OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "config.h" | 5 #include "config.h" |
6 #include "core/frame/SubresourceIntegrity.h" | 6 #include "core/frame/SubresourceIntegrity.h" |
7 | 7 |
8 #include "core/HTMLNames.h" | 8 #include "core/HTMLNames.h" |
9 #include "core/dom/Document.h" | 9 #include "core/dom/Document.h" |
10 #include "core/dom/Element.h" | 10 #include "core/dom/Element.h" |
11 #include "core/fetch/Resource.h" | 11 #include "core/fetch/Resource.h" |
12 #include "core/frame/ConsoleTypes.h" | 12 #include "core/frame/ConsoleTypes.h" |
13 #include "core/frame/UseCounter.h" | 13 #include "core/frame/UseCounter.h" |
14 #include "core/inspector/ConsoleMessage.h" | 14 #include "core/inspector/ConsoleMessage.h" |
15 #include "platform/Crypto.h" | 15 #include "platform/Crypto.h" |
16 #include "platform/ParsingUtilities.h" | 16 #include "platform/ParsingUtilities.h" |
17 #include "platform/RuntimeEnabledFeatures.h" | 17 #include "platform/RuntimeEnabledFeatures.h" |
18 #include "platform/weborigin/KURL.h" | 18 #include "platform/weborigin/KURL.h" |
19 #include "platform/weborigin/SecurityOrigin.h" | 19 #include "platform/weborigin/SecurityOrigin.h" |
20 #include "public/platform/WebCrypto.h" | 20 #include "public/platform/WebCrypto.h" |
21 #include "public/platform/WebCryptoAlgorithm.h" | 21 #include "public/platform/WebCryptoAlgorithm.h" |
22 #include "wtf/ASCIICType.h" | 22 #include "wtf/ASCIICType.h" |
23 #include "wtf/Vector.h" | 23 #include "wtf/Vector.h" |
24 #include "wtf/dtoa/utils.h" | |
24 #include "wtf/text/Base64.h" | 25 #include "wtf/text/Base64.h" |
25 #include "wtf/text/StringUTF8Adaptor.h" | 26 #include "wtf/text/StringUTF8Adaptor.h" |
26 #include "wtf/text/WTFString.h" | 27 #include "wtf/text/WTFString.h" |
27 | 28 |
28 namespace blink { | 29 namespace blink { |
29 | 30 |
30 // FIXME: This should probably use common functions with ContentSecurityPolicy. | 31 // FIXME: This should probably use common functions with ContentSecurityPolicy. |
31 static bool isIntegrityCharacter(UChar c) | 32 static bool isIntegrityCharacter(UChar c) |
32 { | 33 { |
33 // Check if it's a base64 encoded value. We're pretty loose here, as there's | 34 // Check if it's a base64 encoded value. We're pretty loose here, as there's |
(...skipping 24 matching lines...) Expand all Loading... | |
58 | 59 |
59 return true; | 60 return true; |
60 } | 61 } |
61 | 62 |
62 static String digestToString(const DigestValue& digest) | 63 static String digestToString(const DigestValue& digest) |
63 { | 64 { |
64 // We always output base64url encoded data, even though we use base64 intern ally. | 65 // We always output base64url encoded data, even though we use base64 intern ally. |
65 return base64URLEncode(reinterpret_cast<const char*>(digest.data()), digest. size(), Base64DoNotInsertLFs); | 66 return base64URLEncode(reinterpret_cast<const char*>(digest.data()), digest. size(), Base64DoNotInsertLFs); |
66 } | 67 } |
67 | 68 |
69 | |
70 SubresourceIntegrity::PrioritizationResult SubresourceIntegrity::getPrioritizedH ashFunction(HashAlgorithm algorithm1, HashAlgorithm algorithm2) | |
71 { | |
72 const HashAlgorithm weakerThanSha256[] = { HashAlgorithmSha1 }; | |
Mike West
2015/06/03 09:13:33
Why do we support SHA-1 at all? I don't remember i
jww
2015/06/03 19:26:56
SHA1 is not supported, so, yes, we can ASSERT that
| |
73 const HashAlgorithm weakerThanSha384[] = { HashAlgorithmSha1, HashAlgorithmS ha256 }; | |
74 const HashAlgorithm weakerThanSha512[] = { HashAlgorithmSha1, HashAlgorithmS ha256, HashAlgorithmSha384 }; | |
75 | |
76 if (algorithm1 == algorithm2) | |
77 return SameStrength; | |
78 | |
79 const HashAlgorithm* weakerAlgorithms; | |
80 size_t length; | |
81 switch (algorithm1) { | |
82 case HashAlgorithmSha1: | |
83 return SecondAlgorithmIsStronger; | |
84 case HashAlgorithmSha256: | |
85 weakerAlgorithms = weakerThanSha256; | |
86 length = ARRAY_SIZE(weakerThanSha256); | |
87 break; | |
88 case HashAlgorithmSha384: | |
89 weakerAlgorithms = weakerThanSha384; | |
90 length = ARRAY_SIZE(weakerThanSha384); | |
91 break; | |
92 case HashAlgorithmSha512: | |
93 weakerAlgorithms = weakerThanSha512; | |
94 length = ARRAY_SIZE(weakerThanSha512); | |
95 break; | |
96 default: | |
97 ASSERT_NOT_REACHED(); | |
98 }; | |
99 | |
100 for (size_t i = 0; i < length; i++) { | |
101 if (weakerAlgorithms[i] == algorithm2) | |
102 return FirstAlgorithmIsStronger; | |
103 } | |
104 | |
105 return SecondAlgorithmIsStronger; | |
106 } | |
107 | |
68 bool SubresourceIntegrity::CheckSubresourceIntegrity(const Element& element, con st String& source, const KURL& resourceUrl, const Resource& resource) | 108 bool SubresourceIntegrity::CheckSubresourceIntegrity(const Element& element, con st String& source, const KURL& resourceUrl, const Resource& resource) |
