Split cryptographic digest computation and parsing out of CSP code so it can be reused
authorweinig@apple.com <weinig@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 21 Apr 2017 22:13:58 +0000 (22:13 +0000)
committerweinig@apple.com <weinig@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 21 Apr 2017 22:13:58 +0000 (22:13 +0000)
commitc880a0258ca03898200e55ad4c614ef59bd9a43d
tree83aae14e97c5d5dbfe4554472a424d5e6aa52084
parentb6dfa96bd3bedecb218e5ddf80c7a93e3807be5b
Split cryptographic digest computation and parsing out of CSP code so it can be reused
https://bugs.webkit.org/show_bug.cgi?id=171076

Reviewed by Chris Dumez.

Source/WebCore:

Factor out cryptographic digest parsing from Content Security Policy code
so that it can be reused for the Subresource Integrity implementation.

* CMakeLists.txt:
* WebCore.xcodeproj/project.pbxproj:
Add new files.

* html/parser/ParsingUtilities.h:
(WebCore::skipExactlyIgnoringASCIICase):
Add parsing helper to match / skip over a constant string, using IgnoringASCIICase semantics.

* loader/ResourceCryptographicDigest.cpp: Added.
(WebCore::parseHashAlgorithmAdvancingPosition):
(WebCore::parseCryptographicDigestImpl):
(WebCore::parseCryptographicDigest):
Move parsing of cryptographic-digest strings from ContentSecurityPolicySourceList.cpp
and optimize it a little by avoiding String allocations and generalizing it so that it
can parse either UChars or LChars.

* loader/ResourceCryptographicDigest.h: Added.
(WebCore::ResourceCryptographicDigest::operator==):
(WebCore::ResourceCryptographicDigest::operator!=):
(WTF::DefaultHash<WebCore::ResourceCryptographicDigest>::Hash::hash):
(WTF::DefaultHash<WebCore::ResourceCryptographicDigest>::Hash::equal):
(WTF::HashTraits<WebCore::ResourceCryptographicDigest>::emptyValue):
(WTF::HashTraits<WebCore::ResourceCryptographicDigest>::constructDeletedValue):
(WTF::HashTraits<WebCore::ResourceCryptographicDigest>::isDeletedValue):
Add a struct (rather than using a std::pair) to represent the digest + algorithm. And add
HashTraits so it can be used as HashMap.

* page/csp/ContentSecurityPolicy.cpp:
(WebCore::ContentSecurityPolicy::findHashOfContentInPolicies):
(WebCore::toCryptoDigestAlgorithm): Deleted.
Move algorithm conversion to ResourceCryptographicDigest.cpp. Make use of new
cryptographicDigestForBytes function to do hashing.

* page/csp/ContentSecurityPolicy.h:
* page/csp/ContentSecurityPolicyHash.h:
(WTF::DefaultHash<WebCore::ContentSecurityPolicyDigest>::Hash::hash): Deleted.
(WTF::DefaultHash<WebCore::ContentSecurityPolicyDigest>::Hash::equal): Deleted.
Remove HashTraits for the digest, this is now handled by ResourceCryptographicDigest.
To keep things relatively straight-forward, redefine ContentSecurityPolicyHashAlgorithm
and ContentSecurityPolicyHash in terms of ResourceCryptographicDigest, so that less code
has to be changed all at once. In a later pass, if wanted, we can remove these using
declarations.

* page/csp/ContentSecurityPolicySourceList.cpp:
(WebCore::isNonceCharacter):
Use renamed isBase64OrBase64URLCharacter predicate.

(WebCore::ContentSecurityPolicySourceList::parseHashSource):
Rework using ResourceCryptographicDigest parsing. Quotation and maximum digest
length have been kept here, as they are not applicable to other uses of
the digest, specifically Subresource Integrity.

Source/WTF:

* wtf/text/Base64.cpp:
(WTF::base64Decode):
(WTF::base64URLDecode):
Add overloads for base64Decode and base64URLDecode that take a StringView, to avoid allocations
of Strings.

* wtf/text/Base64.h:
(WTF::isBase64OrBase64URLCharacter):
Move helper predicate used for parsing either type of Base64 encoded string from WebCore.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@215646 268f45cc-cd09-0410-ab3c-d52691b4dbfc
13 files changed:
Source/WTF/ChangeLog
Source/WTF/wtf/text/Base64.cpp
Source/WTF/wtf/text/Base64.h
Source/WebCore/CMakeLists.txt
Source/WebCore/ChangeLog
Source/WebCore/WebCore.xcodeproj/project.pbxproj
Source/WebCore/html/parser/ParsingUtilities.h
Source/WebCore/loader/ResourceCryptographicDigest.cpp [new file with mode: 0644]
Source/WebCore/loader/ResourceCryptographicDigest.h [new file with mode: 0644]
Source/WebCore/page/csp/ContentSecurityPolicy.cpp
Source/WebCore/page/csp/ContentSecurityPolicy.h
Source/WebCore/page/csp/ContentSecurityPolicyHash.h
Source/WebCore/page/csp/ContentSecurityPolicySourceList.cpp