Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(291)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/frame/SubresourceIntegrity.cpp

Issue 1156413005: Implement hash function prioritization for SRI. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Rebase on ToT Created 5 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « Source/core/frame/SubresourceIntegrity.h ('k') | Source/core/frame/SubresourceIntegrityTest.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "config.h" 5 #include "config.h"
6 #include "core/frame/SubresourceIntegrity.h" 6 #include "core/frame/SubresourceIntegrity.h"
7 7
8 #include "core/HTMLNames.h" 8 #include "core/HTMLNames.h"
9 #include "core/dom/Document.h" 9 #include "core/dom/Document.h"
10 #include "core/dom/Element.h" 10 #include "core/dom/Element.h"
11 #include "core/fetch/Resource.h" 11 #include "core/fetch/Resource.h"
12 #include "core/frame/ConsoleTypes.h" 12 #include "core/frame/ConsoleTypes.h"
13 #include "core/frame/UseCounter.h" 13 #include "core/frame/UseCounter.h"
14 #include "core/inspector/ConsoleMessage.h" 14 #include "core/inspector/ConsoleMessage.h"
15 #include "platform/Crypto.h" 15 #include "platform/Crypto.h"
16 #include "platform/ParsingUtilities.h" 16 #include "platform/ParsingUtilities.h"
17 #include "platform/RuntimeEnabledFeatures.h" 17 #include "platform/RuntimeEnabledFeatures.h"
18 #include "platform/weborigin/KURL.h" 18 #include "platform/weborigin/KURL.h"
19 #include "platform/weborigin/SecurityOrigin.h" 19 #include "platform/weborigin/SecurityOrigin.h"
20 #include "public/platform/WebCrypto.h" 20 #include "public/platform/WebCrypto.h"
21 #include "public/platform/WebCryptoAlgorithm.h" 21 #include "public/platform/WebCryptoAlgorithm.h"
22 #include "wtf/ASCIICType.h" 22 #include "wtf/ASCIICType.h"
23 #include "wtf/Vector.h" 23 #include "wtf/Vector.h"
24 #include "wtf/dtoa/utils.h"
24 #include "wtf/text/Base64.h" 25 #include "wtf/text/Base64.h"
25 #include "wtf/text/StringUTF8Adaptor.h" 26 #include "wtf/text/StringUTF8Adaptor.h"
26 #include "wtf/text/WTFString.h" 27 #include "wtf/text/WTFString.h"
27 28
28 namespace blink { 29 namespace blink {
29 30
30 // FIXME: This should probably use common functions with ContentSecurityPolicy. 31 // FIXME: This should probably use common functions with ContentSecurityPolicy.
31 static bool isIntegrityCharacter(UChar c) 32 static bool isIntegrityCharacter(UChar c)
32 { 33 {
33 // Check if it's a base64 encoded value. We're pretty loose here, as there's 34 // Check if it's a base64 encoded value. We're pretty loose here, as there's
(...skipping 24 matching lines...) Expand all
58 59
59 return true; 60 return true;
60 } 61 }
61 62
62 static String digestToString(const DigestValue& digest) 63 static String digestToString(const DigestValue& digest)
63 { 64 {
64 // We always output base64url encoded data, even though we use base64 intern ally. 65 // We always output base64url encoded data, even though we use base64 intern ally.
65 return base64URLEncode(reinterpret_cast<const char*>(digest.data()), digest. size(), Base64DoNotInsertLFs); 66 return base64URLEncode(reinterpret_cast<const char*>(digest.data()), digest. size(), Base64DoNotInsertLFs);
66 } 67 }
67 68
69
70 HashAlgorithm SubresourceIntegrity::getPrioritizedHashFunction(HashAlgorithm alg orithm1, HashAlgorithm algorithm2)
71 {
72 const HashAlgorithm weakerThanSha384[] = { HashAlgorithmSha256 };
73 const HashAlgorithm weakerThanSha512[] = { HashAlgorithmSha256, HashAlgorith mSha384 };
74
75 ASSERT(algorithm1 != HashAlgorithmSha1);
76 ASSERT(algorithm2 != HashAlgorithmSha1);
77
78 if (algorithm1 == algorithm2)
79 return algorithm1;
80
81 const HashAlgorithm* weakerAlgorithms = 0;
82 size_t length = 0;
83 switch (algorithm1) {
84 case HashAlgorithmSha256:
85 break;
86 case HashAlgorithmSha384:
87 weakerAlgorithms = weakerThanSha384;
88 length = ARRAY_SIZE(weakerThanSha384);
89 break;
90 case HashAlgorithmSha512:
91 weakerAlgorithms = weakerThanSha512;
92 length = ARRAY_SIZE(weakerThanSha512);
93 break;
94 default:
95 ASSERT_NOT_REACHED();
96 };
97
98 for (size_t i = 0; i < length; i++) {
99 if (weakerAlgorithms[i] == algorithm2)
100 return algorithm1;
101 }
102
103 return algorithm2;
104 }
105
