net/cert/ct_known_logs.cc - Issue 337603003: Certificate Transparency: Switch to using a generated CT log list

Side by Side Diff: net/cert/ct_known_logs.cc

Issue 337603003: Certificate Transparency: Switch to using a generated CT log list (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Addressing review comments Created 6 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2013 The Chromium Authors. All rights reserved.	1 // Copyright 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

	5 #include <string>

	6

5 #include "net/cert/ct_known_logs.h"	7 #include "net/cert/ct_known_logs.h"

6	8

7 #include "base/memory/scoped_ptr.h"

8 #include "base/strings/string_piece.h"	9 #include "base/strings/string_piece.h"

9 #include "net/cert/ct_log_verifier.h"	10 #include "net/cert/ct_log_verifier.h"

10	11

11 namespace net {	12 namespace net {

12	13

13 namespace ct {	14 namespace ct {

14	15

15 namespace {	16 namespace {

16	17

17 // Oldest log - the "pilot" log.	18 const uint8 kLogKeyLength = 92;

18 const char kGooglePilotLogKey[] =	19 struct CTLogInfo {

19 "\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48"	20 const char log_key[kLogKeyLength];

20 "\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x7d\xa8\x4b\x12\x29\x80\xa3\x3d\xad"	21 const char* log_name;
	Ryan Sleevi 2014/06/17 19:48:54 const char* const; const char* const; Eran Messeri 2014/06/18 14:37:57 Done. Show quoted text On 2014/06/17 19:48:54, Ryan Sleevi wrote: > const char* const; Done.
21 "\xd3\x5a\x77\xb8\xcc\xe2\x88\xb3\xa5\xfd\xf1\xd3\x0c\xcd\x18\x0c\xe8\x41"	22 };

22 "\x46\xe8\x81\x01\x1b\x15\xe1\x4b\xf1\x1b\x62\xdd\x36\x0a\x08\x18\xba\xed"

23 "\x0b\x35\x84\xd0\x9e\x40\x3c\x2d\x9e\x9b\x82\x65\xbd\x1f\x04\x10\x41\x4c"

24 "\xa0";

25	23

26 const size_t kGooglePilotLogKeyLength = arraysize(kGooglePilotLogKey) - 1;	24 #include "net/cert/ct_known_logs_static.h"
	Ryan Sleevi 2014/06/17 19:48:54 Why isn't the definition for the structure (CTLogI Why isn't the definition for the structure (CTLogInfo) part of the static list? the ct_known_logs_static.h is tightly coupled to the structural definition here. Eran Messeri 2014/06/18 14:37:56 Good point, done. That makes the generated header Show quoted text On 2014/06/17 19:48:54, Ryan Sleevi wrote: > Why isn't the definition for the structure (CTLogInfo) part of the static list? > the ct_known_logs_static.h is tightly coupled to the structural definition here. Good point, done. That makes the generated header file much more useful.
27

28 const char kGooglePilotLogName[] = "Google US1 CT";

29

30 // Newer log - the "aviator" log.

31 const char kGoogleAviatorLogKey[] =

32 "\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48"

33 "\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xd7\xf4\xcc\x69\xb2\xe4\x0e\x90\xa3"

34 "\x8a\xea\x5a\x70\x09\x4f\xef\x13\x62\xd0\x8d\x49\x60\xff\x1b\x40\x50\x07"

35 "\x0c\x6d\x71\x86\xda\x25\x49\x8d\x65\xe1\x08\x0d\x47\x34\x6b\xbd\x27\xbc"

36 "\x96\x21\x3e\x34\xf5\x87\x76\x31\xb1\x7f\x1d\xc9\x85\x3b\x0d\xf7\x1f\x3f"

37 "\xe9";

38

39 const size_t kGoogleAviatorLogKeyLength = arraysize(kGoogleAviatorLogKey) - 1;

40

41 const char kGoogleAviatorLogName[] = "Google US2 CT";

42

43 // Latest log, not turned up yet, nicknamed "rocketeer"

44 const char kGoogleRocketeerLogKey[] =

45 "\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48"

46 "\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xf3\x58\x9d\x31\x6e\x2f\xc8\x98\x46"

47 "\x2b\x92\x08\x1f\x46\x98\x80\x55\xa9\x0d\x02\xe1\x39\xba\x9a\x90\xcf\x8b"

48 "\xe0\x8a\x7e\x06\x72\xd6\x53\x48\xb3\x4a\xc3\x4d\x2f\x52\xa6\x21\xfc\xcc"

