| Index: components/crx_file/crx_verifier.cc
|
| diff --git a/components/crx_file/crx_verifier.cc b/components/crx_file/crx_verifier.cc
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..dced8d078aaadd1cba20258b3e3651a1c33c67cd
|
| --- /dev/null
|
| +++ b/components/crx_file/crx_verifier.cc
|
| @@ -0,0 +1,182 @@
|
| +// Copyright 2017 The Chromium Authors. All rights reserved.
|
| +// Use of this source code is governed by a BSD-style license that can be
|
| +// found in the LICENSE file.
|
| +
|
| +#include "components/crx_file/crx_verifier.h"
|
| +
|
| +#include <cstring>
|
| +#include <memory>
|
| +
|
| +#include "base/base64.h"
|
| +#include "base/files/file.h"
|
| +#include "base/files/file_path.h"
|
| +#include "components/crx_file/crx2_file.h"
|
| +#include "components/crx_file/id_util.h"
|
| +#include "crypto/secure_hash.h"
|
| +#include "crypto/secure_util.h"
|
| +#include "crypto/sha2.h"
|
| +#include "crypto/signature_verifier.h"
|
| +
|
| +namespace crx_file {
|
| +
|
| +namespace {
|
| +
|
| +// The maximum size the crx2 parser will tolerate for a public key.
|
| +static const uint32_t kMaxPublicKeySize = 1 << 16;
|
| +
|
| +// The maximum size the crx2 parser will tolerate for a signature.
|
| +static const uint32_t kMaxSignatureSize = 1 << 16;
|
| +
|
| +int ReadAndHashBuffer(uint8_t* buffer,
|
| + size_t length,
|
| + base::File* file,
|
| + crypto::SecureHash* hash) {
|
| + // We assume a char is 8 bits long.
|
| + int read = file->ReadAtCurrentPos(reinterpret_cast<char*>(buffer), length);
|
| + hash->Update(buffer, read);
|
| + return read;
|
| +}
|
| +
|
| +// Returns UINT32_MAX in the case of an unexpected EOF or read error.
|
| +uint32_t ReadAndHashLittleEndianUInt32(base::File* file,
|
| + crypto::SecureHash* hash) {
|
| + uint8_t buffer[4];
|
| + if (ReadAndHashBuffer(buffer, 4, file, hash) != 4)
|
| + return UINT32_MAX;
|
| + return buffer[3] << 24 | buffer[2] << 16 | buffer[1] << 8 | buffer[0];
|
| +}
|
| +
|
| +} // namespace
|
| +
|
| +CrxVerifier::CrxVerifier() {}
|
| +
|
| +CrxVerifier::~CrxVerifier() {}
|
| +
|
| +void CrxVerifier::RequireKeyProof(const std::vector<uint8_t>& key_hash) {
|
| + key_hashes_.push_back(key_hash);
|
| +}
|
| +
|
| +void CrxVerifier::RequireFileHash(const std::vector<uint8_t>& expected_hash) {
|
| + expected_hash_ = expected_hash;
|
| +}
|
| +
|
| +void CrxVerifier::GetPublicKey(std::string* public_key) {
|
| + public_key_ = public_key;
|
| +}
|
| +
|
| +void CrxVerifier::GetCrxId(std::string* crx_id) {
|
| + crx_id_ = crx_id;
|
| +}
|
| +
|
| +void Crx3Verifier::RequirePublisherProof() {
|
| + require_publisher_proof_ = true;
|
| +}
|
| +
|
| +Crx3Verifier::Crx3Verifier() {
|
| + allow_crx2_ = false;
|
| +}
|
| +
|
| +Crx3Verifier::~Crx3Verifier() {}
|
| +
|
| +CrxVerifier::Result CrxVerifier::Verify(const base::FilePath& crx_path) const {
|
| + base::File file(crx_path, base::File::FLAG_OPEN | base::File::FLAG_READ);
|
| + if (!file.IsValid())
|
| + return Result::ERROR_FILE_NOT_READABLE;
|
| +
|
| + std::unique_ptr<crypto::SecureHash> file_hash =
|
| + crypto::SecureHash::Create(crypto::SecureHash::SHA256);
|
| +
|
| + // Magic number.
|
| + bool diff = false;
|
| + char buffer[kCrx2FileHeaderMagicSize];
|
| + int read = file.ReadAtCurrentPos(buffer, kCrx2FileHeaderMagicSize);
|
| + if (read != kCrx2FileHeaderMagicSize)
|
| + return Result::ERROR_HEADER_INVALID;
|
| + if (!strncmp(buffer, kCrxDiffFileHeaderMagic, kCrx2FileHeaderMagicSize))
|
| + diff = true;
|
| + else if (strncmp(buffer, kCrx2FileHeaderMagic, kCrx2FileHeaderMagicSize))
|
| + return Result::ERROR_HEADER_INVALID;
|
| + file_hash->Update(buffer, sizeof(buffer));
|
| +
|
| + // Version number.
