fix 0-RTT by moving cookie generation to server config

internal/handshake/crypto_setup_server.go

@@ -26,7 +26,6 @@ type cryptoSetupServer struct {
 	connID               protocol.ConnectionID
 	remoteAddr           net.Addr
 	scfg                 *ServerConfig
-	stkGenerator         *CookieGenerator
 	diversificationNonce []byte
 
 	version           protocol.VersionNumber
@@ -78,18 +77,12 @@ func NewCryptoSetup(
 	paramsChan chan<- TransportParameters,
 	aeadChanged chan<- protocol.EncryptionLevel,
 ) (CryptoSetup, error) {
-	stkGenerator, err := NewCookieGenerator()
-	if err != nil {
-		return nil, err
-	}
-
 	return &cryptoSetupServer{
 		connID:            connID,
 		remoteAddr:        remoteAddr,
 		version:           version,
 		supportedVersions: supportedVersions,
 		scfg:              scfg,
-		stkGenerator:      stkGenerator,
 		keyDerivation:     crypto.DeriveQuicCryptoAESKeys,
 		keyExchange:       getEphermalKEX,
 		nullAEAD:          crypto.NewNullAEAD(protocol.PerspectiveServer, version),
@@ -296,7 +289,7 @@ func (h *cryptoSetupServer) isInchoateCHLO(cryptoData map[Tag][]byte, cert []byt
 }
 
 func (h *cryptoSetupServer) acceptSTK(token []byte) bool {
-	stk, err := h.stkGenerator.DecodeToken(token)
+	stk, err := h.scfg.cookieGenerator.DecodeToken(token)
 	if err != nil {
 		utils.Debugf("STK invalid: %s", err.Error())
 		return false
@@ -309,7 +302,7 @@ func (h *cryptoSetupServer) handleInchoateCHLO(sni string, chlo []byte, cryptoDa
 		return nil, qerr.Error(qerr.CryptoInvalidValueLength, "CHLO too small")
 	}
 
-	token, err := h.stkGenerator.NewToken(h.remoteAddr)
+	token, err := h.scfg.cookieGenerator.NewToken(h.remoteAddr)
 	if err != nil {
 		return nil, err
 	}

internal/handshake/crypto_setup_server_test.go

@@ -214,8 +214,8 @@ var _ = Describe("Server Crypto Setup", func() {
 		)
 		Expect(err).NotTo(HaveOccurred())
 		cs = csInt.(*cryptoSetupServer)
-		cs.stkGenerator.cookieSource = &mockCookieSource{}
-		validSTK, err = cs.stkGenerator.NewToken(remoteAddr)
+		cs.scfg.cookieGenerator.cookieSource = &mockCookieSource{}
+		validSTK, err = cs.scfg.cookieGenerator.NewToken(remoteAddr)
 		Expect(err).NotTo(HaveOccurred())
 		sourceAddrValid = true
 		cs.acceptSTKCallback = func(_ net.Addr, _ *Cookie) bool { return sourceAddrValid }
@@ -438,7 +438,7 @@ var _ = Describe("Server Crypto Setup", func() {
 
 		It("recognizes inchoate CHLOs with an invalid STK", func() {
 			testErr := errors.New("STK invalid")
-			cs.stkGenerator.cookieSource.(*mockCookieSource).decodeErr = testErr
+			cs.scfg.cookieGenerator.cookieSource.(*mockCookieSource).decodeErr = testErr
 			Expect(cs.isInchoateCHLO(fullCHLO, cert)).To(BeTrue())
 		})
 

internal/handshake/server_config.go

@@ -13,6 +13,7 @@ type ServerConfig struct {
 	certChain crypto.CertChain
 	ID        []byte
 	obit      []byte
+	cookieGenerator *CookieGenerator
 }
 
 // NewServerConfig creates a new server config
@@ -28,11 +29,18 @@ func NewServerConfig(kex crypto.KeyExchange, certChain crypto.CertChain) (*Serve
 		return nil, err
 	}
 
+	cookieGenerator, err := NewCookieGenerator()
+
+	if err != nil {
+		return nil, err
+	}
+
 	return &ServerConfig{
 		kex:       kex,
 		certChain: certChain,
 		ID:        id,
 		obit:      obit,
+		cookieGenerator: cookieGenerator,
 	}, nil
 }
 

internal/handshake/server_config_test.go

@@ -27,6 +27,7 @@ var _ = Describe("ServerConfig", func() {
 		Expect(err).ToNot(HaveOccurred())
 		Expect(scfg1.ID).ToNot(Equal(scfg2.ID))
 		Expect(scfg1.obit).ToNot(Equal(scfg2.obit))
+		Expect(scfg1.cookieGenerator).ToNot(Equal(scfg2.cookieGenerator))
 	})
 
 	It("gets the proper binary representation", func() {