| // Copyright 2014 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "extensions/browser/content_verify_job.h" |
| |
| #include <algorithm> |
| |
| #include "base/bind.h" |
| #include "base/lazy_instance.h" |
| #include "base/metrics/histogram_macros.h" |
| #include "base/stl_util.h" |
| #include "base/task/post_task.h" |
| #include "base/task/thread_pool.h" |
| #include "base/timer/elapsed_timer.h" |
| #include "content/public/browser/browser_thread.h" |
| #include "crypto/secure_hash.h" |
| #include "crypto/sha2.h" |
| #include "extensions/browser/content_hash_reader.h" |
| #include "extensions/browser/content_verifier.h" |
| #include "extensions/browser/content_verifier/content_hash.h" |
| |
| namespace extensions { |
| |
| namespace { |
| |
| bool g_ignore_verification_for_tests = false; |
| |
| base::LazyInstance<scoped_refptr<ContentVerifyJob::TestObserver>>::Leaky |
| g_content_verify_job_test_observer = LAZY_INSTANCE_INITIALIZER; |
| |
| scoped_refptr<ContentVerifyJob::TestObserver> GetTestObserver() { |
| if (!g_content_verify_job_test_observer.IsCreated()) |
| return nullptr; |
| return g_content_verify_job_test_observer.Get(); |
| } |
| |
| class ScopedElapsedTimer { |
| public: |
| explicit ScopedElapsedTimer(base::TimeDelta* total) : total_(total) { |
| DCHECK(total_); |
| } |
| |
| ~ScopedElapsedTimer() { *total_ += timer.Elapsed(); } |
| |
| private: |
| // Some total amount of time we should add our elapsed time to at |
| // destruction. |
| base::TimeDelta* total_; |
| |
| // A timer for how long this object has been alive. |
| base::ElapsedTimer timer; |
| }; |
| |
| bool IsIgnorableReadError(MojoResult read_result) { |
| // Extension reload, for example, can cause benign MOJO_RESULT_ABORTED error. |
| // Do not incorrectly fail content verification in that case. |
| // See https://crbug.com/977805 for details. |
| return read_result == MOJO_RESULT_ABORTED; |
| } |
| |
| } // namespace |
| |
| ContentVerifyJob::ContentVerifyJob(const ExtensionId& extension_id, |
| const base::Version& extension_version, |
| const base::FilePath& extension_root, |
| const base::FilePath& relative_path, |
| FailureCallback failure_callback) |
| : done_reading_(false), |
| hashes_ready_(false), |
| total_bytes_read_(0), |
| current_block_(0), |
| current_hash_byte_count_(0), |
| extension_id_(extension_id), |
| extension_version_(extension_version), |
| extension_root_(extension_root), |
| relative_path_(relative_path), |
| failure_callback_(std::move(failure_callback)), |
| failed_(false) {} |
| |
| ContentVerifyJob::~ContentVerifyJob() { |
| UMA_HISTOGRAM_COUNTS_1M("ExtensionContentVerifyJob.TimeSpentUS", |
| time_spent_.InMicroseconds()); |
| } |
| |
| void ContentVerifyJob::Start(ContentVerifier* verifier) { |
| DCHECK_CURRENTLY_ON(content::BrowserThread::IO); |
| base::AutoLock auto_lock(lock_); |
| verifier->GetContentHash( |
| extension_id_, extension_root_, extension_version_, |
| true /* force_missing_computed_hashes_creation */, |
| base::BindOnce(&ContentVerifyJob::DidGetContentHashOnIO, this)); |
| } |
| |
| void ContentVerifyJob::DidGetContentHashOnIO( |
| scoped_refptr<const ContentHash> content_hash) { |
| DCHECK_CURRENTLY_ON(content::BrowserThread::IO); |
| base::AutoLock auto_lock(lock_); |
| scoped_refptr<TestObserver> test_observer = GetTestObserver(); |
