diff options
author | nduca@google.com <nduca@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-03-27 01:15:30 +0000 |
---|---|---|
committer | nduca@google.com <nduca@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-03-27 01:15:30 +0000 |
commit | 4a0141bbf9e39c67ea759dd7e565a6c615673761 (patch) | |
tree | 57264504dfd822dc30eae1b9ebdeaeead858405d /crypto | |
parent | 43cfea7b76f709f6b76db6930af4294d5ac15827 (diff) | |
download | chromium_src-4a0141bbf9e39c67ea759dd7e565a6c615673761.zip chromium_src-4a0141bbf9e39c67ea759dd7e565a6c615673761.tar.gz chromium_src-4a0141bbf9e39c67ea759dd7e565a6c615673761.tar.bz2 |
Reland - Create a database for NaCl validation caching that is shared between processes.
Originally reverted in 129077 due to perf regression. Followup commit will fix up expectations.
http://chromegw.corp.google.com/i/chromium/builders/Linux%20x64/builds/25780
This change primarily entails creating a SyncChannel between sel_ldr and the
browser. Queries to the database could be made from any thread inside sel_ldr,
so the query mechanism needs to be thread safe.
This feature is currently disabled by default, and requires an environment
variable to enable. A few changes need to be made before this features is safe
and can be enabled, such as making sure each installation has a unique,
crypographically secure key.
BUG= http://code.google.com/p/nativeclient/issues/detail?id=2515
TEST= Run NaCl w/ NACL_VALIDATION_CACHE=1
Review URL: http://codereview.chromium.org/9796006
TBR=ncbray@chromium.org
Review URL: https://chromiumcodereview.appspot.com/9808113
TBR=nduca@google.com
Review URL: https://chromiumcodereview.appspot.com/9860020
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@129082 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/crypto.gyp | 53 | ||||
-rw-r--r-- | crypto/hmac_win.cc | 25 | ||||
-rw-r--r-- | crypto/symmetric_key_win.cc | 13 |
3 files changed, 70 insertions, 21 deletions
diff --git a/crypto/crypto.gyp b/crypto/crypto.gyp index 405ad0b..f095719 100644 --- a/crypto/crypto.gyp +++ b/crypto/crypto.gyp @@ -5,6 +5,19 @@ { 'variables': { 'chromium_code': 1, + # Put all transitive dependencies for Windows HMAC here. + # This is required so that we can build them for nacl win64. + 'hmac_win64_related_sources': [ + 'hmac.cc', + 'hmac.h', + 'hmac_win.cc', + 'secure_util.cc', + 'secure_util.h', + 'symmetric_key.h', + 'symmetric_key_win.cc', + 'third_party/nss/chromium-sha256.h', + 'third_party/nss/sha512.cc', + ], }, 'targets': [ { @@ -131,6 +144,9 @@ },], ], 'sources': [ + # NOTE: all transitive dependencies of HMAC on windows need + # to be placed in the source list above. + '<@(hmac_win64_related_sources)', 'capi_util.cc', 'capi_util.h', 'crypto_export.h', @@ -151,12 +167,9 @@ 'encryptor_nss.cc', 'encryptor_openssl.cc', 'encryptor_win.cc', - 'hmac.cc', - 'hmac.h', 'hmac_mac.cc', 'hmac_nss.cc', 'hmac_openssl.cc', - 'hmac_win.cc', 'keychain_mac.cc', 'keychain_mac.h', 'mac_security_services_lock.cc', @@ -185,8 +198,6 @@ 'secure_hash.h', 'secure_hash_default.cc', 'secure_hash_openssl.cc', - 'secure_util.cc', - 'secure_util.h', 'sha2.cc', 'sha2.h', 'signature_creator.h', @@ -197,18 +208,14 @@ 'signature_verifier.h', 'signature_verifier_nss.cc', 'signature_verifier_openssl.cc', - 'symmetric_key.h', 'symmetric_key_mac.cc', 'symmetric_key_nss.cc', 'symmetric_key_openssl.cc', - 'symmetric_key_win.cc', 'third_party/nss/chromium-blapi.h', 'third_party/nss/chromium-blapit.h', 'third_party/nss/chromium-nss.h', - 'third_party/nss/chromium-sha256.h', 'third_party/nss/pk11akey.cc', 'third_party/nss/secsign.cc', - 'third_party/nss/sha512.cc', ], }, { @@ -281,4 +288,32 @@ ], }, ], + 'conditions': [ + [ 'OS == "win"', { + 'targets': [ + { + 'target_name': 'crypto_nacl_win64', + 'type': '<(component)', + 'dependencies': [ + '../base/base.gyp:base_nacl_win64', + '../base/third_party/dynamic_annotations/dynamic_annotations.gyp:dynamic_annotations_win64', + ], + 'sources': [ + '<@(hmac_win64_related_sources)', + ], + 'defines': [ + 'CRYPTO_IMPLEMENTATION', + ], + 'msvs_disabled_warnings': [ + 4018, + ], + 'configurations': { + 'Common_Base': { + 'msvs_target_platform': 'x64', + }, + }, + }, + ], + }], + ], } diff --git a/crypto/hmac_win.cc b/crypto/hmac_win.cc index ffd08ce8..ef3e261 100644 --- a/crypto/hmac_win.cc +++ b/crypto/hmac_win.