Perform ClientHello padding if the field trial is enabled

chrome/browser/net/ssl_config_service_manager_pref.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 #include "chrome/browser/net/ssl_config_service_manager.h"
 
 #include <algorithm>
 #include <string>
 #include <vector>
 
 #include "base/basictypes.h"
 #include "base/bind.h"
 #include "base/metrics/field_trial.h"
 #include "base/prefs/pref_change_registrar.h"
 #include "base/prefs/pref_member.h"
 #include "base/prefs/pref_registry_simple.h"
 #include "base/prefs/pref_service.h"
 #include "chrome/browser/chrome_notification_types.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/pref_names.h"
 #include "components/content_settings/core/browser/content_settings_utils.h"
 #include "components/content_settings/core/common/content_settings.h"
+#include "components/google/core/browser/google_util.h"
 #include "content/public/browser/browser_thread.h"
 #include "net/socket/ssl_client_socket.h"
 #include "net/ssl/ssl_cipher_suite_names.h"
 #include "net/ssl/ssl_config_service.h"
+#include "url/gurl.h"
 
 using content::BrowserThread;
 
 namespace {
 
+// Field trial for ClientHello padding.
+const char kClientHelloFieldTrialName[] = "FastRadioPadding";
+const char kClientHelloFieldTrialEnabledGroupName[] = "Enabled";
+
 // Converts a ListValue of StringValues into a vector of strings. Any Values
 // which cannot be converted will be skipped.
 std::vector<std::string> ListValueToStringVector(const base::ListValue* value) {
   std::vector<std::string> results;
   results.reserve(value->GetSize());
   std::string s;
   for (base::ListValue::const_iterator it = value->begin(); it != value->end();
        ++it) {
     if (!(*it)->GetAsString(&s))
       continue;
@@ skipping 48 matching lines @@
 // An SSLConfigService which stores a cached version of the current SSLConfig
 // prefs, which are updated by SSLConfigServiceManagerPref when the prefs
 // change.
 class SSLConfigServicePref : public net::SSLConfigService {
  public:
   SSLConfigServicePref() {}
 
   // Store SSL config settings in |config|. Must only be called from IO thread.
   void GetSSLConfig(net::SSLConfig* config) override;
 
+  bool SupportsFastradioPadding(const GURL& url) override;
+
  private:
   // Allow the pref watcher to update our internal state.
   friend class SSLConfigServiceManagerPref;
 
   ~SSLConfigServicePref() override {}
 
   // This method is posted to the IO thread from the browser thread to carry the
   // new config information.
   void SetNewSSLConfig(const net::SSLConfig& new_config);
 
   // Cached value of prefs, should only be accessed from IO thread.
   net::SSLConfig cached_config_;
 
   DISALLOW_COPY_AND_ASSIGN(SSLConfigServicePref);
 };
 
 void SSLConfigServicePref::GetSSLConfig(net::SSLConfig* config) {
   *config = cached_config_;
 }
 
+bool SSLConfigServicePref::SupportsFastradioPadding(const GURL& url) {

[Ryan Sleevi, 2015/02/09 19:42:34]

Should this be FastRadioPadding? "fastradio" isn't one word, is it?

[jeremyim, 2015/02/09 21:32:15]

The BoringSSL function is SSL_enable_fastradio_padding, which implies that it is
one word.

+  return google_util::IsGoogleHostname(url.host(),
+                                       google_util::ALLOW_SUBDOMAIN);
+}
+
 void SSLConfigServicePref::SetNewSSLConfig(
     const net::SSLConfig& new_config) {
   net::SSLConfig orig_config = cached_config_;
   cached_config_ = new_config;
   ProcessConfigUpdate(orig_config, new_config);
 }
 
 ////////////////////////////////////////////////////////////////////////////////
 //  SSLConfigServiceManagerPref
 
@@ skipping 150 matching lines @@
   if (version_max) {
     uint16 supported_version_max = config->version_max;
     config->version_max = std::min(supported_version_max, version_max);
   }
   if (version_fallback_min) {
     config->version_fallback_min = version_fallback_min;
   }
   config->disabled_cipher_suites = disabled_cipher_suites_;
   // disabling False Start also happens to disable record splitting.
   config->false_start_enabled = !ssl_record_splitting_disabled_.GetValue();
+
+  base::StringPiece group =
+      base::FieldTrialList::FindFullName(kClientHelloFieldTrialName);
+  if (group.starts_with(kClientHelloFieldTrialEnabledGroupName)) {

[Ryan Sleevi, 2015/02/09 19:42:34]

Why is this .starts_with and not ==?

[jeremyim, 2015/02/09 21:32:15]

In case there is a reason to have multiple "Enabled" experiment groups; at least
in io_thread.cc the usage seems to be split between starts_with and ==.

+    config->fastradio_padding_enabled = true;
+  }
 }
 
 void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange(
     PrefService* local_state) {
   const base::ListValue* value =
       local_state->GetList(prefs::kCipherSuiteBlacklist);
   disabled_cipher_suites_ = ParseCipherSuites(ListValueToStringVector(value));
 }
 
 ////////////////////////////////////////////////////////////////////////////////
 //  SSLConfigServiceManager
 
 // static
 SSLConfigServiceManager* SSLConfigServiceManager::CreateDefaultManager(
     PrefService* local_state) {
   return new SSLConfigServiceManagerPref(local_state);
 }
 
 // static
 void SSLConfigServiceManager::RegisterPrefs(PrefRegistrySimple* registry) {
   SSLConfigServiceManagerPref::RegisterPrefs(registry);
 }