[email protected] | abd4cb2 | 2014-05-16 05:22:56 | [diff] [blame] | 1 | // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #include "extensions/browser/computed_hashes.h" |
| 6 | |
dcheng | f1950200 | 2016-09-14 15:18:18 | [diff] [blame] | 7 | #include <memory> |
| 8 | #include <utility> |
| 9 | |
[email protected] | abd4cb2 | 2014-05-16 05:22:56 | [diff] [blame] | 10 | #include "base/base64.h" |
[email protected] | abd4cb2 | 2014-05-16 05:22:56 | [diff] [blame] | 11 | #include "base/files/file_path.h" |
thestig | 9471270 | 2014-09-10 07:46:59 | [diff] [blame] | 12 | #include "base/files/file_util.h" |
[email protected] | abd4cb2 | 2014-05-16 05:22:56 | [diff] [blame] | 13 | #include "base/json/json_reader.h" |
| 14 | #include "base/json/json_writer.h" |
[email protected] | de00aeb | 2014-08-06 09:13:39 | [diff] [blame] | 15 | #include "base/stl_util.h" |
Istiaque Ahmed | 588df56 | 2018-07-06 20:16:04 | [diff] [blame] | 16 | #include "base/timer/elapsed_timer.h" |
[email protected] | de00aeb | 2014-08-06 09:13:39 | [diff] [blame] | 17 | #include "base/values.h" |
| 18 | #include "crypto/secure_hash.h" |
| 19 | #include "crypto/sha2.h" |
Oleg Davydov | 44be148d | 2019-08-23 09:42:39 | [diff] [blame] | 20 | #include "extensions/browser/content_verifier/scoped_uma_recorder.h" |
[email protected] | abd4cb2 | 2014-05-16 05:22:56 | [diff] [blame] | 21 | |
Jens Widell | fa216f1 | 2018-02-02 08:48:35 | [diff] [blame] | 22 | namespace extensions { |
| 23 | |
| 24 | namespace computed_hashes { |
[email protected] | abd4cb2 | 2014-05-16 05:22:56 | [diff] [blame] | 25 | const char kBlockHashesKey[] = "block_hashes"; |
[email protected] | de00aeb | 2014-08-06 09:13:39 | [diff] [blame] | 26 | const char kBlockSizeKey[] = "block_size"; |
| 27 | const char kFileHashesKey[] = "file_hashes"; |
| 28 | const char kPathKey[] = "path"; |
| 29 | const char kVersionKey[] = "version"; |
| 30 | const int kVersion = 2; |
Jens Widell | fa216f1 | 2018-02-02 08:48:35 | [diff] [blame] | 31 | } // namespace computed_hashes |
[email protected] | abd4cb2 | 2014-05-16 05:22:56 | [diff] [blame] | 32 | |
Istiaque Ahmed | 588df56 | 2018-07-06 20:16:04 | [diff] [blame] | 33 | namespace { |
| 34 | |
Oleg Davydov | 44be148d | 2019-08-23 09:42:39 | [diff] [blame] | 35 | const char kUMAComputedHashesReadResult[] = |
| 36 | "Extensions.ContentVerification.ComputedHashesReadResult"; |
| 37 | const char kUMAComputedHashesInitTime[] = |
| 38 | "Extensions.ContentVerification.ComputedHashesInitTime"; |
Istiaque Ahmed | 588df56 | 2018-07-06 20:16:04 | [diff] [blame] | 39 | |
| 40 | } // namespace |
| 41 | |
[email protected] | abd4cb2 | 2014-05-16 05:22:56 | [diff] [blame] | 42 | ComputedHashes::Reader::Reader() { |
| 43 | } |
[email protected] | de00aeb | 2014-08-06 09:13:39 | [diff] [blame] | 44 | |
[email protected] | abd4cb2 | 2014-05-16 05:22:56 | [diff] [blame] | 45 | ComputedHashes::Reader::~Reader() { |
| 46 | } |
| 47 | |
| 48 | bool ComputedHashes::Reader::InitFromFile(const base::FilePath& path) { |
Oleg Davydov | 44be148d | 2019-08-23 09:42:39 | [diff] [blame] | 49 | ScopedUMARecorder<kUMAComputedHashesReadResult, kUMAComputedHashesInitTime> |
| 50 | uma_recorder; |
[email protected] | abd4cb2 | 2014-05-16 05:22:56 | [diff] [blame] | 51 | std::string contents; |
| 52 | if (!base::ReadFileToString(path, &contents)) |
| 53 | return false; |
| 54 | |
Sungguk Lim | f70d123 | 2019-06-26 20:18:11 | [diff] [blame] | 55 | base::Optional<base::Value> top_dictionary = base::JSONReader::Read(contents); |
| 56 | if (!top_dictionary || !top_dictionary->is_dict()) |
