Chromium Code Reviews Chromium Code Reviews
Issue 49753002:
RAPPOR implementation (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: components/rappor/byte_vector_utils.cc |
| diff --git a/components/rappor/byte_vector_utils.cc b/components/rappor/byte_vector_utils.cc |
| new file mode 100644 |
| index 0000000000000000000000000000000000000000..1b5c780cec68cac1fb6e5672b4656f0a501622b1 |
| --- /dev/null |
| +++ b/components/rappor/byte_vector_utils.cc |
| @@ -0,0 +1,147 @@ |
| +// Copyright 2014 The Chromium Authors. All rights reserved. |
| +// Use of this source code is governed by a BSD-style license that can be |
| +// found in the LICENSE file. |
| + |
| +#include "components/rappor/byte_vector_utils.h" |
| + |
| +#include <string> |
| + |
| +#include "base/logging.h" |
| +#include "base/rand_util.h" |
| +#include "base/strings/string_number_conversions.h" |
| +#include "crypto/random.h" |
| + |
| +namespace rappor { |
| + |
| +ByteVector* ByteVectorOr(const ByteVector& lhs, ByteVector* rhs) { |
| + DCHECK_EQ(lhs.size(), rhs->size()); |
| + for (size_t i = 0, len = lhs.size(); i < len; ++i) { |
| + (*rhs)[i] = lhs[i] | (*rhs)[i]; |
| + } |
| + return rhs; |
| +} |
| + |
| +ByteVector* ByteVectorMerge(const ByteVector& mask, |
| + const ByteVector& lhs, |
| + ByteVector* rhs) { |
| + DCHECK_EQ(lhs.size(), rhs->size()); |
| + for (size_t i = 0, len = lhs.size(); i < len; ++i) { |
| + (*rhs)[i] = (lhs[i] & ~mask[i]) | ((*rhs)[i] & mask[i]); |
| + } |
| + return rhs; |
| +} |
| + |
| +int CountBits(const ByteVector& vector) { |
| + int bit_count = 0; |
| + for(size_t i = 0; i < vector.size(); ++i) { |
| + uint8_t byte = vector[i]; |
| + for (int j = 0; j < 8 ; ++j) { |
| + if (byte & (1 << j)) |
| + bit_count++; |
| + } |
| + } |
| + return bit_count; |
| +} |
| + |
| +ByteVectorGenerator::ByteVectorGenerator(size_t byte_count) |
| + : byte_count_(byte_count) {} |
| + |
| +ByteVectorGenerator::~ByteVectorGenerator() {} |
| + |
| +ByteVector ByteVectorGenerator::GetRandomByteVector() { |
| + ByteVector bytes(byte_count_); |
| + crypto::RandBytes(&bytes[0], bytes.size()); |
| + return bytes; |
| +} |
| + |
| +ByteVector ByteVectorGenerator::GetWeightedRandomByteVector( |
| + Probability probability) { |
| + ByteVector bytes = GetRandomByteVector(); |
| + switch (probability) { |
| + case PROBABILITY_75: |
| + return *ByteVectorOr(GetRandomByteVector(), &bytes); |
| + case PROBABILITY_50: |
| + return bytes; |
| + } |
| + NOTREACHED(); |
| + return bytes; |
| +} |
| + |
| +HmacByteVectorGenerator::HmacByteVectorGenerator( |
| + size_t byte_count, |
| + const std::string& entropy_input, |
| + const std::string& personalization_string) |
| + : ByteVectorGenerator(byte_count), |
| + hmac_(crypto::HMAC::SHA256), |
| + value_(hmac_.DigestLength(), 0x01), |
| + requested_bytes_(0) { |
| + // HMAC_DRBG Instantiate Process |
| + // 1. seed_material = entropy_input + nonce + personalization_string |
| + // Note: We are using the 8.6.7 interpretation, where the entropy_input and |
| + // nonce are acquired at the same time from the same source. |
| + std::string seed_material(entropy_input + personalization_string); |
|
edknapp
2014/02/12 00:27:17
DCHECK(entropy_input.length() == kEntropyInputSize
Steven Holte
2014/02/12 04:02:55
Done.
|
| + // 2. Key = 0x00 00...00 |
| + ByteVector key(hmac_.DigestLength(), 0x00); |
| + // 3. V = 0x01 01...01 |
| + // (value_ in initializer list) |
| + |
| + // 4. (Key, V) = HMAC_DRBG_Update(seed_material, Key, V) |
| + Update(seed_material, key); |
| +} |
| + |
| +HmacByteVectorGenerator::~HmacByteVectorGenerator() {} |
| + |
| +// static |
| +std::string HmacByteVectorGenerator::GenerateEntropyInput() { |
| + return base::RandBytesAsString(kEntropyInputSize); |
| +} |
| + |
| +void HmacByteVectorGenerator::Update(const std::string& provided_data, |
| + const ByteVector& key) { |
| + std::string initial_value(value_.begin(), value_.end()); |
| + // HMAC_DRBG Update Process |
| + // 1. K = HMAC(K, V || 0x00 || provided_data) |
| + ByteVector generated_key(hmac_.DigestLength()); |
| + crypto::HMAC keygen_hmac(crypto::HMAC::SHA256); |
| + if (!keygen_hmac.Init(std::string(key.begin(), key.end()))) |
| + NOTREACHED(); |
| + if (!keygen_hmac.Sign(initial_value + char(0x00) + provided_data, |
| + &generated_key[0], generated_key.size())) { |
| + NOTREACHED(); |
| + } |
| + // 2. V = HMAC(K, V) |
| + if (!hmac_.Init(std::string(generated_key.begin(), generated_key.end()))) |
| + NOTREACHED(); |
| + if (!hmac_.Sign(initial_value, &value_[0], value_.size())) |
| + NOTREACHED(); |
| +} |
|
edknapp
2014/02/12 00:27:17
Steps 3-6:
if (provided_data.length() > 0) {
K =
Steven Holte
2014/02/12 04:02:55
Done.
|
| + |
| +ByteVector HmacByteVectorGenerator::GetRandomByteVector() { |
| + ByteVector bytes(byte_count_); |
| + uint8_t* data = bytes.data(); |
| + size_t digest_length = hmac_.DigestLength(); |
| + size_t bytes_to_go = byte_count_; |
| + while (bytes_to_go > 0) { |
| + size_t requested_byte_in_digest = requested_bytes_ % digest_length; |
| + if (requested_byte_in_digest == 0) { |
| + // Do step 4.1 of the HMAC_DRBG Generate Process for more bits. |
| + // V = HMAC(Key, V) |
| + if (!hmac_.Sign(std::string(value_.begin(), value_.end()), |
| + &value_[0], value_.size())) { |
| + NOTREACHED(); |
| + } |
| + } |
| + size_t n = std::min(bytes_to_go, |
| + digest_length - requested_byte_in_digest); |
| + memcpy(data, &value_[requested_byte_in_digest], n); |
| + data += n; |
| + bytes_to_go -= n; |
| + requested_bytes_ += n; |
| + // Check max_number_of_bits_per_request from 10.1 Table 2 |
| + // max_number_of_bits_per_request == 2^19 bits == 2^16 bytes |
| + DCHECK_LT(requested_bytes_, 1U << 16); |
| + } |
| + return bytes; |
| +} |
| + |
| +} // namespace rappor |
