Google Git
Sign in
chromium / chromium / src.git / f1050434d223c0a6ceabf9802106a0cedce7796b / . / chrome / browser / component_updater / component_unpacker.cc
blob: a431690cf232f749a07454e3bfa0db32fbde409e [file] [log] [blame]
[email protected]f1050432012-02-15 01:35:46[diff] [blame^]1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
[email protected]2e114e732011-07-22 02:55:04[diff] [blame]2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chrome/browser/component_updater/component_unpacker.h"
6
7#include <string>
8#include <vector>
9
10#include "base/file_util.h"
[email protected]005bab02011-10-07 18:36:00[diff] [blame]11#include "base/json/json_value_serializer.h"
[email protected]2e114e732011-07-22 02:55:04[diff] [blame]12#include "base/memory/scoped_handle.h"
13#include "base/string_number_conversions.h"
14#include "base/stringprintf.h"
15#include "chrome/browser/extensions/sandboxed_extension_unpacker.h"
16#include "chrome/browser/component_updater/component_updater_service.h"
17#include "chrome/common/extensions/extension_constants.h"
18#include "chrome/common/zip.h"
[email protected]2e114e732011-07-22 02:55:04[diff] [blame]19#include "crypto/secure_hash.h"
20#include "crypto/signature_verifier.h"
21
22using crypto::SecureHash;
23
[email protected]2e114e732011-07-22 02:55:04[diff] [blame]24namespace {
25// This class makes sure that the CRX digital signature is valid
26// and well formed.
27class CRXValidator {
28 public:
29 enum Result {
30 kValid,
31 kInvalidHeader,
32 kWrongMagic,
33 kInvalidVersion,
34 kInvalidKey,
35 kInvalidSignature,
36 kWrongKeyFormat,
37 kSignatureMismatch,
38 kLast
39 };
40
41 explicit CRXValidator(FILE* crx_file) : result_(kLast) {
42 SXU::ExtensionHeader header;
43 size_t len = fread(&header, 1, sizeof(header), crx_file);
44 if (len < sizeof(header)) {
45 result_ = kInvalidHeader;
46 return;
47 }
48 if (strncmp(SXU::kExtensionHeaderMagic, header.magic,
49 sizeof(header.magic))) {
50 result_ = kWrongMagic;
51 return;
52 }
53 if (header.version != SXU::kCurrentVersion) {
54 result_ = kInvalidVersion;
55 return;
56 }
57 if ((header.key_size > SXU::kMaxPublicKeySize) ||
58 (header.key_size == 0)) {
59 result_ = kInvalidKey;
60 return;
61 }
62 if ((header.signature_size > SXU::kMaxSignatureSize) ||
63 (header.signature_size == 0)) {
64 result_ = kInvalidSignature;
65 return;
66 }
67
68 std::vector<uint8> key(header.key_size);
69 len = fread(&key[0], sizeof(uint8), header.key_size, crx_file);
70 if (len < header.key_size) {
71 result_ = kInvalidKey;
72 return;
73 }
74
75 std::vector<uint8> signature(header.signature_size);
76 len = fread(&signature[0], sizeof(uint8), header.signature_size, crx_file);
77 if (len < header.signature_size) {
78 result_ = kInvalidSignature;
79 return;
80 }
81
82 crypto::SignatureVerifier verifier;
83 if (!verifier.VerifyInit(extension_misc::kSignatureAlgorithm,
84 sizeof(extension_misc::kSignatureAlgorithm),
85 &signature[0], signature.size(),
86 &key[0], key.size())) {
87 // Signature verification initialization failed. This is most likely
88 // caused by a public key in the wrong format (should encode algorithm).
89 result_ = kWrongKeyFormat;
90 return;
91 }
92
93 const size_t kBufSize = 8 * 1024;
[email protected]f3da5912011-08-04 07:44:47[diff] [blame]94 scoped_array<uint8> buf(new uint8[kBufSize]);
[email protected]2e114e732011-07-22 02:55:04[diff] [blame]95 while ((len = fread(buf.get(), 1, kBufSize, crx_file)) > 0)
96 verifier.VerifyUpdate(buf.get(), len);
97
98 if (!verifier.VerifyFinal()) {
99 result_ = kSignatureMismatch;
100 return;
101 }
102
103 public_key_.swap(key);
104 result_ = kValid;
105 }
106
107 Result result() const { return result_; }
108
109 const std::vector<uint8>& public_key() const { return public_key_; }
110
111 private:
112 // TODO(cpu): Move the kExtensionHeaderMagic constants to a better header
113 // right now it feels we are reaching too deep into the extension code.
