|  | // Copyright 2017 The Cobalt Authors. All rights reserved. | 
|  | // Use of this source code is governed by a BSD-style license that can be | 
|  | // found in the LICENSE file. | 
|  |  | 
|  | #include "components/crx_file/crx_verifier.h" | 
|  |  | 
|  | #include <cstring> | 
|  | #include <iterator> | 
|  | #include <memory> | 
|  | #include <set> | 
|  | #include <utility> | 
|  |  | 
|  | #include "base/base64.h" | 
|  | #include "base/bind.h" | 
|  | #include "base/callback.h" | 
|  | #include "base/files/file.h" | 
|  | #include "base/files/file_path.h" | 
|  | #include "base/stl_util.h" | 
|  | #include "base/strings/string_number_conversions.h" | 
|  | #include "components/crx_file/crx3.pb.h" | 
|  | #include "components/crx_file/crx_file.h" | 
|  | #include "components/crx_file/id_util.h" | 
|  | #include "crypto/secure_hash.h" | 
|  | #include "crypto/secure_util.h" | 
|  | #include "crypto/sha2.h" | 
|  | #include "crypto/signature_verifier.h" | 
|  |  | 
|  | namespace crx_file { | 
|  |  | 
|  | namespace { | 
|  |  | 
|  | // The maximum size the Crx2 parser will tolerate for a public key. | 
|  | constexpr uint32_t kMaxPublicKeySize = 1 << 16; | 
|  |  | 
|  | // The maximum size the Crx2 parser will tolerate for a signature. | 
|  | constexpr uint32_t kMaxSignatureSize = 1 << 16; | 
|  |  | 
|  | // The maximum size the Crx3 parser will tolerate for a header. | 
|  | constexpr uint32_t kMaxHeaderSize = 1 << 18; | 
|  |  | 
|  | // The SHA256 hash of the DER SPKI "ecdsa_2017_public" Crx3 key. | 
|  | constexpr uint8_t kPublisherKeyHash[] = { | 
|  | 0x61, 0xf7, 0xf2, 0xa6, 0xbf, 0xcf, 0x74, 0xcd, 0x0b, 0xc1, 0xfe, | 
|  | 0x24, 0x97, 0xcc, 0x9b, 0x04, 0x25, 0x4c, 0x65, 0x8f, 0x79, 0xf2, | 
|  | 0x14, 0x53, 0x92, 0x86, 0x7e, 0xa8, 0x36, 0x63, 0x67, 0xcf}; | 
|  |  | 
|  | // The SHA256 hash of the DER SPKI "ecdsa_2017_public" Crx3 test key. | 
|  | constexpr uint8_t kPublisherTestKeyHash[] = { | 
|  | 0x6c, 0x46, 0x41, 0x3b, 0x00, 0xd0, 0xfa, 0x0e, 0x72, 0xc8, 0xd2, | 
|  | 0x5f, 0x64, 0xf3, 0xa6, 0x17, 0x03, 0x0d, 0xde, 0x21, 0x61, 0xbe, | 
|  | 0xb7, 0x95, 0x91, 0x95, 0x83, 0x68, 0x12, 0xe9, 0x78, 0x1e}; | 
|  |  | 
|  | using VerifierCollection = | 
|  | std::vector<std::unique_ptr<crypto::SignatureVerifier>>; | 
|  | using RepeatedProof = google::protobuf::RepeatedPtrField<AsymmetricKeyProof>; | 
|  |  | 
|  | int ReadAndHashBuffer(uint8_t* buffer, | 
|  | int length, | 
|  | base::File* file, | 
|  | crypto::SecureHash* hash) { | 
|  | static_assert(sizeof(char) == sizeof(uint8_t), "Unsupported char size."); | 
|  | int read = file->ReadAtCurrentPos(reinterpret_cast<char*>(buffer), length); | 
|  | if (read > 0) | 
|  | hash->Update(buffer, read); | 
|  | return read; | 
|  | } | 
|  | #if defined(IN_MEMORY_UPDATES) | 
|  | int ReadAndHashBufferFromString(uint8_t* buffer, | 
|  | int length, | 
|  | std::string::const_iterator* it, | 
|  | crypto::SecureHash* hash) { | 
|  | static_assert(sizeof(char) == sizeof(uint8_t), "Unsupported char size."); | 
|  | memcpy(buffer, &(**it), length); | 
|  | hash->Update(buffer, length); | 
|  |  | 
|  | // TODO(b/158043520): consider wrapping the CRX string in a type that keeps | 
|  | // track of how much of the string has already been copied so that the string | 
|  | // can be "read" like a file, without direct management of the iterator. | 
|  | std::advance(*it, length); | 
|  |  | 
|  | return length; | 
|  | } | 
|  | #endif | 
|  |  | 
|  | // Returns UINT32_MAX in the case of an unexpected EOF or read error, else | 
|  | // returns the read uint32. | 
