qtls: only attempt 0-RTT resumption for 0-RTT enabled session tickets (#4183)

internal/qtls/client_session_cache.go

@@ -7,8 +7,8 @@ import (
 )
 
 type clientSessionCache struct {
-	getData func() []byte
-	setData func([]byte) (allowEarlyData bool)
+	getData func(earlyData bool) []byte
+	setData func(data []byte, earlyData bool) (allowEarlyData bool)
 	wrapped tls.ClientSessionCache
 }
 
@@ -24,7 +24,7 @@ func (c clientSessionCache) Put(key string, cs *tls.ClientSessionState) {
 		c.wrapped.Put(key, cs)
 		return
 	}
-	state.Extra = append(state.Extra, addExtraPrefix(c.getData()))
+	state.Extra = append(state.Extra, addExtraPrefix(c.getData(state.EarlyData)))
 	newCS, err := tls.NewResumptionState(ticket, state)
 	if err != nil {
 		// It's not clear why this would error. Just save the original state.
@@ -46,12 +46,13 @@ func (c clientSessionCache) Get(key string) (*tls.ClientSessionState, bool) {
 		c.wrapped.Put(key, nil)
 		return nil, false
 	}
-	var earlyData bool
 	// restore QUIC transport parameters and RTT stored in state.Extra
 	if extra := findExtraData(state.Extra); extra != nil {
-		earlyData = c.setData(extra)
+		earlyData := c.setData(extra, state.EarlyData)
+		if state.EarlyData {
+			state.EarlyData = earlyData
+		}
 	}
-	state.EarlyData = earlyData
 	session, err := tls.NewResumptionState(ticket, state)
 	if err != nil {
 		// It's not clear why this would error.

internal/qtls/client_session_cache_test.go

@@ -40,8 +40,9 @@ var _ = Describe("Client Session Cache", func() {
 			RootCAs: testdata.GetRootCA(),
 			ClientSessionCache: &clientSessionCache{
 				wrapped: tls.NewLRUClientSessionCache(10),
-				getData: func() []byte { return []byte("session") },
-				setData: func(data []byte) bool {
+				getData: func(bool) []byte { return []byte("session") },
+				setData: func(data []byte, earlyData bool) bool {
+					Expect(earlyData).To(BeFalse()) // running on top of TCP, we can only test non-0-RTT here
 					restored <- data
 					return true
 				},

internal/qtls/go120.go

@@ -52,10 +52,20 @@ func SetupConfigForServer(conf *QUICConfig, enable0RTT bool, getDataForSessionTi
 	}
 }
 
-func SetupConfigForClient(conf *QUICConfig, getDataForSessionState func() []byte, setDataFromSessionState func([]byte) bool) {
+func SetupConfigForClient(
+	conf *QUICConfig,
+	getDataForSessionState func(earlyData bool) []byte,
+	setDataFromSessionState func(data []byte, earlyData bool) (allowEarlyData bool),
+) {
 	conf.ExtraConfig = &qtls.ExtraConfig{
-		GetAppDataForSessionState:  getDataForSessionState,
-		SetAppDataFromSessionState: setDataFromSessionState,
+		GetAppDataForSessionState: func() []byte {
+			// qtls only calls the GetAppDataForSessionState when doing 0-RTT
+			return getDataForSessionState(true)
+		},
+		SetAppDataFromSessionState: func(data []byte) (allowEarlyData bool) {
+			// qtls only calls the SetAppDataFromSessionState for 0-RTT enabled tickets
+			return setDataFromSessionState(data, true)
+		},
 	}
 }
 

internal/qtls/go121.go

@@ -93,7 +93,11 @@ func SetupConfigForServer(qconf *QUICConfig, _ bool, getData func() []byte, hand
 	}
 }
 
-func SetupConfigForClient(qconf *QUICConfig, getData func() []byte, setData func([]byte) bool) {
+func SetupConfigForClient(
+	qconf *QUICConfig,
+	getData func(earlyData bool) []byte,
+	setData func(data []byte, earlyData bool) (allowEarlyData bool),
+) {
 	conf := qconf.TLSConfig
 	if conf.ClientSessionCache != nil {
 		origCache := conf.ClientSessionCache