refactor: take a uint8_t span in ValidateIntegrityOrDie() (#43613)

refactor: take a uint8_t span in ValidateIntegrityOrDie()

Doing some groundwork for fixing unsafe base::File() APIs:

- Change ValidateIntegrityOrDie() to take a span<const uint8_t> arg.
  We'll need this to migrate asar's base::File API calls away from the
  ones tagged `UNSAFE_BUFFER_USAGE` because the safe counterparts use
  span<uint8_t> too.

- Simplify ValidateIntegrityOrDie()'s implementation by using
  crypto::SHA256Hash() instead of reinventing the wheel.

Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: Charles Kerr <charles@charleskerr.com>
This commit is contained in:
trop[bot] 2024-09-06 22:17:03 -05:00 committed by GitHub
parent 1c89eced62
commit 39258d20d4
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 11 additions and 20 deletions

View file

@ -251,9 +251,8 @@ bool Archive::Init() {
// Currently we only support the sha256 algorithm, we can add support for
// more below ensure we read them in preference order from most secure to
// least
if (integrity.value().algorithm != HashAlgorithm::kNone) {
ValidateIntegrityOrDie(header.c_str(), header.length(),
integrity.value());
if (integrity->algorithm != HashAlgorithm::kNone) {
ValidateIntegrityOrDie(base::as_byte_span(header), *integrity);
} else {
LOG(FATAL) << "No eligible hash for validatable asar archive: "
<< RelativePath().value();

View file

@ -133,25 +133,17 @@ bool ReadFileToString(const base::FilePath& path, std::string* contents) {
return false;
}
if (info.integrity.has_value()) {
ValidateIntegrityOrDie(contents->data(), contents->size(),
info.integrity.value());
}
if (info.integrity)
ValidateIntegrityOrDie(base::as_byte_span(*contents), *info.integrity);
return true;
}
void ValidateIntegrityOrDie(const char* data,
size_t size,
void ValidateIntegrityOrDie(base::span<const uint8_t> input,
const IntegrityPayload& integrity) {
if (integrity.algorithm == HashAlgorithm::kSHA256) {
uint8_t hash[crypto::kSHA256Length];
auto hasher = crypto::SecureHash::Create(crypto::SecureHash::SHA256);
hasher->Update(data, size);
hasher->Finish(hash, sizeof(hash));
const std::string hex_hash =
base::ToLowerASCII(base::HexEncode(hash, sizeof(hash)));
base::ToLowerASCII(base::HexEncode(crypto::SHA256Hash(input)));
if (integrity.hash != hex_hash) {
LOG(FATAL) << "Integrity check failed for asar archive ("
<< integrity.hash << " vs " << hex_hash << ")";

View file

@ -8,6 +8,8 @@
#include <memory>
#include <string>
#include "base/containers/span.h"
namespace base {
class FilePath;
}
@ -29,8 +31,7 @@ bool GetAsarArchivePath(const base::FilePath& full_path,
// Same with base::ReadFileToString but supports asar Archive.
bool ReadFileToString(const base::FilePath& path, std::string* contents);
void ValidateIntegrityOrDie(const char* data,
size_t size,
void ValidateIntegrityOrDie(base::span<const uint8_t> input,
const IntegrityPayload& integrity);
} // namespace asar

View file

@ -68,9 +68,8 @@ bool ScopedTemporaryFile::InitFromFile(
if (len != static_cast<int>(size))
return false;
if (integrity.has_value()) {
ValidateIntegrityOrDie(buf.data(), buf.size(), integrity.value());
}
if (integrity)
ValidateIntegrityOrDie(base::as_byte_span(buf), *integrity);
base::File dest(path_, base::File::FLAG_OPEN | base::File::FLAG_WRITE);
if (!dest.IsValid())