OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "components/rappor/rappor_metric.h" | |
6 | |
7 #include "base/logging.h" | |
8 | |
9 namespace rappor { | |
10 | |
11 RapporMetric::RapporMetric(const std::string& metric_name, | |
12 const RapporParameters& parameters, | |
13 int32_t cohort) | |
14 : metric_name_(metric_name), | |
15 parameters_(parameters), | |
16 bloom_(parameters.bloom_filter_size_bytes, | |
17 parameters.bloom_filter_hash_function_count, | |
18 cohort * parameters.bloom_filter_hash_function_count) { | |
19 DCHECK_GE(cohort, 0); | |
20 } | |
21 | |
22 RapporMetric::~RapporMetric() {} | |
23 | |
24 void RapporMetric::AddSample(const std::string& str) { bloom_.AddString(str); } | |
25 | |
26 ByteVector RapporMetric::GetReport(const std::string& secret) const { | |
27 // Start with the real bloom filter data. | |
28 const ByteVector real_bits(bytes()); | |
Alexei Svitkine (slow)
2014/02/05 18:07:01
I don't think this is necessary. You're making a c
Steven Holte
2014/02/05 22:44:37
Done.
| |
29 | |
30 // Generate a deterministically random mask of fake data using the | |
31 // client's secret key + real data as a seed. | |
Alexei Svitkine (slow)
2014/02/05 18:07:01
I'd explicitly mention that it's intended that the
Steven Holte
2014/02/05 22:44:37
Expanded this comment a bit.
| |
32 std::string seed = secret + metric_name_ + | |
33 std::string(real_bits.begin(), real_bits.end()); | |
Alexei Svitkine (slow)
2014/02/05 18:07:01
Are we really sure that seeding the HMAC with the
ulfar
2014/02/05 18:32:47
Yup, HMAC is a PRF (pseudo-random function), accor
| |
34 HmacByteVectorGenerator hmac_generator(real_bits.size(), seed); | |
35 const ByteVector fake_mask = | |
36 hmac_generator.GetWeightedRandomByteVector(parameters()->fake_prob); | |
37 ByteVector fake_ones = | |
38 hmac_generator.GetWeightedRandomByteVector(parameters()->fake_one_prob); | |
39 | |
40 // Redact most of the real data by replacing it with the fake data, hiding | |
41 // and limiting the amount of information an individual client reports on. | |
42 const ByteVector* redacted_bits = | |
43 ByteVectorMerge(fake_mask, real_bits, &fake_ones); | |
44 | |
45 // Generate biased coin flips for each bit. | |
46 ByteVectorGenerator coin_generator(real_bits.size()); | |
47 const ByteVector zero_coins = | |
48 coin_generator.GetWeightedRandomByteVector(parameters()->zero_coin_prob); | |
49 ByteVector one_coins = | |
50 coin_generator.GetWeightedRandomByteVector(parameters()->one_coin_prob); | |
51 | |
52 // Use the redacted data to select which coin type is used for each bit in | |
53 // the final report. | |
54 const ByteVector* output = | |
55 ByteVectorMerge(*redacted_bits, zero_coins, &one_coins); | |
Alexei Svitkine (slow)
2014/02/05 18:07:01
Nit: Return directly.
Steven Holte
2014/02/05 22:44:37
Done.
| |
56 | |
57 return *output; | |
58 } | |
59 | |
60 } // namespace rappor | |
OLD | NEW |