Persist server's crypto config data to disk cache for 0-RTT

net/quic/quic_crypto_client_stream.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/quic/quic_crypto_client_stream.h"
 
 #include "net/base/completion_callback.h"
 #include "net/base/net_errors.h"
 #include "net/quic/crypto/crypto_protocol.h"
 #include "net/quic/crypto/crypto_utils.h"
 #include "net/quic/crypto/null_encrypter.h"
 #include "net/quic/crypto/proof_verifier.h"
 #include "net/quic/crypto/proof_verifier_chromium.h"
+#include "net/quic/crypto/quic_server_info.h"
 #include "net/quic/quic_protocol.h"
 #include "net/quic/quic_session.h"
 #include "net/ssl/ssl_connection_status_flags.h"
 #include "net/ssl/ssl_info.h"
 
 namespace net {
 
 namespace {
 
 // Copies CertVerifyResult from |verify_details| to |cert_verify_result|.
@@ skipping 43 matching lines @@
 QuicCryptoClientStream::QuicCryptoClientStream(
     const string& server_hostname,
     QuicSession* session,
     QuicCryptoClientConfig* crypto_config)
     : QuicCryptoStream(session),
       next_state_(STATE_IDLE),
       num_client_hellos_(0),
       crypto_config_(crypto_config),
       server_hostname_(server_hostname),
       generation_counter_(0),
       proof_verify_callback_(NULL) {

[wtc, 2014/02/13 23:48:43]

We should initialize quic_server_info_data_ready_result_ (to either OK or
ERR_UNEXPECTED) in the constructor.

[ramant (doing other things), 2014/02/15 00:36:12]

Done.

 }
 
 QuicCryptoClientStream::~QuicCryptoClientStream() {
   if (proof_verify_callback_) {
     proof_verify_callback_->Cancel();
   }
 }
 
 void QuicCryptoClientStream::OnHandshakeMessage(
     const CryptoHandshakeMessage& message) {
   QuicCryptoStream::OnHandshakeMessage(message);
 
   DoHandshakeLoop(&message);
 }
 
 bool QuicCryptoClientStream::CryptoConnect() {
-  next_state_ = STATE_SEND_CHLO;
+  next_state_ = STATE_LOAD_QUIC_SERVER_INFO;
   DoHandshakeLoop(NULL);
   return true;
 }
 
 int QuicCryptoClientStream::num_sent_client_hellos() const {
   return num_client_hellos_;
 }
 
 // TODO(rtenneti): Add unittests for GetSSLInfo which exercise the various ways
 // we learn about SSL info (sync vs async vs cached).
@@ skipping 47 matching lines @@
       crypto_config_->LookupOrCreate(server_hostname_);
 
   if (in != NULL) {
     DVLOG(1) << "Client: Received " << in->DebugString();
   }
 
   for (;;) {
     const State state = next_state_;
     next_state_ = STATE_IDLE;
     switch (state) {
+      case STATE_LOAD_QUIC_SERVER_INFO: {
+        if (DoLoadQuicServerInfo(cached) == ERR_IO_PENDING) {
+          return;
+        }
+        break;
+      }
+      case STATE_LOAD_QUIC_SERVER_INFO_COMPLETE: {
+        DoLoadQuicServerInfoComplete(cached);
+        break;
+      }
       case STATE_SEND_CHLO: {
         // Send the client hello in plaintext.
         session()->connection()->SetDefaultEncryptionLevel(ENCRYPTION_NONE);
         if (num_client_hellos_ > kMaxClientHellos) {
           CloseConnection(QUIC_CRYPTO_TOO_MANY_REJECTS);
           return;
         }
         num_client_hellos_++;
 
         if (!cached->IsComplete(session()->connection()->clock()->WallNow())) {
@@ skipping 215 matching lines @@
         return;
       }
       case STATE_IDLE:
         // This means that the peer sent us a message that we weren't expecting.
         CloseConnection(QUIC_INVALID_CRYPTO_MESSAGE_TYPE);
         return;
     }
   }
 }
 
+void QuicCryptoClientStream::OnIOComplete(int result) {
+  DCHECK_EQ(STATE_LOAD_QUIC_SERVER_INFO_COMPLETE, next_state_);
+  DCHECK_NE(ERR_IO_PENDING, result);
+  quic_server_info_data_ready_result_ = result;
+  DoHandshakeLoop(NULL);
+}
+
+int QuicCryptoClientStream::DoLoadQuicServerInfo(
+    QuicCryptoClientConfig::CachedState* cached) {
+  next_state_ = STATE_SEND_CHLO;
+  QuicServerInfo* quic_server_info = cached->quic_server_info();
+  if (!quic_server_info) {
+    return OK;
+  }
+
+  quic_server_info_data_ready_result_ = OK;
+  generation_counter_ = cached->generation_counter();

[wtc, 2014/02/13 23:48:43]

I think we should set next_state_ to STATE_LOAD_QUIC_SERVER_INFO_COMPLETE here,
and remove all the subsequent assignments of next_state_.

