Merge pull request #3054 from lucas-clemente/trace-dropped-0rtt-keys

trace dropping of 0-RTT keys
2021-03-02 21:27:32 +08:00
parent 40bc7362ef 110f949441
commit 1c9977d8d6
3 changed files with 24 additions and 2 deletions
--- a/internal/handshake/crypto_setup.go
+++ b/internal/handshake/crypto_setup.go
@@ -617,6 +617,9 @@ func (h *cryptoSetup) SetWriteKey(encLevel qtls.EncryptionLevel, suite *qtls.Cip
 		if h.zeroRTTSealer != nil {
 			h.zeroRTTSealer = nil
 			h.logger.Debugf("Dropping 0-RTT keys.")
+			if h.tracer != nil {
+				h.tracer.DroppedEncryptionLevel(protocol.Encryption0RTT)
+			}
 		}
 	default:
 		panic("unexpected write encryption level")
@@ -778,6 +781,9 @@ func (h *cryptoSetup) Get1RTTOpener() (ShortHeaderOpener, error) {
 	if h.zeroRTTOpener != nil && time.Since(h.handshakeCompleteTime) > 3*h.rttStats.PTO(true) {
 		h.zeroRTTOpener = nil
 		h.logger.Debugf("Dropping 0-RTT keys.")
+		if h.tracer != nil {
+			h.tracer.DroppedEncryptionLevel(protocol.Encryption0RTT)
+		}
 	}

 	if !h.has1RTTOpener {
--- a/qlog/qlog.go
+++ b/qlog/qlog.go
@@ -402,8 +402,12 @@ func (t *connectionTracer) UpdatedKey(generation protocol.KeyPhase, remote bool)
 func (t *connectionTracer) DroppedEncryptionLevel(encLevel protocol.EncryptionLevel) {
 	t.mutex.Lock()
 	now := time.Now()
-	t.recordEvent(now, &eventKeyRetired{KeyType: encLevelToKeyType(encLevel, protocol.PerspectiveServer)})
-	t.recordEvent(now, &eventKeyRetired{KeyType: encLevelToKeyType(encLevel, protocol.PerspectiveClient)})
+	if encLevel == protocol.Encryption0RTT {
+		t.recordEvent(now, &eventKeyRetired{KeyType: encLevelToKeyType(encLevel, t.perspective)})
+	} else {
+		t.recordEvent(now, &eventKeyRetired{KeyType: encLevelToKeyType(encLevel, protocol.PerspectiveServer)})
+		t.recordEvent(now, &eventKeyRetired{KeyType: encLevelToKeyType(encLevel, protocol.PerspectiveClient)})
+	}
 	t.mutex.Unlock()
 }

--- a/qlog/qlog_test.go
+++ b/qlog/qlog_test.go
@@ -721,6 +721,18 @@ var _ = Describe("Tracing", func() {
 				Expect(keyTypes).To(ContainElement("client_initial_secret"))
 			})

+			It("records dropped 0-RTT keys", func() {
+				tracer.DroppedEncryptionLevel(protocol.Encryption0RTT)
+				entries := exportAndParse()
+				Expect(entries).To(HaveLen(1))
+				entry := entries[0]
+				Expect(entry.Time).To(BeTemporally("~", time.Now(), scaleDuration(10*time.Millisecond)))
+				Expect(entry.Name).To(Equal("security:key_retired"))
+				ev := entry.Event
+				Expect(ev).To(HaveKeyWithValue("trigger", "tls"))
+				Expect(ev).To(HaveKeyWithValue("key_type", "server_0rtt_secret"))
+			})
+
 			It("records dropped keys", func() {
 				tracer.DroppedKey(42)
 				entries := exportAndParse()