New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 753349 link

Starred by 6 users
Status: Assigned
Owner:
vogelheim@chromium.org
Cc:
mkwst@chromium.org
kinuko@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Task



Sign in to add a comment

Signature-based Resource Loading Restrictions

Project Member Reported by vogelheim@chromium.org, Aug 8 2017 
Feature description: Signature-based Resource Loading Restrictions

Eng owner: vogelheim@, mkwst@
Product owner:

Design doc:
https://github.com/w3c/webappsec-subresource-integrity/blob/master/signature-based-restrictions-explainer.markdown

Are you planning on experimenting before launch? Yes.
Any new strings? No.
Any implications for Google webservices (i.e. sync, translate)? No.
Binary size? Likely tiny.
Do the existing perf tests exercise all aspects of your new feature(s)? No.

Comment 1 by vogelheim@chromium.org, Aug 9 2017

Labels: -Type-Feature Type-Launch-OWP
Project Member

Comment 3 by bugdroid1@chromium.org, Aug 10 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ea0a536965d1709eecb29e9d13c09f013ff3adbe

commit ea0a536965d1709eecb29e9d13c09f013ff3adbe
Author: Daniel Vogelheim <vogelheim@chromium.org>
Date: Thu Aug 10 14:27:26 2017

Use a separate enum for IntegrityMetadata::algorithm_.

This is a preparatory change for 607930. This separates the notion
of the integrity algorithm from a crypto hash function. The intent
is to introduce a signature-based scheme, and thus an integrity
method not based on a hash function.

Bug: 753349
Change-Id: Ibf1132249a66c4150bd66bbcfea6998607a35c62
Reviewed-on: https://chromium-review.googlesource.com/608974
Reviewed-by: Mike West <mkwst@chromium.org>
Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#493382}
[modify] https://crrev.com/ea0a536965d1709eecb29e9d13c09f013ff3adbe/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp
[modify] https://crrev.com/ea0a536965d1709eecb29e9d13c09f013ff3adbe/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp
[modify] https://crrev.com/ea0a536965d1709eecb29e9d13c09f013ff3adbe/third_party/WebKit/Source/platform/loader/SubresourceIntegrity.cpp
[modify] https://crrev.com/ea0a536965d1709eecb29e9d13c09f013ff3adbe/third_party/WebKit/Source/platform/loader/SubresourceIntegrity.h
[modify] https://crrev.com/ea0a536965d1709eecb29e9d13c09f013ff3adbe/third_party/WebKit/Source/platform/loader/SubresourceIntegrityTest.cpp
[modify] https://crrev.com/ea0a536965d1709eecb29e9d13c09f013ff3adbe/third_party/WebKit/Source/platform/loader/fetch/IntegrityMetadata.cpp
[modify] https://crrev.com/ea0a536965d1709eecb29e9d13c09f013ff3adbe/third_party/WebKit/Source/platform/loader/fetch/IntegrityMetadata.h
Project Member

Comment 4 by bugdroid1@chromium.org, Aug 10 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/7cf26ccd716afce4b6b11f2360b97b9cf198a599

commit 7cf26ccd716afce4b6b11f2360b97b9cf198a599
Author: Fernando Serboncini <fserb@chromium.org>
Date: Thu Aug 10 15:20:04 2017

Revert "Use a separate enum for IntegrityMetadata::algorithm_."

This reverts commit ea0a536965d1709eecb29e9d13c09f013ff3adbe.

Reason for revert: Broke build: https://build.chromium.org/p/chromium.win/builders/WinClang64%20%28dbg%29/builds/15366

Original change's description:
> Use a separate enum for IntegrityMetadata::algorithm_.
> 
> This is a preparatory change for 607930. This separates the notion
> of the integrity algorithm from a crypto hash function. The intent
> is to introduce a signature-based scheme, and thus an integrity
> method not based on a hash function.
> 
> Bug: 753349
> Change-Id: Ibf1132249a66c4150bd66bbcfea6998607a35c62
> Reviewed-on: https://chromium-review.googlesource.com/608974
> Reviewed-by: Mike West <mkwst@chromium.org>
> Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#493382}

