Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(164)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: extensions/browser/sandboxed_unpacker.cc

Issue 2874503002: Refactor CRX verification in preparation to support CRX₃ files. (Closed)
Patch Set: No subclass Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« components/crx_file/crx_verifier.cc ('K') | « extensions/browser/sandboxed_unpacker.h ('k') | extensions/browser/sandboxed_unpacker_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "extensions/browser/sandboxed_unpacker.h" 5 #include "extensions/browser/sandboxed_unpacker.h"
6 6
7 #include <stddef.h> 7 #include <stddef.h>
8 #include <stdint.h> 8 #include <stdint.h>
9 9
10 #include <memory>
10 #include <set> 11 #include <set>
11 #include <tuple> 12 #include <tuple>
13 #include <utility>
14 #include <vector>
12 15
13 #include "base/bind.h" 16 #include "base/bind.h"
14 #include "base/command_line.h" 17 #include "base/command_line.h"
15 #include "base/files/file_util.h" 18 #include "base/files/file_util.h"
16 #include "base/json/json_string_value_serializer.h" 19 #include "base/json/json_string_value_serializer.h"
17 #include "base/metrics/histogram_macros.h" 20 #include "base/metrics/histogram_macros.h"
18 #include "base/path_service.h" 21 #include "base/path_service.h"
19 #include "base/sequenced_task_runner.h" 22 #include "base/sequenced_task_runner.h"
23 #include "base/strings/string_number_conversions.h"
20 #include "base/strings/utf_string_conversions.h" 24 #include "base/strings/utf_string_conversions.h"
21 #include "base/threading/sequenced_worker_pool.h" 25 #include "base/threading/sequenced_worker_pool.h"
22 #include "build/build_config.h" 26 #include "build/build_config.h"
23 #include "components/crx_file/crx_file.h" 27 #include "components/crx_file/crx_verifier.h"
24 #include "content/public/browser/browser_thread.h" 28 #include "content/public/browser/browser_thread.h"
25 #include "extensions/common/constants.h" 29 #include "extensions/common/constants.h"
26 #include "extensions/common/extension.h" 30 #include "extensions/common/extension.h"
27 #include "extensions/common/extension_l10n_util.h" 31 #include "extensions/common/extension_l10n_util.h"
28 #include "extensions/common/extension_unpacker.mojom.h" 32 #include "extensions/common/extension_unpacker.mojom.h"
29 #include "extensions/common/extension_utility_types.h" 33 #include "extensions/common/extension_utility_types.h"
30 #include "extensions/common/extensions_client.h" 34 #include "extensions/common/extensions_client.h"
31 #include "extensions/common/file_util.h" 35 #include "extensions/common/file_util.h"
32 #include "extensions/common/manifest_constants.h" 36 #include "extensions/common/manifest_constants.h"
33 #include "extensions/common/manifest_handlers/icons_handler.h" 37 #include "extensions/common/manifest_handlers/icons_handler.h"
34 #include "extensions/common/switches.h" 38 #include "extensions/common/switches.h"
35 #include "extensions/strings/grit/extensions_strings.h" 39 #include "extensions/strings/grit/extensions_strings.h"
36 #include "third_party/skia/include/core/SkBitmap.h" 40 #include "third_party/skia/include/core/SkBitmap.h"
37 #include "ui/base/l10n/l10n_util.h" 41 #include "ui/base/l10n/l10n_util.h"
38 #include "ui/gfx/codec/png_codec.h" 42 #include "ui/gfx/codec/png_codec.h"
39 43
40 using base::ASCIIToUTF16; 44 using base::ASCIIToUTF16;
41 using content::BrowserThread; 45 using content::BrowserThread;
42 using crx_file::CrxFile; 46 using crx_file::CrxVerifier;
43 47
44 // The following macro makes histograms that record the length of paths 48 // The following macro makes histograms that record the length of paths
45 // in this file much easier to read. 49 // in this file much easier to read.
46 // Windows has a short max path length. If the path length to a 50 // Windows has a short max path length. If the path length to a
47 // file being unpacked from a CRX exceeds the max length, we might 51 // file being unpacked from a CRX exceeds the max length, we might
48 // fail to install. To see if this is happening, see how long the 52 // fail to install. To see if this is happening, see how long the
49 // path to the temp unpack directory is. See crbug.com/69693 . 53 // path to the temp unpack directory is. See crbug.com/69693 .