| if (test_observer) |
| test_observer->JobStarted(extension_id_, relative_path_); |
| // Build |hash_reader_|. |
| base::ThreadPool::PostTaskAndReplyWithResult( |
| FROM_HERE, {base::MayBlock(), base::TaskPriority::USER_VISIBLE}, |
| base::BindOnce(&ContentHashReader::Create, relative_path_, content_hash), |
| base::BindOnce(&ContentVerifyJob::OnHashesReady, this)); |
| } |
| |
| void ContentVerifyJob::Read(const char* data, |
| int count, |
| MojoResult read_result) { |
| base::AutoLock auto_lock(lock_); |
| DCHECK(!done_reading_); |
| ReadImpl(data, count, read_result); |
| } |
| |
| void ContentVerifyJob::Done() { |
| base::AutoLock auto_lock(lock_); |
| ScopedElapsedTimer timer(&time_spent_); |
| if (failed_) |
| return; |
| if (g_ignore_verification_for_tests) |
| return; |
| DCHECK(!done_reading_); |
| done_reading_ = true; |
| if (!hashes_ready_) |
| return; // Wait for OnHashesReady. |
| |
| const bool can_proceed = has_ignorable_read_error_ || FinishBlock(); |
| if (can_proceed) { |
| scoped_refptr<TestObserver> test_observer = GetTestObserver(); |
| if (test_observer) |
| test_observer->JobFinished(extension_id_, relative_path_, NONE); |
| } else { |
| DispatchFailureCallback(HASH_MISMATCH); |
| } |
| } |
| |
| void ContentVerifyJob::ReadImpl(const char* data, |
| int count, |
| MojoResult read_result) { |
| ScopedElapsedTimer timer(&time_spent_); |
| if (failed_) |
| return; |
| if (g_ignore_verification_for_tests) |
| return; |
| if (IsIgnorableReadError(read_result)) |
| has_ignorable_read_error_ = true; |
| if (has_ignorable_read_error_) |
| return; |
| |
| if (!hashes_ready_) { |
| queue_.append(data, count); |
| return; |
| } |
| DCHECK_GE(count, 0); |
| int bytes_added = 0; |
| |
| while (bytes_added < count) { |
| if (current_block_ >= hash_reader_->block_count()) |
| return DispatchFailureCallback(HASH_MISMATCH); |
| |
| if (!current_hash_) { |
| current_hash_byte_count_ = 0; |
| current_hash_ = crypto::SecureHash::Create(crypto::SecureHash::SHA256); |
| } |
| // Compute how many bytes we should hash, and add them to the current hash. |
| int bytes_to_hash = |
| std::min(hash_reader_->block_size() - current_hash_byte_count_, |
| count - bytes_added); |
| DCHECK_GT(bytes_to_hash, 0); |
| current_hash_->Update(data + bytes_added, bytes_to_hash); |
| bytes_added += bytes_to_hash; |
| current_hash_byte_count_ += bytes_to_hash; |
| total_bytes_read_ += bytes_to_hash; |
| |
| // If we finished reading a block worth of data, finish computing the hash |
| // for it and make sure the expected hash matches. |
| if (current_hash_byte_count_ == hash_reader_->block_size() && |
| !FinishBlock()) { |
| DispatchFailureCallback(HASH_MISMATCH); |
| return; |
| } |
| } |
| } |
| |
| bool ContentVerifyJob::FinishBlock() { |
| DCHECK(!failed_); |
| if (current_hash_byte_count_ == 0) { |
| if (!done_reading_ || |
| // If we have checked all blocks already, then nothing else to do here. |
| current_block_ == hash_reader_->block_count()) { |
| return true; |
| } |
| } |
| if (!current_hash_) { |
| // This happens when we fail to read the resource. Compute empty content's |
| // hash in this case. |
| current_hash_ = crypto::SecureHash::Create(crypto::SecureHash::SHA256); |
| } |
| std::string final(crypto::kSHA256Length, 0); |
| current_hash_->Finish(base::data(final), final.size()); |
