2 * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include "internal/quic_channel.h"
11 #include "internal/quic_error.h"
12 #include "internal/quic_rx_depack.h"
13 #include "../ssl_local.h"
14 #include "quic_channel_local.h"
15 #include <openssl/rand.h>
18 * NOTE: While this channel implementation currently has basic server support,
19 * this functionality has been implemented for internal testing purposes and is
20 * not suitable for network use. In particular, it does not implement address
21 * validation, anti-amplification or retry logic.
23 * TODO(QUIC): Implement address validation and anti-amplification
24 * TODO(QUIC): Implement retry logic
27 #define INIT_DCID_LEN 8
28 #define INIT_CRYPTO_BUF_LEN 8192
29 #define INIT_APP_BUF_LEN 8192
32 * Interval before we force a PING to ensure NATs don't timeout. This is based
33 * on the lowest commonly seen value of 30 seconds as cited in RFC 9000 s.
36 #define MAX_NAT_INTERVAL (ossl_ms2time(25000))
38 static void ch_rx_pre(QUIC_CHANNEL *ch);
39 static int ch_rx(QUIC_CHANNEL *ch);
40 static int ch_tx(QUIC_CHANNEL *ch);
41 static void ch_tick(QUIC_TICK_RESULT *res, void *arg, uint32_t flags);
42 static void ch_rx_handle_packet(QUIC_CHANNEL *ch);
43 static OSSL_TIME ch_determine_next_tick_deadline(QUIC_CHANNEL *ch);
44 static int ch_retry(QUIC_CHANNEL *ch,
45 const unsigned char *retry_token,
46 size_t retry_token_len,
47 const QUIC_CONN_ID *retry_scid);
48 static void ch_cleanup(QUIC_CHANNEL *ch);
49 static int ch_generate_transport_params(QUIC_CHANNEL *ch);
50 static int ch_on_transport_params(const unsigned char *params,
53 static int ch_on_handshake_alert(void *arg, unsigned char alert_code);
54 static int ch_on_handshake_complete(void *arg);
55 static int ch_on_handshake_yield_secret(uint32_t enc_level, int direction,
56 uint32_t suite_id, EVP_MD *md,
57 const unsigned char *secret,
60 static int ch_on_crypto_recv_record(const unsigned char **buf,
61 size_t *bytes_read, void *arg);
62 static int ch_on_crypto_release_record(size_t bytes_read, void *arg);
63 static int crypto_ensure_empty(QUIC_RSTREAM *rstream);
64 static int ch_on_crypto_send(const unsigned char *buf, size_t buf_len,
65 size_t *consumed, void *arg);
66 static OSSL_TIME get_time(void *arg);
67 static uint64_t get_stream_limit(int uni, void *arg);
68 static int rx_early_validate(QUIC_PN pn, int pn_space, void *arg);
69 static int ch_retry(QUIC_CHANNEL *ch,
70 const unsigned char *retry_token,
71 size_t retry_token_len,
72 const QUIC_CONN_ID *retry_scid);
73 static void ch_update_idle(QUIC_CHANNEL *ch);
74 static int ch_discard_el(QUIC_CHANNEL *ch,
76 static void ch_on_idle_timeout(QUIC_CHANNEL *ch);
77 static void ch_update_idle(QUIC_CHANNEL *ch);
78 static void ch_update_ping_deadline(QUIC_CHANNEL *ch);
79 static void ch_raise_net_error(QUIC_CHANNEL *ch);
80 static void ch_on_terminating_timeout(QUIC_CHANNEL *ch);
81 static void ch_start_terminating(QUIC_CHANNEL *ch,
82 const QUIC_TERMINATE_CAUSE *tcause,
84 static void ch_default_packet_handler(QUIC_URXE *e, void *arg);
85 static int ch_server_on_new_conn(QUIC_CHANNEL *ch, const BIO_ADDR *peer,
86 const QUIC_CONN_ID *peer_scid,
87 const QUIC_CONN_ID *peer_dcid);
89 static int gen_rand_conn_id(OSSL_LIB_CTX *libctx, size_t len, QUIC_CONN_ID *cid)
91 if (len > QUIC_MAX_CONN_ID_LEN)
94 cid->id_len = (unsigned char)len;
96 if (RAND_bytes_ex(libctx, cid->id, len, len * 8) != 1) {
105 * QUIC Channel Initialization and Teardown
106 * ========================================
108 #define DEFAULT_INIT_CONN_RXFC_WND (2 * 1024 * 1024)
109 #define DEFAULT_CONN_RXFC_MAX_WND_MUL 5
111 #define DEFAULT_INIT_STREAM_RXFC_WND (2 * 1024 * 1024)
112 #define DEFAULT_STREAM_RXFC_MAX_WND_MUL 5
114 #define DEFAULT_INIT_CONN_MAX_STREAMS 100
116 static int ch_init(QUIC_CHANNEL *ch)
118 OSSL_QUIC_TX_PACKETISER_ARGS txp_args = {0};
119 OSSL_QTX_ARGS qtx_args = {0};
120 OSSL_QRX_ARGS qrx_args = {0};
121 QUIC_TLS_ARGS tls_args = {0};
123 size_t rx_short_cid_len = ch->is_server ? INIT_DCID_LEN : 0;
125 /* For clients, generate our initial DCID. */
127 && !gen_rand_conn_id(ch->libctx, INIT_DCID_LEN, &ch->init_dcid))
130 /* We plug in a network write BIO to the QTX later when we get one. */
131 qtx_args.libctx = ch->libctx;
132 qtx_args.mdpl = QUIC_MIN_INITIAL_DGRAM_LEN;
133 /* Callback related arguments */
134 qtx_args.msg_callback = ch->msg_callback;
135 qtx_args.msg_callback_arg = ch->msg_callback_arg;
136 qtx_args.msg_callback_s = ch->msg_callback_s;
137 ch->rx_max_udp_payload_size = qtx_args.mdpl;
139 ch->qtx = ossl_qtx_new(&qtx_args);
143 ch->txpim = ossl_quic_txpim_new();
144 if (ch->txpim == NULL)
147 ch->cfq = ossl_quic_cfq_new();
151 if (!ossl_quic_txfc_init(&ch->conn_txfc, NULL))
155 * Note: The TP we transmit governs what the peer can transmit and thus
156 * applies to the RXFC.
158 ch->tx_init_max_stream_data_bidi_local = DEFAULT_INIT_STREAM_RXFC_WND;
159 ch->tx_init_max_stream_data_bidi_remote = DEFAULT_INIT_STREAM_RXFC_WND;
160 ch->tx_init_max_stream_data_uni = DEFAULT_INIT_STREAM_RXFC_WND;
162 if (!ossl_quic_rxfc_init(&ch->conn_rxfc, NULL,
163 DEFAULT_INIT_CONN_RXFC_WND,
164 DEFAULT_CONN_RXFC_MAX_WND_MUL *
165 DEFAULT_INIT_CONN_RXFC_WND,
169 if (!ossl_quic_rxfc_init_for_stream_count(&ch->max_streams_bidi_rxfc,
170 DEFAULT_INIT_CONN_MAX_STREAMS,
174 if (!ossl_quic_rxfc_init_for_stream_count(&ch->max_streams_uni_rxfc,
175 DEFAULT_INIT_CONN_MAX_STREAMS,
179 if (!ossl_statm_init(&ch->statm))
183 ch->cc_method = &ossl_cc_newreno_method;
184 if ((ch->cc_data = ch->cc_method->new(get_time, ch)) == NULL)
187 if ((ch->ackm = ossl_ackm_new(get_time, ch, &ch->statm,
188 ch->cc_method, ch->cc_data)) == NULL)
191 if (!ossl_quic_stream_map_init(&ch->qsm, get_stream_limit, ch,
192 &ch->max_streams_bidi_rxfc,
193 &ch->max_streams_uni_rxfc,
199 /* We use a zero-length SCID. */
200 txp_args.cur_dcid = ch->init_dcid;
201 txp_args.ack_delay_exponent = 3;
202 txp_args.qtx = ch->qtx;
203 txp_args.txpim = ch->txpim;
204 txp_args.cfq = ch->cfq;
205 txp_args.ackm = ch->ackm;
206 txp_args.qsm = &ch->qsm;
207 txp_args.conn_txfc = &ch->conn_txfc;
208 txp_args.conn_rxfc = &ch->conn_rxfc;
209 txp_args.max_streams_bidi_rxfc = &ch->max_streams_bidi_rxfc;
210 txp_args.max_streams_uni_rxfc = &ch->max_streams_uni_rxfc;
211 txp_args.cc_method = ch->cc_method;
212 txp_args.cc_data = ch->cc_data;
213 txp_args.now = get_time;
214 txp_args.now_arg = ch;
215 /* Callback related arguments */
216 txp_args.msg_callback = ch->msg_callback;
217 txp_args.msg_callback_arg = ch->msg_callback_arg;
218 txp_args.msg_callback_s = ch->msg_callback_s;
220 for (pn_space = QUIC_PN_SPACE_INITIAL; pn_space < QUIC_PN_SPACE_NUM; ++pn_space) {
221 ch->crypto_send[pn_space] = ossl_quic_sstream_new(INIT_CRYPTO_BUF_LEN);
222 if (ch->crypto_send[pn_space] == NULL)
225 txp_args.crypto[pn_space] = ch->crypto_send[pn_space];
228 ch->txp = ossl_quic_tx_packetiser_new(&txp_args);
232 if ((ch->demux = ossl_quic_demux_new(/*BIO=*/NULL,
233 /*Short CID Len=*/rx_short_cid_len,
234 get_time, ch)) == NULL)
238 * If we are a server, setup our handler for packets not corresponding to
239 * any known DCID on our end. This is for handling clients establishing new
243 ossl_quic_demux_set_default_handler(ch->demux,
244 ch_default_packet_handler,
247 qrx_args.libctx = ch->libctx;
248 qrx_args.demux = ch->demux;
249 qrx_args.short_conn_id_len = rx_short_cid_len;
250 qrx_args.max_deferred = 32;
251 /* Callback related arguments */
252 qrx_args.msg_callback = ch->msg_callback;
253 qrx_args.msg_callback_arg = ch->msg_callback_arg;
254 qrx_args.msg_callback_s = ch->msg_callback_s;
256 if ((ch->qrx = ossl_qrx_new(&qrx_args)) == NULL)
259 if (!ossl_qrx_set_early_validation_cb(ch->qrx,
264 if (!ch->is_server && !ossl_qrx_add_dst_conn_id(ch->qrx, &txp_args.cur_scid))
267 for (pn_space = QUIC_PN_SPACE_INITIAL; pn_space < QUIC_PN_SPACE_NUM; ++pn_space) {
268 ch->crypto_recv[pn_space] = ossl_quic_rstream_new(NULL, NULL, 0);
269 if (ch->crypto_recv[pn_space] == NULL)
273 /* Plug in the TLS handshake layer. */
274 tls_args.s = ch->tls;
275 tls_args.crypto_send_cb = ch_on_crypto_send;
276 tls_args.crypto_send_cb_arg = ch;
277 tls_args.crypto_recv_rcd_cb = ch_on_crypto_recv_record;
278 tls_args.crypto_recv_rcd_cb_arg = ch;
279 tls_args.crypto_release_rcd_cb = ch_on_crypto_release_record;
280 tls_args.crypto_release_rcd_cb_arg = ch;
281 tls_args.yield_secret_cb = ch_on_handshake_yield_secret;
282 tls_args.yield_secret_cb_arg = ch;
283 tls_args.got_transport_params_cb = ch_on_transport_params;
284 tls_args.got_transport_params_cb_arg= ch;
285 tls_args.handshake_complete_cb = ch_on_handshake_complete;
286 tls_args.handshake_complete_cb_arg = ch;
287 tls_args.alert_cb = ch_on_handshake_alert;
288 tls_args.alert_cb_arg = ch;
289 tls_args.is_server = ch->is_server;
291 if ((ch->qtls = ossl_quic_tls_new(&tls_args)) == NULL)
294 ch->rx_max_ack_delay = QUIC_DEFAULT_MAX_ACK_DELAY;
295 ch->rx_ack_delay_exp = QUIC_DEFAULT_ACK_DELAY_EXP;
296 ch->rx_active_conn_id_limit = QUIC_MIN_ACTIVE_CONN_ID_LIMIT;
297 ch->max_idle_timeout = QUIC_DEFAULT_IDLE_TIMEOUT;
298 ch->tx_enc_level = QUIC_ENC_LEVEL_INITIAL;
299 ch->rx_enc_level = QUIC_ENC_LEVEL_INITIAL;
302 * Determine the QUIC Transport Parameters and serialize the transport
303 * parameters block. (For servers, we do this later as we must defer
304 * generation until we have received the client's transport parameters.)