49 "\x33\xcb\x92\x2b\x57\x95\x76\xf2\x07\xcd\x37\x56\x83\xbb\xfa\xea\xb6\xc4"

50 "\xd8";

51

52 const size_t kGoogleRocketeerLogKeyLength =

53 arraysize(kGoogleRocketeerLogKey) - 1;

54

55 const char kGoogleRocketeerLogName[] = "Google EU CT";

56	25

57 } // namespace	26 } // namespace

58	27

59 scoped_ptr<CTLogVerifier> CreateGooglePilotLogVerifier() {	28 ScopedVector<CTLogVerifier> CreateLogVerifiersForKnownLogs() {

60 base::StringPiece key(kGooglePilotLogKey, kGooglePilotLogKeyLength);	29 ScopedVector<CTLogVerifier> verifiers;

	30 for (int i = 0; i < kNumKnownCTLogs; ++i) {
	Ryan Sleevi 2014/06/17 19:48:54 s/int/size_t; Seems like you should be able to us s/int/size_t; Seems like you should be able to use arraysize(kCTLogList), because it will be a statically initialized list, rather than rely on kNumKnownCTLogs (which might someday get out of sync) Eran Messeri 2014/06/18 14:37:56 Done, although kNumKnownCTLogs is generated togeth Show quoted text On 2014/06/17 19:48:54, Ryan Sleevi wrote: > s/int/size_t; > > Seems like you should be able to use arraysize(kCTLogList), because it will be a > statically initialized list, rather than rely on kNumKnownCTLogs (which might > someday get out of sync) Done, although kNumKnownCTLogs is generated together with kCTLogList.
	31 const CTLogInfo& log(kCTLogList[i]);

	32 base::StringPiece key(log.log_key, kLogKeyLength - 1);
	Ryan Sleevi 2014/06/17 19:48:54 Ditto here; Seems like arraysize(log.log_key) avoi Ditto here; Seems like arraysize(log.log_key) avoids any sync issues. Eran Messeri 2014/06/18 14:37:56 For some reason arraysize was not happy with it: . Show quoted text On 2014/06/17 19:48:54, Ryan Sleevi wrote: > Ditto here; Seems like arraysize(log.log_key) avoids any sync issues. For some reason arraysize was not happy with it: ../../net/cert/ct_known_logs.cc: In function ‘ScopedVector<net::CTLogVerifier> net::ct::CreateLogVerifiersForKnownLogs()’: ../../net/cert/ct_known_logs.cc:22:40: error: no matching function for call to ‘ArraySizeHelper(const char* const&)’ ../../net/cert/ct_known_logs.cc:22:40: note: candidates are: ../../base/macros.h:64:8: note: template<class T, long unsigned int N> char (& ArraySizeHelper(T (&)[N]))[N] ../../base/macros.h:71:8: note: template<class T, long unsigned int N> char (& ArraySizeHelper(const T (&)[N]))[N] So I've switched to using a constant that is defined in the generated file, which should not get out-of-sync as it is automatically calculated. I could use ARRAYSIZE_UNSAFE, though. Eran Messeri 2014/06/18 14:59:51 By defining the size of the log_key array in the L By defining the size of the log_key array in the LogInfo type definition, that now works and the the constant is no longer needed.
61	33

62 return CTLogVerifier::Create(key, kGooglePilotLogName);	34 verifiers.push_back(CTLogVerifier::Create(key, log.log_name).release());

63 }	35 }

64	36

65 scoped_ptr<CTLogVerifier> CreateGoogleAviatorLogVerifier() {	37 return verifiers.Pass();

66 base::StringPiece key(kGoogleAviatorLogKey, kGoogleAviatorLogKeyLength);

67

68 return CTLogVerifier::Create(key, kGoogleAviatorLogName);

69 }

70

71 scoped_ptr<CTLogVerifier> CreateGoogleRocketeerLogVerifier() {

72 base::StringPiece key(kGoogleRocketeerLogKey, kGoogleRocketeerLogKeyLength);

73

74 return CTLogVerifier::Create(key, kGoogleRocketeerLogName);

75 }	38 }

76	39

77 } // namespace ct	40 } // namespace ct

78	41

79 } // namespace net	42 } // namespace net

80	43

OLD	NEW

« no previous file with comments | « net/cert/ct_known_logs.h ('k') | net/cert/ct_known_logs_static.h » ('j') | net/cert/ct_known_logs_static.h » ('J')