OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // This file implements the tamper detection logic, which detects whether | 5 // This file implements the tamper detection logic, which detects whether |
6 // there are middleboxes and whether they are tampering with the response | 6 // there are middleboxes and whether they are tampering with the response |
7 // which may break correct communication and data transfer between the Chromium | 7 // which may break correct communication and data transfer between the Chromium |
8 // client and the Data Reduction Proxy. | 8 // client and the Data Reduction Proxy. |
9 // | 9 // |
10 // At a high level, the tamper detection process works in two steps: | 10 // At a high level, the tamper detection process works in two steps: |
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
43 // modified or not, the reports of tampering are separated by MIME type of the | 43 // modified or not, the reports of tampering are separated by MIME type of the |
44 // response body. | 44 // response body. |
45 | 45 |
46 #ifndef COMPONENTS_DATA_REDUCTION_PROXY_CORE_BROWSER_DATA_REDUCTION_PROXY_TAMPER
_DETECTION_H_ | 46 #ifndef COMPONENTS_DATA_REDUCTION_PROXY_CORE_BROWSER_DATA_REDUCTION_PROXY_TAMPER
_DETECTION_H_ |
47 #define COMPONENTS_DATA_REDUCTION_PROXY_CORE_BROWSER_DATA_REDUCTION_PROXY_TAMPER
_DETECTION_H_ | 47 #define COMPONENTS_DATA_REDUCTION_PROXY_CORE_BROWSER_DATA_REDUCTION_PROXY_TAMPER
_DETECTION_H_ |
48 | 48 |
49 #include <map> | 49 #include <map> |
50 #include <string> | 50 #include <string> |
51 #include <vector> | 51 #include <vector> |
52 | 52 |
| 53 #include <stdint.h> |
| 54 |
53 #include "base/gtest_prod_util.h" | 55 #include "base/gtest_prod_util.h" |
| 56 #include "base/macros.h" |
54 #include "net/proxy/proxy_service.h" | 57 #include "net/proxy/proxy_service.h" |
55 | 58 |
56 namespace net { | 59 namespace net { |
57 class HttpResponseHeaders; | 60 class HttpResponseHeaders; |
58 } | 61 } |
59 | 62 |
60 namespace data_reduction_proxy { | 63 namespace data_reduction_proxy { |
61 | 64 |
62 // Detects if the response sent by the Data Reduction Proxy has been modified | 65 // Detects if the response sent by the Data Reduction Proxy has been modified |
63 // by intermediaries on the Web. | 66 // by intermediaries on the Web. |
64 class DataReductionProxyTamperDetection { | 67 class DataReductionProxyTamperDetection { |
65 public: | 68 public: |
66 // Checks if the response contains tamper detection fingerprints added by the | 69 // Checks if the response contains tamper detection fingerprints added by the |
67 // Data Reduction Proxy, and determines if the response had been tampered | 70 // Data Reduction Proxy, and determines if the response had been tampered |
68 // with if so. |content_length| is the accurate response body length, it will | 71 // with if so. |content_length| is the accurate response body length, it will |
69 // be used to detect whether response body had been tampered with. Results | 72 // be used to detect whether response body had been tampered with. Results |
70 // are reported to UMA. Traffic carried by HTTP proxy and HTTPS proxy are | 73 // are reported to UMA. Traffic carried by HTTP proxy and HTTPS proxy are |
71 // reported separately, specified by |scheme_is_https|. Returns true if the | 74 // reported separately, specified by |scheme_is_https|. Returns true if the |
72 // response had been tampered with. | 75 // response had been tampered with. |
73 static bool DetectAndReport(const net::HttpResponseHeaders* headers, | 76 static bool DetectAndReport(const net::HttpResponseHeaders* headers, |
74 bool scheme_is_https, | 77 bool scheme_is_https, |
75 int64 content_length); | 78 int64_t content_length); |
76 | 79 |
77 // Tamper detection checks |response_headers|. Histogram events are reported | 80 // Tamper detection checks |response_headers|. Histogram events are reported |
78 // by |carrier_id|; |scheme_is_https| determines which histogram to report | 81 // by |carrier_id|; |scheme_is_https| determines which histogram to report |
