2 * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include "internal/packet_quic.h"
11 #include "internal/nelem.h"
12 #include "internal/quic_wire.h"
13 #include "internal/quic_record_rx.h"
14 #include "internal/quic_ackm.h"
15 #include "internal/quic_rx_depack.h"
16 #include "internal/quic_error.h"
17 #include "internal/quic_fc.h"
18 #include "internal/quic_channel.h"
19 #include "internal/sockets.h"
21 #include "quic_local.h"
22 #include "quic_channel_local.h"
23 #include "../ssl_local.h"
26 * Helper functions to process different frame types.
28 * Typically, those that are ACK eliciting will take an OSSL_ACKM_RX_PKT
29 * pointer argument, the few that aren't ACK eliciting will not. This makes
30 * them a verifiable pattern against tables where this is specified.
33 static int depack_do_frame_padding(PACKET *pkt)
35 /* We ignore this frame */
36 ossl_quic_wire_decode_padding(pkt);
40 static int depack_do_frame_ping(PACKET *pkt, QUIC_CHANNEL *ch,
41 OSSL_ACKM_RX_PKT *ackm_data)
43 /* We ignore this frame, apart from eliciting an ACK */
44 if (!ossl_quic_wire_decode_frame_ping(pkt)) {
45 ossl_quic_channel_raise_protocol_error(ch,
46 QUIC_ERR_FRAME_ENCODING_ERROR,
47 OSSL_QUIC_FRAME_TYPE_PING,
52 /* This frame makes the packet ACK eliciting */
53 ackm_data->is_ack_eliciting = 1;
57 static int depack_do_frame_ack(PACKET *pkt, QUIC_CHANNEL *ch,
58 int packet_space, OSSL_TIME received,
61 OSSL_QUIC_FRAME_ACK ack;
62 OSSL_QUIC_ACK_RANGE *ack_ranges = NULL;
63 uint64_t total_ranges = 0;
64 uint32_t ack_delay_exp = ch->rx_ack_delay_exp;
66 if (!ossl_quic_wire_peek_frame_ack_num_ranges(pkt, &total_ranges)
67 /* In case sizeof(uint64_t) > sizeof(size_t) */
68 || total_ranges > SIZE_MAX / sizeof(ack_ranges[0])
69 || (ack_ranges = OPENSSL_zalloc(sizeof(ack_ranges[0])
70 * (size_t)total_ranges)) == NULL)
73 ack.ack_ranges = ack_ranges;
74 ack.num_ack_ranges = (size_t)total_ranges;
76 if (!ossl_quic_wire_decode_frame_ack(pkt, ack_delay_exp, &ack, NULL))
79 if (!ossl_ackm_on_rx_ack_frame(ch->ackm, &ack,
80 packet_space, received))
83 OPENSSL_free(ack_ranges);
87 ossl_quic_channel_raise_protocol_error(ch,
88 QUIC_ERR_FRAME_ENCODING_ERROR,
91 OPENSSL_free(ack_ranges);
95 static int depack_do_frame_reset_stream(PACKET *pkt,
97 OSSL_ACKM_RX_PKT *ackm_data)
99 OSSL_QUIC_FRAME_RESET_STREAM frame_data;
100 QUIC_STREAM *stream = NULL;
102 if (!ossl_quic_wire_decode_frame_reset_stream(pkt, &frame_data)) {
103 ossl_quic_channel_raise_protocol_error(ch,
104 QUIC_ERR_FRAME_ENCODING_ERROR,
105 OSSL_QUIC_FRAME_TYPE_RESET_STREAM,
110 /* This frame makes the packet ACK eliciting */
111 ackm_data->is_ack_eliciting = 1;
113 stream = ossl_quic_stream_map_get_by_id(&ch->qsm, frame_data.stream_id);
114 if (stream == NULL) {
115 ossl_quic_channel_raise_protocol_error(ch,
116 QUIC_ERR_STREAM_STATE_ERROR,
117 OSSL_QUIC_FRAME_TYPE_RESET_STREAM,
118 "RESET_STREAM frame for "