TBR=vogelheim@chromium.org,mkwst@chromium.org

Change-Id: Ifd580c0b44c04bf660c7959c50c43a2955db599a
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: 753349
Reviewed-on: https://chromium-review.googlesource.com/610460
Reviewed-by: Fernando Serboncini <fserb@chromium.org>
Commit-Queue: Fernando Serboncini <fserb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#493393}
[modify] https://crrev.com/7cf26ccd716afce4b6b11f2360b97b9cf198a599/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp
[modify] https://crrev.com/7cf26ccd716afce4b6b11f2360b97b9cf198a599/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp
[modify] https://crrev.com/7cf26ccd716afce4b6b11f2360b97b9cf198a599/third_party/WebKit/Source/platform/loader/SubresourceIntegrity.cpp
[modify] https://crrev.com/7cf26ccd716afce4b6b11f2360b97b9cf198a599/third_party/WebKit/Source/platform/loader/SubresourceIntegrity.h
[modify] https://crrev.com/7cf26ccd716afce4b6b11f2360b97b9cf198a599/third_party/WebKit/Source/platform/loader/SubresourceIntegrityTest.cpp
[modify] https://crrev.com/7cf26ccd716afce4b6b11f2360b97b9cf198a599/third_party/WebKit/Source/platform/loader/fetch/IntegrityMetadata.cpp
[modify] https://crrev.com/7cf26ccd716afce4b6b11f2360b97b9cf198a599/third_party/WebKit/Source/platform/loader/fetch/IntegrityMetadata.h
Project Member

Comment 5 by bugdroid1@chromium.org, Aug 11 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/550aff53e740d03e24205c08425d1b002f13ce13

commit 550aff53e740d03e24205c08425d1b002f13ce13
Author: Daniel Vogelheim <vogelheim@chromium.org>
Date: Fri Aug 11 09:04:06 2017

Use a separate enum for IntegrityMetadata::algorithm_.

This is a preparatory change for 607930. This separates the notion
of the integrity algorithm from a crypto hash function. The intent
is to introduce a signature-based scheme, and thus an integrity
method not based on a hash function.


This is a re-land of https://chromium-review.googlesource.com/c/608974
This CL broke because (one of) the Windows compiler(s) through a
variable might be uninitialized. Fix is a one-line in patch set 2.

Bug: 753349
Change-Id: I6d9e86e30ea248f1cb0aec3fb8f594e2a298dcab
Reviewed-on: https://chromium-review.googlesource.com/610021
Reviewed-by: Mike West <mkwst@chromium.org>
Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#493691}
[modify] https://crrev.com/550aff53e740d03e24205c08425d1b002f13ce13/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp
[modify] https://crrev.com/550aff53e740d03e24205c08425d1b002f13ce13/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp
[modify] https://crrev.com/550aff53e740d03e24205c08425d1b002f13ce13/third_party/WebKit/Source/platform/loader/SubresourceIntegrity.cpp
[modify] https://crrev.com/550aff53e740d03e24205c08425d1b002f13ce13/third_party/WebKit/Source/platform/loader/SubresourceIntegrity.h
[modify] https://crrev.com/550aff53e740d03e24205c08425d1b002f13ce13/third_party/WebKit/Source/platform/loader/SubresourceIntegrityTest.cpp
[modify] https://crrev.com/550aff53e740d03e24205c08425d1b002f13ce13/third_party/WebKit/Source/platform/loader/fetch/IntegrityMetadata.cpp
[modify] https://crrev.com/550aff53e740d03e24205c08425d1b002f13ce13/third_party/WebKit/Source/platform/loader/fetch/IntegrityMetadata.h
Project Member

Comment 6 by bugdroid1@chromium.org, Aug 22 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/759824ef9bfc77c4f6c287294444993b7997c6df

commit 759824ef9bfc77c4f6c287294444993b7997c6df
Author: Daniel Vogelheim <vogelheim@chromium.org>
Date: Tue Aug 22 11:08:57 2017

Implement Signature-based Resource Loading Restrictions.

This change extends Subresource Integrity attributes to also
recognize digital signatures (Ed25519). See the bug for
links to spec, intent, etc.

