src/chrome/browser/component_updater/component_unpacker.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/component_updater/component_unpacker.h"
   6
   7 #include <string>
   8 #include <vector>
   9
  10 #include "base/bind.h"
  11 #include "base/file_util.h"
  12 #include "base/files/file_path.h"
  13 #include "base/files/scoped_file.h"
  14 #include "base/json/json_file_value_serializer.h"
  15 #include "base/location.h"
  16 #include "base/logging.h"
  17 #include "base/strings/string_number_conversions.h"
  18 #include "base/strings/stringprintf.h"
  19 #include "base/values.h"
  20 #include "chrome/browser/component_updater/component_patcher.h"
  21 #include "chrome/browser/component_updater/component_patcher_operation.h"
  22 #include "chrome/browser/component_updater/component_updater_service.h"
  23 #include "components/crx_file/constants.h"
  24 #include "components/crx_file/crx_file.h"
  25 #include "crypto/secure_hash.h"
  26 #include "crypto/signature_verifier.h"
  27 #include "third_party/zlib/google/zip.h"
  28
  29 using crypto::SecureHash;
  30
  31 namespace component_updater {
  32
  33 namespace {
  34
  35 // This class makes sure that the CRX digital signature is valid
  36 // and well formed.
  37 class CRXValidator {
  38  public:
  39   explicit CRXValidator(FILE* crx_file) : valid_(false), is_delta_(false) {
  40     crx_file::CrxFile::Header header;
  41     size_t len = fread(&header, 1, sizeof(header), crx_file);
  42     if (len < sizeof(header))
  43       return;
  44
  45     crx_file::CrxFile::Error error;
  46     scoped_ptr<crx_file::CrxFile> crx(
  47         crx_file::CrxFile::Parse(header, &error));
  48     if (!crx.get())
  49       return;
  50     is_delta_ = crx_file::CrxFile::HeaderIsDelta(header);
  51
  52     std::vector<uint8> key(header.key_size);
  53     len = fread(&key[0], sizeof(uint8), header.key_size, crx_file);
  54     if (len < header.key_size)
  55       return;
  56
  57     std::vector<uint8> signature(header.signature_size);
  58     len = fread(&signature[0], sizeof(uint8), header.signature_size, crx_file);
  59     if (len < header.signature_size)
  60       return;
  61
  62     crypto::SignatureVerifier verifier;
  63     if (!verifier.VerifyInit(crx_file::kSignatureAlgorithm,
  64                              sizeof(crx_file::kSignatureAlgorithm),
  65                              &signature[0],
  66                              signature.size(),
  67                              &key[0],
  68                              key.size())) {
  69       // Signature verification initialization failed. This is most likely
  70       // caused by a public key in the wrong format (should encode algorithm).
  71       return;
  72     }
  73
  74     const size_t kBufSize = 8 * 1024;
  75     scoped_ptr<uint8[]> buf(new uint8[kBufSize]);
  76     while ((len = fread(buf.get(), 1, kBufSize, crx_file)) > 0)
  77       verifier.VerifyUpdate(buf.get(), len);
  78
  79     if (!verifier.VerifyFinal())
  80       return;
  81
  82     public_key_.swap(key);
  83     valid_ = true;
  84   }
  85
  86   bool valid() const { return valid_; }
  87
  88   bool is_delta() const { return is_delta_; }
  89
  90   const std::vector<uint8>& public_key() const { return public_key_; }
  91
  92  private:
  93   bool valid_;
  94   bool is_delta_;
  95   std::vector<uint8> public_key_;
  96 };
  97
  98 }  // namespace
  99
 100 ComponentUnpacker::ComponentUnpacker(
 101     const std::vector<uint8>& pk_hash,
 102     const base::FilePath& path,
 103     const std::string& fingerprint,
 104     ComponentInstaller* installer,
 105     scoped_refptr<OutOfProcessPatcher> out_of_process_patcher,
 106     scoped_refptr<base::SequencedTaskRunner> task_runner)
 107     : pk_hash_(pk_hash),
 108       path_(path),
 109       is_delta_(false),
 110       fingerprint_(fingerprint),
 111       installer_(installer),
 112       out_of_process_patcher_(out_of_process_patcher),
 113       error_(kNone),
 114       extended_error_(0),
 115       task_runner_(task_runner) {
 116 }
 117
 118 // TODO(cpu): add a specific attribute check to a component json that the
 119 // extension unpacker will reject, so that a component cannot be installed
 120 // as an extension.
 121 scoped_ptr<base::DictionaryValue> ReadManifest(
 122     const base::FilePath& unpack_path) {
 123   base::FilePath manifest =
 124       unpack_path.Append(FILE_PATH_LITERAL("manifest.json"));
 125   if (!base::PathExists(manifest))
 126     return scoped_ptr<base::DictionaryValue>();
 127   JSONFileValueSerializer serializer(manifest);
 128   std::string error;
 129   scoped_ptr<base::Value> root(serializer.Deserialize(NULL, &error));
 130   if (!root.get())
 131     return scoped_ptr<base::DictionaryValue>();
 132   if (!root->IsType(base::Value::TYPE_DICTIONARY))
 133     return scoped_ptr<base::DictionaryValue>();
 134   return scoped_ptr<base::DictionaryValue>(
 135              static_cast<base::DictionaryValue*>(root.release())).Pass();
 136 }
 137
 138 bool ComponentUnpacker::UnpackInternal() {
 139   return Verify() && Unzip() && BeginPatching();
 140 }
 141
 142 void ComponentUnpacker::Unpack(const Callback& callback) {
 143   callback_ = callback;
 144   if (!UnpackInternal())
 145     Finish();
 146 }
 147
 148 bool ComponentUnpacker::Verify() {
 149   VLOG(1) << "Verifying component: " << path_.value();
 150   if (pk_hash_.empty() || path_.empty()) {
 151     error_ = kInvalidParams;
 152     return false;
 153   }
 154   // First, validate the CRX header and signature. As of today
 155   // this is SHA1 with RSA 1024.
