init

Author: gromnitsky

crx3-new

@@ -0,0 +1,73 @@
+#!/usr/bin/env node
+
+let crypto = require('crypto')
+let fs = require('fs')
+let Pbf = require('pbf')
+let crx3pb = require('./crx3_pb')
+
+function main() {
+    let pem = fs.readFileSync(process.argv[2])
+    let zipdata = fs.readFileSync('/dev/stdin')
+    let crx = new CrxFile(pem, zipdata)
+    process.stdout.write(crx.creat())
+}
+
+class CrxFile {
+    constructor(pem, zipdata) {
+	this.private_key = crypto.createPrivateKey(pem)
+	this.public_key_der = crypto.createPublicKey(pem)
+	    .export({type: 'spki', format: 'der'})
+	this.zipdata = zipdata
+    }
+
+    id() {
+	return crypto.createHash('sha256')
+	    .update(this.public_key_der).digest().slice(0, 16)
+    }
+
+    signed_data() {
+	let pb = new Pbf()
+	crx3pb.SignedData.write({crx_id: this.id()}, pb)
+	return pb.finish()
+    }
+
+    sign() {
+	let magic_str = "CRX3 SignedData\x00"
+	let signed_data = this.signed_data()
+	return crypto.createSign('sha256')
+	    .update(magic_str)
+	    .update(octets(signed_data))
+	    .update(signed_data)
+	    .update(this.zipdata)
+	    .sign(this.private_key)
+    }
+
+    header() {
+	let pb = new Pbf()
+	crx3pb.CrxFileHeader.write({
+	    sha256_with_rsa: [{	// AsymmetricKeyProof
+		public_key: this.public_key_der,
+		signature: this.sign()
+	    }],
+	    signed_header_data: this.signed_data()
+	}, pb)
+	return pb.finish()
+    }
+
+    creat() {
+	let magic_str = Buffer.from('Cr24')
+	let version = octets('xxx')
+	let header_size = octets(this.header())
+
+	return Buffer.concat([magic_str, version, header_size, this.header(),
+			      this.zipdata])
+    }
+}
+
+function octets(str) {		// 4 bytes, little-endian
+    let buf = Buffer.allocUnsafe(4)
+    buf.writeUInt32LE(str.length, 0)
+    return buf
+}
+
+main()

crx3.proto

@@ -0,0 +1,55 @@
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file
+
+syntax = "proto2";
+
+option optimize_for = LITE_RUNTIME;
+
+package crx_file;
+
+// A CRX₃ file is a binary file of the following format:
+// [4 octets]: "Cr24", a magic number.
+// [4 octets]: The version of the *.crx file format used (currently 3).
+// [4 octets]: N, little-endian, the length of the header section.
+// [N octets]: The header (the binary encoding of a CrxFileHeader).
+// [M octets]: The ZIP archive.
+// Clients should reject CRX₃ files that contain an N that is too large for the
+// client to safely handle in memory.
+
+message CrxFileHeader {
+  // PSS signature with RSA public key. The public key is formatted as a
+  // X.509 SubjectPublicKeyInfo block, as in CRX₂. In the common case of a
+  // developer key proof, the first 128 bits of the SHA-256 hash of the
+  // public key must equal the crx_id.
+  repeated AsymmetricKeyProof sha256_with_rsa = 2;
+
+  // ECDSA signature, using the NIST P-256 curve. Public key appears in
+  // named-curve format.
+  // The pinned algorithm will be this, at least on 2017-01-01.
+  repeated AsymmetricKeyProof sha256_with_ecdsa = 3;
+
+  // The binary form of a SignedData message. We do not use a nested
+  // SignedData message, as handlers of this message must verify the proofs
+  // on exactly these bytes, so it is convenient to parse in two steps.
+  //
+  // All proofs in this CrxFile message are on the value
+  // "CRX3 SignedData\x00" + signed_header_size + signed_header_data +
+  // archive, where "\x00" indicates an octet with value 0, "CRX3 SignedData"
+  // is encoded using UTF-8, signed_header_size is the size in octets of the
+  // contents of this field and is encoded using 4 octets in little-endian
+  // order, signed_header_data is exactly the content of this field, and
+  // archive is the remaining contents of the file following the header.
+  optional bytes signed_header_data = 10000;
+}
+
+message AsymmetricKeyProof {
+  optional bytes public_key = 1;
+  optional bytes signature = 2;
+}
+
+message SignedData {
+  // This is simple binary, not UTF-8 encoded mpdecimal; i.e. it is exactly
+  // 16 bytes long.
+  optional bytes crx_id = 1;
+}

crx3_pb.js

@@ -0,0 +1,49 @@
+'use strict'; // code generated by pbf v3.2.0
+
+// CrxFileHeader ========================================
+
+var CrxFileHeader = exports.CrxFileHeader = {};
+
+CrxFileHeader.read = function (pbf, end) {
+    return pbf.readFields(CrxFileHeader._readField, {sha256_with_rsa: [], sha256_with_ecdsa: [], signed_header_data: null}, end);
+};
+CrxFileHeader._readField = function (tag, obj, pbf) {
+    if (tag === 2) obj.sha256_with_rsa.push(AsymmetricKeyProof.read(pbf, pbf.readVarint() + pbf.pos));
+    else if (tag === 3) obj.sha256_with_ecdsa.push(AsymmetricKeyProof.read(pbf, pbf.readVarint() + pbf.pos));
+    else if (tag === 10000) obj.signed_header_data = pbf.readBytes();
+};
+CrxFileHeader.write = function (obj, pbf) {
+    if (obj.sha256_with_rsa) for (var i = 0; i < obj.sha256_with_rsa.length; i++) pbf.writeMessage(2, AsymmetricKeyProof.write, obj.sha256_with_rsa[i]);
+    if (obj.sha256_with_ecdsa) for (i = 0; i < obj.sha256_with_ecdsa.length; i++) pbf.writeMessage(3, AsymmetricKeyProof.write, obj.sha256_with_ecdsa[i]);
+    if (obj.signed_header_data) pbf.writeBytesField(10000, obj.signed_header_data);
+};
+
+// AsymmetricKeyProof ========================================
+
+var AsymmetricKeyProof = exports.AsymmetricKeyProof = {};
+
+AsymmetricKeyProof.read = function (pbf, end) {
+    return pbf.readFields(AsymmetricKeyProof._readField, {public_key: null, signature: null}, end);
+};
+AsymmetricKeyProof._readField = function (tag, obj, pbf) {
+    if (tag === 1) obj.public_key = pbf.readBytes();
+    else if (tag === 2) obj.signature = pbf.readBytes();
+};
+AsymmetricKeyProof.write = function (obj, pbf) {
+    if (obj.public_key) pbf.writeBytesField(1, obj.public_key);
+    if (obj.signature) pbf.writeBytesField(2, obj.signature);
+};
+
+// SignedData ========================================
+
+var SignedData = exports.SignedData = {};
+
+SignedData.read = function (pbf, end) {
+    return pbf.readFields(SignedData._readField, {crx_id: null}, end);
+};
+SignedData._readField = function (tag, obj, pbf) {
+    if (tag === 1) obj.crx_id = pbf.readBytes();
+};
+SignedData.write = function (obj, pbf) {
+    if (obj.crx_id) pbf.writeBytesField(1, obj.crx_id);
+};

package.json

@@ -0,0 +1,5 @@
+{
+  "dependencies": {
+    "pbf": "^3.2.0"
+  }
+}