|
| + uint32_t version = ReadAndHashLittleEndianUInt32(&file, file_hash.get());
|
| + Result result;
|
| + if (allow_crx2_ && (version == 2 || (diff && version == 0)))
|
| + result = VerifyCrx2(&file, file_hash.get());
|
| + else if (version == 3)
|
| + result = VerifyCrx3(&file, file_hash.get());
|
| + else
|
| + return Result::ERROR_HEADER_INVALID;
|
| + if (result != Result::OK_FULL)
|
| + return result;
|
| +
|
| + // Finalize file hash.
|
| + uint8_t final_hash[crypto::kSHA256Length];
|
| + file_hash->Finish(final_hash, sizeof(final_hash));
|
| + if (!expected_hash_.empty()) {
|
| + if (expected_hash_.size() != crypto::kSHA256Length)
|
| + return Result::ERROR_EXPECTED_HASH_INVALID;
|
| + if (!crypto::SecureMemEqual(final_hash, expected_hash_.data(),
|
| + crypto::kSHA256Length))
|
| + return Result::ERROR_FILE_HASH_FAILED;
|
| + }
|
| + return diff ? Result::OK_DELTA : Result::OK_FULL;
|
| +}
|
| +
|
| +CrxVerifier::Result CrxVerifier::VerifyCrx3(base::File* file,
|
| + crypto::SecureHash* hash) const {
|
| + // Crx3 files are not yet supported - treat this as a malformed header.
|
| + return Result::ERROR_HEADER_INVALID;
|
| +}
|
| +
|
| +CrxVerifier::Result CrxVerifier::VerifyCrx2(base::File* file,
|
| + crypto::SecureHash* hash) const {
|
| + uint32_t key_size = ReadAndHashLittleEndianUInt32(file, hash);
|
| + if (key_size > kMaxPublicKeySize)
|
| + return Result::ERROR_HEADER_INVALID;
|
| + uint32_t sig_size = ReadAndHashLittleEndianUInt32(file, hash);
|
| + if (sig_size > kMaxSignatureSize)
|
| + return Result::ERROR_HEADER_INVALID;
|
| + std::vector<uint8_t> key(key_size);
|
| + if (ReadAndHashBuffer(key.data(), key_size, file, hash) !=
|
| + static_cast<int>(key_size))
|
| + return Result::ERROR_HEADER_INVALID;
|
| + for (const auto& expected_hash : key_hashes_) {
|
| + // In practice we expect zero or one key_hashes_ for CRX2 files.
|
| + std::vector<uint8_t> hash(crypto::kSHA256Length);
|
| + std::unique_ptr<crypto::SecureHash> sha256(
|
| + crypto::SecureHash::Create(crypto::SecureHash::SHA256));
|
| + sha256->Update(key.data(), key.size());
|
| + sha256->Finish(hash.data(), hash.size());
|
| + if (hash != expected_hash)
|
| + return Result::ERROR_REQUIRED_PROOF_MISSING;
|
| + }
|
| +
|
| + std::vector<uint8_t> sig(sig_size);
|
| + if (ReadAndHashBuffer(sig.data(), sig_size, file, hash) !=
|
| + static_cast<int>(sig_size))
|
| + return Result::ERROR_HEADER_INVALID;
|
| + crypto::SignatureVerifier verifier;
|
| + if (!verifier.VerifyInit(crypto::SignatureVerifier::RSA_PKCS1_SHA1,
|
| + sig.data(), sig.size(), key.data(), key.size())) {
|
| + return Result::ERROR_SIGNATURE_INITIALIZATION_FAILED;
|
| + }
|
| +
|
| + // Read the rest of the file.
|
| + uint8_t buffer[1 << 12] = {};
|
| + size_t len;
|
| + while ((len = ReadAndHashBuffer(buffer, arraysize(buffer), file, hash)) > 0)
|
| + verifier.VerifyUpdate(buffer, len);
|
| + if (!verifier.VerifyFinal())
|
| + return Result::ERROR_SIGNATURE_VERIFICATION_FAILED;
|
| +
|
| + std::string public_key_bytes =
|
| + std::string(reinterpret_cast<char*>(&key.front()), key.size());
|
| + if (public_key_)
|
| + base::Base64Encode(public_key_bytes, public_key_);
|
| + if (crx_id_)
|
| + *crx_id_ = id_util::GenerateId(public_key_bytes);
|
| + return Result::OK_FULL;
|
| +}
|
| +
|
| +} // namespace crx_file
|
|
|
Chromium Code Reviews
Issue 2874503002:
Refactor CRX verification in preparation to support CRX₃ files. (Closed)