 156   base::ScopedFILE file(base::OpenFile(path_, "rb"));
 157   if (!file.get()) {
 158     error_ = kInvalidFile;
 159     return false;
 160   }
 161   CRXValidator validator(file.get());
 162   file.reset();
 163   if (!validator.valid()) {
 164     error_ = kInvalidFile;
 165     return false;
 166   }
 167   is_delta_ = validator.is_delta();
 168
 169   // File is valid and the digital signature matches. Now make sure
 170   // the public key hash matches the expected hash. If they do we fully
 171   // trust this CRX.
 172   uint8 hash[32] = {};
 173   scoped_ptr<SecureHash> sha256(SecureHash::Create(SecureHash::SHA256));
 174   sha256->Update(&(validator.public_key()[0]), validator.public_key().size());
 175   sha256->Finish(hash, arraysize(hash));
 176
 177   if (!std::equal(pk_hash_.begin(), pk_hash_.end(), hash)) {
 178     VLOG(1) << "Hash mismatch: " << path_.value();
 179     error_ = kInvalidId;
 180     return false;
 181   }
 182   VLOG(1) << "Verification successful: " << path_.value();
 183   return true;
 184 }
 185
 186 bool ComponentUnpacker::Unzip() {
 187   base::FilePath& destination = is_delta_ ? unpack_diff_path_ : unpack_path_;
 188   VLOG(1) << "Unpacking in: " << destination.value();
 189   if (!base::CreateNewTempDirectory(base::FilePath::StringType(),
 190                                     &destination)) {
 191     VLOG(1) << "Unable to create temporary directory for unpacking.";
 192     error_ = kUnzipPathError;
 193     return false;
 194   }
 195   if (!zip::Unzip(path_, destination)) {
 196     VLOG(1) << "Unzipping failed.";
 197     error_ = kUnzipFailed;
 198     return false;
 199   }
 200   VLOG(1) << "Unpacked successfully";
 201   return true;
 202 }
 203
 204 bool ComponentUnpacker::BeginPatching() {
 205   if (is_delta_) {  // Package is a diff package.
 206     // Use a different temp directory for the patch output files.
 207     if (!base::CreateNewTempDirectory(base::FilePath::StringType(),
 208                                       &unpack_path_)) {
 209       error_ = kUnzipPathError;
 210       return false;
 211     }
 212     patcher_ = new ComponentPatcher(unpack_diff_path_,
 213                                     unpack_path_,
 214                                     installer_,
 215                                     out_of_process_patcher_,
 216                                     task_runner_);
 217     task_runner_->PostTask(
 218         FROM_HERE,
 219         base::Bind(&ComponentPatcher::Start,
 220                    patcher_,
 221                    base::Bind(&ComponentUnpacker::EndPatching,
 222                               scoped_refptr<ComponentUnpacker>(this))));
 223   } else {
 224     task_runner_->PostTask(FROM_HERE,
 225                            base::Bind(&ComponentUnpacker::EndPatching,
 226                                       scoped_refptr<ComponentUnpacker>(this),
 227                                       kNone,
 228                                       0));
 229   }
 230   return true;
 231 }
 232
 233 void ComponentUnpacker::EndPatching(Error error, int extended_error) {
 234   error_ = error;
 235   extended_error_ = extended_error;
 236   patcher_ = NULL;
 237   if (error_ != kNone) {
 238     Finish();
 239     return;
 240   }
 241   // Optimization: clean up patch files early, in case disk space is too low to
 242   // install otherwise.
 243   if (!unpack_diff_path_.empty()) {
 244     base::DeleteFile(unpack_diff_path_, true);
 245     unpack_diff_path_.clear();
 246   }
 247   Install();
 248   Finish();
 249 }
 250
 251 void ComponentUnpacker::Install() {
 252   // Write the fingerprint to disk.
 253   if (static_cast<int>(fingerprint_.size()) !=
 254       base::WriteFile(
 255           unpack_path_.Append(FILE_PATH_LITERAL("manifest.fingerprint")),
 256           fingerprint_.c_str(),
 257           fingerprint_.size())) {
 258     error_ = kFingerprintWriteFailed;
 259     return;
 260   }
 261   scoped_ptr<base::DictionaryValue> manifest(ReadManifest(unpack_path_));
 262   if (!manifest.get()) {
 263     error_ = kBadManifest;
 264     return;
 265   }
 266   DCHECK(error_ == kNone);
 267   if (!installer_->Install(*manifest, unpack_path_)) {
 268     error_ = kInstallerError;
 269     return;
 270   }
 271 }
 272
 273 void ComponentUnpacker::Finish() {
 274   if (!unpack_diff_path_.empty())
 275     base::DeleteFile(unpack_diff_path_, true);
 276   if (!unpack_path_.empty())
 277     base::DeleteFile(unpack_path_, true);
 278   callback_.Run(error_, extended_error_);
 279 }
 280
 281 ComponentUnpacker::~ComponentUnpacker() {
 282 }
 283
 284 }  // namespace component_updater