lsquic_hspack_valid.c revision 00c58df3
1/* Copyright (c) 2017 - 2020 LiteSpeed Technologies Inc. See LICENSE. */ 2/* 3 * lsquic_hspack_valid.c -- Handshake packet validator. 4 * 5 * We want to eliminate invalid packets as soon as we read them in and not 6 * feed them to lsquic engine if we can avoid it. The handshake packet 7 * possesses several characteristics which make it possible to detect 8 * garbage packets. 9 */ 10 11 12#include <assert.h> 13#include <string.h> 14#include <sys/queue.h> 15 16#include "lsquic.h" 17#include "lsquic_types.h" 18#include "lsquic_int_types.h" 19#include "lsquic_packet_common.h" 20#include "lsquic_packet_gquic.h" 21#include "lsquic_packet_ietf.h" 22#include "lsquic_mm.h" 23#include "lsquic_engine_public.h" 24#include "lsquic_version.h" 25#include "lsquic_parse_common.h" 26 27 28#define SMALLEST_GQUIC_OVERHEAD \ 29 1 /* Type */ \ 30 + GQUIC_CID_LEN \ 31 + sizeof(lsquic_ver_tag_t) \ 32 + 1 /* Packet number */ \ 33 + 1 /* Stream frame */ \ 34 + 1 /* Stream ID */ \ 35 + 2 /* Data length */ \ 36 + 12 /* IV */ 37 38 39 40/* Note that we ignore nonce: even if the flag is set, we know that Chrome 41 * does not actually include the 32-byte nonce. 42 */ 43static int 44is_valid_gquic_hs_packet (const unsigned char *buf, size_t bufsz, 45 lsquic_ver_tag_t *tag) 46{ 47 if (bufsz > GQUIC_MAX_PACKET_SZ || 48 /* Data: HPACKed :method GET :path / is 2 bytes */ 49 bufsz < SMALLEST_GQUIC_OVERHEAD + 2 || 50 /* Check maximum packet number: */ 51 buf[1 + GQUIC_CID_LEN + sizeof(lsquic_ver_tag_t)] > 64 || 52 /* From [draft-hamilton-quic-transport-protocol-01]: 53 * 0x80 is currently unused, and must be set to 0. 54 * 0x40 = MULTIPATH. This bit is reserved for multipath use. 55 * 56 * 0x30 = Packet number length. We expect these bits to be 57 * unset. 58 * 59 * The reference implementation checks that two high bits are not 60 * set if version flag is not set or if the version is the same. 61 * For our purposes, all GQUIC version we support so far have these 62 * bits set to zero. 63 * 64 * Incoming handshake packets must have both connection ID and 65 * version bits set. 66 * 67 * Nonce flag is ignored: Chrome sets it erronesously, but it may 68 * not be true (a) in the future or (b) in other clients. 69 */ 70 ((buf[0] ^ ( 71 /* These should be unset: */ 72 (~(0x80|0x40|0x30|PACKET_PUBLIC_FLAGS_RST)) 73 & 74 /* While these should be set: */ 75 (PACKET_PUBLIC_FLAGS_VERSION| 76 PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID) 77 )) & /* Ignore this bit: */ ~PACKET_PUBLIC_FLAGS_NONCE) 78 ) 79 { 80 return 0; 81 } 82 83 memcpy(tag, buf + 1 + 8, sizeof(*tag)); 84 85 return 1; 86} 87 88 89int 90lsquic_is_valid_hs_packet (struct lsquic_engine *engine, 91 const unsigned char *buf, size_t bufsz, size_t packet_in_sz) 92{ 93 lsquic_ver_tag_t tag; 94 int is_valid; 95 96 if (bufsz < 1) 97 return 0; 98 99 switch (buf[0] & 0xF8) 100 { 101 /* Xs vary, Gs are iGnored: */ 102 /* 1X11 XGGG: Q046 long header */ 103 case 0x80|0x40|0x20|0x10|0x08: 104 case 0x80|0x00|0x20|0x10|0x08: 105 case 0x80|0x40|0x20|0x10|0x00: 106 case 0x80|0x00|0x20|0x10|0x00: 107 is_valid = packet_in_sz >= IQUIC_MIN_INIT_PACKET_SZ 108 && lsquic_is_valid_iquic_hs_packet(buf, bufsz, &tag); 109 break; 110 /* 1X00 XGGG: ID-22 long header */ 111 case 0x80|0x40|0x00|0x00|0x08: 112 case 0x80|0x00|0x00|0x00|0x08: 113 case 0x80|0x40|0x00|0x00|0x00: 114 case 0x80|0x00|0x00|0x00|0x00: 115 /* 1X01 XGGG: ID-22 long header */ 116 case 0x80|0x40|0x00|0x10|0x08: 117 case 0x80|0x00|0x00|0x10|0x08: 118 case 0x80|0x40|0x00|0x10|0x00: 119 case 0x80|0x00|0x00|0x10|0x00: 120 /* 1X10 XGGG: ID-22 long header */ 121 case 0x80|0x40|0x20|0x00|0x08: 122 case 0x80|0x00|0x20|0x00|0x08: 123 case 0x80|0x40|0x20|0x00|0x00: 124 case 0x80|0x00|0x20|0x00|0x00: 125 is_valid = packet_in_sz >= IQUIC_MIN_INIT_PACKET_SZ 126 && lsquic_is_valid_ietf_v1_or_Q046plus_hs_packet(buf, bufsz, &tag); 127 break; 128 /* 01XX XGGG: ID-22 short header */ 129 case 0x00|0x40|0x00|0x00|0x00: 130 case 0x00|0x40|0x00|0x00|0x08: 131 case 0x00|0x40|0x00|0x10|0x00: 132 case 0x00|0x40|0x00|0x10|0x08: 133 case 0x00|0x40|0x20|0x00|0x00: 134 case 0x00|0x40|0x20|0x00|0x08: 135 case 0x00|0x40|0x20|0x10|0x00: 136 case 0x00|0x40|0x20|0x10|0x08: 137 is_valid = 0; 138 break; 139 /* 00XX 0GGG: Q046 short header */ 140 case 0x00|0x00|0x00|0x00|0x00: 141 case 0x00|0x00|0x00|0x10|0x00: 142 case 0x00|0x00|0x20|0x00|0x00: 143 case 0x00|0x00|0x20|0x10|0x00: 144 is_valid = 0; 145 break; 146 /* 00XX 1GGG: GQUIC */ 147 case 0x00|0x00|0x00|0x00|0x08: 148 case 0x00|0x00|0x00|0x10|0x08: 149 case 0x00|0x00|0x20|0x00|0x08: 150 case 0x00|0x00|0x20|0x10|0x08: 151 is_valid = is_valid_gquic_hs_packet(buf, bufsz, &tag); 152 break; 153 default: /* gcc thinks this is possible?! */ 154 assert(0); 155 is_valid = 0; 156 break; 157 } 158 159 if (is_valid) 160 { 161 return 1; 162 } 163 else 164 return 0; 165} 166