119 "nonexistent stream");
123 if (stream->rstream == NULL) {
124 ossl_quic_channel_raise_protocol_error(ch,
125 QUIC_ERR_STREAM_STATE_ERROR,
126 OSSL_QUIC_FRAME_TYPE_RESET_STREAM,
127 "RESET_STREAM frame for "
132 stream->peer_reset_stream = 1;
133 ossl_quic_stream_map_update_state(&ch->qsm, stream);
137 static int depack_do_frame_stop_sending(PACKET *pkt,
139 OSSL_ACKM_RX_PKT *ackm_data)
141 OSSL_QUIC_FRAME_STOP_SENDING frame_data;
142 QUIC_STREAM *stream = NULL;
144 if (!ossl_quic_wire_decode_frame_stop_sending(pkt, &frame_data)) {
145 ossl_quic_channel_raise_protocol_error(ch,
146 QUIC_ERR_FRAME_ENCODING_ERROR,
147 OSSL_QUIC_FRAME_TYPE_STOP_SENDING,
152 /* This frame makes the packet ACK eliciting */
153 ackm_data->is_ack_eliciting = 1;
155 stream = ossl_quic_stream_map_get_by_id(&ch->qsm, frame_data.stream_id);
156 if (stream == NULL) {
157 ossl_quic_channel_raise_protocol_error(ch,
158 QUIC_ERR_STREAM_STATE_ERROR,
159 OSSL_QUIC_FRAME_TYPE_STOP_SENDING,
160 "STOP_SENDING frame for "
161 "nonexistent stream");
165 if (stream->sstream == NULL) {
166 ossl_quic_channel_raise_protocol_error(ch,
167 QUIC_ERR_STREAM_STATE_ERROR,
168 OSSL_QUIC_FRAME_TYPE_STOP_SENDING,
169 "STOP_SENDING frame for "
174 stream->peer_stop_sending = 1;
175 ossl_quic_stream_map_update_state(&ch->qsm, stream);
179 static int depack_do_frame_crypto(PACKET *pkt, QUIC_CHANNEL *ch,
180 OSSL_QRX_PKT *parent_pkt,
181 OSSL_ACKM_RX_PKT *ackm_data)
183 OSSL_QUIC_FRAME_CRYPTO f;
184 QUIC_RSTREAM *rstream;
186 if (!ossl_quic_wire_decode_frame_crypto(pkt, &f)) {
187 ossl_quic_channel_raise_protocol_error(ch,
188 QUIC_ERR_FRAME_ENCODING_ERROR,
189 OSSL_QUIC_FRAME_TYPE_CRYPTO,
194 /* This frame makes the packet ACK eliciting */
195 ackm_data->is_ack_eliciting = 1;
197 rstream = ch->crypto_recv[ackm_data->pkt_space];
198 if (!ossl_assert(rstream != NULL))
200 * This should not happen; we should only have a NULL stream here if
201 * the EL has been discarded, and if the EL has been discarded we
206 if (!ossl_quic_rstream_queue_data(rstream, parent_pkt,
207 f.offset, f.data, f.len, 0))
213 static int depack_do_frame_new_token(PACKET *pkt, QUIC_CHANNEL *ch,
214 OSSL_ACKM_RX_PKT *ackm_data)
216 const uint8_t *token;
219 if (!ossl_quic_wire_decode_frame_new_token(pkt, &token, &token_len)) {
220 ossl_quic_channel_raise_protocol_error(ch,
221 QUIC_ERR_FRAME_ENCODING_ERROR,
222 OSSL_QUIC_FRAME_TYPE_NEW_TOKEN,
227 /* This frame makes the packet ACK eliciting */
228 ackm_data->is_ack_eliciting = 1;
230 /* TODO(QUIC): ADD CODE to send |token| to the session manager */
235 static int depack_do_frame_stream(PACKET *pkt, QUIC_CHANNEL *ch,
236 OSSL_QRX_PKT *parent_pkt,
237 OSSL_ACKM_RX_PKT *ackm_data,
240 OSSL_QUIC_FRAME_STREAM frame_data;
244 if (!ossl_quic_wire_decode_frame_stream(pkt, &frame_data)) {
245 ossl_quic_channel_raise_protocol_error(ch,
246 QUIC_ERR_FRAME_ENCODING_ERROR,
