1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
|
// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "net/third_party/quiche/src/quic/core/quic_crypto_stream.h"
#include <string>
#include "absl/strings/string_view.h"
#include "absl/types/optional.h"
#include "net/third_party/quiche/src/quic/core/crypto/crypto_handshake.h"
#include "net/third_party/quiche/src/quic/core/crypto/crypto_utils.h"
#include "net/third_party/quiche/src/quic/core/quic_connection.h"
#include "net/third_party/quiche/src/quic/core/quic_session.h"
#include "net/third_party/quiche/src/quic/core/quic_types.h"
#include "net/third_party/quiche/src/quic/core/quic_utils.h"
#include "net/third_party/quiche/src/quic/platform/api/quic_flag_utils.h"
#include "net/third_party/quiche/src/quic/platform/api/quic_flags.h"
#include "net/third_party/quiche/src/quic/platform/api/quic_logging.h"
namespace quic {
#define ENDPOINT \
(session()->perspective() == Perspective::IS_SERVER ? "Server: " \
: "Client:" \
" ")
QuicCryptoStream::QuicCryptoStream(QuicSession* session)
: QuicStream(
QuicVersionUsesCryptoFrames(session->transport_version())
? QuicUtils::GetInvalidStreamId(session->transport_version())
: QuicUtils::GetCryptoStreamId(session->transport_version()),
session,
/*is_static=*/true,
QuicVersionUsesCryptoFrames(session->transport_version())
? CRYPTO
: BIDIRECTIONAL),
substreams_{{{this, ENCRYPTION_INITIAL},
{this, ENCRYPTION_HANDSHAKE},
{this, ENCRYPTION_ZERO_RTT},
{this, ENCRYPTION_FORWARD_SECURE}}} {
// The crypto stream is exempt from connection level flow control.
DisableConnectionFlowControlForThisStream();
}
QuicCryptoStream::~QuicCryptoStream() {}
// static
QuicByteCount QuicCryptoStream::CryptoMessageFramingOverhead(
QuicTransportVersion version,
QuicConnectionId connection_id) {
DCHECK(QuicUtils::IsConnectionIdValidForVersion(connection_id, version));
QuicVariableLengthIntegerLength retry_token_length_length =
VARIABLE_LENGTH_INTEGER_LENGTH_1;
QuicVariableLengthIntegerLength length_length =
VARIABLE_LENGTH_INTEGER_LENGTH_2;
if (!QuicVersionHasLongHeaderLengths(version)) {
retry_token_length_length = VARIABLE_LENGTH_INTEGER_LENGTH_0;
length_length = VARIABLE_LENGTH_INTEGER_LENGTH_0;
}
return QuicPacketCreator::StreamFramePacketOverhead(
version, static_cast<QuicConnectionIdLength>(connection_id.length()),
PACKET_0BYTE_CONNECTION_ID,
/*include_version=*/true,
/*include_diversification_nonce=*/true,
VersionHasIetfInvariantHeader(version) ? PACKET_4BYTE_PACKET_NUMBER
: PACKET_1BYTE_PACKET_NUMBER,
retry_token_length_length, length_length,
/*offset=*/0);
}
void QuicCryptoStream::OnCryptoFrame(const QuicCryptoFrame& frame) {
QUIC_BUG_IF(!QuicVersionUsesCryptoFrames(session()->transport_version()))
<< "Versions less than 47 shouldn't receive CRYPTO frames";
EncryptionLevel level = session()->connection()->last_decrypted_level();
substreams_[level].sequencer.OnCryptoFrame(frame);
EncryptionLevel frame_level = level;
if (substreams_[level].sequencer.NumBytesBuffered() >
BufferSizeLimitForLevel(frame_level)) {
OnUnrecoverableError(QUIC_FLOW_CONTROL_RECEIVED_TOO_MUCH_DATA,
"Too much crypto data received");
}
}
void QuicCryptoStream::OnStreamFrame(const QuicStreamFrame& frame) {
if (QuicVersionUsesCryptoFrames(session()->transport_version())) {
QUIC_PEER_BUG
<< "Crypto data received in stream frame instead of crypto frame";
OnUnrecoverableError(QUIC_INVALID_STREAM_DATA, "Unexpected stream frame");
}
QuicStream::OnStreamFrame(frame);
}
void QuicCryptoStream::OnDataAvailable() {
EncryptionLevel level = session()->connection()->last_decrypted_level();
if (!QuicVersionUsesCryptoFrames(session()->transport_version())) {
// Versions less than 47 only support QUIC crypto, which ignores the
// EncryptionLevel passed into CryptoMessageParser::ProcessInput (and
// OnDataAvailableInSequencer).
