proto: detect stateless resets in authed and unprotected packets

quinn-rs / quinn

Async-friendly QUIC implementation in Rust

Apache License 2.0

3.76k stars 380 forks source link

proto: detect stateless resets in authed and unprotected packets #1646

Closed Ralith closed 1 year ago

Ralith commented 1 year ago

RFC9000 says: endpoints MUST treat any packet ending in a valid stateless reset token as a Stateless Reset

Previously, we did not detect stateless resets that appeared to be unprotected packets (e.g. Retry or Version Negotiation) or which were successfully decrypted (astronomically unlikely with TLS, but possible with custom cryptographic layers).

We didn't detect this before because all current standard QUIC versions only issue stateless resets as short-header packets.

Ralith commented 1 year ago

Straightforward but not quite trivial. We'd need to set up a a server with a known ResetKey, connect to it, and then inject a hand-crafted reset packet to the client. Would be a good follow-up.

jeromegn commented 1 year ago

Can this be backported + released for 0.10.x? :)

Ralith commented 1 year ago

Backport/bump PR: https://github.com/quinn-rs/quinn/pull/1647

Ralith commented 1 year ago

Published in 0.10.4.