbuf = &h3_uqs->qcs->rx.buf; |
| 138 | len = b_data(rxbuf); |
| 139 | qpack_debug_hexdump(stderr, "[QPACK-DEC-DEC] ", b_head(rxbuf), 0, len); |
| 140 | |
| 141 | if (!len) { |
| 142 | qpack_debug_printf(stderr, "[QPACK-DEC-DEC] empty stream\n"); |
| 143 | return 0; |
| 144 | } |
| 145 | |
| 146 | inst = (unsigned char)*b_head(rxbuf) & QPACK_DEC_INST_BITMASK; |
| 147 | if (inst == QPACK_DEC_INST_ICINC) { |
| 148 | /* Insert count increment */ |
| 149 | } |
| 150 | else if (inst & QPACK_DEC_INST_SACK) { |
| 151 | /* Section Acknowledgment */ |
| 152 | } |
| 153 | else if (inst & QPACK_DEC_INST_SCCL) { |
| 154 | /* Stream cancellation */ |
| 155 | } |
| 156 | |
| 157 | return 1; |
| 158 | } |
| 159 | |
| 160 | /* Decode a field section prefix made of <enc_ric> and <db> two varints. |
| 161 | * Also set the 'S' sign bit for <db>. |
| 162 | * Return a negative error if failed, 0 if not. |
| 163 | */ |
| 164 | static int qpack_decode_fs_pfx(uint64_t *enc_ric, uint64_t *db, int *sign_bit, |
| 165 | const unsigned char **raw, size_t *len) |
| 166 | { |
| 167 | *enc_ric = qpack_get_varint(raw, len, 8); |
| 168 | if (*len == (uint64_t)-1) |
| 169 | return -QPACK_ERR_RIC; |
| 170 | |
| 171 | *sign_bit = **raw & 0x8; |
| 172 | *db = qpack_get_varint(raw, len, 7); |
| 173 | if (*len == (uint64_t)-1) |
| 174 | return -QPACK_ERR_DB; |
| 175 | |
| 176 | return 0; |
| 177 | } |
| 178 | |
| 179 | /* Decode a field section from <len> bytes length <raw> buffer. |
| 180 | * Produces the output into <tmp> buffer. |
| 181 | */ |
Amaury Denoyelle | fd7cdc3 | 2021-08-24 15:13:20 +0200 | [diff] [blame] | 182 | int qpack_decode_fs(const unsigned char *raw, size_t len, struct buffer *tmp, |
| 183 | struct http_hdr *list) |
Frédéric Lécaille | b4672fb | 2021-03-03 16:13:10 +0100 | [diff] [blame] | 184 | { |
| 185 | uint64_t enc_ric, db; |
| 186 | int s; |
| 187 | unsigned int efl_type; |
| 188 | int ret; |
Amaury Denoyelle | fd7cdc3 | 2021-08-24 15:13:20 +0200 | [diff] [blame] | 189 | int hdr_idx = 0; |
Frédéric Lécaille | b4672fb | 2021-03-03 16:13:10 +0100 | [diff] [blame] | 190 | |
| 191 | qpack_debug_hexdump(stderr, "[QPACK-DEC-FS] ", (const char *)raw, 0, len); |
| 192 | |
| 193 | ret = qpack_decode_fs_pfx(&enc_ric, &db, &s, &raw, &len); |
| 194 | if (ret < 0) { |
| 195 | qpack_debug_printf(stderr, "##ERR@%d(%d)\n", __LINE__, ret); |
| 196 | goto out; |
| 197 | } |
| 198 | |
| 199 | chunk_reset(tmp); |
| 200 | qpack_debug_printf(stderr, "enc_ric: %llu db: %llu s=%d\n", |
| 201 | (unsigned long long)enc_ric, (unsigned long long)db, !!s); |
| 202 | /* Decode field lines */ |
| 203 | while (len) { |
| 204 | qpack_debug_hexdump(stderr, "raw ", (const char *)raw, 0, len); |
| 205 | efl_type = *raw & QPACK_EFL_BITMASK; |
| 206 | qpack_debug_printf(stderr, "efl_type=0x%02x\n", efl_type); |
