Chromium Code Reviews Chromium Code Reviews
Issue 2874503002:
Refactor CRX verification in preparation to support CRX₃ files. (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "extensions/browser/sandboxed_unpacker.h" | 5 #include "extensions/browser/sandboxed_unpacker.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 #include <stdint.h> | 8 #include <stdint.h> |
| 9 | 9 |
| 10 #include <memory> | |
| 10 #include <set> | 11 #include <set> |
| 11 #include <tuple> | 12 #include <tuple> |
| 13 #include <utility> | |
| 14 #include <vector> | |
| 12 | 15 |
| 13 #include "base/bind.h" | 16 #include "base/bind.h" |
| 14 #include "base/command_line.h" | 17 #include "base/command_line.h" |
| 15 #include "base/files/file_util.h" | 18 #include "base/files/file_util.h" |
| 16 #include "base/json/json_string_value_serializer.h" | 19 #include "base/json/json_string_value_serializer.h" |
| 17 #include "base/metrics/histogram_macros.h" | 20 #include "base/metrics/histogram_macros.h" |
| 18 #include "base/path_service.h" | 21 #include "base/path_service.h" |
| 19 #include "base/sequenced_task_runner.h" | 22 #include "base/sequenced_task_runner.h" |
| 23 #include "base/strings/string_number_conversions.h" | |
| 20 #include "base/strings/utf_string_conversions.h" | 24 #include "base/strings/utf_string_conversions.h" |
| 21 #include "base/threading/sequenced_worker_pool.h" | 25 #include "base/threading/sequenced_worker_pool.h" |
| 22 #include "build/build_config.h" | 26 #include "build/build_config.h" |
| 23 #include "components/crx_file/crx_file.h" | 27 #include "components/crx_file/crx_verifier.h" |
| 24 #include "content/public/browser/browser_thread.h" | 28 #include "content/public/browser/browser_thread.h" |
| 25 #include "extensions/common/constants.h" | 29 #include "extensions/common/constants.h" |
| 26 #include "extensions/common/extension.h" | 30 #include "extensions/common/extension.h" |
| 27 #include "extensions/common/extension_l10n_util.h" | 31 #include "extensions/common/extension_l10n_util.h" |
| 28 #include "extensions/common/extension_unpacker.mojom.h" | 32 #include "extensions/common/extension_unpacker.mojom.h" |
| 29 #include "extensions/common/extension_utility_types.h" | 33 #include "extensions/common/extension_utility_types.h" |
| 30 #include "extensions/common/extensions_client.h" | 34 #include "extensions/common/extensions_client.h" |
| 31 #include "extensions/common/file_util.h" | 35 #include "extensions/common/file_util.h" |
| 32 #include "extensions/common/manifest_constants.h" | 36 #include "extensions/common/manifest_constants.h" |
| 33 #include "extensions/common/manifest_handlers/icons_handler.h" | 37 #include "extensions/common/manifest_handlers/icons_handler.h" |
| 34 #include "extensions/common/switches.h" | 38 #include "extensions/common/switches.h" |
| 35 #include "extensions/strings/grit/extensions_strings.h" | 39 #include "extensions/strings/grit/extensions_strings.h" |
| 36 #include "third_party/skia/include/core/SkBitmap.h" | 40 #include "third_party/skia/include/core/SkBitmap.h" |
| 37 #include "ui/base/l10n/l10n_util.h" | 41 #include "ui/base/l10n/l10n_util.h" |
| 38 #include "ui/gfx/codec/png_codec.h" | 42 #include "ui/gfx/codec/png_codec.h" |