252 /* This frame makes the packet ACK eliciting */
253 ackm_data->is_ack_eliciting = 1;
255 stream = ossl_quic_stream_map_get_by_id(&ch->qsm, frame_data.stream_id);
256 if (stream == NULL) {
257 ossl_quic_channel_raise_protocol_error(ch,
258 QUIC_ERR_STREAM_STATE_ERROR,
260 "STREAM frame for nonexistent "
265 if (stream->rstream == NULL) {
266 ossl_quic_channel_raise_protocol_error(ch,
267 QUIC_ERR_STREAM_STATE_ERROR,
269 "STREAM frame for TX only "
274 /* Notify stream flow controller. */
275 if (!ossl_quic_rxfc_on_rx_stream_frame(&stream->rxfc,
276 frame_data.offset + frame_data.len,
277 frame_data.is_fin)) {
278 ossl_quic_channel_raise_protocol_error(ch,
279 QUIC_ERR_INTERNAL_ERROR,
281 "internal error (flow control)");
285 /* Has a flow control error occurred? */
286 fce = ossl_quic_rxfc_get_error(&stream->rxfc, 0);
287 if (fce != QUIC_ERR_NO_ERROR) {
288 ossl_quic_channel_raise_protocol_error(ch,
291 "flow control violation");
296 * The receive stream buffer may or may not choose to consume the data
297 * without copying by reffing the OSSL_QRX_PKT. In this case
298 * ossl_qrx_pkt_release() will be eventually called when the data is no
301 if (!ossl_quic_rstream_queue_data(stream->rstream, parent_pkt,
311 static int depack_do_frame_max_data(PACKET *pkt, QUIC_CHANNEL *ch,
312 OSSL_ACKM_RX_PKT *ackm_data)
314 uint64_t max_data = 0;
316 if (!ossl_quic_wire_decode_frame_max_data(pkt, &max_data)) {
317 ossl_quic_channel_raise_protocol_error(ch,
318 QUIC_ERR_FRAME_ENCODING_ERROR,
319 OSSL_QUIC_FRAME_TYPE_MAX_DATA,
324 /* This frame makes the packet ACK eliciting */
325 ackm_data->is_ack_eliciting = 1;
327 ossl_quic_txfc_bump_cwm(&ch->conn_txfc, max_data);
328 ossl_quic_stream_map_update_state(&ch->qsm, ch->stream0);
332 static int depack_do_frame_max_stream_data(PACKET *pkt,
334 OSSL_ACKM_RX_PKT *ackm_data)
336 uint64_t stream_id = 0;
337 uint64_t max_stream_data = 0;
340 if (!ossl_quic_wire_decode_frame_max_stream_data(pkt, &stream_id,
342 ossl_quic_channel_raise_protocol_error(ch,
343 QUIC_ERR_FRAME_ENCODING_ERROR,
344 OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA,
349 /* This frame makes the packet ACK eliciting */
350 ackm_data->is_ack_eliciting = 1;
352 stream = ossl_quic_stream_map_get_by_id(&ch->qsm, stream_id);
353 if (stream == NULL) {
354 ossl_quic_channel_raise_protocol_error(ch,
355 QUIC_ERR_STREAM_STATE_ERROR,
356 OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA,
357 "MAX_STREAM_DATA for nonexistent "
362 if (stream->sstream == NULL) {
363 ossl_quic_channel_raise_protocol_error(ch,
364 QUIC_ERR_STREAM_STATE_ERROR,
365 OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA,
366 "MAX_STREAM_DATA for TX only "
371 ossl_quic_txfc_bump_cwm(&stream->txfc, max_stream_data);
372 ossl_quic_stream_map_update_state(&ch->qsm, stream);
376 static int depack_do_frame_max_streams(PACKET *pkt,
378 OSSL_ACKM_RX_PKT *ackm_data,
381 uint64_t max_streams = 0;