114 typedef SandboxedExtensionUnpacker SXU;
115 Result result_;
116 std::vector<uint8> public_key_;
117};
118
119// Deserialize the CRX manifest. The top level must be a dictionary.
120// TODO(cpu): add a specific attribute check to a component json that the
121// extension unpacker will reject, so that a component cannot be installed
122// as an extension.
123base::DictionaryValue* ReadManifest(const FilePath& unpack_path) {
124 FilePath manifest = unpack_path.Append(FILE_PATH_LITERAL("manifest.json"));
125 if (!file_util::PathExists(manifest))
126 return NULL;
127 JSONFileValueSerializer serializer(manifest);
128 std::string error;
129 scoped_ptr<base::Value> root(serializer.Deserialize(NULL, &error));
130 if (!root.get())
131 return NULL;
132 if (!root->IsType(base::Value::TYPE_DICTIONARY))
133 return NULL;
134 return static_cast<base::DictionaryValue*>(root.release());
135}
136
137} // namespace.
138
139ComponentUnpacker::ComponentUnpacker(const std::vector<uint8>& pk_hash,
140 const FilePath& path,
141 ComponentInstaller* installer)
142 : error_(kNone) {
143 if (pk_hash.empty() || path.empty()) {
144 error_ = kInvalidParams;
145 return;
146 }
147 // First, validate the CRX header and signature. As of today
148 // this is SHA1 with RSA 1024.
149 ScopedStdioHandle file(file_util::OpenFile(path, "rb"));
150 if (!file.get()) {
151 error_ = kInvalidFile;
152 return;
153 }
154 CRXValidator validator(file.get());
155 if (validator.result() != CRXValidator::kValid) {
156 error_ = kInvalidFile;
157 return;
158 }
159 file.Close();
160
[email protected]f1050432012-02-15 01:35:46[diff] [blame^]161 // File is valid and the digital signature matches. Now make sure
[email protected]2e114e732011-07-22 02:55:04[diff] [blame]162 // the public key hash matches the expected hash. If they do we fully
163 // trust this CRX.
164 uint8 hash[32];
165 scoped_ptr<SecureHash> sha256(SecureHash::Create(SecureHash::SHA256));
166 sha256->Update(&(validator.public_key()[0]), validator.public_key().size());
167 sha256->Finish(hash, arraysize(hash));
168
169 if (!std::equal(pk_hash.begin(), pk_hash.end(), hash)) {
170 error_ = kInvalidId;
171 return;
172 }
173 // We want the temporary directory to be unique and yet predictable, so
174 // we can easily find the package in a end user machine.
175 std::string dir(StringPrintf("CRX_%s", base::HexEncode(hash, 6).c_str()));
176 unpack_path_ = path.DirName().AppendASCII(dir.c_str());
177 if (file_util::DirectoryExists(unpack_path_)) {
178 if (!file_util::Delete(unpack_path_, true)) {
179 unpack_path_.clear();
180 error_ = kUzipPathError;
181 return;
182 }
183 }
184 if (!file_util::CreateDirectory(unpack_path_)) {
185 unpack_path_.clear();
186 error_ = kUzipPathError;
187 return;
188 }
[email protected]b3eb3dd22011-10-26 06:59:34[diff] [blame]189 if (!zip::Unzip(path, unpack_path_)) {
[email protected]2e114e732011-07-22 02:55:04[diff] [blame]190 error_ = kUnzipFailed;
191 return;
192 }
193 scoped_ptr<base::DictionaryValue> manifest(ReadManifest(unpack_path_));
194 if (!manifest.get()) {
195 error_ = kBadManifest;
196 return;
197 }
198 if (!installer->Install(manifest.release(), unpack_path_)) {
199 error_ = kInstallerError;
200 return;
201 }
[email protected]f1050432012-02-15 01:35:46[diff] [blame^]202 // Installation successful. The directory is not our concern now.
[email protected]2e114e732011-07-22 02:55:04[diff] [blame]203 unpack_path_.clear();
204}
205
206ComponentUnpacker::~ComponentUnpacker() {
207 if (!unpack_path_.empty()) {
208 file_util::Delete(unpack_path_, true);
209 }
210}