refactor: migrate hashing code to new upstream crypto::hash
API (#46273)
* refactor: migrate AsarFileValidator to crypto::hash This change migrates AsarFileValidator's uses of crypto::secure_hash to the new crypto::hash API, which has more memory safety and less heap allocations. Xref:6287609
Co-authored-by: Charles Kerr <charles@charleskerr.com> * refactor: migrate ValidateIntegrityOrDie to crypto::hash This change migrates ValidateIntegrityOrDie's use of crypto::SHA256Hash to the new crypto::hash API, which has more memory safety and less heap allocations. Xref:6287609
Co-authored-by: Charles Kerr <charles@charleskerr.com> --------- Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com> Co-authored-by: Charles Kerr <charles@charleskerr.com>
This commit is contained in:
parent
5b9f71602d
commit
06ad763412
3 changed files with 8 additions and 10 deletions
|
@ -14,7 +14,6 @@
|
|||
#include "base/notreached.h"
|
||||
#include "base/strings/string_number_conversions.h"
|
||||
#include "base/strings/string_util.h"
|
||||
#include "crypto/sha2.h"
|
||||
|
||||
namespace asar {
|
||||
|
||||
|
@ -34,7 +33,7 @@ void AsarFileValidator::EnsureBlockHashExists() {
|
|||
current_hash_byte_count_ = 0U;
|
||||
switch (integrity_.algorithm) {
|
||||
case HashAlgorithm::kSHA256:
|
||||
current_hash_ = crypto::SecureHash::Create(crypto::SecureHash::SHA256);
|
||||
current_hash_.emplace(crypto::hash::kSha256);
|
||||
break;
|
||||
case HashAlgorithm::kNone:
|
||||
NOTREACHED();
|
||||
|
@ -86,7 +85,7 @@ bool AsarFileValidator::FinishBlock() {
|
|||
if (!current_hash_) {
|
||||
// This happens when we fail to read the resource. Compute empty content's
|
||||
// hash in this case.
|
||||
current_hash_ = crypto::SecureHash::Create(crypto::SecureHash::SHA256);
|
||||
current_hash_.emplace(crypto::hash::kSha256);
|
||||
}
|
||||
|
||||
// If the file reader is done we need to make sure we've either read up to the
|
||||
|
@ -108,7 +107,7 @@ bool AsarFileValidator::FinishBlock() {
|
|||
current_hash_->Update(abandoned_buffer);
|
||||
}
|
||||
|
||||
auto actual = std::array<uint8_t, crypto::kSHA256Length>{};
|
||||
auto actual = std::array<uint8_t, crypto::hash::kSha256Size>{};
|
||||
current_hash_->Finish(actual);
|
||||
current_hash_.reset();
|
||||
current_hash_byte_count_ = 0;
|
||||
|
|
|
@ -5,9 +5,9 @@
|
|||
#ifndef ELECTRON_SHELL_BROWSER_NET_ASAR_ASAR_FILE_VALIDATOR_H_
|
||||
#define ELECTRON_SHELL_BROWSER_NET_ASAR_ASAR_FILE_VALIDATOR_H_
|
||||
|
||||
#include <memory>
|
||||
#include <optional>
|
||||
|
||||
#include "crypto/secure_hash.h"
|
||||
#include "crypto/hash.h"
|
||||
#include "mojo/public/cpp/system/file_data_source.h"
|
||||
#include "mojo/public/cpp/system/filtered_data_source.h"
|
||||
#include "shell/common/asar/archive.h"
|
||||
|
@ -56,7 +56,7 @@ class AsarFileValidator : public mojo::FilteredDataSource::Filter {
|
|||
int max_block_;
|
||||
uint64_t current_hash_byte_count_ = 0U;
|
||||
uint64_t total_hash_byte_count_ = 0;
|
||||
std::unique_ptr<crypto::SecureHash> current_hash_;
|
||||
std::optional<crypto::hash::Hasher> current_hash_;
|
||||
};
|
||||
|
||||
} // namespace asar
|
||||
|
|
|
@ -16,8 +16,7 @@
|
|||
#include "base/strings/string_util.h"
|
||||
#include "base/synchronization/lock.h"
|
||||
#include "base/threading/thread_local.h"
|
||||
#include "crypto/secure_hash.h"
|
||||
#include "crypto/sha2.h"
|
||||
#include "crypto/hash.h"
|
||||
#include "shell/common/asar/archive.h"
|
||||
#include "shell/common/thread_restrictions.h"
|
||||
|
||||
|
@ -139,7 +138,7 @@ void ValidateIntegrityOrDie(base::span<const uint8_t> input,
|
|||
const IntegrityPayload& integrity) {
|
||||
if (integrity.algorithm == HashAlgorithm::kSHA256) {
|
||||
const std::string hex_hash =
|
||||
base::ToLowerASCII(base::HexEncode(crypto::SHA256Hash(input)));
|
||||
base::ToLowerASCII(base::HexEncode(crypto::hash::Sha256(input)));
|
||||
if (integrity.hash != hex_hash) {
|
||||
LOG(FATAL) << "Integrity check failed for asar archive ("
|
||||
<< integrity.hash << " vs " << hex_hash << ")";
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue