target = "https://www.rfc-editor.org/rfc/rfc9001#section-5.4.2" # 5.4.2. Header Protection Sample # # The header protection algorithm uses both the header protection key # and a sample of the ciphertext from the packet Payload field. # # The same number of bytes are always sampled, but an allowance needs # to be made for the removal of protection by a receiving endpoint, # which will not know the length of the Packet Number field. The # sample of ciphertext is taken starting from an offset of 4 bytes # after the start of the Packet Number field. That is, in sampling # packet ciphertext for header protection, the Packet Number field is # assumed to be 4 bytes long (its maximum possible encoded length). # # An endpoint MUST discard packets that are not long enough to contain # a complete sample. # # To ensure that sufficient data is available for sampling, packets are # padded so that the combined lengths of the encoded packet number and # protected payload is at least 4 bytes longer than the sample required # for header protection. The cipher suites defined in [TLS13] -- other # than TLS_AES_128_CCM_8_SHA256, for which a header protection scheme # is not defined in this document -- have 16-byte expansions and # 16-byte header protection samples. This results in needing at least # 3 bytes of frames in the unprotected payload if the packet number is # encoded on a single byte, or 2 bytes of frames for a 2-byte packet # number encoding. # # The sampled ciphertext can be determined by the following pseudocode: # # # pn_offset is the start of the Packet Number field. # sample_offset = pn_offset + 4 # # sample = packet[sample_offset..sample_offset+sample_length] # # Where the packet number offset of a short header packet can be # calculated as: # # pn_offset = 1 + len(connection_id) # # And the packet number offset of a long header packet can be # calculated as: # # pn_offset = 7 + len(destination_connection_id) + # len(source_connection_id) + # len(payload_length) # if packet_type == Initial: # pn_offset += len(token_length) + # len(token) # # For example, for a packet with a short header, an 8-byte connection # ID, and protected with AEAD_AES_128_GCM, the sample takes bytes 13 to # 28 inclusive (using zero-based indexing). # # Multiple QUIC packets might be included in the same UDP datagram. # Each packet is handled separately. [[spec]] level = "MUST" quote = ''' An endpoint MUST discard packets that are not long enough to contain a complete sample. '''