2015-08-13 06:19:11 +03:00
|
|
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
|
|
|
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
|
|
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
|
|
|
|
#include "SRICheck.h"
|
|
|
|
|
|
|
|
#include "mozilla/Base64.h"
|
2016-09-08 04:59:40 +03:00
|
|
|
#include "mozilla/LoadTainting.h"
|
2015-08-13 06:19:11 +03:00
|
|
|
#include "mozilla/Logging.h"
|
|
|
|
#include "mozilla/Preferences.h"
|
2016-05-04 03:43:33 +03:00
|
|
|
#include "mozilla/dom/SRILogHelper.h"
|
2016-09-26 15:03:25 +03:00
|
|
|
#include "mozilla/dom/SRIMetadata.h"
|
2015-08-13 06:19:11 +03:00
|
|
|
#include "nsContentUtils.h"
|
2015-08-25 23:38:39 +03:00
|
|
|
#include "nsIChannel.h"
|
2016-09-08 04:59:40 +03:00
|
|
|
#include "nsIConsoleReportCollector.h"
|
2015-08-13 06:19:11 +03:00
|
|
|
#include "nsIProtocolHandler.h"
|
|
|
|
#include "nsIScriptError.h"
|
2015-11-30 17:54:11 +03:00
|
|
|
#include "nsIIncrementalStreamLoader.h"
|
2015-08-13 06:19:11 +03:00
|
|
|
#include "nsIURI.h"
|
|
|
|
#include "nsNetUtil.h"
|
|
|
|
#include "nsWhitespaceTokenizer.h"
|
|
|
|
|
2016-10-20 12:44:33 +03:00
|
|
|
#define SRIVERBOSE(args) \
|
|
|
|
MOZ_LOG(SRILogHelper::GetSriLog(), mozilla::LogLevel::Verbose, args)
|
2016-05-04 03:43:33 +03:00
|
|
|
#define SRILOG(args) \
|
|
|
|
MOZ_LOG(SRILogHelper::GetSriLog(), mozilla::LogLevel::Debug, args)
|
|
|
|
#define SRIERROR(args) \
|
|
|
|
MOZ_LOG(SRILogHelper::GetSriLog(), mozilla::LogLevel::Error, args)
|
2015-08-13 06:19:11 +03:00
|
|
|
|
|
|
|
namespace mozilla {
|
|
|
|
namespace dom {
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Returns whether or not the sub-resource about to be loaded is eligible
|
|
|
|
* for integrity checks. If it's not, the checks will be skipped and the
|
|
|
|
* sub-resource will be loaded.
|
|
|
|
*/
|
|
|
|
static nsresult
|
2016-09-08 04:59:40 +03:00
|
|
|
IsEligible(nsIChannel* aChannel, mozilla::LoadTainting aTainting,
|
|
|
|
const nsACString& aSourceFileURI,
|
|
|
|
nsIConsoleReportCollector* aReporter)
|
2015-08-13 06:19:11 +03:00
|
|
|
{
|
2016-09-08 04:59:40 +03:00
|
|
|
NS_ENSURE_ARG_POINTER(aReporter);
|
2015-08-13 06:19:11 +03:00
|
|
|
|
2015-10-07 21:27:19 +03:00
|
|
|
if (!aChannel) {
|
|
|
|
SRILOG(("SRICheck::IsEligible, null channel"));
|
|
|
|
return NS_ERROR_SRI_NOT_ELIGIBLE;
|
|
|
|
}
|
|
|
|
|
2015-08-13 06:19:11 +03:00
|
|
|
// Was the sub-resource loaded via CORS?