OnDataAvailableInSequencer(sequencer(), level);
return;
}
OnDataAvailableInSequencer(&substreams_[level].sequencer, level);
}
void QuicCryptoStream::OnDataAvailableInSequencer(
QuicStreamSequencer* sequencer,
EncryptionLevel level) {
struct iovec iov;
while (sequencer->GetReadableRegion(&iov)) {
absl::string_view data(static_cast<char*>(iov.iov_base), iov.iov_len);
if (!crypto_message_parser()->ProcessInput(data, level)) {
OnUnrecoverableError(crypto_message_parser()->error(),
crypto_message_parser()->error_detail());
return;
}
sequencer->MarkConsumed(iov.iov_len);
if (one_rtt_keys_available() &&
crypto_message_parser()->InputBytesRemaining() == 0) {
// If the handshake is complete and the current message has been fully
// processed then no more handshake messages are likely to arrive soon
// so release the memory in the stream sequencer.
sequencer->ReleaseBufferIfEmpty();
}
}
}
bool QuicCryptoStream::ExportKeyingMaterial(absl::string_view label,
absl::string_view context,
size_t result_len,
std::string* result) const {
if (!one_rtt_keys_available()) {
QUIC_DLOG(ERROR) << "ExportKeyingMaterial was called before forward-secure"
<< "encryption was established.";
return false;
}
return CryptoUtils::ExportKeyingMaterial(
crypto_negotiated_params().subkey_secret, label, context, result_len,
result);
}
void QuicCryptoStream::WriteCryptoData(EncryptionLevel level,
absl::string_view data) {
if (!QuicVersionUsesCryptoFrames(session()->transport_version())) {
if (session()->use_write_or_buffer_data_at_level()) {
WriteOrBufferDataAtLevel(data, /*fin=*/false, level,
/*ack_listener=*/nullptr);
return;
}
// The QUIC crypto handshake takes care of setting the appropriate
// encryption level before writing data. Since that is the only handshake
// supported in versions less than 47, |level| can be ignored here.
WriteOrBufferData(data, /* fin */ false, /* ack_listener */ nullptr);
return;
}
if (data.empty()) {
QUIC_BUG << "Empty crypto data being written";
return;
}
const bool had_buffered_data = HasBufferedCryptoFrames();
// Append |data| to the send buffer for this encryption level.
struct iovec iov(QuicUtils::MakeIovec(data));
QuicStreamSendBuffer* send_buffer = &substreams_[level].send_buffer;
QuicStreamOffset offset = send_buffer->stream_offset();
send_buffer->SaveStreamData(&iov, /*iov_count=*/1, /*iov_offset=*/0,
data.length());
if (kMaxStreamLength - offset < data.length()) {
QUIC_BUG << "Writing too much crypto handshake data";
// TODO(nharper): Switch this to an IETF QUIC error code, possibly
// INTERNAL_ERROR?
OnUnrecoverableError(QUIC_STREAM_LENGTH_OVERFLOW,
"Writing too much crypto handshake data");
}
if (had_buffered_data) {
// Do not try to write if there is buffered data.