| 39 | 43 |
| 40 using base::ASCIIToUTF16; | 44 using base::ASCIIToUTF16; |
| 41 using content::BrowserThread; | 45 using content::BrowserThread; |
| 42 using crx_file::CrxFile; | |
| 43 | 46 |
| 44 // The following macro makes histograms that record the length of paths | 47 // The following macro makes histograms that record the length of paths |
| 45 // in this file much easier to read. | 48 // in this file much easier to read. |
| 46 // Windows has a short max path length. If the path length to a | 49 // Windows has a short max path length. If the path length to a |
| 47 // file being unpacked from a CRX exceeds the max length, we might | 50 // file being unpacked from a CRX exceeds the max length, we might |
| 48 // fail to install. To see if this is happening, see how long the | 51 // fail to install. To see if this is happening, see how long the |
| 49 // path to the temp unpack directory is. See crbug.com/69693 . | 52 // path to the temp unpack directory is. See crbug.com/69693 . |
| 50 #define PATH_LENGTH_HISTOGRAM(name, path) \ | 53 #define PATH_LENGTH_HISTOGRAM(name, path) \ |
| 51 UMA_HISTOGRAM_CUSTOM_COUNTS(name, path.value().length(), 1, 500, 100) | 54 UMA_HISTOGRAM_CUSTOM_COUNTS(name, path.value().length(), 1, 500, 100) |
| 52 | 55 |
| (...skipping 481 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 534 case CRX_ZERO_SIGNATURE_LENGTH: | 537 case CRX_ZERO_SIGNATURE_LENGTH: |
| 535 return ASCIIToUTF16("CRX_ZERO_SIGNATURE_LENGTH"); | 538 return ASCIIToUTF16("CRX_ZERO_SIGNATURE_LENGTH"); |
| 536 case CRX_PUBLIC_KEY_INVALID: | 539 case CRX_PUBLIC_KEY_INVALID: |
| 537 return ASCIIToUTF16("CRX_PUBLIC_KEY_INVALID"); | 540 return ASCIIToUTF16("CRX_PUBLIC_KEY_INVALID"); |
| 538 case CRX_SIGNATURE_INVALID: | 541 case CRX_SIGNATURE_INVALID: |
| 539 return ASCIIToUTF16("CRX_SIGNATURE_INVALID"); | 542 return ASCIIToUTF16("CRX_SIGNATURE_INVALID"); |
| 540 case CRX_SIGNATURE_VERIFICATION_INITIALIZATION_FAILED: | 543 case CRX_SIGNATURE_VERIFICATION_INITIALIZATION_FAILED: |
| 541 return ASCIIToUTF16("CRX_SIGNATURE_VERIFICATION_INITIALIZATION_FAILED"); | 544 return ASCIIToUTF16("CRX_SIGNATURE_VERIFICATION_INITIALIZATION_FAILED"); |
| 542 case CRX_SIGNATURE_VERIFICATION_FAILED: | 545 case CRX_SIGNATURE_VERIFICATION_FAILED: |
| 543 return ASCIIToUTF16("CRX_SIGNATURE_VERIFICATION_FAILED"); | 546 return ASCIIToUTF16("CRX_SIGNATURE_VERIFICATION_FAILED"); |
| 547 case CRX_FILE_IS_DELTA_UPDATE: | |
| 548 return ASCIIToUTF16("CRX_FILE_IS_DELTA_UPDATE"); | |
| 549 case CRX_EXPECTED_HASH_INVALID: | |
| 550 return ASCIIToUTF16("CRX_EXPECTED_HASH_INVALID"); | |
| 544 | 551 |
| 545 case ERROR_SERIALIZING_MANIFEST_JSON: | 552 case ERROR_SERIALIZING_MANIFEST_JSON: |
| 546 return ASCIIToUTF16("ERROR_SERIALIZING_MANIFEST_JSON"); | 553 return ASCIIToUTF16("ERROR_SERIALIZING_MANIFEST_JSON"); |
| 547 case ERROR_SAVING_MANIFEST_JSON: | 554 case ERROR_SAVING_MANIFEST_JSON: |
| 548 return ASCIIToUTF16("ERROR_SAVING_MANIFEST_JSON"); | 555 return ASCIIToUTF16("ERROR_SAVING_MANIFEST_JSON"); |
| 549 | 556 |
| 550 case COULD_NOT_READ_IMAGE_DATA_FROM_DISK: | 557 case COULD_NOT_READ_IMAGE_DATA_FROM_DISK: |
| 551 return ASCIIToUTF16("COULD_NOT_READ_IMAGE_DATA_FROM_DISK"); | 558 return ASCIIToUTF16("COULD_NOT_READ_IMAGE_DATA_FROM_DISK"); |