|
2016-09-08 04:59:40 +03:00
|
|
|
if (aTainting == LoadTainting::CORS) {
|
2015-08-13 06:19:11 +03:00
|
|
|
SRILOG(("SRICheck::IsEligible, CORS mode"));
|
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
|
2015-08-25 23:38:39 +03:00
|
|
|
nsCOMPtr<nsIURI> finalURI;
|
|
|
|
nsresult rv = NS_GetFinalChannelURI(aChannel, getter_AddRefs(finalURI));
|
|
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
nsCOMPtr<nsIURI> originalURI;
|
|
|
|
rv = aChannel->GetOriginalURI(getter_AddRefs(originalURI));
|
|
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
nsAutoCString requestSpec;
|
|
|
|
rv = originalURI->GetSpec(requestSpec);
|
|
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
|
2016-05-04 03:43:33 +03:00
|
|
|
if (MOZ_LOG_TEST(SRILogHelper::GetSriLog(), mozilla::LogLevel::Debug)) {
|
2016-09-08 04:59:40 +03:00
|
|
|
SRILOG(("SRICheck::IsEligible, requestURI=%s; finalURI=%s",
|
|
|
|
requestSpec.get(),
|
2016-08-26 09:02:31 +03:00
|
|
|
finalURI ? finalURI->GetSpecOrDefault().get() : ""));
|
2015-08-25 23:38:39 +03:00
|
|
|
}
|
|
|
|
|
2015-08-13 06:19:11 +03:00
|
|
|
// Is the sub-resource same-origin?
|
2016-09-08 04:59:40 +03:00
|
|
|
if (aTainting == LoadTainting::Basic) {
|
2015-08-13 06:19:11 +03:00
|
|
|
SRILOG(("SRICheck::IsEligible, same-origin"));
|
|
|
|
return NS_OK;
|
|
|
|
}
|
2015-08-25 23:38:39 +03:00
|
|
|
SRILOG(("SRICheck::IsEligible, NOT same origin"));
|
2015-08-13 06:19:11 +03:00
|
|
|
|
2015-08-25 23:38:39 +03:00
|
|
|
NS_ConvertUTF8toUTF16 requestSpecUTF16(requestSpec);
|
2016-09-08 04:59:40 +03:00
|
|
|
nsTArray<nsString> params;
|
|
|
|
params.AppendElement(requestSpecUTF16);
|
|
|
|
aReporter->AddConsoleReport(nsIScriptError::errorFlag,
|
|
|
|
NS_LITERAL_CSTRING("Sub-resource Integrity"),
|
|
|
|
nsContentUtils::eSECURITY_PROPERTIES,
|
|
|
|
aSourceFileURI, 0, 0,
|
|
|
|
NS_LITERAL_CSTRING("IneligibleResource"),
|
|
|
|
const_cast<const nsTArray<nsString>&>(params));
|
2015-08-13 06:19:11 +03:00
|
|
|
return NS_ERROR_SRI_NOT_ELIGIBLE;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* static */ nsresult
|
|
|
|
SRICheck::IntegrityMetadata(const nsAString& aMetadataList,
|
2016-09-08 04:59:40 +03:00
|
|
|
const nsACString& aSourceFileURI,
|
|
|
|
nsIConsoleReportCollector* aReporter,
|
2015-08-13 06:19:11 +03:00
|
|
|
SRIMetadata* outMetadata)
|
|
|
|
{
|
|
|
|
NS_ENSURE_ARG_POINTER(outMetadata);
|
2016-09-08 04:59:40 +03:00
|
|
|
NS_ENSURE_ARG_POINTER(aReporter);
|
2015-08-13 06:19:11 +03:00
|
|
|
MOZ_ASSERT(outMetadata->IsEmpty()); // caller must pass empty metadata
|
|
|
|
|
|
|
|
if (!Preferences::GetBool("security.sri.enable", false)) {
|
|
|
|
SRILOG(("SRICheck::IntegrityMetadata, sri is disabled (pref)"));
|
|
|
|
return NS_ERROR_SRI_DISABLED;
|
|
|
|
}
|
|
|
|
|
|
|
|
// put a reasonable bound on the length of the metadata
|
2017-05-17 03:33:22 +03:00
|
|
|
NS_LossyConvertUTF16toASCII metadataList(aMetadataList);
|
2015-08-13 06:19:11 +03:00
|
|