306 if (!ch->is_server && !ch_generate_transport_params(ch))
310 ossl_quic_reactor_init(&ch->rtor, ch_tick, ch,
311 ch_determine_next_tick_deadline(ch));
319 static void ch_cleanup(QUIC_CHANNEL *ch)
323 if (ch->ackm != NULL)
324 for (pn_space = QUIC_PN_SPACE_INITIAL;
325 pn_space < QUIC_PN_SPACE_NUM;
327 ossl_ackm_on_pkt_space_discarded(ch->ackm, pn_space);
329 ossl_quic_tx_packetiser_free(ch->txp);
330 ossl_quic_txpim_free(ch->txpim);
331 ossl_quic_cfq_free(ch->cfq);
332 ossl_qtx_free(ch->qtx);
333 if (ch->cc_data != NULL)
334 ch->cc_method->free(ch->cc_data);
336 ossl_statm_destroy(&ch->statm);
337 ossl_ackm_free(ch->ackm);
340 ossl_quic_stream_map_cleanup(&ch->qsm);
342 for (pn_space = QUIC_PN_SPACE_INITIAL; pn_space < QUIC_PN_SPACE_NUM; ++pn_space) {
343 ossl_quic_sstream_free(ch->crypto_send[pn_space]);
344 ossl_quic_rstream_free(ch->crypto_recv[pn_space]);
347 ossl_qrx_pkt_release(ch->qrx_pkt);
350 ossl_quic_tls_free(ch->qtls);
351 ossl_qrx_free(ch->qrx);
352 ossl_quic_demux_free(ch->demux);
353 OPENSSL_free(ch->local_transport_params);
356 QUIC_CHANNEL *ossl_quic_channel_new(const QUIC_CHANNEL_ARGS *args)
358 QUIC_CHANNEL *ch = NULL;
360 if ((ch = OPENSSL_zalloc(sizeof(*ch))) == NULL)
363 ch->libctx = args->libctx;
364 ch->propq = args->propq;
365 ch->is_server = args->is_server;
367 ch->mutex = args->mutex;
368 ch->now_cb = args->now_cb;
369 ch->now_cb_arg = args->now_cb_arg;
370 ch->msg_callback = args->msg_callback;
371 ch->msg_callback_arg = args->msg_callback_arg;
372 ch->msg_callback_s = args->msg_callback_s;
382 void ossl_quic_channel_free(QUIC_CHANNEL *ch)
391 /* Set mutator callbacks for test framework support */
392 int ossl_quic_channel_set_mutator(QUIC_CHANNEL *ch,
393 ossl_mutate_packet_cb mutatecb,
394 ossl_finish_mutate_cb finishmutatecb,
400 ossl_qtx_set_mutator(ch->qtx, mutatecb, finishmutatecb, mutatearg);
404 int ossl_quic_channel_get_peer_addr(QUIC_CHANNEL *ch, BIO_ADDR *peer_addr)
406 *peer_addr = ch->cur_peer_addr;
410 int ossl_quic_channel_set_peer_addr(QUIC_CHANNEL *ch, const BIO_ADDR *peer_addr)
412 ch->cur_peer_addr = *peer_addr;
416 QUIC_REACTOR *ossl_quic_channel_get_reactor(QUIC_CHANNEL *ch)
421 QUIC_STREAM_MAP *ossl_quic_channel_get_qsm(QUIC_CHANNEL *ch)
426 OSSL_STATM *ossl_quic_channel_get_statm(QUIC_CHANNEL *ch)
431 QUIC_STREAM *ossl_quic_channel_get_stream_by_id(QUIC_CHANNEL *ch,
434 return ossl_quic_stream_map_get_by_id(&ch->qsm, stream_id);
437 int ossl_quic_channel_is_active(const QUIC_CHANNEL *ch)
439 return ch != NULL && ch->state == QUIC_CHANNEL_STATE_ACTIVE;
442 int ossl_quic_channel_is_terminating(const QUIC_CHANNEL *ch)
444 if (ch->state == QUIC_CHANNEL_STATE_TERMINATING_CLOSING
445 || ch->state == QUIC_CHANNEL_STATE_TERMINATING_DRAINING)
451 int ossl_quic_channel_is_terminated(const QUIC_CHANNEL *ch)
453 if (ch->state == QUIC_CHANNEL_STATE_TERMINATED)
459 int ossl_quic_channel_is_term_any(const QUIC_CHANNEL *ch)
461 return ossl_quic_channel_is_terminating(ch)
462 || ossl_quic_channel_is_terminated(ch);
465 const QUIC_TERMINATE_CAUSE *
466 ossl_quic_channel_get_terminate_cause(const QUIC_CHANNEL *ch)
468 return ossl_quic_channel_is_term_any(ch) ? &ch->terminate_cause : NULL;
471 int ossl_quic_channel_is_handshake_complete(const QUIC_CHANNEL *ch)
473 return ch->handshake_complete;
476 int ossl_quic_channel_is_handshake_confirmed(const QUIC_CHANNEL *ch)
478 return ch->handshake_confirmed;
481 QUIC_DEMUX *ossl_quic_channel_get0_demux(QUIC_CHANNEL *ch)
486 CRYPTO_MUTEX *ossl_quic_channel_get_mutex(QUIC_CHANNEL *ch)
492 * QUIC Channel: Callbacks from Miscellaneous Subsidiary Components
493 * ================================================================
496 /* Used by various components. */
497 static OSSL_TIME get_time(void *arg)
499 QUIC_CHANNEL *ch = arg;
501 if (ch->now_cb == NULL)
502 return ossl_time_now();
504 return ch->now_cb(ch->now_cb_arg);
508 static uint64_t get_stream_limit(int uni, void *arg)
510 QUIC_CHANNEL *ch = arg;
512 return uni ? ch->max_local_streams_uni : ch->max_local_streams_bidi;
516 * Called by QRX to determine if a packet is potentially invalid before trying
519 static int rx_early_validate(QUIC_PN pn, int pn_space, void *arg)
521 QUIC_CHANNEL *ch = arg;
523 /* Potential duplicates should not be processed. */
524 if (!ossl_ackm_is_rx_pn_processable(ch->ackm, pn, pn_space))
531 * QUIC Channel: Handshake Layer Event Handling
532 * ============================================
534 static int ch_on_crypto_send(const unsigned char *buf, size_t buf_len,
535 size_t *consumed, void *arg)
538 QUIC_CHANNEL *ch = arg;
539 uint32_t enc_level = ch->tx_enc_level;
540 uint32_t pn_space = ossl_quic_enc_level_to_pn_space(enc_level);
541 QUIC_SSTREAM *sstream = ch->crypto_send[pn_space];
543 if (!ossl_assert(sstream != NULL))
546 ret = ossl_quic_sstream_append(sstream, buf, buf_len, consumed);
550 static int crypto_ensure_empty(QUIC_RSTREAM *rstream)
558 if (!ossl_quic_rstream_available(rstream, &avail, &is_fin))
564 static int ch_on_crypto_recv_record(const unsigned char **buf,
565 size_t *bytes_read, void *arg)
567 QUIC_CHANNEL *ch = arg;
568 QUIC_RSTREAM *rstream;
569 int is_fin = 0; /* crypto stream is never finished, so we don't use this */
573 * After we move to a later EL we must not allow our peer to send any new
574 * bytes in the crypto stream on a previous EL. Retransmissions of old bytes
577 * In practice we will only move to a new EL when we have consumed all bytes
578 * which should be sent on the crypto stream at a previous EL. For example,
579 * the Handshake EL should not be provisioned until we have completely
580 * consumed a TLS 1.3 ServerHello. Thus when we provision an EL the output
581 * of ossl_quic_rstream_available() should be 0 for all lower ELs. Thus if a
582 * given EL is available we simply ensure we have not received any further
583 * bytes at a lower EL.
