OLD | NEW |
---|---|
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/dns_cert_provenance_checker.h" | 5 #include "net/socket/dns_cert_provenance_checker.h" |
6 | 6 |
7 #if !defined(USE_OPENSSL) | 7 #if !defined(USE_OPENSSL) |
8 | 8 |
9 #include <nspr.h> | 9 #include <nspr.h> |
10 | 10 |
11 #include <hasht.h> | 11 #include <hasht.h> |
12 #include <keyhi.h> | 12 #include <keyhi.h> |
13 #include <pk11pub.h> | 13 #include <pk11pub.h> |
14 #include <sechash.h> | 14 #include <sechash.h> |
15 | 15 |
16 #include <set> | 16 #include <set> |
17 #include <string> | 17 #include <string> |
18 | 18 |
19 #include "base/base64.h" | 19 #include "base/base64.h" |
20 #include "base/basictypes.h" | 20 #include "base/basictypes.h" |
21 #include "base/lazy_instance.h" | 21 #include "base/lazy_instance.h" |
22 #include "base/memory/scoped_ptr.h" | 22 #include "base/memory/scoped_ptr.h" |
23 #include "base/pickle.h" | 23 #include "base/pickle.h" |
24 #include "base/sha1.h" | |
24 #include "base/threading/non_thread_safe.h" | 25 #include "base/threading/non_thread_safe.h" |
25 #include "crypto/encryptor.h" | 26 #include "crypto/encryptor.h" |
27 #include "crypto/sha2.h" | |
wtc
2011/09/24 01:39:41
Please undo the changes in this file. This file u
| |
26 #include "crypto/symmetric_key.h" | 28 #include "crypto/symmetric_key.h" |
27 #include "net/base/completion_callback.h" | 29 #include "net/base/completion_callback.h" |
28 #include "net/base/dns_util.h" | 30 #include "net/base/dns_util.h" |
29 #include "net/base/dnsrr_resolver.h" | 31 #include "net/base/dnsrr_resolver.h" |
30 #include "net/base/net_errors.h" | 32 #include "net/base/net_errors.h" |
31 #include "net/base/net_log.h" | 33 #include "net/base/net_log.h" |
32 | 34 |
33 namespace net { | 35 namespace net { |
34 | 36 |
35 namespace { | 37 namespace { |
(...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
108 | 110 |
109 if (der_certs_.empty()) | 111 if (der_certs_.empty()) |
110 return; | 112 return; |
111 | 113 |
112 DnsCertLimits* const limits = g_dns_cert_limits.Pointer(); | 114 DnsCertLimits* const limits = g_dns_cert_limits.Pointer(); |
113 if (limits->HaveReachedMaxUploads() || | 115 if (limits->HaveReachedMaxUploads() || |
114 limits->HaveUploadedForHostname(hostname_)) { | 116 limits->HaveUploadedForHostname(hostname_)) { |
115 return; | 117 return; |
116 } | 118 } |
117 | 119 |
118 uint8 fingerprint[SHA1_LENGTH]; | 120 uint8 fingerprint[base::kSHA1Length]; |
119 SECStatus rv = HASH_HashBuf( | 121 SECStatus rv = HASH_HashBuf( |
120 HASH_AlgSHA1, fingerprint, (uint8*) der_certs_[0].data(), | 122 HASH_AlgSHA1, fingerprint, (uint8*) der_certs_[0].data(), |
121 der_certs_[0].size()); | 123 der_certs_[0].size()); |
122 DCHECK_EQ(SECSuccess, rv); | 124 DCHECK_EQ(SECSuccess, rv); |
123 char fingerprint_hex[SHA1_LENGTH * 2 + 1]; | 125 char fingerprint_hex[base::kSHA1Length * 2 + 1]; |
124 for (unsigned i = 0; i < sizeof(fingerprint); i++) { | 126 for (unsigned i = 0; i < sizeof(fingerprint); i++) { |
125 static const char hextable[] = "0123456789abcdef"; | 127 static const char hextable[] = "0123456789abcdef"; |
126 fingerprint_hex[i*2] = hextable[fingerprint[i] >> 4]; | 128 fingerprint_hex[i*2] = hextable[fingerprint[i] >> 4]; |
127 fingerprint_hex[i*2 + 1] = hextable[fingerprint[i] & 15]; | 129 fingerprint_hex[i*2 + 1] = hextable[fingerprint[i] & 15]; |
128 } | 130 } |
129 fingerprint_hex[SHA1_LENGTH * 2] = 0; | 131 fingerprint_hex[base::kSHA1Length * 2] = 0; |
