Source code
Revision control
Copy as Markdown
Other Tools
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
#include "OriginTrials.h"
#include "mozilla/Base64.h"
#include "mozilla/Span.h"
#include "nsString.h"
#include "nsIPrincipal.h"
#include "nsIURI.h"
#include "nsNetUtil.h"
#include "nsContentUtils.h"
#include "xpcpublic.h"
#include "jsapi.h"
#include "js/Wrapper.h"
#include "nsGlobalWindowInner.h"
#include "mozilla/ClearOnShutdown.h"
#include "mozilla/dom/Document.h"
#include "mozilla/dom/WorkerPrivate.h"
#include "mozilla/dom/WorkletThread.h"
#include "mozilla/dom/WebCryptoCommon.h"
#include "mozilla/StaticPrefs_dom.h"
#include "ScopedNSSTypes.h"
#include <mutex>
namespace mozilla {
LazyLogModule sOriginTrialsLog("OriginTrials");
#define LOG(...) MOZ_LOG(sOriginTrialsLog, LogLevel::Debug, (__VA_ARGS__))
// prod.pub is the EcdsaP256 public key from the production key managed in
// Google Cloud. See:
//
//
// for how to get the public key.
//
// See also:
//
// https://github.com/mozilla/origin-trial-token/blob/main/tools/README.md#sign-a-token-using-gcloud
//
// for how to sign using this key.
//
// test.pub is the EcdsaP256 public key from this key pair:
//
//
#include "keys.inc"
constexpr auto kEcAlgorithm =
NS_LITERAL_STRING_FROM_CSTRING(WEBCRYPTO_NAMED_CURVE_P256);
using RawKeyRef = Span<const unsigned char, sizeof(kProdKey)>;
struct StaticCachedPublicKey {
constexpr StaticCachedPublicKey() = default;
SECKEYPublicKey* Get(const RawKeyRef aRawKey);
private:
std::once_flag mFlag;
UniqueSECKEYPublicKey mKey;
};
SECKEYPublicKey* StaticCachedPublicKey::Get(const RawKeyRef aRawKey) {
std::call_once(mFlag, [&] {
const SECItem item{siBuffer, const_cast<unsigned char*>(aRawKey.data()),
unsigned(aRawKey.Length())};
MOZ_RELEASE_ASSERT(item.data[0] == EC_POINT_FORM_UNCOMPRESSED);
mKey = dom::CreateECPublicKey(&item, kEcAlgorithm);
if (mKey) {
// It's fine to capture [this] by pointer because we are always static.
if (NS_IsMainThread()) {
RunOnShutdown([this] { mKey = nullptr; });
} else {
NS_DispatchToMainThread(NS_NewRunnableFunction(
"ClearStaticCachedPublicKey",
[this] { RunOnShutdown([this] { mKey = nullptr; }); }));
}
}
});
return mKey.get();
}
bool VerifySignature(const uint8_t* aSignature, uintptr_t aSignatureLen,
const uint8_t* aData, uintptr_t aDataLen,
void* aUserData) {
MOZ_RELEASE_ASSERT(aSignatureLen == 64);
static StaticCachedPublicKey sTestKey;
static StaticCachedPublicKey sProdKey;
LOG("VerifySignature()\n");
SECKEYPublicKey* pubKey = StaticPrefs::dom_origin_trials_test_key_enabled()
? sTestKey.Get(Span(kTestKey))
: sProdKey.Get(Span(kProdKey));
if (NS_WARN_IF(!pubKey)) {
LOG(" Failed to create public key?");
return false;
}
if (NS_WARN_IF(aDataLen > UINT_MAX)) {
LOG(" Way too large data.");
return false;
}
const SECItem signature{siBuffer, const_cast<unsigned char*>(aSignature),
unsigned(aSignatureLen)};
const SECItem data{siBuffer, const_cast<unsigned char*>(aData),
unsigned(aDataLen)};
// SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE
const SECStatus result = PK11_VerifyWithMechanism(
pubKey, CKM_ECDSA_SHA256, nullptr, &signature, &data, nullptr);
if (NS_WARN_IF(result != SECSuccess)) {
LOG(" Failed to verify data.");
return false;
}
return true;
}
bool MatchesOrigin(const uint8_t* aOrigin, size_t aOriginLen, bool aIsSubdomain,
bool aIsThirdParty, bool aIsUsageSubset, void* aUserData) {
const nsDependentCSubstring origin(reinterpret_cast<const char*>(aOrigin),
aOriginLen);
LOG("MatchesOrigin(%d, %d, %d, %s)\n", aIsThirdParty, aIsSubdomain,
aIsUsageSubset, nsCString(origin).get());
if (aIsThirdParty || aIsUsageSubset) {
// TODO(emilio): Support third-party tokens and so on.