| 207 | if (efl_type == QPACK_LFL_WPBNM) { |
| 208 | /* Literal field line with post-base name reference */ |
| 209 | uint64_t index, length; |
| 210 | unsigned int n, h; |
| 211 | |
| 212 | qpack_debug_printf(stderr, "literal field line with post-base name reference:"); |
| 213 | n = *raw & 0x08; |
| 214 | index = qpack_get_varint(&raw, &len, 3); |
| 215 | if (len == (uint64_t)-1) { |
| 216 | qpack_debug_printf(stderr, "##ERR@%d\n", __LINE__); |
| 217 | ret = -QPACK_ERR_TRUNCATED; |
| 218 | goto out; |
| 219 | } |
| 220 | |
| 221 | qpack_debug_printf(stderr, " n=%d index=%llu", !!n, (unsigned long long)index); |
| 222 | h = *raw & 0x80; |
| 223 | length = qpack_get_varint(&raw, &len, 7); |
| 224 | if (len == (uint64_t)-1) { |
| 225 | qpack_debug_printf(stderr, "##ERR@%d\n", __LINE__); |
| 226 | ret = -QPACK_ERR_TRUNCATED; |
| 227 | goto out; |
| 228 | } |
| 229 | |
| 230 | qpack_debug_printf(stderr, " h=%d length=%llu", !!h, (unsigned long long)length); |
Frédéric Lécaille | e629cfd | 2021-12-15 14:16:16 +0100 | [diff] [blame] | 231 | |
| 232 | if (len < length) { |
| 233 | qpack_debug_printf(stderr, "##ERR@%d\n", __LINE__); |
| 234 | ret = -QPACK_ERR_TRUNCATED; |
| 235 | goto out; |
| 236 | } |
| 237 | |
Frédéric Lécaille | b4672fb | 2021-03-03 16:13:10 +0100 | [diff] [blame] | 238 | /* XXX Value string XXX */ |
| 239 | raw += length; |
| 240 | len -= length; |
Amaury Denoyelle | fd7cdc3 | 2021-08-24 15:13:20 +0200 | [diff] [blame] | 241 | } |
| 242 | else if (efl_type == QPACK_IFL_WPBI) { |
Frédéric Lécaille | b4672fb | 2021-03-03 16:13:10 +0100 | [diff] [blame] | 243 | /* Indexed field line with post-base index */ |
| 244 | uint64_t index; |
| 245 | |
| 246 | qpack_debug_printf(stderr, "indexed field line with post-base index:"); |
| 247 | index = qpack_get_varint(&raw, &len, 4); |
| 248 | if (len == (uint64_t)-1) { |
| 249 | qpack_debug_printf(stderr, "##ERR@%d\n", __LINE__); |
| 250 | ret = -QPACK_ERR_TRUNCATED; |
| 251 | goto out; |
| 252 | } |
| 253 | |
| 254 | qpack_debug_printf(stderr, " index=%llu", (unsigned long long)index); |
Amaury Denoyelle | fd7cdc3 | 2021-08-24 15:13:20 +0200 | [diff] [blame] | 255 | } |
| 256 | else if (efl_type & QPACK_IFL_BIT) { |
Frédéric Lécaille | b4672fb | 2021-03-03 16:13:10 +0100 | [diff] [blame] | 257 | /* Indexed field line */ |
| 258 | uint64_t index; |
| 259 | unsigned int t; |
| 260 | |
| 261 | qpack_debug_printf(stderr, "indexed field line:"); |
| 262 | t = efl_type & 0x40; |
| 263 | index = qpack_get_varint(&raw, &len, 6); |
| 264 | if (len == (uint64_t)-1) { |
| 265 | qpack_debug_printf(stderr, "##ERR@%d\n", __LINE__); |
| 266 | ret = -QPACK_ERR_TRUNCATED; |
| 267 | goto out; |
| 268 | } |
| 269 | |
Amaury Denoyelle | fd7cdc3 | 2021-08-24 15:13:20 +0200 | [diff] [blame] | 270 | if (t) |
