• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2013 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "components/nacl/loader/nacl_validation_query.h"
6 
7 #include <stdint.h>
8 #include <string.h>
9 
10 #include "base/check.h"
11 #include "components/nacl/loader/nacl_validation_db.h"
12 #include "crypto/nss_util.h"
13 #include "native_client/src/public/validation_cache.h"
14 
NaClValidationQueryContext(NaClValidationDB * db,const std::string & profile_key,const std::string & nacl_version)15 NaClValidationQueryContext::NaClValidationQueryContext(
16     NaClValidationDB* db,
17     const std::string& profile_key,
18     const std::string& nacl_version)
19     : db_(db),
20       profile_key_(profile_key),
21       nacl_version_(nacl_version) {
22 
23   // Sanity checks.
24   CHECK(profile_key.length() >= 8);
25   CHECK(nacl_version.length() >= 4);
26 }
27 
CreateQuery()28 NaClValidationQuery* NaClValidationQueryContext::CreateQuery() {
29   NaClValidationQuery* query = new NaClValidationQuery(db_, profile_key_);
30   // Changing the version effectively invalidates existing hashes.
31   query->AddData(nacl_version_);
32   return query;
33 }
34 
NaClValidationQuery(NaClValidationDB * db,const std::string & profile_key)35 NaClValidationQuery::NaClValidationQuery(NaClValidationDB* db,
36                                          const std::string& profile_key)
37     : state_(READY),
38       hasher_(crypto::HMAC::SHA256),
39       db_(db),
40       buffer_length_(0) {
41   CHECK(hasher_.Init(profile_key));
42 }
43 
AddData(const char * data,size_t length)44 void NaClValidationQuery::AddData(const char* data, size_t length) {
45   CHECK(state_ == READY);
46   CHECK(buffer_length_ <= sizeof(buffer_));
47   // Chrome's HMAC class doesn't support incremental signing.  Work around
48   // this by using a (small) temporary buffer to accumulate data.
49   // Check if there is space in the buffer.
50   if (buffer_length_ + kDigestLength > sizeof(buffer_)) {
51     // Hash the buffer to make space.
52     CompressBuffer();
53   }
54   // Hash the input data into the buffer.  Assumes that sizeof(buffer_) >=
55   // kDigestLength * 2 (the buffer can store at least two digests.)
56   CHECK(hasher_.Sign(base::StringPiece(data, length),
57                      reinterpret_cast<unsigned char*>(buffer_ + buffer_length_),
58                      kDigestLength));
59   buffer_length_ += kDigestLength;
60 }
61 
AddData(const unsigned char * data,size_t length)62 void NaClValidationQuery::AddData(const unsigned char* data, size_t length) {
63   AddData(reinterpret_cast<const char*>(data), length);
64 }
65 
AddData(const base::StringPiece & data)66 void NaClValidationQuery::AddData(const base::StringPiece& data) {
67   AddData(data.data(), data.length());
68 }
69 
QueryKnownToValidate()70 int NaClValidationQuery::QueryKnownToValidate() {
71   CHECK(state_ == READY);
72   // It is suspicious if we have less than a digest's worth of data.
73   CHECK(buffer_length_ >= kDigestLength);
74   CHECK(buffer_length_ <= sizeof(buffer_));
75   state_ = GET_CALLED;
76   // Ensure the buffer contains only one digest worth of data.
77   CompressBuffer();
78   return db_->QueryKnownToValidate(std::string(buffer_, buffer_length_));
79 }
80 
SetKnownToValidate()81 void NaClValidationQuery::SetKnownToValidate() {
82   CHECK(state_ == GET_CALLED);
83   CHECK(buffer_length_ == kDigestLength);
84   state_ = SET_CALLED;
85   db_->SetKnownToValidate(std::string(buffer_, buffer_length_));
86 }
87 
88 // Reduce the size of the data in the buffer by hashing it and writing it back
89 // to the buffer.
CompressBuffer()90 void NaClValidationQuery::CompressBuffer() {
91   // Calculate the digest into a temp buffer.  It is likely safe to calculate it
92   // directly back into the buffer, but this is an "accidental" semantic we're
93   // avoiding depending on.
94   unsigned char temp[kDigestLength];
95   CHECK(hasher_.Sign(base::StringPiece(buffer_, buffer_length_), temp,
96                      kDigestLength));
97   memcpy(buffer_, temp, kDigestLength);
98   buffer_length_ = kDigestLength;
99 }
100 
101 // OO wrappers
102 
CreateQuery(void * handle)103 static void* CreateQuery(void* handle) {
104   return static_cast<NaClValidationQueryContext*>(handle)->CreateQuery();
105 }
106 
AddData(void * query,const uint8_t * data,size_t length)107 static void AddData(void* query, const uint8_t* data, size_t length) {
108   static_cast<NaClValidationQuery*>(query)->AddData(data, length);
109 }
110 
QueryKnownToValidate(void * query)111 static int QueryKnownToValidate(void* query) {
112   return static_cast<NaClValidationQuery*>(query)->QueryKnownToValidate();
113 }
114 
SetKnownToValidate(void * query)115 static void SetKnownToValidate(void* query) {
116   static_cast<NaClValidationQuery*>(query)->SetKnownToValidate();
117 }
118 
DestroyQuery(void * query)119 static void DestroyQuery(void* query) {
120   delete static_cast<NaClValidationQuery*>(query);
121 }
122 
CreateValidationCache(NaClValidationDB * db,const std::string & profile_key,const std::string & nacl_version)123 struct NaClValidationCache* CreateValidationCache(
124     NaClValidationDB* db, const std::string& profile_key,
125     const std::string& nacl_version) {
126   NaClValidationCache* cache =
127       static_cast<NaClValidationCache*>(malloc(sizeof(NaClValidationCache)));
128   // Make sure any fields introduced in a cross-repo change are zeroed.
129   memset(cache, 0, sizeof(*cache));
130   cache->handle = new NaClValidationQueryContext(db, profile_key, nacl_version);
131   cache->CreateQuery = CreateQuery;
132   cache->AddData = AddData;
133   cache->QueryKnownToValidate = QueryKnownToValidate;
134   cache->SetKnownToValidate = SetKnownToValidate;
135   cache->DestroyQuery = DestroyQuery;
136   return cache;
137 }
138