feat(s2n-quic-tls) Retrieve SNI when the 1-RTT keys are retrieved

quic/s2n-quic-tls/src/callback.rs

@@ -27,8 +27,7 @@ pub struct Callback<'a, T, C> {
     pub suite: PhantomData<C>,
     pub err: Option<transport::Error>,
     pub send_buffer: &'a mut BytesMut,
-    pub emitted_server_name: &'a mut bool,
-    pub server_name: &'a Option<ServerName>,
+    pub server_name: &'a mut Option<ServerName>,
     pub server_params: &'a mut Vec<u8>,
 }
 
@@ -113,16 +112,9 @@ where
 
             // Flush the send buffer before returning to the connection
             self.flush();
-            // attempt to emit server name after making progress and prior to error handling
-            if !*self.emitted_server_name {
-                if let Some(server_name) = self.server_name.clone().or_else(|| {
-                    connection
-                        .server_name()
-                        .map(|server_name| server_name.into())
-                }) {
-                    self.context.on_server_name(server_name)?;
-                    *self.emitted_server_name = true;
-                }
+
+            if let Some(server_name) = self.server_name.take() {
+                self.context.on_server_name(server_name)?;
             }
 
             if let Some(err) = self.err {
@@ -261,15 +253,17 @@ where
                         }
                         let params = unsafe {
                             // Safety: conn needs to outlive params
-                            //
-                            // TODO use interning for these values
-                            // issue: https://github.com/aws/s2n-quic/issues/248
-                            //
-                            // Move this event to where `on_server_name` is emitted once we expose
-                            // the functionality in s2n_tls bindings
                             let application_protocol =
                                 Bytes::copy_from_slice(get_application_protocol(conn)?);
                             self.context.on_application_protocol(application_protocol)?;
+
+                            // Client has already emitted the server name elsewhere
+                            if self.endpoint.is_server() {
+                                if let Some(server_name) = get_server_name(conn) {
+                                    self.context.on_server_name(server_name)?;
+                                }
+                            }
+
                             get_application_params(conn)?
                         };
 
@@ -536,6 +530,15 @@ unsafe fn get_application_protocol<'a>(
         .ok_or(tls::Error::MISSING_EXTENSION)
 }
 
+unsafe fn get_server_name(connection: *mut s2n_connection) -> Option<ServerName> {
+    let ptr = s2n_get_server_name(connection).into_result().ok()?;
+    let data = get_cstr_slice(ptr)?;
+
+    // validate sni is a valid UTF-8 string
+    let string = core::str::from_utf8(data).ok()?;
+    Some(string.into())
+}
+
 unsafe fn get_transport_parameters<'a>(connection: *mut s2n_connection) -> Option<&'a [u8]> {
     let mut ptr = core::ptr::null();
     let mut len = 0u16;

quic/s2n-quic-tls/src/session.rs

@@ -24,8 +24,10 @@ pub struct Session {
     state: callback::State,
     handshake_complete: bool,
     send_buffer: BytesMut,
-    emitted_server_name: bool,
-    // This is only set for the client to avoid an extra allocation
+    // This field is used to minimize allocations for the client.
+    // No allocation needs to occur when the on_server_name callback triggers
+    // since the client has already stored the server_name at the beginning
+    // of a session.
     server_name: Option<ServerName>,
     received_ticket: bool,
     server_params: Vec<u8>,
@@ -72,7 +74,6 @@ impl Session {
             state: Default::default(),
             handshake_complete: false,
             send_buffer: BytesMut::new(),
-            emitted_server_name: false,
             server_name,
             received_ticket: false,
             server_params,
@@ -131,8 +132,7 @@ impl tls::Session for Session {
             suite: PhantomData,
             err: None,
             send_buffer: &mut self.send_buffer,
-            emitted_server_name: &mut self.emitted_server_name,
-            server_name: &self.server_name,
+            server_name: &mut self.server_name,
             server_params: &mut self.server_params,
         };
 
@@ -178,8 +178,7 @@ impl tls::Session for Session {
             suite: PhantomData,
             err: None,
             send_buffer: &mut self.send_buffer,
-            emitted_server_name: &mut self.emitted_server_name,
-            server_name: &self.server_name,
+            server_name: &mut self.server_name,
             server_params: &mut self.server_params,
         };
 

quic/s2n-quic/src/tests/snapshots/tests__dc__dc_handshake_self_test__events.snap

@@ -462,6 +462,7 @@ count#key_update=1
 count#key_update.key_type|HANDSHAKE=1
 count#key_update.cipher_suite|TLS_AES_128_GCM_SHA256=1
 count#application_protocol_information=1
+count#server_name_information=1
 count#transport_parameters_received=1
 timer#transport_parameters_received.latency=1µs
 count#dc_state_changed=1
@@ -471,7 +472,6 @@ count#dc_state_changed.state|VERSION_NEGOTIATED=1
 count#key_update=1
 count#key_update.key_type|ONE_RTT=1
 count#key_update.cipher_suite|TLS_AES_128_GCM_SHA256=1
-count#server_name_information=1
 count#frame_sent=1
 count#frame_sent.packet|INITIAL=1
 count#frame_sent.frame|ACK=1

quic/s2n-quic/src/tests/snapshots/tests__dc__dc_mtls_handshake_auth_failure_self_test__events.snap