return;
}
size_t bytes_consumed = stream_delegate()->SendCryptoData(
level, data.length(), offset, NOT_RETRANSMISSION);
send_buffer->OnStreamDataConsumed(bytes_consumed);
}
size_t QuicCryptoStream::BufferSizeLimitForLevel(EncryptionLevel) const {
return GetQuicFlag(FLAGS_quic_max_buffered_crypto_bytes);
}
bool QuicCryptoStream::OnCryptoFrameAcked(const QuicCryptoFrame& frame,
QuicTime::Delta /*ack_delay_time*/) {
QuicByteCount newly_acked_length = 0;
if (!substreams_[frame.level].send_buffer.OnStreamDataAcked(
frame.offset, frame.data_length, &newly_acked_length)) {
OnUnrecoverableError(QUIC_INTERNAL_ERROR,
"Trying to ack unsent crypto data.");
return false;
}
return newly_acked_length > 0;
}
void QuicCryptoStream::OnStreamReset(const QuicRstStreamFrame& /*frame*/) {
stream_delegate()->OnStreamError(QUIC_INVALID_STREAM_ID,
"Attempt to reset crypto stream");
}
void QuicCryptoStream::NeuterUnencryptedStreamData() {
NeuterStreamDataOfEncryptionLevel(ENCRYPTION_INITIAL);
}
void QuicCryptoStream::NeuterStreamDataOfEncryptionLevel(
EncryptionLevel level) {
if (!QuicVersionUsesCryptoFrames(session()->transport_version())) {
for (const auto& interval : bytes_consumed_[level]) {
QuicByteCount newly_acked_length = 0;
send_buffer().OnStreamDataAcked(
interval.min(), interval.max() - interval.min(), &newly_acked_length);
}
return;
}
QuicStreamSendBuffer* send_buffer = &substreams_[level].send_buffer;
// TODO(nharper): Consider adding a Clear() method to QuicStreamSendBuffer to
// replace the following code.
QuicIntervalSet<QuicStreamOffset> to_ack = send_buffer->bytes_acked();
to_ack.Complement(0, send_buffer->stream_offset());
for (const auto& interval : to_ack) {
QuicByteCount newly_acked_length = 0;
send_buffer->OnStreamDataAcked(
interval.min(), interval.max() - interval.min(), &newly_acked_length);
}
}
void QuicCryptoStream::OnStreamDataConsumed(QuicByteCount bytes_consumed) {
if (QuicVersionUsesCryptoFrames(session()->transport_version())) {
QUIC_BUG << "Stream data consumed when CRYPTO frames should be in use";
}
if (bytes_consumed > 0) {
bytes_consumed_[session()->connection()->encryption_level()].Add(
stream_bytes_written(), stream_bytes_written() + bytes_consumed);
}
QuicStream::OnStreamDataConsumed(bytes_consumed);
}
namespace {
constexpr std::array<EncryptionLevel, NUM_ENCRYPTION_LEVELS>
AllEncryptionLevels() {
return {ENCRYPTION_INITIAL, ENCRYPTION_HANDSHAKE, ENCRYPTION_ZERO_RTT,
ENCRYPTION_FORWARD_SECURE};
}
} // namespace
bool QuicCryptoStream::HasPendingCryptoRetransmission() const {
if (!QuicVersionUsesCryptoFrames(session()->transport_version())) {
return false;
}
for (EncryptionLevel level : AllEncryptionLevels()) {
if (substreams_[level].send_buffer.HasPendingRetransmission()) {
return true;
}
}
return false;
}
void QuicCryptoStream::WritePendingCryptoRetransmission() {
QUIC_BUG_IF(!QuicVersionUsesCryptoFrames(session()->transport_version()))
<< "Versions less than 47 don't write CRYPTO frames";
for (EncryptionLevel level : AllEncryptionLevels()) {
QuicStreamSendBuffer* send_buffer = &substreams_[level].send_buffer;
while (send_buffer->HasPendingRetransmission()) {
auto pending = send_buffer->NextPendingRetransmission();
size_t bytes_consumed = stream_delegate()->SendCryptoData(
level, pending.length, pending.offset, HANDSHAKE_RETRANSMISSION);
send_buffer->OnStreamDataRetransmitted(pending.offset, bytes_consumed);
if (bytes_consumed < pending.length) {
return;
}
}
}
}
void QuicCryptoStream::WritePendingRetransmission() {
while (HasPendingRetransmission()) {
StreamPendingRetransmission pending =
send_buffer().NextPendingRetransmission();
QuicIntervalSet<QuicStreamOffset> retransmission(
pending.offset, pending.offset + pending.length);
EncryptionLevel retransmission_encryption_level = ENCRYPTION_INITIAL;
// Determine the encryption level to write the retransmission
// at. The retransmission should be written at the same encryption level
// as the original transmission.
