check that the client doesn't switch back to 0-RTT after sending 1-RTT

internal/ackhandler/interfaces.go

@@ -57,7 +57,7 @@ type SentPacketHandler interface {
 
 // ReceivedPacketHandler handles ACKs needed to send for incoming packets
 type ReceivedPacketHandler interface {
-	ReceivedPacket(pn protocol.PacketNumber, encLevel protocol.EncryptionLevel, rcvTime time.Time, shouldInstigateAck bool)
+	ReceivedPacket(pn protocol.PacketNumber, encLevel protocol.EncryptionLevel, rcvTime time.Time, shouldInstigateAck bool) error
 	IgnoreBelow(protocol.PacketNumber)
 	DropPackets(protocol.EncryptionLevel)
 

internal/ackhandler/received_packet_handler.go

@@ -35,6 +35,8 @@ type receivedPacketHandler struct {
 	initialPackets   *receivedPacketTracker
 	handshakePackets *receivedPacketTracker
 	appDataPackets   *receivedPacketTracker
+
+	lowest1RTTPacket protocol.PacketNumber
 }
 
 var _ ReceivedPacketHandler = &receivedPacketHandler{}
@@ -49,6 +51,7 @@ func NewReceivedPacketHandler(
 		initialPackets:   newReceivedPacketTracker(rttStats, logger, version),
 		handshakePackets: newReceivedPacketTracker(rttStats, logger, version),
 		appDataPackets:   newReceivedPacketTracker(rttStats, logger, version),
+		lowest1RTTPacket: protocol.InvalidPacketNumber,
 	}
 }
 
@@ -57,18 +60,26 @@ func (h *receivedPacketHandler) ReceivedPacket(
 	encLevel protocol.EncryptionLevel,
 	rcvTime time.Time,
 	shouldInstigateAck bool,
-) {
+) error {
 	switch encLevel {
 	case protocol.EncryptionInitial:
 		h.initialPackets.ReceivedPacket(pn, rcvTime, shouldInstigateAck)
 	case protocol.EncryptionHandshake:
 		h.handshakePackets.ReceivedPacket(pn, rcvTime, shouldInstigateAck)
-	case protocol.Encryption0RTT, protocol.Encryption1RTT:
-		// TODO: implement a check that the client doesn't switch back to 0-RTT after sending a 1-RTT packet
+	case protocol.Encryption0RTT:
+		if h.lowest1RTTPacket != protocol.InvalidPacketNumber && pn > h.lowest1RTTPacket {
+			return fmt.Errorf("received packet number %d on a 0-RTT packet after receiving %d on a 1-RTT packet", pn, h.lowest1RTTPacket)
+		}
+		h.appDataPackets.ReceivedPacket(pn, rcvTime, shouldInstigateAck)
+	case protocol.Encryption1RTT:
+		if h.lowest1RTTPacket == protocol.InvalidPacketNumber || pn < h.lowest1RTTPacket {
+			h.lowest1RTTPacket = pn
+		}
 		h.appDataPackets.ReceivedPacket(pn, rcvTime, shouldInstigateAck)
 	default:
 		panic(fmt.Sprintf("received packet with unknown encryption level: %s", encLevel))
 	}
+	return nil
 }
 
 // only to be used with 1-RTT packets

internal/ackhandler/received_packet_handler_test.go

@@ -25,12 +25,12 @@ var _ = Describe("Received Packet Handler", func() {
 
 	It("generates ACKs for different packet number spaces", func() {
 		sendTime := time.Now().Add(-time.Second)
-		handler.ReceivedPacket(2, protocol.EncryptionInitial, sendTime, true)
-		handler.ReceivedPacket(1, protocol.EncryptionHandshake, sendTime, true)
-		handler.ReceivedPacket(5, protocol.Encryption1RTT, sendTime, true)
-		handler.ReceivedPacket(3, protocol.EncryptionInitial, sendTime, true)
-		handler.ReceivedPacket(2, protocol.EncryptionHandshake, sendTime, true)
-		handler.ReceivedPacket(4, protocol.Encryption1RTT, sendTime, true)
+		Expect(handler.ReceivedPacket(2, protocol.EncryptionInitial, sendTime, true)).To(Succeed())
+		Expect(handler.ReceivedPacket(1, protocol.EncryptionHandshake, sendTime, true)).To(Succeed())
+		Expect(handler.ReceivedPacket(5, protocol.Encryption1RTT, sendTime, true)).To(Succeed())
+		Expect(handler.ReceivedPacket(3, protocol.EncryptionInitial, sendTime, true)).To(Succeed())
+		Expect(handler.ReceivedPacket(2, protocol.EncryptionHandshake, sendTime, true)).To(Succeed())
+		Expect(handler.ReceivedPacket(4, protocol.Encryption1RTT, sendTime, true)).To(Succeed())
 		initialAck := handler.GetAckFrame(protocol.EncryptionInitial)
 		Expect(initialAck).ToNot(BeNil())
 		Expect(initialAck.AckRanges).To(HaveLen(1))
@@ -50,18 +50,32 @@ var _ = Describe("Received Packet Handler", func() {
 
