Abstracts SHA256 context for NSS / OpenSSL.

Stubs out SslServerSocket for OpenSSL.

BUG=none
TEST=Sha256Test.TestContext (and compiles with openssl flag).

Review URL: http://codereview.chromium.org/6276002

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@72782 0039d316-1c4b-4281-b951-d872f2087c98

base/base.gyp

@@ -71,6 +71,7 @@
         'crypto/encryptor_unittest.cc',
         'crypto/rsa_private_key_unittest.cc',
         'crypto/rsa_private_key_nss_unittest.cc',
+        'crypto/secure_hash_unittest.cc',
         'crypto/signature_creator_unittest.cc',
         'crypto/signature_verifier_unittest.cc',
         'crypto/symmetric_key_unittest.cc',

base/base.gypi

@@ -524,6 +524,7 @@
             'sources!': [
               'crypto/encryptor_nss.cc',
               'crypto/rsa_private_key_nss.cc',
+              'crypto/secure_hash_nss.cc',
               'crypto/signature_creator_nss.cc',
               'crypto/signature_verifier_nss.cc',
               'crypto/symmetric_key_nss.cc',
@@ -543,6 +544,7 @@
             'sources!': [
               'crypto/encryptor_openssl.cc',
               'crypto/rsa_private_key_openssl.cc',
+              'crypto/secure_hash_openssl.cc',
               'crypto/signature_creator_openssl.cc',
               'crypto/signature_verifier_openssl.cc',
               'crypto/symmetric_key_openssl.cc',
@@ -570,6 +572,9 @@
         'crypto/rsa_private_key_nss.cc',
         'crypto/rsa_private_key_openssl.cc',
         'crypto/rsa_private_key_win.cc',
+        'crypto/secure_hash.h',
+        'crypto/secure_hash_nss.cc',
+        'crypto/secure_hash_openssl.cc',
         'crypto/signature_creator.h',
         'crypto/signature_creator_mac.cc',
         'crypto/signature_creator_nss.cc',

base/crypto/secure_hash.h

+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef BASE_CRYPTO_SECURE_HASH_H_
+#define BASE_CRYPTO_SECURE_HASH_H_
+#pragma once
+
+#include "base/basictypes.h"
+
+namespace base {
+
+// A wrapper to calculate secure hashes incrementally, allowing to
+// be used when the full input is not known in advance.
+class SecureHash {
+ public:
+  enum Algorithm {
+    SHA256,
+  };
+  virtual ~SecureHash() {}
+
+  static SecureHash* Create(Algorithm type);
+
+  virtual void Update(const void* input, size_t len) = 0;
+  virtual void Finish(void* output, size_t len) = 0;
+
+ protected:
+  SecureHash() {}
+
+ private:
+  DISALLOW_COPY_AND_ASSIGN(SecureHash);
+};
+
+}  // namespace base
+
+#endif  // BASE_CRYPTO_SECURE_HASH_H_

base/crypto/secure_hash_nss.cc

+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/crypto/secure_hash.h"
+
+#include "base/logging.h"
+#include "base/third_party/nss/blapi.h"
+#include "base/third_party/nss/sha256.h"
+
+namespace base {
+
+namespace {
+
+class SecureHashSHA256NSS : public SecureHash {
+ public:
+  SecureHashSHA256NSS() {
+    SHA256_Begin(&ctx_);
+  }
+
+  virtual ~SecureHashSHA256NSS() {
+  }
+
+  virtual void Update(const void* input, size_t len) {
+    SHA256_Update(&ctx_, static_cast<const unsigned char*>(input), len);
+  }
+
+  virtual void Finish(void* output, size_t len) {
+    SHA256_End(&ctx_, static_cast<unsigned char*>(output), NULL,
+               static_cast<unsigned int>(len));
+  }
+
+ private:
+  SHA256Context ctx_;
+};
+
+}  // namespace
+
+SecureHash* SecureHash::Create(Algorithm algorithm) {
+  switch (algorithm) {
+    case SHA256:
+      return new SecureHashSHA256NSS();
+    default:
+      NOTIMPLEMENTED();
+      return NULL;
+  }
+}
+
+}  // namespace base

