OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/http/transport_security_state.h" | 5 #include "net/http/transport_security_state.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 | 8 |
9 #include "base/base64.h" | 9 #include "base/base64.h" |
10 #include "base/build_time.h" | 10 #include "base/build_time.h" |
(...skipping 204 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
215 new_host[i + 1 + j] = static_cast<char>(tolower(new_host[i + 1 + j])); | 215 new_host[i + 1 + j] = static_cast<char>(tolower(new_host[i + 1 + j])); |
216 } | 216 } |
217 } | 217 } |
218 | 218 |
219 return new_host; | 219 return new_host; |
220 } | 220 } |
221 | 221 |
222 // BitReader is a class that allows a bytestring to be read bit-by-bit. | 222 // BitReader is a class that allows a bytestring to be read bit-by-bit. |
223 class BitReader { | 223 class BitReader { |
224 public: | 224 public: |
225 BitReader(const uint8* bytes, size_t num_bits) | 225 BitReader(const uint8_t* bytes, size_t num_bits) |
226 : bytes_(bytes), | 226 : bytes_(bytes), |
227 num_bits_(num_bits), | 227 num_bits_(num_bits), |
228 num_bytes_((num_bits + 7) / 8), | 228 num_bytes_((num_bits + 7) / 8), |
229 current_byte_index_(0), | 229 current_byte_index_(0), |
230 num_bits_used_(8) {} | 230 num_bits_used_(8) {} |
231 | 231 |
232 // Next sets |*out| to the next bit from the input. It returns false if no | 232 // Next sets |*out| to the next bit from the input. It returns false if no |
233 // more bits are available or true otherwise. | 233 // more bits are available or true otherwise. |
234 bool Next(bool* out) { | 234 bool Next(bool* out) { |
235 if (num_bits_used_ == 8) { | 235 if (num_bits_used_ == 8) { |
236 if (current_byte_index_ >= num_bytes_) { | 236 if (current_byte_index_ >= num_bytes_) { |
237 return false; | 237 return false; |
238 } | 238 } |
239 current_byte_ = bytes_[current_byte_index_++]; | 239 current_byte_ = bytes_[current_byte_index_++]; |
240 num_bits_used_ = 0; | 240 num_bits_used_ = 0; |
241 } | 241 } |
242 | 242 |
243 *out = 1 & (current_byte_ >> (7 - num_bits_used_)); | 243 *out = 1 & (current_byte_ >> (7 - num_bits_used_)); |
244 num_bits_used_++; | 244 num_bits_used_++; |
245 return true; | 245 return true; |
246 } | 246 } |
247 | 247 |
248 // Read sets the |num_bits| least-significant bits of |*out| to the value of | 248 // Read sets the |num_bits| least-significant bits of |*out| to the value of |
249 // the next |num_bits| bits from the input. It returns false if there are | 249 // the next |num_bits| bits from the input. It returns false if there are |
250 // insufficient bits in the input or true otherwise. | 250 // insufficient bits in the input or true otherwise. |
251 bool Read(unsigned num_bits, uint32* out) { | 251 bool Read(unsigned num_bits, uint32_t* out) { |
252 DCHECK_LE(num_bits, 32u); | 252 DCHECK_LE(num_bits, 32u); |
253 | 253 |
254 uint32 ret = 0; | 254 uint32_t ret = 0; |
255 for (unsigned i = 0; i < num_bits; ++i) { | 255 for (unsigned i = 0; i < num_bits; ++i) { |
256 bool bit; | 256 bool bit; |
257 if (!Next(&bit)) { | 257 if (!Next(&bit)) { |
258 return false; | 258 return false; |
259 } | 259 } |
260 ret |= static_cast<uint32>(bit) << (num_bits - 1 - i); | 260 ret |= static_cast<uint32_t>(bit) << (num_bits - 1 - i); |
261 } | 261 } |
262 | 262 |
263 *out = ret; | 263 *out = ret; |
264 return true; | 264 return true; |
265 } | 265 } |
266 | 266 |
267 // Unary sets |*out| to the result of decoding a unary value from the input. | 267 // Unary sets |*out| to the result of decoding a unary value from the input. |
268 // It returns false if there were insufficient bits in the input and true | 268 // It returns false if there were insufficient bits in the input and true |
269 // otherwise. | 269 // otherwise. |
270 bool Unary(size_t* out) { | 270 bool Unary(size_t* out) { |
(...skipping 21 matching lines...) Expand all Loading... |
292 if (offset >= num_bits_) { | 292 if (offset >= num_bits_) { |
293 return false; | 293 return false; |
294 } | 294 } |
295 current_byte_index_ = offset / 8; | 295 current_byte_index_ = offset / 8; |
296 current_byte_ = bytes_[current_byte_index_++]; | 296 current_byte_ = bytes_[current_byte_index_++]; |
297 num_bits_used_ = offset % 8; | 297 num_bits_used_ = offset % 8; |
298 return true; | 298 return true; |
299 } | 299 } |
300 | 300 |
301 private: | 301 private: |
302 const uint8* const bytes_; | 302 const uint8_t* const bytes_; |
