Chrome Participated Tamper Detect

components/data_reduction_proxy/browser/data_reduction_proxy_tamper_detect.h

+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// This file implements the tamper detection logic, where we want to detect
+// whether there are middleboxes and whether they are tampering the response

[bengr, 2014/07/16 21:24:49]

with the response

[xingx, 2014/07/18 17:25:02]

Done.

+// which maybe break correct communication and data transfer between Chrome

[bengr, 2014/07/16 21:24:48]

Chrome -> a Chromium client

[xingx, 2014/07/18 17:25:03]

Done.

+// and the data reduction proxy.
+//
+// A high-level description of our tamper detection process works in two steps:
+// 1. The data reduction proxy selects the requests we want to detect tamper;

[bengr, 2014/07/16 21:24:49]

detect tamper -> analyze

[xingx, 2014/07/18 17:25:02]

Done.

+//    for the selected ones, the data reduction proxy generates a series of
+//    fingerprints for the response , and appends it to the Chrome-Proxy header;

[bengr, 2014/07/16 21:24:49]

response ,  --> response,

[xingx, 2014/07/18 17:25:03]

Done.

+// 2. At Chrome client side, when Chrome sees such fingerprints, it uses the

[bengr, 2014/07/16 21:24:48]

At Chrome client side, when Chrome sees such fingerprints --> When the Chromium
client sees such fingerprints

[xingx, 2014/07/18 17:25:02]

Done.

[xingx, 2014/07/18 17:25:03]

Done.

+//    same method as the data reduction proxy to generate the fingerprints, and

[bengr, 2014/07/16 21:24:49]

generate --> re-generate

[xingx, 2014/07/18 17:25:03]

Done.

+//    compares them to the fingerprints in the response, to see if there is any
+//    tamper detected.

[bengr, 2014/07/16 21:24:49]

there is any tamper detected -> the response has been tampered with.

[xingx, 2014/07/18 17:25:02]

Done.

+//
+// Four fingerprints are defined (listed below). Chrome first checks the

[bengr, 2014/07/16 21:24:49]

Chrome first checks --> The fingerprint of the Chrome-Proxy header is checked
first.

In general, stop using "Chrome". This is Chromium code. Chrome is one
application that can be built with this code.

[xingx, 2014/07/18 17:25:02]

Done.

+// fingerprint of the Chrome-Proxy header. If the Chrome-Proxy header has been
+// tampered, then other fingerprints would not be checked; if not, Chrome

[bengr, 2014/07/16 21:24:49]

tampered with

[xingx, 2014/07/18 17:25:03]

Done.

+// parses the rest of the fingerprints and checks whether there is tampering
+// on each of them.

[bengr, 2014/07/16 21:24:49]

Tamper is a strange word. You might want to stop using it and instead use what
you mean, namely, that you are checking if a middlebox modified or deleted
information. 

[xingx, 2014/07/18 17:25:02]

Done.

+//
+// 1. Fingerprint for Chrome-Proxy header checks whether values of Chrome-Proxy
+//    have been tampered with;
+// 2. Fingerprint for Via header checks whether there are middleboxes between
+//    Chrome and the data reduction proxy;
+// 3. Fingerprint for some other headers checks whether the values of a list of
+//    headers (defined by the data reduction proxy) have been tampered with;
+// 4. Fingerprint for Content-Length header checks whether the value of
+//    Content-Length is different to what the data reduction proxy sends, which
+//    indicates that the response body has been tampered with.
+//
+// Chrome reports tampered information for each fingerprint to UMA. In general,

[bengr, 2014/07/16 21:24:48]

Again, not Chrome, and use of tampered is awkward.

[xingx, 2014/07/18 17:25:03]

Done.

+// Chrome reports the number of tampers for each fingerprint on different
+// carriers, as well as total number of tamper detection handled. The only
+// special case is the 4th fingerprint, Content-Length, which we have another
+// dimension, MIME types, Chrome reports the tamper on different MIME type

[bengr, 2014/07/16 21:24:49]

You can use phrases like "tamper detection", "tampering", and "tamper with," but
"the tamper" is incorrect. For this one, I'd suggest "Reports of tampering are
separated by MIME type"

[xingx, 2014/07/18 17:25:03]

Done.

