OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "chrome/browser/net/packed_ct_ev_whitelist.h" | |
6 | |
7 #include <string.h> | |
8 | |
9 #include <algorithm> | |
10 | |
11 #include "base/big_endian.h" | |
12 #include "base/files/file_util.h" | |
13 #include "base/lazy_instance.h" | |
14 #include "base/logging.h" | |
15 #include "chrome/browser/net/bit_stream_reader.h" | |
16 #include "content/public/browser/browser_thread.h" | |
17 #include "net/ssl/ssl_config_service.h" | |
18 | |
19 namespace { | |
20 const uint8_t kCertHashLengthBits = 64; // 8 bytes | |
21 const uint8_t kCertHashLength = kCertHashLengthBits / 8; | |
22 const uint64_t kGolombMParameterBits = 47; // 2^47 | |
23 | |
24 void SetNewEVWhitelistInSSLConfigService( | |
25 scoped_refptr<net::ct::EVCertsWhitelist> new_whitelist) { | |
Ryan Sleevi
2014/10/21 22:50:25
pass refcounted pointers as const-ref
Eran Messeri
2014/10/22 10:53:26
Done.
| |
26 net::SSLConfigService::SetEVCertsWhitelist(new_whitelist); | |
27 } | |
28 | |
29 int hash_val_comp(const void* v1, const void* v2) { | |
30 return memcmp(v1, v2, kCertHashLength); | |
31 } | |
32 | |
33 } // namespace | |
34 | |
35 void SetEVWhitelistFromFile(const base::FilePath& compressed_whitelist_file) { | |
36 VLOG(1) << "Setting EV whitelist from file: " | |
37 << compressed_whitelist_file.value(); | |
38 std::string compressed_list; | |
39 if (!base::ReadFileToString(compressed_whitelist_file, &compressed_list)) { | |
40 VLOG(1) << "Failed reading from " << compressed_whitelist_file.value(); | |
41 return; | |
42 } | |
43 | |
44 scoped_refptr<net::ct::EVCertsWhitelist> new_whitelist( | |
45 new PackedEVCertsWhitelist(compressed_list)); | |
46 if (!new_whitelist->IsValid()) { | |
47 VLOG(1) << "Failed uncompressing EV certs whitelist."; | |
48 return; | |
49 } | |
50 | |
51 base::Callback<void(void)> assign_cb = | |
52 base::Bind(SetNewEVWhitelistInSSLConfigService, new_whitelist); | |
53 content::BrowserThread::PostTask( | |
54 content::BrowserThread::IO, FROM_HERE, assign_cb); | |
55 } | |
56 | |
57 bool PackedEVCertsWhitelist::UncompressEVWhitelist( | |
58 const std::string& compressed_whitelist, | |
59 std::vector<std::string>* uncompressed_list) { | |
60 internal::BitStreamReader reader(base::StringPiece( | |
61 compressed_whitelist.data(), compressed_whitelist.size())); | |
62 std::vector<std::string> result; | |
63 | |
64 VLOG(1) << "Uncompressing EV whitelist of size " | |
65 << compressed_whitelist.size(); | |
66 uint64_t curr_hash(0); | |
67 if (!reader.ReadBits(kCertHashLengthBits, &curr_hash)) { | |
68 VLOG(1) << "Failed reading first hash."; | |
69 return false; | |
70 } | |
71 char hash_bytes[8]; | |
72 base::WriteBigEndian(hash_bytes, curr_hash); | |
73 result.push_back(std::string(hash_bytes, 8)); | |
74 static const uint64_t M = static_cast<uint64_t>(1) << kGolombMParameterBits; | |
Ryan Sleevi
2014/10/21 22:50:25
needs a better name? Line 82 surprises me when rea
Eran Messeri
2014/10/22 10:53:26
Can you suggest one? I've added a comment to clari
Ryan Sleevi
2014/10/22 19:26:58
even just something like kGolombParameterM or some
Eran Messeri
2014/10/22 23:32:03
Done, used your suggested name.
| |
75 | |
76 while (reader.BitsLeft() > kGolombMParameterBits) { | |
77 uint64_t read_prefix = 0; | |
78 if (!reader.ReadUnaryEncoding(&read_prefix)) { | |
79 VLOG(1) << "Failed reading unary-encoded prefix."; | |
80 return false; | |
81 } | |
82 if (read_prefix > (UINT64_MAX / M)) { | |
83 VLOG(1) << "Received value that would cause overflow: " << read_prefix; | |
84 return false; | |
85 } | |
86 | |
87 uint64_t r = 0; | |
88 if (!reader.ReadBits(kGolombMParameterBits, &r)) { | |
89 VLOG(1) << "Failed reading " << kGolombMParameterBits << " bits."; | |
90 return false; | |
91 } | |
92 DCHECK_LT(r, M); | |
93 | |
94 uint64_t curr_diff = read_prefix * M + r; | |
95 curr_hash += curr_diff; | |
96 | |
97 base::WriteBigEndian(hash_bytes, curr_hash); | |
98 result.push_back(std::string(hash_bytes, 8)); | |
99 } | |
100 | |
101 uncompressed_list->swap(result); | |
102 return true; | |
103 } | |
104 | |
105 PackedEVCertsWhitelist::PackedEVCertsWhitelist( | |
106 const std::string& compressed_whitelist) | |
107 : is_whitelist_valid_(false), whitelist_(NULL), whitelist_size_(0) { | |
108 std::vector<std::string> new_whitelist; | |
109 if (!UncompressEVWhitelist(compressed_whitelist, &new_whitelist)) | |
110 return; | |
111 | |
112 whitelist_ = new char[new_whitelist.size() * kCertHashLength]; | |
Ryan Sleevi
2014/10/21 22:50:25
Is there a reason that you're manually managing th
Eran Messeri
2014/10/22 10:53:26
Switched to using vector and std::binary_search.
Eran Messeri
2014/10/22 12:42:14
FWIW, using std::binary_search is twice is slow as
Ryan Sleevi
2014/10/22 19:26:58
Well, both :) More aptly the raw memory management
Eran Messeri
2014/10/22 23:32:03
Done, although in a slightly different way:
std::v
| |
113 for (size_t i = 0; i < new_whitelist.size(); ++i) { | |
114 memcpy(&(whitelist_[i * kCertHashLength]), | |
115 new_whitelist[i].c_str(), | |
116 kCertHashLength); | |
117 } | |
118 whitelist_size_ = new_whitelist.size(); | |
119 is_whitelist_valid_ = true; | |
120 } | |
121 | |
122 PackedEVCertsWhitelist::~PackedEVCertsWhitelist() { | |
123 delete[] whitelist_; | |
124 } | |
125 | |
126 bool PackedEVCertsWhitelist::ContainsCertificateHash( | |
127 const std::string& certificate_hash) const { | |
128 DCHECK(whitelist_); | |
129 return bsearch(certificate_hash.c_str(), | |
130 whitelist_, | |
131 whitelist_size_, | |
132 kCertHashLength, | |
133 hash_val_comp) != NULL; | |
134 } | |
135 | |
136 bool PackedEVCertsWhitelist::IsValid() const { | |
137 return is_whitelist_valid_; | |
138 } | |
OLD | NEW |