303 const size_t num_bits_; | 303 const size_t num_bits_; |
304 const size_t num_bytes_; | 304 const size_t num_bytes_; |
305 // current_byte_index_ contains the current byte offset in |bytes_|. | 305 // current_byte_index_ contains the current byte offset in |bytes_|. |
306 size_t current_byte_index_; | 306 size_t current_byte_index_; |
307 // current_byte_ contains the current byte of the input. | 307 // current_byte_ contains the current byte of the input. |
308 uint8 current_byte_; | 308 uint8_t current_byte_; |
309 // num_bits_used_ contains the number of bits of |current_byte_| that have | 309 // num_bits_used_ contains the number of bits of |current_byte_| that have |
310 // been read. | 310 // been read. |
311 unsigned num_bits_used_; | 311 unsigned num_bits_used_; |
312 }; | 312 }; |
313 | 313 |
314 // HuffmanDecoder is a very simple Huffman reader. The input Huffman tree is | 314 // HuffmanDecoder is a very simple Huffman reader. The input Huffman tree is |
315 // simply encoded as a series of two-byte structures. The first byte determines | 315 // simply encoded as a series of two-byte structures. The first byte determines |
316 // the "0" pointer for that node and the second the "1" pointer. Each byte | 316 // the "0" pointer for that node and the second the "1" pointer. Each byte |
317 // either has the MSB set, in which case the bottom 7 bits are the value for | 317 // either has the MSB set, in which case the bottom 7 bits are the value for |
318 // that position, or else the bottom seven bits contain the index of a node. | 318 // that position, or else the bottom seven bits contain the index of a node. |
319 // | 319 // |
320 // The tree is decoded by walking rather than a table-driven approach. | 320 // The tree is decoded by walking rather than a table-driven approach. |
321 class HuffmanDecoder { | 321 class HuffmanDecoder { |
322 public: | 322 public: |
323 HuffmanDecoder(const uint8* tree, size_t tree_bytes) | 323 HuffmanDecoder(const uint8_t* tree, size_t tree_bytes) |
324 : tree_(tree), tree_bytes_(tree_bytes) {} | 324 : tree_(tree), tree_bytes_(tree_bytes) {} |
325 | 325 |
326 bool Decode(BitReader* reader, char* out) { | 326 bool Decode(BitReader* reader, char* out) { |
327 const uint8* current = &tree_[tree_bytes_ - 2]; | 327 const uint8_t* current = &tree_[tree_bytes_ - 2]; |
328 | 328 |
329 for (;;) { | 329 for (;;) { |
330 bool bit; | 330 bool bit; |
331 if (!reader->Next(&bit)) { | 331 if (!reader->Next(&bit)) { |
332 return false; | 332 return false; |
333 } | 333 } |
334 | 334 |
335 uint8 b = current[bit]; | 335 uint8_t b = current[bit]; |
336 if (b & 0x80) { | 336 if (b & 0x80) { |
337 *out = static_cast<char>(b & 0x7f); | 337 *out = static_cast<char>(b & 0x7f); |
338 return true; | 338 return true; |
339 } | 339 } |
340 | 340 |
341 unsigned offset = static_cast<unsigned>(b) * 2; | 341 unsigned offset = static_cast<unsigned>(b) * 2; |
342 DCHECK_LT(offset, tree_bytes_); | 342 DCHECK_LT(offset, tree_bytes_); |
343 if (offset >= tree_bytes_) { | 343 if (offset >= tree_bytes_) { |
344 return false; | 344 return false; |
345 } | 345 } |
346 | 346 |
347 current = &tree_[offset]; | 347 current = &tree_[offset]; |
348 } | 348 } |
349 } | 349 } |
350 | 350 |
351 private: | 351 private: |
352 const uint8* const tree_; | 352 const uint8_t* const tree_; |
353 const size_t tree_bytes_; | 353 const size_t tree_bytes_; |
354 }; | 354 }; |
355 | 355 |
356 // PreloadResult is the result of resolving a specific name in the preloaded | 356 // PreloadResult is the result of resolving a specific name in the preloaded |
357 // data. | 357 // data. |
358 struct PreloadResult { | 358 struct PreloadResult { |
359 uint32 pinset_id; | 359 uint32_t pinset_id; |
360 uint32 domain_id; | 360 uint32_t domain_id; |
361 // hostname_offset contains the number of bytes from the start of the given | 361 // hostname_offset contains the number of bytes from the start of the given |
362 // hostname where the name of the matching entry starts. | 362 // hostname where the name of the matching entry starts. |
363 size_t hostname_offset; | 363 size_t hostname_offset; |
364 bool sts_include_subdomains; | 364 bool sts_include_subdomains; |
365 bool pkp_include_subdomains; | 365 bool pkp_include_subdomains; |
366 bool force_https; | 366 bool force_https; |
367 bool has_pins; | 367 bool has_pins; |
368 bool expect_ct; | 368 bool expect_ct; |
