1 /*
2 * Copyright 2020 The Netty Project
3 *
4 * The Netty Project licenses this file to you under the Apache License,
5 * version 2.0 (the "License"); you may not use this file except in compliance
6 * with the License. You may obtain a copy of the License at:
7 *
8 * https://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13 * License for the specific language governing permissions and limitations
14 * under the License.
15 */
16 package io.netty.handler.codec.quic;
17
18 import io.netty.buffer.ByteBuf;
19 import io.netty.buffer.Unpooled;
20
21 import java.net.InetSocketAddress;
22
23 import static io.netty.util.internal.ObjectUtil.checkPositiveOrZero;
24
25 /**
26 * Parses the QUIC packet header and notifies a callback once parsing was successful.
27 * <p>
28 * Once the parser is not needed anymore the user needs to call {@link #close()} to ensure all resources are
29 * released. Failed to do so may lead to memory leaks.
30 * <p>
31 * This class can be used for advanced use-cases. Usually you want to just use {@link QuicClientCodecBuilder} or
32 * {@link QuicServerCodecBuilder}.
33 */
34 public final class QuicHeaderParser implements AutoCloseable {
35 // See https://datatracker.ietf.org/doc/rfc7714/
36 private static final int AES_128_GCM_TAG_LENGTH = 16;
37
38 private final int localConnectionIdLength;
39 private boolean closed;
40
41 public QuicHeaderParser(int localConnectionIdLength) {
42 this.localConnectionIdLength = checkPositiveOrZero(localConnectionIdLength, "localConnectionIdLength");
43 }
44
45 @Override
46 public void close() {
47 if (!closed) {
48 closed = true;
49 }
50 }
51
52 /**
53 * Parses a QUIC packet and extract the header values out of it. This method takes no ownership of the packet itself
54 * which means the caller of this method is expected to call {@link ByteBuf#release()} once the packet is not needed
55 * anymore.
56 *
57 * @param sender the sender of the packet. This is directly passed to the {@link QuicHeaderProcessor} once
58 * parsing was successful.
59 * @param recipient the recipient of the packet.This is directly passed to the {@link QuicHeaderProcessor} once
60 * parsing was successful.
61 * @param packet raw QUIC packet itself. The ownership of the packet is not transferred. This is directly
62 * passed to the {@link QuicHeaderProcessor} once parsing was successful.
63 * @param callback the {@link QuicHeaderProcessor} that is called once a QUIC packet could be parsed and all
64 * the header values be extracted.
65 * @throws Exception thrown if we couldn't parse the header or if the {@link QuicHeaderProcessor} throws an
66 * exception.
67 */
68 public void parse(InetSocketAddress sender, InetSocketAddress recipient, ByteBuf packet,
69 QuicHeaderProcessor callback) throws Exception {
70 if (closed) {
71 throw new IllegalStateException(QuicHeaderParser.class.getSimpleName() + " is already closed");
72 }
73
74 // See https://datatracker.ietf.org/doc/html/rfc9000#section-17
75 int offset = 0;
76 int readable = packet.readableBytes();
77
78 checkReadable(offset, readable, Byte.BYTES);
79 byte first = packet.getByte(offset);
80 offset += Byte.BYTES;
81
82 final QuicPacketType type;
83 final long version;
84 final ByteBuf dcid;
85 final ByteBuf scid;
86 final ByteBuf token;
87
88 if (hasShortHeader(first)) {
89 // See https://www.rfc-editor.org/rfc/rfc9000.html#section-17.3
90 // 1-RTT Packet {
91 // Header Form (1) = 0,
92 // Fixed Bit (1) = 1,
93 // Spin Bit (1),
94 // Reserved Bits (2),
95 // Key Phase (1),
96 // Packet Number Length (2),
97 // Destination Connection ID (0..160),
98 // Packet Number (8..32),
99 // Packet Payload (8..),
100 //}
101 version = 0;
102 type = QuicPacketType.SHORT;
103 // Short packets have no source connection id and no token.
104 scid = Unpooled.EMPTY_BUFFER;
105 token = Unpooled.EMPTY_BUFFER;
106 dcid = sliceCid(packet, offset, localConnectionIdLength);
107 } else {
108 // See https://www.rfc-editor.org/rfc/rfc9000.html#section-17.2
109 // Long Header Packet {
110 // Header Form (1) = 1,
111 // Fixed Bit (1) = 1,
112 // Long Packet Type (2),
113 // Type-Specific Bits (4),
114 // Version (32),
115 // Destination Connection ID Length (8),
116 // Destination Connection ID (0..160),
117 // Source Connection ID Length (8),
118 // Source Connection ID (0..160),
119 // Type-Specific Payload (..),
120 //}
121 checkReadable(offset, readable, Integer.BYTES);
122
123 // Version uses an unsigned int:
124 // https://www.rfc-editor.org/rfc/rfc9000.html#section-15
125 version = packet.getUnsignedInt(offset);
126 offset += Integer.BYTES;
127 type = typeOfLongHeader(first, version);
128
129 int dcidLen = packet.getUnsignedByte(offset);
130 checkCidLength(dcidLen);
131 offset += Byte.BYTES;
132 dcid = sliceCid(packet, offset, dcidLen);
133 offset += dcidLen;
134
135 int scidLen = packet.getUnsignedByte(offset);
136 checkCidLength(scidLen);
137 offset += Byte.BYTES;
138 scid = sliceCid(packet, offset, scidLen);
139 offset += scidLen;
140 token = sliceToken(type, packet, offset, readable);
141 }
142 callback.process(sender, recipient, packet, type, version, scid, dcid, token);
143 }
144
145 // Check if the connection id is not longer then 20. This is what is the maximum for QUIC version 1.