[email protected] | de00aeb | 2014-08-06 09:13:39 | [diff] [blame] | 57 | return false; |
| 58 | |
| 59 | // For now we don't support forwards or backwards compatability in the |
| 60 | // format, so we return false on version mismatch. |
Sungguk Lim | f70d123 | 2019-06-26 20:18:11 | [diff] [blame] | 61 | base::Optional<int> version = |
| 62 | top_dictionary->FindIntKey(computed_hashes::kVersionKey); |
| 63 | if (!version || *version != computed_hashes::kVersion) |
[email protected] | de00aeb | 2014-08-06 09:13:39 | [diff] [blame] | 64 | return false; |
| 65 | |
Sungguk Lim | f70d123 | 2019-06-26 20:18:11 | [diff] [blame] | 66 | const base::Value* all_hashes = |
| 67 | top_dictionary->FindListKey(computed_hashes::kFileHashesKey); |
| 68 | if (!all_hashes) |
[email protected] | abd4cb2 | 2014-05-16 05:22:56 | [diff] [blame] | 69 | return false; |
| 70 | |
Sungguk Lim | f70d123 | 2019-06-26 20:18:11 | [diff] [blame] | 71 | for (const base::Value& file_hash : all_hashes->GetList()) { |
| 72 | if (!file_hash.is_dict()) |
[email protected] | abd4cb2 | 2014-05-16 05:22:56 | [diff] [blame] | 73 | return false; |
| 74 | |
Sungguk Lim | f70d123 | 2019-06-26 20:18:11 | [diff] [blame] | 75 | const std::string* relative_path_utf8 = |
| 76 | file_hash.FindStringKey(computed_hashes::kPathKey); |
| 77 | if (!relative_path_utf8) |
[email protected] | abd4cb2 | 2014-05-16 05:22:56 | [diff] [blame] | 78 | return false; |
| 79 | |
Sungguk Lim | f70d123 | 2019-06-26 20:18:11 | [diff] [blame] | 80 | base::Optional<int> block_size = |
| 81 | file_hash.FindIntKey(computed_hashes::kBlockSizeKey); |
| 82 | if (!block_size) |
[email protected] | abd4cb2 | 2014-05-16 05:22:56 | [diff] [blame] | 83 | return false; |
Sungguk Lim | f70d123 | 2019-06-26 20:18:11 | [diff] [blame] | 84 | if (*block_size <= 0 || ((*block_size % 1024) != 0)) { |
| 85 | LOG(ERROR) << "Invalid block size: " << *block_size; |
[email protected] | abd4cb2 | 2014-05-16 05:22:56 | [diff] [blame] | 86 | return false; |
| 87 | } |
| 88 | |
Sungguk Lim | f70d123 | 2019-06-26 20:18:11 | [diff] [blame] | 89 | const base::Value* block_hashes = |
| 90 | file_hash.FindListKey(computed_hashes::kBlockHashesKey); |
| 91 | if (!block_hashes) |
[email protected] | abd4cb2 | 2014-05-16 05:22:56 | [diff] [blame] | 92 | return false; |
| 93 | |
Jan Wilken Dörrie | 53e009b | 2019-09-09 14:17:41 | [diff] [blame] | 94 | base::span<const base::Value> hashes_list = block_hashes->GetList(); |
Sungguk Lim | f70d123 | 2019-06-26 20:18:11 | [diff] [blame] | 95 | |
[email protected] | abd4cb2 | 2014-05-16 05:22:56 | [diff] [blame] | 96 | base::FilePath relative_path = |
Sungguk Lim | f70d123 | 2019-06-26 20:18:11 | [diff] [blame] | 97 | base::FilePath::FromUTF8Unsafe(*relative_path_utf8); |
[email protected] | 4f9bdf6 | 2014-06-28 01:08:22 | [diff] [blame] | 98 | relative_path = relative_path.NormalizePathSeparatorsTo('/'); |
[email protected] | abd4cb2 | 2014-05-16 05:22:56 | [diff] [blame] | 99 | |
Sungguk Lim | f70d123 | 2019-06-26 20:18:11 | [diff] [blame] | 100 | data_[relative_path] = HashInfo(*block_size, std::vector<std::string>()); |
[email protected] | abd4cb2 | 2014-05-16 05:22:56 | [diff] [blame] | 101 | std::vector<std::string>* hashes = &(data_[relative_path].second); |
| 102 | |
Sungguk Lim | f70d123 | 2019-06-26 20:18:11 | [diff] [blame] | 103 | for (const base::Value& value : hashes_list) { |
| 104 | if (!value.is_string()) |
[email protected] | abd4cb2 | 2014-05-16 05:22:56 | [diff] [blame] | 105 | return false; |
| 106 | |
| 107 | hashes->push_back(std::string()); |