return false;
}
auto* principal = static_cast<nsIPrincipal*>(aUserData);
nsCOMPtr<nsIURI> originURI;
if (NS_WARN_IF(NS_FAILED(NS_NewURI(getter_AddRefs(originURI), origin)))) {
return false;
}
const bool originMatches = [&] {
if (principal->IsSameOrigin(originURI)) {
return true;
}
if (aIsSubdomain) {
for (nsCOMPtr<nsIPrincipal> prin = principal->GetNextSubDomainPrincipal();
prin; prin = prin->GetNextSubDomainPrincipal()) {
if (prin->IsSameOrigin(originURI)) {
return true;
}
}
}
return false;
}();
if (NS_WARN_IF(!originMatches)) {
LOG("Origin doesn't match\n");
return false;
}
return true;
}
void OriginTrials::UpdateFromToken(const nsAString& aBase64EncodedToken,
nsIPrincipal* aPrincipal) {
if (!StaticPrefs::dom_origin_trials_enabled()) {
return;
}
LOG("OriginTrials::UpdateFromToken()\n");
nsAutoCString decodedToken;
nsresult rv = mozilla::Base64Decode(aBase64EncodedToken, decodedToken);
if (NS_WARN_IF(NS_FAILED(rv))) {
return;
}
const Span<const uint8_t> decodedTokenSpan(decodedToken);
const origin_trials_ffi::OriginTrialValidationParams params{
VerifySignature,
MatchesOrigin,
/* user_data = */ aPrincipal,
};
auto result = origin_trials_ffi::origin_trials_parse_and_validate_token(
decodedTokenSpan.data(), decodedTokenSpan.size(), ¶ms);
if (NS_WARN_IF(!result.IsOk())) {
LOG(" result = %d\n", int(result.tag));
return; // TODO(emilio): Maybe report to console or what not?
}
OriginTrial trial = result.AsOk().trial;
LOG(" result = Ok(%d)\n", int(trial));
mEnabledTrials += trial;
}
OriginTrials OriginTrials::FromWindow(const nsGlobalWindowInner* aWindow) {
if (!aWindow) {
return {};
}
const dom::Document* doc = aWindow->GetExtantDoc();
if (!doc) {
return {};
}
return doc->Trials();
}
static int32_t PrefState(OriginTrial aTrial) {
switch (aTrial) {
case OriginTrial::TestTrial:
return StaticPrefs::dom_origin_trials_test_trial_state();
case OriginTrial::CoepCredentialless:
return StaticPrefs::dom_origin_trials_coep_credentialless_state();
case OriginTrial::PrivateAttributionV2:
return StaticPrefs::dom_origin_trials_private_attribution_state();
case OriginTrial::MAX:
MOZ_ASSERT_UNREACHABLE("Unknown trial!");
break;
}
return 0;
}
bool OriginTrials::IsEnabled(OriginTrial aTrial) const {
switch (PrefState(aTrial)) {
case 1:
return true;
case 2:
return false;
default:
break;
}
return mEnabledTrials.contains(aTrial);
}
bool OriginTrials::IsEnabled(JSContext* aCx, JSObject* aObject,
OriginTrial aTrial) {
if (nsContentUtils::ThreadsafeIsSystemCaller(aCx)) {
return true;
}
LOG("OriginTrials::IsEnabled(%d)\n", int(aTrial));
nsIGlobalObject* global = xpc::CurrentNativeGlobal(aCx);
MOZ_ASSERT(global);
return global && global->Trials().IsEnabled(aTrial);
}
#undef LOG
} // namespace mozilla