Chromium Code Reviews Chromium Code Reviews
Issue 462543002:
Certificate Transparency: Code for unpacking EV cert hashes whitelist (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: net/cert/ct_ev_whitelist.cc |
| diff --git a/net/cert/ct_ev_whitelist.cc b/net/cert/ct_ev_whitelist.cc |
| new file mode 100644 |
| index 0000000000000000000000000000000000000000..dd91890b649de04df4e4243434da2ccf32d5354d |
| --- /dev/null |
| +++ b/net/cert/ct_ev_whitelist.cc |
| @@ -0,0 +1,166 @@ |
| +// Copyright 2014 The Chromium Authors. All rights reserved. |
| +// Use of this source code is governed by a BSD-style license that can be |
| +// found in the LICENSE file. |
| + |
| +#include "net/cert/ct_ev_whitelist.h" |
| + |
| +#include <set> |
| + |
| +#include "base/big_endian.h" |
| +#include "base/file_util.h" |
| +#include "base/lazy_instance.h" |
| +#include "base/logging.h" |
| + |
| +namespace net { |
| + |
| +namespace ct { |
| + |
| +namespace { |
| +base::LazyInstance<std::set<std::string> >::Leaky g_current_ev_whitelist = |
| + LAZY_INSTANCE_INITIALIZER; |
| + |
| +uint8 kCertHashLengthBits = 64; // 8 bytes |
| +uint64 kGolombMParameterBits = 47; // 2^47 |
|
wtc
2014/08/14 02:04:43
Add 'const' to these two constants.
Eran Messeri
2014/08/14 11:55:07
Done.
|
| + |
| +} |
|
wtc
2014/08/14 02:04:43
Add a comment:
} // namespace
Eran Messeri
2014/08/14 11:55:07
Done.
|
| + |
| +namespace internal { |
| + |
| +BitStreamReader::BitStreamReader(const char* source, size_t length) : |
| + source_(source), length_(length), curr_byte_(0), curr_bit_(7) { |
| +} |
| + |
| +bool BitStreamReader::ReadUnaryEncoding(uint64* out) { |
| + uint64 res(0); |
| + if (!HasMoreBits()) { |
| + return false; |
| + } |
| + |
| + uint8 b = ReadBit(); |
| + while (HasMoreBits() && b) { |
| + res += 1; |
| + b = ReadBit(); |
| + } |
| + |
| + *out = res; |
| + return true; |
| +} |
| + |
| +bool BitStreamReader::ReadBits(uint8 num_bits, uint64* out) { |
| + if (num_bits > 64) |
| + return false; |
| + |
| + if (BitsLeft() < num_bits) |
| + return false; |
| + |
| + uint64 res(0); |
| + for (uint8 i = 0; i < num_bits; ++i) { |
| + res |= (static_cast<uint64>(ReadBit()) << (num_bits - (i + 1))); |
| + } |
| + |
| + *out = res; |
| + return true; |
| +} |
| + |
| +uint64 BitStreamReader::BitsLeft() { |
| + if (curr_byte_ == length_) |
| + return 0; |
| + return (length_ - (curr_byte_ + 1)) * 8 + curr_bit_ + 1; |
| +} |
| + |
| +bool BitStreamReader::HasMoreBits() { |
| + return BitsLeft() > 0; |
| +} |
| + |
| +uint8 BitStreamReader::ReadBit() { |
| + DCHECK(HasMoreBits()); |
| + DCHECK(curr_bit_ < 8 && curr_bit_ >= 0); |
| + uint8 res = (source_[curr_byte_] & (1 << curr_bit_)) >> curr_bit_; |
| + curr_bit_--; |
| + if (curr_bit_ < 0) { |
| + curr_byte_ += 1; |
| + curr_bit_ = 7; |
| + } |
| + |
| + return res; |
| +} |
| + |
| +void SetEVWhitelistData(std::set<std::string> ev_whitelist) { |
| + g_current_ev_whitelist.Get().swap(ev_whitelist); |
| +} |
| + |
| +bool UncompressEVWhitelist( |
| + const std::string& compressed_whitelist, |
| + std::set<std::string>* uncompressed_list) { |
| + BitStreamReader reader( |
| + compressed_whitelist.data(), compressed_whitelist.size()); |
| + std::set<std::string> result; |
| + |
| + VLOG(1) << "Uncompressing EV whitelist of size " |
| + << compressed_whitelist.size(); |
| + uint64 curr_hash(0); |
| + if (!reader.ReadBits(kCertHashLengthBits, &curr_hash)) { |
| + VLOG(1) << "Failed reading first hash."; |
| + return false; |
| + } |
| + char hash_bytes[8]; |
| + base::WriteBigEndian(hash_bytes, curr_hash); |
| + result.insert(std::string(hash_bytes, 8)); |
| + uint64 M = static_cast<uint64>(1) << kGolombMParameterBits; |
| + |
| + while (reader.BitsLeft() > kGolombMParameterBits) { |
| + uint64 read_prefix(0); |
| + if (!reader.ReadUnaryEncoding(&read_prefix)) { |
| + VLOG(1) << "Failed reading unary-encoded prefix."; |
| + return false; |
| + } |
| + |
| + uint64 r(0); |
| + if (!reader.ReadBits(kGolombMParameterBits, &r)) { |
| + VLOG(1) << "Failed reading " << kGolombMParameterBits << " bits."; |
| + return false; |
| + } |
| + |
| + uint64 curr_diff = read_prefix * M + r; |
| + uint64 next_hash = curr_hash + curr_diff; |
| + |
| + base::WriteBigEndian(hash_bytes, next_hash); |
| + result.insert(std::string(hash_bytes, 8)); |
| + curr_hash = next_hash; |
| + } |
| + |
| + uncompressed_list->swap(result); |
| + return true; |
| +} |
| + |
| +} // namespace internal |
| + |
| +void SetEVWhitelistFromFile(const base::FilePath& compressed_whitelist_file) { |
| + VLOG(1) << "Setting EV whitelist from file: " |
| + << compressed_whitelist_file.value(); |
| + std::string compressed_list; |
| + if (!base::ReadFileToString(compressed_whitelist_file, &compressed_list)) { |
| + VLOG(1) << "Failed reading from " << compressed_whitelist_file.value(); |
| + return; |
| + } |
| + |
| + std::set<std::string> uncompressed_list; |
| + if (!internal::UncompressEVWhitelist(compressed_list, &uncompressed_list)) { |
| + VLOG(1) << "Failed uncompressing."; |
| + return; |
| + } |
| + VLOG(1) << "Uncompressing succeeded, hashes: " << uncompressed_list.size(); |
| + |
| + internal::SetEVWhitelistData(uncompressed_list); |
| +} |
| + |
| +bool IsCertificateHashInWhitelist(const std::string& cert_hash) { |
| + return g_current_ev_whitelist.Get().find(cert_hash) != |
| + g_current_ev_whitelist.Get().end(); |
| +} |
| + |
| +} // namespace ct |
| + |
| +} // namespace net |
| + |
| + |