Sungguk Lim | f70d123 | 2019-06-26 20:18:11 | [diff] [blame] | 108 | const std::string& encoded = value.GetString(); |
[email protected] | abd4cb2 | 2014-05-16 05:22:56 | [diff] [blame] | 109 | std::string* decoded = &hashes->back(); |
| 110 | if (!base::Base64Decode(encoded, decoded)) { |
| 111 | hashes->clear(); |
| 112 | return false; |
| 113 | } |
| 114 | } |
| 115 | } |
Istiaque Ahmed | 588df56 | 2018-07-06 20:16:04 | [diff] [blame] | 116 | uma_recorder.RecordSuccess(); |
[email protected] | abd4cb2 | 2014-05-16 05:22:56 | [diff] [blame] | 117 | return true; |
| 118 | } |
| 119 | |
| 120 | bool ComputedHashes::Reader::GetHashes(const base::FilePath& relative_path, |
| 121 | int* block_size, |
Istiaque Ahmed | 9bdd9d9 | 2017-12-16 04:53:27 | [diff] [blame] | 122 | std::vector<std::string>* hashes) const { |
[email protected] | 4f9bdf6 | 2014-06-28 01:08:22 | [diff] [blame] | 123 | base::FilePath path = relative_path.NormalizePathSeparatorsTo('/'); |
jdoerrie | a1e1598b | 2018-10-10 09:10:37 | [diff] [blame] | 124 | auto i = data_.find(path); |
asargent | 79369191 | 2014-10-04 01:12:21 | [diff] [blame] | 125 | if (i == data_.end()) { |
| 126 | // If we didn't find the entry using exact match, it's possible the |
| 127 | // developer is using a path with some letters in the incorrect case, which |
| 128 | // happens to work on windows/osx. So try doing a linear scan to look for a |
| 129 | // case-insensitive match. In practice most extensions don't have that big |
| 130 | // a list of files so the performance penalty is probably not too big |
| 131 | // here. Also for crbug.com/29941 we plan to start warning developers when |
| 132 | // they are making this mistake, since their extension will be broken on |
| 133 | // linux/chromeos. |
| 134 | for (i = data_.begin(); i != data_.end(); ++i) { |
| 135 | const base::FilePath& entry = i->first; |
| 136 | if (base::FilePath::CompareEqualIgnoreCase(entry.value(), path.value())) |
| 137 | break; |
| 138 | } |
| 139 | if (i == data_.end()) |
| 140 | return false; |
| 141 | } |
Istiaque Ahmed | 9bdd9d9 | 2017-12-16 04:53:27 | [diff] [blame] | 142 | const HashInfo& info = i->second; |
[email protected] | abd4cb2 | 2014-05-16 05:22:56 | [diff] [blame] | 143 | *block_size = info.first; |
| 144 | *hashes = info.second; |
| 145 | return true; |
| 146 | } |
| 147 | |
[email protected] | de00aeb | 2014-08-06 09:13:39 | [diff] [blame] | 148 | ComputedHashes::Writer::Writer() : file_list_(new base::ListValue) { |
[email protected] | abd4cb2 | 2014-05-16 05:22:56 | [diff] [blame] | 149 | } |
[email protected] | de00aeb | 2014-08-06 09:13:39 | [diff] [blame] | 150 | |
[email protected] | abd4cb2 | 2014-05-16 05:22:56 | [diff] [blame] | 151 | ComputedHashes::Writer::~Writer() { |
| 152 | } |
| 153 | |
| 154 | void ComputedHashes::Writer::AddHashes(const base::FilePath& relative_path, |
| 155 | int block_size, |
| 156 | const std::vector<std::string>& hashes) { |
Jeremy Roman | 16529d0e | 2017-08-24 18:13:47 | [diff] [blame] | 157 | auto block_hashes = std::make_unique<base::ListValue>(); |
jdoerrie | 6ff270ca | 2017-06-07 10:31:45 | [diff] [blame] | 158 | block_hashes->GetList().reserve(hashes.size()); |
| 159 | for (const auto& hash : hashes) { |
| 160 | std::string encoded; |
| 161 | base::Base64Encode(hash, &encoded); |
Jan Wilken Dörrie | 85a6671 | 2019-09-11 18:35:09 | [diff] [blame] | 162 | block_hashes->Append(std::move(encoded)); |
jdoerrie | 6ff270ca | 2017-06-07 10:31:45 | [diff] [blame] | 163 | } |
| 164 | |