[ramant (doing other things), 2014/02/15 00:36:12]

Done.

+
+  // We read the QuicServeInfo's data from disk cache only once.
+  if (cached->quic_server_info()->IsDataReady()) {
+    next_state_ = STATE_LOAD_QUIC_SERVER_INFO_COMPLETE;
+    return OK;
+  }
+
+  // TODO(rtenneti): If multiple tabs load the same URL, all requests except for
+  // the first request send InchoateClientHello. Fix the code to handle multiple
+  // requests. A possible solution is to wait for the first request to finish
+  // and use the data from the disk cache for all requests.
+  int rv = quic_server_info->WaitForDataReady(
+      base::Bind(&QuicCryptoClientStream::OnIOComplete,
+                 base::Unretained(this)));
+
+  if (rv != OK) {
+    if (rv == ERR_IO_PENDING) {
+      next_state_ = STATE_LOAD_QUIC_SERVER_INFO_COMPLETE;
+      return rv;
+    }
+    // It is ok to proceed to STATE_SEND_CHLO when we cannot load QuicServerInfo
+    // from the disk cache.
+    DVLOG(1) << "QuicServerInfo's WaitForDataReady failed";
+  }
+  return OK;

[wtc, 2014/02/13 23:48:43]

I think lines 440-449 can be replaced by:

  if (rv != ERR_IO_PENDING) {
    quic_server_info_data_ready_result_ = rv;
  }
  return rv;

It should be fine to return an |rv| of error because the return value of this
function is ignored unless it is ERR_IO_PENDING.

[ramant (doing other things), 2014/02/15 00:36:12]

Done.

+}
+
+void QuicCryptoClientStream::DoLoadQuicServerInfoComplete(

[wtc, 2014/02/13 23:48:43]

The logic of this method probably should be (omitting the log messages):

  next_state_ = STATE_SEND_CHLO;

  if (generation_counter_ == cached->generation_counter()) {
    if (quic_server_info_data_ready_result_ != OK) {
      // It is ok to proceed to STATE_SEND_CHLO when we cannot
      // load QuicServerInfo from the disk cache.
      DCHECK that |cached| is empty.
      return;
    }
    cached->LoadQuicServerInfo();
  }

  if (cached->proof_valid()) {
    return;
  }

  ProofVerifier* verifier = crypto_config_->proof_verifier();
  ...
  

[wtc, 2014/02/14 01:46:13]

void QuicCryptoClientStream::DoLoadQuicServerInfoComplete(
    QuicCryptoClientConfig::CachedState* cached) {
  next_state_ = STATE_SEND_CHLO;

  if (generation_counter_ != cached->generation_counter()) {
    // Someone else has already saved a server config received
    // from the network.
    return;
  }

  if (quic_server_info_data_ready_result_ != OK ||
      !cached->LoadQuicServerInfo()) {
    // It is ok to proceed to STATE_SEND_CHLO when we cannot
    // load QuicServerInfo from the disk cache.
    DCHECK that cached.server_config_ is empty.
    return;
  }
	
  ProofVerifier* verifier = crypto_config_->proof_verifier();
  if (!verifier) {
    // If no verifier is set then we don't check the certificates.
    cached->SetProofValid();
  } else if (!cached->signature().empty()) {
    next_state_ = STATE_VERIFY_PROOF;
  }
}

[ramant (doing other things), 2014/02/15 00:36:12]

Done.

[ramant (doing other things), 2014/02/15 00:36:12]

As we had talked implemented the second comment.

+    QuicCryptoClientConfig::CachedState* cached) {
+  next_state_ = STATE_SEND_CHLO;
+
+  if (quic_server_info_data_ready_result_ != OK) {
+    DVLOG(1) << "WaitForDataReady failed result: "
+             << quic_server_info_data_ready_result_;
+    return;
+  }
+
+  // Check if generation_counter has changed between STATE_LOAD_QUIC_SERVER_INFO
+  // and STATE_LOAD_QUIC_SERVER_INFO_COMPLETE state changes.
+  if (generation_counter_ != cached->generation_counter()) {
+    DVLOG(1) << "generation_counter_ has changed: " << generation_counter_
+             << " cached's generation_counter_" << cached->generation_counter();
+    return;
+  }
+
+  if (!cached->quic_server_info()->IsDataReady()) {
+    // It is ok to proceed to STATE_SEND_CHLO when we cannot load QuicServerInfo
+    // from the disk cache.
+    DVLOG(1) << "Loading of QuicServerInfo failed";
+    return;
+  }
+
+  cached->LoadQuicServerInfo();
+
+  if (cached->proof_valid()) {
+    return;
+  }
+
+  ProofVerifier* verifier = crypto_config_->proof_verifier();
+  if (!verifier) {
+    // If no verifier is set then we don't check the certificates.
+    cached->SetProofValid();
+  } else if (!cached->signature().empty()) {
+    next_state_ = STATE_VERIFY_PROOF;
+  }
+}
+
 }  // namespace net