Reland - Create a database for NaCl validation caching that is shared between processes.

Originally reverted in 129077 due to perf regression. Followup commit will fix up expectations.
http://chromegw.corp.google.com/i/chromium/builders/Linux%20x64/builds/25780

This change primarily entails creating a SyncChannel between sel_ldr and the
browser.  Queries to the database could be made from any thread inside sel_ldr,
so the query mechanism needs to be thread safe.

This feature is currently disabled by default, and requires an environment
variable to enable.  A few changes need to be made before this features is safe
and can be enabled, such as making sure each installation has a unique,
crypographically secure key.

BUG= http://code.google.com/p/nativeclient/issues/detail?id=2515
TEST= Run NaCl w/ NACL_VALIDATION_CACHE=1


Review URL: http://codereview.chromium.org/9796006

TBR=ncbray@chromium.org
Review URL: https://chromiumcodereview.appspot.com/9808113

TBR=nduca@google.com
Review URL: https://chromiumcodereview.appspot.com/9860020

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@129082 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 19 insertions, 6 deletions

diff --git a/crypto/hmac_win.cc b/crypto/hmac_win.cc
index ffd08ce8..ef3e261 100644
--- a/crypto/hmac_win.cc
+++ b/crypto/hmac_win.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -28,6 +28,19 @@ enum {
   SHA256_BLOCK_SIZE = 64  // Block size (in bytes) of the input to SHA-256.
 };
 
+// NSS doesn't accept size_t for text size, divide the data into smaller
+// chunks as needed.
+void Wrapped_SHA256_Update(SHA256Context* ctx, const unsigned char* text,
+                           size_t text_len) {
+  const unsigned int kChunkSize = 1 << 30;
+  while (text_len > kChunkSize) {
+    SHA256_Update(ctx, text, kChunkSize);
+    text += kChunkSize;
+    text_len -= kChunkSize;
+  }
+  SHA256_Update(ctx, text, (unsigned int)text_len);
+}
+
 // See FIPS 198: The Keyed-Hash Message Authentication Code (HMAC).
 void ComputeHMACSHA256(const unsigned char* key, size_t key_len,
                        const unsigned char* text, size_t text_len,
@@ -38,7 +51,7 @@ void ComputeHMACSHA256(const unsigned char* key, size_t key_len,
   unsigned char key0[SHA256_BLOCK_SIZE];
   if (key_len > SHA256_BLOCK_SIZE) {
     SHA256_Begin(&ctx);
-    SHA256_Update(&ctx, key, key_len);
+    Wrapped_SHA256_Update(&ctx, key, key_len);
     SHA256_End(&ctx, key0, NULL, SHA256_LENGTH);
     memset(key0 + SHA256_LENGTH, 0, SHA256_BLOCK_SIZE - SHA256_LENGTH);
   } else {
@@ -57,7 +70,7 @@ void ComputeHMACSHA256(const unsigned char* key, size_t key_len,
   // Compute the inner hash.
   SHA256_Begin(&ctx);
   SHA256_Update(&ctx, padded_key, SHA256_BLOCK_SIZE);
-  SHA256_Update(&ctx, text, text_len);
+  Wrapped_SHA256_Update(&ctx, text, text_len);
   SHA256_End(&ctx, inner_hash, NULL, SHA256_LENGTH);
 
   // XOR key0 with opad.
@@ -68,7 +81,7 @@ void ComputeHMACSHA256(const unsigned char* key, size_t key_len,
   SHA256_Begin(&ctx);
   SHA256_Update(&ctx, padded_key, SHA256_BLOCK_SIZE);
   SHA256_Update(&ctx, inner_hash, SHA256_LENGTH);
-  SHA256_End(&ctx, output, NULL, output_len);
+  SHA256_End(&ctx, output, NULL, (unsigned int) output_len);
 }
 
 }  // namespace
@@ -138,8 +151,8 @@ bool HMAC::Init(const unsigned char* key, int key_length) {
   memcpy(key_blob->key_data, key, key_length);
 
   if (!CryptImportKey(plat_->provider_, &key_blob_storage[0],
-                      key_blob_storage.size(), 0, CRYPT_IPSEC_HMAC_KEY,
-                      plat_->key_.receive())) {
+                      (DWORD)key_blob_storage.size(), 0,
+                      CRYPT_IPSEC_HMAC_KEY, plat_->key_.receive())) {
     NOTREACHED();
     return false;
   }