585 for (i = QUIC_ENC_LEVEL_INITIAL; i < ch->rx_enc_level; ++i)
586 if (i != QUIC_ENC_LEVEL_0RTT &&
587 !crypto_ensure_empty(ch->crypto_recv[ossl_quic_enc_level_to_pn_space(i)])) {
588 /* Protocol violation (RFC 9001 s. 4.1.3) */
589 ossl_quic_channel_raise_protocol_error(ch, QUIC_ERR_PROTOCOL_VIOLATION,
590 OSSL_QUIC_FRAME_TYPE_CRYPTO,
591 "crypto stream data in wrong EL");
595 rstream = ch->crypto_recv[ossl_quic_enc_level_to_pn_space(ch->rx_enc_level)];
599 return ossl_quic_rstream_get_record(rstream, buf, bytes_read,
603 static int ch_on_crypto_release_record(size_t bytes_read, void *arg)
605 QUIC_CHANNEL *ch = arg;
606 QUIC_RSTREAM *rstream;
608 rstream = ch->crypto_recv[ossl_quic_enc_level_to_pn_space(ch->rx_enc_level)];
612 return ossl_quic_rstream_release_record(rstream, bytes_read);
615 static int ch_on_handshake_yield_secret(uint32_t enc_level, int direction,
616 uint32_t suite_id, EVP_MD *md,
617 const unsigned char *secret,
621 QUIC_CHANNEL *ch = arg;
624 if (enc_level < QUIC_ENC_LEVEL_HANDSHAKE || enc_level >= QUIC_ENC_LEVEL_NUM)
631 if (enc_level <= ch->tx_enc_level)
633 * Does not make sense for us to try and provision an EL we have already
638 if (!ossl_qtx_provide_secret(ch->qtx, enc_level,
643 ch->tx_enc_level = enc_level;
646 if (enc_level <= ch->rx_enc_level)
648 * Does not make sense for us to try and provision an EL we have already
654 * Ensure all crypto streams for previous ELs are now empty of available
657 for (i = QUIC_ENC_LEVEL_INITIAL; i < enc_level; ++i)
658 if (!crypto_ensure_empty(ch->crypto_recv[ossl_quic_enc_level_to_pn_space(i)])) {
659 /* Protocol violation (RFC 9001 s. 4.1.3) */
660 ossl_quic_channel_raise_protocol_error(ch, QUIC_ERR_PROTOCOL_VIOLATION,
661 OSSL_QUIC_FRAME_TYPE_CRYPTO,
662 "crypto stream data in wrong EL");
666 if (!ossl_qrx_provide_secret(ch->qrx, enc_level,
671 ch->have_new_rx_secret = 1;
672 ch->rx_enc_level = enc_level;
678 static int ch_on_handshake_complete(void *arg)
680 QUIC_CHANNEL *ch = arg;
682 if (!ossl_assert(!ch->handshake_complete))
683 return 0; /* this should not happen twice */
685 if (!ossl_assert(ch->tx_enc_level == QUIC_ENC_LEVEL_1RTT))
688 if (!ch->got_remote_transport_params) {
690 * Was not a valid QUIC handshake if we did not get valid transport
693 ossl_quic_channel_raise_protocol_error(ch, QUIC_ERR_PROTOCOL_VIOLATION,
694 OSSL_QUIC_FRAME_TYPE_CRYPTO,
695 "no transport parameters received");
699 /* Don't need transport parameters anymore. */
700 OPENSSL_free(ch->local_transport_params);
701 ch->local_transport_params = NULL;
703 /* Tell TXP the handshake is complete. */
704 ossl_quic_tx_packetiser_notify_handshake_complete(ch->txp);
706 ch->handshake_complete = 1;
710 * On the server, the handshake is confirmed as soon as it is complete.
712 ossl_quic_channel_on_handshake_confirmed(ch);
714 ossl_quic_tx_packetiser_schedule_handshake_done(ch->txp);
720 static int ch_on_handshake_alert(void *arg, unsigned char alert_code)
722 QUIC_CHANNEL *ch = arg;
724 ossl_quic_channel_raise_protocol_error(ch, QUIC_ERR_CRYPTO_ERR_BEGIN + alert_code,
725 0, "handshake alert");
730 * QUIC Channel: Transport Parameter Handling
731 * ==========================================
735 * Called by handshake layer when we receive QUIC Transport Parameters from the
736 * peer. Note that these are not authenticated until the handshake is marked
739 #define TP_REASON_SERVER_ONLY(x) \
740 x " may not be sent by a client"
741 #define TP_REASON_DUP(x) \
742 x " appears multiple times"
743 #define TP_REASON_MALFORMED(x) \
745 #define TP_REASON_EXPECTED_VALUE(x) \
746 x " does not match expected value"
747 #define TP_REASON_NOT_RETRY(x) \
748 x " sent when not performing a retry"
749 #define TP_REASON_REQUIRED(x) \
750 x " was not sent but is required"
752 static void txfc_bump_cwm_bidi(QUIC_STREAM *s, void *arg)
754 if (!ossl_quic_stream_is_bidi(s)
755 || ossl_quic_stream_is_server_init(s))
758 ossl_quic_txfc_bump_cwm(&s->txfc, *(uint64_t *)arg);
761 static void txfc_bump_cwm_uni(QUIC_STREAM *s, void *arg)
763 if (ossl_quic_stream_is_bidi(s)
764 || ossl_quic_stream_is_server_init(s))
767 ossl_quic_txfc_bump_cwm(&s->txfc, *(uint64_t *)arg);
770 static void do_update(QUIC_STREAM *s, void *arg)
772 QUIC_CHANNEL *ch = arg;
774 ossl_quic_stream_map_update_state(&ch->qsm, s);
777 static int ch_on_transport_params(const unsigned char *params,
781 QUIC_CHANNEL *ch = arg;
785 const unsigned char *body;
786 int got_orig_dcid = 0;
787 int got_initial_scid = 0;
788 int got_retry_scid = 0;
789 int got_initial_max_data = 0;
790 int got_initial_max_stream_data_bidi_local = 0;
791 int got_initial_max_stream_data_bidi_remote = 0;
792 int got_initial_max_stream_data_uni = 0;
793 int got_initial_max_streams_bidi = 0;
794 int got_initial_max_streams_uni = 0;
795 int got_ack_delay_exp = 0;
796 int got_max_ack_delay = 0;
797 int got_max_udp_payload_size = 0;
798 int got_max_idle_timeout = 0;
799 int got_active_conn_id_limit = 0;
801 const char *reason = "bad transport parameter";
803 if (ch->got_remote_transport_params)
806 if (!PACKET_buf_init(&pkt, params, params_len))
809 while (PACKET_remaining(&pkt) > 0) {
810 if (!ossl_quic_wire_peek_transport_param(&pkt, &id))
814 case QUIC_TPARAM_ORIG_DCID:
816 reason = TP_REASON_DUP("ORIG_DCID");
821 reason = TP_REASON_SERVER_ONLY("ORIG_DCID");
825 if (!ossl_quic_wire_decode_transport_param_cid(&pkt, NULL, &cid)) {
826 reason = TP_REASON_MALFORMED("ORIG_DCID");
830 /* Must match our initial DCID. */
831 if (!ossl_quic_conn_id_eq(&ch->init_dcid, &cid)) {
832 reason = TP_REASON_EXPECTED_VALUE("ORIG_DCID");
839 case QUIC_TPARAM_RETRY_SCID:
841 reason = TP_REASON_SERVER_ONLY("RETRY_SCID");
845 if (got_retry_scid) {
846 reason = TP_REASON_DUP("RETRY_SCID");
850 if (!ch->doing_retry) {
851 reason = TP_REASON_NOT_RETRY("RETRY_SCID");
855 if (!ossl_quic_wire_decode_transport_param_cid(&pkt, NULL, &cid)) {
856 reason = TP_REASON_MALFORMED("RETRY_SCID");
860 /* Must match Retry packet SCID. */
861 if (!ossl_quic_conn_id_eq(&ch->retry_scid, &cid)) {
862 reason = TP_REASON_EXPECTED_VALUE("RETRY_SCID");
869 case QUIC_TPARAM_INITIAL_SCID:
870 if (got_initial_scid) {
871 /* must not appear more than once */
872 reason = TP_REASON_DUP("INITIAL_SCID");
876 if (!ossl_quic_wire_decode_transport_param_cid(&pkt, NULL, &cid)) {
877 reason = TP_REASON_MALFORMED("INITIAL_SCID");
881 /* Must match SCID of first Initial packet from server. */
882 if (!ossl_quic_conn_id_eq(&ch->init_scid, &cid)) {
883 reason = TP_REASON_EXPECTED_VALUE("INITIAL_SCID");
887 got_initial_scid = 1;
890 case QUIC_TPARAM_INITIAL_MAX_DATA:
891 if (got_initial_max_data) {
892 /* must not appear more than once */
893 reason = TP_REASON_DUP("INITIAL_MAX_DATA");
897 if (!ossl_quic_wire_decode_transport_param_int(&pkt, &id, &v)) {
898 reason = TP_REASON_MALFORMED("INITIAL_MAX_DATA");
902 ossl_quic_txfc_bump_cwm(&ch->conn_txfc, v);
903 got_initial_max_data = 1;
906 case QUIC_TPARAM_INITIAL_MAX_STREAM_DATA_BIDI_LOCAL:
907 if (got_initial_max_stream_data_bidi_local) {
908 /* must not appear more than once */
909 reason = TP_REASON_DUP("INITIAL_MAX_STREAM_DATA_BIDI_LOCAL");
913 if (!ossl_quic_wire_decode_transport_param_int(&pkt, &id, &v)) {
914 reason = TP_REASON_MALFORMED("INITIAL_MAX_STREAM_DATA_BIDI_LOCAL");
919 * This is correct; the BIDI_LOCAL TP governs streams created by
920 * the endpoint which sends the TP, i.e., our peer.
922 ch->rx_init_max_stream_data_bidi_remote = v;
923 got_initial_max_stream_data_bidi_local = 1;
926 case QUIC_TPARAM_INITIAL_MAX_STREAM_DATA_BIDI_REMOTE:
927 if (got_initial_max_stream_data_bidi_remote) {
928 /* must not appear more than once */
929 reason = TP_REASON_DUP("INITIAL_MAX_STREAM_DATA_BIDI_REMOTE");
933 if (!ossl_quic_wire_decode_transport_param_int(&pkt, &id, &v)) {
934 reason = TP_REASON_MALFORMED("INITIAL_MAX_STREAM_DATA_BIDI_REMOTE");
939 * This is correct; the BIDI_REMOTE TP governs streams created
940 * by the endpoint which receives the TP, i.e., us.