|  | uint32_t ReadAndHashLittleEndianUInt32(base::File* file, | 
|  | crypto::SecureHash* hash) { | 
|  | uint8_t buffer[4] = {}; | 
|  | if (ReadAndHashBuffer(buffer, 4, file, hash) != 4) | 
|  | return UINT32_MAX; | 
|  | return buffer[3] << 24 | buffer[2] << 16 | buffer[1] << 8 | buffer[0]; | 
|  | } | 
|  | #if defined(IN_MEMORY_UPDATES) | 
|  | // Returns the read uint32. | 
|  | uint32_t ReadAndHashLittleEndianUInt32FromString( | 
|  | std::string::const_iterator* it, | 
|  | crypto::SecureHash* hash) { | 
|  | uint8_t buffer[4] = {}; | 
|  | ReadAndHashBufferFromString(buffer, sizeof(buffer), it, hash); | 
|  | return buffer[3] << 24 | buffer[2] << 16 | buffer[1] << 8 | buffer[0]; | 
|  | } | 
|  | #endif | 
|  |  | 
|  | // Read to the end of the file, updating the hash and all verifiers. | 
|  | bool ReadHashAndVerifyArchive(base::File* file, | 
|  | crypto::SecureHash* hash, | 
|  | const VerifierCollection& verifiers) { | 
|  | uint8_t buffer[1 << 12] = {}; | 
|  | size_t len = 0; | 
|  | while ((len = ReadAndHashBuffer(buffer, base::size(buffer), file, hash)) > | 
|  | 0) { | 
|  | for (auto& verifier : verifiers) | 
|  | verifier->VerifyUpdate(base::make_span(buffer, len)); | 
|  | } | 
|  | for (auto& verifier : verifiers) { | 
|  | if (!verifier->VerifyFinal()) | 
|  | return false; | 
|  | } | 
|  | return len == 0; | 
|  | } | 
|  | #if defined(IN_MEMORY_UPDATES) | 
|  | // Reads to the end of the string, updating the hash and all verifiers. | 
|  | bool ReadHashAndVerifyArchiveFromString(const std::string& crx_str, | 
|  | std::string::const_iterator* it, | 
|  | crypto::SecureHash* hash, | 
|  | const VerifierCollection& verifiers) { | 
|  | int remaining_bytes = crx_str.end() - *it; | 
|  |  | 
|  | uint8_t buffer[1 << 12] = {}; | 
|  | while (remaining_bytes > 0) { | 
|  | size_t len = remaining_bytes >= base::size(buffer) ? base::size(buffer) | 
|  | : remaining_bytes; | 
|  |  | 
|  | ReadAndHashBufferFromString(buffer, len, it, hash); | 
|  | remaining_bytes -= len; | 
|  |  | 
|  | for (auto& verifier : verifiers) { | 
|  | verifier->VerifyUpdate(base::make_span(buffer, len)); | 
|  | } | 
|  | } | 
|  |  | 
|  | for (auto& verifier : verifiers) { | 
|  | if (!verifier->VerifyFinal()) | 
|  | return false; | 
|  | } | 
|  | return true; | 
|  | } | 
|  | #endif | 
|  |  | 
|  | // The remaining contents of a Crx3 file are [header-size][header][archive]. | 
|  | // [header] is an encoded protocol buffer and contains both a signed and | 
|  | // unsigned section. The unsigned section contains a set of key/signature pairs, | 
|  | // and the signed section is the encoding of another protocol buffer. All | 
|  | // signatures cover [prefix][signed-header-size][signed-header][archive]. | 
|  | VerifierResult VerifyCrx3( | 
|  | base::File* file, | 
|  | crypto::SecureHash* hash, | 
|  | const std::vector<std::vector<uint8_t>>& required_key_hashes, | 
|  | std::string* public_key, | 
|  | std::string* crx_id, | 
|  | bool require_publisher_key, | 
|  | bool accept_publisher_test_key) { | 
|  | // Parse [header-size] and [header]. | 
|  | const uint32_t header_size = ReadAndHashLittleEndianUInt32(file, hash); | 
|  | if (header_size > kMaxHeaderSize) | 
|  | return VerifierResult::ERROR_HEADER_INVALID; | 
|  | std::vector<uint8_t> header_bytes(header_size); | 
|  | // Assuming kMaxHeaderSize can fit in an int, the following cast is safe. | 
|  | if (ReadAndHashBuffer(header_bytes.data(), header_size, file, hash) != | 
|  | static_cast<int>(header_size)) | 
|  | return VerifierResult::ERROR_HEADER_INVALID; | 
|  | CrxFileHeader header; | 