base/crypto/secure_hash_openssl.cc

+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/crypto/secure_hash.h"
+
+#include <openssl/ssl.h>
+
+#include "base/basictypes.h"
+#include "base/logging.h"
+#include "base/openssl_util.h"
+
+namespace base {
+
+namespace {
+
+class SecureHashSHA256OpenSSL : public SecureHash {
+ public:
+  SecureHashSHA256OpenSSL() {
+    SHA256_Init(&ctx_);
+  }
+
+  virtual ~SecureHashSHA256OpenSSL() {
+    OPENSSL_cleanse(&ctx_, sizeof(ctx_));
+  }
+
+  virtual void Update(const void* input, size_t len) {
+    SHA256_Update(&ctx_, static_cast<const unsigned char*>(input), len);
+  }
+
+  virtual void Finish(void* output, size_t len) {
+    ScopedOpenSSLSafeSizeBuffer<SHA256_DIGEST_LENGTH> result(
+        static_cast<unsigned char*>(output), len);
+    SHA256_Final(result.safe_buffer(), &ctx_);
+  }
+
+ private:
+  SHA256_CTX ctx_;
+};
+
+}  // namespace
+
+SecureHash* SecureHash::Create(Algorithm algorithm) {
+  switch (algorithm) {
+    case SHA256:
+      return new SecureHashSHA256OpenSSL();
+    default:
+      NOTIMPLEMENTED();
+      return NULL;
+  }
+}
+
+}  // namespace base

base/crypto/secure_hash_unittest.cc

+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/crypto/secure_hash.h"
+
+#include "base/basictypes.h"
+#include "base/scoped_ptr.h"
+#include "base/sha2.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+TEST(SecureHashTest, TestUpdate) {
+  // Example B.3 from FIPS 180-2: long message.
+  std::string input3(500000, 'a');  // 'a' repeated half a million times
+  int expected3[] = { 0xcd, 0xc7, 0x6e, 0x5c,
+                      0x99, 0x14, 0xfb, 0x92,
+                      0x81, 0xa1, 0xc7, 0xe2,
+                      0x84, 0xd7, 0x3e, 0x67,
+                      0xf1, 0x80, 0x9a, 0x48,
+                      0xa4, 0x97, 0x20, 0x0e,
+                      0x04, 0x6d, 0x39, 0xcc,
+                      0xc7, 0x11, 0x2c, 0xd0 };
+
+  uint8 output3[base::SHA256_LENGTH];
+
+  scoped_ptr<base::SecureHash> ctx(base::SecureHash::Create(
+      base::SecureHash::SHA256));
+  ctx->Update(input3.data(), input3.size());
+  ctx->Update(input3.data(), input3.size());
+
+  ctx->Finish(output3, sizeof(output3));
+  for (size_t i = 0; i < base::SHA256_LENGTH; i++)
+    EXPECT_EQ(expected3[i], static_cast<int>(output3[i]));
+}

chrome/browser/download/base_file.cc

@@ -4,11 +4,10 @@
 
 #include "chrome/browser/download/base_file.h"
 
+#include "base/crypto/secure_hash.h"
 #include "base/file_util.h"
 #include "base/logging.h"
 #include "base/stringprintf.h"
-#include "base/third_party/nss/blapi.h"
-#include "base/third_party/nss/sha256.h"
 #include "net/base/file_stream.h"
 #include "net/base/net_errors.h"
 #include "chrome/browser/browser_thread.h"
@@ -33,8 +32,7 @@ BaseFile::BaseFile(const FilePath& full_path,
       file_stream_(file_stream),
       bytes_so_far_(received_bytes),
       power_save_blocker_(true),
-      calculate_hash_(false),
-      sha_context_(NULL) {
+      calculate_hash_(false) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE));
 }
 
@@ -50,10 +48,8 @@ bool BaseFile::Initialize(bool calculate_hash) {
 
   calculate_hash_ = calculate_hash;
 
-  if (calculate_hash_) {
-    sha_context_.reset(new SHA256Context);
-    SHA256_Begin(sha_context_.get());
-  }
+  if (calculate_hash_)
+    secure_hash_.reset(base::SecureHash::Create(base::SecureHash::SHA256));
 
   if (!full_path_.empty() ||
       download_util::CreateTemporaryFileForDownload(&full_path_))
@@ -78,11 +74,8 @@ bool BaseFile::AppendDataToFile(const char* data, size_t data_len) {
   if (written != data_len)
     return false;
 