942 ch->rx_init_max_stream_data_bidi_local = v;
944 /* Apply to all existing streams. */
945 ossl_quic_stream_map_visit(&ch->qsm, txfc_bump_cwm_bidi, &v);
946 got_initial_max_stream_data_bidi_remote = 1;
949 case QUIC_TPARAM_INITIAL_MAX_STREAM_DATA_UNI:
950 if (got_initial_max_stream_data_uni) {
951 /* must not appear more than once */
952 reason = TP_REASON_DUP("INITIAL_MAX_STREAM_DATA_UNI");
956 if (!ossl_quic_wire_decode_transport_param_int(&pkt, &id, &v)) {
957 reason = TP_REASON_MALFORMED("INITIAL_MAX_STREAM_DATA_UNI");
961 ch->rx_init_max_stream_data_uni = v;
963 /* Apply to all existing streams. */
964 ossl_quic_stream_map_visit(&ch->qsm, txfc_bump_cwm_uni, &v);
965 got_initial_max_stream_data_uni = 1;
968 case QUIC_TPARAM_ACK_DELAY_EXP:
969 if (got_ack_delay_exp) {
970 /* must not appear more than once */
971 reason = TP_REASON_DUP("ACK_DELAY_EXP");
975 if (!ossl_quic_wire_decode_transport_param_int(&pkt, &id, &v)
976 || v > QUIC_MAX_ACK_DELAY_EXP) {
977 reason = TP_REASON_MALFORMED("ACK_DELAY_EXP");
981 ch->rx_ack_delay_exp = (unsigned char)v;
982 got_ack_delay_exp = 1;
985 case QUIC_TPARAM_MAX_ACK_DELAY:
986 if (got_max_ack_delay) {
987 /* must not appear more than once */
988 reason = TP_REASON_DUP("MAX_ACK_DELAY");
992 if (!ossl_quic_wire_decode_transport_param_int(&pkt, &id, &v)
993 || v >= (((uint64_t)1) << 14)) {
994 reason = TP_REASON_MALFORMED("MAX_ACK_DELAY");
998 ch->rx_max_ack_delay = v;
999 got_max_ack_delay = 1;
1002 case QUIC_TPARAM_INITIAL_MAX_STREAMS_BIDI:
1003 if (got_initial_max_streams_bidi) {
1004 /* must not appear more than once */
1005 reason = TP_REASON_DUP("INITIAL_MAX_STREAMS_BIDI");
1009 if (!ossl_quic_wire_decode_transport_param_int(&pkt, &id, &v)
1010 || v > (((uint64_t)1) << 60)) {
1011 reason = TP_REASON_MALFORMED("INITIAL_MAX_STREAMS_BIDI");
1015 assert(ch->max_local_streams_bidi == 0);
1016 ch->max_local_streams_bidi = v;
1017 got_initial_max_streams_bidi = 1;
1020 case QUIC_TPARAM_INITIAL_MAX_STREAMS_UNI:
1021 if (got_initial_max_streams_uni) {
1022 /* must not appear more than once */
1023 reason = TP_REASON_DUP("INITIAL_MAX_STREAMS_UNI");
1027 if (!ossl_quic_wire_decode_transport_param_int(&pkt, &id, &v)
1028 || v > (((uint64_t)1) << 60)) {
1029 reason = TP_REASON_MALFORMED("INITIAL_MAX_STREAMS_UNI");
1033 assert(ch->max_local_streams_uni == 0);
1034 ch->max_local_streams_uni = v;
1035 got_initial_max_streams_uni = 1;
1038 case QUIC_TPARAM_MAX_IDLE_TIMEOUT:
1039 if (got_max_idle_timeout) {
1040 /* must not appear more than once */
1041 reason = TP_REASON_DUP("MAX_IDLE_TIMEOUT");
1045 if (!ossl_quic_wire_decode_transport_param_int(&pkt, &id, &v)) {
1046 reason = TP_REASON_MALFORMED("MAX_IDLE_TIMEOUT");
1050 if (v > 0 && v < ch->max_idle_timeout)
1051 ch->max_idle_timeout = v;
1054 got_max_idle_timeout = 1;
1057 case QUIC_TPARAM_MAX_UDP_PAYLOAD_SIZE:
1058 if (got_max_udp_payload_size) {
1059 /* must not appear more than once */
1060 reason = TP_REASON_DUP("MAX_UDP_PAYLOAD_SIZE");
1064 if (!ossl_quic_wire_decode_transport_param_int(&pkt, &id, &v)
1065 || v < QUIC_MIN_INITIAL_DGRAM_LEN) {
1066 reason = TP_REASON_MALFORMED("MAX_UDP_PAYLOAD_SIZE");
1070 ch->rx_max_udp_payload_size = v;
1071 got_max_udp_payload_size = 1;
1074 case QUIC_TPARAM_ACTIVE_CONN_ID_LIMIT:
1075 if (got_active_conn_id_limit) {
1076 /* must not appear more than once */
1077 reason = TP_REASON_DUP("ACTIVE_CONN_ID_LIMIT");
1081 if (!ossl_quic_wire_decode_transport_param_int(&pkt, &id, &v)
1082 || v < QUIC_MIN_ACTIVE_CONN_ID_LIMIT) {
1083 reason = TP_REASON_MALFORMED("ACTIVE_CONN_ID_LIMIT");
1087 ch->rx_active_conn_id_limit = v;
1088 got_active_conn_id_limit = 1;
1091 case QUIC_TPARAM_STATELESS_RESET_TOKEN:
1092 /* TODO(QUIC): Handle stateless reset tokens. */
1094 * We ignore these for now, but we must ensure a client doesn't
1097 if (ch->is_server) {
1098 reason = TP_REASON_SERVER_ONLY("STATELESS_RESET_TOKEN");
1102 body = ossl_quic_wire_decode_transport_param_bytes(&pkt, &id, &len);
1103 if (body == NULL || len != QUIC_STATELESS_RESET_TOKEN_LEN) {
1104 reason = TP_REASON_MALFORMED("STATELESS_RESET_TOKEN");
1110 case QUIC_TPARAM_PREFERRED_ADDR:
1111 /* TODO(QUIC): Handle preferred address. */
1112 if (ch->is_server) {
1113 reason = TP_REASON_SERVER_ONLY("PREFERRED_ADDR");
1117 body = ossl_quic_wire_decode_transport_param_bytes(&pkt, &id, &len);
1119 reason = TP_REASON_MALFORMED("PREFERRED_ADDR");
1125 case QUIC_TPARAM_DISABLE_ACTIVE_MIGRATION:
1126 /* We do not currently handle migration, so nothing to do. */
1128 /* Skip over and ignore. */
1129 body = ossl_quic_wire_decode_transport_param_bytes(&pkt, &id,
1138 if (!got_initial_scid) {
1139 reason = TP_REASON_REQUIRED("INITIAL_SCID");
1143 if (!ch->is_server) {
1144 if (!got_orig_dcid) {
1145 reason = TP_REASON_REQUIRED("ORIG_DCID");
1149 if (ch->doing_retry && !got_retry_scid) {
1150 reason = TP_REASON_REQUIRED("RETRY_SCID");
1155 ch->got_remote_transport_params = 1;
1157 if (got_initial_max_data || got_initial_max_stream_data_bidi_remote
1158 || got_initial_max_streams_bidi || got_initial_max_streams_uni)
1160 * If FC credit was bumped, we may now be able to send. Update all
1163 ossl_quic_stream_map_visit(&ch->qsm, do_update, ch);
1165 /* If we are a server, we now generate our own transport parameters. */
1166 if (ch->is_server && !ch_generate_transport_params(ch)) {
1167 ossl_quic_channel_raise_protocol_error(ch, QUIC_ERR_INTERNAL_ERROR, 0,
1175 ossl_quic_channel_raise_protocol_error(ch, QUIC_ERR_TRANSPORT_PARAMETER_ERROR,
1181 * Called when we want to generate transport parameters. This is called
1182 * immediately at instantiation time for a client and after we receive the
1183 * client's transport parameters for a server.
1185 static int ch_generate_transport_params(QUIC_CHANNEL *ch)
1188 BUF_MEM *buf_mem = NULL;
1193 if (ch->local_transport_params != NULL)
1196 if ((buf_mem = BUF_MEM_new()) == NULL)
1199 if (!WPACKET_init(&wpkt, buf_mem))
1204 if (ossl_quic_wire_encode_transport_param_bytes(&wpkt, QUIC_TPARAM_DISABLE_ACTIVE_MIGRATION,
1208 if (ch->is_server) {
1209 if (!ossl_quic_wire_encode_transport_param_cid(&wpkt, QUIC_TPARAM_ORIG_DCID,
1213 if (!ossl_quic_wire_encode_transport_param_cid(&wpkt, QUIC_TPARAM_INITIAL_SCID,
1214 &ch->cur_local_cid))
1217 /* Client always uses an empty SCID. */
1218 if (ossl_quic_wire_encode_transport_param_bytes(&wpkt, QUIC_TPARAM_INITIAL_SCID,
1223 if (!ossl_quic_wire_encode_transport_param_int(&wpkt, QUIC_TPARAM_MAX_IDLE_TIMEOUT,
1224 ch->max_idle_timeout))
1227 if (!ossl_quic_wire_encode_transport_param_int(&wpkt, QUIC_TPARAM_MAX_UDP_PAYLOAD_SIZE,
1228 QUIC_MIN_INITIAL_DGRAM_LEN))
1231 if (!ossl_quic_wire_encode_transport_param_int(&wpkt, QUIC_TPARAM_ACTIVE_CONN_ID_LIMIT,
1235 if (!ossl_quic_wire_encode_transport_param_int(&wpkt, QUIC_TPARAM_INITIAL_MAX_DATA,
1236 ossl_quic_rxfc_get_cwm(&ch->conn_rxfc)))
1239 /* Send the default CWM for a new RXFC. */
1240 if (!ossl_quic_wire_encode_transport_param_int(&wpkt, QUIC_TPARAM_INITIAL_MAX_STREAM_DATA_BIDI_LOCAL,
1241 ch->tx_init_max_stream_data_bidi_local))
1244 if (!ossl_quic_wire_encode_transport_param_int(&wpkt, QUIC_TPARAM_INITIAL_MAX_STREAM_DATA_BIDI_REMOTE,
1245 ch->tx_init_max_stream_data_bidi_remote))
1248 if (!ossl_quic_wire_encode_transport_param_int(&wpkt, QUIC_TPARAM_INITIAL_MAX_STREAM_DATA_UNI,
1249 ch->tx_init_max_stream_data_uni))
1252 if (!ossl_quic_wire_encode_transport_param_int(&wpkt, QUIC_TPARAM_INITIAL_MAX_STREAMS_BIDI,
1253 ossl_quic_rxfc_get_cwm(&ch->max_streams_bidi_rxfc)))
1256 if (!ossl_quic_wire_encode_transport_param_int(&wpkt, QUIC_TPARAM_INITIAL_MAX_STREAMS_UNI,
1257 ossl_quic_rxfc_get_cwm(&ch->max_streams_uni_rxfc)))
1260 if (!WPACKET_finish(&wpkt))
1265 if (!WPACKET_get_total_written(&wpkt, &buf_len))
1268 ch->local_transport_params = (unsigned char *)buf_mem->data;
1269 buf_mem->data = NULL;
1272 if (!ossl_quic_tls_set_transport_params(ch->qtls, ch->local_transport_params,
1279 WPACKET_cleanup(&wpkt);
1280 BUF_MEM_free(buf_mem);
1285 * QUIC Channel: Ticker-Mutator
1286 * ============================
1290 * The central ticker function called by the reactor. This does everything, or
1291 * at least everything network I/O related. Best effort - not allowed to fail
1294 static void ch_tick(QUIC_TICK_RESULT *res, void *arg, uint32_t flags)
1296 OSSL_TIME now, deadline;
1297 QUIC_CHANNEL *ch = arg;
1298 int channel_only = (flags & QUIC_REACTOR_TICK_FLAG_CHANNEL_ONLY) != 0;
1301 * When we tick the QUIC connection, we do everything we need to do
1302 * periodically. In order, we:
1304 * - handle any incoming data from the network;
1305 * - handle any timer events which are due to fire (ACKM, etc.)
