Persist server's crypto config data to disk cache for 0-RTT

net/quic/crypto/quic_crypto_client_config.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/quic/crypto/quic_crypto_client_config.h"
 
 #include "base/stl_util.h"
 #include "net/quic/crypto/cert_compressor.h"
 #include "net/quic/crypto/channel_id.h"
 #include "net/quic/crypto/common_cert_set.h"
@@ skipping 20 matching lines @@
 
 QuicCryptoClientConfig::QuicCryptoClientConfig() {
 }
 
 QuicCryptoClientConfig::~QuicCryptoClientConfig() {
   STLDeleteValues(&cached_states_);
 }
 
 QuicCryptoClientConfig::CachedState::CachedState()
     : server_config_valid_(false),
+      need_to_persist_(false),
       generation_counter_(0) {}
 
 QuicCryptoClientConfig::CachedState::CachedState(
     scoped_ptr<QuicServerInfo> quic_server_info)
     : server_config_valid_(false),
+      need_to_persist_(false),
       generation_counter_(0),
       quic_server_info_(quic_server_info.Pass()) {}
 
 QuicCryptoClientConfig::CachedState::~CachedState() {}
 
 bool QuicCryptoClientConfig::CachedState::IsComplete(QuicWallTime now) const {
   if (server_config_.empty() || !server_config_valid_) {
     return false;
   }
 
   const CryptoHandshakeMessage* scfg = GetServerConfig();
   if (!scfg) {
     // Should be impossible short of cache corruption.
     DCHECK(false);
     return false;
   }
 
   uint64 expiry_seconds;
   if (scfg->GetUint64(kEXPY, &expiry_seconds) != QUIC_NO_ERROR ||
       now.ToUNIXSeconds() >= expiry_seconds) {
     return false;
   }
 
   return true;
 }
 
+bool QuicCryptoClientConfig::CachedState::IsEmpty() const {
+  return server_config_.empty();
+}
+
 const CryptoHandshakeMessage*
 QuicCryptoClientConfig::CachedState::GetServerConfig() const {
   if (server_config_.empty()) {
     return NULL;
   }
 
   if (!scfg_.get()) {
     scfg_.reset(CryptoFramer::ParseMessage(server_config_));
     DCHECK(scfg_.get());
   }
@@ skipping 29 matching lines @@
 
   if (now.ToUNIXSeconds() >= expiry_seconds) {
     *error_details = "SCFG has expired";
     return QUIC_CRYPTO_SERVER_CONFIG_EXPIRED;
   }
 
   if (!matches_existing) {
     server_config_ = server_config.as_string();
     SetProofInvalid();
     scfg_.reset(new_scfg_storage.release());
+    need_to_persist_ = true;
   }
   return QUIC_NO_ERROR;
 }
 
 void QuicCryptoClientConfig::CachedState::InvalidateServerConfig() {
   server_config_.clear();
   scfg_.reset();
   SetProofInvalid();
 }
 
@@ skipping 22 matching lines @@
 }
 
 void QuicCryptoClientConfig::CachedState::ClearProof() {
   SetProofInvalid();
   certs_.clear();
   server_config_sig_.clear();
 }
 
 void QuicCryptoClientConfig::CachedState::SetProofValid() {
   server_config_valid_ = true;
+  SaveQuicServerInfo();
 }
 
 void QuicCryptoClientConfig::CachedState::SetProofInvalid() {
   server_config_valid_ = false;
   ++generation_counter_;
 }
 
 const string& QuicCryptoClientConfig::CachedState::server_config() const {
   return server_config_;
 }
@@ skipping 17 matching lines @@
 
 uint64 QuicCryptoClientConfig::CachedState::generation_counter() const {
   return generation_counter_;
 }
 
 const ProofVerifyDetails*
 QuicCryptoClientConfig::CachedState::proof_verify_details() const {
   return proof_verify_details_.get();
 }
 
