[CacheStorage] Pad and bin opaque resource sizes.

content/browser/cache_storage/cache_storage.cc

Index: content/browser/cache_storage/cache_storage.cc
diff --git a/content/browser/cache_storage/cache_storage.cc b/content/browser/cache_storage/cache_storage.cc
index de76b56bf8df750e467cc9de040b9bc455b6523d..4d3ce551554ec3ee7ca7930971807882e1acb477 100644
--- a/content/browser/cache_storage/cache_storage.cc
+++ b/content/browser/cache_storage/cache_storage.cc
@@ -32,16 +32,21 @@
 #include "content/browser/cache_storage/cache_storage_index.h"
 #include "content/browser/cache_storage/cache_storage_scheduler.h"
 #include "content/public/browser/browser_thread.h"
+#include "crypto/symmetric_key.h"
 #include "net/base/directory_lister.h"
 #include "net/base/net_errors.h"
 #include "net/url_request/url_request_context_getter.h"
 #include "storage/browser/blob/blob_storage_context.h"
 #include "storage/browser/quota/quota_manager_proxy.h"
 
+using crypto::SymmetricKey;
+
 namespace content {
 
 namespace {
 
+const SymmetricKey::Algorithm kPaddingKeyAlgorithm = SymmetricKey::AES;
+
 std::string HexedHash(const std::string& value) {
   std::string value_hash = base::SHA1HashString(value);
   std::string valued_hexed_hash = base::ToLowerASCII(
@@ -57,6 +62,14 @@ void SizeRetrievedFromAllCaches(std::unique_ptr<int64_t> accumulator,
 
 void DoNothingWithBool(bool success) {}
 
+std::unique_ptr<SymmetricKey> GeneratePaddingKey() {

[jkarlin, 2017/06/13 12:53:35]

We want a single key per browser sesssion, not a key per-cache. Having one
per-cache means the attacker can get extra samples for a url by creating new
caches.

[cmumford, 2017/06/13 22:50:42]

Doh - of course <sigh>

+  return SymmetricKey::GenerateRandomKey(kPaddingKeyAlgorithm, 128);
+}
+
+std::unique_ptr<SymmetricKey> ImportPaddingKey(const std::string& raw_key) {
+  return SymmetricKey::Import(kPaddingKeyAlgorithm, raw_key);
+}
+
 }  // namespace
 
 const char CacheStorage::kIndexFileName[] = "index.txt";
@@ -102,7 +115,9 @@ class CacheStorage::CacheLoader {
   // load the backend, that happens lazily when the cache is used.
   virtual std::unique_ptr<CacheStorageCache> CreateCache(
       const std::string& cache_name,
-      int64_t cache_size) = 0;
+      int64_t cache_size,
+      int64_t cache_padding,
+      std::unique_ptr<SymmetricKey> cache_padding_key) = 0;
 
   // Deletes any pre-existing cache of the same name and then loads it.
   virtual void PrepareNewCacheDestination(const std::string& cache_name,
@@ -164,17 +179,21 @@ class CacheStorage::MemoryLoader : public CacheStorage::CacheLoader {
                     cache_storage,
                     origin) {}
 
-  std::unique_ptr<CacheStorageCache> CreateCache(const std::string& cache_name,
-                                                 int64_t cache_size) override {
+  std::unique_ptr<CacheStorageCache> CreateCache(
+      const std::string& cache_name,
+      int64_t cache_size,
+      int64_t cache_padding,
+      std::unique_ptr<SymmetricKey> cache_padding_key) override {
     return CacheStorageCache::CreateMemoryCache(
         origin_, cache_name, cache_storage_, request_context_getter_,
-        quota_manager_proxy_, blob_context_);
+        quota_manager_proxy_, blob_context_, GeneratePaddingKey());
   }
 
   void PrepareNewCacheDestination(const std::string& cache_name,
                                   const CacheCallback& callback) override {
     std::unique_ptr<CacheStorageCache> cache =
-        CreateCache(cache_name, 0 /*cache_size*/);
+        CreateCache(cache_name, 0 /*cache_size*/, 0 /* cache_padding */,
+                    GeneratePaddingKey());
     callback.Run(std::move(cache));
   }
 
@@ -232,8 +251,11 @@ class CacheStorage::SimpleCacheLoader : public CacheStorage::CacheLoader {
         origin_path_(origin_path),
         weak_ptr_factory_(this) {}
 