1306 * - write any data to the network due to be sent, to the extent
1308 * - determine the time at which we should next be ticked.
1311 /* If we are in the TERMINATED state, there is nothing to do. */
1312 if (ossl_quic_channel_is_terminated(ch)) {
1313 res->net_read_desired = 0;
1314 res->net_write_desired = 0;
1315 res->tick_deadline = ossl_time_infinite();
1320 * If we are in the TERMINATING state, check if the terminating timer has
1323 if (ossl_quic_channel_is_terminating(ch)) {
1326 if (ossl_time_compare(now, ch->terminate_deadline) >= 0) {
1327 ch_on_terminating_timeout(ch);
1328 res->net_read_desired = 0;
1329 res->net_write_desired = 0;
1330 res->tick_deadline = ossl_time_infinite();
1331 return; /* abort normal processing, nothing to do */
1335 /* Handle any incoming data from network. */
1339 /* Process queued incoming packets. */
1343 * Allow the handshake layer to check for any new incoming data and generate
1344 * new outgoing data.
1346 ch->have_new_rx_secret = 0;
1348 ossl_quic_tls_tick(ch->qtls);
1351 * If the handshake layer gave us a new secret, we need to do RX again
1352 * because packets that were not previously processable and were
1353 * deferred might now be processable.
1355 * TODO(QUIC): Consider handling this in the yield_secret callback.
1357 } while (ch->have_new_rx_secret);
1360 * Handle any timer events which are due to fire; namely, the loss detection
1361 * deadline and the idle timeout.
1363 * ACKM ACK generation deadline is polled by TXP, so we don't need to handle
1367 if (ossl_time_compare(now, ch->idle_deadline) >= 0) {
1369 * Idle timeout differs from normal protocol violation because we do not
1370 * send a CONN_CLOSE frame; go straight to TERMINATED.
1372 ch_on_idle_timeout(ch);
1373 res->net_read_desired = 0;
1374 res->net_write_desired = 0;
1375 res->tick_deadline = ossl_time_infinite();
1379 deadline = ossl_ackm_get_loss_detection_deadline(ch->ackm);
1380 if (!ossl_time_is_zero(deadline) && ossl_time_compare(now, deadline) >= 0)
1381 ossl_ackm_on_timeout(ch->ackm);
1383 /* If a ping is due, inform TXP. */
1384 if (ossl_time_compare(now, ch->ping_deadline) >= 0) {
1385 int pn_space = ossl_quic_enc_level_to_pn_space(ch->tx_enc_level);
1387 ossl_quic_tx_packetiser_schedule_ack_eliciting(ch->txp, pn_space);
1390 /* Write any data to the network due to be sent. */
1394 ossl_quic_stream_map_gc(&ch->qsm);
1396 /* Determine the time at which we should next be ticked. */
1397 res->tick_deadline = ch_determine_next_tick_deadline(ch);
1400 * Always process network input unless we are now terminated.
1401 * Although we had not terminated at the beginning of this tick, network
1402 * errors in ch_rx_pre() or ch_tx() may have caused us to transition to the
1405 res->net_read_desired = !ossl_quic_channel_is_terminated(ch);
1407 /* We want to write to the network if we have any in our queue. */
1408 res->net_write_desired
1409 = (!ossl_quic_channel_is_terminated(ch)
1410 && ossl_qtx_get_queue_len_datagrams(ch->qtx) > 0);
1413 /* Process incoming datagrams, if any. */
1414 static void ch_rx_pre(QUIC_CHANNEL *ch)
1418 if (!ch->is_server && !ch->have_sent_any_pkt)
1422 * Get DEMUX to BIO_recvmmsg from the network and queue incoming datagrams
1423 * to the appropriate QRX instance.
1425 ret = ossl_quic_demux_pump(ch->demux);
1426 if (ret == QUIC_DEMUX_PUMP_RES_PERMANENT_FAIL)
1428 * We don't care about transient failure, but permanent failure means we
1429 * should tear down the connection as though a protocol violation
1430 * occurred. Skip straight to the Terminating state as there is no point
1431 * trying to send CONNECTION_CLOSE frames if the network BIO is not
1432 * operating correctly.
1434 ch_raise_net_error(ch);
1437 /* Process queued incoming packets and handle frames, if any. */
1438 static int ch_rx(QUIC_CHANNEL *ch)
1440 int handled_any = 0;
1442 if (!ch->is_server && !ch->have_sent_any_pkt)
1444 * We have not sent anything yet, therefore there is no need to check
1445 * for incoming data.
1450 assert(ch->qrx_pkt == NULL);
1452 if (!ossl_qrx_read_pkt(ch->qrx, &ch->qrx_pkt))
1458 ch_rx_handle_packet(ch); /* best effort */
1461 * Regardless of the outcome of frame handling, unref the packet.
1462 * This will free the packet unless something added another
1463 * reference to it during frame processing.
1465 ossl_qrx_pkt_release(ch->qrx_pkt);
1468 ch->have_sent_ack_eliciting_since_rx = 0;
1473 * When in TERMINATING - CLOSING, generate a CONN_CLOSE frame whenever we
1474 * process one or more incoming packets.
1476 if (handled_any && ch->state == QUIC_CHANNEL_STATE_TERMINATING_CLOSING)
1477 ch->conn_close_queued = 1;
1482 /* Handles the packet currently in ch->qrx_pkt->hdr. */
1483 static void ch_rx_handle_packet(QUIC_CHANNEL *ch)
1487 assert(ch->qrx_pkt != NULL);
1489 if (ossl_quic_pkt_type_is_encrypted(ch->qrx_pkt->hdr->type)) {
1490 if (!ch->have_received_enc_pkt) {
1491 ch->cur_remote_dcid = ch->init_scid = ch->qrx_pkt->hdr->src_conn_id;
1492 ch->have_received_enc_pkt = 1;
1495 * We change to using the SCID in the first Initial packet as the
1498 ossl_quic_tx_packetiser_set_cur_dcid(ch->txp, &ch->init_scid);
1501 enc_level = ossl_quic_pkt_type_to_enc_level(ch->qrx_pkt->hdr->type);
1502 if ((ch->el_discarded & (1U << enc_level)) != 0)
1503 /* Do not process packets from ELs we have already discarded. */
1507 /* Handle incoming packet. */
1508 switch (ch->qrx_pkt->hdr->type) {
1509 case QUIC_PKT_TYPE_RETRY:
1510 if (ch->doing_retry || ch->is_server)
1512 * It is not allowed to ask a client to do a retry more than
1513 * once. Clients may not send retries.
1517 if (ch->qrx_pkt->hdr->len <= QUIC_RETRY_INTEGRITY_TAG_LEN)
1518 /* Packets with zero-length Retry Tokens are invalid. */
1522 * TODO(QUIC): Theoretically this should probably be in the QRX.
1523 * However because validation is dependent on context (namely the
1524 * client's initial DCID) we can't do this cleanly. In the future we
1525 * should probably add a callback to the QRX to let it call us (via
1526 * the DEMUX) and ask us about the correct original DCID, rather
1527 * than allow the QRX to emit a potentially malformed packet to the
1528 * upper layers. However, special casing this will do for now.
1530 if (!ossl_quic_validate_retry_integrity_tag(ch->libctx,
1534 /* Malformed retry packet, ignore. */
1537 ch_retry(ch, ch->qrx_pkt->hdr->data,
1538 ch->qrx_pkt->hdr->len - QUIC_RETRY_INTEGRITY_TAG_LEN,
1539 &ch->qrx_pkt->hdr->src_conn_id);
1542 case QUIC_PKT_TYPE_0RTT:
1544 /* Clients should never receive 0-RTT packets. */
1548 * TODO(QUIC): Implement 0-RTT on the server side. We currently do
1549 * not need to implement this as a client can only do 0-RTT if we
1550 * have given it permission to in a previous session.
1554 case QUIC_PKT_TYPE_INITIAL:
1555 case QUIC_PKT_TYPE_HANDSHAKE:
1556 case QUIC_PKT_TYPE_1RTT:
1557 if (ch->qrx_pkt->hdr->type == QUIC_PKT_TYPE_HANDSHAKE)
1559 * We automatically drop INITIAL EL keys when first successfully
1560 * decrypting a HANDSHAKE packet, as per the RFC.