for (size_t i = 0; i < NUM_ENCRYPTION_LEVELS; ++i) {
if (retransmission.Intersects(bytes_consumed_[i])) {
retransmission_encryption_level = static_cast<EncryptionLevel>(i);
retransmission.Intersection(bytes_consumed_[i]);
break;
}
}
pending.offset = retransmission.begin()->min();
pending.length =
retransmission.begin()->max() - retransmission.begin()->min();
QuicConsumedData consumed = RetransmitStreamDataAtLevel(
pending.offset, pending.length, retransmission_encryption_level,
HANDSHAKE_RETRANSMISSION);
if (consumed.bytes_consumed < pending.length) {
// The connection is write blocked.
break;
}
}
}
bool QuicCryptoStream::RetransmitStreamData(QuicStreamOffset offset,
QuicByteCount data_length,
bool /*fin*/,
TransmissionType type) {
DCHECK(type == HANDSHAKE_RETRANSMISSION || type == PTO_RETRANSMISSION);
QuicIntervalSet<QuicStreamOffset> retransmission(offset,
offset + data_length);
// Determine the encryption level to send data. This only needs to be once as
// [offset, offset + data_length) is guaranteed to be in the same packet.
EncryptionLevel send_encryption_level = ENCRYPTION_INITIAL;
for (size_t i = 0; i < NUM_ENCRYPTION_LEVELS; ++i) {
if (retransmission.Intersects(bytes_consumed_[i])) {
send_encryption_level = static_cast<EncryptionLevel>(i);
break;
}
}
retransmission.Difference(bytes_acked());
for (const auto& interval : retransmission) {
QuicStreamOffset retransmission_offset = interval.min();
QuicByteCount retransmission_length = interval.max() - interval.min();
QuicConsumedData consumed = RetransmitStreamDataAtLevel(
retransmission_offset, retransmission_length, send_encryption_level,
type);
if (consumed.bytes_consumed < retransmission_length) {
// The connection is write blocked.
return false;
}
}
return true;
}
QuicConsumedData QuicCryptoStream::RetransmitStreamDataAtLevel(
QuicStreamOffset retransmission_offset,
QuicByteCount retransmission_length,
EncryptionLevel encryption_level,
TransmissionType type) {
DCHECK(type == HANDSHAKE_RETRANSMISSION || type == PTO_RETRANSMISSION);
const auto consumed = stream_delegate()->WritevData(
id(), retransmission_length, retransmission_offset, NO_FIN, type,
encryption_level);
QUIC_DVLOG(1) << ENDPOINT << "stream " << id()
<< " is forced to retransmit stream data ["
<< retransmission_offset << ", "
<< retransmission_offset + retransmission_length
<< "), with encryption level: " << encryption_level
<< ", consumed: " << consumed;
OnStreamFrameRetransmitted(retransmission_offset, consumed.bytes_consumed,
consumed.fin_consumed);
return consumed;
}
uint64_t QuicCryptoStream::crypto_bytes_read() const {
if (!QuicVersionUsesCryptoFrames(session()->transport_version())) {
return stream_bytes_read();
}
uint64_t bytes_read = 0;
for (EncryptionLevel level : AllEncryptionLevels()) {
bytes_read += substreams_[level].sequencer.NumBytesConsumed();
}
return bytes_read;
}
uint64_t QuicCryptoStream::BytesReadOnLevel(EncryptionLevel level) const {
return substreams_[level].sequencer.NumBytesConsumed();
}
bool QuicCryptoStream::WriteCryptoFrame(EncryptionLevel level,
QuicStreamOffset offset,
QuicByteCount data_length,
QuicDataWriter* writer) {
QUIC_BUG_IF(!QuicVersionUsesCryptoFrames(session()->transport_version()))
<< "Versions less than 47 don't write CRYPTO frames (2)";
return substreams_[level].send_buffer.WriteStreamData(offset, data_length,
writer);
}
void QuicCryptoStream::OnCryptoFrameLost(QuicCryptoFrame* crypto_frame) {
QUIC_BUG_IF(!QuicVersionUsesCryptoFrames(session()->transport_version()))
<< "Versions less than 47 don't lose CRYPTO frames";
