crx-verify: add ecdsa support

Author: gromnitsky

README.md

@@ -13,17 +13,20 @@ The util is intentionally bare bone: it doesn't generate a private key
 for you (use openssl for that) & it doesn't compress your directory
 (use zip for that).
 
-Print info:
+Print info for a .crx downloaded from the Chome Web Store:
 
 ~~~
 $ crx3-info < file.crx
-id                   nofnjfackdchgipjnedfdcmhldeejknj
-header               593
-payload              5581
-sha256_with_rsa      1
-sha256_with_ecdsa    0
+id                   ckbpebiaofifhmkecjijobfafcfngfkj
+header               1322
+payload              8233
+sha256_with_rsa      2 main_idx=1
+sha256_with_ecdsa    1
 ~~~
 
+(`main_idx` is the index of AsymmetricKeyProof that contains a public
+key from which the id was derived during the .crx creation.)
+
 Extract zip:
 
 ~~~
@@ -36,19 +39,19 @@ Extract the 1st rsa public key:
 ~~~
 $ crx3-info rsa 0 < file.crx
 -----BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmxbf7fCk1V+XL9prvqpx
-BrI2JA6P5Y7rqABIC3PB8K2lJwo0NokwKwHxpC6yRQelvnFUsODrRjrEYMPeImgp
-skE9Tn36aRzPGFXAPxwRUzcjAPBYzSL6/ieNSmyMxkFXA/1+QS5ofm/IaLlOpe2V
-AQF6NRpsGWfkKHy09guMRNzcy7MXDbmPBMynPU+td2GHaql/6E9lN7Zk5KLpRLVJ
-WgAcrJsG8XORVMNTaOBpgcrEwGPBBdRG1A+foHNRQLNPE1dMLbgJcPWVbSCJsm1e
-I/blb/ULUw+jvgFlSxZblWHiiGoSdI0vLfJpxjAvIeqRnLW2EZuTvJaaKkYtJW8q
-9QIDAQAB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj/u/XDdjlDyw7gHEtaaa
+sZ9GdG8WOKAyJzXd8HFrDtz2Jcuy7er7MtWvHgNDA0bwpznbI5YdZeV4UfCEsA4S
+rA5b3MnWTHwA1bgbiDM+L9rrqvcadcKuOlTeN48Q0ijmhHlNFbTzvT9W0zw/GKv8
+LgXAHggxtmHQ/Z9PP2QNF5O8rUHHSL4AJ6hNcEKSBVSmbbjeVm4gSXDuED5r0nwx
+vRtupDxGYp8IZpP5KlExqNu1nbkPc+igCTIB6XsqijagzxewUHCdovmkb2JNtskx
+/PMIEv+TvWIx2BzqGp71gSh/dV7SJ3rClvWd2xj8dtxG8FfAWDTIIi0qZXWn2Qhi
+zQIDAQAB
 -----END PUBLIC KEY-----
 ~~~
 
 Validate (returns 0 on success):
 
-    $ crx3-verify rsa public.pem < file.crx
+    $ crx3-verify rsa 0 public.pem < file.crx
 
 ## License
 

crx3-info

@@ -15,33 +15,18 @@ function main() {
 }
 
 function public_key_extract(hdr, proof, index) {
-    let type = { 'rsa': 'sha256_with_rsa', 'ec': 'sha256_with_ecdsa' }
-    let container = type[proof]
-    if (!container) throw new Error(`no support for ${proof}`)
-    if (!hdr[container][index]) throw new Error('invalid index')
-    return crx.der2pem(hdr[container][index].public_key)
+    return crx.der2pem(crx.container(hdr, proof, index).public_key)
 }
 
 function dump(hdr) {
     return [
-	["id", mpdecimal(hdr.signed_header_data.crx_id.toString('hex'))],
+	["id", crx.mpdecimal(hdr.signed_header_data.crx_id)],
 	["header", hdr.header_total_len],
-	["payload", hdr.payload_len],
-	["sha256_with_rsa", hdr.sha256_with_rsa.length],
+	["payload", hdr.payload.length],
+	["sha256_with_rsa",
+	 `${hdr.sha256_with_rsa.length} main_idx=${crx.rsa_main_index(hdr)}`],
 	["sha256_with_ecdsa", hdr.sha256_with_ecdsa.length]
     ].map( ([k,v]) => k.padEnd(20, ' ') + ' ' + v).join`\n` + "\n"
 }
 
-/* https://stackoverflow.com/a/2050916/81081
-
-   'the encoding uses a-p instead of 0-9a-f. The reason is that
-   leading numeric characters in the host field of an origin can wind
-   up being treated as potential IP addresses by Chrome. We refer to
-   it internally as "mpdecimal" after the guy who came up with it.' */
-function mpdecimal(hex) {
-    let a = 'a'.charCodeAt(0)
-    return hex.split('')
-	.map( v => String.fromCharCode((parseInt(v, 16)+a))).join``
-}
-
 main()

crx3-verify

@@ -1,23 +1,28 @@
 #!/usr/bin/env node
 'use strict';
 
+let crypto = require('crypto')
 let crx = require('./index')
 let u = crx.u
 let argv = process.argv
 
 function main() {
-    if (argv.length !== 2+2)
-	u.err(`Usage: ${u.progname()} rsa public.pem < file.zip`)
+    if (argv.length !== 2+3)
+	u.err(`Usage: ${u.progname()} rsa|ec index public.pem < file.zip`)
 
     u.read().then(crx.parse).then(verify).catch(u.err)
 }
 
 function verify(hdr) {
-    if (argv[2] !== 'rsa') throw new Error(`no support for ${argv[2]}`)
+    let container = crx.container(hdr, argv[2], argv[3])
 