369 uint32 expect_ct_report_uri_id; | 369 uint32_t expect_ct_report_uri_id; |
370 }; | 370 }; |
371 | 371 |
372 // DecodeHSTSPreloadRaw resolves |hostname| in the preloaded data. It returns | 372 // DecodeHSTSPreloadRaw resolves |hostname| in the preloaded data. It returns |
373 // false on internal error and true otherwise. After a successful return, | 373 // false on internal error and true otherwise. After a successful return, |
374 // |*out_found| is true iff a relevant entry has been found. If so, |*out| | 374 // |*out_found| is true iff a relevant entry has been found. If so, |*out| |
375 // contains the details. | 375 // contains the details. |
376 // | 376 // |
377 // Don't call this function, call DecodeHSTSPreload, below. | 377 // Don't call this function, call DecodeHSTSPreload, below. |
378 // | 378 // |
379 // Although this code should be robust, it never processes attacker-controlled | 379 // Although this code should be robust, it never processes attacker-controlled |
(...skipping 140 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
520 } | 520 } |
521 | 521 |
522 // The entries in a dispatch table are in order thus we can tell if there | 522 // The entries in a dispatch table are in order thus we can tell if there |
523 // will be no match if the current character past the one that we want. | 523 // will be no match if the current character past the one that we want. |
524 if (hostname_offset == 0 || hostname[hostname_offset - 1] < c) { | 524 if (hostname_offset == 0 || hostname[hostname_offset - 1] < c) { |
525 return true; | 525 return true; |
526 } | 526 } |
527 | 527 |
528 if (is_first_offset) { | 528 if (is_first_offset) { |
529 // The first offset is backwards from the current position. | 529 // The first offset is backwards from the current position. |
530 uint32 jump_delta_bits; | 530 uint32_t jump_delta_bits; |
531 uint32 jump_delta; | 531 uint32_t jump_delta; |
532 if (!reader.Read(5, &jump_delta_bits) || | 532 if (!reader.Read(5, &jump_delta_bits) || |
533 !reader.Read(jump_delta_bits, &jump_delta)) { | 533 !reader.Read(jump_delta_bits, &jump_delta)) { |
534 return false; | 534 return false; |
535 } | 535 } |
536 | 536 |
537 if (bit_offset < jump_delta) { | 537 if (bit_offset < jump_delta) { |
538 return false; | 538 return false; |
539 } | 539 } |
540 | 540 |
541 current_offset = bit_offset - jump_delta; | 541 current_offset = bit_offset - jump_delta; |
542 is_first_offset = false; | 542 is_first_offset = false; |
543 } else { | 543 } else { |
544 // Subsequent offsets are forward from the target of the first offset. | 544 // Subsequent offsets are forward from the target of the first offset. |
545 uint32 is_long_jump; | 545 uint32_t is_long_jump; |
546 if (!reader.Read(1, &is_long_jump)) { | 546 if (!reader.Read(1, &is_long_jump)) { |
547 return false; | 547 return false; |
548 } | 548 } |
549 | 549 |
550 uint32 jump_delta; | 550 uint32_t jump_delta; |
551 if (!is_long_jump) { | 551 if (!is_long_jump) { |
552 if (!reader.Read(7, &jump_delta)) { | 552 if (!reader.Read(7, &jump_delta)) { |
553 return false; | 553 return false; |
554 } | 554 } |
555 } else { | 555 } else { |
556 uint32 jump_delta_bits; | 556 uint32_t jump_delta_bits; |
557 if (!reader.Read(4, &jump_delta_bits) || | 557 if (!reader.Read(4, &jump_delta_bits) || |
558 !reader.Read(jump_delta_bits + 8, &jump_delta)) { | 558 !reader.Read(jump_delta_bits + 8, &jump_delta)) { |
559 return false; | 559 return false; |
560 } | 560 } |
561 } | 561 } |
562 | 562 |
563 current_offset += jump_delta; | 563 current_offset += jump_delta; |
564 if (current_offset >= bit_offset) { | 564 if (current_offset >= bit_offset) { |
565 return false; | 565 return false; |
566 } | 566 } |
(...skipping 730 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1297 TransportSecurityState::PKPStateIterator::PKPStateIterator( | 1297 TransportSecurityState::PKPStateIterator::PKPStateIterator( |
1298 const TransportSecurityState& state) | 1298 const TransportSecurityState& state) |
1299 : iterator_(state.enabled_pkp_hosts_.begin()), | 1299 : iterator_(state.enabled_pkp_hosts_.begin()), |
1300 end_(state.enabled_pkp_hosts_.end()) { | 1300 end_(state.enabled_pkp_hosts_.end()) { |
1301 } | 1301 } |
1302 | 1302 |
1303 TransportSecurityState::PKPStateIterator::~PKPStateIterator() { | 1303 TransportSecurityState::PKPStateIterator::~PKPStateIterator() { |
1304 } | 1304 } |
1305 | 1305 |
1306 } // namespace | 1306 } // namespace |
OLD | NEW |