+// independently.
+
+#ifndef COMPONENTS_DATA_REDUCTION_PROXY_BROWSER_DATA_REDUCTION_PROXY_TAMPER_DETECTION_H_
+#define COMPONENTS_DATA_REDUCTION_PROXY_BROWSER_DATA_REDUCTION_PROXY_TAMPER_DETECTION_H_
+
+#include <string>

[bengr, 2014/07/16 21:24:48]

#include <map>

[xingx, 2014/07/18 17:25:02]

Done.

+#include <vector>
+
+#include "net/proxy/proxy_service.h"
+
+namespace net {
+class HttpResponseHeaders;
+}
+
+namespace data_reduction_proxy {
+
+// This class detects if response header information sent by the data reduction
+// proxy has been modified or deleted by intermediaries on the Web.
+class DataReductionProxyTamperDetection {
+ public:
+

[bengr, 2014/07/16 21:24:49]

remove blank line

[xingx, 2014/07/18 17:25:02]

Done.

+  // Checks if the response contains tamper detection fingerprints added by the
+  // data reduction proxy, and determines if the response had been tampered
+  // with if so. Results are reported to UMA. HTTP and HTTPS traffic would be

[bengr, 2014/07/16 21:24:49]

would be -> are

[xingx, 2014/07/18 17:25:03]

Done.

+  // reported independently, specified by |is_secure_scheme|.
+  static void CheckResponseFingerprint(const net::HttpResponseHeaders* header,
+                                       bool is_secure_scheme);
+
+  // Tamper detection checks the response |respose_headers|. |is_secure_scheme|

[bengr, 2014/07/16 21:24:49]

checks the response |response_headers| --> checks |response_headers|.

[xingx, 2014/07/18 17:25:03]

Done.

+  // and |carrier_id| are parameters specify correct UMA histogram to report.

[bengr, 2014/07/16 21:24:49]

I don't understand this sentence.

[xingx, 2014/07/18 17:25:02]

Done.

+  // |chrome_proxy_header_values| points to the vector contains the values of
+  // Chrome-Proxy header, but with Chrome-Proxy header's fingerprint removed,
+  // which is an temporary result saved to use later for avoiding parsing the

[bengr, 2014/07/16 21:24:49]

a temporary

Also, I don't understand this sentence. The header is already parsed by
HttpResponseHeaders.

[xingx, 2014/07/18 17:25:02]

Done.

+  // header twice.
+  DataReductionProxyTamperDetection(
+      const net::HttpResponseHeaders* response_headers,
+      bool is_secure_scheme,
+      unsigned carrier_id,
+      std::vector<std::string>* chrome_proxy_header_values);
+
+  virtual ~DataReductionProxyTamperDetection();
+
+ private:
+  friend class DataReductionProxyTamperDetectTest;
+  FRIEND_TEST_ALL_PREFIXES(DataReductionProxyTamperDetectTest,
+                           TestFingerprintCommon);
+  FRIEND_TEST_ALL_PREFIXES(DataReductionProxyTamperDetectTest,
+                           ChromeProxy);
+  FRIEND_TEST_ALL_PREFIXES(DataReductionProxyTamperDetectTest,
+                           Via);
+  FRIEND_TEST_ALL_PREFIXES(DataReductionProxyTamperDetectTest,
+                           OtherHeaders);
+  FRIEND_TEST_ALL_PREFIXES(DataReductionProxyTamperDetectTest,
+                           ContentLength);
+  FRIEND_TEST_ALL_PREFIXES(DataReductionProxyTamperDetectTest,
+                           Parsing);
+  FRIEND_TEST_ALL_PREFIXES(DataReductionProxyTamperDetectTest,
+                           Completed);
+
+  // Enum for fingerprint type.
+  enum FingerprintCode {
+      CHROMEPROXY,   // 1. Code of fingerprint for Chrome-Proxy header.

