summaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authornduca@google.com <nduca@google.com@0039d316-1c4b-4281-b951-d872f2087c98>2012-03-27 00:59:39 +0000
committernduca@google.com <nduca@google.com@0039d316-1c4b-4281-b951-d872f2087c98>2012-03-27 00:59:39 +0000
commitd29b3a8948b3ae214d3fefcb61ecfb000762a282 (patch)
tree945fdff2ab8b501f01fde0d63984f0d55f43b5ab /crypto
parent42f06f9ca2fe07018a88994569f87373a7c6c578 (diff)
downloadchromium_src-d29b3a8948b3ae214d3fefcb61ecfb000762a282.zip
chromium_src-d29b3a8948b3ae214d3fefcb61ecfb000762a282.tar.gz
chromium_src-d29b3a8948b3ae214d3fefcb61ecfb000762a282.tar.bz2
Revert 129061 - Create a database for NaCl validation caching that is shared between processes.
Reverted due to perf regression, see http://chromegw.corp.google.com/i/chromium/builders/Linux%20x64/builds/25780 This change primarily entails creating a SyncChannel between sel_ldr and the browser. Queries to the database could be made from any thread inside sel_ldr, so the query mechanism needs to be thread safe. This feature is currently disabled by default, and requires an environment variable to enable. A few changes need to be made before this features is safe and can be enabled, such as making sure each installation has a unique, crypographically secure key. BUG= http://code.google.com/p/nativeclient/issues/detail?id=2515 TEST= Run NaCl w/ NACL_VALIDATION_CACHE=1 Review URL: http://codereview.chromium.org/9796006 TBR=ncbray@chromium.org Review URL: https://chromiumcodereview.appspot.com/9808113 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@129077 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'crypto')
-rw-r--r--crypto/crypto.gyp53
-rw-r--r--crypto/hmac_win.cc25
-rw-r--r--crypto/symmetric_key_win.cc13
3 files changed, 21 insertions, 70 deletions
diff --git a/crypto/crypto.gyp b/crypto/crypto.gyp
index f095719..405ad0b 100644
--- a/crypto/crypto.gyp
+++ b/crypto/crypto.gyp
@@ -5,19 +5,6 @@
{
'variables': {
'chromium_code': 1,
- # Put all transitive dependencies for Windows HMAC here.
- # This is required so that we can build them for nacl win64.
- 'hmac_win64_related_sources': [
- 'hmac.cc',
- 'hmac.h',
- 'hmac_win.cc',
- 'secure_util.cc',
- 'secure_util.h',
- 'symmetric_key.h',
- 'symmetric_key_win.cc',
- 'third_party/nss/chromium-sha256.h',
- 'third_party/nss/sha512.cc',
- ],
},
'targets': [
{
@@ -144,9 +131,6 @@
},],
],
'sources': [
- # NOTE: all transitive dependencies of HMAC on windows need
- # to be placed in the source list above.
- '<@(hmac_win64_related_sources)',
'capi_util.cc',
'capi_util.h',
'crypto_export.h',
@@ -167,9 +151,12 @@
'encryptor_nss.cc',
'encryptor_openssl.cc',
'encryptor_win.cc',
+ 'hmac.cc',
+ 'hmac.h',
'hmac_mac.cc',
'hmac_nss.cc',
'hmac_openssl.cc',
+ 'hmac_win.cc',
'keychain_mac.cc',
'keychain_mac.h',
'mac_security_services_lock.cc',
@@ -198,6 +185,8 @@
'secure_hash.h',
'secure_hash_default.cc',
'secure_hash_openssl.cc',
+ 'secure_util.cc',
+ 'secure_util.h',
'sha2.cc',
'sha2.h',
'signature_creator.h',
@@ -208,14 +197,18 @@
'signature_verifier.h',
'signature_verifier_nss.cc',
'signature_verifier_openssl.cc',
+ 'symmetric_key.h',
'symmetric_key_mac.cc',
'symmetric_key_nss.cc',
'symmetric_key_openssl.cc',
+ 'symmetric_key_win.cc',
'third_party/nss/chromium-blapi.h',
'third_party/nss/chromium-blapit.h',
'third_party/nss/chromium-nss.h',
+ 'third_party/nss/chromium-sha256.h',
'third_party/nss/pk11akey.cc',
'third_party/nss/secsign.cc',
+ 'third_party/nss/sha512.cc',
],
},
{
@@ -288,32 +281,4 @@
],
},
],
- 'conditions': [
- [ 'OS == "win"', {
- 'targets': [
- {
- 'target_name': 'crypto_nacl_win64',
- 'type': '<(component)',
- 'dependencies': [
- '../base/base.gyp:base_nacl_win64',
- '../base/third_party/dynamic_annotations/dynamic_annotations.gyp:dynamic_annotations_win64',
- ],
- 'sources': [
- '<@(hmac_win64_related_sources)',
- ],
- 'defines': [
- 'CRYPTO_IMPLEMENTATION',
- ],
- 'msvs_disabled_warnings': [
- 4018,
- ],
- 'configurations': {
- 'Common_Base': {
- 'msvs_target_platform': 'x64',
- },
- },
- },
- ],
- }],
- ],
}
diff --git a/crypto/hmac_win.cc b/crypto/hmac_win.cc
index ef3e261..ffd08ce8 100644
--- a/crypto/hmac_win.cc
+++ b/crypto/hmac_win.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -28,19 +28,6 @@ enum {
SHA256_BLOCK_SIZE = 64 // Block size (in bytes) of the input to SHA-256.