|  | if (!header.ParseFromArray(header_bytes.data(), header_size)) | 
|  | return VerifierResult::ERROR_HEADER_INVALID; | 
|  |  | 
|  | // Parse [signed-header]. | 
|  | const std::string& signed_header_data_str = header.signed_header_data(); | 
|  | SignedData signed_header_data; | 
|  | if (!signed_header_data.ParseFromString(signed_header_data_str)) | 
|  | return VerifierResult::ERROR_HEADER_INVALID; | 
|  | const std::string& crx_id_encoded = signed_header_data.crx_id(); | 
|  | const std::string declared_crx_id = id_util::GenerateIdFromHex( | 
|  | base::HexEncode(crx_id_encoded.data(), crx_id_encoded.size())); | 
|  |  | 
|  | // Create a little-endian representation of [signed-header-size]. | 
|  | const int signed_header_size = signed_header_data_str.size(); | 
|  | const uint8_t header_size_octets[] = { | 
|  | static_cast<uint8_t>(signed_header_size), | 
|  | static_cast<uint8_t>(signed_header_size >> 8), | 
|  | static_cast<uint8_t>(signed_header_size >> 16), | 
|  | static_cast<uint8_t>(signed_header_size >> 24)}; | 
|  |  | 
|  | // Create a set of all required key hashes. | 
|  | std::set<std::vector<uint8_t>> required_key_set(required_key_hashes.begin(), | 
|  | required_key_hashes.end()); | 
|  |  | 
|  | using ProofFetcher = const RepeatedProof& (CrxFileHeader::*)() const; | 
|  | ProofFetcher rsa = &CrxFileHeader::sha256_with_rsa; | 
|  | ProofFetcher ecdsa = &CrxFileHeader::sha256_with_ecdsa; | 
|  |  | 
|  | std::string public_key_bytes; | 
|  | VerifierCollection verifiers; | 
|  | verifiers.reserve(header.sha256_with_rsa_size() + | 
|  | header.sha256_with_ecdsa_size()); | 
|  | const std::vector< | 
|  | std::pair<ProofFetcher, crypto::SignatureVerifier::SignatureAlgorithm>> | 
|  | proof_types = { | 
|  | std::make_pair(rsa, crypto::SignatureVerifier::RSA_PKCS1_SHA256), | 
|  | std::make_pair(ecdsa, crypto::SignatureVerifier::ECDSA_SHA256)}; | 
|  |  | 
|  | std::vector<uint8_t> publisher_key(std::begin(kPublisherKeyHash), | 
|  | std::end(kPublisherKeyHash)); | 
|  | base::Optional<std::vector<uint8_t>> publisher_test_key; | 
|  | if (accept_publisher_test_key) { | 
|  | publisher_test_key.emplace(std::begin(kPublisherTestKeyHash), | 
|  | std::end(kPublisherTestKeyHash)); | 
|  | } | 
|  | bool found_publisher_key = false; | 
|  |  | 
|  | // Initialize all verifiers and update them with | 
|  | // [prefix][signed-header-size][signed-header]. | 
|  | // Clear any elements of required_key_set that are encountered, and watch for | 
|  | // the developer key. | 
|  | for (const auto& proof_type : proof_types) { | 
|  | for (const auto& proof : (header.*proof_type.first)()) { | 
|  | const std::string& key = proof.public_key(); | 
|  | const std::string& sig = proof.signature(); | 
|  | if (id_util::GenerateId(key) == declared_crx_id) | 
|  | public_key_bytes = key; | 
|  | std::vector<uint8_t> key_hash(crypto::kSHA256Length); | 
|  | crypto::SHA256HashString(key, key_hash.data(), key_hash.size()); | 
|  | required_key_set.erase(key_hash); | 
|  | DCHECK_EQ(accept_publisher_test_key, publisher_test_key.has_value()); | 
|  | found_publisher_key = | 
|  | found_publisher_key || key_hash == publisher_key || | 
|  | (accept_publisher_test_key && key_hash == *publisher_test_key); | 
|  | auto v = std::make_unique<crypto::SignatureVerifier>(); | 
|  | static_assert(sizeof(unsigned char) == sizeof(uint8_t), | 
|  | "Unsupported char size."); | 
|  | if (!v->VerifyInit(proof_type.second, | 
|  | base::as_bytes(base::make_span(sig)), | 
|  | base::as_bytes(base::make_span(key)))) | 
|  | return VerifierResult::ERROR_SIGNATURE_INITIALIZATION_FAILED; | 