| 271 | list[hdr_idx++] = qpack_sht[index]; |
| 272 | |
Frédéric Lécaille | b4672fb | 2021-03-03 16:13:10 +0100 | [diff] [blame] | 273 | qpack_debug_printf(stderr, " t=%d index=%llu", !!t, (unsigned long long)index); |
Amaury Denoyelle | fd7cdc3 | 2021-08-24 15:13:20 +0200 | [diff] [blame] | 274 | } |
| 275 | else if (efl_type & QPACK_LFL_WNR_BIT) { |
Frédéric Lécaille | b4672fb | 2021-03-03 16:13:10 +0100 | [diff] [blame] | 276 | /* Literal field line with name reference */ |
| 277 | uint64_t index, length; |
| 278 | unsigned int t, n, h; |
| 279 | |
| 280 | qpack_debug_printf(stderr, "Literal field line with name reference:"); |
| 281 | n = efl_type & 0x20; |
| 282 | t = efl_type & 0x10; |
| 283 | index = qpack_get_varint(&raw, &len, 4); |
| 284 | if (len == (uint64_t)-1) { |
| 285 | qpack_debug_printf(stderr, "##ERR@%d\n", __LINE__); |
| 286 | ret = -QPACK_ERR_TRUNCATED; |
| 287 | goto out; |
| 288 | } |
| 289 | |
Amaury Denoyelle | fd7cdc3 | 2021-08-24 15:13:20 +0200 | [diff] [blame] | 290 | if (t) |
| 291 | list[hdr_idx] = qpack_sht[index]; |
| 292 | |
Frédéric Lécaille | b4672fb | 2021-03-03 16:13:10 +0100 | [diff] [blame] | 293 | qpack_debug_printf(stderr, " n=%d t=%d index=%llu", !!n, !!t, (unsigned long long)index); |
| 294 | h = *raw & 0x80; |
| 295 | length = qpack_get_varint(&raw, &len, 7); |
| 296 | if (len == (uint64_t)-1) { |
| 297 | qpack_debug_printf(stderr, "##ERR@%d\n", __LINE__); |
| 298 | ret = -QPACK_ERR_TRUNCATED; |
| 299 | goto out; |
| 300 | } |
| 301 | |
| 302 | qpack_debug_printf(stderr, " h=%d length=%llu", !!h, (unsigned long long)length); |
| 303 | if (h) { |
| 304 | char *trash; |
| 305 | int nlen; |
| 306 | |
| 307 | trash = chunk_newstr(tmp); |
| 308 | if (!trash) { |
| 309 | qpack_debug_printf(stderr, "##ERR@%d\n", __LINE__); |
| 310 | ret = -QPACK_DECOMPRESSION_FAILED; |
| 311 | goto out; |
| 312 | } |
| 313 | nlen = huff_dec(raw, length, trash, tmp->size - tmp->data); |
| 314 | if (nlen == (uint32_t)-1) { |
| 315 | qpack_debug_printf(stderr, " can't decode huffman.\n"); |
| 316 | ret = -QPACK_ERR_HUFFMAN; |
| 317 | goto out; |
| 318 | } |
| 319 | |
| 320 | qpack_debug_printf(stderr, " [name huff %d->%d '%s']", (int)length, (int)nlen, trash); |
Amaury Denoyelle | 9c8c4fa | 2021-09-30 17:14:55 +0200 | [diff] [blame] | 321 | /* makes an ist from tmp storage */ |
| 322 | b_add(tmp, nlen); |
| 323 | list[hdr_idx].v = ist2(trash, nlen); |
Frédéric Lécaille | b4672fb | 2021-03-03 16:13:10 +0100 | [diff] [blame] | 324 | } |
Amaury Denoyelle | 7d3aea5 | 2021-11-24 16:04:03 +0100 | [diff] [blame] | 325 | else { |
| 326 | list[hdr_idx].v = ist2(raw, length); |
| 327 | } |
| 328 | |
Frédéric Lécaille | e629cfd | 2021-12-15 14:16:16 +0100 | [diff] [blame] | 329 | if (len < length) { |