};
-// NSS doesn't accept size_t for text size, divide the data into smaller
-// chunks as needed.
-void Wrapped_SHA256_Update(SHA256Context* ctx, const unsigned char* text,
- size_t text_len) {
- const unsigned int kChunkSize = 1 << 30;
- while (text_len > kChunkSize) {
- SHA256_Update(ctx, text, kChunkSize);
- text += kChunkSize;
- text_len -= kChunkSize;
- }
- SHA256_Update(ctx, text, (unsigned int)text_len);
-}
-
// See FIPS 198: The Keyed-Hash Message Authentication Code (HMAC).
void ComputeHMACSHA256(const unsigned char* key, size_t key_len,
const unsigned char* text, size_t text_len,
@@ -51,7 +38,7 @@ void ComputeHMACSHA256(const unsigned char* key, size_t key_len,
unsigned char key0[SHA256_BLOCK_SIZE];
if (key_len > SHA256_BLOCK_SIZE) {
SHA256_Begin(&ctx);
- Wrapped_SHA256_Update(&ctx, key, key_len);
+ SHA256_Update(&ctx, key, key_len);
SHA256_End(&ctx, key0, NULL, SHA256_LENGTH);
memset(key0 + SHA256_LENGTH, 0, SHA256_BLOCK_SIZE - SHA256_LENGTH);
} else {
@@ -70,7 +57,7 @@ void ComputeHMACSHA256(const unsigned char* key, size_t key_len,
// Compute the inner hash.
SHA256_Begin(&ctx);
SHA256_Update(&ctx, padded_key, SHA256_BLOCK_SIZE);
- Wrapped_SHA256_Update(&ctx, text, text_len);
+ SHA256_Update(&ctx, text, text_len);
SHA256_End(&ctx, inner_hash, NULL, SHA256_LENGTH);
// XOR key0 with opad.
@@ -81,7 +68,7 @@ void ComputeHMACSHA256(const unsigned char* key, size_t key_len,
SHA256_Begin(&ctx);
SHA256_Update(&ctx, padded_key, SHA256_BLOCK_SIZE);
SHA256_Update(&ctx, inner_hash, SHA256_LENGTH);
- SHA256_End(&ctx, output, NULL, (unsigned int) output_len);
+ SHA256_End(&ctx, output, NULL, output_len);
}
} // namespace
@@ -151,8 +138,8 @@ bool HMAC::Init(const unsigned char* key, int key_length) {
memcpy(key_blob->key_data, key, key_length);
if (!CryptImportKey(plat_->provider_, &key_blob_storage[0],
- (DWORD)key_blob_storage.size(), 0,
- CRYPT_IPSEC_HMAC_KEY, plat_->key_.receive())) {
+ key_blob_storage.size(), 0, CRYPT_IPSEC_HMAC_KEY,
+ plat_->key_.receive())) {
NOTREACHED();
return false;
}
diff --git a/crypto/symmetric_key_win.cc b/crypto/symmetric_key_win.cc
index 87e0bc3..d2034e0 100644
--- a/crypto/symmetric_key_win.cc
+++ b/crypto/symmetric_key_win.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -50,12 +50,11 @@ ALG_ID GetAESAlgIDForKeySize(size_t key_size_in_bits) {
// TODO(wtc): use this function in hmac_win.cc.
bool ImportRawKey(HCRYPTPROV provider,
ALG_ID alg,
- const void* key_data, size_t key_size,
+ const void* key_data, DWORD key_size,
ScopedHCRYPTKEY* key) {
DCHECK_GT(key_size, 0);
- DWORD actual_size =
- static_cast<DWORD>(sizeof(PlaintextBlobHeader) + key_size);
+ DWORD actual_size = sizeof(PlaintextBlobHeader) + key_size;
std::vector<BYTE> tmp_data(actual_size);
BYTE* actual_key = &tmp_data[0];
memcpy(actual_key + sizeof(PlaintextBlobHeader), key_data, key_size);
@@ -67,7 +66,7 @@ bool ImportRawKey(HCRYPTPROV provider,
key_header->hdr.bVersion = CUR_BLOB_VERSION;
key_header->hdr.aiKeyAlg = alg;
- key_header->cbKeySize = static_cast<DWORD>(key_size);
+ key_header->cbKeySize = key_size;
HCRYPTKEY unsafe_key = NULL;
DWORD flags = CRYPT_EXPORTABLE;
@@ -185,7 +184,7 @@ bool GenerateHMACKey(size_t key_size_in_bits,
if (!ok)
return false;
- DWORD key_size_in_bytes = static_cast<DWORD>(key_size_in_bits / 8);
+ DWORD key_size_in_bytes = key_size_in_bits / 8;
scoped_array<BYTE> random(new BYTE[key_size_in_bytes]);
ok = CryptGenRandom(safe_provider, key_size_in_bytes, random.get());
if (!ok)
@@ -259,7 +258,7 @@ bool ComputePBKDF2Block(HCRYPTHASH hash,
// Iteration U_1: Compute PRF for S.
ok = CryptHashData(safe_hash, reinterpret_cast<const BYTE*>(salt.data()),
- static_cast<DWORD>(salt.size()), 0);
+ salt.size(), 0);
if (!ok)
return false;