1562 ch_discard_el(ch, QUIC_ENC_LEVEL_INITIAL);
1564 /* This packet contains frames, pass to the RXDP. */
1565 ossl_quic_handle_frames(ch, ch->qrx_pkt); /* best effort */
1575 * This is called by the demux when we get a packet not destined for any known
1578 static void ch_default_packet_handler(QUIC_URXE *e, void *arg)
1580 QUIC_CHANNEL *ch = arg;
1584 if (!ossl_assert(ch->is_server))
1588 * We only support one connection to our server currently, so if we already
1589 * started one, ignore any new connection attempts.
1591 if (ch->state != QUIC_CHANNEL_STATE_IDLE)
1595 * We have got a packet for an unknown DCID. This might be an attempt to
1596 * open a new connection.
1598 if (e->data_len < QUIC_MIN_INITIAL_DGRAM_LEN)
1601 if (!PACKET_buf_init(&pkt, ossl_quic_urxe_data(e), e->data_len))
1605 * We set short_conn_id_len to SIZE_MAX here which will cause the decode
1606 * operation to fail if we get a 1-RTT packet. This is fine since we only
1607 * care about Initial packets.
1609 if (!ossl_quic_wire_decode_pkt_hdr(&pkt, SIZE_MAX, 1, 0, &hdr, NULL))
1612 switch (hdr.version) {
1613 case QUIC_VERSION_1:
1616 case QUIC_VERSION_NONE:
1618 /* Unknown version or proactive version negotiation request, bail. */
1619 /* TODO(QUIC): Handle version negotiation on server side */
1624 * We only care about Initial packets which might be trying to establish a
1627 if (hdr.type != QUIC_PKT_TYPE_INITIAL)
1631 * Assume this is a valid attempt to initiate a connection.
1633 * We do not register the DCID in the initial packet we received and that
1634 * DCID is not actually used again, thus after provisioning the correct
1635 * Initial keys derived from it (which is done in the call below) we pass
1636 * the received packet directly to the QRX so that it can process it as a
1637 * one-time thing, instead of going through the usual DEMUX DCID-based
1640 if (!ch_server_on_new_conn(ch, &e->peer,
1645 ossl_qrx_inject_urxe(ch->qrx, e);
1649 ossl_quic_channel_raise_protocol_error(ch, QUIC_ERR_INTERNAL_ERROR, 0,
1652 ossl_quic_demux_release_urxe(ch->demux, e);
1655 /* Try to generate packets and if possible, flush them to the network. */
1656 static int ch_tx(QUIC_CHANNEL *ch)
1658 int sent_ack_eliciting = 0;
1660 if (ch->state == QUIC_CHANNEL_STATE_TERMINATING_CLOSING) {
1662 * While closing, only send CONN_CLOSE if we've received more traffic
1663 * from the peer. Once we tell the TXP to generate CONN_CLOSE, all
1664 * future calls to it generate CONN_CLOSE frames, so otherwise we would
1665 * just constantly generate CONN_CLOSE frames.
1667 if (!ch->conn_close_queued)
1670 ch->conn_close_queued = 0;
1674 * Send a packet, if we need to. Best effort. The TXP consults the CC and
1675 * applies any limitations imposed by it, so we don't need to do it here.
1677 * Best effort. In particular if TXP fails for some reason we should still
1678 * flush any queued packets which we already generated.
1680 switch (ossl_quic_tx_packetiser_generate(ch->txp,
1681 TX_PACKETISER_ARCHETYPE_NORMAL,
1682 &sent_ack_eliciting)) {
1683 case TX_PACKETISER_RES_SENT_PKT:
1684 ch->have_sent_any_pkt = 1; /* Packet was sent */
1687 * RFC 9000 s. 10.1. 'An endpoint also restarts its idle timer when
1688 * sending an ack-eliciting packet if no other ack-eliciting packets
1689 * have been sent since last receiving and processing a packet.'
1691 if (sent_ack_eliciting && !ch->have_sent_ack_eliciting_since_rx) {
1693 ch->have_sent_ack_eliciting_since_rx = 1;
1696 ch_update_ping_deadline(ch);
1699 case TX_PACKETISER_RES_NO_PKT:
1700 break; /* No packet was sent */
1702 ossl_quic_channel_raise_protocol_error(ch, QUIC_ERR_INTERNAL_ERROR, 0,
1704 break; /* Internal failure (e.g. allocation, assertion) */
1707 /* Flush packets to network. */
1708 switch (ossl_qtx_flush_net(ch->qtx)) {
1709 case QTX_FLUSH_NET_RES_OK:
1710 case QTX_FLUSH_NET_RES_TRANSIENT_FAIL:
1711 /* Best effort, done for now. */
1714 case QTX_FLUSH_NET_RES_PERMANENT_FAIL:
1716 /* Permanent underlying network BIO, start terminating. */
1717 ch_raise_net_error(ch);
1724 /* Determine next tick deadline. */
1725 static OSSL_TIME ch_determine_next_tick_deadline(QUIC_CHANNEL *ch)
1730 if (ossl_quic_channel_is_terminated(ch))
1731 return ossl_time_infinite();
1733 deadline = ossl_ackm_get_loss_detection_deadline(ch->ackm);
1734 if (ossl_time_is_zero(deadline))
1735 deadline = ossl_time_infinite();
1737 for (pn_space = QUIC_PN_SPACE_INITIAL; pn_space < QUIC_PN_SPACE_NUM; ++pn_space)
1738 deadline = ossl_time_min(deadline,
1739 ossl_ackm_get_ack_deadline(ch->ackm, pn_space));
1741 /* When will CC let us send more? */
1742 if (ossl_quic_tx_packetiser_has_pending(ch->txp, TX_PACKETISER_ARCHETYPE_NORMAL,
1743 TX_PACKETISER_BYPASS_CC))
1744 deadline = ossl_time_min(deadline,
1745 ch->cc_method->get_wakeup_deadline(ch->cc_data));
1747 /* Is the terminating timer armed? */
1748 if (ossl_quic_channel_is_terminating(ch))
1749 deadline = ossl_time_min(deadline,
1750 ch->terminate_deadline);
1751 else if (!ossl_time_is_infinite(ch->idle_deadline))
1752 deadline = ossl_time_min(deadline,
1756 * When do we need to send an ACK-eliciting packet to reset the idle
1757 * deadline timer for the peer?
1759 if (!ossl_time_is_infinite(ch->ping_deadline))
1760 deadline = ossl_time_min(deadline,
1767 * QUIC Channel: Network BIO Configuration
1768 * =======================================
1771 /* Determines whether we can support a given poll descriptor. */
1772 static int validate_poll_descriptor(const BIO_POLL_DESCRIPTOR *d)
1774 if (d->type == BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD && d->value.fd < 0)
1780 BIO *ossl_quic_channel_get_net_rbio(QUIC_CHANNEL *ch)
1782 return ch->net_rbio;
1785 BIO *ossl_quic_channel_get_net_wbio(QUIC_CHANNEL *ch)
1787 return ch->net_wbio;
1791 * QUIC_CHANNEL does not ref any BIO it is provided with, nor is any ref
1792 * transferred to it. The caller (i.e., QUIC_CONNECTION) is responsible for
1793 * ensuring the BIO lasts until the channel is freed or the BIO is switched out
1794 * for another BIO by a subsequent successful call to this function.
1796 int ossl_quic_channel_set_net_rbio(QUIC_CHANNEL *ch, BIO *net_rbio)
1798 BIO_POLL_DESCRIPTOR d = {0};
1800 if (ch->net_rbio == net_rbio)
1803 if (net_rbio != NULL) {
1804 if (!BIO_get_rpoll_descriptor(net_rbio, &d))
1805 /* Non-pollable BIO */
1806 d.type = BIO_POLL_DESCRIPTOR_TYPE_NONE;
1808 if (!validate_poll_descriptor(&d))
1812 ossl_quic_reactor_set_poll_r(&ch->rtor, &d);
1813 ossl_quic_demux_set_bio(ch->demux, net_rbio);
1814 ch->net_rbio = net_rbio;
1818 int ossl_quic_channel_set_net_wbio(QUIC_CHANNEL *ch, BIO *net_wbio)
1820 BIO_POLL_DESCRIPTOR d = {0};
1822 if (ch->net_wbio == net_wbio)
1825 if (net_wbio != NULL) {
1826 if (!BIO_get_wpoll_descriptor(net_wbio, &d))
1827 /* Non-pollable BIO */
1828 d.type = BIO_POLL_DESCRIPTOR_TYPE_NONE;
1830 if (!validate_poll_descriptor(&d))
1834 ossl_quic_reactor_set_poll_w(&ch->rtor, &d);
1835 ossl_qtx_set_bio(ch->qtx, net_wbio);
1836 ch->net_wbio = net_wbio;
1841 * QUIC Channel: Lifecycle Events
1842 * ==============================
1844 int ossl_quic_channel_start(QUIC_CHANNEL *ch)
1848 * This is not used by the server. The server moves to active
1849 * automatically on receiving an incoming connection.
1853 if (ch->state != QUIC_CHANNEL_STATE_IDLE)
1854 /* Calls to connect are idempotent */
1857 /* Inform QTX of peer address. */
1858 if (!ossl_quic_tx_packetiser_set_peer(ch->txp, &ch->cur_peer_addr))
1861 /* Plug in secrets for the Initial EL. */
1862 if (!ossl_quic_provide_initial_secret(ch->libctx,
1870 ch->state = QUIC_CHANNEL_STATE_ACTIVE;
1871 ch->doing_proactive_ver_neg = 0; /* not currently supported */
1873 /* Handshake layer: start (e.g. send CH). */
1874 if (!ossl_quic_tls_tick(ch->qtls))
1877 ossl_quic_reactor_tick(&ch->rtor, 0); /* best effort */
1881 /* Start a locally initiated connection shutdown. */
1882 void ossl_quic_channel_local_close(QUIC_CHANNEL *ch, uint64_t app_error_code)
1884 QUIC_TERMINATE_CAUSE tcause = {0};
1886 if (ossl_quic_channel_is_term_any(ch))
1890 tcause.error_code = app_error_code;
1891 ch_start_terminating(ch, &tcause, 0);
1894 static void free_token(const unsigned char *buf, size_t buf_len, void *arg)
1896 OPENSSL_free((unsigned char *)buf);
1899 /* Called when a server asks us to do a retry. */
1900 static int ch_retry(QUIC_CHANNEL *ch,
1901 const unsigned char *retry_token,
1902 size_t retry_token_len,
1903 const QUIC_CONN_ID *retry_scid)
1907 /* We change to using the SCID in the Retry packet as the DCID. */
1908 if (!ossl_quic_tx_packetiser_set_cur_dcid(ch->txp, retry_scid))
1912 * Now we retry. We will release the Retry packet immediately, so copy
1915 if ((buf = OPENSSL_memdup(retry_token, retry_token_len)) == NULL)
1918 ossl_quic_tx_packetiser_set_initial_token(ch->txp, buf, retry_token_len,
1921 ch->retry_scid = *retry_scid;
1922 ch->doing_retry = 1;
1925 * We need to stimulate the Initial EL to generate the first CRYPTO frame
1926 * again. We can do this most cleanly by simply forcing the ACKM to consider
1927 * the first Initial packet as lost, which it effectively was as the server
1928 * hasn't processed it. This also maintains the desired behaviour with e.g.