| 330 | qpack_debug_printf(stderr, "##ERR@%d\n", __LINE__); |
| 331 | ret = -QPACK_ERR_TRUNCATED; |
| 332 | goto out; |
| 333 | } |
| 334 | |
Frédéric Lécaille | b4672fb | 2021-03-03 16:13:10 +0100 | [diff] [blame] | 335 | raw += length; |
| 336 | len -= length; |
Amaury Denoyelle | fd7cdc3 | 2021-08-24 15:13:20 +0200 | [diff] [blame] | 337 | ++hdr_idx; |
| 338 | } |
| 339 | else if (efl_type & QPACK_LFL_WLN_BIT) { |
Frédéric Lécaille | b4672fb | 2021-03-03 16:13:10 +0100 | [diff] [blame] | 340 | /* Literal field line with literal name */ |
| 341 | unsigned int n, hname, hvalue; |
| 342 | uint64_t name_len, value_len; |
| 343 | |
| 344 | qpack_debug_printf(stderr, "Literal field line with literal name:"); |
| 345 | n = *raw & 0x10; |
| 346 | hname = *raw & 0x08; |
| 347 | name_len = qpack_get_varint(&raw, &len, 3); |
| 348 | if (len == (uint64_t)-1) { |
| 349 | qpack_debug_printf(stderr, "##ERR@%d\n", __LINE__); |
| 350 | ret = -QPACK_ERR_TRUNCATED; |
| 351 | goto out; |
| 352 | } |
| 353 | |
| 354 | qpack_debug_printf(stderr, " n=%d hanme=%d name_len=%llu", !!n, !!hname, (unsigned long long)name_len); |
| 355 | /* Name string */ |
Frédéric Lécaille | e629cfd | 2021-12-15 14:16:16 +0100 | [diff] [blame] | 356 | |
| 357 | if (len < name_len) { |
| 358 | qpack_debug_printf(stderr, "##ERR@%d\n", __LINE__); |
| 359 | ret = -QPACK_ERR_TRUNCATED; |
| 360 | goto out; |
| 361 | } |
| 362 | |
Frédéric Lécaille | b4672fb | 2021-03-03 16:13:10 +0100 | [diff] [blame] | 363 | raw += name_len; |
| 364 | len -= name_len; |
| 365 | hvalue = *raw & 0x80; |
| 366 | value_len = qpack_get_varint(&raw, &len, 7); |
| 367 | if (len == (uint64_t)-1) { |
| 368 | qpack_debug_printf(stderr, "##ERR@%d\n", __LINE__); |
| 369 | ret = -QPACK_ERR_TRUNCATED; |
| 370 | goto out; |
| 371 | } |
| 372 | |
| 373 | qpack_debug_printf(stderr, " hvalue=%d value_len=%llu", !!hvalue, (unsigned long long)value_len); |
| 374 | |
Frédéric Lécaille | e629cfd | 2021-12-15 14:16:16 +0100 | [diff] [blame] | 375 | if (len < value_len) { |
| 376 | qpack_debug_printf(stderr, "##ERR@%d\n", __LINE__); |
| 377 | ret = -QPACK_ERR_TRUNCATED; |
| 378 | goto out; |
| 379 | } |
| 380 | |
Frédéric Lécaille | b4672fb | 2021-03-03 16:13:10 +0100 | [diff] [blame] | 381 | /* XXX Value string XXX */ |
| 382 | raw += value_len; |
| 383 | len -= value_len; |
| 384 | } |
| 385 | qpack_debug_printf(stderr, "\n"); |
| 386 | } |
| 387 | |
Amaury Denoyelle | fd7cdc3 | 2021-08-24 15:13:20 +0200 | [diff] [blame] | 388 | /* put an end marker */ |
| 389 | list[hdr_idx].n = list[hdr_idx].v = IST_NULL; |
| 390 | |
Frédéric Lécaille | b4672fb | 2021-03-03 16:13:10 +0100 | [diff] [blame] | 391 | out: |
| 392 | qpack_debug_printf(stderr, "-- done: ret=%d\n", ret); |
| 393 | return ret; |
| 394 | } |