Bug 1768194 - Specify the origin trials production key. r=smaug

Differential Revision: https://phabricator.services.mozilla.com/D145726
This commit is contained in:
Emilio Cobos Álvarez 2022-05-17 22:41:51 +00:00
Родитель e1e439a7b1
Коммит d4a47c1121
1 изменённых файлов: 34 добавлений и 6 удалений

Просмотреть файл

@ -27,11 +27,39 @@ namespace mozilla {
LazyLogModule sOriginTrialsLog("OriginTrials"); LazyLogModule sOriginTrialsLog("OriginTrials");
#define LOG(...) MOZ_LOG(sOriginTrialsLog, LogLevel::Debug, (__VA_ARGS__)) #define LOG(...) MOZ_LOG(sOriginTrialsLog, LogLevel::Debug, (__VA_ARGS__))
// This is the EcdsaP256 public key from the production key managed in Google
// Cloud. See:
//
// https://github.com/emilio/origin-trial-token/blob/main/tools/README.md#get-the-public-key
//
// for how to get the public key. Once you've obtained the public key, this
// variable is generated with:
//
// $ dump /path/to/public/key --c
//
// See also:
//
// https://github.com/emilio/origin-trial-token/blob/main/tools/README.md#sign-a-token-using-gcloud
//
// for how to sign using this key.
static const unsigned char kProductionKey[65] = {
0x4, 0x51, 0xbe, 0xd3, 0xe, 0xf1, 0x32, 0xb8, 0xb5, 0xe7, 0xb5,
0xde, 0x12, 0xd0, 0x44, 0x60, 0xbf, 0x96, 0x16, 0x2c, 0x28, 0x8e,
0xd5, 0x54, 0x8, 0xf6, 0x2, 0x78, 0x9e, 0xf5, 0x45, 0xfe, 0x60,
0xfc, 0x3a, 0x61, 0x48, 0xe9, 0x2e, 0x36, 0x6c, 0xa9, 0xb3, 0xb2,
0xa, 0xb4, 0x45, 0x5c, 0x4, 0x1c, 0x95, 0x0, 0x16, 0x96, 0x96,
0x6a, 0x58, 0x60, 0x26, 0x67, 0xe8, 0xdd, 0x3f, 0x6b, 0x4f,
};
// This is the EcdsaP256 public key from this key pair: // This is the EcdsaP256 public key from this key pair:
// //
// * https://github.com/emilio/origin-trial-token/blob/64f03749e2e8c58f811f67044cecc7d6955fd51a/tools/test-keys/test-ecdsa.pkcs8 // * https://github.com/emilio/origin-trial-token/blob/64f03749e2e8c58f811f67044cecc7d6955fd51a/tools/test-keys/test-ecdsa.pkcs8
// * https://github.com/emilio/origin-trial-token/blob/64f03749e2e8c58f811f67044cecc7d6955fd51a/tools/test-keys/test-ecdsa.pub // * https://github.com/emilio/origin-trial-token/blob/64f03749e2e8c58f811f67044cecc7d6955fd51a/tools/test-keys/test-ecdsa.pub
// //
// This is generated with:
//
// $ dump test-keys/test-ecdsa.pub --c
//
// See that repo for tools for key and token generation and signing. // See that repo for tools for key and token generation and signing.
static const unsigned char kTestKey[65] = { static const unsigned char kTestKey[65] = {
0x4, 0x4a, 0xae, 0x76, 0x64, 0x24, 0xa0, 0x55, 0xc4, 0x66, 0xe, 0x4, 0x4a, 0xae, 0x76, 0x64, 0x24, 0xa0, 0x55, 0xc4, 0x66, 0xe,
@ -51,13 +79,13 @@ bool VerifySignature(const uint8_t* aSignature, uintptr_t aSignatureLen,
MOZ_RELEASE_ASSERT(aSignatureLen == 64); MOZ_RELEASE_ASSERT(aSignatureLen == 64);
LOG("VerifySignature()\n"); LOG("VerifySignature()\n");
if (!StaticPrefs::dom_origin_trials_test_key_enabled()) { const unsigned char* key = StaticPrefs::dom_origin_trials_test_key_enabled()
// TODO(emilio): Implement. ? kTestKey
return false; : kProductionKey;
}
const SECItem rawKey{siBuffer, const_cast<unsigned char*>(kTestKey), static_assert(sizeof(kTestKey) == sizeof(kProductionKey));
sizeof(kTestKey)}; const SECItem rawKey{siBuffer, const_cast<unsigned char*>(key),
sizeof(kProductionKey)};
MOZ_RELEASE_ASSERT(rawKey.data[0] == EC_POINT_FORM_UNCOMPRESSED); MOZ_RELEASE_ASSERT(rawKey.data[0] == EC_POINT_FORM_UNCOMPRESSED);
UniqueSECKEYPublicKey pubKey = dom::CreateECPublicKey(&rawKey, kEcAlgorithm); UniqueSECKEYPublicKey pubKey = dom::CreateECPublicKey(&rawKey, kEcAlgorithm);
if (NS_WARN_IF(!pubKey)) { if (NS_WARN_IF(!pubKey)) {