|
if (metadataList.Length() > SRICheck::MAX_METADATA_LENGTH) {
|
|
|
|
metadataList.Truncate(SRICheck::MAX_METADATA_LENGTH);
|
|
|
|
}
|
2017-05-17 03:33:22 +03:00
|
|
|
SRILOG(("SRICheck::IntegrityMetadata, metadataList=%s", metadataList.get()));
|
2015-08-13 06:19:11 +03:00
|
|
|
MOZ_ASSERT(metadataList.Length() <= aMetadataList.Length());
|
|
|
|
|
|
|
|
// the integrity attribute is a list of whitespace-separated hashes
|
|
|
|
// and options so we need to look at them one by one and pick the
|
|
|
|
// strongest (valid) one
|
|
|
|
nsCWhitespaceTokenizer tokenizer(metadataList);
|
|
|
|
nsAutoCString token;
|
|
|
|
for (uint32_t i=0; tokenizer.hasMoreTokens() &&
|
|
|
|
i < SRICheck::MAX_METADATA_TOKENS; ++i) {
|
|
|
|
token = tokenizer.nextToken();
|
|
|
|
|
|
|
|
SRIMetadata metadata(token);
|
|
|
|
if (metadata.IsMalformed()) {
|
|
|
|
NS_ConvertUTF8toUTF16 tokenUTF16(token);
|
2016-09-08 04:59:40 +03:00
|
|
|
nsTArray<nsString> params;
|
|
|
|
params.AppendElement(tokenUTF16);
|
|
|
|
aReporter->AddConsoleReport(nsIScriptError::warningFlag,
|
|
|
|
NS_LITERAL_CSTRING("Sub-resource Integrity"),
|
|
|
|
nsContentUtils::eSECURITY_PROPERTIES,
|
|
|
|
aSourceFileURI, 0, 0,
|
|
|
|
NS_LITERAL_CSTRING("MalformedIntegrityHash"),
|
|
|
|
const_cast<const nsTArray<nsString>&>(params));
|
2015-08-13 06:19:11 +03:00
|
|
|
} else if (!metadata.IsAlgorithmSupported()) {
|
|
|
|
nsAutoCString alg;
|
|
|
|
metadata.GetAlgorithm(&alg);
|
|
|
|
NS_ConvertUTF8toUTF16 algUTF16(alg);
|
2016-09-08 04:59:40 +03:00
|
|
|
nsTArray<nsString> params;
|
|
|
|
params.AppendElement(algUTF16);
|
|
|
|
aReporter->AddConsoleReport(nsIScriptError::warningFlag,
|
|
|
|
NS_LITERAL_CSTRING("Sub-resource Integrity"),
|
|
|
|
nsContentUtils::eSECURITY_PROPERTIES,
|
|
|
|
aSourceFileURI, 0, 0,
|
|
|
|
NS_LITERAL_CSTRING("UnsupportedHashAlg"),
|
|
|
|
const_cast<const nsTArray<nsString>&>(params));
|
2015-08-13 06:19:11 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
nsAutoCString alg1, alg2;
|
2016-05-04 03:43:33 +03:00
|
|
|
if (MOZ_LOG_TEST(SRILogHelper::GetSriLog(), mozilla::LogLevel::Debug)) {
|
2015-08-13 06:19:11 +03:00
|
|
|
outMetadata->GetAlgorithm(&alg1);
|
|
|
|
metadata.GetAlgorithm(&alg2);
|
|
|
|
}
|
|
|
|
if (*outMetadata == metadata) {
|
|
|
|
SRILOG(("SRICheck::IntegrityMetadata, alg '%s' is the same as '%s'",
|
|
|
|
alg1.get(), alg2.get()));
|
|
|
|
*outMetadata += metadata; // add new hash to strongest metadata
|
|
|
|
} else if (*outMetadata < metadata) {
|
|
|
|
SRILOG(("SRICheck::IntegrityMetadata, alg '%s' is weaker than '%s'",
|
|
|
|
alg1.get(), alg2.get()));
|
|
|
|
*outMetadata = metadata; // replace strongest metadata with current
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-09-07 05:30:21 +03:00
|
|
|
outMetadata->mIntegrityString = aMetadataList;
|
|
|
|
|
2016-05-04 03:43:33 +03:00
|
|
|
if (MOZ_LOG_TEST(SRILogHelper::GetSriLog(), mozilla::LogLevel::Debug)) {
|
2015-08-13 06:19:11 +03:00
