Initial stateless reset detection am: e1d5b66375 am: eea8ca9dc8

Original change: https://android-review.googlesource.com/c/platform/external/rust/crates/quiche/+/2411180 Change-Id: I9033fe184139cfa8c4d818ed28ecd7266850437f Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
author: Mike Yu <yumike@google.com> 2023-02-03 08:56:48 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2023-02-03 08:56:48 +0000
commit: bc84d7fe6a68fe896149e38d2cd700a2ae74d69e (patch)
tree: 1f18091d69d3556cffc993a3c0b09e22afcc150d /src
parent: 1443fcc38ac624d25713fd9f38fbe806f057a7c1 (diff)
parent: eea8ca9dc8451f68d81ebcbda454369edfbdcbaa (diff)
download: quiche-bc84d7fe6a68fe896149e38d2cd700a2ae74d69e.tar.gz
1 files changed, 35 insertions, 1 deletions
diff --git a/src/lib.rs b/src/lib.rs
index 2e13278..d590979 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -1864,7 +1864,17 @@ impl Connection {
             let read = match self.recv_single(&mut buf[len - left..len], &info) {
                 Ok(v) => v,
 
-                Err(Error::Done) => left,
+                Err(Error::Done) => {
+                    // If the packet can't be processed or decrypted, check if
+                    // it's a stateless reset.
+                    if self.is_stateless_reset(&buf[len - left..len]) {
+                        trace!("{} packet is a stateless reset", self.trace_id);
+
+                        self.closed = true;
+                    }
+
+                    left
+                },
 
                 Err(e) => {
                     // In case of error processing the incoming packet, close
@@ -1900,6 +1910,30 @@ impl Connection {
         Ok(done)
     }
 
+    /// Returns true if a QUIC packet is a stateless reset.
+    fn is_stateless_reset(&self, buf: &[u8]) -> bool {
+        // If the packet is too small, then we just throw it away.
+        let buf_len = buf.len();
+        if buf_len < 21 {
+            return false;
+        }
+
+        // TODO: we should iterate over all active destination connection IDs
+        // and check against their reset token.
+        match &self.peer_transport_params.stateless_reset_token {
+            Some(token) => {
+                let token_len = 16;
+                ring::constant_time::verify_slices_are_equal(
+                    &token,
+                    &buf[buf_len - token_len..buf_len],
+                )
+                .is_ok()
+            },
+
+            None => false,
+        }
+    }
+
     /// Processes a single QUIC packet received from the peer.
     ///
     /// On success the number of bytes processed from the input buffer is
author	Mike Yu <yumike@google.com>	2023-02-03 08:56:48 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-02-03 08:56:48 +0000
commit	bc84d7fe6a68fe896149e38d2cd700a2ae74d69e (patch)
tree	1f18091d69d3556cffc993a3c0b09e22afcc150d /src
parent	1443fcc38ac624d25713fd9f38fbe806f057a7c1 (diff)
parent	eea8ca9dc8451f68d81ebcbda454369edfbdcbaa (diff)
download	quiche-bc84d7fe6a68fe896149e38d2cd700a2ae74d69e.tar.gz