tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

SRICheck.h (4235B)

      1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
      2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
      3 /* This Source Code Form is subject to the terms of the Mozilla Public
      4 * License, v. 2.0. If a copy of the MPL was not distributed with this
      5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      6 
      7 #ifndef mozilla_dom_SRICheck_h
      8 #define mozilla_dom_SRICheck_h
      9 
     10 #include "mozilla/LoadTainting.h"
     11 #include "nsCOMPtr.h"
     12 #include "nsICryptoHash.h"
     13 #include "nsStringFwd.h"
     14 #include "nsTString.h"
     15 
     16 class nsIChannel;
     17 class nsIConsoleReportCollector;
     18 
     19 namespace mozilla::dom {
     20 
     21 class SRIMetadata;
     22 
     23 class SRICheck final {
     24 public:
     25  /**
     26   * Parse the multiple hashes specified in the integrity attribute and
     27   * return the strongest supported hash.
     28   */
     29  static nsresult IntegrityMetadata(const nsAString& aMetadataList,
     30                                    const nsACString& aSourceFileURI,
     31                                    nsIConsoleReportCollector* aReporter,
     32                                    SRIMetadata* outMetadata);
     33 };
     34 
     35 // The SRICheckDataVerifier can be used in 2 different mode:
     36 //
     37 // 1. The streaming mode involves reading bytes from an input, and to use
     38 //    the |Update| function to stream new bytes, and to use the |Verify|
     39 //    function to check the hash of the content with the hash provided by
     40 //    the metadata.
     41 //
     42 //    Optionally, one can serialize the verified hash with |ExportDataSummary|,
     43 //    in a buffer in order to rely on the second mode the next time.
     44 //
     45 // 2. The pre-computed mode, involves reading a hash with |ImportDataSummary|,
     46 //    which got exported by the SRICheckDataVerifier and potentially cached, and
     47 //    then use the |Verify| function to check against the hash provided by the
     48 //    metadata.
     49 class SRICheckDataVerifier final {
     50 public:
     51  SRICheckDataVerifier(const SRIMetadata& aMetadata, nsIChannel* aChannel,
     52                       nsIConsoleReportCollector* aReporter);
     53 
     54  // Append the following bytes to the content used to compute the hash. Once
     55  // all bytes are streamed, use the Verify function to check the integrity.
     56  nsresult Update(uint32_t aStringLen, const uint8_t* aString);
     57  nsresult Update(Span<const uint8_t>);
     58 
     59  // Verify that the computed hash corresponds to the metadata.
     60  nsresult Verify(const SRIMetadata& aMetadata, nsIChannel* aChannel,
     61                  LoadTainting aLoadTainting,
     62                  nsIConsoleReportCollector* aReporter);
     63 
     64  // Like Verify(), but takes the load tainting from the channel's load info
     65  // (which is main-thread only).
     66  nsresult Verify(const SRIMetadata& aMetadata, nsIChannel* aChannel,
     67                  nsIConsoleReportCollector* aReporter);
     68 
     69  bool IsComplete() const { return mComplete; }
     70  bool IsInvalid() const { return mInvalidMetadata; }
     71 
     72  // Report the length of the computed hash and its type, such that we can
     73  // reserve the space for encoding it in a vector.
     74  uint32_t DataSummaryLength();
     75  static uint32_t EmptyDataSummaryLength();
     76 
     77  // Write the computed hash and its type in a pre-allocated buffer.
     78  nsresult ExportDataSummary(uint32_t aDataLen, uint8_t* aData);
     79  static nsresult ExportEmptyDataSummary(uint32_t aDataLen, uint8_t* aData);
     80 
     81  // Report the length of the computed hash and its type, such that we can
     82  // skip these data while reading a buffer.
     83  static nsresult DataSummaryLength(uint32_t aDataLen, const uint8_t* aData,
     84                                    uint32_t* length);
     85 
     86  // Extract the computed hash and its type, such that we can |Verify| if it
     87  // matches the metadata. The buffer should be at least the same size or
     88  // larger than the value returned by |DataSummaryLength|.
     89  nsresult ImportDataSummary(uint32_t aDataLen, const uint8_t* aData);
     90 
     91 private:
     92  nsCOMPtr<nsICryptoHash> mCryptoHash;
     93  nsAutoCString mComputedHash;
     94  size_t mBytesHashed;
     95  uint32_t mHashLength;
     96  int8_t mHashType;
     97  bool mInvalidMetadata;
     98  bool mComplete;
     99 
    100  nsresult EnsureCryptoHash();
    101  nsresult Finish();
    102  nsresult VerifyHash(nsIChannel* aChannel, const SRIMetadata& aMetadata,
    103                      uint32_t aHashIndex,
    104                      nsIConsoleReportCollector* aReporter);
    105 };
    106 
    107 }  // namespace mozilla::dom
    108 
    109 #endif  // mozilla_dom_SRICheck_h