|  | v->VerifyUpdate(kSignatureContext); | 
|  | v->VerifyUpdate(header_size_octets); | 
|  | v->VerifyUpdate(base::as_bytes(base::make_span(signed_header_data_str))); | 
|  | verifiers.push_back(std::move(v)); | 
|  | } | 
|  | } | 
|  | if (public_key_bytes.empty() || !required_key_set.empty()) | 
|  | return VerifierResult::ERROR_REQUIRED_PROOF_MISSING; | 
|  |  | 
|  | if (require_publisher_key && !found_publisher_key) | 
|  | return VerifierResult::ERROR_REQUIRED_PROOF_MISSING; | 
|  |  | 
|  | // Update and finalize the verifiers with [archive]. | 
|  | if (!ReadHashAndVerifyArchive(file, hash, verifiers)) | 
|  | return VerifierResult::ERROR_SIGNATURE_VERIFICATION_FAILED; | 
|  |  | 
|  | base::Base64Encode(public_key_bytes, public_key); | 
|  | *crx_id = declared_crx_id; | 
|  | return VerifierResult::OK_FULL; | 
|  | } | 
|  |  | 
|  | #if defined(IN_MEMORY_UPDATES) | 
|  | // TODO(b/158043520): because we want to leave the Chromium code relatively | 
|  | // intact and also want to support both in-memory and legacy updates in the same | 
|  | // build while we develop the feature, there is for now a lot of duplicated code | 
|  | // in some of these functions. For these functions that implement longer | 
|  | // algorithms that are mostly agnostic about the Crx's representation we could | 
|  | // likely share code by making them generic, but it probably makes more sense to | 
|  | // live with the duplication for now. Once the feature is complete and we only | 
|  | // need to support in-memory updates in builds, we can have one copy of the | 
|  | // function that uses preprocessor conditions to enlist the appropriate helpers. | 
|  | VerifierResult VerifyCrx3FromString( | 
|  | const std::string& crx_str, | 
|  | std::string::const_iterator* it, | 
|  | crypto::SecureHash* hash, | 
|  | const std::vector<std::vector<uint8_t>>& required_key_hashes, | 
|  | std::string* public_key, | 
|  | std::string* crx_id, | 
|  | bool require_publisher_key, | 
|  | bool accept_publisher_test_key) { | 
|  | // Parse [header-size] and [header]. | 
|  | const uint32_t header_size = | 
|  | ReadAndHashLittleEndianUInt32FromString(it, hash); | 
|  | if (header_size > kMaxHeaderSize) | 
|  | return VerifierResult::ERROR_HEADER_INVALID; | 
|  | std::vector<uint8_t> header_bytes(header_size); | 
|  | // Assuming kMaxHeaderSize can fit in an int, the following cast is safe. | 
|  | if (ReadAndHashBufferFromString(header_bytes.data(), header_size, it, hash) != | 
|  | static_cast<int>(header_size)) | 
|  | return VerifierResult::ERROR_HEADER_INVALID; | 
|  | CrxFileHeader header; | 
|  | if (!header.ParseFromArray(header_bytes.data(), header_size)) | 
|  | return VerifierResult::ERROR_HEADER_INVALID; | 
|  |  | 
|  | // Parse [signed-header]. | 
|  | const std::string& signed_header_data_str = header.signed_header_data(); | 
|  | SignedData signed_header_data; | 
|  | if (!signed_header_data.ParseFromString(signed_header_data_str)) | 
|  | return VerifierResult::ERROR_HEADER_INVALID; | 
|  | const std::string& crx_id_encoded = signed_header_data.crx_id(); | 
|  | const std::string declared_crx_id = id_util::GenerateIdFromHex( | 
|  | base::HexEncode(crx_id_encoded.data(), crx_id_encoded.size())); | 
|  |  | 
|  | // Create a little-endian representation of [signed-header-size]. | 
|  | const int signed_header_size = signed_header_data_str.size(); | 
|  | const uint8_t header_size_octets[] = { | 
|  | static_cast<uint8_t>(signed_header_size), | 
|  | static_cast<uint8_t>(signed_header_size >> 8), | 
|  | static_cast<uint8_t>(signed_header_size >> 16), | 