383 if (!ossl_quic_wire_decode_frame_max_streams(pkt, &max_streams)) {
384 ossl_quic_channel_raise_protocol_error(ch,
385 QUIC_ERR_FRAME_ENCODING_ERROR,
391 /* This frame makes the packet ACK eliciting */
392 ackm_data->is_ack_eliciting = 1;
394 if (max_streams > (((uint64_t)1) << 60)) {
395 ossl_quic_channel_raise_protocol_error(ch,
396 QUIC_ERR_FRAME_ENCODING_ERROR,
398 "invalid max streams value");
402 switch (frame_type) {
403 case OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_BIDI:
404 if (max_streams > ch->max_local_streams_bidi)
405 ch->max_local_streams_bidi = max_streams;
407 /* Stream may now be able to send */
408 ossl_quic_stream_map_update_state(&ch->qsm,
411 case OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_UNI:
412 if (max_streams > ch->max_local_streams_uni)
413 ch->max_local_streams_uni = max_streams;
415 /* Stream may now be able to send */
416 ossl_quic_stream_map_update_state(&ch->qsm,
420 ossl_quic_channel_raise_protocol_error(ch,
421 QUIC_ERR_FRAME_ENCODING_ERROR,
430 static int depack_do_frame_data_blocked(PACKET *pkt,
432 OSSL_ACKM_RX_PKT *ackm_data)
434 uint64_t max_data = 0;
436 if (!ossl_quic_wire_decode_frame_data_blocked(pkt, &max_data)) {
437 ossl_quic_channel_raise_protocol_error(ch,
438 QUIC_ERR_FRAME_ENCODING_ERROR,
439 OSSL_QUIC_FRAME_TYPE_DATA_BLOCKED,
444 /* This frame makes the packet ACK eliciting */
445 ackm_data->is_ack_eliciting = 1;
447 /* No-op - informative/debugging frame. */
451 static int depack_do_frame_stream_data_blocked(PACKET *pkt,
453 OSSL_ACKM_RX_PKT *ackm_data)
455 uint64_t stream_id = 0;
456 uint64_t max_data = 0;
458 if (!ossl_quic_wire_decode_frame_stream_data_blocked(pkt, &stream_id,
460 ossl_quic_channel_raise_protocol_error(ch,
461 QUIC_ERR_FRAME_ENCODING_ERROR,
462 OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED,
467 /* This frame makes the packet ACK eliciting */
468 ackm_data->is_ack_eliciting = 1;
470 /* No-op - informative/debugging frame. */
474 static int depack_do_frame_streams_blocked(PACKET *pkt,
476 OSSL_ACKM_RX_PKT *ackm_data,
479 uint64_t max_data = 0;
481 if (!ossl_quic_wire_decode_frame_streams_blocked(pkt, &max_data)) {
482 ossl_quic_channel_raise_protocol_error(ch,
483 QUIC_ERR_FRAME_ENCODING_ERROR,
489 /* This frame makes the packet ACK eliciting */
490 ackm_data->is_ack_eliciting = 1;
492 /* No-op - informative/debugging frame. */
496 static int depack_do_frame_new_conn_id(PACKET *pkt,
498 OSSL_ACKM_RX_PKT *ackm_data)
500 OSSL_QUIC_FRAME_NEW_CONN_ID frame_data;
502 if (!ossl_quic_wire_decode_frame_new_conn_id(pkt, &frame_data)) {
503 ossl_quic_channel_raise_protocol_error(ch,
504 QUIC_ERR_FRAME_ENCODING_ERROR,
505 OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID,
510 /* This frame makes the packet ACK eliciting */
511 ackm_data->is_ack_eliciting = 1;
513 /* TODO(QUIC): ADD CODE to send |frame_data.data| to the ch manager */
