OLD | NEW |
(Empty) | |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "components/update_client/component_unpacker.h" |
| 6 |
| 7 #include <stdint.h> |
| 8 #include <string> |
| 9 #include <vector> |
| 10 |
| 11 #include "base/bind.h" |
| 12 #include "base/files/file_path.h" |
| 13 #include "base/files/file_util.h" |
| 14 #include "base/files/scoped_file.h" |
| 15 #include "base/json/json_file_value_serializer.h" |
| 16 #include "base/location.h" |
| 17 #include "base/logging.h" |
| 18 #include "base/numerics/safe_conversions.h" |
| 19 #include "base/strings/string_number_conversions.h" |
| 20 #include "base/strings/stringprintf.h" |
| 21 #include "base/values.h" |
| 22 #include "components/crx_file/constants.h" |
| 23 #include "components/crx_file/crx_file.h" |
| 24 #include "components/update_client/component_patcher.h" |
| 25 #include "components/update_client/component_patcher_operation.h" |
| 26 #include "components/update_client/update_client.h" |
| 27 #include "crypto/secure_hash.h" |
| 28 #include "crypto/signature_verifier.h" |
| 29 #include "third_party/zlib/google/zip.h" |
| 30 |
| 31 using crypto::SecureHash; |
| 32 |
| 33 namespace update_client { |
| 34 |
| 35 namespace { |
| 36 |
| 37 // This class makes sure that the CRX digital signature is valid |
| 38 // and well formed. |
| 39 class CRXValidator { |
| 40 public: |
| 41 explicit CRXValidator(FILE* crx_file) : valid_(false), is_delta_(false) { |
| 42 crx_file::CrxFile::Header header; |
| 43 size_t len = fread(&header, 1, sizeof(header), crx_file); |
| 44 if (len < sizeof(header)) |
| 45 return; |
| 46 |
| 47 crx_file::CrxFile::Error error; |
| 48 scoped_ptr<crx_file::CrxFile> crx(crx_file::CrxFile::Parse(header, &error)); |
| 49 if (!crx.get()) |
| 50 return; |
| 51 is_delta_ = crx_file::CrxFile::HeaderIsDelta(header); |
| 52 |
| 53 std::vector<uint8_t> key(header.key_size); |
| 54 len = fread(&key[0], sizeof(uint8_t), header.key_size, crx_file); |
| 55 if (len < header.key_size) |
| 56 return; |
| 57 |
| 58 std::vector<uint8_t> signature(header.signature_size); |
| 59 len = |
| 60 fread(&signature[0], sizeof(uint8_t), header.signature_size, crx_file); |
| 61 if (len < header.signature_size) |
| 62 return; |
| 63 |
| 64 crypto::SignatureVerifier verifier; |
| 65 if (!verifier.VerifyInit( |
| 66 crx_file::kSignatureAlgorithm, |
| 67 base::checked_cast<int>(sizeof(crx_file::kSignatureAlgorithm)), |
| 68 &signature[0], base::checked_cast<int>(signature.size()), &key[0], |
| 69 base::checked_cast<int>(key.size()))) { |
| 70 // Signature verification initialization failed. This is most likely |
| 71 // caused by a public key in the wrong format (should encode algorithm). |
| 72 return; |
| 73 } |
| 74 |
| 75 const size_t kBufSize = 8 * 1024; |
| 76 scoped_ptr<uint8_t[]> buf(new uint8_t[kBufSize]); |
| 77 while ((len = fread(buf.get(), 1, kBufSize, crx_file)) > 0) |
| 78 verifier.VerifyUpdate(buf.get(), base::checked_cast<int>(len)); |
| 79 |
| 80 if (!verifier.VerifyFinal()) |
| 81 return; |
| 82 |
| 83 public_key_.swap(key); |
| 84 valid_ = true; |
| 85 } |
| 86 |
| 87 bool valid() const { return valid_; } |
| 88 |
| 89 bool is_delta() const { return is_delta_; } |
| 90 |
| 91 const std::vector<uint8_t>& public_key() const { return public_key_; } |
| 92 |
| 93 private: |