146 // See https://www.rfc-editor.org/rfc/rfc9000.html#section-17.2
147 private static void checkCidLength(int length) throws QuicException {
148 if (length > Quic.MAX_CONN_ID_LEN) {
149 throw new QuicException("connection id to large: " + length + " > " + Quic.MAX_CONN_ID_LEN,
150 QuicTransportError.PROTOCOL_VIOLATION);
151 }
152 }
153
154 private static ByteBuf sliceToken(QuicPacketType type, ByteBuf packet, int offset, int readable)
155 throws QuicException {
156 switch (type) {
157 case INITIAL:
158 // See
159 checkReadable(offset, readable, Byte.BYTES);
160 int numBytes = numBytesForVariableLengthInteger(packet.getByte(offset));
161 int len = (int) getVariableLengthInteger(packet, offset, numBytes);
162 offset += numBytes;
163
164 checkReadable(offset, readable, len);
165 return packet.slice(offset, len);
166 case RETRY:
167 // Exclude the integrity tag from the token.
168 // See https://www.rfc-editor.org/rfc/rfc9000.html#section-17.2.5
169 checkReadable(offset, readable, AES_128_GCM_TAG_LENGTH);
170 int tokenLen = readable - offset - AES_128_GCM_TAG_LENGTH;
171 return packet.slice(offset, tokenLen);
172 default:
173 // No token included.
174 return Unpooled.EMPTY_BUFFER;
175 }
176 }
177 private static QuicException newProtocolViolationException(String message) {
178 return new QuicException(message, QuicTransportError.PROTOCOL_VIOLATION);
179 }
180
181 static ByteBuf sliceCid(ByteBuf buffer, int offset, int len) throws QuicException {
182 checkReadable(offset, buffer.readableBytes(), len);
183 return buffer.slice(offset, len);
184 }
185
186 private static void checkReadable(int offset, int readable, int needed) throws QuicException {
187 int r = readable - offset;
188 if (r < needed) {
189 throw newProtocolViolationException("Not enough bytes to read, " + r + " < " + needed);
190 }
191 }
192
193 /**
194 * Read the variable length integer from the {@link ByteBuf}.
195 * See <a href="https://tools.ietf.org/html/draft-ietf-quic-transport-32#section-16">
196 * Variable-Length Integer Encoding </a>
197 */
198 private static long getVariableLengthInteger(ByteBuf in, int offset, int len) throws QuicException {
199 checkReadable(offset, in.readableBytes(), len);
200 switch (len) {
201 case 1:
202 return in.getUnsignedByte(offset);
203 case 2:
204 return in.getUnsignedShort(offset) & 0x3fff;
205 case 4:
206 return in.getUnsignedInt(offset) & 0x3fffffff;
207 case 8:
208 return in.getLong(offset) & 0x3fffffffffffffffL;
209 default:
210 throw newProtocolViolationException("Unsupported length:" + len);
211 }
212 }
213
214 /**
215 * Returns the number of bytes that were encoded into the byte for a variable length integer to read.
216 * See <a href="https://tools.ietf.org/html/draft-ietf-quic-transport-32#section-16">
217 * Variable-Length Integer Encoding </a>
218 */
219 private static int numBytesForVariableLengthInteger(byte b) {
220 byte val = (byte) (b >> 6);
221 if ((val & 1) != 0) {
222 if ((val & 2) != 0) {
223 return 8;
224 }
225 return 2;
226 }
227 if ((val & 2) != 0) {
228 return 4;
229 }
230 return 1;
231 }
232
233 static boolean hasShortHeader(byte b) {
234 return (b & 0x80) == 0;
235 }
236
237 private static QuicPacketType typeOfLongHeader(byte first, long version) throws QuicException {
238 if (version == 0) {
239 // If we parsed a version of 0 we are sure it's a version negotiation packet:
240 // https://www.rfc-editor.org/rfc/rfc9000.html#section-17.2.1
241 //
242 // This also means we should ignore everything that is left in 'first'.
243 return QuicPacketType.VERSION_NEGOTIATION;
244 }
245 int packetType = (first & 0x30) >> 4;
246 switch (packetType) {
247 case 0x00:
248 return QuicPacketType.INITIAL;
249 case 0x01:
250 return QuicPacketType.ZERO_RTT;
251 case 0x02:
252 return QuicPacketType.HANDSHAKE;
253 case 0x03:
254 return QuicPacketType.RETRY;
255 default:
256 throw newProtocolViolationException("Unknown packet type: " + packetType);
257 }
258 }
259
260 /**
261 * Called when a QUIC packet and its header could be parsed.
262 */
263 public interface QuicHeaderProcessor {
264
265 /**
266 * Called when a QUIC packet header was parsed.
267 *
268 * @param sender the sender of the QUIC packet.
269 * @param recipient the recipient of the QUIC packet.
270 * @param packet the raw QUIC packet. The ownership is not transferred, which means you will need to call
271 * {@link ByteBuf#retain()} on it if you want to keep a reference after this method
272 * returns.
273 * @param type the type of the packet.
274 * @param version the version of the packet.
275 * @param scid the source connection id. The ownership is not transferred and its generally not allowed
276 * to hold any references to this buffer outside of the method as it will be re-used.
277 * @param dcid the destination connection id. The ownership is not transferred and its generally not
278 * allowed to hold any references to this buffer outside of the method as it will be
279 * re-used.
280 * @param token the token.The ownership is not transferred and its generally not allowed
281 * to hold any references to this buffer outside of the method as it will be re-used.
282 * @throws Exception throws if an error happens during processing.
283 */
284 void process(InetSocketAddress sender, InetSocketAddress recipient, ByteBuf packet,
285 QuicPacketType type, long version, ByteBuf scid, ByteBuf dcid, ByteBuf token) throws Exception;
286 }
287 }