[bengr, 2014/07/16 21:24:49]

Give these explicit values, e.g.,:
CHROMEPROXY = 1, /* Code of ... */
VIA = 2, /* ...

[xingx, 2014/07/18 17:25:02]

Done.

[xingx, 2014/07/18 17:25:03]

Done.

+      VIA,           // 2. Code of fingerprint for Via header.
+      OTHERHEADERS,  // 3. Code of fingerprint for a list of headers.
+      CONTENTLENGTH, // 4. Code of fingerprint for Content-Length header.
+      NONEXIST,
+  };
+
+  // Returns true if the Chrome-Proxy header has been tampered with.
+  bool IsChromeProxyHeaderTampered(const std::string& fingerprint) const;
+  // Reports UMA for tampering of the Chrome-Proxy header.
+  void ReportChromeProxyHeaderTamperedUMA() const;
+
+  // Returns true if the Via header has been tampered with.
+  bool IsViaHeaderTampered(const std::string& fingerprint) const;
+  // Reports UMA for tampering of the Via header.
+  void ReportViaHeaderTamperedUMA() const;
+
+  // Returns true if a list of headers have been tampered with.
+  bool AreOtherHeadersTampered(const std::string& fingerprint) const;
+  // Reports UMA for tampering of values of the list of headers.
+  void ReportOtherHeadersTamperedUMA() const;
+
+  // Returns true if the Content-Length header has been tampered with.
+  bool IsContentLengthHeaderTampered(const std::string& fingerprint) const;
+  // Reports UMA for tampering of the Content-Length header.
+  void ReportContentLengthHeaderTamperedUMA() const;
+
+  // Returns the fingerprint code (enum) for the given fingerprint tag.
+  FingerprintCode GetFingerprintCode(const std::string& fingerprint_tag);
+
+  // Checks whether values of a Chrome-Proxy header contain fingerprints added
+  // by the data reduction proxy (four fingerprints will be added as two action
+  // value pairs, one is the fingerprint for Chrome-Proxy header, the other
+  // concatenates other fingerprints together). If they do, returns true, and
+  // saves the Chrome-Proxy header's fingerprint to |chrome_proxy_fingerprint|,
+  // saves other fingerprints to |other_fingerprints|; also removes fingerprint
+  // for Chrome-Proxy header from |values| and saves it as temporary result for
+  // later use. Return false if there is no fingerprint found.
+  static bool GetTamperDetectionFingerprints(
+      std::vector<std::string>* values,
+      std::string* chrome_proxy_fingerprint,
+      std::string* other_fingerprints);
+
+  // Returns a string of sorted values of |values|.
+  static std::string ValuesToSortedString(
+      std::vector<std::string>* values);
+
+  // Returns raw MD5 hash value for a given string |input|. It is different to
+  // base::MD5String which is base16 encoded.
+  static std::string GetMD5(const std::string& input);
+
+  // Returns all the values of a header field |header_name| of the response
+  // header |headers|, as a vector. This function is used for values that need
+  // to be sorted later.
+  static std::vector<std::string> GetHeaderValues(
+      const net::HttpResponseHeaders* headers,
+      const std::string& header_name);
+
+  // Pointer to response headers.
+  const net::HttpResponseHeaders* response_headers_;
+
+  // If true, the connection to the data reduction proxy is over HTTPS;
+  const bool is_secure_scheme_;
+
+  // Carrier ID.
+  const unsigned carrier_id_;
+
+  // Values for Chrome-Proxy header, with fingerprint for Chrome-Proxy header
+  // value removed. Save it as a temporary result so we don't need to parse
+  // the Chrome-Proxy header twice.
+  std::vector<std::string>* clean_chrome_proxy_header_values_;
+
+  // Map a fingerprint tag (string) to a fingerprint code (enum).
+  std::map<std::string, FingerprintCode> fingperprint_tag_code_map_;
+};
+
+}  // namespace data_reduction_proxy
+#endif  // COMPONENTS_DATA_REDUCTION_PROXY_BROWSER_DATA_REDUCTION_PROXY_TAMPER_DETECTION_H_