Home | History | Annotate | Download | only in rappor 
      1 // Copyright 2014 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "components/rappor/rappor_metric.h"
      6 
      7 #include "base/logging.h"
      8 #include "base/rand_util.h"
      9 
     10 namespace rappor {
     11 
     12 RapporMetric::RapporMetric(const std::string& metric_name,
     13                            const RapporParameters& parameters,
     14                            int32_t cohort_seed)
     15     : metric_name_(metric_name),
     16       parameters_(parameters),
     17       sample_count_(0),
     18       bloom_filter_(parameters.bloom_filter_size_bytes,
     19                     parameters.bloom_filter_hash_function_count,
     20                     (cohort_seed % parameters.num_cohorts) *
     21                         parameters.bloom_filter_hash_function_count) {
     22   DCHECK_GE(cohort_seed, 0);
     23   DCHECK_LT(cohort_seed, RapporParameters::kMaxCohorts);
     24 }
     25 
     26 RapporMetric::~RapporMetric() {}
     27 
     28 void RapporMetric::AddSample(const std::string& str) {
     29   ++sample_count_;
     30   // Replace the previous sample with a 1 in sample_count_ chance so that each
     31   // sample has equal probability of being reported.
     32   if (base::RandGenerator(sample_count_) == 0) {
     33     bloom_filter_.SetString(str);
     34   }
     35 }
     36 
     37 ByteVector RapporMetric::GetReport(const std::string& secret) const {
     38   // Generate a deterministically random mask of fake data using the
     39   // client's secret key + real data as a seed.  The inclusion of the secret
     40   // in the seed avoids correlations between real and fake data.
     41   // The seed isn't a human-readable string.
     42   const std::string personalization_string = metric_name_ +
     43       std::string(bytes().begin(), bytes().end());
     44   HmacByteVectorGenerator hmac_generator(bytes().size(), secret,
     45                                          personalization_string);
     46   const ByteVector fake_mask =
     47       hmac_generator.GetWeightedRandomByteVector(parameters().fake_prob);
     48   ByteVector fake_bits =
     49       hmac_generator.GetWeightedRandomByteVector(parameters().fake_one_prob);
     50 
     51   // Redact most of the real data by replacing it with the fake data, hiding
     52   // and limiting the amount of information an individual client reports on.
     53   const ByteVector* fake_and_redacted_bits =
     54       ByteVectorMerge(fake_mask, bytes(), &fake_bits);
     55 
     56   // Generate biased coin flips for each bit.
     57   ByteVectorGenerator coin_generator(bytes().size());
     58   const ByteVector zero_coins =
     59       coin_generator.GetWeightedRandomByteVector(parameters().zero_coin_prob);
     60   ByteVector one_coins =
     61       coin_generator.GetWeightedRandomByteVector(parameters().one_coin_prob);
     62 
     63   // Create a randomized response report on the fake and redacted data, sending
     64   // the outcome of flipping a zero coin for the zero bits in that data, and of
     65   // flipping a one coin for the one bits in that data, as the final report.
     66   return *ByteVectorMerge(*fake_and_redacted_bits, zero_coins, &one_coins);
     67 }
     68 
     69 void RapporMetric::SetBytesForTesting(const ByteVector& bytes) {
     70   bloom_filter_.SetBytesForTesting(bytes);
     71 }
     72 
     73 }  // namespace rappor
     74