1929 * PNs not resetting and so on.
1931 * The PN we used initially is always zero, because QUIC does not allow
1934 if (!ossl_ackm_mark_packet_pseudo_lost(ch->ackm, QUIC_PN_SPACE_INITIAL,
1939 * Plug in new secrets for the Initial EL. This is the only time we change
1940 * the secrets for an EL after we already provisioned it.
1942 if (!ossl_quic_provide_initial_secret(ch->libctx,
1952 /* Called when an EL is to be discarded. */
1953 static int ch_discard_el(QUIC_CHANNEL *ch,
1956 if (!ossl_assert(enc_level < QUIC_ENC_LEVEL_1RTT))
1959 if ((ch->el_discarded & (1U << enc_level)) != 0)
1963 /* Best effort for all of these. */
1964 ossl_quic_tx_packetiser_discard_enc_level(ch->txp, enc_level);
1965 ossl_qrx_discard_enc_level(ch->qrx, enc_level);
1966 ossl_qtx_discard_enc_level(ch->qtx, enc_level);
1968 if (enc_level != QUIC_ENC_LEVEL_0RTT) {
1969 uint32_t pn_space = ossl_quic_enc_level_to_pn_space(enc_level);
1971 ossl_ackm_on_pkt_space_discarded(ch->ackm, pn_space);
1973 /* We should still have crypto streams at this point. */
1974 if (!ossl_assert(ch->crypto_send[pn_space] != NULL)
1975 || !ossl_assert(ch->crypto_recv[pn_space] != NULL))
1978 /* Get rid of the crypto stream state for the EL. */
1979 ossl_quic_sstream_free(ch->crypto_send[pn_space]);
1980 ch->crypto_send[pn_space] = NULL;
1982 ossl_quic_rstream_free(ch->crypto_recv[pn_space]);
1983 ch->crypto_recv[pn_space] = NULL;
1986 ch->el_discarded |= (1U << enc_level);
1990 /* Intended to be called by the RXDP. */
1991 int ossl_quic_channel_on_handshake_confirmed(QUIC_CHANNEL *ch)
1993 if (ch->handshake_confirmed)
1996 if (!ch->handshake_complete) {
1998 * Does not make sense for handshake to be confirmed before it is
2001 ossl_quic_channel_raise_protocol_error(ch, QUIC_ERR_PROTOCOL_VIOLATION,
2002 OSSL_QUIC_FRAME_TYPE_HANDSHAKE_DONE,
2003 "handshake cannot be confirmed "
2004 "before it is completed");
2008 ch_discard_el(ch, QUIC_ENC_LEVEL_HANDSHAKE);
2009 ch->handshake_confirmed = 1;
2014 * Master function used when we want to start tearing down a connection:
2016 * - If the connection is still IDLE we can go straight to TERMINATED;
2018 * - If we are already TERMINATED this is a no-op.
2020 * - If we are TERMINATING - CLOSING and we have now got a CONNECTION_CLOSE
2021 * from the peer (tcause->remote == 1), we move to TERMINATING - DRAINING.
2023 * - If we are TERMINATING - DRAINING, we remain here until the terminating
2026 * - Otherwise, we are in ACTIVE and move to TERMINATING - CLOSING.
2027 * if we caused the termination (e.g. we have sent a CONNECTION_CLOSE). Note
2028 * that we are considered to have caused a termination if we sent the first
2029 * CONNECTION_CLOSE frame, even if it is caused by a peer protocol
2030 * violation. If the peer sent the first CONNECTION_CLOSE frame, we move to
2031 * TERMINATING - DRAINING.
2033 * We record the termination cause structure passed on the first call only.
2034 * Any successive calls have their termination cause data discarded;
2035 * once we start sending a CONNECTION_CLOSE frame, we don't change the details
2038 static void ch_start_terminating(QUIC_CHANNEL *ch,
2039 const QUIC_TERMINATE_CAUSE *tcause,
2040 int force_immediate)
2042 switch (ch->state) {
2044 case QUIC_CHANNEL_STATE_IDLE:
2045 ch->terminate_cause = *tcause;
2046 ch_on_terminating_timeout(ch);
2049 case QUIC_CHANNEL_STATE_ACTIVE:
2050 ch->terminate_cause = *tcause;
2052 if (!force_immediate) {
2053 ch->state = tcause->remote ? QUIC_CHANNEL_STATE_TERMINATING_DRAINING
2054 : QUIC_CHANNEL_STATE_TERMINATING_CLOSING;
2055 ch->terminate_deadline
2056 = ossl_time_add(get_time(ch),
2057 ossl_time_multiply(ossl_ackm_get_pto_duration(ch->ackm),
2060 if (!tcause->remote) {
2061 OSSL_QUIC_FRAME_CONN_CLOSE f = {0};
2064 f.error_code = ch->terminate_cause.error_code;
2065 f.frame_type = ch->terminate_cause.frame_type;
2066 f.is_app = ch->terminate_cause.app;
2067 ossl_quic_tx_packetiser_schedule_conn_close(ch->txp, &f);
2068 ch->conn_close_queued = 1;
2071 ch_on_terminating_timeout(ch);
2075 case QUIC_CHANNEL_STATE_TERMINATING_CLOSING:
2076 if (force_immediate)
2077 ch_on_terminating_timeout(ch);
2078 else if (tcause->remote)
2079 ch->state = QUIC_CHANNEL_STATE_TERMINATING_DRAINING;
2083 case QUIC_CHANNEL_STATE_TERMINATING_DRAINING:
2085 * Other than in the force-immediate case, we remain here until the
2088 if (force_immediate)
2089 ch_on_terminating_timeout(ch);
2093 case QUIC_CHANNEL_STATE_TERMINATED:
2100 void ossl_quic_channel_on_remote_conn_close(QUIC_CHANNEL *ch,
2101 OSSL_QUIC_FRAME_CONN_CLOSE *f)
2103 QUIC_TERMINATE_CAUSE tcause = {0};
2105 if (!ossl_quic_channel_is_active(ch))
2109 tcause.app = f->is_app;
2110 tcause.error_code = f->error_code;
2111 tcause.frame_type = f->frame_type;
2113 ch_start_terminating(ch, &tcause, 0);
2116 static void free_frame_data(unsigned char *buf, size_t buf_len, void *arg)
2121 static int ch_enqueue_retire_conn_id(QUIC_CHANNEL *ch, uint64_t seq_num)
2127 if ((buf_mem = BUF_MEM_new()) == NULL)
2130 if (!WPACKET_init(&wpkt, buf_mem))
2133 if (!ossl_quic_wire_encode_frame_retire_conn_id(&wpkt, seq_num)) {
2134 WPACKET_cleanup(&wpkt);
2138 WPACKET_finish(&wpkt);
2139 if (!WPACKET_get_total_written(&wpkt, &l))
2142 if (ossl_quic_cfq_add_frame(ch->cfq, 1, QUIC_PN_SPACE_APP,
2143 OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID,
2144 (unsigned char *)buf_mem->data, l,
2145 free_frame_data, NULL) == NULL)
2148 buf_mem->data = NULL;
2149 BUF_MEM_free(buf_mem);
2153 ossl_quic_channel_raise_protocol_error(ch,
2154 QUIC_ERR_INTERNAL_ERROR,
2155 OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID,
2156 "internal error enqueueing retire conn id");
2157 BUF_MEM_free(buf_mem);
2161 void ossl_quic_channel_on_new_conn_id(QUIC_CHANNEL *ch,
2162 OSSL_QUIC_FRAME_NEW_CONN_ID *f)
2164 uint64_t new_remote_seq_num = ch->cur_remote_seq_num;
2165 uint64_t new_retire_prior_to = ch->cur_retire_prior_to;
2167 if (!ossl_quic_channel_is_active(ch))
2170 /* We allow only two active connection ids; first check some constraints */
2172 if (ch->cur_remote_dcid.id_len == 0) {
2173 /* Changing from 0 length connection id is disallowed */
2174 ossl_quic_channel_raise_protocol_error(ch,
2175 QUIC_ERR_PROTOCOL_VIOLATION,
2176 OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID,
2177 "zero length connection id in use");
2182 if (f->seq_num > new_remote_seq_num)
2183 new_remote_seq_num = f->seq_num;
2184 if (f->retire_prior_to > new_retire_prior_to)
2185 new_retire_prior_to = f->retire_prior_to;
2187 if (new_remote_seq_num - new_retire_prior_to > 1
2189 * RFC allows connection termination if we see 2 times the limit
2190 * of conn ids to retire. We are a little bit more liberal.
2192 || new_retire_prior_to - ch->cur_retire_prior_to > 10) {
2193 /* Violation of our active conn id limit */
2194 ossl_quic_channel_raise_protocol_error(ch,
2195 QUIC_ERR_CONNECTION_ID_LIMIT_ERROR,
2196 OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID,
2197 "active_connection_id limit violated");
2202 if (new_remote_seq_num > ch->cur_remote_seq_num) {
2203 ch->cur_remote_seq_num = new_remote_seq_num;
2204 ch->cur_remote_dcid = f->conn_id;
2205 ossl_quic_tx_packetiser_set_cur_dcid(ch->txp, &ch->cur_remote_dcid);
2207 while (new_retire_prior_to > ch->cur_retire_prior_to) {
2208 if (!ch_enqueue_retire_conn_id(ch, ch->cur_retire_prior_to))
2210 ++ch->cur_retire_prior_to;
2214 static void ch_raise_net_error(QUIC_CHANNEL *ch)
2216 QUIC_TERMINATE_CAUSE tcause = {0};
2218 tcause.error_code = QUIC_ERR_INTERNAL_ERROR;
2221 * Skip Terminating state and go directly to Terminated, no point trying to
2222 * send CONNECTION_CLOSE if we cannot communicate.