|  | static_cast<uint8_t>(signed_header_size >> 24)}; | 
|  |  | 
|  | // Create a set of all required key hashes. | 
|  | std::set<std::vector<uint8_t>> required_key_set(required_key_hashes.begin(), | 
|  | required_key_hashes.end()); | 
|  |  | 
|  | using ProofFetcher = const RepeatedProof& (CrxFileHeader::*)() const; | 
|  | ProofFetcher rsa = &CrxFileHeader::sha256_with_rsa; | 
|  | ProofFetcher ecdsa = &CrxFileHeader::sha256_with_ecdsa; | 
|  |  | 
|  | std::string public_key_bytes; | 
|  | VerifierCollection verifiers; | 
|  | verifiers.reserve(header.sha256_with_rsa_size() + | 
|  | header.sha256_with_ecdsa_size()); | 
|  | const std::vector< | 
|  | std::pair<ProofFetcher, crypto::SignatureVerifier::SignatureAlgorithm>> | 
|  | proof_types = { | 
|  | std::make_pair(rsa, crypto::SignatureVerifier::RSA_PKCS1_SHA256), | 
|  | std::make_pair(ecdsa, crypto::SignatureVerifier::ECDSA_SHA256)}; | 
|  |  | 
|  | std::vector<uint8_t> publisher_key(std::begin(kPublisherKeyHash), | 
|  | std::end(kPublisherKeyHash)); | 
|  | base::Optional<std::vector<uint8_t>> publisher_test_key; | 
|  | if (accept_publisher_test_key) { | 
|  | publisher_test_key.emplace(std::begin(kPublisherTestKeyHash), | 
|  | std::end(kPublisherTestKeyHash)); | 
|  | } | 
|  | bool found_publisher_key = false; | 
|  |  | 
|  | // Initialize all verifiers and update them with | 
|  | // [prefix][signed-header-size][signed-header]. | 
|  | // Clear any elements of required_key_set that are encountered, and watch for | 
|  | // the developer key. | 
|  | for (const auto& proof_type : proof_types) { | 
|  | for (const auto& proof : (header.*proof_type.first)()) { | 
|  | const std::string& key = proof.public_key(); | 
|  | const std::string& sig = proof.signature(); | 
|  | if (id_util::GenerateId(key) == declared_crx_id) | 
|  | public_key_bytes = key; | 
|  | std::vector<uint8_t> key_hash(crypto::kSHA256Length); | 
|  | crypto::SHA256HashString(key, key_hash.data(), key_hash.size()); | 
|  | required_key_set.erase(key_hash); | 
|  | DCHECK_EQ(accept_publisher_test_key, publisher_test_key.has_value()); | 
|  | found_publisher_key = | 
|  | found_publisher_key || key_hash == publisher_key || | 
|  | (accept_publisher_test_key && key_hash == *publisher_test_key); | 
|  | auto v = std::make_unique<crypto::SignatureVerifier>(); | 
|  | static_assert(sizeof(unsigned char) == sizeof(uint8_t), | 
|  | "Unsupported char size."); | 
|  | if (!v->VerifyInit(proof_type.second, | 
|  | base::as_bytes(base::make_span(sig)), | 
|  | base::as_bytes(base::make_span(key)))) | 
|  | return VerifierResult::ERROR_SIGNATURE_INITIALIZATION_FAILED; | 
|  | v->VerifyUpdate(kSignatureContext); | 
|  | v->VerifyUpdate(header_size_octets); | 
|  | v->VerifyUpdate(base::as_bytes(base::make_span(signed_header_data_str))); | 
|  | verifiers.push_back(std::move(v)); | 
|  | } | 
|  | } | 
|  | if (public_key_bytes.empty() || !required_key_set.empty()) | 
|  | return VerifierResult::ERROR_REQUIRED_PROOF_MISSING; | 
|  |  | 
|  | if (require_publisher_key && !found_publisher_key) | 
|  | return VerifierResult::ERROR_REQUIRED_PROOF_MISSING; | 
|  |  | 
|  | // Update and finalize the verifiers with [archive]. | 
|  | if (!ReadHashAndVerifyArchiveFromString(crx_str, it, hash, verifiers)) | 
|  | return VerifierResult::ERROR_SIGNATURE_VERIFICATION_FAILED; | 
|  |  | 
|  | base::Base64Encode(public_key_bytes, public_key); | 
|  | *crx_id = declared_crx_id; | 
|  | return VerifierResult::OK_FULL; | 
|  | } | 
|  | #endif | 
|  |  | 
|  | VerifierResult VerifyCrx2( | 
|  | base::File* file, | 
