components/nacl/loader/nacl_validation_query.h

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef COMPONENTS_NACL_LOADER_NACL_VALIDATION_QUERY_H_
   6 #define COMPONENTS_NACL_LOADER_NACL_VALIDATION_QUERY_H_
   7
   8 #include <string>
   9
  10 #include "base/basictypes.h"
  11 #include "base/strings/string_piece.h"
  12 #include "crypto/hmac.h"
  13
  14 struct NaClValidationCache;
  15 class NaClValidationDB;
  16 class NaClValidationQuery;
  17
  18 class NaClValidationQueryContext {
  19  public:
  20   NaClValidationQueryContext(NaClValidationDB* db,
  21                              const std::string& profile_key,
  22                              const std::string& nacl_version);
  23
  24   NaClValidationQuery* CreateQuery();
  25
  26  private:
  27   NaClValidationDB* db_;
  28
  29   // A key used by HMAC that is specific to this installation of Chrome.
  30   std::string profile_key_;
  31
  32   // Bytes indicating the "version" of the validator being used.  This is used
  33   // to implicitly invalidate the cache - changing the version will change the
  34   // hashes that are produced.
  35   std::string nacl_version_;
  36 };
  37
  38 class NaClValidationQuery {
  39  public:
  40   // SHA256 digest size.
  41   static const size_t kDigestLength = 32;
  42
  43   NaClValidationQuery(NaClValidationDB* db, const std::string& profile_key);
  44
  45   void AddData(const char* data, size_t length);
  46   void AddData(const unsigned char* data, size_t length);
  47   void AddData(const base::StringPiece& data);
  48
  49   int QueryKnownToValidate();
  50
  51   void SetKnownToValidate();
  52
  53  private:
  54   enum QueryState {
  55     READY,
  56     GET_CALLED,
  57     SET_CALLED
  58   };
  59
  60   // The HMAC interface currently does not support incremental signing.  To work
  61   // around this, each piece of data is signed and the signature is added to a
  62   // buffer.  If there is not enough space in the buffer to accommodate new
  63   // data, the buffer contents are signed and the new signature replaces the
  64   // contents of the buffer.  CompressBuffer performs this operation.  In
  65   // affect, a hash tree is constructed to emulate incremental signing.
  66   void CompressBuffer();
  67
  68   // Track the state of the query to detect suspicious method calls.
  69   QueryState state_;
  70
  71   crypto::HMAC hasher_;
  72   NaClValidationDB* db_;
  73
  74   // The size of buffer_ is a somewhat arbitrary choice.  It needs to be at
  75   // at least kDigestLength * 2, but it can be arbitrarily large.  In practice
  76   // there are 4 calls to AddData (version, architechture, cpu features, and
  77   // code), so 4 times digest length means the buffer will not need to be
  78   // compressed as an intermediate step in the expected use cases.
  79   char buffer_[kDigestLength * 4];
  80   size_t buffer_length_;
  81
  82   DISALLOW_COPY_AND_ASSIGN(NaClValidationQuery);
  83 };
  84
  85 // Create a validation cache interface for use by sel_ldr.
  86 struct NaClValidationCache* CreateValidationCache(
  87     NaClValidationDB* db, const std::string& profile_key,
  88     const std::string& nacl_version);
  89
  90 #endif  // COMPONENTS_NACL_LOADER_NACL_VALIDATION_QUERY_H_