Adding robustness checks to the QUIC handshake

neqo-bin/src/lib.rs

@@ -125,6 +125,10 @@ pub struct QuicParameters {
     /// Whether to slice the SNI.
     pub no_sni_slicing: bool,
 
+    #[arg(long)]
+    /// Whether to send random noise packets before client Initial packets.
+    pub no_pre_init_noise: bool,
+
     #[arg(name = "preferred-address-v4", long)]
     /// An IPv4 address for the server preferred address.
     pub preferred_address_v4: Option<String>,
@@ -148,6 +152,7 @@ impl Default for QuicParameters {
             preferred_address_v4: None,
             preferred_address_v6: None,
             no_sni_slicing: false,
+            no_pre_init_noise: false,
         }
     }
 }
@@ -221,7 +226,8 @@ impl QuicParameters {
             .cc_algorithm(self.congestion_control)
             .pacing(!self.no_pacing)
             .pmtud(!self.no_pmtud)
-            .sni_slicing(!self.no_sni_slicing);
+            .sni_slicing(!self.no_sni_slicing)
+            .pre_init_noise(!self.no_pre_init_noise);
         params = if let Some(pa) = self.preferred_address() {
             params.preferred_address(pa)
         } else {

neqo-transport/src/connection/mod.rs

@@ -25,7 +25,7 @@ use neqo_common::{
 use neqo_crypto::{
     agent::CertificateInfo, Agent, AntiReplay, AuthenticationStatus, Cipher, Client, Group,
     HandshakeState, PrivateKey, PublicKey, ResumptionToken, SecretAgentInfo, SecretAgentPreInfo,
-    Server, ZeroRttChecker,
+    Server, ZeroRttChecker, random, randomize,
 };
 use smallvec::SmallVec;
 use strum::IntoEnumIterator as _;
@@ -88,6 +88,11 @@ pub use crate::send_stream::{RetransmissionPriority, SendStreamStats, Transmissi
 /// handshake.  This is a hack, but a useful one.
 const EXTRA_INITIALS: usize = 4;
 
+/// Maximum number of noise datagrams to send before Client Initial packets.
+const MAX_PRE_INIT_NOISE_PKTS: usize = 1;
+/// Payload size range (in bytes) for pre-Initial noise datagrams: to mimic real Initial packets.
+const PRE_INIT_NOISE_LEN_RANGE: RangeInclusive<usize> = RangeInclusive::new(1200, 1400);
+
 #[derive(Debug, PartialEq, Eq, Clone, Copy)]
 pub enum ZeroRttState {
     Init,
@@ -291,6 +296,7 @@ pub struct Connection {
     release_resumption_token_timer: Option<Instant>,
     conn_params: ConnectionParameters,
     hrtime: hrtime::Handle,
+    pre_initial_noise_pkts: usize,
 
     /// For testing purposes it is sometimes necessary to inject frames that wouldn't
     /// otherwise be sent, just to see how a connection handles them.  Inserting them
@@ -351,6 +357,12 @@ impl Connection {
             &mut c.stats.borrow_mut(),
         );
         c.setup_handshake_path(&Rc::new(RefCell::new(path)), now);
+
+        if c.conn_params.pre_init_noise_enabled() {
+            // Generate a random number between 1 and the maximum number of pre-initial packets
+            c.pre_initial_noise_pkts = (usize::from(random::<1>()[0]) % MAX_PRE_INIT_NOISE_PKTS) + 1;
+        }
+
         Ok(c)
     }
 
@@ -437,6 +449,7 @@ impl Connection {
             conn_params,
             hrtime: hrtime::Time::get(Self::LOOSE_TIMER_RESOLUTION),
             quic_datagrams,
+            pre_initial_noise_pkts: 0,
             #[cfg(test)]
             test_frame_writer: None,
         };
@@ -1142,6 +1155,28 @@ impl Connection {
 
         match (&self.state, self.role) {
             (State::Init, Role::Client) => {
+                // Before starting the client, send some noise
+                if self.pre_initial_noise_pkts > 0 {
+                    if let Some(path) = self.paths.primary() {
+                        // Choose a random payload size between the noise payload length range.
+                        let span = PRE_INIT_NOISE_LEN_RANGE.end() - PRE_INIT_NOISE_LEN_RANGE.start() + 1;
+                        let v = usize::from(random::<1>()[0]);
+                        let len  = PRE_INIT_NOISE_LEN_RANGE.start() + (v % span);
+
+                        let mut dummy_buf= vec![0u8; len];
+                        randomize(&mut dummy_buf);
+
+                        let dg = Datagram::new(
+                            path.borrow().local_address(),
+                            path.borrow().remote_address(),
+                            IpTos::default(),
+                            dummy_buf,
+                        );
+                        self.pre_initial_noise_pkts -= 1;
+                        return Output::Datagram(dg);
+                    }
+                }
+
                 let res = self.client_start(now);
                 self.absorb_error(now, res);
             }

neqo-transport/src/connection/params.rs

@@ -96,6 +96,8 @@ pub struct ConnectionParameters {
     pmtud_iface_mtu: bool,
     /// Whether the connection should use SNI slicing.
     sni_slicing: bool,
+    /// Whether the connection should enable pre-Initial noise.
+    pre_init_noise: bool,
     /// Whether to enable mlkem768nistp256-sha256.
     mlkem: bool,
 }
@@ -128,6 +130,7 @@ impl Default for ConnectionParameters {
             pmtud_iface_mtu: true,
             sni_slicing: true,
             mlkem: true,
+            pre_init_noise: true,
         }
     }
 }
@@ -410,6 +413,17 @@ impl ConnectionParameters {
         self
     }
 
+    #[must_use]
+    pub const fn pre_init_noise_enabled(&self) -> bool {
+        self.pre_init_noise
+    }
+
+    #[must_use]
+    pub const fn pre_init_noise(mut self, pre_init_noise: bool) -> Self {
+        self.pre_init_noise = pre_init_noise;
+        self
+    }
+
     #[must_use]
     pub const fn mlkem_enabled(&self) -> bool {
         self.mlkem