diff --git a/draft-ietf-quic-tls.md b/draft-ietf-quic-tls.md index f224290227..7dd47f1221 100644 --- a/draft-ietf-quic-tls.md +++ b/draft-ietf-quic-tls.md @@ -941,17 +941,34 @@ Packet number protection is applied after packet protection is applied (see {{aead}}). The ciphertext of the packet is sampled and used as input to an encryption algorithm. -In sampling the packet ciphertext, the packet number length is assumed to be the -smaller of the maximum possible packet number encoding (4 octets), or the size -of the protected packet minus the minimum expansion for the AEAD. For example, -the sampled ciphertext for a packet with a short header can be determined by: +In sampling the packet ciphertext, the packet number length is assumed to be +4 octets (its maximum possible encoded length), unless there is insufficient +space in the packet for sampling. The sampled ciphertext starts after allowing +for a 4 octet packet number unless this would cause the sample to extend past +the end of the packet. If the sample would extend past the end of the packet, +the end of the packet is sampled. + +For example, the sampled ciphertext for a packet with a short header can be +determined by: ~~~ -sample_offset = min(1 + connection_id_length + 4, - packet_length - aead_expansion) +sample_offset = 1 + len(connection_id) + 4 + +if sample_offset + sample_length > packet_length then + sample_offset = packet_length - sample_length sample = packet[sample_offset..sample_offset+sample_length] ~~~ +A packet with a long header is sampled in the same way, noting that multiple +QUIC packets might be included in the same UDP datagram and that each one is +handled separately. + +~~~ +sample_offset = 6 + len(destination_connection_id) + + len(source_connection_id) + + len(payload_length) + 4 +~~~ + To ensure that this process does not sample the packet number, packet number protection algorithms MUST NOT sample more ciphertext than the minimum expansion of the corresponding AEAD. diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index 0bbe24d707..425bd59f5c 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -280,7 +280,7 @@ keys are established. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Connection ID (0/32..144) ... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -| Payload Length (i) ... +| Length (i) ... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Packet Number (8/16/32) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ @@ -337,10 +337,11 @@ Source Connection ID: either 0 octets in length or between 4 and 18 octets. {{connection-id}} describes the use of this field in more detail. -Payload Length: +Length: -: The length of the Payload field in octets, encoded as a variable-length - integer ({{integer-encoding}}). +: The length of the remainder of the packet (that is, the Packet Number and + Payload fields) in octets, encoded as a variable-length integer + ({{integer-encoding}}). Packet Number: @@ -373,10 +374,13 @@ The interpretation of the fields and the payload are specific to a version and packet type. Type-specific semantics for this version are described in the following sections. -The end of the Payload field (which is also the end of the long header -packet) is determined by the value of the Payload Length field. -Senders can sometimes coalesce multiple packets into one UDP datagram. -See {{packet-coalesce}} for more details. +The end of the packet is determined by the Length field. The Length field +covers the both the Packet Number and Payload fields, both of which are +confidentiality protected and initially of unknown length. The size of the +Payload field is learned once the packet number protection is removed. + +Senders can sometimes coalesce multiple packets into one UDP datagram. See +{{packet-coalesce}} for more details. ## Short Header @@ -4568,4 +4572,3 @@ Hamilton, Jana Iyengar, Fedor Kouranov, Charles Krasic, Jo Kulik, Adam Langley, Jim Roskind, Robbie Shade, Satyam Shekhar, Cherie Shi, Ian Swett, Raman Tenneti, Victor Vasiliev, Antonio Vicente, Patrik Westin, Alyssa Wilk, Dale Worley, Fan Yang, Dan Zhang, Daniel Ziegler. -