net/base/ssl_false_start_blacklist.h - chromium/src - Git at Google

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef NET_BASE_SSL_FALSE_START_BLACKLIST_H_
 #define NET_BASE_SSL_FALSE_START_BLACKLIST_H_

 #include "base/basictypes.h"
 #include "net/base/net_api.h"

 namespace net {

 // SSLFalseStartBlacklist is a set of domains which we believe to be intolerant
 // to TLS False Start. Because this set is several hundred long, it's
 // precompiled by the code in ssl_false_start_blacklist_process.cc into a hash
 // table for fast lookups.
 class SSLFalseStartBlacklist {
  public:
   // IsMember returns true if the given host is in the blacklist.
   //   host: a DNS name in dotted form (i.e. "www.example.com")
   NET_TEST static bool IsMember(const char* host);

   // Hash returns the modified djb2 hash of the given string.
   static unsigned Hash(const char* str) {
     // This is inline because the code which generates the hash table needs to
     // use it. However, the generating code cannot link against
     // ssl_false_start_blacklist.cc because that needs the tables which it
     // generates.
     const unsigned char* in = reinterpret_cast<const unsigned char*>(str);
     unsigned hash = 5381;
     unsigned char c;

     while ((c = *in++))
       hash = ((hash << 5) + hash) ^ c;
     return hash;
   }

   // LastTwoLabels returns a pointer within |host| to the last two labels of
   // |host|. For example, if |host| is "a.b.c.d" then LastTwoLabels will return
   // "c.d".
   //   host: a DNS name in dotted form.
   //   returns: NULL on error, otherwise a pointer inside |host|.
   static const char* LastTwoLabels(const char* host) {
     // See comment in |Hash| for why this function is inline.
     const size_t len = strlen(host);
     if (len == 0)
       return NULL;

     unsigned dots_found = 0;
     size_t i;
     for (i = len - 1; i < len; i--) {
       if (host[i] == '.') {
         dots_found++;
         if (dots_found == 2) {
           i++;
           break;
         }
       }
     }

     if (i > len)
       i = 0;

     if (dots_found == 0)
       return NULL;  // no names with less than two labels are in the blacklist.
     if (dots_found == 1) {
       if (host[0] == '.')
         return NULL;  // ditto
     }

     return &host[i];
   }

   // This is the number of buckets in the blacklist hash table. (Must be a
   // power of two).
   static const unsigned kBuckets = 128;

  private:
   // The following two members are defined in
   // ssl_false_start_blacklist_data.cc, which is generated by
   // ssl_false_start_blacklist_process.cc

   // kHashTable contains an offset into |kHashData| for each bucket. The
   // additional element at the end contains the length of |kHashData|.
   static const uint32 kHashTable[kBuckets + 1];
   // kHashData contains the contents of the hash table. |kHashTable| indexes
   // into this array. Each bucket consists of zero or more, 8-bit length
   // prefixed strings. Each string is a DNS name in dotted form. For a given
   // string x, x and *.x are considered to be in the blacklist. In order to
   // assign a string to a hash bucket, the last two labels (not including the
   // root label) are hashed. Thus, the bucket for "www.example.com" is
   // Hash("example.com"). No names that are less than two labels long are
   // included in the blacklist.
   static const char kHashData[];
 };

 }  // namespace net

 #endif  // NET_BASE_SSL_FALSE_START_BLACKLIST_H_
	// Copyright (c) 2011 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef NET_BASE_SSL_FALSE_START_BLACKLIST_H_
	#define NET_BASE_SSL_FALSE_START_BLACKLIST_H_

	#include "base/basictypes.h"
	#include "net/base/net_api.h"

	namespace net {

	// SSLFalseStartBlacklist is a set of domains which we believe to be intolerant
	// to TLS False Start. Because this set is several hundred long, it's
	// precompiled by the code in ssl_false_start_blacklist_process.cc into a hash
	// table for fast lookups.
	class SSLFalseStartBlacklist {
	public:
	// IsMember returns true if the given host is in the blacklist.
	// host: a DNS name in dotted form (i.e. "www.example.com")
	NET_TEST static bool IsMember(const char* host);

	// Hash returns the modified djb2 hash of the given string.
	static unsigned Hash(const char* str) {
	// This is inline because the code which generates the hash table needs to
	// use it. However, the generating code cannot link against
	// ssl_false_start_blacklist.cc because that needs the tables which it
	// generates.
	const unsigned char* in = reinterpret_cast<const unsigned char*>(str);
	unsigned hash = 5381;
	unsigned char c;

	while ((c = *in++))
	hash = ((hash << 5) + hash) ^ c;
	return hash;
	}

	// LastTwoLabels returns a pointer within \|host\| to the last two labels of
	// \|host\|. For example, if \|host\| is "a.b.c.d" then LastTwoLabels will return
	// "c.d".
	// host: a DNS name in dotted form.
	// returns: NULL on error, otherwise a pointer inside \|host\|.
	static const char* LastTwoLabels(const char* host) {
	// See comment in \|Hash\| for why this function is inline.
	const size_t len = strlen(host);
	if (len == 0)
	return NULL;

	unsigned dots_found = 0;
	size_t i;
	for (i = len - 1; i < len; i--) {
	if (host[i] == '.') {
	dots_found++;
	if (dots_found == 2) {
	i++;
	break;
	}
	}
	}

	if (i > len)
	i = 0;

	if (dots_found == 0)
	return NULL; // no names with less than two labels are in the blacklist.
	if (dots_found == 1) {
	if (host[0] == '.')
	return NULL; // ditto
	}

	return &host[i];
	}

	// This is the number of buckets in the blacklist hash table. (Must be a
	// power of two).
	static const unsigned kBuckets = 128;

	private:
	// The following two members are defined in
	// ssl_false_start_blacklist_data.cc, which is generated by
	// ssl_false_start_blacklist_process.cc

	// kHashTable contains an offset into \|kHashData\| for each bucket. The
	// additional element at the end contains the length of \|kHashData\|.
	static const uint32 kHashTable[kBuckets + 1];
	// kHashData contains the contents of the hash table. \|kHashTable\| indexes
	// into this array. Each bucket consists of zero or more, 8-bit length
	// prefixed strings. Each string is a DNS name in dotted form. For a given
	// string x, x and *.x are considered to be in the blacklist. In order to
	// assign a string to a hash bucket, the last two labels (not including the
	// root label) are hashed. Thus, the bucket for "www.example.com" is
	// Hash("example.com"). No names that are less than two labels long are
	// included in the blacklist.
	static const char kHashData[];
	};

	} // namespace net

	#endif // NET_BASE_SSL_FALSE_START_BLACKLIST_H_