50 #define PATH_LENGTH_HISTOGRAM(name, path) \ 54 #define PATH_LENGTH_HISTOGRAM(name, path) \
51 UMA_HISTOGRAM_CUSTOM_COUNTS(name, path.value().length(), 1, 500, 100) 55 UMA_HISTOGRAM_CUSTOM_COUNTS(name, path.value().length(), 1, 500, 100)
52 56
(...skipping 463 matching lines...) Expand 10 before | Expand all | Expand 10 after
516 return ASCIIToUTF16("INVALID_MANIFEST"); 520 return ASCIIToUTF16("INVALID_MANIFEST");
517 case UNPACKER_CLIENT_FAILED: 521 case UNPACKER_CLIENT_FAILED:
518 return ASCIIToUTF16("UNPACKER_CLIENT_FAILED"); 522 return ASCIIToUTF16("UNPACKER_CLIENT_FAILED");
519 case UTILITY_PROCESS_CRASHED_WHILE_TRYING_TO_INSTALL: 523 case UTILITY_PROCESS_CRASHED_WHILE_TRYING_TO_INSTALL:
520 return ASCIIToUTF16("UTILITY_PROCESS_CRASHED_WHILE_TRYING_TO_INSTALL"); 524 return ASCIIToUTF16("UTILITY_PROCESS_CRASHED_WHILE_TRYING_TO_INSTALL");
521 525
522 case CRX_FILE_NOT_READABLE: 526 case CRX_FILE_NOT_READABLE:
523 return ASCIIToUTF16("CRX_FILE_NOT_READABLE"); 527 return ASCIIToUTF16("CRX_FILE_NOT_READABLE");
524 case CRX_HEADER_INVALID: 528 case CRX_HEADER_INVALID:
525 return ASCIIToUTF16("CRX_HEADER_INVALID"); 529 return ASCIIToUTF16("CRX_HEADER_INVALID");
526 case CRX_MAGIC_NUMBER_INVALID: 530 case CRX_FILE_IS_DELTA_UPDATE:
527 return ASCIIToUTF16("CRX_MAGIC_NUMBER_INVALID"); 531 return ASCIIToUTF16("CRX_FILE_IS_DELTA_UPDATE");
528 case CRX_VERSION_NUMBER_INVALID:
529 return ASCIIToUTF16("CRX_VERSION_NUMBER_INVALID");
530 case CRX_EXCESSIVELY_LARGE_KEY_OR_SIGNATURE:
531 return ASCIIToUTF16("CRX_EXCESSIVELY_LARGE_KEY_OR_SIGNATURE");
532 case CRX_ZERO_KEY_LENGTH:
533 return ASCIIToUTF16("CRX_ZERO_KEY_LENGTH");
534 case CRX_ZERO_SIGNATURE_LENGTH:
535 return ASCIIToUTF16("CRX_ZERO_SIGNATURE_LENGTH");
536 case CRX_PUBLIC_KEY_INVALID:
537 return ASCIIToUTF16("CRX_PUBLIC_KEY_INVALID");
538 case CRX_SIGNATURE_INVALID:
539 return ASCIIToUTF16("CRX_SIGNATURE_INVALID");
540 case CRX_SIGNATURE_VERIFICATION_INITIALIZATION_FAILED: 532 case CRX_SIGNATURE_VERIFICATION_INITIALIZATION_FAILED:
541 return ASCIIToUTF16("CRX_SIGNATURE_VERIFICATION_INITIALIZATION_FAILED"); 533 return ASCIIToUTF16("CRX_SIGNATURE_VERIFICATION_INITIALIZATION_FAILED");
542 case CRX_SIGNATURE_VERIFICATION_FAILED: 534 case CRX_SIGNATURE_VERIFICATION_FAILED:
543 return ASCIIToUTF16("CRX_SIGNATURE_VERIFICATION_FAILED"); 535 return ASCIIToUTF16("CRX_SIGNATURE_VERIFICATION_FAILED");
536 case CRX_EXPECTED_HASH_INVALID:
537 return ASCIIToUTF16("CRX_EXPECTED_HASH_INVALID");
544 538
545 case ERROR_SERIALIZING_MANIFEST_JSON: 539 case ERROR_SERIALIZING_MANIFEST_JSON:
546 return ASCIIToUTF16("ERROR_SERIALIZING_MANIFEST_JSON"); 540 return ASCIIToUTF16("ERROR_SERIALIZING_MANIFEST_JSON");
547 case ERROR_SAVING_MANIFEST_JSON: 541 case ERROR_SAVING_MANIFEST_JSON:
548 return ASCIIToUTF16("ERROR_SAVING_MANIFEST_JSON"); 542 return ASCIIToUTF16("ERROR_SAVING_MANIFEST_JSON");
549 543
550 case COULD_NOT_READ_IMAGE_DATA_FROM_DISK: 544 case COULD_NOT_READ_IMAGE_DATA_FROM_DISK:
551 return ASCIIToUTF16("COULD_NOT_READ_IMAGE_DATA_FROM_DISK"); 545 return ASCIIToUTF16("COULD_NOT_READ_IMAGE_DATA_FROM_DISK");
552 case DECODED_IMAGES_DO_NOT_MATCH_THE_MANIFEST: 546 case DECODED_IMAGES_DO_NOT_MATCH_THE_MANIFEST:
553 return ASCIIToUTF16("DECODED_IMAGES_DO_NOT_MATCH_THE_MANIFEST"); 547 return ASCIIToUTF16("DECODED_IMAGES_DO_NOT_MATCH_THE_MANIFEST");
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after
593 } 587 }
594 588
595 void SandboxedUnpacker::FailWithPackageError(FailureReason reason) { 589 void SandboxedUnpacker::FailWithPackageError(FailureReason reason) {
596 ReportFailure(reason, 590 ReportFailure(reason,
597 l10n_util::GetStringFUTF16(IDS_EXTENSION_PACKAGE_ERROR_CODE, 591 l10n_util::GetStringFUTF16(IDS_EXTENSION_PACKAGE_ERROR_CODE,
598 FailureReasonToString16(reason))); 592 FailureReasonToString16(reason)));
599 } 593 }
600 594
601 bool SandboxedUnpacker::ValidateSignature(const base::FilePath& crx_path, 595 bool SandboxedUnpacker::ValidateSignature(const base::FilePath& crx_path,
602 const std::string& expected_hash) { 596 const std::string& expected_hash) {
603 CrxFile::ValidateError error = CrxFile::ValidateSignature( 597 CrxVerifier verifier;
604 crx_path, expected_hash, &public_key_, &extension_id_, nullptr); 598 verifier.GetPublicKey(&public_key_);
599 verifier.GetCrxId(&extension_id_);
600 if (!expected_hash.empty()) {
601 std::vector<uint8_t> hash;
602 if (!base::HexStringToBytes(expected_hash, &hash)) {
603 FailWithPackageError(CRX_EXPECTED_HASH_INVALID);
604 return false;
605 }
606 verifier.RequireFileHash(hash);
607 }
608 CrxVerifier::Result result = verifier.Verify(crx_path);
Sorin Jianu 2017/05/15 19:49:53 const?
waffles 2017/05/16 00:29:03 Done.
605 609
606 switch (error) { 610 switch (result) {
607 case CrxFile::ValidateError::NONE: { 611 case CrxVerifier::Result::OK_FULL: {
608 if (!expected_hash.empty()) 612 if (!expected_hash.empty())
609 UMA_HISTOGRAM_BOOLEAN("Extensions.SandboxUnpackHashCheck", true); 613 UMA_HISTOGRAM_BOOLEAN("Extensions.SandboxUnpackHashCheck", true);
610 return true; 614 return true;
611 } 615 }
612 616 case CrxVerifier::Result::OK_DELTA:
613 case CrxFile::ValidateError::CRX_FILE_NOT_READABLE: 617 FailWithPackageError(CRX_FILE_IS_DELTA_UPDATE);
618 break;
619 case CrxVerifier::Result::ERROR_FILE_NOT_READABLE:
614 FailWithPackageError(CRX_FILE_NOT_READABLE); 620 FailWithPackageError(CRX_FILE_NOT_READABLE);
615 break; 621 break;
616 case CrxFile::ValidateError::CRX_HEADER_INVALID: 622 case CrxVerifier::Result::ERROR_HEADER_INVALID:
617 FailWithPackageError(CRX_HEADER_INVALID); 623 FailWithPackageError(CRX_HEADER_INVALID);
618 break; 624 break;
619 case CrxFile::ValidateError::CRX_MAGIC_NUMBER_INVALID: 625 case CrxVerifier::Result::ERROR_SIGNATURE_INITIALIZATION_FAILED:
620 FailWithPackageError(CRX_MAGIC_NUMBER_INVALID);
621 break;
622 case CrxFile::ValidateError::CRX_VERSION_NUMBER_INVALID:
623 FailWithPackageError(CRX_VERSION_NUMBER_INVALID);
624 break;
625 case CrxFile::ValidateError::CRX_EXCESSIVELY_LARGE_KEY_OR_SIGNATURE:
626 FailWithPackageError(CRX_EXCESSIVELY_LARGE_KEY_OR_SIGNATURE);
627 break;
628 case CrxFile::ValidateError::CRX_ZERO_KEY_LENGTH:
629 FailWithPackageError(CRX_ZERO_KEY_LENGTH);
630 break;
631 case CrxFile::ValidateError::CRX_ZERO_SIGNATURE_LENGTH:
632 FailWithPackageError(CRX_ZERO_SIGNATURE_LENGTH);
633 break;
634 case CrxFile::ValidateError::CRX_PUBLIC_KEY_INVALID:
635 FailWithPackageError(CRX_PUBLIC_KEY_INVALID);
636 break;
637 case CrxFile::ValidateError::CRX_SIGNATURE_INVALID:
638 FailWithPackageError(CRX_SIGNATURE_INVALID);
639 break;
640 case CrxFile::ValidateError::
641 CRX_SIGNATURE_VERIFICATION_INITIALIZATION_FAILED:
642 FailWithPackageError(CRX_SIGNATURE_VERIFICATION_INITIALIZATION_FAILED); 626 FailWithPackageError(CRX_SIGNATURE_VERIFICATION_INITIALIZATION_FAILED);
643 break; 627 break;
644 case CrxFile::ValidateError::CRX_SIGNATURE_VERIFICATION_FAILED: 628 case CrxVerifier::Result::ERROR_SIGNATURE_VERIFICATION_FAILED:
645 FailWithPackageError(CRX_SIGNATURE_VERIFICATION_FAILED); 629 FailWithPackageError(CRX_SIGNATURE_VERIFICATION_FAILED);
646 break; 630 break;
647 case CrxFile::ValidateError::CRX_HASH_VERIFICATION_FAILED: 631 case CrxVerifier::Result::ERROR_EXPECTED_HASH_INVALID:
632 FailWithPackageError(CRX_EXPECTED_HASH_INVALID);
633 break;
634 case CrxVerifier::Result::ERROR_REQUIRED_PROOF_MISSING:
635 // We should never get this result, as we do not call
636 // verifier.RequireKeyProof.
637 NOTREACHED();
638 break;
639 case CrxVerifier::Result::ERROR_FILE_HASH_FAILED:
648 // We should never get this result unless we had specifically asked for 640 // We should never get this result unless we had specifically asked for
649 // verification of the crx file's hash. 641 // verification of the crx file's hash.
650 CHECK(!expected_hash.empty()); 642 CHECK(!expected_hash.empty());
651 UMA_HISTOGRAM_BOOLEAN("Extensions.SandboxUnpackHashCheck", false); 643 UMA_HISTOGRAM_BOOLEAN("Extensions.SandboxUnpackHashCheck", false);
652 FailWithPackageError(CRX_HASH_VERIFICATION_FAILED); 644 FailWithPackageError(CRX_HASH_VERIFICATION_FAILED);
653 break; 645 break;
654 } 646 }
655 647
656 return false; 648 return false;
657 } 649 }
(...skipping 246 matching lines...) Expand 10 before | Expand all | Expand 10 after
904 896
905 void SandboxedUnpacker::Cleanup() { 897 void SandboxedUnpacker::Cleanup() {
906 DCHECK(unpacker_io_task_runner_->RunsTasksOnCurrentThread()); 898 DCHECK(unpacker_io_task_runner_->RunsTasksOnCurrentThread());
907 if (!temp_dir_.Delete()) { 899 if (!temp_dir_.Delete()) {
908 LOG(WARNING) << "Can not delete temp directory at " 900 LOG(WARNING) << "Can not delete temp directory at "
909 << temp_dir_.GetPath().value(); 901 << temp_dir_.GetPath().value();
910 } 902 }
911 } 903 }
912 904
913 } // namespace extensions 905 } // namespace extensions
OLDNEW
« components/crx_file/crx_verifier.cc ('K') | « extensions/browser/sandboxed_unpacker.h ('k') | extensions/browser/sandboxed_unpacker_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698