|
|
|
if (outMetadata->IsValid()) {
|
|
|
|
nsAutoCString alg;
|
|
|
|
outMetadata->GetAlgorithm(&alg);
|
|
|
|
SRILOG(("SRICheck::IntegrityMetadata, using a '%s' hash", alg.get()));
|
|
|
|
} else if (outMetadata->IsEmpty()) {
|
|
|
|
SRILOG(("SRICheck::IntegrityMetadata, no metadata"));
|
|
|
|
} else {
|
|
|
|
SRILOG(("SRICheck::IntegrityMetadata, no valid metadata found"));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
|
2015-11-30 17:54:40 +03:00
|
|
|
//////////////////////////////////////////////////////////////
|
|
|
|
//
|
|
|
|
//////////////////////////////////////////////////////////////
|
|
|
|
SRICheckDataVerifier::SRICheckDataVerifier(const SRIMetadata& aMetadata,
|
2016-09-08 04:59:40 +03:00
|
|
|
const nsACString& aSourceFileURI,
|
|
|
|
nsIConsoleReportCollector* aReporter)
|
2018-06-13 23:47:53 +03:00
|
|
|
: mCryptoHash(nullptr)
|
|
|
|
, mBytesHashed(0)
|
|
|
|
, mHashLength(0)
|
|
|
|
, mHashType('\0')
|
|
|
|
, mInvalidMetadata(false)
|
|
|
|
, mComplete(false)
|
2015-11-30 17:54:40 +03:00
|
|
|
{
|
|
|
|
MOZ_ASSERT(!aMetadata.IsEmpty()); // should be checked by caller
|
|
|
|
|
|
|
|
// IntegrityMetadata() checks this and returns "no metadata" if
|
|
|
|
// it's disabled so we should never make it this far
|
|
|
|
MOZ_ASSERT(Preferences::GetBool("security.sri.enable", false));
|
2016-09-08 04:59:40 +03:00
|
|
|
MOZ_ASSERT(aReporter);
|
2015-11-30 17:54:40 +03:00
|
|
|
|
|
|
|
if (!aMetadata.IsValid()) {
|
2016-09-08 04:59:40 +03:00
|
|
|
nsTArray<nsString> params;
|
|
|
|
aReporter->AddConsoleReport(nsIScriptError::warningFlag,
|
|
|
|
NS_LITERAL_CSTRING("Sub-resource Integrity"),
|
|
|
|
nsContentUtils::eSECURITY_PROPERTIES,
|
|
|
|
aSourceFileURI, 0, 0,
|
|
|
|
NS_LITERAL_CSTRING("NoValidMetadata"),
|
|
|
|
const_cast<const nsTArray<nsString>&>(params));
|
2015-11-30 17:54:40 +03:00
|
|
|
mInvalidMetadata = true;
|
|
|
|
return; // ignore invalid metadata for forward-compatibility
|
|
|
|
}
|
|
|
|
|
2016-10-20 12:44:33 +03:00
|
|
|
aMetadata.GetHashType(&mHashType, &mHashLength);
|
2015-11-30 17:54:40 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
nsresult
|
|
|
|
SRICheckDataVerifier::EnsureCryptoHash()
|
|
|
|
{
|
|
|
|
MOZ_ASSERT(!mInvalidMetadata);
|
|
|
|
|
|
|
|
if (mCryptoHash) {
|
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
nsresult rv;
|
|
|
|
nsCOMPtr<nsICryptoHash> cryptoHash =
|
|
|
|
do_CreateInstance("@mozilla.org/security/hash;1", &rv);
|
|
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
rv = cryptoHash->Init(mHashType);
|
|
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
|
|
|
|
mCryptoHash = cryptoHash;
|
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
nsresult
|
|
|
|
SRICheckDataVerifier::Update(uint32_t aStringLen, const uint8_t* aString)
|
|
|
|
{
|
|
|
|
NS_ENSURE_ARG_POINTER(aString);
|
|
|
|
if (mInvalidMetadata) {
|
|
|
|
return NS_OK; // ignoring any data updates, see mInvalidMetadata usage
|
|