+QuicServerInfo* QuicCryptoClientConfig::CachedState::quic_server_info() const {
+  return quic_server_info_.get();
+}
+
 void QuicCryptoClientConfig::CachedState::set_source_address_token(
     StringPiece token) {
   source_address_token_ = token.as_string();
 }
 
 void QuicCryptoClientConfig::CachedState::SetProofVerifyDetails(
     ProofVerifyDetails* details) {
   proof_verify_details_.reset(details);
 }
 
 void QuicCryptoClientConfig::CachedState::InitializeFrom(
     const QuicCryptoClientConfig::CachedState& other) {
   DCHECK(server_config_.empty());
   DCHECK(!server_config_valid_);
   server_config_ = other.server_config_;

[wtc, 2014/02/19 22:53:28]

I think this method should also bump the generation counter. It seems wrong to
do that by calling SetServerConfig here because SetServerConfig will also set
server_config_valid_ to false. So we may need to just do ++generation_counter_.

[ramant (doing other things), 2014/02/20 02:34:06]

Done.

   source_address_token_ = other.source_address_token_;
   certs_ = other.certs_;
   server_config_sig_ = other.server_config_sig_;
   server_config_valid_ = other.server_config_valid_;
 }
 
+// TODO(rtenneti): LoadQuicServerInfo and SaveQuicServerInfo have duplication of
+// data in CachedState and QuicServerInfo. We should eliminate the duplication
+// of data.
+// An issue to be solved: while we are loading the data from disk cache, it is
+// possible for another request for the same hostname update the CachedState
+// because that request has sent FillInchoateClientHello and got REJ message.
+// Loading of data from disk cache shouldn't blindly overwrite what is in
+// CachedState.
+bool QuicCryptoClientConfig::CachedState::LoadQuicServerInfo(QuicWallTime now) {
+  DCHECK(server_config_.empty());
+  DCHECK(quic_server_info_.get());
+  DCHECK(quic_server_info_->IsDataReady());
+
+  const QuicServerInfo::State& state(quic_server_info_->state());
+  if (state.server_config.empty()) {
+    return false;
+  }
+
+  string error_details;
+  QuicErrorCode error = SetServerConfig(state.server_config, now,
+                                        &error_details);
+  if (error != QUIC_NO_ERROR) {
+    DVLOG(1) << "SetServerConfig failed with " << error_details;
+    return false;
+  }
+
+  source_address_token_ = state.source_address_token;
+  server_config_sig_ = state.server_config_sig;
+  certs_ = state.certs;
+  need_to_persist_ = false;
+  return true;
+}
+
+void QuicCryptoClientConfig::CachedState::SaveQuicServerInfo() {
+  if (!quic_server_info_.get() || !need_to_persist_) {
+    return;
+  }
+  DCHECK(server_config_valid_);
+
+  // If the QuicServerInfo hasn't managed to load from disk yet then we can't
+  // save anything.

[wtc, 2014/02/19 22:53:28]

This seems wrong. This means we may not save the data in CachedState to the disk
cache. We should fix this problem (maybe later).

[ramant (doing other things), 2014/02/20 02:34:06]

Added a TODO. thanks.

+  if (!quic_server_info_->IsDataReady()) {
+    return;
+  }
+
+  QuicServerInfo::State* state = quic_server_info_->mutable_state();
+
+  state->server_config = server_config_;
+  state->source_address_token = source_address_token_;
+  state->server_config_sig = server_config_sig_;
+  state->certs = certs_;
+
+  quic_server_info_->Persist();
+  need_to_persist_ = false;
+}
+
 void QuicCryptoClientConfig::SetDefaults() {
   // Key exchange methods.
   kexs.resize(2);
   kexs[0] = kC255;
   kexs[1] = kP256;
 
   // Authenticated encryption algorithms.
   aead.resize(1);
   aead[0] = kAESG;
 }
@@ skipping 431 matching lines @@
   CachedState* canonical_cached =
       canonical_crypto_config->LookupOrCreate(canonical_server_hostname);
   if (!canonical_cached->proof_valid()) {
     return;
   }
   CachedState* cached = LookupOrCreate(server_hostname);
   cached->InitializeFrom(*canonical_cached);
 }
 
 }  // namespace net