518 static int depack_do_frame_retire_conn_id(PACKET *pkt,
520 OSSL_ACKM_RX_PKT *ackm_data)
524 if (!ossl_quic_wire_decode_frame_retire_conn_id(pkt, &seq_num)) {
525 ossl_quic_channel_raise_protocol_error(ch,
526 QUIC_ERR_FRAME_ENCODING_ERROR,
527 OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID,
532 /* This frame makes the packet ACK eliciting */
533 ackm_data->is_ack_eliciting = 1;
535 /* TODO(QUIC): ADD CODE to send |seq_num| to the ch manager */
539 static int depack_do_frame_path_challenge(PACKET *pkt,
541 OSSL_ACKM_RX_PKT *ackm_data)
543 uint64_t frame_data = 0;
545 if (!ossl_quic_wire_decode_frame_path_challenge(pkt, &frame_data)) {
546 ossl_quic_channel_raise_protocol_error(ch,
547 QUIC_ERR_FRAME_ENCODING_ERROR,
548 OSSL_QUIC_FRAME_TYPE_PATH_CHALLENGE,
553 /* This frame makes the packet ACK eliciting */
554 ackm_data->is_ack_eliciting = 1;
556 /* TODO(QUIC): ADD CODE to send |frame_data| to the ch manager */
561 static int depack_do_frame_path_response(PACKET *pkt,
563 OSSL_ACKM_RX_PKT *ackm_data)
565 uint64_t frame_data = 0;
567 if (!ossl_quic_wire_decode_frame_path_response(pkt, &frame_data)) {
568 ossl_quic_channel_raise_protocol_error(ch,
569 QUIC_ERR_FRAME_ENCODING_ERROR,
570 OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE,
575 /* This frame makes the packet ACK eliciting */
576 ackm_data->is_ack_eliciting = 1;
578 /* TODO(QUIC): ADD CODE to send |frame_data| to the ch manager */
583 static int depack_do_frame_conn_close(PACKET *pkt, QUIC_CHANNEL *ch)
585 OSSL_QUIC_FRAME_CONN_CLOSE frame_data;
587 if (!ossl_quic_wire_decode_frame_conn_close(pkt, &frame_data))
590 ossl_quic_channel_on_remote_conn_close(ch, &frame_data);
594 static int depack_do_frame_handshake_done(PACKET *pkt,
596 OSSL_ACKM_RX_PKT *ackm_data)
598 if (!ossl_quic_wire_decode_frame_handshake_done(pkt))
601 /* This frame makes the packet ACK eliciting */
602 ackm_data->is_ack_eliciting = 1;
604 ossl_quic_channel_on_handshake_confirmed(ch);
608 /* Main frame processor */
610 static int depack_process_frames(QUIC_CHANNEL *ch, PACKET *pkt,
611 OSSL_QRX_PKT *parent_pkt, int packet_space,
612 OSSL_TIME received, OSSL_ACKM_RX_PKT *ackm_data)
614 uint32_t pkt_type = parent_pkt->hdr->type;
616 while (PACKET_remaining(pkt) > 0) {
619 if (!ossl_quic_wire_peek_frame_header(pkt, &frame_type))
622 switch (frame_type) {
623 case OSSL_QUIC_FRAME_TYPE_PING:
624 /* Allowed in all packet types */
625 if (!depack_do_frame_ping(pkt, ch, ackm_data))
628 case OSSL_QUIC_FRAME_TYPE_PADDING:
629 /* Allowed in all packet types */
630 if (!depack_do_frame_padding(pkt))
634 case OSSL_QUIC_FRAME_TYPE_ACK_WITHOUT_ECN:
635 case OSSL_QUIC_FRAME_TYPE_ACK_WITH_ECN:
636 /* ACK frames are valid everywhere except in 0RTT packets */
637 if (pkt_type == QUIC_PKT_TYPE_0RTT) {
638 ossl_quic_channel_raise_protocol_error(ch,
639 QUIC_ERR_PROTOCOL_VIOLATION,
641 "ACK not valid in 0-RTT");
