Chromium Code Reviews Chromium Code Reviews
Issue 7972024:
Update SHA1_LENGTH -> kSHA1Length to match previous change to SHA256_LENGTH. (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/dns_cert_provenance_checker.h" | 5 #include "net/socket/dns_cert_provenance_checker.h" |
| 6 | 6 |
| 7 #if !defined(USE_OPENSSL) | 7 #if !defined(USE_OPENSSL) |
| 8 | 8 |
| 9 #include <nspr.h> | 9 #include <nspr.h> |
| 10 | 10 |
| 11 #include <hasht.h> | 11 #include <hasht.h> |
| 12 #include <keyhi.h> | 12 #include <keyhi.h> |
| 13 #include <pk11pub.h> | 13 #include <pk11pub.h> |
| 14 #include <sechash.h> | 14 #include <sechash.h> |
| 15 | 15 |
| 16 #include <set> | 16 #include <set> |
| 17 #include <string> | 17 #include <string> |
| 18 | 18 |
| 19 #include "base/base64.h" | 19 #include "base/base64.h" |
| 20 #include "base/basictypes.h" | 20 #include "base/basictypes.h" |
| 21 #include "base/lazy_instance.h" | 21 #include "base/lazy_instance.h" |
| 22 #include "base/memory/scoped_ptr.h" | 22 #include "base/memory/scoped_ptr.h" |
| 23 #include "base/pickle.h" | 23 #include "base/pickle.h" |
| 24 #include "base/sha1.h" | |
| 24 #include "base/threading/non_thread_safe.h" | 25 #include "base/threading/non_thread_safe.h" |
| 25 #include "crypto/encryptor.h" | 26 #include "crypto/encryptor.h" |
| 27 #include "crypto/sha2.h" | |
|
wtc
2011/09/24 01:39:41
Please undo the changes in this file. This file u
| |
| 26 #include "crypto/symmetric_key.h" | 28 #include "crypto/symmetric_key.h" |
| 27 #include "net/base/completion_callback.h" | 29 #include "net/base/completion_callback.h" |
| 28 #include "net/base/dns_util.h" | 30 #include "net/base/dns_util.h" |
| 29 #include "net/base/dnsrr_resolver.h" | 31 #include "net/base/dnsrr_resolver.h" |
| 30 #include "net/base/net_errors.h" | 32 #include "net/base/net_errors.h" |
| 31 #include "net/base/net_log.h" | 33 #include "net/base/net_log.h" |
| 32 | 34 |
| 33 namespace net { | 35 namespace net { |
| 34 | 36 |
| 35 namespace { | 37 namespace { |
| (...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 108 | 110 |
| 109 if (der_certs_.empty()) | 111 if (der_certs_.empty()) |
| 110 return; | 112 return; |
| 111 | 113 |
| 112 DnsCertLimits* const limits = g_dns_cert_limits.Pointer(); | 114 DnsCertLimits* const limits = g_dns_cert_limits.Pointer(); |
| 113 if (limits->HaveReachedMaxUploads() || | 115 if (limits->HaveReachedMaxUploads() || |
| 114 limits->HaveUploadedForHostname(hostname_)) { | 116 limits->HaveUploadedForHostname(hostname_)) { |
| 115 return; | 117 return; |
| 116 } | 118 } |
| 117 | 119 |
| 118 uint8 fingerprint[SHA1_LENGTH]; | 120 uint8 fingerprint[base::kSHA1Length]; |
| 119 SECStatus rv = HASH_HashBuf( | 121 SECStatus rv = HASH_HashBuf( |
| 120 HASH_AlgSHA1, fingerprint, (uint8*) der_certs_[0].data(), | 122 HASH_AlgSHA1, fingerprint, (uint8*) der_certs_[0].data(), |
| 121 der_certs_[0].size()); | 123 der_certs_[0].size()); |
| 122 DCHECK_EQ(SECSuccess, rv); | 124 DCHECK_EQ(SECSuccess, rv); |
| 123 char fingerprint_hex[SHA1_LENGTH * 2 + 1]; | 125 char fingerprint_hex[base::kSHA1Length * 2 + 1]; |
| 124 for (unsigned i = 0; i < sizeof(fingerprint); i++) { | 126 for (unsigned i = 0; i < sizeof(fingerprint); i++) { |
| 125 static const char hextable[] = "0123456789abcdef"; | 127 static const char hextable[] = "0123456789abcdef"; |
| 126 fingerprint_hex[i*2] = hextable[fingerprint[i] >> 4]; | 128 fingerprint_hex[i*2] = hextable[fingerprint[i] >> 4]; |
| 127 fingerprint_hex[i*2 + 1] = hextable[fingerprint[i] & 15]; | 129 fingerprint_hex[i*2 + 1] = hextable[fingerprint[i] & 15]; |
| 128 } | 130 } |