68 bool SubresourceIntegrity::CheckSubresourceIntegrity(const Element& element, con st String& source, const KURL& resourceUrl, const Resource& resource) 106 bool SubresourceIntegrity::CheckSubresourceIntegrity(const Element& element, con st String& source, const KURL& resourceUrl, const Resource& resource)
69 { 107 {
70 if (!RuntimeEnabledFeatures::subresourceIntegrityEnabled()) 108 if (!RuntimeEnabledFeatures::subresourceIntegrityEnabled())
71 return true; 109 return true;
72 110
73 Document& document = element.document(); 111 Document& document = element.document();
74 String attribute = element.fastGetAttribute(HTMLNames::integrityAttr); 112 String attribute = element.fastGetAttribute(HTMLNames::integrityAttr);
75 if (attribute.isEmpty()) 113 if (attribute.isEmpty())
76 return true; 114 return true;
77 115
78 if (!resource.isEligibleForIntegrityCheck(document.securityOrigin())) { 116 if (!resource.isEligibleForIntegrityCheck(document.securityOrigin())) {
79 logErrorToConsole("Subresource Integrity: The resource '" + resourceUrl. elidedString() + "' has an integrity attribute, but the resource requires CORS t o be enabled to check the integrity, and it is not. The resource has been blocke d.", document); 117 logErrorToConsole("Subresource Integrity: The resource '" + resourceUrl. elidedString() + "' has an integrity attribute, but the resource requires CORS t o be enabled to check the integrity, and it is not. The resource has been blocke d.", document);
80 return false; 118 return false;
81 } 119 }
82 120
83 WTF::Vector<IntegrityMetadata> metadataList; 121 WTF::Vector<IntegrityMetadata> metadataList;
84 IntegrityParseResult integrityParseResult = parseIntegrityAttribute(attribut e, metadataList, document); 122 IntegrityParseResult integrityParseResult = parseIntegrityAttribute(attribut e, metadataList, document);
85 if (integrityParseResult != IntegrityParseValidResult) 123 if (integrityParseResult != IntegrityParseValidResult)
86 return false; 124 return false;
87 125
88 StringUTF8Adaptor normalizedSource(source, StringUTF8Adaptor::Normalize, WTF ::EntitiesForUnencodables); 126 StringUTF8Adaptor normalizedSource(source, StringUTF8Adaptor::Normalize, WTF ::EntitiesForUnencodables);
89 127
90 if (!metadataList.size()) 128 if (!metadataList.size())
91 return true; 129 return true;
92 130
131 HashAlgorithm strongestAlgorithm = HashAlgorithmSha256;
132 for (const IntegrityMetadata& metadata : metadataList)
133 strongestAlgorithm = getPrioritizedHashFunction(metadata.algorithm, stro ngestAlgorithm);
134
93 DigestValue digest; 135 DigestValue digest;
94 for (IntegrityMetadata& metadata : metadataList) { 136 for (const IntegrityMetadata& metadata : metadataList) {
137 if (metadata.algorithm != strongestAlgorithm)
138 continue;
139
95 digest.clear(); 140 digest.clear();
96 bool digestSuccess = computeDigest(metadata.algorithm, normalizedSource. data(), normalizedSource.length(), digest); 141 bool digestSuccess = computeDigest(metadata.algorithm, normalizedSource. data(), normalizedSource.length(), digest);
97 142
98 if (digestSuccess) { 143 if (digestSuccess) {
99 Vector<char> hashVector; 144 Vector<char> hashVector;
100 base64Decode(metadata.digest, hashVector); 145 base64Decode(metadata.digest, hashVector);
101 DigestValue convertedHashVector; 146 DigestValue convertedHashVector;
102 convertedHashVector.append(reinterpret_cast<uint8_t*>(hashVector.dat a()), hashVector.size()); 147 convertedHashVector.append(reinterpret_cast<uint8_t*>(hashVector.dat a()), hashVector.size());
103 148
104 if (DigestsEqual(digest, convertedHashVector)) { 149 if (DigestsEqual(digest, convertedHashVector)) {
(...skipping 169 matching lines...) Expand 10 before | Expand all | Expand 10 after
274 metadataList.append(integrityMetadata); 319 metadataList.append(integrityMetadata);
275 } 320 }
276 321
277 if (metadataList.size() == 0 && error) 322 if (metadataList.size() == 0 && error)
278 return IntegrityParseNoValidResult; 323 return IntegrityParseNoValidResult;
279 324
280 return IntegrityParseValidResult; 325 return IntegrityParseValidResult;
281 } 326 }
282 327
283 } // namespace blink 328 } // namespace blink
OLDNEW
« no previous file with comments | « Source/core/frame/SubresourceIntegrity.h ('k') | Source/core/frame/SubresourceIntegrityTest.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698