|
|
}
|
|
|
|
|
|
|
|
nsresult rv;
|
|
|
|
rv = EnsureCryptoHash();
|
|
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
|
|
|
|
mBytesHashed += aStringLen;
|
|
|
|
|
|
|
|
return mCryptoHash->Update(aString, aStringLen);
|
|
|
|
}
|
|
|
|
|
|
|
|
nsresult
|
|
|
|
SRICheckDataVerifier::Finish()
|
|
|
|
{
|
|
|
|
if (mInvalidMetadata || mComplete) {
|
|
|
|
return NS_OK; // already finished or invalid metadata
|
|
|
|
}
|
|
|
|
|
|
|
|
nsresult rv;
|
|
|
|
rv = EnsureCryptoHash(); // we need computed hash even for 0-length data
|
|
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
|
|
|
|
rv = mCryptoHash->Finish(false, mComputedHash);
|
|
|
|
mCryptoHash = nullptr;
|
|
|
|
mComplete = true;
|
|
|
|
return rv;
|
|
|
|
}
|
|
|
|
|
|
|
|
nsresult
|
|
|
|
SRICheckDataVerifier::VerifyHash(const SRIMetadata& aMetadata,
|
|
|
|
uint32_t aHashIndex,
|
2016-09-08 04:59:40 +03:00
|
|
|
const nsACString& aSourceFileURI,
|
|
|
|
nsIConsoleReportCollector* aReporter)
|
2015-11-30 17:54:40 +03:00
|
|
|
{
|
2016-09-08 04:59:40 +03:00
|
|
|
NS_ENSURE_ARG_POINTER(aReporter);
|
2015-11-30 17:54:40 +03:00
|
|
|
|
|
|
|
nsAutoCString base64Hash;
|
|
|
|
aMetadata.GetHash(aHashIndex, &base64Hash);
|
|
|
|
SRILOG(("SRICheckDataVerifier::VerifyHash, hash[%u]=%s", aHashIndex, base64Hash.get()));
|
|
|
|
|
|
|
|
nsAutoCString binaryHash;
|
|
|
|
if (NS_WARN_IF(NS_FAILED(Base64Decode(base64Hash, binaryHash)))) {
|
2016-09-08 04:59:40 +03:00
|
|
|
nsTArray<nsString> params;
|
|
|
|
aReporter->AddConsoleReport(nsIScriptError::errorFlag,
|
|
|
|
NS_LITERAL_CSTRING("Sub-resource Integrity"),
|
|
|
|
nsContentUtils::eSECURITY_PROPERTIES,
|
|
|
|
aSourceFileURI, 0, 0,
|
|
|
|
NS_LITERAL_CSTRING("InvalidIntegrityBase64"),
|
|
|
|
const_cast<const nsTArray<nsString>&>(params));
|
2015-11-30 17:54:40 +03:00
|
|
|
return NS_ERROR_SRI_CORRUPT;
|
|
|
|
}
|
|
|
|
|
|
|
|
uint32_t hashLength;
|
|
|
|
int8_t hashType;
|
|
|
|
aMetadata.GetHashType(&hashType, &hashLength);
|
|
|
|
if (binaryHash.Length() != hashLength) {
|
2016-09-08 04:59:40 +03:00
|
|
|
nsTArray<nsString> params;
|
|
|
|
aReporter->AddConsoleReport(nsIScriptError::errorFlag,
|
|
|
|
NS_LITERAL_CSTRING("Sub-resource Integrity"),
|
|
|
|
nsContentUtils::eSECURITY_PROPERTIES,
|
|
|
|
aSourceFileURI, 0, 0,
|
|
|
|
NS_LITERAL_CSTRING("InvalidIntegrityLength"),
|
|
|
|
const_cast<const nsTArray<nsString>&>(params));
|
2015-11-30 17:54:40 +03:00
|
|
|
return NS_ERROR_SRI_CORRUPT;
|
|
|
|
}
|
|
|
|
|
2016-07-08 00:44:51 +03:00
|
|
|
if (MOZ_LOG_TEST(SRILogHelper::GetSriLog(), mozilla::LogLevel::Debug)) {
|
|
|
|
nsAutoCString encodedHash;
|
|
|
|
nsresult rv = Base64Encode(mComputedHash, encodedHash);
|
|
|
|
if (NS_SUCCEEDED(rv)) {
|
|
|
|
SRILOG(("SRICheckDataVerifier::VerifyHash, mComputedHash=%s",
|
|
|
|
encodedHash.get()));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-11-30 17:54:40 +03:00
|
|
|
if (!binaryHash.Equals(mComputedHash)) {
|
|
|
|