644 if (!depack_do_frame_ack(pkt, ch, packet_space, received,
649 case OSSL_QUIC_FRAME_TYPE_RESET_STREAM:
650 /* RESET_STREAM frames are valid in 0RTT and 1RTT packets */
651 if (pkt_type != QUIC_PKT_TYPE_0RTT
652 && pkt_type != QUIC_PKT_TYPE_1RTT) {
653 ossl_quic_channel_raise_protocol_error(ch,
654 QUIC_ERR_PROTOCOL_VIOLATION,
656 "RESET_STREAM not valid in "
657 "INITIAL/HANDSHAKE");
660 if (!depack_do_frame_reset_stream(pkt, ch, ackm_data))
663 case OSSL_QUIC_FRAME_TYPE_STOP_SENDING:
664 /* STOP_SENDING frames are valid in 0RTT and 1RTT packets */
665 if (pkt_type != QUIC_PKT_TYPE_0RTT
666 && pkt_type != QUIC_PKT_TYPE_1RTT) {
667 ossl_quic_channel_raise_protocol_error(ch,
668 QUIC_ERR_PROTOCOL_VIOLATION,
670 "STOP_SENDING not valid in "
671 "INITIAL/HANDSHAKE");
674 if (!depack_do_frame_stop_sending(pkt, ch, ackm_data))
677 case OSSL_QUIC_FRAME_TYPE_CRYPTO:
678 /* CRYPTO frames are valid everywhere except in 0RTT packets */
679 if (pkt_type == QUIC_PKT_TYPE_0RTT) {
680 ossl_quic_channel_raise_protocol_error(ch,
681 QUIC_ERR_PROTOCOL_VIOLATION,
683 "CRYPTO frame not valid in 0-RTT");
686 if (!depack_do_frame_crypto(pkt, ch, parent_pkt, ackm_data))
689 case OSSL_QUIC_FRAME_TYPE_NEW_TOKEN:
690 /* NEW_TOKEN frames are valid in 1RTT packets */
691 if (pkt_type != QUIC_PKT_TYPE_1RTT) {
692 ossl_quic_channel_raise_protocol_error(ch,
693 QUIC_ERR_PROTOCOL_VIOLATION,
695 "NEW_TOKEN valid only in 1-RTT");
698 if (!depack_do_frame_new_token(pkt, ch, ackm_data))
702 case OSSL_QUIC_FRAME_TYPE_STREAM:
703 case OSSL_QUIC_FRAME_TYPE_STREAM_FIN:
704 case OSSL_QUIC_FRAME_TYPE_STREAM_LEN:
705 case OSSL_QUIC_FRAME_TYPE_STREAM_LEN_FIN:
706 case OSSL_QUIC_FRAME_TYPE_STREAM_OFF:
707 case OSSL_QUIC_FRAME_TYPE_STREAM_OFF_FIN:
708 case OSSL_QUIC_FRAME_TYPE_STREAM_OFF_LEN:
709 case OSSL_QUIC_FRAME_TYPE_STREAM_OFF_LEN_FIN:
710 /* STREAM frames are valid in 0RTT and 1RTT packets */
711 if (pkt_type != QUIC_PKT_TYPE_0RTT
712 && pkt_type != QUIC_PKT_TYPE_1RTT) {
713 ossl_quic_channel_raise_protocol_error(ch,
714 QUIC_ERR_PROTOCOL_VIOLATION,
716 "STREAM valid only in 0/1-RTT");
719 if (!depack_do_frame_stream(pkt, ch, parent_pkt, ackm_data,
724 case OSSL_QUIC_FRAME_TYPE_MAX_DATA:
725 /* MAX_DATA frames are valid in 0RTT and 1RTT packets */
726 if (pkt_type != QUIC_PKT_TYPE_0RTT
727 && pkt_type != QUIC_PKT_TYPE_1RTT) {
728 ossl_quic_channel_raise_protocol_error(ch,
729 QUIC_ERR_PROTOCOL_VIOLATION,
731 "MAX_DATA valid only in 0/1-RTT");
734 if (!depack_do_frame_max_data(pkt, ch, ackm_data))
737 case OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA:
738 /* MAX_STREAM_DATA frames are valid in 0RTT and 1RTT packets */
739 if (pkt_type != QUIC_PKT_TYPE_0RTT
740 && pkt_type != QUIC_PKT_TYPE_1RTT) {
741 ossl_quic_channel_raise_protocol_error(ch,
742 QUIC_ERR_PROTOCOL_VIOLATION,
744 "MAX_STREAM_DATA valid only in 0/1-RTT");
747 if (!depack_do_frame_max_stream_data(pkt, ch, ackm_data))
