Report decryption error reasons from QuicReadCodec.

Summary: To facilitate better stats when we get to the point of invoking the Aead, but decryption fails (eg if we derived the wrong keys). Reviewed By: hanidamlaj Differential Revision: D66040217 fbshipit-source-id: 5662c0a0f07a9c421b07b3b9fea53678f9db44d2
facebook · Nov 20, 2024 · df29c69 · df29c69
1 parent fb2c430
commit df29c69
Show file tree

Hide file tree

Showing 4 changed files with 38 additions and 7 deletions.
diff --git a/quic/QuicConstants.h b/quic/QuicConstants.h
@@ -110,6 +110,9 @@ BETTER_ENUM(
     uint8_t,
     NONE,
     CONNECTION_NOT_FOUND,
+    DECRYPTION_ERROR_INITIAL,
+    DECRYPTION_ERROR_HANDSHAKE,
+    DECRYPTION_ERROR_0RTT,
     DECRYPTION_ERROR,
     INVALID_PACKET_SIZE,
     INVALID_PACKET_SIZE_INITIAL,

diff --git a/quic/codec/QuicReadCodec.cpp b/quic/codec/QuicReadCodec.cpp
@@ -85,6 +85,19 @@ folly::Expected<ParsedLongHeader, TransportErrorCode> tryParseLongHeader(
   return std::move(parsedLongHeader.value());
 }
 
+static PacketDropReason getDecryptErrorReason(ProtectionType protectionType) {
+  switch (protectionType) {
+    case ProtectionType::Initial:
+      return PacketDropReason::DECRYPTION_ERROR_INITIAL;
+    case ProtectionType::Handshake:
+      return PacketDropReason::DECRYPTION_ERROR_HANDSHAKE;
+    case ProtectionType::ZeroRtt:
+      return PacketDropReason::DECRYPTION_ERROR_0RTT;
+    default:
+      return PacketDropReason::DECRYPTION_ERROR;
+  }
+}
+
 CodecResult QuicReadCodec::parseLongHeaderPacket(
     BufQueue& queue,
     const AckStates& ackStates) {
@@ -236,7 +249,7 @@ CodecResult QuicReadCodec::parseLongHeaderPacket(
             << " packetNumLen=" << parsePacketNumberLength(initialByte)
             << " protectionType=" << toString(protectionType) << " "
             << connIdToHex();
-    return CodecResult(Nothing());
+    return CodecResult(Nothing(getDecryptErrorReason(protectionType)));
   }
   decrypted = std::move(*decryptAttempt);
 
@@ -347,7 +360,7 @@ CodecResult QuicReadCodec::tryParseShortHeaderPacket(
     VLOG(10) << "Unable to decrypt packet=" << packetNum.first
              << " protectionType=" << (int)protectionType << " "
              << connIdToHex();
-    return CodecResult(Nothing());
+    return CodecResult(Nothing(PacketDropReason::DECRYPTION_ERROR));
   }
   decrypted = std::move(*decryptAttempt);
   if (!decrypted) {
@@ -627,8 +640,9 @@ CodecResult::CodecResult(RetryPacket&& retryPacketIn)
   new (&retry) RetryPacket(std::move(retryPacketIn));
 }
 
-CodecResult::CodecResult(Nothing&&) : type_(CodecResult::Type::NOTHING) {
-  new (&none) Nothing();
+CodecResult::CodecResult(Nothing&& nothing)
+    : type_(CodecResult::Type::NOTHING) {
+  new (&none) Nothing(std::move(nothing));
 }
 
 void CodecResult::destroyCodecResult() {

diff --git a/quic/codec/QuicReadCodec.h b/quic/codec/QuicReadCodec.h
@@ -35,7 +35,12 @@ struct CipherUnavailable {
 /**
  * A type which represents no data.
  */
-struct Nothing {};
+struct Nothing {
+  PacketDropReason reason;
+
+  Nothing() : reason(PacketDropReason::UNEXPECTED_NOTHING) {}
+  explicit Nothing(PacketDropReason reasonIn) : reason(reasonIn) {}
+};
 
 struct CodecResult {
   enum class Type {

diff --git a/quic/codec/test/QuicReadCodecTest.cpp b/quic/codec/test/QuicReadCodecTest.cpp
@@ -63,8 +63,11 @@ std::unique_ptr<QuicReadCodec> makeEncryptedCodec(
 TEST_F(QuicReadCodecTest, EmptyBuffer) {
   auto emptyQueue = bufToQueue(folly::IOBuf::create(0));
   AckStates ackStates;
-  EXPECT_FALSE(
-      parseSuccess(makeUnencryptedCodec()->parsePacket(emptyQueue, ackStates)));
+  auto packet = makeUnencryptedCodec()->parsePacket(emptyQueue, ackStates);
+  EXPECT_EQ(
+      packet.nothing()->reason,
+      PacketDropReason(PacketDropReason::UNEXPECTED_NOTHING));
+  EXPECT_FALSE(parseSuccess(std::move(packet)));
 }
 
 TEST_F(QuicReadCodecTest, TooSmallBuffer) {
@@ -312,6 +315,9 @@ TEST_F(QuicReadCodecTest, PacketDecryptFail) {
   auto packetQueue = bufToQueue(packetToBuf(streamPacket));
   auto packet = makeEncryptedCodec(connId, std::move(aead))
                     ->parsePacket(packetQueue, ackStates);
+  EXPECT_EQ(
+      packet.nothing()->reason,
+      PacketDropReason(PacketDropReason::DECRYPTION_ERROR));
   EXPECT_FALSE(parseSuccess(std::move(packet)));
 }
 
@@ -607,6 +613,9 @@ TEST_F(QuicReadCodecTest, FailToDecryptLongHeaderNoReset) {
   AckStates ackStates;
   auto packetQueue = bufToQueue(packetToBuf(streamPacket));
   auto packet = codec->parsePacket(packetQueue, ackStates);
+  EXPECT_EQ(
+      packet.nothing()->reason,
+      PacketDropReason(PacketDropReason::DECRYPTION_ERROR_0RTT));
   EXPECT_FALSE(isReset(std::move(packet)));
 }