1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
// Copyright 2014 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef THIRD_PARTY_BLINK_RENDERER_PLATFORM_LOADER_SUBRESOURCE_INTEGRITY_H_
#define THIRD_PARTY_BLINK_RENDERER_PLATFORM_LOADER_SUBRESOURCE_INTEGRITY_H_
#include <string_view>
#include "base/gtest_prod_util.h"
#include "base/types/expected.h"
#include "services/network/public/mojom/fetch_api.mojom-blink.h"
#include "services/network/public/mojom/integrity_algorithm.mojom-blink.h"
#include "third_party/blink/renderer/platform/crypto.h"
#include "third_party/blink/renderer/platform/loader/fetch/integrity_metadata.h"
#include "third_party/blink/renderer/platform/platform_export.h"
#include "third_party/blink/renderer/platform/wtf/allocator/allocator.h"
#include "third_party/blink/renderer/platform/wtf/text/wtf_string.h"
#include "third_party/blink/renderer/platform/wtf/vector.h"
namespace blink {
class FeatureContext;
class IntegrityReport;
class KURL;
class Resource;
using network::mojom::blink::FetchResponseType;
class PLATFORM_EXPORT SubresourceIntegrity final {
STATIC_ONLY(SubresourceIntegrity);
public:
// Check the integrity of a given |buffer|'s content against the metadata in
// the `IntegrityMetadataSet` provided.
//
// Either a `Resource` or `FetchResponseType` will be used to validate the
// response's eligibility for client-initiated integrity checks. Ineligible
// resources will fail the check.
//
// Note: If a resource's body is empty, then these methods are called with a
// null `buffer`.
static bool CheckSubresourceIntegrity(
const IntegrityMetadataSet&,
const SegmentedBuffer* buffer,
const KURL& resource_url,
const Resource&,
const FeatureContext*,
IntegrityReport&,
HashMap<HashAlgorithm, String>* computed_hashes);
static bool CheckSubresourceIntegrity(const IntegrityMetadataSet&,
const SegmentedBuffer* buffer,
const KURL& resource_url,
const FetchResponseType,
const String& raw_headers,
const FeatureContext*,
IntegrityReport&);
static String GetSubresourceIntegrityHash(const SegmentedBuffer*,
HashAlgorithm);
static HashAlgorithm IntegrityAlgorithmToHashAlgorithm(IntegrityAlgorithm);
// The IntegrityMetadataSet argument is an out parameters which contains the
// set of all valid, parsed metadata from |attribute|.
static void ParseIntegrityAttribute(const WTF::String& attribute,
IntegrityMetadataSet&,
const FeatureContext*);
static void ParseIntegrityAttribute(const WTF::String& attribute,
IntegrityMetadataSet&,
const FeatureContext*,
IntegrityReport*);
// Returns true if the element's `integrity` and `signature` attributes
// produce a verifiable signature for the element's content.
//
// https://mikewest.github.io/inline-integrity/
static bool VerifyInlineIntegrity(const String& integrity,
const String& signatures,
const String& source_code,
const FeatureContext*);
private:
friend class SubresourceIntegrityTest;
FRIEND_TEST_ALL_PREFIXES(SubresourceIntegrityTest, Parsing);
FRIEND_TEST_ALL_PREFIXES(SubresourceIntegrityTest, ParseAlgorithm);
FRIEND_TEST_ALL_PREFIXES(SubresourceIntegrityTest, ParseSignatureAlgorithm);
FRIEND_TEST_ALL_PREFIXES(SubresourceIntegrityTest,
AlgorithmEnumPrioritization);
FRIEND_TEST_ALL_PREFIXES(SubresourceIntegrityTest, FindBestAlgorithm);
FRIEND_TEST_ALL_PREFIXES(SubresourceIntegritySignatureTest,
ParseSignatureAlgorithm);
// The core implementation for all CheckSubresourceIntegrity functions.
static bool CheckSubresourceIntegrityImpl(
const IntegrityMetadataSet&,
const SegmentedBuffer* buffer,
const KURL& resource_url,
const String& raw_headers,
const FeatureContext*,
IntegrityReport&,
HashMap<HashAlgorithm, String>* computed_hashes);
// Handles hash validation during SRI checks.
static bool CheckHashesImpl(const WTF::Vector<IntegrityMetadata>&,
const SegmentedBuffer*,
const KURL&,
const FeatureContext*,
IntegrityReport&,
HashMap<HashAlgorithm, String>* computed_hashes);
// Handles signature-based matching during SRI checks
static bool CheckSignaturesImpl(const WTF::Vector<IntegrityMetadata>&,
const KURL& resource_url,
const String& raw_headers,
IntegrityReport&);
enum AlgorithmParseError { kAlgorithmUnparsable, kAlgorithmUnknown };
using AlgorithmParseResult = base::expected<size_t, AlgorithmParseError>;
static IntegrityAlgorithm FindBestAlgorithm(
const WTF::Vector<IntegrityMetadata>&);
static bool CheckSubresourceIntegrityDigest(const IntegrityMetadata&,
const SegmentedBuffer* buffer);
static AlgorithmParseResult ParseAttributeAlgorithm(std::string_view token,
const FeatureContext*,
IntegrityAlgorithm&);
typedef std::pair<const char*, IntegrityAlgorithm> AlgorithmPrefixPair;
static bool ParseDigest(std::string_view maybe_digest, String& digest);
};
} // namespace blink
#endif // THIRD_PARTY_BLINK_RENDERER_PLATFORM_LOADER_SUBRESOURCE_INTEGRITY_H_
|