751 case OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_BIDI:
752 case OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_UNI:
753 /* MAX_STREAMS frames are valid in 0RTT and 1RTT packets */
754 if (pkt_type != QUIC_PKT_TYPE_0RTT
755 && pkt_type != QUIC_PKT_TYPE_1RTT) {
756 ossl_quic_channel_raise_protocol_error(ch,
757 QUIC_ERR_PROTOCOL_VIOLATION,
759 "MAX_STREAMS valid only in 0/1-RTT");
762 if (!depack_do_frame_max_streams(pkt, ch, ackm_data,
767 case OSSL_QUIC_FRAME_TYPE_DATA_BLOCKED:
768 /* DATA_BLOCKED frames are valid in 0RTT and 1RTT packets */
769 if (pkt_type != QUIC_PKT_TYPE_0RTT
770 && pkt_type != QUIC_PKT_TYPE_1RTT) {
771 ossl_quic_channel_raise_protocol_error(ch,
772 QUIC_ERR_PROTOCOL_VIOLATION,
774 "DATA_BLOCKED valid only in 0/1-RTT");
777 if (!depack_do_frame_data_blocked(pkt, ch, ackm_data))
780 case OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED:
781 /* STREAM_DATA_BLOCKED frames are valid in 0RTT and 1RTT packets */
782 if (pkt_type != QUIC_PKT_TYPE_0RTT
783 && pkt_type != QUIC_PKT_TYPE_1RTT) {
784 ossl_quic_channel_raise_protocol_error(ch,
785 QUIC_ERR_PROTOCOL_VIOLATION,
787 "STREAM_DATA_BLOCKED valid only in 0/1-RTT");
790 if (!depack_do_frame_stream_data_blocked(pkt, ch, ackm_data))
794 case OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_BIDI:
795 case OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_UNI:
796 /* STREAMS_BLOCKED frames are valid in 0RTT and 1RTT packets */
797 if (pkt_type != QUIC_PKT_TYPE_0RTT
798 && pkt_type != QUIC_PKT_TYPE_1RTT) {
799 ossl_quic_channel_raise_protocol_error(ch,
800 QUIC_ERR_PROTOCOL_VIOLATION,
802 "STREAMS valid only in 0/1-RTT");
805 if (!depack_do_frame_streams_blocked(pkt, ch, ackm_data,
810 case OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID:
811 /* NEW_CONN_ID frames are valid in 0RTT and 1RTT packets */
812 if (pkt_type != QUIC_PKT_TYPE_0RTT
813 && pkt_type != QUIC_PKT_TYPE_1RTT) {
814 ossl_quic_channel_raise_protocol_error(ch,
815 QUIC_ERR_PROTOCOL_VIOLATION,
817 "NEW_CONN_ID valid only in 0/1-RTT");
819 if (!depack_do_frame_new_conn_id(pkt, ch, ackm_data))
822 case OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID:
823 /* RETIRE_CONN_ID frames are valid in 0RTT and 1RTT packets */
824 if (pkt_type != QUIC_PKT_TYPE_0RTT
825 && pkt_type != QUIC_PKT_TYPE_1RTT) {
826 ossl_quic_channel_raise_protocol_error(ch,
827 QUIC_ERR_PROTOCOL_VIOLATION,
829 "RETIRE_CONN_ID valid only in 0/1-RTT");
832 if (!depack_do_frame_retire_conn_id(pkt, ch, ackm_data))
835 case OSSL_QUIC_FRAME_TYPE_PATH_CHALLENGE:
836 /* PATH_CHALLENGE frames are valid in 0RTT and 1RTT packets */
837 if (pkt_type != QUIC_PKT_TYPE_0RTT
838 && pkt_type != QUIC_PKT_TYPE_1RTT) {
839 ossl_quic_channel_raise_protocol_error(ch,
840 QUIC_ERR_PROTOCOL_VIOLATION,
842 "PATH_CHALLENGE valid only in 0/1-RTT");
845 if (!depack_do_frame_path_challenge(pkt, ch, ackm_data))