| 552 case DECODED_IMAGES_DO_NOT_MATCH_THE_MANIFEST: | 559 case DECODED_IMAGES_DO_NOT_MATCH_THE_MANIFEST: |
| 553 return ASCIIToUTF16("DECODED_IMAGES_DO_NOT_MATCH_THE_MANIFEST"); | 560 return ASCIIToUTF16("DECODED_IMAGES_DO_NOT_MATCH_THE_MANIFEST"); |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 593 } | 600 } |
| 594 | 601 |
| 595 void SandboxedUnpacker::FailWithPackageError(FailureReason reason) { | 602 void SandboxedUnpacker::FailWithPackageError(FailureReason reason) { |
| 596 ReportFailure(reason, | 603 ReportFailure(reason, |
| 597 l10n_util::GetStringFUTF16(IDS_EXTENSION_PACKAGE_ERROR_CODE, | 604 l10n_util::GetStringFUTF16(IDS_EXTENSION_PACKAGE_ERROR_CODE, |
| 598 FailureReasonToString16(reason))); | 605 FailureReasonToString16(reason))); |
| 599 } | 606 } |
| 600 | 607 |
| 601 bool SandboxedUnpacker::ValidateSignature(const base::FilePath& crx_path, | 608 bool SandboxedUnpacker::ValidateSignature(const base::FilePath& crx_path, |
| 602 const std::string& expected_hash) { | 609 const std::string& expected_hash) { |
| 603 CrxFile::ValidateError error = CrxFile::ValidateSignature( | 610 std::vector<uint8_t> hash = {}; |
|
Sorin Jianu
2017/05/16 20:54:50
is there any reason to use an initialization list?
waffles
2017/05/16 22:34:52
Done.
| |
| 604 crx_path, expected_hash, &public_key_, &extension_id_, nullptr); | 611 if (!expected_hash.empty()) { |
| 612 if (!base::HexStringToBytes(expected_hash, &hash)) { | |
| 613 FailWithPackageError(CRX_EXPECTED_HASH_INVALID); | |
| 614 return false; | |
| 615 } | |
| 616 } | |
| 617 const crx_file::VerifierResult result = crx_file::Verify( | |
| 618 crx_path, crx_file::VerifierFormat::CRX2_OR_CRX3, | |
| 619 std::vector<std::vector<uint8_t>>(), hash, &public_key_, &extension_id_); | |
| 605 | 620 |
| 606 switch (error) { | 621 switch (result) { |
| 607 case CrxFile::ValidateError::NONE: { | 622 case crx_file::VerifierResult::OK_FULL: { |
| 608 if (!expected_hash.empty()) | 623 if (!expected_hash.empty()) |
| 609 UMA_HISTOGRAM_BOOLEAN("Extensions.SandboxUnpackHashCheck", true); | 624 UMA_HISTOGRAM_BOOLEAN("Extensions.SandboxUnpackHashCheck", true); |
| 610 return true; | 625 return true; |
| 611 } | 626 } |
| 612 | 627 case crx_file::VerifierResult::OK_DELTA: |
| 613 case CrxFile::ValidateError::CRX_FILE_NOT_READABLE: | 628 FailWithPackageError(CRX_FILE_IS_DELTA_UPDATE); |
| 629 break; | |
| 630 case crx_file::VerifierResult::ERROR_FILE_NOT_READABLE: | |
| 614 FailWithPackageError(CRX_FILE_NOT_READABLE); | 631 FailWithPackageError(CRX_FILE_NOT_READABLE); |
| 615 break; | 632 break; |
| 616 case CrxFile::ValidateError::CRX_HEADER_INVALID: | 633 case crx_file::VerifierResult::ERROR_HEADER_INVALID: |
| 617 FailWithPackageError(CRX_HEADER_INVALID); | 634 FailWithPackageError(CRX_HEADER_INVALID); |
| 618 break; | 635 break; |
| 619 case CrxFile::ValidateError::CRX_MAGIC_NUMBER_INVALID: | 636 case crx_file::VerifierResult::ERROR_SIGNATURE_INITIALIZATION_FAILED: |
| 620 FailWithPackageError(CRX_MAGIC_NUMBER_INVALID); | |
| 621 break; | |
| 622 case CrxFile::ValidateError::CRX_VERSION_NUMBER_INVALID: | |
| 623 FailWithPackageError(CRX_VERSION_NUMBER_INVALID); | |
