Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1937)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/net/packed_ct_ev_whitelist.cc

Issue 547603002: Certificate Transparency: Code for unpacking EV cert hashes whitelist (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Removing unnecessary const Created 6 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/net/packed_ct_ev_whitelist.h ('k') | chrome/browser/net/packed_ct_ev_whitelist_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/net/packed_ct_ev_whitelist.cc
diff --git a/chrome/browser/net/packed_ct_ev_whitelist.cc b/chrome/browser/net/packed_ct_ev_whitelist.cc
new file mode 100644
index 0000000000000000000000000000000000000000..1fb07dc155a6a879e8c656f84c59ee59cc190274
--- /dev/null
+++ b/chrome/browser/net/packed_ct_ev_whitelist.cc
@@ -0,0 +1,138 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/net/packed_ct_ev_whitelist.h"
+
+#include <string.h>
+
+#include <algorithm>
+
+#include "base/big_endian.h"
+#include "base/files/file_util.h"
+#include "base/lazy_instance.h"
+#include "base/logging.h"
+#include "chrome/browser/net/bit_stream_reader.h"
+#include "content/public/browser/browser_thread.h"
+#include "net/ssl/ssl_config_service.h"
+
+namespace {
+const uint8_t kCertHashLengthBits = 64; // 8 bytes
+const uint8_t kCertHashLength = kCertHashLengthBits / 8;
+const uint64_t kGolombMParameterBits = 47; // 2^47
+
+void SetNewEVWhitelistInSSLConfigService(
+ const scoped_refptr<net::ct::EVCertsWhitelist>& new_whitelist) {
+ net::SSLConfigService::SetEVCertsWhitelist(new_whitelist);
+}
+
+int TruncatedHashesComparator(const void* v1, const void* v2) {
+ const uint64_t& h1(*(static_cast<const uint64_t*>(v1)));
+ const uint64_t& h2(*(static_cast<const uint64_t*>(v2)));
+ if (h1 < h2)
+ return -1;
+ else if (h1 > h2)
+ return 1;
+ return 0;
+}
+} // namespace
+
+void SetEVWhitelistFromFile(const base::FilePath& compressed_whitelist_file) {
+ VLOG(1) << "Setting EV whitelist from file: "
+ << compressed_whitelist_file.value();
+ std::string compressed_list;
+ if (!base::ReadFileToString(compressed_whitelist_file, &compressed_list)) {
+ VLOG(1) << "Failed reading from " << compressed_whitelist_file.value();
+ return;
+ }
+
+ scoped_refptr<net::ct::EVCertsWhitelist> new_whitelist(
+ new PackedEVCertsWhitelist(compressed_list));
+ if (!new_whitelist->IsValid()) {
+ VLOG(1) << "Failed uncompressing EV certs whitelist.";
+ return;
+ }
+
+ base::Closure assign_cb =
+ base::Bind(SetNewEVWhitelistInSSLConfigService, new_whitelist);
+ content::BrowserThread::PostTask(
+ content::BrowserThread::IO, FROM_HERE, assign_cb);
+}
+
+bool PackedEVCertsWhitelist::UncompressEVWhitelist(
+ const std::string& compressed_whitelist,
+ std::vector<uint64_t>* uncompressed_list) {
+ internal::BitStreamReader reader(base::StringPiece(
+ compressed_whitelist.data(), compressed_whitelist.size()));
+ std::vector<uint64_t> result;
+
+ VLOG(1) << "Uncompressing EV whitelist of size "
+ << compressed_whitelist.size();
+ uint64_t curr_hash(0);
+ if (!reader.ReadBits(kCertHashLengthBits, &curr_hash)) {
+ VLOG(1) << "Failed reading first hash.";
+ return false;
+ }
+ result.push_back(curr_hash);
+ // M is the tunable parameter used by the Golomb coding.
+ static const uint64_t kGolombParameterM = static_cast<uint64_t>(1)
+ << kGolombMParameterBits;
+
+ while (reader.BitsLeft() > kGolombMParameterBits) {
+ uint64_t read_prefix = 0;
+ if (!reader.ReadUnaryEncoding(&read_prefix)) {
+ VLOG(1) << "Failed reading unary-encoded prefix.";
+ return false;
+ }
+ if (read_prefix > (UINT64_MAX / kGolombParameterM)) {
+ VLOG(1) << "Received value that would cause overflow: " << read_prefix;
+ return false;
+ }
+
+ uint64_t r = 0;
+ if (!reader.ReadBits(kGolombMParameterBits, &r)) {
+ VLOG(1) << "Failed reading " << kGolombMParameterBits << " bits.";
+ return false;
+ }
+ DCHECK_LT(r, kGolombParameterM);
+
+ uint64_t curr_diff = read_prefix * kGolombParameterM + r;
+ curr_hash += curr_diff;
+
+ result.push_back(curr_hash);
+ }
+
+ uncompressed_list->swap(result);
+ return true;
+}
+
+PackedEVCertsWhitelist::PackedEVCertsWhitelist(
+ const std::string& compressed_whitelist)
+ : is_whitelist_valid_(false) {
+ if (!UncompressEVWhitelist(compressed_whitelist, &whitelist_)) {
+ whitelist_.clear();
+ return;
+ }
+
+ is_whitelist_valid_ = true;
+}
+
+PackedEVCertsWhitelist::~PackedEVCertsWhitelist() {
+}
+
+bool PackedEVCertsWhitelist::ContainsCertificateHash(
+ const std::string& certificate_hash) const {
+ DCHECK(!whitelist_.empty());
+ uint64_t hash_to_lookup;
+
+ base::ReadBigEndian(certificate_hash.data(), &hash_to_lookup);
+ return bsearch(&hash_to_lookup,
+ &whitelist_[0],
+ whitelist_.size(),
+ kCertHashLength,
+ TruncatedHashesComparator) != NULL;
+}
+
+bool PackedEVCertsWhitelist::IsValid() const {
+ return is_whitelist_valid_;
+}
« no previous file with comments | « chrome/browser/net/packed_ct_ev_whitelist.h ('k') | chrome/browser/net/packed_ct_ev_whitelist_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698