-  std::unique_ptr<CacheStorageCache> CreateCache(const std::string& cache_name,
-                                                 int64_t cache_size) override {
+  std::unique_ptr<CacheStorageCache> CreateCache(
+      const std::string& cache_name,
+      int64_t cache_size,
+      int64_t cache_padding,
+      std::unique_ptr<SymmetricKey> cache_padding_key) override {
     DCHECK_CURRENTLY_ON(BrowserThread::IO);
     DCHECK(base::ContainsKey(cache_name_to_cache_dir_, cache_name));
 
@@ -242,7 +264,7 @@ class CacheStorage::SimpleCacheLoader : public CacheStorage::CacheLoader {
     return CacheStorageCache::CreatePersistentCache(
         origin_, cache_name, cache_storage_, cache_path,
         request_context_getter_, quota_manager_proxy_, blob_context_,
-        cache_size);
+        cache_size, cache_padding, std::move(cache_padding_key));
   }
 
   void PrepareNewCacheDestination(const std::string& cache_name,
@@ -279,7 +301,8 @@ class CacheStorage::SimpleCacheLoader : public CacheStorage::CacheLoader {
     }
 
     cache_name_to_cache_dir_[cache_name] = cache_dir;
-    callback.Run(CreateCache(cache_name, CacheStorage::kSizeUnknown));
+    callback.Run(CreateCache(cache_name, CacheStorage::kSizeUnknown,
+                             CacheStorage::kSizeUnknown, GeneratePaddingKey()));
   }
 
   void CleanUpDeletedCache(CacheStorageCache* cache) override {
@@ -372,7 +395,15 @@ class CacheStorage::SimpleCacheLoader : public CacheStorage::CacheLoader {
       DCHECK(cache.has_cache_dir());
       int64_t cache_size =
           cache.has_size() ? cache.size() : CacheStorage::kSizeUnknown;
-      index->Insert(CacheStorageIndex::CacheMetadata(cache.name(), cache_size));
+      int64_t cache_padding =
+          cache.has_padding() ? cache.padding() : CacheStorage::kSizeUnknown;
+      std::string cache_padding_key = cache.has_padding_key()
+                                          ? cache.padding_key()
+                                          : GeneratePaddingKey()->key();
+
+      index->Insert(CacheStorageIndex::CacheMetadata(
+          cache.name(), cache_size, cache_padding,
+          std::move(cache_padding_key)));
       cache_name_to_cache_dir_[cache.name()] = cache.cache_dir();
       cache_dirs->insert(cache.cache_dir());
     }
@@ -779,8 +810,9 @@ void CacheStorage::CreateCacheDidCreateCache(
   CacheStorageCache* cache_ptr = cache.get();
 
   cache_map_.insert(std::make_pair(cache_name, std::move(cache)));
-  cache_index_->Insert(
-      CacheStorageIndex::CacheMetadata(cache_name, cache_ptr->cache_size()));
+  cache_index_->Insert(CacheStorageIndex::CacheMetadata(
+      cache_name, cache_ptr->cache_size(), cache_ptr->cache_padding(),
+      cache_ptr->cache_padding_key()->key()));
 
   cache_loader_->WriteIndex(
       *cache_index_, base::Bind(&CacheStorage::CreateCacheDidWriteIndex,
@@ -1026,8 +1058,12 @@ std::unique_ptr<CacheStorageCacheHandle> CacheStorage::GetLoadedCache(
   CacheStorageCache* cache = map_iter->second.get();
 
   if (!cache) {
+    const CacheStorageIndex::CacheMetadata* metadata =
+        cache_index_->FindMetadata(cache_name);
+    DCHECK(metadata);
     std::unique_ptr<CacheStorageCache> new_cache = cache_loader_->CreateCache(
-        cache_name, cache_index_->GetCacheSize(cache_name));
+        cache_name, metadata->size, metadata->padding,
+        ImportPaddingKey(metadata->padding_key));
     CacheStorageCache* cache_ptr = new_cache.get();
     map_iter->second = std::move(new_cache);
 
@@ -1073,9 +1109,9 @@ void CacheStorage::SizeImpl(const SizeCallback& callback) {
   DCHECK_CURRENTLY_ON(BrowserThread::IO);
   DCHECK(initialized_);
 
-  if (cache_index_->GetStorageSize() != kSizeUnknown) {
+  if (cache_index_->GetPaddedStorageSize() != kSizeUnknown) {
     base::ThreadTaskRunnerHandle::Get()->PostTask(
-        FROM_HERE, base::Bind(callback, cache_index_->GetStorageSize()));
+        FROM_HERE, base::Bind(callback, cache_index_->GetPaddedStorageSize()));
     return;
   }