| 624 break; | |
| 625 case CrxFile::ValidateError::CRX_EXCESSIVELY_LARGE_KEY_OR_SIGNATURE: | |
| 626 FailWithPackageError(CRX_EXCESSIVELY_LARGE_KEY_OR_SIGNATURE); | |
| 627 break; | |
| 628 case CrxFile::ValidateError::CRX_ZERO_KEY_LENGTH: | |
| 629 FailWithPackageError(CRX_ZERO_KEY_LENGTH); | |
| 630 break; | |
| 631 case CrxFile::ValidateError::CRX_ZERO_SIGNATURE_LENGTH: | |
| 632 FailWithPackageError(CRX_ZERO_SIGNATURE_LENGTH); | |
| 633 break; | |
| 634 case CrxFile::ValidateError::CRX_PUBLIC_KEY_INVALID: | |
| 635 FailWithPackageError(CRX_PUBLIC_KEY_INVALID); | |
| 636 break; | |
| 637 case CrxFile::ValidateError::CRX_SIGNATURE_INVALID: | |
| 638 FailWithPackageError(CRX_SIGNATURE_INVALID); | |
| 639 break; | |
| 640 case CrxFile::ValidateError:: | |
| 641 CRX_SIGNATURE_VERIFICATION_INITIALIZATION_FAILED: | |
| 642 FailWithPackageError(CRX_SIGNATURE_VERIFICATION_INITIALIZATION_FAILED); | 637 FailWithPackageError(CRX_SIGNATURE_VERIFICATION_INITIALIZATION_FAILED); |
| 643 break; | 638 break; |
| 644 case CrxFile::ValidateError::CRX_SIGNATURE_VERIFICATION_FAILED: | 639 case crx_file::VerifierResult::ERROR_SIGNATURE_VERIFICATION_FAILED: |
| 645 FailWithPackageError(CRX_SIGNATURE_VERIFICATION_FAILED); | 640 FailWithPackageError(CRX_SIGNATURE_VERIFICATION_FAILED); |
| 646 break; | 641 break; |
| 647 case CrxFile::ValidateError::CRX_HASH_VERIFICATION_FAILED: | 642 case crx_file::VerifierResult::ERROR_EXPECTED_HASH_INVALID: |
| 643 FailWithPackageError(CRX_EXPECTED_HASH_INVALID); | |
| 644 break; | |
| 645 case crx_file::VerifierResult::ERROR_REQUIRED_PROOF_MISSING: | |
| 646 // We should never get this result, as we do not call | |
| 647 // verifier.RequireKeyProof. | |
| 648 NOTREACHED(); | |
| 649 break; | |
| 650 case crx_file::VerifierResult::ERROR_FILE_HASH_FAILED: | |
| 648 // We should never get this result unless we had specifically asked for | 651 // We should never get this result unless we had specifically asked for |
| 649 // verification of the crx file's hash. | 652 // verification of the crx file's hash. |
| 650 CHECK(!expected_hash.empty()); | 653 CHECK(!expected_hash.empty()); |
| 651 UMA_HISTOGRAM_BOOLEAN("Extensions.SandboxUnpackHashCheck", false); | 654 UMA_HISTOGRAM_BOOLEAN("Extensions.SandboxUnpackHashCheck", false); |
| 652 FailWithPackageError(CRX_HASH_VERIFICATION_FAILED); | 655 FailWithPackageError(CRX_HASH_VERIFICATION_FAILED); |
| 653 break; | 656 break; |
| 654 } | 657 } |
| 655 | 658 |
| 656 return false; | 659 return false; |
| 657 } | 660 } |
| (...skipping 246 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 904 | 907 |
| 905 void SandboxedUnpacker::Cleanup() { | 908 void SandboxedUnpacker::Cleanup() { |
| 906 DCHECK(unpacker_io_task_runner_->RunsTasksOnCurrentThread()); | 909 DCHECK(unpacker_io_task_runner_->RunsTasksOnCurrentThread()); |
| 907 if (!temp_dir_.Delete()) { | 910 if (!temp_dir_.Delete()) { |
| 908 LOG(WARNING) << "Can not delete temp directory at " | 911 LOG(WARNING) << "Can not delete temp directory at " |
| 909 << temp_dir_.GetPath().value(); | 912 << temp_dir_.GetPath().value(); |
| 910 } | 913 } |
| 911 } | 914 } |
| 912 | 915 |
| 913 } // namespace extensions | 916 } // namespace extensions |
| OLD | NEW |
