Replace SafeBrowsing MAC with downloads over SSL.

chrome/browser/safe_browsing/safe_browsing_util.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/safe_browsing/safe_browsing_util.h"
 
-#include "base/base64.h"
 #include "base/logging.h"
 #include "base/string_util.h"
 #include "base/stringprintf.h"
 #include "chrome/browser/google/google_util.h"
-#include "crypto/hmac.h"
 #include "crypto/sha2.h"
 #include "googleurl/src/gurl.h"
 #include "googleurl/src/url_util.h"
 #include "net/base/escape.h"
 #include "unicode/locid.h"
 
 #if defined(OS_WIN)
 #include "chrome/installer/util/browser_distribution.h"
 #endif
 
-static const int kSafeBrowsingMacDigestSize = 20;
-
 // Continue to this URL after submitting the phishing report form.
 // TODO(paulg): Change to a Chrome specific URL.
 static const char kContinueUrlFormat[] =
   "http://www.google.com/tools/firefox/toolbar/FT2/intl/%s/submit_success.html";
 
 static const char kReportParams[] = "?tpl=%s&continue=%s&url=%s";
 
 // SBChunk ---------------------------------------------------------------------
 
 SBChunk::SBChunk()
@@ skipping 437 matching lines @@
 }
 
 bool IsBadbinurlList(const std::string& list_name) {
   return list_name.compare(kBinUrlList) == 0;
 }
 
 bool IsBadbinhashList(const std::string& list_name) {
   return list_name.compare(kBinHashList) == 0;
 }
 
-static void DecodeWebSafe(std::string* decoded) {
-  DCHECK(decoded);
-  for (std::string::iterator i(decoded->begin()); i != decoded->end(); ++i) {
-    if (*i == '_')
-      *i = '/';
-    else if (*i == '-')
-      *i = '+';
-  }
-}
-
-bool VerifyMAC(const std::string& key, const std::string& mac,
-               const char* data, int data_length) {
-  std::string key_copy = key;
-  DecodeWebSafe(&key_copy);
-  std::string decoded_key;
-  base::Base64Decode(key_copy, &decoded_key);
-
-  std::string mac_copy = mac;
-  DecodeWebSafe(&mac_copy);
-  std::string decoded_mac;
-  base::Base64Decode(mac_copy, &decoded_mac);
-
-  crypto::HMAC hmac(crypto::HMAC::SHA1);
-  if (!hmac.Init(decoded_key))
-    return false;
-  const std::string data_str(data, data_length);
-  unsigned char digest[kSafeBrowsingMacDigestSize];
-  if (!hmac.Sign(data_str, digest, kSafeBrowsingMacDigestSize))
-    return false;
-
-  return !memcmp(digest, decoded_mac.data(), kSafeBrowsingMacDigestSize);
-}
-
 GURL GeneratePhishingReportUrl(const std::string& report_page,
                                const std::string& url_to_report,
                                bool is_client_side_detection) {
   icu::Locale locale = icu::Locale::getDefault();
   const char* lang = locale.getLanguage();
   if (!lang)
     lang = "en";  // fallback
   const std::string continue_esc = net::EscapeQueryParamValue(
       base::StringPrintf(kContinueUrlFormat, lang), true);
   const std::string current_esc = net::EscapeQueryParamValue(url_to_report,
@@ skipping 18 matching lines @@
 void StringToSBFullHash(const std::string& hash_in, SBFullHash* hash_out) {
   DCHECK_EQ(crypto::kSHA256Length, hash_in.size());
   memcpy(hash_out->full_hash, hash_in.data(), crypto::kSHA256Length);
 }
 
 std::string SBFullHashToString(const SBFullHash& hash) {
   DCHECK_EQ(crypto::kSHA256Length, sizeof(hash.full_hash));
   return std::string(hash.full_hash, sizeof(hash.full_hash));
 }
 }  // namespace safe_browsing_util