| waffles | 5918d5f | 2017-05-23 01:45:28 | [diff] [blame^] | 1 | // Copyright 2017 The Chromium Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #ifndef COMPONENTS_CRX_FILE_CRX_VERIFIER_H_ |
| 6 | #define COMPONENTS_CRX_FILE_CRX_VERIFIER_H_ |
| 7 | |
| 8 | #include <stdint.h> |
| 9 | #include <string> |
| 10 | #include <vector> |
| 11 | |
| 12 | namespace base { |
| 13 | class FilePath; |
| 14 | } // namespace base |
| 15 | |
| 16 | namespace crx_file { |
| 17 | |
| 18 | enum class VerifierFormat { |
| 19 | CRX2_OR_CRX3, // Accept Crx2 or Crx3. |
| 20 | CRX3, // Accept only Crx3. |
| 21 | CRX3_WITH_PUBLISHER_PROOF, // Accept only Crx3 with a publisher proof. |
| 22 | }; |
| 23 | |
| 24 | enum class VerifierResult { |
| 25 | OK_FULL, // The file verifies as a correct full CRX file. |
| 26 | OK_DELTA, // The file verifies as a correct differential CRX file. |
| 27 | ERROR_FILE_NOT_READABLE, // Cannot open the CRX file. |
| 28 | ERROR_HEADER_INVALID, // Failed to parse or understand CRX header. |
| 29 | ERROR_EXPECTED_HASH_INVALID, // Expected hash is not well-formed. |
| 30 | ERROR_FILE_HASH_FAILED, // The file's actual hash != the expected hash. |
| 31 | ERROR_SIGNATURE_INITIALIZATION_FAILED, // A signature or key is malformed. |
| 32 | ERROR_SIGNATURE_VERIFICATION_FAILED, // A signature doesn't match. |
| 33 | ERROR_REQUIRED_PROOF_MISSING, // RequireKeyProof was unsatisfied. |
| 34 | }; |
| 35 | |
| 36 | // Verify the file at |crx_path| as a valid Crx of |format|. The Crx must be |
| 37 | // well-formed, contain no invalid proofs, match the |required_file_hash| (if |
| 38 | // non-empty), and contain a proof with each of the |required_key_hashes|. |
| 39 | // If and only if this function returns OK_FULL or OK_DELTA, and only if |
| 40 | // |public_key| / |crx_id| are non-null, they will be updated to contain the |
| 41 | // public key (PEM format, without the header/footer) and crx id (encoded in |
| 42 | // base16 using the characters [a-p]). |
| 43 | VerifierResult Verify( |
| 44 | const base::FilePath& crx_path, |
| 45 | const VerifierFormat& format, |
| 46 | const std::vector<std::vector<uint8_t>>& required_key_hashes, |
| 47 | const std::vector<uint8_t>& required_file_hash, |
| 48 | std::string* public_key, |
| 49 | std::string* crx_id); |
| 50 | |
| 51 | } // namespace crx_file |
| 52 | |
| 53 | #endif // COMPONENTS_CRX_FILE_CRX_VERIFIER_H_ |
