Establish encryption on IETF QUIC client when 0-RTT key is available. This allows data to be sent in 0-RTT encryption. Protected by disabled quic_enable_zero_rtt_for_tls PiperOrigin-RevId: 313652879 Change-Id: I4dedca48b0ef1da36c3a166b1fde2fe2dfed6031

diff --git a/quic/core/http/quic_spdy_client_session_test.cc b/quic/core/http/quic_spdy_client_session_test.cc
index be80a13..c2a910f 100644
--- a/quic/core/http/quic_spdy_client_session_test.cc
+++ b/quic/core/http/quic_spdy_client_session_test.cc

@@ -1001,6 +1001,8 @@
   EXPECT_EQ(std::numeric_limits<size_t>::max(),
             session_->max_outbound_header_list_size());
   session_->CryptoConnect();
+  EXPECT_TRUE(session_->IsEncryptionEstablished());
+  EXPECT_EQ(ENCRYPTION_ZERO_RTT, session_->connection()->encryption_level());
 
   // The client session should have a basic setup ready before the handshake
   // succeeds.

diff --git a/quic/core/tls_client_handshaker.cc b/quic/core/tls_client_handshaker.cc
index af37236..6ab93e3 100644
--- a/quic/core/tls_client_handshaker.cc
+++ b/quic/core/tls_client_handshaker.cc

@@ -385,7 +385,7 @@
   if (state_ == STATE_CONNECTION_CLOSED) {
     return;
   }
-  if (level == ENCRYPTION_FORWARD_SECURE) {
+  if (level == ENCRYPTION_FORWARD_SECURE || level == ENCRYPTION_ZERO_RTT) {
     encryption_established_ = true;
   }
   TlsHandshaker::SetWriteSecret(level, cipher, write_secret);

diff --git a/quic/test_tools/crypto_test_utils.cc b/quic/test_tools/crypto_test_utils.cc
index 643ae59..1597510 100644
--- a/quic/test_tools/crypto_test_utils.cc
+++ b/quic/test_tools/crypto_test_utils.cc

@@ -750,10 +750,11 @@
     QuicConnectionPeer::AddBytesReceived(
         dest_conn, source_conn->encrypted_packets_[index]->length());
     if (!framer.ProcessPacket(*source_conn->encrypted_packets_[index])) {
-      // The framer will be unable to decrypt forward-secure packets sent after
-      // the handshake is complete. Don't treat them as handshake packets.
+      // The framer will be unable to decrypt zero-rtt packets sent during
+      // handshake or forward-secure packets sent after the handshake is
+      // complete. Don't treat them as handshake packets.
       QuicConnectionPeer::SwapCrypters(dest_conn, framer.framer());
-      break;
+      continue;
     }
     QuicConnectionPeer::SwapCrypters(dest_conn, framer.framer());
     dest_conn->OnDecryptedPacket(framer.last_decrypted_level());