Bug 1762520 - Update preload SRI checking for HTML spec change. r=freddyb, a=dmeehan

Differential Revision: https://phabricator.services.mozilla.com/D150955

Bug 1762520 - Update preload SRI checking for HTML spec change. r=freddyb, a=dmeehan
574377c0 · Tom Schuster · d22b6ddb · 574377c0 · 574377c0 · 574377c0
Commit 574377c0 authored 2 years ago by Tom Schuster
--- a/dom/security/SRIMetadata.cpp
+++ b/dom/security/SRIMetadata.cpp
@@ -158,26 +158,25 @@ bool SRIMetadata::CanTrustBeDelegatedTo(const SRIMetadata& aOther) const {
  }

  if (aOther.IsEmpty()) {
-    // This SRI requires a check and the other has none, can't delegate.
+    // This metadata requires a check and the other has none, can't delegate.
    return false;
  }

-  if (mAlgorithmType < aOther.mAlgorithmType) {
-    // The other SRI is stronger than this one, we can (have to) delegate trust
-    // to it.
-    return true;
+  if (mAlgorithmType != aOther.mAlgorithmType) {
+    // They must use the same hash algorithm.
+    return false;
  }
-  if (mAlgorithmType > aOther.mAlgorithmType) {
-    // This SRI is stronger than the other, we can't delegate the trust.
+
+  // They must be completely identical, except for the order of hashes.
+  // We don't know which hash is the one passing eventually the check, so only
+  // option is to require this metadata to contain the same set of hashes as the
+  // one we want to delegate the trust to.
+  if (mHashes.Length() != aOther.mHashes.Length()) {
    return false;
  }

  for (const auto& hash : mHashes) {
    if (!aOther.mHashes.Contains(hash)) {
-      // Both SRIs must be completely identical.  We don't know which hash is
-      // the one passing eventually the check, so only option is to require this
-      // SRI to contain the same set of hashes as the one we want to delegate
-      // the trust to.
      return false;
    }
  }

--- a/dom/security/SRIMetadata.h
+++ b/dom/security/SRIMetadata.h
@@ -67,14 +67,14 @@ class SRIMetadata final {
  const nsString& GetIntegrityString() const { return mIntegrityString; }

  // Return true if:
-  // * this SRI is empty
-  // * the other SRI has a stronger hash algorithm
-  // * the other SRI has the same hash algorithm and also the same set of values
-  // otherwise, return false.
+  // - this integrity metadata is empty, or
+  // - the other integrity metadata has the same hash algorithm and also the
+  // same set of values otherwise, return false.
  //
-  // This method simply checks if the other SRI is stronger or identical to this
-  // one, so that a load that has been checked against that other SRI has the
-  // same or higher level of trust than this SRI provides.
+  // This method simply checks if the other integrity metadata is identical to
+  // this one (if it exists), so that a load that has been checked against that
+  // other integrity metadata implies that the current integrity metadata is
+  // also satisfied.
  bool CanTrustBeDelegatedTo(const SRIMetadata& aOther) const;

 private:

--- a/testing/web-platform/meta/preload/subresource-integrity.html.ini
+++ b/testing/web-platform/meta/preload/subresource-integrity.html.ini
@@ -60,10 +60,4 @@
    expected: FAIL

  [<crossorigin='anonymous'> image with incorrect hash, ACAO: *]
-    expected: FAIL
-
-  [[Tentative\] Same-origin script with matching digest does not reuse preload with matching but stronger digest.]
-    expected: FAIL
-
-  [[Tentative\] Same-origin style with matching digest does not reuse preload with matching but stronger digest.]
-    expected: FAIL
+    expected: FAIL
\ No newline at end of file