| current_hash_.reset(); |
| current_hash_byte_count_ = 0; |
| |
| int block = current_block_++; |
| |
| const std::string* expected_hash = NULL; |
| if (!hash_reader_->GetHashForBlock(block, &expected_hash) || |
| *expected_hash != final) { |
| return false; |
| } |
| |
| return true; |
| } |
| |
| void ContentVerifyJob::OnHashesReady( |
| std::unique_ptr<const ContentHashReader> hash_reader) { |
| base::AutoLock auto_lock(lock_); |
| hash_reader_ = std::move(hash_reader); |
| |
| if (g_ignore_verification_for_tests) |
| return; |
| scoped_refptr<TestObserver> test_observer = GetTestObserver(); |
| if (test_observer) |
| test_observer->OnHashesReady(extension_id_, relative_path_, *hash_reader_); |
| |
| switch (hash_reader_->status()) { |
| case ContentHashReader::InitStatus::HASHES_MISSING: { |
| DispatchFailureCallback(MISSING_ALL_HASHES); |
| return; |
| } |
| case ContentHashReader::InitStatus::HASHES_DAMAGED: { |
| DispatchFailureCallback(CORRUPTED_HASHES); |
| return; |
| } |
| case ContentHashReader::InitStatus::NO_HASHES_FOR_NON_EXISTING_RESOURCE: { |
| // Ignore verification of non-existent resources. |
| scoped_refptr<TestObserver> test_observer = GetTestObserver(); |
| if (test_observer) |
| test_observer->JobFinished(extension_id_, relative_path_, NONE); |
| return; |
| } |
| case ContentHashReader::InitStatus::NO_HASHES_FOR_RESOURCE: { |
| DispatchFailureCallback(NO_HASHES_FOR_FILE); |
| return; |
| } |
| case ContentHashReader::InitStatus::SUCCESS: { |
| // Just proceed with hashes in case of success. |
| } |
| } |
| DCHECK_EQ(ContentHashReader::InitStatus::SUCCESS, hash_reader_->status()); |
| |
| DCHECK(!failed_); |
| |
| hashes_ready_ = true; |
| if (!queue_.empty()) { |
| std::string tmp; |
| queue_.swap(tmp); |
| ReadImpl(base::data(tmp), tmp.size(), MOJO_RESULT_OK); |
| if (failed_) |
| return; |
| } |
| if (done_reading_) { |
| ScopedElapsedTimer timer(&time_spent_); |
| if (!has_ignorable_read_error_ && !FinishBlock()) { |
| DispatchFailureCallback(HASH_MISMATCH); |
| } else { |
| scoped_refptr<TestObserver> test_observer = GetTestObserver(); |
| if (test_observer) |
| test_observer->JobFinished(extension_id_, relative_path_, NONE); |
| } |
| } |
| } |
| |
| // static |
| void ContentVerifyJob::SetIgnoreVerificationForTests(bool value) { |
| DCHECK_NE(g_ignore_verification_for_tests, value); |
| g_ignore_verification_for_tests = value; |
| } |
| |
| // static |
| void ContentVerifyJob::SetObserverForTests( |
| scoped_refptr<TestObserver> observer) { |
| DCHECK(observer == nullptr || |
| g_content_verify_job_test_observer.Get() == nullptr) |
| << "SetObserverForTests does not support interleaving. Observers should " |
| << "be set and then cleared one at a time."; |
| g_content_verify_job_test_observer.Get() = std::move(observer); |
| } |
| |
| void ContentVerifyJob::DispatchFailureCallback(FailureReason reason) { |
| DCHECK(!failed_); |
| failed_ = true; |
| if (!failure_callback_.is_null()) { |
| VLOG(1) << "job failed for " << extension_id_ << " " |
| << relative_path_.MaybeAsASCII() << " reason:" << reason; |
| std::move(failure_callback_).Run(reason); |
| } |
| scoped_refptr<TestObserver> test_observer = GetTestObserver(); |
| if (test_observer) |
| test_observer->JobFinished(extension_id_, relative_path_, reason); |
| } |
| |
| } // namespace extensions |