130 | 132 |
131 static const char kBaseCertName[] = ".certs.googlednstest.com"; | 133 static const char kBaseCertName[] = ".certs.googlednstest.com"; |
132 domain_.assign(fingerprint_hex); | 134 domain_.assign(fingerprint_hex); |
133 domain_.append(kBaseCertName); | 135 domain_.append(kBaseCertName); |
134 | 136 |
135 handle_ = dnsrr_resolver_->Resolve( | 137 handle_ = dnsrr_resolver_->Resolve( |
136 domain_, kDNS_TXT, 0 /* flags */, &callback_, &response_, | 138 domain_, kDNS_TXT, 0 /* flags */, &callback_, &response_, |
137 0 /* priority */, BoundNetLog()); | 139 0 /* priority */, BoundNetLog()); |
138 if (handle_ == DnsRRResolver::kInvalidHandle) { | 140 if (handle_ == DnsRRResolver::kInvalidHandle) { |
139 LOG(ERROR) << "Failed to resolve " << domain_ << " for " << hostname_; | 141 LOG(ERROR) << "Failed to resolve " << domain_ << " for " << hostname_; |
(...skipping 147 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
287 NULL /* random a */, NULL /* random b */, CKM_ECDH1_DERIVE, | 289 NULL /* random a */, NULL /* random b */, CKM_ECDH1_DERIVE, |
288 CKM_TLS_MASTER_KEY_DERIVE_DH, CKA_DERIVE, 0 /* key size */, | 290 CKM_TLS_MASTER_KEY_DERIVE_DH, CKA_DERIVE, 0 /* key size */, |
289 CKD_NULL /* KDF */, NULL /* shared data */, NULL /* wincx */); | 291 CKD_NULL /* KDF */, NULL /* shared data */, NULL /* wincx */); |
290 SECKEY_DestroyPublicKey(server_pub_key); | 292 SECKEY_DestroyPublicKey(server_pub_key); |
291 SECStatus rv = PK11_ExtractKeyValue(pms); | 293 SECStatus rv = PK11_ExtractKeyValue(pms); |
292 DCHECK_EQ(SECSuccess, rv); | 294 DCHECK_EQ(SECSuccess, rv); |
293 SECItem* x_data = PK11_GetKeyData(pms); | 295 SECItem* x_data = PK11_GetKeyData(pms); |
294 | 296 |
295 // The key and IV are 128-bits and generated from a SHA256 hash of the x | 297 // The key and IV are 128-bits and generated from a SHA256 hash of the x |
296 // value. | 298 // value. |
297 char key_data[SHA256_LENGTH]; | 299 char key_data[crypto::kSHA256Length]; |
298 HASH_HashBuf(HASH_AlgSHA256, reinterpret_cast<uint8*>(key_data), | 300 HASH_HashBuf(HASH_AlgSHA256, reinterpret_cast<uint8*>(key_data), |
299 x_data->data, x_data->len); | 301 x_data->data, x_data->len); |
300 PK11_FreeSymKey(pms); | 302 PK11_FreeSymKey(pms); |
301 | 303 |
302 DCHECK_GE(sizeof(key_data), kKeySizeInBytes + kIVSizeInBytes); | 304 DCHECK_GE(sizeof(key_data), kKeySizeInBytes + kIVSizeInBytes); |
303 std::string raw_key(key_data, kKeySizeInBytes); | 305 std::string raw_key(key_data, kKeySizeInBytes); |
304 | 306 |
305 scoped_ptr<crypto::SymmetricKey> symkey( | 307 scoped_ptr<crypto::SymmetricKey> symkey( |
306 crypto::SymmetricKey::Import(crypto::SymmetricKey::AES, raw_key)); | 308 crypto::SymmetricKey::Import(crypto::SymmetricKey::AES, raw_key)); |
307 std::string iv(key_data + kKeySizeInBytes, kIVSizeInBytes); | 309 std::string iv(key_data + kKeySizeInBytes, kIVSizeInBytes); |
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
355 | 357 |
356 std::string DnsCertProvenanceChecker::BuildEncryptedReport( | 358 std::string DnsCertProvenanceChecker::BuildEncryptedReport( |
357 const std::string& hostname, | 359 const std::string& hostname, |
358 const std::vector<std::string>& der_certs) { | 360 const std::vector<std::string>& der_certs) { |
359 return ""; | 361 return ""; |
360 } | 362 } |
361 | 363 |
362 } // namespace net | 364 } // namespace net |
363 | 365 |
364 #endif // USE_OPENSSL | 366 #endif // USE_OPENSSL |
OLD | NEW |