79 // (HTTP and HTTPS are reported separately). | 82 // (HTTP and HTTPS are reported separately). |
80 DataReductionProxyTamperDetection( | 83 DataReductionProxyTamperDetection( |
81 const net::HttpResponseHeaders* response_headers, | 84 const net::HttpResponseHeaders* response_headers, |
82 bool scheme_is_https, | 85 bool scheme_is_https, |
83 unsigned carrier_id); | 86 unsigned carrier_id); |
84 | 87 |
85 virtual ~DataReductionProxyTamperDetection(); | 88 virtual ~DataReductionProxyTamperDetection(); |
(...skipping 17 matching lines...) Expand all Loading... |
103 GetHeaderValues); | 106 GetHeaderValues); |
104 FRIEND_TEST_ALL_PREFIXES(DataReductionProxyTamperDetectionTest, | 107 FRIEND_TEST_ALL_PREFIXES(DataReductionProxyTamperDetectionTest, |
105 HistogramCount); | 108 HistogramCount); |
106 FRIEND_TEST_ALL_PREFIXES(DataReductionProxyTamperDetectionTest, | 109 FRIEND_TEST_ALL_PREFIXES(DataReductionProxyTamperDetectionTest, |
107 DetectAndReport); | 110 DetectAndReport); |
108 FRIEND_TEST_ALL_PREFIXES(DataReductionProxyTamperDetectionTest, | 111 FRIEND_TEST_ALL_PREFIXES(DataReductionProxyTamperDetectionTest, |
109 CompressionRatio); | 112 CompressionRatio); |
110 | 113 |
111 // Reports UMA for the numbers of responses with valid fingerprints, separated | 114 // Reports UMA for the numbers of responses with valid fingerprints, separated |
112 // by MIME type. | 115 // by MIME type. |
113 void ReportUMAForTamperDetectionCount(int64 original_content_length) const; | 116 void ReportUMAForTamperDetectionCount(int64_t original_content_length) const; |
114 | 117 |
115 // Returns the result of validating Chrome-Proxy header. | 118 // Returns the result of validating Chrome-Proxy header. |
116 bool ValidateChromeProxyHeader(const std::string& fingerprint) const; | 119 bool ValidateChromeProxyHeader(const std::string& fingerprint) const; |
117 | 120 |
118 // Reports UMA for tampering of the Chrome-Proxy header. | 121 // Reports UMA for tampering of the Chrome-Proxy header. |
119 void ReportUMAForChromeProxyHeaderValidation() const; | 122 void ReportUMAForChromeProxyHeaderValidation() const; |
120 | 123 |
121 // Returns the result of validating the Via header. | 124 // Returns the result of validating the Via header. |
122 // |has_chrome_proxy_via_header| indicates that the Data Reduction Proxy's | 125 // |has_chrome_proxy_via_header| indicates that the Data Reduction Proxy's |
123 // Via header occurs or not. | 126 // Via header occurs or not. |
124 bool ValidateViaHeader(const std::string& fingerprint, | 127 bool ValidateViaHeader(const std::string& fingerprint, |
125 bool* has_chrome_proxy_via_header) const; | 128 bool* has_chrome_proxy_via_header) const; |
126 | 129 |
127 // Reports UMA for tampering of the Via header. | 130 // Reports UMA for tampering of the Via header. |
128 void ReportUMAForViaHeaderValidation(bool has_chrome_proxy_via_header) const; | 131 void ReportUMAForViaHeaderValidation(bool has_chrome_proxy_via_header) const; |
129 | 132 |
130 // Returns the result of validating a list of headers. | 133 // Returns the result of validating a list of headers. |
131 bool ValidateOtherHeaders(const std::string& fingerprint) const; | 134 bool ValidateOtherHeaders(const std::string& fingerprint) const; |
132 | 135 |
133 // Reports UMA for tampering of values of the list of headers. | 136 // Reports UMA for tampering of values of the list of headers. |
134 void ReportUMAForOtherHeadersValidation() const; | 137 void ReportUMAForOtherHeadersValidation() const; |
135 | 138 |
136 // Returns the result of validating the contents. It validates this by | 139 // Returns the result of validating the contents. It validates this by |
137 // comparing the content length sent by the Data Reduction Proxy (from the | 140 // comparing the content length sent by the Data Reduction Proxy (from the |
138 // fingerprint), to the actual |content_length| received by the Chromium | 141 // fingerprint), to the actual |content_length| received by the Chromium |
