chrome/browser/net/packed_ct_ev_whitelist.cc - Issue 547603002: Certificate Transparency: Code for unpacking EV cert hashes whitelist

Side by Side Diff: chrome/browser/net/packed_ct_ev_whitelist.cc

Issue 547603002: Certificate Transparency: Code for unpacking EV cert hashes whitelist (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Addressing review comments. Created 6 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 // Copyright 2014 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "chrome/browser/net/packed_ct_ev_whitelist.h"

	6

	7 #include <string.h>

	8

	9 #include <algorithm>

	10

	11 #include "base/big_endian.h"

	12 #include "base/files/file_util.h"

	13 #include "base/lazy_instance.h"

	14 #include "base/logging.h"

	15 #include "chrome/browser/net/bit_stream_reader.h"

	16 #include "content/public/browser/browser_thread.h"

	17 #include "net/ssl/ssl_config_service.h"

	18

	19 namespace {

	20 const uint8_t kCertHashLengthBits = 64; // 8 bytes

	21 const uint64_t kGolombMParameterBits = 47; // 2^47

	22

	23 void SetNewEVWhitelistInSSLConfigService(

	24 const scoped_refptr<net::ct::EVCertsWhitelist>& new_whitelist) {

	25 net::SSLConfigService::SetEVCertsWhitelist(new_whitelist);

	26 }

	27

	28 } // namespace

	29

	30 void SetEVWhitelistFromFile(const base::FilePath& compressed_whitelist_file) {

	31 VLOG(1) << "Setting EV whitelist from file: "

	32 << compressed_whitelist_file.value();

	33 std::string compressed_list;

	34 if (!base::ReadFileToString(compressed_whitelist_file, &compressed_list)) {

	35 VLOG(1) << "Failed reading from " << compressed_whitelist_file.value();

	36 return;

	37 }

	38

	39 scoped_refptr<net::ct::EVCertsWhitelist> new_whitelist(

	40 new PackedEVCertsWhitelist(compressed_list));

	41 if (!new_whitelist->IsValid()) {

	42 VLOG(1) << "Failed uncompressing EV certs whitelist.";

	43 return;

	44 }

	45

	46 base::Callback<void(void)> assign_cb =

	47 base::Bind(SetNewEVWhitelistInSSLConfigService, new_whitelist);

	48 content::BrowserThread::PostTask(

	49 content::BrowserThread::IO, FROM_HERE, assign_cb);

	50 }

	51

	52 bool PackedEVCertsWhitelist::UncompressEVWhitelist(

	53 const std::string& compressed_whitelist,

	54 std::vector<std::string>* uncompressed_list) {

	55 internal::BitStreamReader reader(base::StringPiece(

	56 compressed_whitelist.data(), compressed_whitelist.size()));

	57 std::vector<std::string> result;

	58

	59 VLOG(1) << "Uncompressing EV whitelist of size "

	60 << compressed_whitelist.size();

	61 uint64_t curr_hash(0);

	62 if (!reader.ReadBits(kCertHashLengthBits, &curr_hash)) {

	63 VLOG(1) << "Failed reading first hash.";

	64 return false;

	65 }

	66 char hash_bytes[8];

	67 base::WriteBigEndian(hash_bytes, curr_hash);

	68 result.push_back(std::string(hash_bytes, 8));

	69 // M is the tunable parameter used by the Golomb coding.

	70 static const uint64_t M = static_cast<uint64_t>(1) << kGolombMParameterBits;

	71

	72 while (reader.BitsLeft() > kGolombMParameterBits) {

	73 uint64_t read_prefix = 0;

	74 if (!reader.ReadUnaryEncoding(&read_prefix)) {

	75 VLOG(1) << "Failed reading unary-encoded prefix.";

	76 return false;

	77 }

	78 if (read_prefix > (UINT64_MAX / M)) {

	79 VLOG(1) << "Received value that would cause overflow: " << read_prefix;

	80 return false;

	81 }

	82

	83 uint64_t r = 0;

	84 if (!reader.ReadBits(kGolombMParameterBits, &r)) {

	85 VLOG(1) << "Failed reading " << kGolombMParameterBits << " bits.";

	86 return false;

	87 }

	88 DCHECK_LT(r, M);

	89

	90 uint64_t curr_diff = read_prefix * M + r;

	91 curr_hash += curr_diff;

	92

	93 base::WriteBigEndian(hash_bytes, curr_hash);

	94 result.push_back(std::string(hash_bytes, 8));
	Ryan Sleevi 2014/10/22 19:26:58 This 8 is duplicated on lines 68 and 66. Perhaps t This 8 is duplicated on lines 68 and 66. Perhaps this should be a constant (kHashSize) ? Eran Messeri 2014/10/22 23:32:03 Done. Show quoted text On 2014/10/22 19:26:58, Ryan Sleevi wrote: > This 8 is duplicated on lines 68 and 66. Perhaps this should be a constant > (kHashSize) ? Done.
	95 }

	96

	97 uncompressed_list->swap(result);

	98 return true;

	99 }

	100

	101 PackedEVCertsWhitelist::PackedEVCertsWhitelist(

	102 const std::string& compressed_whitelist)

	103 : is_whitelist_valid_(false) {

	104 if (!UncompressEVWhitelist(compressed_whitelist, &whitelist_)) {

	105 whitelist_.clear();

	106 return;

	107 }

	108

	109 is_whitelist_valid_ = true;

	110 }

	111

	112 PackedEVCertsWhitelist::~PackedEVCertsWhitelist() {

	113 }

	114

	115 bool PackedEVCertsWhitelist::ContainsCertificateHash(

	116 const std::string& certificate_hash) const {

	117 DCHECK(!whitelist_.empty());

	118 return std::binary_search(

	119 whitelist_.begin(), whitelist_.end(), certificate_hash);

	120 }

	121

	122 bool PackedEVCertsWhitelist::IsValid() const {

	123 return is_whitelist_valid_;

	124 }

OLD	NEW

« chrome/browser/net/bit_stream_reader.h ('K') | « chrome/browser/net/packed_ct_ev_whitelist.h ('k') | chrome/browser/net/packed_ct_ev_whitelist_unittest.cc » ('j') | no next file with comments »