gecko-dev/dom/security/SRICheck.h

120 lines
4.5 KiB
C++

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef mozilla_dom_SRICheck_h
#define mozilla_dom_SRICheck_h
#include "nsCOMPtr.h"
#include "nsICryptoHash.h"
class nsIChannel;
class nsIUnicharStreamLoader;
class nsIConsoleReportCollector;
namespace mozilla {
namespace dom {
class SRIMetadata;
class SRICheck final
{
public:
static const uint32_t MAX_METADATA_LENGTH = 24*1024;
static const uint32_t MAX_METADATA_TOKENS = 512;
/**
* Parse the multiple hashes specified in the integrity attribute and
* return the strongest supported hash.
*/
static nsresult IntegrityMetadata(const nsAString& aMetadataList,
const nsACString& aSourceFileURI,
nsIConsoleReportCollector* aReporter,
SRIMetadata* outMetadata);
/**
* Process the integrity attribute of the element. A result of false
* must prevent the resource from loading.
*/
static nsresult VerifyIntegrity(const SRIMetadata& aMetadata,
nsIUnicharStreamLoader* aLoader,
const nsAString& aString,
const nsACString& aSourceFileURI,
nsIConsoleReportCollector* aReporter);
};
// The SRICheckDataVerifier can be used in 2 different mode:
//
// 1. The streaming mode involves reading bytes from an input, and to use
// the |Update| function to stream new bytes, and to use the |Verify|
// function to check the hash of the content with the hash provided by
// the metadata.
//
// Optionally, one can serialize the verified hash with |ExportDataSummary|,
// in a buffer in order to rely on the second mode the next time.
//
// 2. The pre-computed mode, involves reading a hash with |ImportDataSummary|,
// which got exported by the SRICheckDataVerifier and potentially cached, and
// then use the |Verify| function to check against the hash provided by the
// metadata.
class SRICheckDataVerifier final
{
public:
SRICheckDataVerifier(const SRIMetadata& aMetadata,
const nsACString& aSourceFileURI,
nsIConsoleReportCollector* aReporter);
// Append the following bytes to the content used to compute the hash. Once
// all bytes are streamed, use the Verify function to check the integrity.
nsresult Update(uint32_t aStringLen, const uint8_t* aString);
// Verify that the computed hash corresponds to the metadata.
nsresult Verify(const SRIMetadata& aMetadata, nsIChannel* aChannel,
const nsACString& aSourceFileURI,
nsIConsoleReportCollector* aReporter);
bool IsComplete() const {
return mComplete;
}
// Report the length of the computed hash and its type, such that we can
// reserve the space for encoding it in a vector.
uint32_t DataSummaryLength();
static uint32_t EmptyDataSummaryLength();
// Write the computed hash and its type in a pre-allocated buffer.
nsresult ExportDataSummary(uint32_t aDataLen, uint8_t* aData);
static nsresult ExportEmptyDataSummary(uint32_t aDataLen, uint8_t* aData);
// Report the length of the computed hash and its type, such that we can
// skip these data while reading a buffer.
static nsresult DataSummaryLength(uint32_t aDataLen, const uint8_t* aData, uint32_t* length);
// Extract the computed hash and its type, such that we can |Verify| if it
// matches the metadata. The buffer should be at least the same size or
// larger than the value returned by |DataSummaryLength|.
nsresult ImportDataSummary(uint32_t aDataLen, const uint8_t* aData);
private:
nsCOMPtr<nsICryptoHash> mCryptoHash;
nsAutoCString mComputedHash;
size_t mBytesHashed;
uint32_t mHashLength;
int8_t mHashType;
bool mInvalidMetadata;
bool mComplete;
nsresult EnsureCryptoHash();
nsresult Finish();
nsresult VerifyHash(const SRIMetadata& aMetadata, uint32_t aHashIndex,
const nsACString& aSourceFileURI,
nsIConsoleReportCollector* aReporter);
};
} // namespace dom
} // namespace mozilla
#endif // mozilla_dom_SRICheck_h