139 // client. The content length sent by the Data Reduction Proxy is retuned as | 142 // client. The content length sent by the Data Reduction Proxy is retuned as |
140 // |original_content_length| for future use, |original_content_length| cannot | 143 // |original_content_length| for future use, |original_content_length| cannot |
141 // be NULL. | 144 // be NULL. |
142 bool ValidateContentLength(const std::string& fingerprint, | 145 bool ValidateContentLength(const std::string& fingerprint, |
143 int64 received_content_length, | 146 int64_t received_content_length, |
144 int64* original_content_length) const; | 147 int64_t* original_content_length) const; |
145 | 148 |
146 // Reports UMA for tampering of the contents and the compression ratio. The | 149 // Reports UMA for tampering of the contents and the compression ratio. The |
147 // compression ratio is calculated from |content_length|, which is the | 150 // compression ratio is calculated from |content_length|, which is the |
148 // content length received by the Chromium client, and | 151 // content length received by the Chromium client, and |
149 // |original_content_length|, which is the content length sent by the Data | 152 // |original_content_length|, which is the content length sent by the Data |
150 // Reduction Proxy. | 153 // Reduction Proxy. |
151 void ReportUMAForContentLength(int64 content_length, | 154 void ReportUMAForContentLength(int64_t content_length, |
152 int64 original_content_length) const; | 155 int64_t original_content_length) const; |
153 | 156 |
154 // Returns a string representation of |values|. | 157 // Returns a string representation of |values|. |
155 static std::string ValuesToSortedString(std::vector<std::string>* values); | 158 static std::string ValuesToSortedString(std::vector<std::string>* values); |
156 | 159 |
157 // Returns raw MD5 hash value for a given string |input|. It is different to | 160 // Returns raw MD5 hash value for a given string |input|. It is different to |
158 // base::MD5String which is base16 encoded. | 161 // base::MD5String which is base16 encoded. |
159 static void GetMD5(const std::string& input, std::string* output); | 162 static void GetMD5(const std::string& input, std::string* output); |
160 | 163 |
161 // Returns all the values of |header_name| of the response |headers| as a | 164 // Returns all the values of |header_name| of the response |headers| as a |
162 // vector. This function is used for values that need to be sorted later. | 165 // vector. This function is used for values that need to be sorted later. |
163 static std::vector<std::string> GetHeaderValues( | 166 static std::vector<std::string> GetHeaderValues( |
164 const net::HttpResponseHeaders* headers, | 167 const net::HttpResponseHeaders* headers, |
165 const std::string& header_name); | 168 const std::string& header_name); |
166 | 169 |
167 // Pointer to response headers. | 170 // Pointer to response headers. |
168 const net::HttpResponseHeaders* response_headers_; | 171 const net::HttpResponseHeaders* response_headers_; |
169 | 172 |
170 // If true, the connection to the Data Reduction Proxy is over HTTPS; | 173 // If true, the connection to the Data Reduction Proxy is over HTTPS; |
171 const bool scheme_is_https_; | 174 const bool scheme_is_https_; |
172 | 175 |
173 // Carrier ID: the numeric name of the current registered operator. | 176 // Carrier ID: the numeric name of the current registered operator. |
174 const unsigned carrier_id_; | 177 const unsigned carrier_id_; |
175 | 178 |
176 DISALLOW_COPY_AND_ASSIGN(DataReductionProxyTamperDetection); | 179 DISALLOW_COPY_AND_ASSIGN(DataReductionProxyTamperDetection); |
177 }; | 180 }; |
178 | 181 |
179 } // namespace data_reduction_proxy | 182 } // namespace data_reduction_proxy |
180 #endif // COMPONENTS_DATA_REDUCTION_PROXY_CORE_BROWSER_DATA_REDUCTION_PROXY_TAM
PER_DETECTION_H_ | 183 #endif // COMPONENTS_DATA_REDUCTION_PROXY_CORE_BROWSER_DATA_REDUCTION_PROXY_TAM
PER_DETECTION_H_ |
OLD | NEW |