| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef CHROME_NACL_NACL_VALIDATION_QUERY_H_ | |
| 6 #define CHROME_NACL_NACL_VALIDATION_QUERY_H_ | |
| 7 | |
| 8 #include <string> | |
| 9 | |
| 10 #include "base/basictypes.h" | |
| 11 #include "base/strings/string_piece.h" | |
| 12 #include "crypto/hmac.h" | |
| 13 | |
| 14 struct NaClFileToken; | |
| 15 struct NaClValidationCache; | |
| 16 class NaClValidationDB; | |
| 17 class NaClValidationQuery; | |
| 18 | |
| 19 class NaClValidationQueryContext { | |
| 20 public: | |
| 21 NaClValidationQueryContext(NaClValidationDB* db, | |
| 22 const std::string& profile_key, | |
| 23 const std::string& nacl_version); | |
| 24 | |
| 25 NaClValidationQuery* CreateQuery(); | |
| 26 | |
| 27 bool ResolveFileToken(struct NaClFileToken* file_token, int32* fd, | |
| 28 std::string* path); | |
| 29 | |
| 30 private: | |
| 31 NaClValidationDB* db_; | |
| 32 | |
| 33 // A key used by HMAC that is specific to this installation of Chrome. | |
| 34 std::string profile_key_; | |
| 35 | |
| 36 // Bytes indicating the "version" of the validator being used. This is used | |
| 37 // to implicitly invalidate the cache - changing the version will change the | |
| 38 // hashes that are produced. | |
| 39 std::string nacl_version_; | |
| 40 }; | |
| 41 | |
| 42 class NaClValidationQuery { | |
| 43 public: | |
| 44 // SHA256 digest size. | |
| 45 static const size_t kDigestLength = 32; | |
| 46 | |
| 47 NaClValidationQuery(NaClValidationDB* db, const std::string& profile_key); | |
| 48 | |
| 49 void AddData(const char* data, size_t length); | |
| 50 void AddData(const unsigned char* data, size_t length); | |
| 51 void AddData(const base::StringPiece& data); | |
| 52 | |
| 53 int QueryKnownToValidate(); | |
| 54 | |
| 55 void SetKnownToValidate(); | |
| 56 | |
| 57 private: | |
| 58 enum QueryState { | |
| 59 READY, | |
| 60 GET_CALLED, | |
| 61 SET_CALLED | |
| 62 }; | |
| 63 | |
| 64 // The HMAC interface currently does not support incremental signing. To work | |
| 65 // around this, each piece of data is signed and the signature is added to a | |
| 66 // buffer. If there is not enough space in the buffer to accommodate new | |
| 67 // data, the buffer contents are signed and the new signature replaces the | |
| 68 // contents of the buffer. CompressBuffer performs this operation. In | |
| 69 // affect, a hash tree is constructed to emulate incremental signing. | |
| 70 void CompressBuffer(); | |
| 71 | |
| 72 // Track the state of the query to detect suspicious method calls. | |
| 73 QueryState state_; | |
| 74 | |
| 75 crypto::HMAC hasher_; | |
| 76 NaClValidationDB* db_; | |
| 77 | |
| 78 // The size of buffer_ is a somewhat arbitrary choice. It needs to be at | |
| 79 // at least kDigestLength * 2, but it can be arbitrarily large. In practice | |
| 80 // there are 4 calls to AddData (version, architechture, cpu features, and | |
| 81 // code), so 4 times digest length means the buffer will not need to be | |
| 82 // compressed as an intermediate step in the expected use cases. | |
| 83 char buffer_[kDigestLength * 4]; | |
| 84 size_t buffer_length_; | |
| 85 | |
| 86 DISALLOW_COPY_AND_ASSIGN(NaClValidationQuery); | |
| 87 }; | |
| 88 | |
| 89 // Create a validation cache interface for use by sel_ldr. | |
| 90 struct NaClValidationCache* CreateValidationCache( | |
| 91 NaClValidationDB* db, const std::string& profile_key, | |
| 92 const std::string& nacl_version); | |
| 93 | |
| 94 #endif // CHROME_NACL_NACL_VALIDATION_QUERY_H_ | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 16881004:
Move chrome/nacl to components/nacl. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master