-  if (calculate_hash_) {
-    SHA256_Update(sha_context_.get(),
-                  reinterpret_cast<const unsigned char*>(data),
-                  data_len);
-  }
+  if (calculate_hash_)
+    secure_hash_->Update(data, data_len);
 
   return true;
 }
@@ -162,7 +155,7 @@ void BaseFile::Finish() {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE));
 
   if (calculate_hash_)
-    SHA256_End(sha_context_.get(), sha256_hash_, NULL, kSha256HashLen);
+    secure_hash_->Finish(sha256_hash_, kSha256HashLen);
 
   Close();
 }

chrome/browser/download/base_file.h

@@ -11,10 +11,12 @@
 #include "base/file_path.h"
 #include "base/linked_ptr.h"
 #include "base/scoped_ptr.h"
-#include "base/third_party/nss/blapi.h"
 #include "chrome/browser/power_save_blocker.h"
 #include "googleurl/src/gurl.h"
 
+namespace base {
+class SecureHash;
+}
 namespace net {
 class FileStream;
 }
@@ -95,7 +97,7 @@ class BaseFile {
 
   // Used to calculate sha256 hash for the file when calculate_hash_
   // is set.
-  scoped_ptr<SHA256Context> sha_context_;
+  scoped_ptr<base::SecureHash> secure_hash_;
 
   unsigned char sha256_hash_[kSha256HashLen];
 

net/base/openssl_memory_private_key_store.cc

@@ -11,6 +11,7 @@
 #include "base/logging.h"
 #include "base/openssl_util.h"
 #include "base/singleton.h"
+#include "base/synchronization/lock.h"
 #include "net/base/x509_certificate.h"
 
 namespace net {
@@ -52,7 +53,7 @@ class OpenSSLMemoryKeyStore : public OpenSSLPrivateKeyStore {
 
  private:
   std::vector<EVP_PKEY*> keys_;
-  Lock lock_;
+  base::Lock lock_;
 
   DISALLOW_COPY_AND_ASSIGN(OpenSSLMemoryKeyStore);
 };

net/net.gyp

@@ -628,6 +628,7 @@
         'socket/ssl_server_socket.h',
         'socket/ssl_server_socket_nss.cc',
         'socket/ssl_server_socket_nss.h',
+        'socket/ssl_server_socket_openssl.cc',
         'socket/ssl_host_info.cc',
         'socket/ssl_host_info.h',
         'socket/tcp_client_socket.cc',
@@ -769,6 +770,7 @@
             'sources!': [
               'socket/ssl_client_socket_openssl.cc',
               'socket/ssl_client_socket_openssl.h',
+              'socket/ssl_server_socket_openssl.cc',
             ],
           },
         ],

net/socket/ssl_server_socket_openssl.cc

+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/logging.h"
+#include "net/socket/ssl_server_socket.h"
+
+namespace net {
+
+namespace {
+
+class SSLServerSocketOpenSSL : public SSLServerSocket {
+ public:
+  virtual ~SSLServerSocketOpenSSL() {}
+
+  // SSLServerSocket
+  virtual int Accept(CompletionCallback* callback) {
+    // TODO(bulach): implement.
+    NOTIMPLEMENTED();
+    return 0;
+  }
+
+  // Socket
+  virtual int Read(IOBuffer* buf, int buf_len,
+                   CompletionCallback* callback) {
+    // TODO(bulach): implement.
+    NOTIMPLEMENTED();
+    return 0;
+  }
+  virtual int Write(IOBuffer* buf, int buf_len,
+                    CompletionCallback* callback) {
+    // TODO(bulach): implement.
+    NOTIMPLEMENTED();
+    return 0;
+  }
+
+  virtual bool SetReceiveBufferSize(int32 size) {
+    // TODO(bulach): implement.
+    NOTIMPLEMENTED();
+    return false;
+  }
+
+  virtual bool SetSendBufferSize(int32 size) {
+    // TODO(bulach): implement.
+    NOTIMPLEMENTED();
+    return false;
+  }
+};
+
+}  // namespace
+
+SSLServerSocket* CreateSSLServerSocket(Socket* socket,
+                                       X509Certificate* certificate,
+                                       base::RSAPrivateKey* key,
+                                       const SSLConfig& ssl_config) {
+  return new SSLServerSocketOpenSSL();
+}
+
+}  // namespace net