check that the client doesn't switch back to 0-RTT after sending 1-RTT

internal/ackhandler/received_packet_handler.go

@@ -35,6 +35,8 @@ type receivedPacketHandler struct {
 	initialPackets   *receivedPacketTracker
 	handshakePackets *receivedPacketTracker
 	appDataPackets   *receivedPacketTracker
+
+	lowest1RTTPacket protocol.PacketNumber
 }
 
 var _ ReceivedPacketHandler = &receivedPacketHandler{}
@@ -49,6 +51,7 @@ func NewReceivedPacketHandler(
 		initialPackets:   newReceivedPacketTracker(rttStats, logger, version),
 		handshakePackets: newReceivedPacketTracker(rttStats, logger, version),
 		appDataPackets:   newReceivedPacketTracker(rttStats, logger, version),
+		lowest1RTTPacket: protocol.InvalidPacketNumber,
 	}
 }
 
@@ -57,18 +60,26 @@ func (h *receivedPacketHandler) ReceivedPacket(
 	encLevel protocol.EncryptionLevel,
 	rcvTime time.Time,
 	shouldInstigateAck bool,
-) {
+) error {
 	switch encLevel {
 	case protocol.EncryptionInitial:
 		h.initialPackets.ReceivedPacket(pn, rcvTime, shouldInstigateAck)
 	case protocol.EncryptionHandshake:
 		h.handshakePackets.ReceivedPacket(pn, rcvTime, shouldInstigateAck)
-	case protocol.Encryption0RTT, protocol.Encryption1RTT:
-		// TODO: implement a check that the client doesn't switch back to 0-RTT after sending a 1-RTT packet
+	case protocol.Encryption0RTT:
+		if h.lowest1RTTPacket != protocol.InvalidPacketNumber && pn > h.lowest1RTTPacket {
+			return fmt.Errorf("received packet number %d on a 0-RTT packet after receiving %d on a 1-RTT packet", pn, h.lowest1RTTPacket)
+		}
+		h.appDataPackets.ReceivedPacket(pn, rcvTime, shouldInstigateAck)
+	case protocol.Encryption1RTT:
+		if h.lowest1RTTPacket == protocol.InvalidPacketNumber || pn < h.lowest1RTTPacket {
+			h.lowest1RTTPacket = pn
+		}
 		h.appDataPackets.ReceivedPacket(pn, rcvTime, shouldInstigateAck)
 	default:
 		panic(fmt.Sprintf("received packet with unknown encryption level: %s", encLevel))
 	}
+	return nil
 }
 
 // only to be used with 1-RTT packets