| 129 fingerprint_hex[SHA1_LENGTH * 2] = 0; | 131 fingerprint_hex[base::kSHA1Length * 2] = 0; |
| 130 | 132 |
| 131 static const char kBaseCertName[] = ".certs.googlednstest.com"; | 133 static const char kBaseCertName[] = ".certs.googlednstest.com"; |
| 132 domain_.assign(fingerprint_hex); | 134 domain_.assign(fingerprint_hex); |
| 133 domain_.append(kBaseCertName); | 135 domain_.append(kBaseCertName); |
| 134 | 136 |
| 135 handle_ = dnsrr_resolver_->Resolve( | 137 handle_ = dnsrr_resolver_->Resolve( |
| 136 domain_, kDNS_TXT, 0 /* flags */, &callback_, &response_, | 138 domain_, kDNS_TXT, 0 /* flags */, &callback_, &response_, |
| 137 0 /* priority */, BoundNetLog()); | 139 0 /* priority */, BoundNetLog()); |
| 138 if (handle_ == DnsRRResolver::kInvalidHandle) { | 140 if (handle_ == DnsRRResolver::kInvalidHandle) { |
| 139 LOG(ERROR) << "Failed to resolve " << domain_ << " for " << hostname_; | 141 LOG(ERROR) << "Failed to resolve " << domain_ << " for " << hostname_; |
| (...skipping 147 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 287 NULL /* random a */, NULL /* random b */, CKM_ECDH1_DERIVE, | 289 NULL /* random a */, NULL /* random b */, CKM_ECDH1_DERIVE, |
| 288 CKM_TLS_MASTER_KEY_DERIVE_DH, CKA_DERIVE, 0 /* key size */, | 290 CKM_TLS_MASTER_KEY_DERIVE_DH, CKA_DERIVE, 0 /* key size */, |
| 289 CKD_NULL /* KDF */, NULL /* shared data */, NULL /* wincx */); | 291 CKD_NULL /* KDF */, NULL /* shared data */, NULL /* wincx */); |
| 290 SECKEY_DestroyPublicKey(server_pub_key); | 292 SECKEY_DestroyPublicKey(server_pub_key); |
| 291 SECStatus rv = PK11_ExtractKeyValue(pms); | 293 SECStatus rv = PK11_ExtractKeyValue(pms); |
| 292 DCHECK_EQ(SECSuccess, rv); | 294 DCHECK_EQ(SECSuccess, rv); |
| 293 SECItem* x_data = PK11_GetKeyData(pms); | 295 SECItem* x_data = PK11_GetKeyData(pms); |
| 294 | 296 |
| 295 // The key and IV are 128-bits and generated from a SHA256 hash of the x | 297 // The key and IV are 128-bits and generated from a SHA256 hash of the x |
| 296 // value. | 298 // value. |
| 297 char key_data[SHA256_LENGTH]; | 299 char key_data[crypto::kSHA256Length]; |
| 298 HASH_HashBuf(HASH_AlgSHA256, reinterpret_cast<uint8*>(key_data), | 300 HASH_HashBuf(HASH_AlgSHA256, reinterpret_cast<uint8*>(key_data), |
| 299 x_data->data, x_data->len); | 301 x_data->data, x_data->len); |
| 300 PK11_FreeSymKey(pms); | 302 PK11_FreeSymKey(pms); |
| 301 | 303 |
| 302 DCHECK_GE(sizeof(key_data), kKeySizeInBytes + kIVSizeInBytes); | 304 DCHECK_GE(sizeof(key_data), kKeySizeInBytes + kIVSizeInBytes); |
| 303 std::string raw_key(key_data, kKeySizeInBytes); | 305 std::string raw_key(key_data, kKeySizeInBytes); |
| 304 | 306 |
| 305 scoped_ptr<crypto::SymmetricKey> symkey( | 307 scoped_ptr<crypto::SymmetricKey> symkey( |
| 306 crypto::SymmetricKey::Import(crypto::SymmetricKey::AES, raw_key)); | 308 crypto::SymmetricKey::Import(crypto::SymmetricKey::AES, raw_key)); |
| 307 std::string iv(key_data + kKeySizeInBytes, kIVSizeInBytes); | 309 std::string iv(key_data + kKeySizeInBytes, kIVSizeInBytes); |
| (...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 355 | 357 |
| 356 std::string DnsCertProvenanceChecker::BuildEncryptedReport( | 358 std::string DnsCertProvenanceChecker::BuildEncryptedReport( |
| 357 const std::string& hostname, | 359 const std::string& hostname, |
| 358 const std::vector<std::string>& der_certs) { | 360 const std::vector<std::string>& der_certs) { |
| 359 return ""; | 361 return ""; |
| 360 } | 362 } |
| 361 | 363 |
| 362 } // namespace net | 364 } // namespace net |
| 363 | 365 |
| 364 #endif // USE_OPENSSL | 366 #endif // USE_OPENSSL |
| OLD | NEW |
