save the RTT in non-0-RTT session tickets (#4042)

* also send session ticket when 0-RTT is disabled for go1.21 * allow session ticket without transport parameters * do not include transport parameters for non-0RTT session ticket * remove the test assertion because it is not supported for go1.20 * Update internal/handshake/session_ticket.go Co-authored-by: Marten Seemann <martenseemann@gmail.com> * add a 0-RTT argument to unmarshaling session tickets * bump sessionTicketRevision to 4 * check if non-0-RTT session ticket has expected length * change parameter order * add test checks --------- Co-authored-by: Marten Seemann <martenseemann@gmail.com>
2025-04-04 04:37:36 +03:00 · 2023-09-11 23:05:31 +08:00 · 2023-09-11 23:05:31 +08:00 · d1f6ea997c
commit d1f6ea997c
parent 1f25153884
6 changed files with 95 additions and 42 deletions
--- a/internal/handshake/crypto_setup.go
+++ b/internal/handshake/crypto_setup.go
@ -127,7 +127,7 @@ func NewCryptoSetupServer(
 	cs.allow0RTT = allow0RTT

 	quicConf := &qtls.QUICConfig{TLSConfig: tlsConf}
-	qtls.SetupConfigForServer(quicConf, cs.allow0RTT, cs.getDataForSessionTicket, cs.accept0RTT)
+	qtls.SetupConfigForServer(quicConf, cs.allow0RTT, cs.getDataForSessionTicket, cs.handleSessionTicket)
 	addConnToClientHelloInfo(quicConf.TLSConfig, localAddr, remoteAddr)

 	cs.tlsConf = quicConf.TLSConfig
@ -347,10 +347,13 @@ func (h *cryptoSetup) handleDataFromSessionStateImpl(data []byte) (*wire.Transpo
 }

 func (h *cryptoSetup) getDataForSessionTicket() []byte {
-	return (&sessionTicket{
-		Parameters: h.ourParams,
-		RTT:        h.rttStats.SmoothedRTT(),
-	}).Marshal()
+	ticket := &sessionTicket{
+		RTT: h.rttStats.SmoothedRTT(),
+	}
+	if h.allow0RTT {
+		ticket.Parameters = h.ourParams
+	}
+	return ticket.Marshal()
 }

 // GetSessionTicket generates a new session ticket.
@ -379,12 +382,16 @@ func (h *cryptoSetup) GetSessionTicket() ([]byte, error) {
 	return ticket, nil
 }

-// accept0RTT is called for the server when receiving the client's session ticket.
-// It decides whether to accept 0-RTT.
-func (h *cryptoSetup) accept0RTT(sessionTicketData []byte) bool {
+// handleSessionTicket is called for the server when receiving the client's session ticket.
+// It reads parameters from the session ticket and decides whether to accept 0-RTT when the session ticket is used for 0-RTT.
+func (h *cryptoSetup) handleSessionTicket(sessionTicketData []byte, using0RTT bool) bool {
 	var t sessionTicket
-	if err := t.Unmarshal(sessionTicketData); err != nil {
-		h.logger.Debugf("Unmarshalling transport parameters from session ticket failed: %s", err.Error())
+	if err := t.Unmarshal(sessionTicketData, using0RTT); err != nil {
+		h.logger.Debugf("Unmarshalling session ticket failed: %s", err.Error())
+		return false
+	}
+	h.rttStats.SetInitialRTT(t.RTT)
+	if !using0RTT {
 		return false
 	}
 	valid := h.ourParams.ValidFor0RTT(t.Parameters)
@ -397,7 +404,6 @@ func (h *cryptoSetup) accept0RTT(sessionTicketData []byte) bool {
 		return false
 	}
 	h.logger.Debugf("Accepting 0-RTT. Restoring RTT from session ticket: %s", t.RTT)
-	h.rttStats.SetInitialRTT(t.RTT)
 	return true
 }