| [email protected] | 2a172e4 | 2014-02-21 04:06:10 | [diff] [blame] | 1 | // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #ifndef COMPONENTS_RAPPOR_BYTE_VECTOR_UTILS_H_ |
| 6 | #define COMPONENTS_RAPPOR_BYTE_VECTOR_UTILS_H_ |
| 7 | |
| 8 | #include <vector> |
| 9 | |
| 10 | #include "base/basictypes.h" |
| [email protected] | ccb4926 | 2014-03-26 04:10:17 | [diff] [blame] | 11 | #include "base/macros.h" |
| [email protected] | 2a172e4 | 2014-02-21 04:06:10 | [diff] [blame] | 12 | #include "components/rappor/rappor_parameters.h" |
| 13 | #include "crypto/hmac.h" |
| 14 | |
| 15 | namespace rappor { |
| 16 | |
| 17 | // A vector of 8-bit integers used to store a set of binary bits. |
| 18 | typedef std::vector<uint8_t> ByteVector; |
| 19 | |
| 20 | // Computes a bitwise OR of byte vectors and stores the result in rhs. |
| 21 | // Returns rhs for chaining. |
| 22 | ByteVector* ByteVectorOr(const ByteVector& lhs, ByteVector* rhs); |
| 23 | |
| 24 | // Merges the contents of lhs and rhs vectors according to a mask vector. |
| 25 | // The i-th bit of the result vector will be the i-th bit of either the lhs |
| 26 | // or rhs vector, based on the i-th bit of the mask vector. |
| 27 | // Equivalent to (lhs & ~mask) | (rhs & mask). Stores the result in rhs. |
| 28 | // Returns rhs for chaining. |
| 29 | ByteVector* ByteVectorMerge(const ByteVector& mask, |
| 30 | const ByteVector& lhs, |
| 31 | ByteVector* rhs); |
| 32 | |
| 33 | // Counts the number of bits set in the byte vector. |
| 34 | int CountBits(const ByteVector& vector); |
| 35 | |
| 36 | // A utility object for generating random binary data with different |
| 37 | // likelihood of bits being true, using entropy from crypto::RandBytes(). |
| 38 | class ByteVectorGenerator { |
| 39 | public: |
| 40 | explicit ByteVectorGenerator(size_t byte_count); |
| 41 | |
| 42 | ~ByteVectorGenerator(); |
| 43 | |
| 44 | // Generates a random byte vector where the bits are independent random |
| 45 | // variables which are true with the given |probability|. |
| 46 | ByteVector GetWeightedRandomByteVector(Probability probability); |
| 47 | |
| 48 | protected: |
| 49 | // Size of vectors to be generated. |
| 50 | size_t byte_count() const { return byte_count_; } |
| 51 | |
| 52 | // Generates a random vector of bytes from a uniform distribution. |
| 53 | virtual ByteVector GetRandomByteVector(); |
| 54 | |
| 55 | private: |
| 56 | size_t byte_count_; |
| 57 | |
| 58 | DISALLOW_COPY_AND_ASSIGN(ByteVectorGenerator); |
| 59 | }; |
| 60 | |
| 61 | // A ByteVectorGenerator that uses a psuedo-random function to generate a |
| 62 | // deterministically random bits. This class only implements a single request |
| 63 | // from HMAC_DRBG and streams up to 2^19 bits from that request. |
| 64 | // Ref: http://csrc.nist.gov/publications/nistpubs/800-90A/SP800-90A.pdf |
| 65 | // We're using our own PRNG instead of crypto::RandBytes because we need to |
| 66 | // generate a repeatable sequence of bits from the same seed. Conservatively, |
| 67 | // we're choosing to use HMAC_DRBG here, as it is one of the best studied |
| 68 | // and standardized ways of generating deterministic, unpredictable sequences |
| 69 | // based on a secret seed. |
| 70 | class HmacByteVectorGenerator : public ByteVectorGenerator { |
| 71 | public: |
| 72 | // Constructor takes the size of the vector to generate, along with a |
| 73 | // |entropy_input| and |personalization_string| to seed the pseudo-random |
| 74 | // number generator. The string parameters are treated as byte arrays. |
| 75 | HmacByteVectorGenerator(size_t byte_count, |
| 76 | const std::string& entropy_input, |
| 77 | const std::string& personalization_string); |
| 78 | |
| 79 | ~HmacByteVectorGenerator(); |
| 80 | |
| 81 | // Generates a random string suitable for passing to the constructor as |
| 82 | // |entropy_input|. |
| 83 | static std::string GenerateEntropyInput(); |
| 84 | |
| 85 | // Key size required for 128-bit security strength (including nonce). |
| 86 | static const size_t kEntropyInputSize; |
| 87 | |
| 88 | protected: |
| 89 | // Generate byte vector generator that streams from the next request instead |
| 90 | // of the current one. For testing against NIST test vectors only. |
| 91 | explicit HmacByteVectorGenerator(const HmacByteVectorGenerator& prev_request); |
| 92 | |
| 93 | // ByteVector implementation: |
| 94 | virtual ByteVector GetRandomByteVector() OVERRIDE; |
| 95 | |
| 96 | private: |
| 97 | // HMAC initalized with the value of "Key" HMAC_DRBG_Initialize. |
| 98 | crypto::HMAC hmac_; |
| 99 | |
| 100 | // The "V" value from HMAC_DRBG. |
| 101 | ByteVector value_; |
| 102 | |
| 103 | // Total number of bytes streamed from the HMAC_DRBG Generate Process. |
| 104 | size_t generated_bytes_; |
| 105 | |
| 106 | DISALLOW_ASSIGN(HmacByteVectorGenerator); |
| 107 | }; |
| 108 | |
| 109 | } // namespace rappor |
| 110 | |
| 111 | #endif // COMPONENTS_RAPPOR_BYTE_VECTOR_UTILS_H_ |