69 { | 109 { |
70 if (!RuntimeEnabledFeatures::subresourceIntegrityEnabled()) | 110 if (!RuntimeEnabledFeatures::subresourceIntegrityEnabled()) |
71 return true; | 111 return true; |
72 | 112 |
73 Document& document = element.document(); | 113 Document& document = element.document(); |
74 String attribute = element.fastGetAttribute(HTMLNames::integrityAttr); | 114 String attribute = element.fastGetAttribute(HTMLNames::integrityAttr); |
75 if (attribute.isEmpty()) | 115 if (attribute.isEmpty()) |
76 return true; | 116 return true; |
77 | 117 |
78 if (!resource.isEligibleForIntegrityCheck(document.securityOrigin())) { | 118 if (!resource.isEligibleForIntegrityCheck(document.securityOrigin())) { |
79 logErrorToConsole("Subresource Integrity: The resource '" + resourceUrl. elidedString() + "' has an integrity attribute, but the resource requires CORS t o be enabled to check the integrity, and it is not. The resource has been blocke d.", document); | 119 logErrorToConsole("Subresource Integrity: The resource '" + resourceUrl. elidedString() + "' has an integrity attribute, but the resource requires CORS t o be enabled to check the integrity, and it is not. The resource has been blocke d.", document); |
80 return false; | 120 return false; |
81 } | 121 } |
82 | 122 |
83 WTF::Vector<IntegrityMetadata> metadataList; | 123 WTF::Vector<IntegrityMetadata> metadataList; |
84 IntegrityParseResult integrityParseResult = parseIntegrityAttribute(attribut e, metadataList, document); | 124 IntegrityParseResult integrityParseResult = parseIntegrityAttribute(attribut e, metadataList, document); |
85 if (integrityParseResult != IntegrityParseValidResult) | 125 if (integrityParseResult != IntegrityParseValidResult) |
86 return false; | 126 return false; |
87 | 127 |
88 StringUTF8Adaptor normalizedSource(source, StringUTF8Adaptor::Normalize, WTF ::EntitiesForUnencodables); | 128 StringUTF8Adaptor normalizedSource(source, StringUTF8Adaptor::Normalize, WTF ::EntitiesForUnencodables); |
89 | 129 |
90 if (!metadataList.size()) | 130 if (!metadataList.size()) |
91 return true; | 131 return true; |
92 | 132 |
133 HashAlgorithm strongestAlgorithm = HashAlgorithmSha256; | |
134 for (IntegrityMetadata& metadata : metadataList) { | |
Mike West
2015/06/03 09:13:33
Nit: `const IntegrityMetadata&`
jww
2015/06/03 19:26:56
Done.
| |
135 if (FirstAlgorithmIsStronger == getPrioritizedHashFunction(metadata.algo rithm, strongestAlgorithm)) | |
136 strongestAlgorithm = metadata.algorithm; | |
Mike West
2015/06/03 09:13:33
If you just return the strongest algorithm, you ca
jww
2015/06/03 19:26:56
Done.
| |
137 } | |
138 | |
93 DigestValue digest; | 139 DigestValue digest; |
94 for (IntegrityMetadata& metadata : metadataList) { | 140 for (IntegrityMetadata& metadata : metadataList) { |
141 PrioritizationResult result = getPrioritizedHashFunction(metadata.algori thm, strongestAlgorithm); | |
142 if (result != SameStrength) | |
Mike West
2015/06/03 09:13:33
Nit: It seems like this could be simplified to `if
jww
2015/06/03 19:26:56
Long term, that's not strictly true because in the
| |
143 continue; | |
144 | |
95 digest.clear(); | 145 digest.clear(); |
96 bool digestSuccess = computeDigest(metadata.algorithm, normalizedSource. data(), normalizedSource.length(), digest); | 146 bool digestSuccess = computeDigest(metadata.algorithm, normalizedSource. data(), normalizedSource.length(), digest); |
97 | 147 |
98 if (digestSuccess) { | 148 if (digestSuccess) { |
99 Vector<char> hashVector; | 149 Vector<char> hashVector; |
100 base64Decode(metadata.digest, hashVector); | 150 base64Decode(metadata.digest, hashVector); |
101 DigestValue convertedHashVector; | 151 DigestValue convertedHashVector; |
102 convertedHashVector.append(reinterpret_cast<uint8_t*>(hashVector.dat a()), hashVector.size()); | 152 convertedHashVector.append(reinterpret_cast<uint8_t*>(hashVector.dat a()), hashVector.size()); |
103 | 153 |
104 if (DigestsEqual(digest, convertedHashVector)) { | 154 if (DigestsEqual(digest, convertedHashVector)) { |
(...skipping 168 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
273 metadataList.append(integrityMetadata); | 323 metadataList.append(integrityMetadata); |
274 } | 324 } |
275 | 325 |
276 if (metadataList.size() == 0 && error) | 326 if (metadataList.size() == 0 && error) |
277 return IntegrityParseNoValidResult; | 327 return IntegrityParseNoValidResult; |
278 | 328 |
279 return IntegrityParseValidResult; | 329 return IntegrityParseValidResult; |
280 } | 330 } |
281 | 331 |
282 } // namespace blink | 332 } // namespace blink |
OLD | NEW |