|  | crypto::SecureHash* hash, | 
|  | const std::vector<std::vector<uint8_t>>& required_key_hashes, | 
|  | std::string* public_key, | 
|  | std::string* crx_id) { | 
|  | const uint32_t key_size = ReadAndHashLittleEndianUInt32(file, hash); | 
|  | if (key_size > kMaxPublicKeySize) | 
|  | return VerifierResult::ERROR_HEADER_INVALID; | 
|  | const uint32_t sig_size = ReadAndHashLittleEndianUInt32(file, hash); | 
|  | if (sig_size > kMaxSignatureSize) | 
|  | return VerifierResult::ERROR_HEADER_INVALID; | 
|  | std::vector<uint8_t> key(key_size); | 
|  | if (ReadAndHashBuffer(key.data(), key_size, file, hash) != | 
|  | static_cast<int>(key_size)) | 
|  | return VerifierResult::ERROR_HEADER_INVALID; | 
|  | for (const auto& expected_hash : required_key_hashes) { | 
|  | // In practice we expect zero or one key_hashes_ for Crx2 files. | 
|  | std::vector<uint8_t> hash(crypto::kSHA256Length); | 
|  | std::unique_ptr<crypto::SecureHash> sha256 = | 
|  | crypto::SecureHash::Create(crypto::SecureHash::SHA256); | 
|  | sha256->Update(key.data(), key.size()); | 
|  | sha256->Finish(hash.data(), hash.size()); | 
|  | if (hash != expected_hash) | 
|  | return VerifierResult::ERROR_REQUIRED_PROOF_MISSING; | 
|  | } | 
|  |  | 
|  | std::vector<uint8_t> sig(sig_size); | 
|  | if (ReadAndHashBuffer(sig.data(), sig_size, file, hash) != | 
|  | static_cast<int>(sig_size)) | 
|  | return VerifierResult::ERROR_HEADER_INVALID; | 
|  | std::vector<std::unique_ptr<crypto::SignatureVerifier>> verifiers; | 
|  | verifiers.push_back(std::make_unique<crypto::SignatureVerifier>()); | 
|  | if (!verifiers[0]->VerifyInit(crypto::SignatureVerifier::RSA_PKCS1_SHA1, sig, | 
|  | key)) { | 
|  | return VerifierResult::ERROR_SIGNATURE_INITIALIZATION_FAILED; | 
|  | } | 
|  |  | 
|  | if (!ReadHashAndVerifyArchive(file, hash, verifiers)) | 
|  | return VerifierResult::ERROR_SIGNATURE_VERIFICATION_FAILED; | 
|  |  | 
|  | const std::string public_key_bytes(key.begin(), key.end()); | 
|  | base::Base64Encode(public_key_bytes, public_key); | 
|  | *crx_id = id_util::GenerateId(public_key_bytes); | 
|  | return VerifierResult::OK_FULL; | 
|  | } | 
|  |  | 
|  | #if defined(IN_MEMORY_UPDATES) | 
|  | VerifierResult VerifyCrx2FromString( | 
|  | const std::string& crx_str, | 
|  | std::string::const_iterator* it, | 
|  | crypto::SecureHash* hash, | 
|  | const std::vector<std::vector<uint8_t>>& required_key_hashes, | 
|  | std::string* public_key, | 
|  | std::string* crx_id) { | 
|  | const uint32_t key_size = ReadAndHashLittleEndianUInt32FromString(it, hash); | 
|  | if (key_size > kMaxPublicKeySize) | 
|  | return VerifierResult::ERROR_HEADER_INVALID; | 
|  | const uint32_t sig_size = ReadAndHashLittleEndianUInt32FromString(it, hash); | 
|  | if (sig_size > kMaxSignatureSize) | 
|  | return VerifierResult::ERROR_HEADER_INVALID; | 
|  | std::vector<uint8_t> key(key_size); | 
|  | if (ReadAndHashBufferFromString(key.data(), key_size, it, hash) != | 
|  | static_cast<int>(key_size)) | 
|  | return VerifierResult::ERROR_HEADER_INVALID; | 
|  | for (const auto& expected_hash : required_key_hashes) { | 
|  | // In practice we expect zero or one key_hashes_ for Crx2 files. | 
|  | std::vector<uint8_t> hash(crypto::kSHA256Length); | 
|  | std::unique_ptr<crypto::SecureHash> sha256 = | 
|  | crypto::SecureHash::Create(crypto::SecureHash::SHA256); | 
|  | sha256->Update(key.data(), key.size()); | 
|  | sha256->Finish(hash.data(), hash.size()); | 
|  | if (hash != expected_hash) | 
|  | return VerifierResult::ERROR_REQUIRED_PROOF_MISSING; | 
|  | } | 
|  |  | 
