| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef COMPONENTS_CRX_FILE_CRX_VERIFIER_H_ |
| 6 #define COMPONENTS_CRX_FILE_CRX_VERIFIER_H_ |
| 7 |
| 8 #include <stdint.h> |
| 9 #include <string> |
| 10 #include <vector> |
| 11 |
| 12 namespace base { |
| 13 class FilePath; |
| 14 class File; |
| 15 } // namespace base |
| 16 |
| 17 namespace crypto { |
| 18 class SecureHash; |
| 19 } // namespace crypto |
| 20 |
| 21 namespace crx_file { |
| 22 |
| 23 // A CrxVerifier is capable of verifying a Crx file. It accepts both Crx2 |
| 24 // and Crx3 files that fulfill the specified requirements. To accept Crx3 files |
| 25 // only, use a Crx3Verifier. |
| 26 class CrxVerifier { |
| 27 public: |
| 28 // Constructs a new CrxVerifier that verifies the file is a well-formed |
| 29 // Crx3 or Crx2 file, and verifies each understood proof on the file. |
| 30 // Additionally, a Crx3 file must have a proof whose public key hashes to the |
| 31 // enclosed Crx ID. |
| 32 CrxVerifier(); |
| 33 |
| 34 virtual ~CrxVerifier(); |
| 35 |
| 36 // Once called, this verifier requires at least one of the proofs to use a |
| 37 // public key whose SHA256 hash is equal to |key_hash|. Additional calls to |
| 38 // RequireKeyProof accumulate additional requirements. |
| 39 void RequireKeyProof(const std::vector<uint8_t>& key_hash); |
| 40 |
| 41 // Once called, this verifier requires that the overall Crx file have a SHA256 |
| 42 // hash equal to |expected_hash| (encoded in base 16). Additional calls to |
| 43 // RequireFileHash replace previous expected hashes. |
| 44 void RequireFileHash(const std::vector<uint8_t>& expected_hash); |
| 45 |
| 46 // Once called, when Verify is called this verifier will set the contents of |
| 47 // |public_key| to one of the following values: (For Crx2) the public key the |
| 48 // file is signed with, or (for Crx3) the public key that hashes to the |
| 49 // developer proof, or (for Crx3) the empty string if there is no such proof. |
| 50 // In all cases the key is encoded as a base64 string (PEM). |
| 51 // Additional calls to GetPublicKey replace previous |
| 52 // |public_key| parameters. |
| 53 void GetPublicKey(std::string* public_key); |
| 54 |
| 55 // Once called, when Verify is called this verifier will set the contents of |
| 56 // |crx_id| to one of the following values: (For Crx2) the id as computed from |
| 57 // the hash of the signing key, or (for Crx3) the id declared in the file. |
| 58 // Additional calls to GetCrxId replace previous |
| 59 // |crx_id| parameters. |
| 60 void GetCrxId(std::string* crx_id); |
| 61 |
| 62 enum class Result { |
| 63 OK_FULL, // The file verifies as a correct full CRX file. |
| 64 OK_DELTA, // The file verifies as a correct differential CRX file. |
| 65 ERROR_FILE_NOT_READABLE, // Cannot open the CRX file. |
| 66 ERROR_HEADER_INVALID, // Failed to parse or understand CRX header. |
| 67 ERROR_EXPECTED_HASH_INVALID, // Expected hash is not well-formed. |
| 68 ERROR_FILE_HASH_FAILED, // The file's actual hash != the expected hash. |
| 69 ERROR_SIGNATURE_INITIALIZATION_FAILED, // A signature or key is malformed. |
| 70 ERROR_SIGNATURE_VERIFICATION_FAILED, // A signature doesn't match. |
| 71 ERROR_REQUIRED_PROOF_MISSING, // RequireKeyProof was unsatisfied. |
| 72 }; |
| 73 |
| 74 // Verify the crx file at |crx_path|, subject to this verifier's requirements. |
| 75 Result Verify(const base::FilePath& crx_path) const; |
| 76 |
| 77 protected: |
| 78 bool allow_crx2_ = true; |
| 79 bool require_publisher_proof_ = false; |
| 80 |
| 81 private: |
| 82 std::string* crx_id_ = nullptr; |
| 83 std::string* public_key_ = nullptr; |
| 84 std::vector<std::vector<uint8_t>> key_hashes_; |
| 85 std::vector<uint8_t> expected_hash_; |
| 86 |
| 87 Result VerifyCrx2(base::File* file, crypto::SecureHash* hash) const; |
| 88 Result VerifyCrx3(base::File* file, crypto::SecureHash* hash) const; |
| 89 }; |
| 90 |
| 91 // A Crx3Verifier is a CrxVerifier that implements additional |
| 92 // requirements: it accepts Crx3 files only and can be configured to require a |
| 93 // publisher proof in addition to the developer proof. |
| 94 class Crx3Verifier : CrxVerifier { |
| 95 public: |
| 96 // Constructs a new Crx3Verifier that verifies the file is a well-formed |
| 97 // Crx3 file, and verifies each understood proof on the file. |
| 98 Crx3Verifier(); |
| 99 |
| 100 ~Crx3Verifier() override; |
| 101 |
| 102 // Once called, this verifier requires one of the Crx3 proofs to match a |
| 103 // pinned publisher key. (The publisher key is pinned in the crx_file module). |
| 104 void RequirePublisherProof(); |
| 105 }; |
| 106 |
| 107 } // namespace crx_file |
| 108 |
| 109 #endif // COMPONENTS_CRX_FILE_CRX_VERIFIER_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2874503002:
Refactor CRX verification in preparation to support CRX₃ files. (Closed)
