Google Git
Sign in
quiche/quiche.git/0b8f0ca6081ebbc05128fff5b41b2482ce5094e0^!/.
commit
0b8f0ca6081ebbc05128fff5b41b2482ce5094e0
[log]
author
nharper <nharper@google.com>
Fri Jun 05 12:34:18 2020 -0700
committer
Copybara-Service <copybara-worker@google.com>
Fri Jun 05 12:34:48 2020 -0700
tree
5496b7a0689998ac5780c31ba066c94f728a3edb
parent
8212c45924e356cea0bc43acde1826aafa11e493 [diff]
Discard server 0-RTT read key when QUIC TLS handshake completes

Once the handshake is complete (i.e. the server has received the client's
Finished message), there shouldn't be any more messages in flight from the
client under the 0-RTT keys. If a lost 0-RTT packet eventually arrives late
(after the Finished), the server now won't be able to decrypt it, and
instead will need to wait for the retransmission to arrive (which is
presumably already en route).

Protected by disabled flag quic_enable_zero_rtt_for_tls

PiperOrigin-RevId: 314976141
Change-Id: I4b668e79795a942c7cec08a3cfb8085b182df781

diff --git a/quic/core/http/quic_spdy_client_session_test.cc b/quic/core/http/quic_spdy_client_session_test.cc
index d1eb591..34d95c9 100644
--- a/quic/core/http/quic_spdy_client_session_test.cc
+++ b/quic/core/http/quic_spdy_client_session_test.cc

@@ -973,8 +973,7 @@
                  ->application_state);
 }
 
-// TODO(b/158240541) re-enable this test after fixing the bug.
-TEST_P(QuicSpdyClientSessionTest, DISABLED_IetfZeroRttSetup) {
+TEST_P(QuicSpdyClientSessionTest, IetfZeroRttSetup) {
   // This feature is HTTP/3 only
   if (!VersionUsesHttp3(session_->transport_version())) {
     return;

diff --git a/quic/core/tls_client_handshaker_test.cc b/quic/core/tls_client_handshaker_test.cc
index fe6fb08..6ee0b77 100644
--- a/quic/core/tls_client_handshaker_test.cc
+++ b/quic/core/tls_client_handshaker_test.cc

@@ -323,8 +323,7 @@
   EXPECT_TRUE(stream()->one_rtt_keys_available());
 }
 
-// TODO(b/158240541) re-enable this test after fixing the bug.
-TEST_P(TlsClientHandshakerTest, DISABLED_Resumption) {
+TEST_P(TlsClientHandshakerTest, Resumption) {
   // Finish establishing the first connection:
   CompleteCryptoHandshake();
 

diff --git a/quic/core/tls_server_handshaker.cc b/quic/core/tls_server_handshaker.cc
index 7d97bdb..58f75e4 100644
--- a/quic/core/tls_server_handshaker.cc
+++ b/quic/core/tls_server_handshaker.cc

@@ -380,6 +380,7 @@
   handshaker_delegate()->OnOneRttKeysAvailable();
   handshaker_delegate()->DiscardOldEncryptionKey(ENCRYPTION_HANDSHAKE);
   handshaker_delegate()->DiscardOldDecryptionKey(ENCRYPTION_HANDSHAKE);
+  handshaker_delegate()->DiscardOldDecryptionKey(ENCRYPTION_ZERO_RTT);
 }
 
 ssl_private_key_result_t TlsServerHandshaker::PrivateKeySign(