// Copyright 2017 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifdef UNSAFE_BUFFERS_BUILD // TODO(crbug.com/40285824): Remove this and convert code to safer constructs. #pragma allow_unsafe_buffers #endif #include "components/crx_file/crx_verifier.h" #include <algorithm> #include <climits> #include <cstring> #include <iterator> #include <memory> #include <optional> #include <set> #include <utility> #include "base/base64.h" #include "base/files/file.h" #include "base/files/file_path.h" #include "base/functional/bind.h" #include "base/functional/callback.h" #include "base/numerics/safe_conversions.h" #include "base/strings/string_number_conversions.h" #include "components/crx_file/crx3.pb.h" #include "components/crx_file/crx_file.h" #include "components/crx_file/id_util.h" #include "crypto/secure_hash.h" #include "crypto/secure_util.h" #include "crypto/sha2.h" #include "crypto/signature_verifier.h" namespace crx_file { namespace { // The SHA256 hash of the DER SPKI "ecdsa_2017_public" Crx3 key. constexpr uint8_t kPublisherKeyHash[] = …; // The SHA256 hash of the DER SPKI "ecdsa_2017_public" Crx3 test key. constexpr uint8_t kPublisherTestKeyHash[] = …; constexpr uint8_t kEocd[] = …; constexpr uint8_t kEocd64[] = …; VerifierCollection; RepeatedProof; int ReadAndHashBuffer(uint8_t* buffer, int length, base::File* file, crypto::SecureHash* hash) { … } // Returns UINT32_MAX in the case of an unexpected EOF or read error, else // returns the read uint32. uint32_t ReadAndHashLittleEndianUInt32(base::File* file, crypto::SecureHash* hash) { … } // Read to the end of the file, updating the hash and all verifiers. bool ReadHashAndVerifyArchive(base::File* file, crypto::SecureHash* hash, const VerifierCollection& verifiers) { … } // The remaining contents of a Crx3 file are [header-size][header][archive]. // [header] is an encoded protocol buffer and contains both a signed and // unsigned section. The unsigned section contains a set of key/signature pairs, // and the signed section is the encoding of another protocol buffer. All // signatures cover [prefix][signed-header-size][signed-header][archive]. VerifierResult VerifyCrx3( base::File* file, crypto::SecureHash* hash, const std::vector<std::vector<uint8_t>>& required_key_hashes, std::string* public_key, std::string* crx_id, std::vector<uint8_t>* compressed_verified_contents, bool require_publisher_key, bool accept_publisher_test_key) { … } } // namespace VerifierResult Verify( const base::FilePath& crx_path, const VerifierFormat& format, const std::vector<std::vector<uint8_t>>& required_key_hashes, const std::vector<uint8_t>& required_file_hash, std::string* public_key, std::string* crx_id, std::vector<uint8_t>* compressed_verified_contents) { … } } // namespace crx_file
Codebase Browser
chromium