SRILOG(("SRICheckDataVerifier::VerifyHash, hash[%u] did not match", aHashIndex));
|
|
|
|
return NS_ERROR_SRI_CORRUPT;
|
|
|
|
}
|
|
|
|
|
|
|
|
SRILOG(("SRICheckDataVerifier::VerifyHash, hash[%u] verified successfully", aHashIndex));
|
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
nsresult
|
|
|
|
SRICheckDataVerifier::Verify(const SRIMetadata& aMetadata,
|
|
|
|
nsIChannel* aChannel,
|
2016-09-08 04:59:40 +03:00
|
|
|
const nsACString& aSourceFileURI,
|
|
|
|
nsIConsoleReportCollector* aReporter)
|
2015-11-30 17:54:40 +03:00
|
|
|
{
|
2016-09-08 04:59:40 +03:00
|
|
|
NS_ENSURE_ARG_POINTER(aReporter);
|
2015-11-30 17:54:40 +03:00
|
|
|
|
2016-05-04 03:43:33 +03:00
|
|
|
if (MOZ_LOG_TEST(SRILogHelper::GetSriLog(), mozilla::LogLevel::Debug)) {
|
2015-10-07 21:27:19 +03:00
|
|
|
nsAutoCString requestURL;
|
2015-11-30 17:54:40 +03:00
|
|
|
nsCOMPtr<nsIRequest> request;
|
|
|
|
request = do_QueryInterface(aChannel);
|
2015-10-07 21:27:19 +03:00
|
|
|
request->GetName(requestURL);
|
2017-07-26 23:03:57 +03:00
|
|
|
SRILOG(("SRICheckDataVerifier::Verify, url=%s (length=%zu)",
|
2015-11-30 17:54:40 +03:00
|
|
|
requestURL.get(), mBytesHashed));
|
|
|
|
}
|
|
|
|
|
|
|
|
nsresult rv = Finish();
|
|
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
|
2016-09-08 04:59:40 +03:00
|
|
|
nsCOMPtr<nsILoadInfo> loadInfo = aChannel->GetLoadInfo();
|
|
|
|
NS_ENSURE_TRUE(loadInfo, NS_ERROR_FAILURE);
|
|
|
|
LoadTainting tainting = loadInfo->GetTainting();
|
|
|
|
|
|
|
|
if (NS_FAILED(IsEligible(aChannel, tainting, aSourceFileURI, aReporter))) {
|
2015-11-30 17:54:40 +03:00
|
|
|
return NS_ERROR_SRI_NOT_ELIGIBLE;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (mInvalidMetadata) {
|
|
|
|
return NS_OK; // ignore invalid metadata for forward-compatibility
|
|
|
|
}
|
|
|
|
|
|
|
|
for (uint32_t i = 0; i < aMetadata.HashCount(); i++) {
|
2016-09-08 04:59:40 +03:00
|
|
|
if (NS_SUCCEEDED(VerifyHash(aMetadata, i, aSourceFileURI, aReporter))) {
|
2015-11-30 17:54:40 +03:00
|
|
|
return NS_OK; // stop at the first valid hash
|
|
|
|
}
|
2015-10-07 21:27:19 +03:00
|
|
|
}
|
|
|
|
|
2015-11-30 17:54:40 +03:00
|
|
|
nsAutoCString alg;
|
|
|
|
aMetadata.GetAlgorithm(&alg);
|
|
|
|
NS_ConvertUTF8toUTF16 algUTF16(alg);
|
2016-09-08 04:59:40 +03:00
|
|
|
nsTArray<nsString> params;
|
|
|
|
params.AppendElement(algUTF16);
|
|
|
|
aReporter->AddConsoleReport(nsIScriptError::errorFlag,
|
|
|
|
NS_LITERAL_CSTRING("Sub-resource Integrity"),
|
|
|
|
nsContentUtils::eSECURITY_PROPERTIES,
|
|
|
|
aSourceFileURI, 0, 0,
|
|
|
|
NS_LITERAL_CSTRING("IntegrityMismatch"),
|
|
|
|
const_cast<const nsTArray<nsString>&>(params));
|
2015-11-30 17:54:40 +03:00
|
|
|
return NS_ERROR_SRI_CORRUPT;
|
2015-10-07 21:27:19 +03:00
|
|
|
}
|
|
|
|
|
2016-10-20 12:44:33 +03:00
|
|
|
uint32_t
|
|
|
|
SRICheckDataVerifier::DataSummaryLength()
|
|
|
|
{
|
|
|
|
MOZ_ASSERT(!mInvalidMetadata);
|
|
|
|
return sizeof(mHashType) + sizeof(mHashLength) + mHashLength;