| 94 bool valid_; |
| 95 bool is_delta_; |
| 96 std::vector<uint8_t> public_key_; |
| 97 }; |
| 98 |
| 99 } // namespace |
| 100 |
| 101 ComponentUnpacker::ComponentUnpacker( |
| 102 const std::vector<uint8_t>& pk_hash, |
| 103 const base::FilePath& path, |
| 104 const std::string& fingerprint, |
| 105 ComponentInstaller* installer, |
| 106 scoped_refptr<OutOfProcessPatcher> oop_patcher, |
| 107 scoped_refptr<base::SequencedTaskRunner> task_runner) |
| 108 : pk_hash_(pk_hash), |
| 109 path_(path), |
| 110 is_delta_(false), |
| 111 fingerprint_(fingerprint), |
| 112 installer_(installer), |
| 113 oop_patcher_(oop_patcher), |
| 114 error_(kNone), |
| 115 extended_error_(0), |
| 116 task_runner_(task_runner) { |
| 117 } |
| 118 |
| 119 // TODO(cpu): add a specific attribute check to a component json that the |
| 120 // extension unpacker will reject, so that a component cannot be installed |
| 121 // as an extension. |
| 122 scoped_ptr<base::DictionaryValue> ReadManifest( |
| 123 const base::FilePath& unpack_path) { |
| 124 base::FilePath manifest = |
| 125 unpack_path.Append(FILE_PATH_LITERAL("manifest.json")); |
| 126 if (!base::PathExists(manifest)) |
| 127 return scoped_ptr<base::DictionaryValue>(); |
| 128 JSONFileValueSerializer serializer(manifest); |
| 129 std::string error; |
| 130 scoped_ptr<base::Value> root(serializer.Deserialize(NULL, &error)); |
| 131 if (!root.get()) |
| 132 return scoped_ptr<base::DictionaryValue>(); |
| 133 if (!root->IsType(base::Value::TYPE_DICTIONARY)) |
| 134 return scoped_ptr<base::DictionaryValue>(); |
| 135 return scoped_ptr<base::DictionaryValue>( |
| 136 static_cast<base::DictionaryValue*>(root.release())).Pass(); |
| 137 } |
| 138 |
| 139 bool ComponentUnpacker::UnpackInternal() { |
| 140 return Verify() && Unzip() && BeginPatching(); |
| 141 } |
| 142 |
| 143 void ComponentUnpacker::Unpack(const Callback& callback) { |
| 144 callback_ = callback; |
| 145 if (!UnpackInternal()) |
| 146 Finish(); |
| 147 } |
| 148 |
| 149 bool ComponentUnpacker::Verify() { |
| 150 VLOG(1) << "Verifying component: " << path_.value(); |
| 151 if (pk_hash_.empty() || path_.empty()) { |
| 152 error_ = kInvalidParams; |
| 153 return false; |
| 154 } |
| 155 // First, validate the CRX header and signature. As of today |
| 156 // this is SHA1 with RSA 1024. |
| 157 base::ScopedFILE file(base::OpenFile(path_, "rb")); |
| 158 if (!file.get()) { |
| 159 error_ = kInvalidFile; |
| 160 return false; |
| 161 } |
| 162 CRXValidator validator(file.get()); |
| 163 file.reset(); |
| 164 if (!validator.valid()) { |
| 165 error_ = kInvalidFile; |
| 166 return false; |
| 167 } |
| 168 is_delta_ = validator.is_delta(); |
| 169 |
| 170 // File is valid and the digital signature matches. Now make sure |
| 171 // the public key hash matches the expected hash. If they do we fully |
| 172 // trust this CRX. |
| 173 uint8_t hash[32] = {}; |
| 174 scoped_ptr<SecureHash> sha256(SecureHash::Create(SecureHash::SHA256)); |
| 175 sha256->Update(&(validator.public_key()[0]), validator.public_key().size()); |
| 176 sha256->Finish(hash, arraysize(hash)); |
| 177 |
| 178 if (!std::equal(pk_hash_.begin(), pk_hash_.end(), hash)) { |
| 179 VLOG(1) << "Hash mismatch: " << path_.value(); |
| 180 error_ = kInvalidId; |
| 181 return false; |
| 182 } |
