Index: components/rappor/rappor_metric.cc |
diff --git a/components/rappor/rappor_metric.cc b/components/rappor/rappor_metric.cc |
new file mode 100644 |
index 0000000000000000000000000000000000000000..427a2527d4b068be55b4bed2524e2f445c0c0bfe |
--- /dev/null |
+++ b/components/rappor/rappor_metric.cc |
@@ -0,0 +1,60 @@ |
+// Copyright 2014 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#include "components/rappor/rappor_metric.h" |
+ |
+#include "base/logging.h" |
+ |
+namespace rappor { |
+ |
+RapporMetric::RapporMetric(const std::string& metric_name, |
+ const RapporParameters& parameters, |
+ int32_t cohort) |
+ : metric_name_(metric_name), |
+ parameters_(parameters), |
+ bloom_(parameters.bloom_filter_size_bytes, |
+ parameters.bloom_filter_hash_function_count, |
+ cohort * parameters.bloom_filter_hash_function_count) { |
+ DCHECK_GE(cohort, 0); |
+} |
+ |
+RapporMetric::~RapporMetric() {} |
+ |
+void RapporMetric::AddSample(const std::string& str) { bloom_.AddString(str); } |
+ |
+ByteVector RapporMetric::GetReport(const std::string& secret) const { |
+ // Start with the real bloom filter data. |
+ const ByteVector real_bits(bytes()); |
Alexei Svitkine (slow)
2014/02/05 18:07:01
I don't think this is necessary. You're making a c
Steven Holte
2014/02/05 22:44:37
Done.
|
+ |
+ // Generate a deterministically random mask of fake data using the |
+ // client's secret key + real data as a seed. |
Alexei Svitkine (slow)
2014/02/05 18:07:01
I'd explicitly mention that it's intended that the
Steven Holte
2014/02/05 22:44:37
Expanded this comment a bit.
|
+ std::string seed = secret + metric_name_ + |
+ std::string(real_bits.begin(), real_bits.end()); |
Alexei Svitkine (slow)
2014/02/05 18:07:01
Are we really sure that seeding the HMAC with the
ulfar
2014/02/05 18:32:47
Yup, HMAC is a PRF (pseudo-random function), accor
|
+ HmacByteVectorGenerator hmac_generator(real_bits.size(), seed); |
+ const ByteVector fake_mask = |
+ hmac_generator.GetWeightedRandomByteVector(parameters()->fake_prob); |
+ ByteVector fake_ones = |
+ hmac_generator.GetWeightedRandomByteVector(parameters()->fake_one_prob); |
+ |
+ // Redact most of the real data by replacing it with the fake data, hiding |
+ // and limiting the amount of information an individual client reports on. |
+ const ByteVector* redacted_bits = |
+ ByteVectorMerge(fake_mask, real_bits, &fake_ones); |
+ |
+ // Generate biased coin flips for each bit. |
+ ByteVectorGenerator coin_generator(real_bits.size()); |
+ const ByteVector zero_coins = |
+ coin_generator.GetWeightedRandomByteVector(parameters()->zero_coin_prob); |
+ ByteVector one_coins = |
+ coin_generator.GetWeightedRandomByteVector(parameters()->one_coin_prob); |
+ |
+ // Use the redacted data to select which coin type is used for each bit in |
+ // the final report. |
+ const ByteVector* output = |
+ ByteVectorMerge(*redacted_bits, zero_coins, &one_coins); |
Alexei Svitkine (slow)
2014/02/05 18:07:01
Nit: Return directly.
Steven Holte
2014/02/05 22:44:37
Done.
|
+ |
+ return *output; |
+} |
+ |
+} // namespace rappor |