2224 ch_start_terminating(ch, &tcause, 1);
2227 void ossl_quic_channel_raise_protocol_error(QUIC_CHANNEL *ch,
2228 uint64_t error_code,
2229 uint64_t frame_type,
2232 QUIC_TERMINATE_CAUSE tcause = {0};
2234 tcause.error_code = error_code;
2235 tcause.frame_type = frame_type;
2237 ch_start_terminating(ch, &tcause, 0);
2241 * Called once the terminating timer expires, meaning we move from TERMINATING
2244 static void ch_on_terminating_timeout(QUIC_CHANNEL *ch)
2246 ch->state = QUIC_CHANNEL_STATE_TERMINATED;
2250 * Updates our idle deadline. Called when an event happens which should bump the
2253 static void ch_update_idle(QUIC_CHANNEL *ch)
2255 if (ch->max_idle_timeout == 0)
2256 ch->idle_deadline = ossl_time_infinite();
2258 ch->idle_deadline = ossl_time_add(get_time(ch),
2259 ossl_ms2time(ch->max_idle_timeout));
2263 * Updates our ping deadline, which determines when we next generate a ping if
2264 * we don't have any other ACK-eliciting frames to send.
2266 static void ch_update_ping_deadline(QUIC_CHANNEL *ch)
2268 if (ch->max_idle_timeout > 0) {
2270 * Maximum amount of time without traffic before we send a PING to keep
2271 * the connection open. Usually we use max_idle_timeout/2, but ensure
2272 * the period never exceeds the assumed NAT interval to ensure NAT
2273 * devices don't have their state time out (RFC 9000 s. 10.1.2).
2276 = ossl_time_divide(ossl_ms2time(ch->max_idle_timeout), 2);
2278 max_span = ossl_time_min(max_span, MAX_NAT_INTERVAL);
2280 ch->ping_deadline = ossl_time_add(get_time(ch), max_span);
2282 ch->ping_deadline = ossl_time_infinite();
2286 /* Called when the idle timeout expires. */
2287 static void ch_on_idle_timeout(QUIC_CHANNEL *ch)
2290 * Idle timeout does not have an error code associated with it because a
2291 * CONN_CLOSE is never sent for it. We shouldn't use this data once we reach
2292 * TERMINATED anyway.
2294 ch->terminate_cause.app = 0;
2295 ch->terminate_cause.error_code = UINT64_MAX;
2296 ch->terminate_cause.frame_type = 0;
2298 ch->state = QUIC_CHANNEL_STATE_TERMINATED;
2301 /* Called when we, as a server, get a new incoming connection. */
2302 static int ch_server_on_new_conn(QUIC_CHANNEL *ch, const BIO_ADDR *peer,
2303 const QUIC_CONN_ID *peer_scid,
2304 const QUIC_CONN_ID *peer_dcid)
2306 if (!ossl_assert(ch->state == QUIC_CHANNEL_STATE_IDLE && ch->is_server))
2309 /* Generate a SCID we will use for the connection. */
2310 if (!gen_rand_conn_id(ch->libctx, INIT_DCID_LEN,
2311 &ch->cur_local_cid))
2314 /* Note our newly learnt peer address and CIDs. */
2315 ch->cur_peer_addr = *peer;
2316 ch->init_dcid = *peer_dcid;
2317 ch->cur_remote_dcid = *peer_scid;
2319 /* Inform QTX of peer address. */
2320 if (!ossl_quic_tx_packetiser_set_peer(ch->txp, &ch->cur_peer_addr))
2323 /* Inform TXP of desired CIDs. */
2324 if (!ossl_quic_tx_packetiser_set_cur_dcid(ch->txp, &ch->cur_remote_dcid))
2327 if (!ossl_quic_tx_packetiser_set_cur_scid(ch->txp, &ch->cur_local_cid))
2330 /* Plug in secrets for the Initial EL. */
2331 if (!ossl_quic_provide_initial_secret(ch->libctx,
2338 /* Register our local CID in the DEMUX. */
2339 if (!ossl_qrx_add_dst_conn_id(ch->qrx, &ch->cur_local_cid))
2343 ch->state = QUIC_CHANNEL_STATE_ACTIVE;
2344 ch->doing_proactive_ver_neg = 0; /* not currently supported */
2348 SSL *ossl_quic_channel_get0_ssl(QUIC_CHANNEL *ch)
2353 static int ch_init_new_stream(QUIC_CHANNEL *ch, QUIC_STREAM *qs,
2354 int can_send, int can_recv)
2357 int server_init = ossl_quic_stream_is_server_init(qs);
2358 int local_init = (ch->is_server == server_init);
2359 int is_uni = !ossl_quic_stream_is_bidi(qs);
2361 if (can_send && (qs->sstream = ossl_quic_sstream_new(INIT_APP_BUF_LEN)) == NULL)
2364 if (can_recv && (qs->rstream = ossl_quic_rstream_new(NULL, NULL, 0)) == NULL)
2368 if (!ossl_quic_txfc_init(&qs->txfc, &ch->conn_txfc))
2371 if (ch->got_remote_transport_params) {
2373 * If we already got peer TPs we need to apply the initial CWM credit
2374 * now. If we didn't already get peer TPs this will be done
2375 * automatically for all extant streams when we do.
2381 cwm = ch->rx_init_max_stream_data_uni;
2382 else if (local_init)
2383 cwm = ch->rx_init_max_stream_data_bidi_local;
2385 cwm = ch->rx_init_max_stream_data_bidi_remote;
2387 ossl_quic_txfc_bump_cwm(&qs->txfc, cwm);
2395 rxfc_wnd = ch->tx_init_max_stream_data_uni;
2396 else if (local_init)
2397 rxfc_wnd = ch->tx_init_max_stream_data_bidi_local;
2399 rxfc_wnd = ch->tx_init_max_stream_data_bidi_remote;
2401 if (!ossl_quic_rxfc_init(&qs->rxfc, &ch->conn_rxfc,
2403 DEFAULT_STREAM_RXFC_MAX_WND_MUL * rxfc_wnd,
2410 ossl_quic_sstream_free(qs->sstream);
2412 ossl_quic_rstream_free(qs->rstream);
2417 QUIC_STREAM *ossl_quic_channel_new_stream_local(QUIC_CHANNEL *ch, int is_uni)
2421 uint64_t stream_id, *p_next_ordinal;
2423 type = ch->is_server ? QUIC_STREAM_INITIATOR_SERVER
2424 : QUIC_STREAM_INITIATOR_CLIENT;
2427 p_next_ordinal = &ch->next_local_stream_ordinal_uni;
2428 type |= QUIC_STREAM_DIR_UNI;
2430 p_next_ordinal = &ch->next_local_stream_ordinal_bidi;
2431 type |= QUIC_STREAM_DIR_BIDI;
2434 if (*p_next_ordinal >= ((uint64_t)1) << 62)
2437 stream_id = ((*p_next_ordinal) << 2) | type;
2439 if ((qs = ossl_quic_stream_map_alloc(&ch->qsm, stream_id, type)) == NULL)
2442 /* Locally-initiated stream, so we always want a send buffer. */
2443 if (!ch_init_new_stream(ch, qs, /*can_send=*/1, /*can_recv=*/!is_uni))
2450 ossl_quic_stream_map_release(&ch->qsm, qs);
2454 QUIC_STREAM *ossl_quic_channel_new_stream_remote(QUIC_CHANNEL *ch,
2461 peer_role = ch->is_server
2462 ? QUIC_STREAM_INITIATOR_CLIENT
2463 : QUIC_STREAM_INITIATOR_SERVER;
2465 if ((stream_id & QUIC_STREAM_INITIATOR_MASK) != peer_role)
2468 is_uni = ((stream_id & QUIC_STREAM_DIR_MASK) == QUIC_STREAM_DIR_UNI);
2470 qs = ossl_quic_stream_map_alloc(&ch->qsm, stream_id,
2471 stream_id & (QUIC_STREAM_INITIATOR_MASK
2472 | QUIC_STREAM_DIR_MASK));
2476 if (!ch_init_new_stream(ch, qs, /*can_send=*/!is_uni, /*can_recv=*/1))
2479 if (ch->incoming_stream_auto_reject)
2480 ossl_quic_channel_reject_stream(ch, qs);
2482 ossl_quic_stream_map_push_accept_queue(&ch->qsm, qs);
2487 ossl_quic_stream_map_release(&ch->qsm, qs);
2491 void ossl_quic_channel_set_incoming_stream_auto_reject(QUIC_CHANNEL *ch,
2495 ch->incoming_stream_auto_reject = (enable != 0);
2496 ch->incoming_stream_auto_reject_aec = aec;
2499 void ossl_quic_channel_reject_stream(QUIC_CHANNEL *ch, QUIC_STREAM *qs)
2501 ossl_quic_stream_map_stop_sending_recv_part(&ch->qsm, qs,
2502 ch->incoming_stream_auto_reject_aec);
2504 ossl_quic_stream_map_reset_stream_send_part(&ch->qsm, qs,
2505 ch->incoming_stream_auto_reject_aec);
2508 ossl_quic_stream_map_update_state(&ch->qsm, qs);
2511 /* Replace local connection ID in TXP and DEMUX for testing purposes. */
2512 int ossl_quic_channel_replace_local_cid(QUIC_CHANNEL *ch,
2513 const QUIC_CONN_ID *conn_id)
2515 /* Remove the current local CID from the DEMUX. */
2516 if (!ossl_qrx_remove_dst_conn_id(ch->qrx, &ch->cur_local_cid))
2518 ch->cur_local_cid = *conn_id;
2519 /* Set in the TXP, used only for long header packets. */
2520 if (!ossl_quic_tx_packetiser_set_cur_scid(ch->txp, &ch->cur_local_cid))
2522 /* Register our new local CID in the DEMUX. */
2523 if (!ossl_qrx_add_dst_conn_id(ch->qrx, &ch->cur_local_cid))