@@ -313,6 +313,7 @@ count#key_update=1
 count#key_update.key_type|HANDSHAKE=1
 count#key_update.cipher_suite|TLS_AES_128_GCM_SHA256=1
 count#application_protocol_information=1
+count#server_name_information=1
 count#transport_parameters_received=1
 timer#transport_parameters_received.latency=1µs
 count#dc_state_changed=1
@@ -322,7 +323,6 @@ count#dc_state_changed.state|VERSION_NEGOTIATED=1
 count#key_update=1
 count#key_update.key_type|ONE_RTT=1
 count#key_update.cipher_suite|TLS_AES_128_GCM_SHA256=1
-count#server_name_information=1
 count#frame_sent=1
 count#frame_sent.packet|INITIAL=1
 count#frame_sent.frame|ACK=1

quic/s2n-quic/src/tests/snapshots/tests__dc__dc_mtls_handshake_client_not_supported_self_test__events.snap

@@ -327,14 +327,14 @@ count#key_update=1
 count#key_update.key_type|HANDSHAKE=1
 count#key_update.cipher_suite|TLS_AES_128_GCM_SHA256=1
 count#application_protocol_information=1
+count#server_name_information=1
 count#transport_parameters_received=1
 timer#transport_parameters_received.latency=1µs
 count#dc_state_changed=1
 count#dc_state_changed.state|NO_VERSION_NEGOTIATED=1
 count#key_update=1
 count#key_update.key_type|ONE_RTT=1
 count#key_update.cipher_suite|TLS_AES_128_GCM_SHA256=1
-count#server_name_information=1
 count#frame_sent=1
 count#frame_sent.packet|INITIAL=1
 count#frame_sent.frame|ACK=1

quic/s2n-quic/src/tests/snapshots/tests__dc__dc_mtls_handshake_self_test__events.snap

@@ -467,6 +467,7 @@ count#key_update=1
 count#key_update.key_type|HANDSHAKE=1
 count#key_update.cipher_suite|TLS_AES_128_GCM_SHA256=1
 count#application_protocol_information=1
+count#server_name_information=1
 count#transport_parameters_received=1
 timer#transport_parameters_received.latency=1µs
 count#dc_state_changed=1
@@ -476,7 +477,6 @@ count#dc_state_changed.state|VERSION_NEGOTIATED=1
 count#key_update=1
 count#key_update.key_type|ONE_RTT=1
 count#key_update.cipher_suite|TLS_AES_128_GCM_SHA256=1
-count#server_name_information=1
 count#frame_sent=1
 count#frame_sent.packet|INITIAL=1
 count#frame_sent.frame|ACK=1

quic/s2n-quic/src/tests/snapshots/tests__dc__dc_mtls_handshake_server_not_supported_self_test__events.snap

@@ -320,12 +320,12 @@ count#key_update=1
 count#key_update.key_type|HANDSHAKE=1
 count#key_update.cipher_suite|TLS_AES_128_GCM_SHA256=1
 count#application_protocol_information=1
+count#server_name_information=1
 count#transport_parameters_received=1
 timer#transport_parameters_received.latency=1µs
 count#key_update=1
 count#key_update.key_type|ONE_RTT=1
 count#key_update.cipher_suite|TLS_AES_128_GCM_SHA256=1
-count#server_name_information=1
 count#frame_sent=1
 count#frame_sent.packet|INITIAL=1
 count#frame_sent.frame|ACK=1

quic/s2n-quic/src/tests/snapshots/tests__dc__dc_not_secret_control_packet__events.snap

@@ -562,6 +562,7 @@ count#key_update=1
 count#key_update.key_type|HANDSHAKE=1
 count#key_update.cipher_suite|TLS_AES_128_GCM_SHA256=1
 count#application_protocol_information=1
+count#server_name_information=1
 count#transport_parameters_received=1
 timer#transport_parameters_received.latency=1µs
 count#dc_state_changed=1
@@ -571,7 +572,6 @@ count#dc_state_changed.state|VERSION_NEGOTIATED=1
 count#key_update=1
 count#key_update.key_type|ONE_RTT=1
 count#key_update.cipher_suite|TLS_AES_128_GCM_SHA256=1
-count#server_name_information=1
 count#frame_sent=1
 count#frame_sent.packet|INITIAL=1
 count#frame_sent.frame|ACK=1

quic/s2n-quic/src/tests/snapshots/tests__dc__dc_secret_control_packet__events.snap

@@ -558,6 +558,7 @@ count#key_update=1
 count#key_update.key_type|HANDSHAKE=1
 count#key_update.cipher_suite|TLS_AES_128_GCM_SHA256=1
 count#application_protocol_information=1
+count#server_name_information=1
 count#transport_parameters_received=1
 timer#transport_parameters_received.latency=1µs
 count#dc_state_changed=1
@@ -567,7 +568,6 @@ count#dc_state_changed.state|VERSION_NEGOTIATED=1
 count#key_update=1
 count#key_update.key_type|ONE_RTT=1
 count#key_update.cipher_suite|TLS_AES_128_GCM_SHA256=1
-count#server_name_information=1
 count#frame_sent=1
 count#frame_sent.packet|INITIAL=1
 count#frame_sent.frame|ACK=1

quic/s2n-quic/src/tests/snapshots/tests__pto__handshake_pto_timer_is_armed__events.snap

@@ -545,12 +545,12 @@ count#key_update=1
 count#key_update.key_type|HANDSHAKE=1
 count#key_update.cipher_suite|TLS_AES_128_GCM_SHA256=1
 count#application_protocol_information=1
+count#server_name_information=1
 count#transport_parameters_received=1
 timer#transport_parameters_received.latency=1µs
 count#key_update=1
 count#key_update.key_type|ONE_RTT=1
 count#key_update.cipher_suite|TLS_AES_128_GCM_SHA256=1
-count#server_name_information=1
 count#frame_sent=1
 count#frame_sent.packet|INITIAL=1
 count#frame_sent.frame|ACK=1