|  | std::vector<uint8_t> sig(sig_size); | 
|  | if (ReadAndHashBufferFromString(sig.data(), sig_size, it, hash) != | 
|  | static_cast<int>(sig_size)) | 
|  | return VerifierResult::ERROR_HEADER_INVALID; | 
|  | std::vector<std::unique_ptr<crypto::SignatureVerifier>> verifiers; | 
|  | verifiers.push_back(std::make_unique<crypto::SignatureVerifier>()); | 
|  | if (!verifiers[0]->VerifyInit(crypto::SignatureVerifier::RSA_PKCS1_SHA1, sig, | 
|  | key)) { | 
|  | return VerifierResult::ERROR_SIGNATURE_INITIALIZATION_FAILED; | 
|  | } | 
|  |  | 
|  | if (!ReadHashAndVerifyArchiveFromString(crx_str, it, hash, verifiers)) | 
|  | return VerifierResult::ERROR_SIGNATURE_VERIFICATION_FAILED; | 
|  |  | 
|  | const std::string public_key_bytes(key.begin(), key.end()); | 
|  | base::Base64Encode(public_key_bytes, public_key); | 
|  | *crx_id = id_util::GenerateId(public_key_bytes); | 
|  | return VerifierResult::OK_FULL; | 
|  | } | 
|  | #endif | 
|  |  | 
|  | }  // namespace | 
|  |  | 
|  | VerifierResult Verify( | 
|  | const base::FilePath& crx_path, | 
|  | const VerifierFormat& format, | 
|  | const std::vector<std::vector<uint8_t>>& required_key_hashes, | 
|  | const std::vector<uint8_t>& required_file_hash, | 
|  | std::string* public_key, | 
|  | std::string* crx_id) { | 
|  | std::string public_key_local; | 
|  | std::string crx_id_local; | 
|  | base::File file(crx_path, base::File::FLAG_OPEN | base::File::FLAG_READ); | 
|  | if (!file.IsValid()) | 
|  | return VerifierResult::ERROR_FILE_NOT_READABLE; | 
|  |  | 
|  | std::unique_ptr<crypto::SecureHash> file_hash = | 
|  | crypto::SecureHash::Create(crypto::SecureHash::SHA256); | 
|  |  | 
|  | // Magic number. | 
|  | bool diff = false; | 
|  | char buffer[kCrxFileHeaderMagicSize] = {}; | 
|  | if (file.ReadAtCurrentPos(buffer, kCrxFileHeaderMagicSize) != | 
|  | kCrxFileHeaderMagicSize) | 
|  | return VerifierResult::ERROR_HEADER_INVALID; | 
|  | if (!strncmp(buffer, kCrxDiffFileHeaderMagic, kCrxFileHeaderMagicSize)) | 
|  | diff = true; | 
|  | else if (strncmp(buffer, kCrxFileHeaderMagic, kCrxFileHeaderMagicSize)) | 
|  | return VerifierResult::ERROR_HEADER_INVALID; | 
|  | file_hash->Update(buffer, sizeof(buffer)); | 
|  |  | 
|  | // Version number. | 
|  | const uint32_t version = | 
|  | ReadAndHashLittleEndianUInt32(&file, file_hash.get()); | 
|  | VerifierResult result; | 
|  | if (version == 2) | 
|  | LOG(WARNING) << "File '" << crx_path | 
|  | << "' is in CRX2 format, which is deprecated and will not be " | 
|  | "supported in M78+"; | 
|  | if (format == VerifierFormat::CRX2_OR_CRX3 && | 
|  | (version == 2 || (diff && version == 0))) { | 
|  | result = VerifyCrx2(&file, file_hash.get(), required_key_hashes, | 
|  | &public_key_local, &crx_id_local); | 
|  | } else if (version == 3) { | 
|  | bool require_publisher_key = | 
|  | format == VerifierFormat::CRX3_WITH_PUBLISHER_PROOF || | 
|  | format == VerifierFormat::CRX3_WITH_TEST_PUBLISHER_PROOF; | 
|  | result = | 
|  | VerifyCrx3(&file, file_hash.get(), required_key_hashes, | 
|  | &public_key_local, &crx_id_local, require_publisher_key, | 
|  | format == VerifierFormat::CRX3_WITH_TEST_PUBLISHER_PROOF); | 
|  | } else { | 
|  | result = VerifierResult::ERROR_HEADER_INVALID; | 
|  | } | 
|  | if (result != VerifierResult::OK_FULL) | 
|  | return result; | 
|  |  | 
|  | // Finalize file hash. | 
|  | uint8_t final_hash[crypto::kSHA256Length] = {}; | 
|  | file_hash->Finish(final_hash, sizeof(final_hash)); | 
|  | if (!required_file_hash.empty()) { | 
|  | if (required_file_hash.size() != crypto::kSHA256Length) | 
