summaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorncbray@chromium.org <ncbray@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2012-03-27 00:16:47 +0000
committerncbray@chromium.org <ncbray@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2012-03-27 00:16:47 +0000
commit43866cd42bd433961d3b631ebbd9afe2ae85699f (patch)
treedec64d88f0f35f8e00a0b2850d614016b4024381 /crypto
parent000b98ddf1aca041c77865d1ba8968577a1efa35 (diff)
downloadchromium_src-43866cd42bd433961d3b631ebbd9afe2ae85699f.zip
chromium_src-43866cd42bd433961d3b631ebbd9afe2ae85699f.tar.gz
chromium_src-43866cd42bd433961d3b631ebbd9afe2ae85699f.tar.bz2
Create a database for NaCl validation caching that is shared between processes.
This change primarily entails creating a SyncChannel between sel_ldr and the browser. Queries to the database could be made from any thread inside sel_ldr, so the query mechanism needs to be thread safe. This feature is currently disabled by default, and requires an environment variable to enable. A few changes need to be made before this features is safe and can be enabled, such as making sure each installation has a unique, crypographically secure key. BUG= http://code.google.com/p/nativeclient/issues/detail?id=2515 TEST= Run NaCl w/ NACL_VALIDATION_CACHE=1 Review URL: http://codereview.chromium.org/9796006 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@129061 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'crypto')
-rw-r--r--crypto/crypto.gyp53
-rw-r--r--crypto/hmac_win.cc25
-rw-r--r--crypto/symmetric_key_win.cc13
3 files changed, 70 insertions, 21 deletions
diff --git a/crypto/crypto.gyp b/crypto/crypto.gyp
index 405ad0b..f095719 100644
--- a/crypto/crypto.gyp
+++ b/crypto/crypto.gyp
@@ -5,6 +5,19 @@
{
'variables': {
'chromium_code': 1,
+ # Put all transitive dependencies for Windows HMAC here.
+ # This is required so that we can build them for nacl win64.
+ 'hmac_win64_related_sources': [
+ 'hmac.cc',
+ 'hmac.h',
+ 'hmac_win.cc',
+ 'secure_util.cc',
+ 'secure_util.h',
+ 'symmetric_key.h',
+ 'symmetric_key_win.cc',
+ 'third_party/nss/chromium-sha256.h',
+ 'third_party/nss/sha512.cc',
+ ],
},
'targets': [
{
@@ -131,6 +144,9 @@
},],
],
'sources': [
+ # NOTE: all transitive dependencies of HMAC on windows need
+ # to be placed in the source list above.
+ '<@(hmac_win64_related_sources)',
'capi_util.cc',
'capi_util.h',
'crypto_export.h',
@@ -151,12 +167,9 @@
'encryptor_nss.cc',
'encryptor_openssl.cc',
'encryptor_win.cc',
- 'hmac.cc',
- 'hmac.h',
'hmac_mac.cc',
'hmac_nss.cc',
'hmac_openssl.cc',
- 'hmac_win.cc',
'keychain_mac.cc',
'keychain_mac.h',
'mac_security_services_lock.cc',
@@ -185,8 +198,6 @@
'secure_hash.h',
'secure_hash_default.cc',
'secure_hash_openssl.cc',
- 'secure_util.cc',
- 'secure_util.h',
'sha2.cc',
'sha2.h',
'signature_creator.h',
@@ -197,18 +208,14 @@
'signature_verifier.h',
'signature_verifier_nss.cc',
'signature_verifier_openssl.cc',
- 'symmetric_key.h',
'symmetric_key_mac.cc',
'symmetric_key_nss.cc',
'symmetric_key_openssl.cc',
- 'symmetric_key_win.cc',
'third_party/nss/chromium-blapi.h',
'third_party/nss/chromium-blapit.h',
'third_party/nss/chromium-nss.h',
- 'third_party/nss/chromium-sha256.h',
'third_party/nss/pk11akey.cc',
'third_party/nss/secsign.cc',
- 'third_party/nss/sha512.cc',
],
},
{
@@ -281,4 +288,32 @@
],
},
],
+ 'conditions': [
+ [ 'OS == "win"', {
+ 'targets': [
+ {
+ 'target_name': 'crypto_nacl_win64',
+ 'type': '<(component)',
+ 'dependencies': [
+ '../base/base.gyp:base_nacl_win64',
+ '../base/third_party/dynamic_annotations/dynamic_annotations.gyp:dynamic_annotations_win64',
+ ],
+ 'sources': [
+ '<@(hmac_win64_related_sources)',
+ ],
+ 'defines': [
+ 'CRYPTO_IMPLEMENTATION',
+ ],
+ 'msvs_disabled_warnings': [
+ 4018,
+ ],
+ 'configurations': {
+ 'Common_Base': {
+ 'msvs_target_platform': 'x64',
+ },
+ },
+ },
+ ],
+ }],
+ ],
}
diff --git a/crypto/hmac_win.cc b/crypto/hmac_win.cc
index ffd08ce8..ef3e261 100644
--- a/crypto/hmac_win.cc
+++ b/crypto/hmac_win.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -28,6 +28,19 @@ enum {
SHA256_BLOCK_SIZE = 64 // Block size (in bytes) of the input to SHA-256.