Bug: 753349
Change-Id: I69c29f168e2df57b8a26edba7c794625ef478099
Reviewed-on: https://chromium-review.googlesource.com/607930
Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Cr-Commit-Position: refs/heads/master@{#496277}
[add] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/LayoutTests/external/wpt/resources/sriharness.js
[add] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/LayoutTests/external/wpt/subresource-integrity/ed25519-broken-signature.js
[add] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/LayoutTests/external/wpt/subresource-integrity/ed25519-broken-signature.js.headers
[add] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/LayoutTests/external/wpt/subresource-integrity/ed25519-multi-signature-headers.js
[add] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/LayoutTests/external/wpt/subresource-integrity/ed25519-multi-signature-headers.js.headers
[add] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/LayoutTests/external/wpt/subresource-integrity/ed25519-multi-signature.js
[add] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/LayoutTests/external/wpt/subresource-integrity/ed25519-multi-signature.js.headers
[add] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/LayoutTests/external/wpt/subresource-integrity/ed25519-multi-signature2.js
[add] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/LayoutTests/external/wpt/subresource-integrity/ed25519-multi-signature2.js.headers
[add] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/LayoutTests/external/wpt/subresource-integrity/ed25519-no-signature.js
[add] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/LayoutTests/external/wpt/subresource-integrity/ed25519-signature.js
[add] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/LayoutTests/external/wpt/subresource-integrity/ed25519-signature.js.headers
[add] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/LayoutTests/external/wpt/subresource-integrity/ed25519-style-multi-signature-headers.css
[add] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/LayoutTests/external/wpt/subresource-integrity/ed25519-style-multi-signature-headers.css.headers
[add] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/LayoutTests/external/wpt/subresource-integrity/ed25519-style-multi-signature.css
[add] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/LayoutTests/external/wpt/subresource-integrity/ed25519-style-multi-signature.css.headers
[add] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/LayoutTests/external/wpt/subresource-integrity/ed25519-style-multi-signature2.css
[add] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/LayoutTests/external/wpt/subresource-integrity/ed25519-style-multi-signature2.css.headers
[add] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/LayoutTests/external/wpt/subresource-integrity/ed25519-style-no-signature.css
[add] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/LayoutTests/external/wpt/subresource-integrity/ed25519-style-wrong-signature.css
[add] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/LayoutTests/external/wpt/subresource-integrity/ed25519-style-wrong-signature.css.headers
[add] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/LayoutTests/external/wpt/subresource-integrity/ed25519-style.css
[add] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/LayoutTests/external/wpt/subresource-integrity/ed25519-style.css.headers
[add] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/LayoutTests/external/wpt/subresource-integrity/subresource-css-ed25519.tentative.html
[add] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/LayoutTests/external/wpt/subresource-integrity/subresource-ed25519.tentative.html
[modify] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/LayoutTests/external/wpt/subresource-integrity/subresource-integrity.sub.html
[add] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/LayoutTests/external/wpt/subresource-integrity/tools/ed25519.py
[modify] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/LayoutTests/external/wpt/subresource-integrity/tools/list_hashes.py
[modify] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/LayoutTests/fast/dom/shadow/gc-collected-shadowroot-crash-expected.txt
[modify] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/LayoutTests/fast/dom/shadow/gc-collected-shadowroot-crash.html
[modify] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/LayoutTests/fast/dom/shadow/remove-shadowroot-from-document-and-destroy-crash-expected.txt
[modify] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/LayoutTests/fast/dom/shadow/remove-shadowroot-from-document-and-destroy-crash.html
[modify] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed.html
[modify] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-basic-blocked-expected.txt
[modify] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-basic-blocked.html
[modify] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-ignore-unsafeinline-expected.txt
[modify] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-ignore-unsafeinline.html
[modify] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-malformed.html
[modify] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-unicode-normalization-expected.txt
[modify] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-unicode-normalization.html
[modify] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/nonces/scriptnonce-and-scripthash-expected.txt
[modify] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/nonces/scriptnonce-and-scripthash.html
[modify] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp
[modify] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
[modify] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/Source/core/frame/csp/SourceListDirective.cpp
[modify] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/Source/platform/RuntimeEnabledFeatures.json5
[modify] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/Source/platform/loader/DEPS
[modify] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/Source/platform/loader/SubresourceIntegrity.cpp
[modify] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/Source/platform/loader/SubresourceIntegrity.h
[modify] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/Source/platform/loader/SubresourceIntegrityTest.cpp
[modify] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/Source/platform/loader/fetch/IntegrityMetadata.h
[modify] https://crrev.com/759824ef9bfc77c4f6c287294444993b7997c6df/third_party/WebKit/Source/platform/network/ContentSecurityPolicyParsers.h

Comment 8 by owe...@chromium.org, Sep 12 2017

Labels: migrated-launch-owp Type-Task
This issue has been automatically relabelled type=task because type=launch-owp issues are now officially deprecated. The deprecation is because they were creating confusion about how to get launch approvals, which should be instead done via type=launch issues.