| 183 VLOG(1) << "Verification successful: " << path_.value(); |
| 184 return true; |
| 185 } |
| 186 |
| 187 bool ComponentUnpacker::Unzip() { |
| 188 base::FilePath& destination = is_delta_ ? unpack_diff_path_ : unpack_path_; |
| 189 VLOG(1) << "Unpacking in: " << destination.value(); |
| 190 if (!base::CreateNewTempDirectory(base::FilePath::StringType(), |
| 191 &destination)) { |
| 192 VLOG(1) << "Unable to create temporary directory for unpacking."; |
| 193 error_ = kUnzipPathError; |
| 194 return false; |
| 195 } |
| 196 if (!zip::Unzip(path_, destination)) { |
| 197 VLOG(1) << "Unzipping failed."; |
| 198 error_ = kUnzipFailed; |
| 199 return false; |
| 200 } |
| 201 VLOG(1) << "Unpacked successfully"; |
| 202 return true; |
| 203 } |
| 204 |
| 205 bool ComponentUnpacker::BeginPatching() { |
| 206 if (is_delta_) { // Package is a diff package. |
| 207 // Use a different temp directory for the patch output files. |
| 208 if (!base::CreateNewTempDirectory(base::FilePath::StringType(), |
| 209 &unpack_path_)) { |
| 210 error_ = kUnzipPathError; |
| 211 return false; |
| 212 } |
| 213 patcher_ = new ComponentPatcher(unpack_diff_path_, unpack_path_, installer_, |
| 214 oop_patcher_, task_runner_); |
| 215 task_runner_->PostTask( |
| 216 FROM_HERE, |
| 217 base::Bind(&ComponentPatcher::Start, patcher_, |
| 218 base::Bind(&ComponentUnpacker::EndPatching, |
| 219 scoped_refptr<ComponentUnpacker>(this)))); |
| 220 } else { |
| 221 task_runner_->PostTask( |
| 222 FROM_HERE, |
| 223 base::Bind(&ComponentUnpacker::EndPatching, |
| 224 scoped_refptr<ComponentUnpacker>(this), kNone, 0)); |
| 225 } |
| 226 return true; |
| 227 } |
| 228 |
| 229 void ComponentUnpacker::EndPatching(Error error, int extended_error) { |
| 230 error_ = error; |
| 231 extended_error_ = extended_error; |
| 232 patcher_ = NULL; |
| 233 if (error_ != kNone) { |
| 234 Finish(); |
| 235 return; |
| 236 } |
| 237 // Optimization: clean up patch files early, in case disk space is too low to |
| 238 // install otherwise. |
| 239 if (!unpack_diff_path_.empty()) { |
| 240 base::DeleteFile(unpack_diff_path_, true); |
| 241 unpack_diff_path_.clear(); |
| 242 } |
| 243 Install(); |
| 244 Finish(); |
| 245 } |
| 246 |
| 247 void ComponentUnpacker::Install() { |
| 248 // Write the fingerprint to disk. |
| 249 if (static_cast<int>(fingerprint_.size()) != |
| 250 base::WriteFile( |
| 251 unpack_path_.Append(FILE_PATH_LITERAL("manifest.fingerprint")), |
| 252 fingerprint_.c_str(), base::checked_cast<int>(fingerprint_.size()))) { |
| 253 error_ = kFingerprintWriteFailed; |
| 254 return; |
| 255 } |
| 256 scoped_ptr<base::DictionaryValue> manifest(ReadManifest(unpack_path_)); |
| 257 if (!manifest.get()) { |
| 258 error_ = kBadManifest; |
| 259 return; |
| 260 } |
| 261 DCHECK(error_ == kNone); |
| 262 if (!installer_->Install(*manifest, unpack_path_)) { |
| 263 error_ = kInstallerError; |
| 264 return; |
| 265 } |
| 266 } |
| 267 |
| 268 void ComponentUnpacker::Finish() { |
| 269 if (!unpack_diff_path_.empty()) |
| 270 base::DeleteFile(unpack_diff_path_, true); |
| 271 if (!unpack_path_.empty()) |
| 272 base::DeleteFile(unpack_path_, true); |
| 273 callback_.Run(error_, extended_error_); |
| 274 } |
| 275 |
| 276 ComponentUnpacker::~ComponentUnpacker() { |
| 277 } |
| 278 |
| 279 } // namespace update_client |
OLD | NEW |