substreams_[crypto_frame->level].send_buffer.OnStreamDataLost(
crypto_frame->offset, crypto_frame->data_length);
}
void QuicCryptoStream::RetransmitData(QuicCryptoFrame* crypto_frame,
TransmissionType type) {
QUIC_BUG_IF(!QuicVersionUsesCryptoFrames(session()->transport_version()))
<< "Versions less than 47 don't retransmit CRYPTO frames";
QuicIntervalSet<QuicStreamOffset> retransmission(
crypto_frame->offset, crypto_frame->offset + crypto_frame->data_length);
QuicStreamSendBuffer* send_buffer =
&substreams_[crypto_frame->level].send_buffer;
retransmission.Difference(send_buffer->bytes_acked());
if (retransmission.Empty()) {
return;
}
for (const auto& interval : retransmission) {
size_t retransmission_offset = interval.min();
size_t retransmission_length = interval.max() - interval.min();
size_t bytes_consumed = stream_delegate()->SendCryptoData(
crypto_frame->level, retransmission_length, retransmission_offset,
type);
send_buffer->OnStreamDataRetransmitted(retransmission_offset,
bytes_consumed);
if (bytes_consumed < retransmission_length) {
break;
}
}
}
void QuicCryptoStream::WriteBufferedCryptoFrames() {
QUIC_BUG_IF(!QuicVersionUsesCryptoFrames(session()->transport_version()))
<< "Versions less than 47 don't use CRYPTO frames";
for (EncryptionLevel level : AllEncryptionLevels()) {
QuicStreamSendBuffer* send_buffer = &substreams_[level].send_buffer;
const size_t data_length =
send_buffer->stream_offset() - send_buffer->stream_bytes_written();
if (data_length == 0) {
// No buffered data for this encryption level.
continue;
}
size_t bytes_consumed = stream_delegate()->SendCryptoData(
level, data_length, send_buffer->stream_bytes_written(),
NOT_RETRANSMISSION);
send_buffer->OnStreamDataConsumed(bytes_consumed);
if (bytes_consumed < data_length) {
// Connection is write blocked.
break;
}
}
}
bool QuicCryptoStream::HasBufferedCryptoFrames() const {
QUIC_BUG_IF(!QuicVersionUsesCryptoFrames(session()->transport_version()))
<< "Versions less than 47 don't use CRYPTO frames";
for (EncryptionLevel level : AllEncryptionLevels()) {
const QuicStreamSendBuffer& send_buffer = substreams_[level].send_buffer;
DCHECK_GE(send_buffer.stream_offset(), send_buffer.stream_bytes_written());
if (send_buffer.stream_offset() > send_buffer.stream_bytes_written()) {
return true;
}
}
return false;
}
bool QuicCryptoStream::IsFrameOutstanding(EncryptionLevel level,
size_t offset,
size_t length) const {
if (!QuicVersionUsesCryptoFrames(session()->transport_version())) {
// This only happens if a client was originally configured for a version
// greater than 45, but received a version negotiation packet and is
// attempting to retransmit for a version less than 47. Outside of tests,
// this is a misconfiguration of the client, and this connection will be
// doomed. Return false here to avoid trying to retransmit CRYPTO frames on
// the wrong transport version.
return false;
}
return substreams_[level].send_buffer.IsStreamDataOutstanding(offset, length);
}
bool QuicCryptoStream::IsWaitingForAcks() const {
if (!QuicVersionUsesCryptoFrames(session()->transport_version())) {
return QuicStream::IsWaitingForAcks();
}
for (EncryptionLevel level : AllEncryptionLevels()) {
if (substreams_[level].send_buffer.stream_bytes_outstanding()) {
return true;
}
}
return false;
}
QuicCryptoStream::CryptoSubstream::CryptoSubstream(
QuicCryptoStream* crypto_stream,
EncryptionLevel)
: sequencer(crypto_stream),
send_buffer(crypto_stream->session()
->connection()
->helper()
->GetStreamSendBufferAllocator()) {}
#undef ENDPOINT // undef for jumbo builds
} // namespace quic
|
