diff options
author | ncbray@chromium.org <ncbray@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-03-27 00:16:47 +0000 |
---|---|---|
committer | ncbray@chromium.org <ncbray@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-03-27 00:16:47 +0000 |
commit | 43866cd42bd433961d3b631ebbd9afe2ae85699f (patch) | |
tree | dec64d88f0f35f8e00a0b2850d614016b4024381 /crypto/hmac_win.cc | |
parent | 000b98ddf1aca041c77865d1ba8968577a1efa35 (diff) | |
download | chromium_src-43866cd42bd433961d3b631ebbd9afe2ae85699f.zip chromium_src-43866cd42bd433961d3b631ebbd9afe2ae85699f.tar.gz chromium_src-43866cd42bd433961d3b631ebbd9afe2ae85699f.tar.bz2 |
Create a database for NaCl validation caching that is shared between processes.
This change primarily entails creating a SyncChannel between sel_ldr and the
browser. Queries to the database could be made from any thread inside sel_ldr,
so the query mechanism needs to be thread safe.
This feature is currently disabled by default, and requires an environment
variable to enable. A few changes need to be made before this features is safe
and can be enabled, such as making sure each installation has a unique,
crypographically secure key.
BUG= http://code.google.com/p/nativeclient/issues/detail?id=2515
TEST= Run NaCl w/ NACL_VALIDATION_CACHE=1
Review URL: http://codereview.chromium.org/9796006
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@129061 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'crypto/hmac_win.cc')
-rw-r--r-- | crypto/hmac_win.cc | 25 |
1 files changed, 19 insertions, 6 deletions
diff --git a/crypto/hmac_win.cc b/crypto/hmac_win.cc index ffd08ce8..ef3e261 100644 --- a/crypto/hmac_win.cc +++ b/crypto/hmac_win.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2011 The Chromium Authors. All rights reserved. +// Copyright (c) 2012 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -28,6 +28,19 @@ enum { SHA256_BLOCK_SIZE = 64 // Block size (in bytes) of the input to SHA-256. }; +// NSS doesn't accept size_t for text size, divide the data into smaller +// chunks as needed. +void Wrapped_SHA256_Update(SHA256Context* ctx, const unsigned char* text, + size_t text_len) { + const unsigned int kChunkSize = 1 << 30; + while (text_len > kChunkSize) { + SHA256_Update(ctx, text, kChunkSize); + text += kChunkSize; + text_len -= kChunkSize; + } + SHA256_Update(ctx, text, (unsigned int)text_len); +} + // See FIPS 198: The Keyed-Hash Message Authentication Code (HMAC). void ComputeHMACSHA256(const unsigned char* key, size_t key_len, const unsigned char* text, size_t text_len, @@ -38,7 +51,7 @@ void ComputeHMACSHA256(const unsigned char* key, size_t key_len, unsigned char key0[SHA256_BLOCK_SIZE]; if (key_len > SHA256_BLOCK_SIZE) { SHA256_Begin(&ctx); - SHA256_Update(&ctx, key, key_len); + Wrapped_SHA256_Update(&ctx, key, key_len); SHA256_End(&ctx, key0, NULL, SHA256_LENGTH); memset(key0 + SHA256_LENGTH, 0, SHA256_BLOCK_SIZE - SHA256_LENGTH); } else { @@ -57,7 +70,7 @@ void ComputeHMACSHA256(const unsigned char* key, size_t key_len, // Compute the inner hash. SHA256_Begin(&ctx); SHA256_Update(&ctx, padded_key, SHA256_BLOCK_SIZE); - SHA256_Update(&ctx, text, text_len); + Wrapped_SHA256_Update(&ctx, text, text_len); SHA256_End(&ctx, inner_hash, NULL, SHA256_LENGTH); // XOR key0 with opad. @@ -68,7 +81,7 @@ void ComputeHMACSHA256(const unsigned char* key, size_t key_len, SHA256_Begin(&ctx); SHA256_Update(&ctx, padded_key, SHA256_BLOCK_SIZE); SHA256_Update(&ctx, inner_hash, SHA256_LENGTH); - SHA256_End(&ctx, output, NULL, output_len); + SHA256_End(&ctx, output, NULL, (unsigned int) output_len); } } // namespace @@ -138,8 +151,8 @@ bool HMAC::Init(const unsigned char* key, int key_length) { memcpy(key_blob->key_data, key, key_length); if (!CryptImportKey(plat_->provider_, &key_blob_storage[0], - key_blob_storage.size(), 0, CRYPT_IPSEC_HMAC_KEY, - plat_->key_.receive())) { + (DWORD)key_blob_storage.size(), 0, + CRYPT_IPSEC_HMAC_KEY, plat_->key_.receive())) { NOTREACHED(); return false; } |