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2011 The Chromium Authors. All rights reserved. +// Copyright (c) 2012 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -28,6 +28,19 @@ enum { SHA256_BLOCK_SIZE = 64 // Block size (in bytes) of the input to SHA-256. }; +// NSS doesn't accept size_t for text size, divide the data into smaller +// chunks as needed. +void Wrapped_SHA256_Update(SHA256Context* ctx, const unsigned char* text, + size_t text_len) { + const unsigned int kChunkSize = 1 << 30; + while (text_len > kChunkSize) { + SHA256_Update(ctx, text, kChunkSize); + text += kChunkSize; + text_len -= kChunkSize; + } + SHA256_Update(ctx, text, (unsigned int)text_len); +} + // See FIPS 198: The Keyed-Hash Message Authentication Code (HMAC). void ComputeHMACSHA256(const unsigned char* key, size_t key_len, const unsigned char* text, size_t text_len, @@ -38,7 +51,7 @@ void ComputeHMACSHA256(const unsigned char* key, size_t key_len, unsigned char key0[SHA256_BLOCK_SIZE]; if (key_len > SHA256_BLOCK_SIZE) { SHA256_Begin(&ctx); - SHA256_Update(&ctx, key, key_len); + Wrapped_SHA256_Update(&ctx, key, key_len); SHA256_End(&ctx, key0, NULL, SHA256_LENGTH); memset(key0 + SHA256_LENGTH, 0, SHA256_BLOCK_SIZE - SHA256_LENGTH); } else { @@ -57,7 +70,7 @@ void ComputeHMACSHA256(const unsigned char* key, size_t key_len, // Compute the inner hash. SHA256_Begin(&ctx); SHA256_Update(&ctx, padded_key, SHA256_BLOCK_SIZE); - SHA256_Update(&ctx, text, text_len); + Wrapped_SHA256_Update(&ctx, text, text_len); SHA256_End(&ctx, inner_hash, NULL, SHA256_LENGTH); // XOR key0 with opad. @@ -68,7 +81,7 @@ void ComputeHMACSHA256(const unsigned char* key, size_t key_len, SHA256_Begin(&ctx); SHA256_Update(&ctx, padded_key, SHA256_BLOCK_SIZE); SHA256_Update(&ctx, inner_hash, SHA256_LENGTH); - SHA256_End(&ctx, output, NULL, output_len); + SHA256_End(&ctx, output, NULL, (unsigned int) output_len); } } // namespace @@ -138,8 +151,8 @@ bool HMAC::Init(const unsigned char* key, int key_length) { memcpy(key_blob->key_data, key, key_length); if (!CryptImportKey(plat_->provider_, &key_blob_storage[0], - key_blob_storage.size(), 0, CRYPT_IPSEC_HMAC_KEY, - plat_->key_.receive())) { + (DWORD)key_blob_storage.size(), 0, + CRYPT_IPSEC_HMAC_KEY, plat_->key_.receive())) { NOTREACHED(); return false; } diff --git a/crypto/symmetric_key_win.cc b/crypto/symmetric_key_win.cc index d2034e0..87e0bc3 100644 --- a/crypto/symmetric_key_win.cc +++ b/crypto/symmetric_key_win.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2011 The Chromium Authors. All rights reserved. +// Copyright (c) 2012 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -50,11 +50,12 @@ ALG_ID GetAESAlgIDForKeySize(size_t key_size_in_bits) { // TODO(wtc): use this function in hmac_win.cc. bool ImportRawKey(HCRYPTPROV provider, ALG_ID alg, - const void* key_data, DWORD key_size, + const void* key_data, size_t key_size, ScopedHCRYPTKEY* key) { DCHECK_GT(key_size, 0); - DWORD actual_size = sizeof(PlaintextBlobHeader) + key_size; + DWORD actual_size = + static_cast<DWORD>(sizeof(PlaintextBlobHeader) + key_size); std::vector<BYTE> tmp_data(actual_size); BYTE* actual_key = &tmp_data[0]; memcpy(actual_key + sizeof(PlaintextBlobHeader), key_data, key_size); @@ -66,7 +67,7 @@ bool ImportRawKey(HCRYPTPROV provider, key_header->hdr.bVersion = CUR_BLOB_VERSION; key_header->hdr.aiKeyAlg = alg; - key_header->cbKeySize = key_size; + key_header->cbKeySize = static_cast<DWORD>(key_size); HCRYPTKEY unsafe_key = NULL; DWORD flags = CRYPT_EXPORTABLE; @@ -184,7 +185,7 @@ bool GenerateHMACKey(size_t key_size_in_bits, if (!ok) return false; - DWORD key_size_in_bytes = key_size_in_bits / 8; + DWORD key_size_in_bytes = static_cast<DWORD>(key_size_in_bits / 8); scoped_array<BYTE> random(new BYTE[key_size_in_bytes]); ok = CryptGenRandom(safe_provider, key_size_in_bytes, random.get()); if (!ok) @@ -258,7 +259,7 @@ bool ComputePBKDF2Block(HCRYPTHASH hash, // Iteration U_1: Compute PRF for S. ok = CryptHashData(safe_hash, reinterpret_cast<const BYTE*>(salt.data()), - salt.size(), 0); + static_cast<DWORD>(salt.size()), 0); if (!ok) return false; |