848 case OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE:
849 /* PATH_RESPONSE frames are valid in 1RTT packets */
850 if (pkt_type != QUIC_PKT_TYPE_1RTT) {
851 ossl_quic_channel_raise_protocol_error(ch,
852 QUIC_ERR_PROTOCOL_VIOLATION,
854 "PATH_CHALLENGE valid only in 1-RTT");
857 if (!depack_do_frame_path_response(pkt, ch, ackm_data))
861 case OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_APP:
862 /* CONN_CLOSE_APP frames are valid in 0RTT and 1RTT packets */
863 if (pkt_type != QUIC_PKT_TYPE_0RTT
864 && pkt_type != QUIC_PKT_TYPE_1RTT) {
865 ossl_quic_channel_raise_protocol_error(ch,
866 QUIC_ERR_PROTOCOL_VIOLATION,
868 "CONN_CLOSE (APP) valid only in 0/1-RTT");
872 case OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_TRANSPORT:
873 /* CONN_CLOSE_TRANSPORT frames are valid in all packets */
874 if (!depack_do_frame_conn_close(pkt, ch))
878 case OSSL_QUIC_FRAME_TYPE_HANDSHAKE_DONE:
879 /* HANDSHAKE_DONE frames are valid in 1RTT packets */
880 if (pkt_type != QUIC_PKT_TYPE_1RTT) {
881 ossl_quic_channel_raise_protocol_error(ch,
882 QUIC_ERR_PROTOCOL_VIOLATION,
884 "HANDSHAKE_DONE valid only in 1-RTT");
887 if (!depack_do_frame_handshake_done(pkt, ch, ackm_data))
892 /* Unknown frame type */
893 ackm_data->is_ack_eliciting = 1;
894 ossl_quic_channel_raise_protocol_error(ch,
895 QUIC_ERR_PROTOCOL_VIOLATION,
897 "Unknown frame type received");
906 int ossl_quic_handle_frames(QUIC_CHANNEL *ch, OSSL_QRX_PKT *qpacket)
909 OSSL_ACKM_RX_PKT ackm_data;
911 * ok has three states:
912 * -1 error with ackm_data uninitialized
913 * 0 error with ackm_data initialized
914 * 1 success (ackm_data initialized)
916 int ok = -1; /* Assume the worst */
921 /* Initialize |ackm_data| (and reinitialize |ok|)*/
922 memset(&ackm_data, 0, sizeof(ackm_data));
924 * TODO(QUIC): ASSUMPTION: All packets that aren't special case have a
927 ackm_data.pkt_num = qpacket->pn;
928 ackm_data.time = qpacket->time;
929 switch (qpacket->hdr->type) {
930 case QUIC_PKT_TYPE_INITIAL:
931 ackm_data.pkt_space = QUIC_PN_SPACE_INITIAL;
933 case QUIC_PKT_TYPE_HANDSHAKE:
934 ackm_data.pkt_space = QUIC_PN_SPACE_HANDSHAKE;
936 case QUIC_PKT_TYPE_0RTT:
937 case QUIC_PKT_TYPE_1RTT:
938 ackm_data.pkt_space = QUIC_PN_SPACE_APP;
942 * Retry and Version Negotiation packets should not be passed to this
947 ok = 0; /* Still assume the worst */
949 /* Now that special cases are out of the way, parse frames */
950 if (!PACKET_buf_init(&pkt, qpacket->hdr->data, qpacket->hdr->len)
951 || !depack_process_frames(ch, &pkt, qpacket,
952 ackm_data.pkt_space, qpacket->time,
959 * TODO(QUIC): ASSUMPTION: If this function is called at all, |qpacket| is
960 * a legitimate packet, even if its contents aren't.
961 * Therefore, we call ossl_ackm_on_rx_packet() unconditionally, as long as
962 * |ackm_data| has at least been initialized.
965 ossl_ackm_on_rx_packet(ch->ackm, &ackm_data);
projects / openssl.git / blob