-    return u.read(argv[3]).then(crx.pem2der).then( key => {
-	if (!crx.verify_rsa(key, hdr.signed_header_data.crx_id))
-	    process.exitCode = 1
+    return u.read(argv[4]).then( key => {
+	let main_idx = crx.rsa_main_index(hdr)
+	let main_public_key = hdr.sha256_with_rsa[main_idx].public_key
+
+	let maker = new crx.Maker({public_der: main_public_key}, hdr.payload)
+	let v = maker.signature_data_update(crypto.createVerify('sha256')).end()
+	if (!v.verify(key, container.signature)) process.exitCode = 1
     })
 }
 

index.js

@@ -39,7 +39,7 @@ exports.parse = function(buf) {
     let crx_file_header = parse_header(header)
     return Object.assign({
 	header_total_len: header.length + meta,
-	payload_len: buf.length - header.length - meta
+	payload: buf.slice(header.length + meta)
     }, crx_file_header)
 }
 
@@ -52,12 +52,6 @@ function parse_header(buf) {
     return hdr
 }
 
-// the first 128 bits of the sha256 hash of the public key must be == crx id
-exports.verify_rsa = function(public_key, id) {
-    let a = crypto.createHash('sha256').update(public_key).digest().slice(0, 16)
-    return a.equals(id)
-}
-
 exports.pem2der = function(buf) {
     return crypto.createPublicKey(buf).export({type: 'spki', format: 'der'})
 }
@@ -80,10 +74,7 @@ exports.Maker = class {
 	this.payload = payload
     }
 
-    id() {
-	return crypto.createHash('sha256')
-	    .update(this.key.public_der).digest().slice(0, 16)
-    }
+    id() { return exports.crx_id(this.key.public_der) }
 
     signed_data() {
 	let pb
@@ -95,13 +86,16 @@ exports.Maker = class {
     }
 
     sign() {
+	return this.signature_data_update(crypto.createSign('sha256'))
+	    .sign(this.key.private)
+    }
+
+    signature_data_update(signature) {
 	let magic_str = "CRX3 SignedData\x00"
-	return crypto.createSign('sha256')
-	    .update(magic_str)
+	return signature.update(magic_str)
 	    .update(len(this.signed_data()))
 	    .update(this.signed_data())
 	    .update(this.payload)
-	    .sign(this.key.private)
     }
 
     header() {
@@ -131,3 +125,32 @@ function len(o) {		// 4 bytes, little-endian
     buf.writeUInt32LE(o.length, 0)
     return buf
 }
+
+exports.crx_id = function(public_key) {
+    return crypto.createHash('sha256').update(public_key).digest().slice(0, 16)
+}
+
+/* https://stackoverflow.com/a/2050916/81081
+
+   'the encoding uses a-p instead of 0-9a-f. The reason is that
+   leading numeric characters in the host field of an origin can wind
+   up being treated as potential IP addresses by Chrome. We refer to
+   it internally as "mpdecimal" after the guy who came up with it.' */
+exports.mpdecimal = function(buf) {
+    let a = 'a'.charCodeAt(0)
+    return buf.toString('hex').split('')
+	.map( v => String.fromCharCode((parseInt(v, 16)+a))).join``
+}
+
+exports.rsa_main_index = function(hdr) {
+    let id = hdr.signed_header_data.crx_id
+    return hdr.sha256_with_rsa
+	.findIndex( proof => id.equals(exports.crx_id(proof.public_key)))
+}
+
+exports.container = function(hdr, proof, index) {
+    let type = { 'rsa': 'sha256_with_rsa', 'ec': 'sha256_with_ecdsa' }
+    let ctr = type[proof]; if (!ctr) throw new Error(`no support for ${proof}`)
+    ctr = hdr[ctr][index]; if (!ctr) throw new Error(`invalid index`)
+    return ctr
+}

test/test_smoke.js

@@ -30,7 +30,7 @@ suite('cli', function() {
 		     `id                   efhdamkdoffheefhloplkcfimcfkjgip
 header               593
 payload              231
-sha256_with_rsa      1
+sha256_with_rsa      1 main_idx=0
 sha256_with_ecdsa    0
 `)
     })
@@ -55,11 +55,11 @@ bQIDAQAB
 		   {input: fs.readFileSync(tmp('foo.crx'))})
 	fs.writeFileSync(tmp('foo.public_key.pem'), r.stdout)
 
-	r = sh('../crx3-verify', ['rsa', tmp('foo.public_key.pem')],
+	r = sh('../crx3-verify', ['rsa', '0', tmp('foo.public_key.pem')],
 	       {input: fs.readFileSync(tmp('foo.crx'))})
 	assert(r.status === 0)
 
-	r = sh('../crx3-verify', ['rsa', 'alien_public.pem'],
+	r = sh('../crx3-verify', ['rsa', '0', 'alien_public.pem'],
 	       {input: fs.readFileSync(tmp('foo.crx'))})
 	assert(r.status !== 0)
     })