Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(301)

Unified Diff: net/cert/ct_ev_whitelist.cc

Issue 462543002: Certificate Transparency: Code for unpacking EV cert hashes whitelist (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Addressing comments + adding method for determining presence of valid EV whitelist. Created 6 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/cert/ct_ev_whitelist.h ('k') | net/cert/ct_ev_whitelist_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/ct_ev_whitelist.cc
diff --git a/net/cert/ct_ev_whitelist.cc b/net/cert/ct_ev_whitelist.cc
new file mode 100644
index 0000000000000000000000000000000000000000..a7c2eb1fcd8a21eae71b83785702fa8be4d119bd
--- /dev/null
+++ b/net/cert/ct_ev_whitelist.cc
@@ -0,0 +1,158 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/cert/ct_ev_whitelist.h"
+
+#include <set>
+
+#include "base/big_endian.h"
+#include "base/file_util.h"
+#include "base/lazy_instance.h"
+#include "base/logging.h"
+
+namespace net {
+
+namespace ct {
+
+namespace {
+base::LazyInstance<std::set<std::string> >::Leaky g_current_ev_whitelist =
+ LAZY_INSTANCE_INITIALIZER;
+
+const uint8 kCertHashLengthBits = 64; // 8 bytes
+const uint64 kGolombMParameterBits = 47; // 2^47
+} // namespace
+
+namespace internal {
+
+BitStreamReader::BitStreamReader(const char* source, size_t length)
+ : source_(source), length_(length), current_byte_(0), current_bit_(7) {
+}
+
+bool BitStreamReader::ReadUnaryEncoding(uint64* out) {
+ uint64 res = 0;
+ if (BitsLeft() == 0)
+ return false;
+
+ while ((BitsLeft() > 0) && ReadBit())
+ res++;
+
+ *out = res;
+ return true;
+}
+
+bool BitStreamReader::ReadBits(uint8 num_bits, uint64* out) {
+ if (num_bits > 64)
+ return false;
+
+ if (BitsLeft() < num_bits)
+ return false;
+
+ uint64 res = 0;
+ for (uint8 i = 0; i < num_bits; ++i)
+ res |= (static_cast<uint64>(ReadBit()) << (num_bits - (i + 1)));
+
+ *out = res;
+ return true;
+}
+
+uint64 BitStreamReader::BitsLeft() const {
+ if (current_byte_ == length_)
+ return 0;
+ return (length_ - (current_byte_ + 1)) * 8 + current_bit_ + 1;
+}
+
+uint8 BitStreamReader::ReadBit() {
+ DCHECK_GT(BitsLeft(), 0u);
+ DCHECK(current_bit_ < 8 && current_bit_ >= 0);
+ uint8 res = (source_[current_byte_] & (1 << current_bit_)) >> current_bit_;
+ current_bit_--;
+ if (current_bit_ < 0) {
+ current_byte_++;
+ current_bit_ = 7;
+ }
+
+ return res;
+}
+
+bool UncompressEVWhitelist(const std::string& compressed_whitelist,
+ std::set<std::string>* uncompressed_list) {
+ BitStreamReader reader(compressed_whitelist.data(),
+ compressed_whitelist.size());
+ std::set<std::string> result;
+
+ VLOG(1) << "Uncompressing EV whitelist of size "
+ << compressed_whitelist.size();
+ uint64 curr_hash(0);
+ if (!reader.ReadBits(kCertHashLengthBits, &curr_hash)) {
+ VLOG(1) << "Failed reading first hash.";
+ return false;
+ }
+ char hash_bytes[8];
+ base::WriteBigEndian(hash_bytes, curr_hash);
+ result.insert(std::string(hash_bytes, 8));
+ static const uint64 M = static_cast<uint64>(1) << kGolombMParameterBits;
+
+ while (reader.BitsLeft() > kGolombMParameterBits) {
+ uint64 read_prefix = 0;
+ if (!reader.ReadUnaryEncoding(&read_prefix)) {
+ VLOG(1) << "Failed reading unary-encoded prefix.";
+ return false;
+ }
+
+ uint64 r = 0;
+ if (!reader.ReadBits(kGolombMParameterBits, &r)) {
+ VLOG(1) << "Failed reading " << kGolombMParameterBits << " bits.";
+ return false;
+ }
+
+ uint64 curr_diff = read_prefix * M + r;
+ curr_hash += curr_diff;
+
+ base::WriteBigEndian(hash_bytes, curr_hash);
+ result.insert(std::string(hash_bytes, 8));
+ }
+
+ uncompressed_list->swap(result);
+ return true;
+}
+
+void SetEVWhitelistData(std::set<std::string>& ev_whitelist) {
+ g_current_ev_whitelist.Get().swap(ev_whitelist);
+}
+
+} // namespace internal
+
+void SetEVWhitelistFromFile(const base::FilePath& compressed_whitelist_file) {
+ VLOG(1) << "Setting EV whitelist from file: "
+ << compressed_whitelist_file.value();
+ std::string compressed_list;
+ if (!base::ReadFileToString(compressed_whitelist_file, &compressed_list)) {
+ VLOG(1) << "Failed reading from " << compressed_whitelist_file.value();
+ return;
+ }
+
+ std::set<std::string> uncompressed_list;
+ if (!internal::UncompressEVWhitelist(compressed_list, &uncompressed_list)) {
+ VLOG(1) << "Failed uncompressing.";
+ return;
+ }
+ VLOG(1) << "Uncompressing succeeded, hashes: " << uncompressed_list.size();
+
+ internal::SetEVWhitelistData(uncompressed_list);
+}
+
+bool IsCertificateHashInWhitelist(const std::string& certificate_hash) {
+ const std::set<std::string>& current_ev_whitelist =
+ g_current_ev_whitelist.Get();
+ return current_ev_whitelist.find(certificate_hash) !=
+ current_ev_whitelist.end();
+}
+
+bool HasValidEVWhitelist() {
+ return !g_current_ev_whitelist.Get().empty();
+}
+
+} // namespace ct
+
+} // namespace net
« no previous file with comments | « net/cert/ct_ev_whitelist.h ('k') | net/cert/ct_ev_whitelist_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698