|
|
|
|
}
|
|
|
|
|
|
|
|
uint32_t
|
|
|
|
SRICheckDataVerifier::EmptyDataSummaryLength()
|
|
|
|
{
|
|
|
|
return sizeof(int8_t) + sizeof(uint32_t);
|
|
|
|
}
|
|
|
|
|
|
|
|
nsresult
|
|
|
|
SRICheckDataVerifier::DataSummaryLength(uint32_t aDataLen, const uint8_t* aData, uint32_t* length)
|
|
|
|
{
|
|
|
|
*length = 0;
|
|
|
|
NS_ENSURE_ARG_POINTER(aData);
|
|
|
|
|
|
|
|
// we expect to always encode an SRI, even if it is empty or incomplete
|
|
|
|
if (aDataLen < EmptyDataSummaryLength()) {
|
|
|
|
SRILOG(("SRICheckDataVerifier::DataSummaryLength, encoded length[%u] is too small", aDataLen));
|
|
|
|
return NS_ERROR_SRI_IMPORT;
|
|
|
|
}
|
|
|
|
|
|
|
|
// decode the content of the buffer
|
|
|
|
size_t offset = sizeof(mHashType);
|
2017-10-03 17:00:00 +03:00
|
|
|
decltype(mHashLength) len = 0;
|
|
|
|
memcpy(&len, &aData[offset], sizeof(mHashLength));
|
2016-10-20 12:44:33 +03:00
|
|
|
offset += sizeof(mHashLength);
|
|
|
|
|
|
|
|
SRIVERBOSE(("SRICheckDataVerifier::DataSummaryLength, header {%x, %x, %x, %x, %x, ...}",
|
|
|
|
aData[0], aData[1], aData[2], aData[3], aData[4]));
|
|
|
|
|
|
|
|
if (offset + len > aDataLen) {
|
|
|
|
SRILOG(("SRICheckDataVerifier::DataSummaryLength, encoded length[%u] overflow the buffer size", aDataLen));
|
|
|
|
SRIVERBOSE(("SRICheckDataVerifier::DataSummaryLength, offset[%u], len[%u]",
|
|
|
|
uint32_t(offset), uint32_t(len)));
|
|
|
|
return NS_ERROR_SRI_IMPORT;
|
|
|
|
}
|
|
|
|
*length = uint32_t(offset + len);
|
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
nsresult
|
|
|
|
SRICheckDataVerifier::ImportDataSummary(uint32_t aDataLen, const uint8_t* aData)
|
|
|
|
{
|
|
|
|
MOZ_ASSERT(!mInvalidMetadata); // mHashType and mHashLength should be valid
|
|
|
|
MOZ_ASSERT(!mCryptoHash); // EnsureCryptoHash should not have been called
|
|
|
|
NS_ENSURE_ARG_POINTER(aData);
|
|
|
|
if (mInvalidMetadata) {
|
|
|
|
return NS_OK; // ignoring any data updates, see mInvalidMetadata usage
|
|
|
|
}
|
|
|
|
|
|
|
|
// we expect to always encode an SRI, even if it is empty or incomplete
|
|
|
|
if (aDataLen < DataSummaryLength()) {
|
|
|
|
SRILOG(("SRICheckDataVerifier::ImportDataSummary, encoded length[%u] is too small", aDataLen));
|
|
|
|
return NS_ERROR_SRI_IMPORT;
|
|
|
|
}
|
|
|
|
|
|
|
|
SRIVERBOSE(("SRICheckDataVerifier::ImportDataSummary, header {%x, %x, %x, %x, %x, ...}",
|
|
|
|
aData[0], aData[1], aData[2], aData[3], aData[4]));
|
|
|
|
|
|
|
|
// decode the content of the buffer
|
|
|
|
size_t offset = 0;
|
2017-10-03 17:00:00 +03:00
|
|
|
decltype(mHashType) hashType;
|
|
|
|
memcpy(&hashType, &aData[offset], sizeof(mHashType));
|
|
|
|
if (hashType != mHashType) {
|
2016-10-20 12:44:33 +03:00
|
|
|
SRILOG(("SRICheckDataVerifier::ImportDataSummary, hash type[%d] does not match[%d]",
|
2017-10-03 17:00:00 +03:00
|
|
|
hashType, mHashType));
|
2016-10-20 12:44:33 +03:00
|
|
|
return NS_ERROR_SRI_UNEXPECTED_HASH_TYPE;
|
|
|
|
}
|
|
|
|