};
+// NSS doesn't accept size_t for text size, divide the data into smaller
+// chunks as needed.
+void Wrapped_SHA256_Update(SHA256Context* ctx, const unsigned char* text,
+ size_t text_len) {
+ const unsigned int kChunkSize = 1 << 30;
+ while (text_len > kChunkSize) {
+ SHA256_Update(ctx, text, kChunkSize);
+ text += kChunkSize;
+ text_len -= kChunkSize;
+ }
+ SHA256_Update(ctx, text, (unsigned int)text_len);
+}
+
// See FIPS 198: The Keyed-Hash Message Authentication Code (HMAC).
void ComputeHMACSHA256(const unsigned char* key, size_t key_len,
const unsigned char* text, size_t text_len,
@@ -38,7 +51,7 @@ void ComputeHMACSHA256(const unsigned char* key, size_t key_len,
unsigned char key0[SHA256_BLOCK_SIZE];
if (key_len > SHA256_BLOCK_SIZE) {
SHA256_Begin(&ctx);
- SHA256_Update(&ctx, key, key_len);
+ Wrapped_SHA256_Update(&ctx, key, key_len);
SHA256_End(&ctx, key0, NULL, SHA256_LENGTH);
memset(key0 + SHA256_LENGTH, 0, SHA256_BLOCK_SIZE - SHA256_LENGTH);
} else {
@@ -57,7 +70,7 @@ void ComputeHMACSHA256(const unsigned char* key, size_t key_len,
// Compute the inner hash.
SHA256_Begin(&ctx);
SHA256_Update(&ctx, padded_key, SHA256_BLOCK_SIZE);
- SHA256_Update(&ctx, text, text_len);
+ Wrapped_SHA256_Update(&ctx, text, text_len);
SHA256_End(&ctx, inner_hash, NULL, SHA256_LENGTH);
// XOR key0 with opad.
@@ -68,7 +81,7 @@ void ComputeHMACSHA256(const unsigned char* key, size_t key_len,
SHA256_Begin(&ctx);
SHA256_Update(&ctx, padded_key, SHA256_BLOCK_SIZE);
SHA256_Update(&ctx, inner_hash, SHA256_LENGTH);
- SHA256_End(&ctx, output, NULL, output_len);
+ SHA256_End(&ctx, output, NULL, (unsigned int) output_len);
}
} // namespace
@@ -138,8 +151,8 @@ bool HMAC::Init(const unsigned char* key, int key_length) {
memcpy(key_blob->key_data, key, key_length);
if (!CryptImportKey(plat_->provider_, &key_blob_storage[0],
- key_blob_storage.size(), 0, CRYPT_IPSEC_HMAC_KEY,
- plat_->key_.receive())) {
+ (DWORD)key_blob_storage.size(), 0,
+ CRYPT_IPSEC_HMAC_KEY, plat_->key_.receive())) {
NOTREACHED();
return false;
}
diff --git a/crypto/symmetric_key_win.cc b/crypto/symmetric_key_win.cc
index d2034e0..87e0bc3 100644
--- a/crypto/symmetric_key_win.cc
+++ b/crypto/symmetric_key_win.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -50,11 +50,12 @@ ALG_ID GetAESAlgIDForKeySize(size_t key_size_in_bits) {
// TODO(wtc): use this function in hmac_win.cc.
bool ImportRawKey(HCRYPTPROV provider,
ALG_ID alg,
- const void* key_data, DWORD key_size,
+ const void* key_data, size_t key_size,
ScopedHCRYPTKEY* key) {
DCHECK_GT(key_size, 0);
- DWORD actual_size = sizeof(PlaintextBlobHeader) + key_size;
+ DWORD actual_size =
+ static_cast<DWORD>(sizeof(PlaintextBlobHeader) + key_size);
std::vector<BYTE> tmp_data(actual_size);
BYTE* actual_key = &tmp_data[0];
memcpy(actual_key + sizeof(PlaintextBlobHeader), key_data, key_size);
@@ -66,7 +67,7 @@ bool ImportRawKey(HCRYPTPROV provider,
key_header->hdr.bVersion = CUR_BLOB_VERSION;
key_header->hdr.aiKeyAlg = alg;
- key_header->cbKeySize = key_size;
+ key_header->cbKeySize = static_cast<DWORD>(key_size);
HCRYPTKEY unsafe_key = NULL;
DWORD flags = CRYPT_EXPORTABLE;
@@ -184,7 +185,7 @@ bool GenerateHMACKey(size_t key_size_in_bits,
if (!ok)
return false;
- DWORD key_size_in_bytes = key_size_in_bits / 8;
+ DWORD key_size_in_bytes = static_cast<DWORD>(key_size_in_bits / 8);
scoped_array<BYTE> random(new BYTE[key_size_in_bytes]);
ok = CryptGenRandom(safe_provider, key_size_in_bytes, random.get());
if (!ok)
@@ -258,7 +259,7 @@ bool ComputePBKDF2Block(HCRYPTHASH hash,
// Iteration U_1: Compute PRF for S.
ok = CryptHashData(safe_hash, reinterpret_cast<const BYTE*>(salt.data()),
- salt.size(), 0);
+ static_cast<DWORD>(salt.size()), 0);
if (!ok)
return false;