preserve TLS ticket key and label reuse of old one

Author: Snawoot

main.go

@@ -314,6 +314,7 @@ type CLIArgs struct {
 	maxTLSVersion            TLSVersionArg
 	tlsALPNEnabled           bool
 	tlsSessionKeys           [][32]byte
+	tlsSameSessionKey        bool
 	bwLimit                  forward.LimitSpec
 	bwBurst                  int64
 	bwSeparate               bool
@@ -505,6 +506,7 @@ func parse_args() *CLIArgs {
 		args.tlsSessionKeys = append(args.tlsSessionKeys, [32]byte(key))
 		return nil
 	})
+	flag.BoolVar(&args.tlsSameSessionKey, "tls-same-session-key", true, "issue new TLS session tickets with the same key used for previous ticket")
 	flag.Func("config", "read configuration from file with space-separated keys and values", readConfig)
 	flag.Parse()
 	// pull up remaining parameters from other BW-related arguments
@@ -1006,7 +1008,7 @@ func run() int {
 }
 
 func makeServerTLSConfig(args *CLIArgs) (*tls.Config, error) {
-	cfg := tls.Config{
+	cfg := &tls.Config{
 		MinVersion: uint16(args.minTLSVersion),
 		MaxVersion: uint16(args.maxTLSVersion),
 	}
@@ -1043,8 +1045,11 @@ func makeServerTLSConfig(args *CLIArgs) (*tls.Config, error) {
 	}
 	if len(args.tlsSessionKeys) > 0 {
 		cfg.SetSessionTicketKeys(args.tlsSessionKeys)
+		if args.tlsSameSessionKey {
+			cfg = tlsutil.PreserveSessionKeys(cfg, args.tlsSessionKeys)
+		}
 	}
-	return &cfg, nil
+	return cfg, nil
 }
 
 func readConfig(filename string) error {

tlsutil/preserve.go

@@ -0,0 +1,103 @@
+package tlsutil
+
+import (
+	"crypto/tls"
+	"errors"
+	"net"
+)
+
+type preservedKeyKey struct{}
+
+type nonDefaultKeyUsedKey struct{}
+
+func saveConnKey(conn ConnTagger, key [32]byte) {
+	conn.SetTag(preservedKeyKey{}, key)
+}
+
+func getConnKey(conn ConnTagger) ([32]byte, bool) {
+	saved, ok := conn.GetTag(preservedKeyKey{})
+	if !ok {
+		return [32]byte{}, false
+	}
+	key, ok := saved.([32]byte)
+	if !ok {
+		return [32]byte{}, false
+	}
+	return key, true
+}
+
+func setNonDefaultKeyUsed(conn ConnTagger, b bool) {
+	conn.SetTag(nonDefaultKeyUsedKey{}, b)
+}
+
+func WasNonDefaultKeyUsed(conn net.Conn) bool {
+	tagger, ok := conn.(ConnTagger)
+	if !ok {
+		if netconner, ok := conn.(interface {
+			NetConn() net.Conn
+		}); ok {
+			return WasNonDefaultKeyUsed(netconner.NetConn())
+		}
+		return false
+	}
+	saved, ok := tagger.GetTag(nonDefaultKeyUsedKey{})
+	if !ok {
+		return false
+	}
+	val, _ := saved.(bool)
+	return val
+}
+
+func PreserveSessionKeys(cfg *tls.Config, keys [][32]byte) *tls.Config {
+	if len(keys) < 2 {
+		// there's just one key defined, nothing to do
+		return cfg
+	}
+	forkConfig := func(chi *tls.ClientHelloInfo) (*tls.Config, error) {
+		return cfg.Clone(), nil
+	}
+	if cfg.GetConfigForClient != nil {
+		forkConfig = cfg.GetConfigForClient
+	}
+	cfg = cfg.Clone()
+	cfg.GetConfigForClient = func(chi *tls.ClientHelloInfo) (*tls.Config, error) {
+		conn, ok := chi.Conn.(ConnTagger)
+		if !ok {
+			return nil, errors.New("tlsCfg.GetConfigForClient: connection does is not a ConnTagger")
+		}
+		cfg, err := forkConfig(chi)
+		if err != nil {
+			return nil, err
+		}
+		cfg.UnwrapSession = func(identity []byte, cs tls.ConnectionState) (*tls.SessionState, error) {
+			skCfg := cfg.Clone()
+			skCfg.SessionTicketKey = [32]byte{}
+			for ki, key := range keys {
+				skCfg.SetSessionTicketKeys([][32]byte{key})
+				ss, err := skCfg.DecryptTicket(identity, cs)
+				if err != nil {
+					return nil, err
+				}
+				if ss != nil {
+					// key match
+					saveConnKey(conn, key)
+					setNonDefaultKeyUsed(conn, ki > 0)
+					return ss, nil
+				}
+			}
+			return nil, nil
+		}
+		cfg.WrapSession = func(cs tls.ConnectionState, ss *tls.SessionState) ([]byte, error) {
+			// is there previous key? if so, use it
+			if key, ok := getConnKey(conn); ok {
+				skCfg := cfg.Clone()
+				skCfg.SessionTicketKey = [32]byte{}
+				skCfg.SetSessionTicketKeys([][32]byte{key})
+				return skCfg.EncryptTicket(cs, ss)
+			}
+			return cfg.EncryptTicket(cs, ss)
+		}
+		return cfg, nil
+	}
+	return cfg
+}