offset += sizeof(mHashType);
|
|
|
|
|
2017-10-03 17:00:00 +03:00
|
|
|
decltype(mHashLength) hashLength;
|
|
|
|
memcpy(&hashLength, &aData[offset], sizeof(mHashLength));
|
|
|
|
if (hashLength != mHashLength) {
|
2016-10-20 12:44:33 +03:00
|
|
|
SRILOG(("SRICheckDataVerifier::ImportDataSummary, hash length[%d] does not match[%d]",
|
2017-10-03 17:00:00 +03:00
|
|
|
hashLength, mHashLength));
|
2016-10-20 12:44:33 +03:00
|
|
|
return NS_ERROR_SRI_UNEXPECTED_HASH_TYPE;
|
|
|
|
}
|
|
|
|
offset += sizeof(mHashLength);
|
|
|
|
|
|
|
|
// copy the hash to mComputedHash, as-if we had finished streaming the bytes
|
|
|
|
mComputedHash.Assign(reinterpret_cast<const char*>(&aData[offset]), mHashLength);
|
|
|
|
mCryptoHash = nullptr;
|
|
|
|
mComplete = true;
|
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
nsresult
|
|
|
|
SRICheckDataVerifier::ExportDataSummary(uint32_t aDataLen, uint8_t* aData)
|
|
|
|
{
|
|
|
|
MOZ_ASSERT(!mInvalidMetadata); // mHashType and mHashLength should be valid
|
|
|
|
MOZ_ASSERT(mComplete); // finished streaming
|
|
|
|
NS_ENSURE_ARG_POINTER(aData);
|
|
|
|
NS_ENSURE_TRUE(aDataLen >= DataSummaryLength(), NS_ERROR_INVALID_ARG);
|
|
|
|
|
|
|
|
// serialize the hash in the buffer
|
|
|
|
size_t offset = 0;
|
2017-10-03 17:00:00 +03:00
|
|
|
memcpy(&aData[offset], &mHashType, sizeof(mHashType));
|
2016-10-20 12:44:33 +03:00
|
|
|
offset += sizeof(mHashType);
|
2017-10-03 17:00:00 +03:00
|
|
|
memcpy(&aData[offset], &mHashLength, sizeof(mHashLength));
|
2016-10-20 12:44:33 +03:00
|
|
|
offset += sizeof(mHashLength);
|
|
|
|
|
|
|
|
SRIVERBOSE(("SRICheckDataVerifier::ExportDataSummary, header {%x, %x, %x, %x, %x, ...}",
|
|
|
|
aData[0], aData[1], aData[2], aData[3], aData[4]));
|
|
|
|
|
|
|
|
// copy the hash to mComputedHash, as-if we had finished streaming the bytes
|
|
|
|
nsCharTraits<char>::copy(reinterpret_cast<char*>(&aData[offset]),
|
|
|
|
mComputedHash.get(), mHashLength);
|
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
nsresult
|
|
|
|
SRICheckDataVerifier::ExportEmptyDataSummary(uint32_t aDataLen, uint8_t* aData)
|
|
|
|
{
|
|
|
|
NS_ENSURE_ARG_POINTER(aData);
|
|
|
|
NS_ENSURE_TRUE(aDataLen >= EmptyDataSummaryLength(), NS_ERROR_INVALID_ARG);
|
|
|
|
|
|
|
|
// serialize an unknown hash in the buffer, to be able to skip it later
|
|
|
|
size_t offset = 0;
|
2017-10-03 17:00:00 +03:00
|
|
|
memset(&aData[offset], 0, sizeof(mHashType));
|
2016-10-20 12:44:33 +03:00
|
|
|
offset += sizeof(mHashType);
|
2017-10-03 17:00:00 +03:00
|
|
|
memset(&aData[offset], 0, sizeof(mHashLength));
|
2016-10-20 12:44:33 +03:00
|
|
|
offset += sizeof(mHashLength);
|
|
|
|
|
|
|
|
SRIVERBOSE(("SRICheckDataVerifier::ExportEmptyDataSummary, header {%x, %x, %x, %x, %x, ...}",
|
|
|
|
aData[0], aData[1], aData[2], aData[3], aData[4]));
|
|
|
|
|
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
|
2015-08-13 06:19:11 +03:00
|
|
|
} // namespace dom
|
|
|
|
} // namespace mozilla
|