 	It("uses the same packet number space for 0-RTT and 1-RTT packets", func() {
 		sendTime := time.Now().Add(-time.Second)
-		handler.ReceivedPacket(2, protocol.Encryption0RTT, sendTime, true)
-		handler.ReceivedPacket(3, protocol.Encryption1RTT, sendTime, true)
+		Expect(handler.ReceivedPacket(2, protocol.Encryption0RTT, sendTime, true)).To(Succeed())
+		Expect(handler.ReceivedPacket(3, protocol.Encryption1RTT, sendTime, true)).To(Succeed())
 		ack := handler.GetAckFrame(protocol.Encryption1RTT)
 		Expect(ack).ToNot(BeNil())
 		Expect(ack.AckRanges).To(HaveLen(1))
 		Expect(ack.AckRanges[0]).To(Equal(wire.AckRange{Smallest: 2, Largest: 3}))
 	})
 
+	It("rejects 0-RTT packets with higher packet numbers than 1-RTT packets", func() {
+		sendTime := time.Now()
+		Expect(handler.ReceivedPacket(10, protocol.Encryption0RTT, sendTime, true)).To(Succeed())
+		Expect(handler.ReceivedPacket(11, protocol.Encryption1RTT, sendTime, true)).To(Succeed())
+		Expect(handler.ReceivedPacket(12, protocol.Encryption0RTT, sendTime, true)).To(MatchError("received packet number 12 on a 0-RTT packet after receiving 11 on a 1-RTT packet"))
+	})
+
+	It("allows reordered 0-RTT packets", func() {
+		sendTime := time.Now()
+		Expect(handler.ReceivedPacket(10, protocol.Encryption0RTT, sendTime, true)).To(Succeed())
+		Expect(handler.ReceivedPacket(12, protocol.Encryption1RTT, sendTime, true)).To(Succeed())
+		Expect(handler.ReceivedPacket(11, protocol.Encryption0RTT, sendTime, true)).To(Succeed())
+	})
+
 	It("drops Initial packets", func() {
 		sendTime := time.Now().Add(-time.Second)
-		handler.ReceivedPacket(2, protocol.EncryptionInitial, sendTime, true)
-		handler.ReceivedPacket(1, protocol.EncryptionHandshake, sendTime, true)
+		Expect(handler.ReceivedPacket(2, protocol.EncryptionInitial, sendTime, true)).To(Succeed())
+		Expect(handler.ReceivedPacket(1, protocol.EncryptionHandshake, sendTime, true)).To(Succeed())
 		Expect(handler.GetAckFrame(protocol.EncryptionInitial)).ToNot(BeNil())
 		handler.DropPackets(protocol.EncryptionInitial)
 		Expect(handler.GetAckFrame(protocol.EncryptionInitial)).To(BeNil())
@@ -70,8 +84,8 @@ var _ = Describe("Received Packet Handler", func() {
 
 	It("drops Handshake packets", func() {
 		sendTime := time.Now().Add(-time.Second)
-		handler.ReceivedPacket(1, protocol.EncryptionHandshake, sendTime, true)
-		handler.ReceivedPacket(2, protocol.Encryption1RTT, sendTime, true)
+		Expect(handler.ReceivedPacket(1, protocol.EncryptionHandshake, sendTime, true)).To(Succeed())
+		Expect(handler.ReceivedPacket(2, protocol.Encryption1RTT, sendTime, true)).To(Succeed())
 		Expect(handler.GetAckFrame(protocol.EncryptionHandshake)).ToNot(BeNil())
 		handler.DropPackets(protocol.EncryptionInitial)
 		Expect(handler.GetAckFrame(protocol.EncryptionHandshake)).To(BeNil())

internal/mocks/ackhandler/received_packet_handler.go

@@ -89,9 +89,11 @@ func (mr *MockReceivedPacketHandlerMockRecorder) IgnoreBelow(arg0 interface{}) *
 }
 
 // ReceivedPacket mocks base method
-func (m *MockReceivedPacketHandler) ReceivedPacket(arg0 protocol.PacketNumber, arg1 protocol.EncryptionLevel, arg2 time.Time, arg3 bool) {
+func (m *MockReceivedPacketHandler) ReceivedPacket(arg0 protocol.PacketNumber, arg1 protocol.EncryptionLevel, arg2 time.Time, arg3 bool) error {
 	m.ctrl.T.Helper()
-	m.ctrl.Call(m, "ReceivedPacket", arg0, arg1, arg2, arg3)
+	ret := m.ctrl.Call(m, "ReceivedPacket", arg0, arg1, arg2, arg3)
+	ret0, _ := ret[0].(error)
+	return ret0
 }
 
 // ReceivedPacket indicates an expected call of ReceivedPacket

session.go

@@ -821,8 +821,7 @@ func (s *session) handleUnpackedPacket(packet *unpackedPacket, rcvTime time.Time
 		})
 	}
 
-	s.receivedPacketHandler.ReceivedPacket(packet.packetNumber, packet.encryptionLevel, rcvTime, isAckEliciting)
-	return nil
+	return s.receivedPacketHandler.ReceivedPacket(packet.packetNumber, packet.encryptionLevel, rcvTime, isAckEliciting)
 }
 
 func (s *session) handleFrame(f wire.Frame, pn protocol.PacketNumber, encLevel protocol.EncryptionLevel) error {