tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

authority.https.window.js (4199B)

      1 // META: script=helper.js
      2 
      3 // The following tests validate the behavior of the `@authority` derived
      4 // component.
      5 //
      6 // Since the authority is dependent on the runtime environment, we can't vary
      7 // the authority value freely, and these tests must sign the headers live using
      8 // the WebCrypto API. Usage of that API restricts this test to secure contexts.
      9 //
     10 // These tests are all be rooted in the following response, generated using the
     11 // steps at https://wicg.github.io/signature-based-sri/#examples, relying on
     12 // the test key from
     13 // https://www.rfc-editor.org/rfc/rfc9421.html#name-example-ed25519-test-key:
     14 //
     15 // ```
     16 // NOTE: '\' line wrapping per RFC 8792
     17 //
     18 // HTTP/1.1 200 OK
     19 // Date: Tue, 20 Apr 2021 02:07:56 GMT
     20 // Content-Type: application/json
     21 // Unencoded-Digest: sha-256=:X48E9qOokqqrvdts8nOJRJN3OWDUoyWxBf7kbu9DBPE=:
     22 // Content-Length: 18
     23 // Signature-Input: signature=("unencoded-digest";sf "@authority"); \
     24 //                  keyid="JrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs=";       \
     25 //                  tag="sri"
     26 // Signature: signature=:oVQ+s/OqXLAVdfvgZ3HaPiyzkpNXZSit9l6e1FB/gOOL3t8FOrIRDV \
     27 //                       CkcIEcJjd3MA1mROn39/WQShTmnKmlDg==:
     28 //
     29 //
     30 // {"hello": "world"}
     31 // ```
     32 
     33 const kAuthority = (new URL(window.location.href)).host;
     34 
     35 // Metadata from the response above:
     36 const kRequestsWithValidSignature = [
     37  // `unencoded-digest` then `@authority`.
     38  {
     39    body: "window.hello = `world`;",
     40    digest: "sha-256=:PZJ+9CdAAIacg7wfUe4t/RkDQJVKM0mCZ2K7qiRhHFc=:",
     41    signatureInput: `signature=("unencoded-digest";sf "@authority";req);keyid="${kValidKeys['rfc']}";tag="sri"`,
     42    signatureBase: `"unencoded-digest";sf: sha-256=:PZJ+9CdAAIacg7wfUe4t/RkDQJVKM0mCZ2K7qiRhHFc=:
     43 "@authority";req: ${kAuthority}
     44 "@signature-params": ("unencoded-digest";sf "@authority";req);keyid="JrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs=";tag="sri"`
     45  },
     46 
     47  // `@authority` then `unencoded-digest`.
     48  {
     49    body: "window.hello = `world`;",
     50    digest: "sha-256=:PZJ+9CdAAIacg7wfUe4t/RkDQJVKM0mCZ2K7qiRhHFc=:",
     51    signatureInput: `signature=("@authority";req "unencoded-digest";sf);keyid="${kValidKeys['rfc']}";tag="sri"`,
     52    signatureBase: `"@authority";req: ${kAuthority}
     53 "unencoded-digest";sf: sha-256=:PZJ+9CdAAIacg7wfUe4t/RkDQJVKM0mCZ2K7qiRhHFc=:
     54 "@signature-params": ("@authority";req "unencoded-digest";sf);keyid="JrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs=";tag="sri"`
     55  }
     56 ];
     57 
     58 // Valid signatures depend upon integrity checks.
     59 //
     60 // We're testing our handling of malformed and multiple keys generally in
     61 // the broader `client-initiated.*` tests. Here we'll just focus on ensuring
     62 // that responses with `@authority` components load at all (no integrity check),
     63 // load when integrity checks match, and fail when integrity checks mismatch.
     64 for (const constRequest of kRequestsWithValidSignature) {
     65    signSignatureBase(constRequest.signatureBase, kValidKeysJWK['rfc']).then(plainSignature => {
     66      let request = {
     67        ...constRequest,
     68        signature: `signature=:` + plainSignature + `:`,
     69      };
     70 
     71      // fetch():
     72      generate_fetch_test(request, {}, EXPECT_LOADED,
     73                          `Valid signature (${request.signature}), no integrity check: loads.`);
     74      generate_fetch_test(request, {integrity:`ed25519-${kValidKeys['rfc']}`}, EXPECT_LOADED,
     75                          `Valid signature (${request.signature}), matching integrity check: loads.`);
     76      generate_fetch_test(request, {integrity:`ed25519-${kInvalidKey}`}, EXPECT_BLOCKED,
     77                          `Valid signature (${request.signature}), mismatched integrity check: blocked.`);
     78 
     79      // <script>:
     80      generate_script_test(request, "", EXPECT_LOADED,
     81                          `Valid signature (${request.signature}), no integrity check: loads with live signature.`);
     82      generate_script_test(request, `ed25519-${kValidKeys['rfc']}`, EXPECT_LOADED,
     83                          `Valid signature (${request.signature}), matching integrity check: loads with live signature.`);
     84      generate_script_test(request, `ed25519-${kInvalidKey}`, EXPECT_BLOCKED,
     85                          `Valid signature (${request.signature}), mismatched integrity check: blocked.`);
     86    });
     87 }