We recommend this issue be used for implementation tracking (for public visibility), but if you already have an issue for that, you may mark this as duplicate.

For more details see here: https://docs.google.com/document/d/1JA6RohjtZQc26bTrGoIE_bSXGXUDQz8vc6G0n_sZJ2o/edit

For any questions, please contact owencm, sshruthi, larforge

Comment 9 by est...@chromium.org, Nov 10 2017

Labels: Hotlist-EnamelAndFriendsFixIt

Comment 10 by kinuko@chromium.org, Dec 20 2017

Cc: kinuko@chromium.org

Comment 11 by est...@chromium.org, Feb 18 2018

Labels: -Hotlist-EnamelAndFriendsFixIt
Project Member

Comment 12 by bugdroid1@chromium.org, Mar 2 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/def6084e9b4a72781bbf47b7eb819084af96c5d2

commit def6084e9b4a72781bbf47b7eb819084af96c5d2
Author: Daniel Vogelheim <vogelheim@chromium.org>
Date: Fri Mar 02 15:30:12 2018

Implement Origin Trial for signature-based SRI.

This implements an origin trial for signature-based SRI. It introduces
a flag in IntegrityMetadataSet to store whether signature are enabled,
because origin trials are enabled/disbabled based on a request's Origin,
but the Resource instance itself isn't bound to such an origin. Hence,
that information needs to be passed in.

Change-Id: I5780c614044165231e948fdf01ec09f3355671f5
Bug: 753349
Reviewed-on: https://chromium-review.googlesource.com/924187
Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Hiroshige Hayashizaki <hiroshige@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Kouhei Ueno <kouhei@chromium.org>
Cr-Commit-Position: refs/heads/master@{#540521}
[modify] https://crrev.com/def6084e9b4a72781bbf47b7eb819084af96c5d2/third_party/WebKit/Source/core/fetch/FetchManager.cpp
[modify] https://crrev.com/def6084e9b4a72781bbf47b7eb819084af96c5d2/third_party/WebKit/Source/core/frame/csp/CSPDirectiveListTest.cpp
[modify] https://crrev.com/def6084e9b4a72781bbf47b7eb819084af96c5d2/third_party/WebKit/Source/core/html/LinkStyle.cpp
[modify] https://crrev.com/def6084e9b4a72781bbf47b7eb819084af96c5d2/third_party/WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp
[modify] https://crrev.com/def6084e9b4a72781bbf47b7eb819084af96c5d2/third_party/WebKit/Source/core/html/parser/HTMLPreloadScanner.h
[modify] https://crrev.com/def6084e9b4a72781bbf47b7eb819084af96c5d2/third_party/WebKit/Source/core/loader/LinkLoader.cpp
[modify] https://crrev.com/def6084e9b4a72781bbf47b7eb819084af96c5d2/third_party/WebKit/Source/core/loader/SubresourceIntegrityHelper.cpp
[modify] https://crrev.com/def6084e9b4a72781bbf47b7eb819084af96c5d2/third_party/WebKit/Source/core/loader/SubresourceIntegrityHelper.h
[modify] https://crrev.com/def6084e9b4a72781bbf47b7eb819084af96c5d2/third_party/WebKit/Source/core/script/ScriptLoader.cpp
[modify] https://crrev.com/def6084e9b4a72781bbf47b7eb819084af96c5d2/third_party/WebKit/Source/platform/loader/SubresourceIntegrity.cpp
[modify] https://crrev.com/def6084e9b4a72781bbf47b7eb819084af96c5d2/third_party/WebKit/Source/platform/loader/SubresourceIntegrity.h
[modify] https://crrev.com/def6084e9b4a72781bbf47b7eb819084af96c5d2/third_party/WebKit/Source/platform/loader/SubresourceIntegrityTest.cpp
[modify] https://crrev.com/def6084e9b4a72781bbf47b7eb819084af96c5d2/third_party/WebKit/Source/platform/runtime_enabled_features.json5

Sign in to add a comment