|  | return VerifierResult::ERROR_EXPECTED_HASH_INVALID; | 
|  | if (!crypto::SecureMemEqual(final_hash, required_file_hash.data(), | 
|  | crypto::kSHA256Length)) | 
|  | return VerifierResult::ERROR_FILE_HASH_FAILED; | 
|  | } | 
|  |  | 
|  | // All is well. Set the out-params and return. | 
|  | if (public_key) | 
|  | *public_key = public_key_local; | 
|  | if (crx_id) | 
|  | *crx_id = crx_id_local; | 
|  | return diff ? VerifierResult::OK_DELTA : VerifierResult::OK_FULL; | 
|  | } | 
|  |  | 
|  | #if defined(IN_MEMORY_UPDATES) | 
|  | VerifierResult Verify( | 
|  | const std::string& crx_str, | 
|  | const VerifierFormat& format, | 
|  | const std::vector<std::vector<uint8_t>>& required_key_hashes, | 
|  | const std::vector<uint8_t>& required_file_hash, | 
|  | std::string* public_key, | 
|  | std::string* crx_id) { | 
|  | std::string public_key_local; | 
|  | std::string crx_id_local; | 
|  |  | 
|  | std::unique_ptr<crypto::SecureHash> file_hash = | 
|  | crypto::SecureHash::Create(crypto::SecureHash::SHA256); | 
|  |  | 
|  | // Magic number. | 
|  | bool diff = false; | 
|  | if (!strncmp(crx_str.c_str(), kCrxDiffFileHeaderMagic, | 
|  | kCrxFileHeaderMagicSize)) { | 
|  | diff = true; | 
|  | } else if (strncmp(crx_str.c_str(), kCrxFileHeaderMagic, | 
|  | kCrxFileHeaderMagicSize)) { | 
|  | return VerifierResult::ERROR_HEADER_INVALID; | 
|  | } | 
|  | file_hash->Update(crx_str.c_str(), kCrxFileHeaderMagicSize); | 
|  |  | 
|  | std::string::const_iterator it = crx_str.begin(); | 
|  | // Advance the iterator past the magic string embedded in the header. | 
|  | std::advance(it, kCrxFileHeaderMagicSize); | 
|  |  | 
|  | // Version number. | 
|  | const uint32_t version = | 
|  | ReadAndHashLittleEndianUInt32FromString(&it, file_hash.get()); | 
|  | VerifierResult result; | 
|  | if (version == 2) | 
|  | SB_LOG(WARNING) << "The string is in CRX2 format, which is deprecated and " | 
|  | << "will not be supported in M78+"; | 
|  | if (format == VerifierFormat::CRX2_OR_CRX3 && | 
|  | (version == 2 || (diff && version == 0))) { | 
|  | result = | 
|  | VerifyCrx2FromString(crx_str, &it, file_hash.get(), required_key_hashes, | 
|  | &public_key_local, &crx_id_local); | 
|  | } else if (version == 3) { | 
|  | bool require_publisher_key = | 
|  | format == VerifierFormat::CRX3_WITH_PUBLISHER_PROOF || | 
|  | format == VerifierFormat::CRX3_WITH_TEST_PUBLISHER_PROOF; | 
|  | result = VerifyCrx3FromString( | 
|  | crx_str, &it, file_hash.get(), required_key_hashes, &public_key_local, | 
|  | &crx_id_local, require_publisher_key, | 
|  | format == VerifierFormat::CRX3_WITH_TEST_PUBLISHER_PROOF); | 
|  | } else { | 
|  | result = VerifierResult::ERROR_HEADER_INVALID; | 
|  | } | 
|  | if (result != VerifierResult::OK_FULL) | 
|  | return result; | 
|  |  | 
|  | // Finalize file hash. | 
|  | uint8_t final_hash[crypto::kSHA256Length] = {}; | 
|  | file_hash->Finish(final_hash, sizeof(final_hash)); | 
|  | if (!required_file_hash.empty()) { | 
|  | if (required_file_hash.size() != crypto::kSHA256Length) | 
|  | return VerifierResult::ERROR_EXPECTED_HASH_INVALID; | 
|  | if (!crypto::SecureMemEqual(final_hash, required_file_hash.data(), | 
|  | crypto::kSHA256Length)) { | 
|  | return VerifierResult::ERROR_FILE_HASH_FAILED; | 
|  | } | 
|  | } | 
|  |  | 
|  | // All is well. Set the out-params and return. | 
|  | if (public_key) | 
|  | *public_key = public_key_local; | 
|  | if (crx_id) | 
|  | *crx_id = crx_id_local; | 
|  | return diff ? VerifierResult::OK_DELTA : VerifierResult::OK_FULL; | 
|  | } | 
|  | #endif | 
|  |  | 
|  | }  // namespace crx_file |