Jeremy Roman | 16529d0e | 2017-08-24 18:13:47 | [diff] [blame] | 165 | auto dict = std::make_unique<base::DictionaryValue>(); |
Jens Widell | fa216f1 | 2018-02-02 08:48:35 | [diff] [blame] | 166 | dict->SetString(computed_hashes::kPathKey, |
[email protected] | 4f9bdf6 | 2014-06-28 01:08:22 | [diff] [blame] | 167 | relative_path.NormalizePathSeparatorsTo('/').AsUTF8Unsafe()); |
Jens Widell | fa216f1 | 2018-02-02 08:48:35 | [diff] [blame] | 168 | dict->SetInteger(computed_hashes::kBlockSizeKey, block_size); |
| 169 | dict->Set(computed_hashes::kBlockHashesKey, std::move(block_hashes)); |
dcheng | f1950200 | 2016-09-14 15:18:18 | [diff] [blame] | 170 | file_list_->Append(std::move(dict)); |
[email protected] | abd4cb2 | 2014-05-16 05:22:56 | [diff] [blame] | 171 | } |
| 172 | |
| 173 | bool ComputedHashes::Writer::WriteToFile(const base::FilePath& path) { |
| 174 | std::string json; |
[email protected] | de00aeb | 2014-08-06 09:13:39 | [diff] [blame] | 175 | base::DictionaryValue top_dictionary; |
Jens Widell | fa216f1 | 2018-02-02 08:48:35 | [diff] [blame] | 176 | top_dictionary.SetInteger(computed_hashes::kVersionKey, |
| 177 | computed_hashes::kVersion); |
| 178 | top_dictionary.Set(computed_hashes::kFileHashesKey, std::move(file_list_)); |
[email protected] | de00aeb | 2014-08-06 09:13:39 | [diff] [blame] | 179 | |
estade | 8d04646 | 2015-05-16 01:02:34 | [diff] [blame] | 180 | if (!base::JSONWriter::Write(top_dictionary, &json)) |
[email protected] | abd4cb2 | 2014-05-16 05:22:56 | [diff] [blame] | 181 | return false; |
| 182 | int written = base::WriteFile(path, json.data(), json.size()); |
| 183 | if (static_cast<unsigned>(written) != json.size()) { |
[email protected] | de00aeb | 2014-08-06 09:13:39 | [diff] [blame] | 184 | LOG(ERROR) << "Error writing " << path.AsUTF8Unsafe() |
[email protected] | abd4cb2 | 2014-05-16 05:22:56 | [diff] [blame] | 185 | << " ; write result:" << written << " expected:" << json.size(); |
| 186 | return false; |
| 187 | } |
| 188 | return true; |
| 189 | } |
| 190 | |
[email protected] | de00aeb | 2014-08-06 09:13:39 | [diff] [blame] | 191 | void ComputedHashes::ComputeHashesForContent(const std::string& contents, |
| 192 | size_t block_size, |
| 193 | std::vector<std::string>* hashes) { |
| 194 | size_t offset = 0; |
| 195 | // Even when the contents is empty, we want to output at least one hash |
| 196 | // block (the hash of the empty string). |
| 197 | do { |
| 198 | const char* block_start = contents.data() + offset; |
| 199 | DCHECK(offset <= contents.size()); |
| 200 | size_t bytes_to_read = std::min(contents.size() - offset, block_size); |
dcheng | f5d24108 | 2016-04-21 03:43:11 | [diff] [blame] | 201 | std::unique_ptr<crypto::SecureHash> hash( |
[email protected] | de00aeb | 2014-08-06 09:13:39 | [diff] [blame] | 202 | crypto::SecureHash::Create(crypto::SecureHash::SHA256)); |
| 203 | hash->Update(block_start, bytes_to_read); |
| 204 | |
| 205 | hashes->push_back(std::string()); |
| 206 | std::string* buffer = &(hashes->back()); |
| 207 | buffer->resize(crypto::kSHA256Length); |
Ryan Sleevi | 972b2ff | 2018-05-14 15:45:10 | [diff] [blame] | 208 | hash->Finish(base::data(*buffer), buffer->size()); |
[email protected] | de00aeb | 2014-08-06 09:13:39 | [diff] [blame] | 209 | |
| 210 | // If |contents| is empty, then we want to just exit here. |
| 211 | if (bytes_to_read == 0) |
| 212 | break; |
| 213 | |
| 214 | offset += bytes_to_read; |
| 215 | } while (offset < contents.size()); |
| 216 | } |
| 217 | |
[email protected] | abd4cb2 | 2014-05-16 05:22:56 | [diff] [blame] | 218 | } // namespace extensions |