- tbb-commits - lists.torproject.org

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.2.0esr-14.0-1] fixup! Bug 4234: Use the Firefox Update Process for Base Browser.
by Pier Angelo Vendrame (＠pierov) 02 Sep '24

02 Sep '24

Pier Angelo Vendrame pushed to branch mullvad-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 3f90b231 by Pier Angelo Vendrame at 2024-09-02T10:23:18+02:00 fixup! Bug 4234: Use the Firefox Update Process for Base Browser. Bug 42747: Discard unsupported updates earlier. Firefox's updater has a function to select updates, which checks mainly the version number. Therefore, a more recent update that is unsupported will be chosen over a compatible one. We patch this to be able to provide an alternative update path to Windows 7. - - - - - 1 changed file: - toolkit/mozapps/update/UpdateService.sys.mjs Changes: ===================================== toolkit/mozapps/update/UpdateService.sys.mjs ===================================== @@ -3700,18 +3700,20 @@ export class UpdateService { switch (update.type) { case "major": - if (!majorUpdate) { + if (!majorUpdate || majorUpdate.unsupported) { majorUpdate = update; } else if ( + !update.unsupported && vc.compare(majorUpdate.appVersion, update.appVersion) <= 0 ) { majorUpdate = update; } break; case "minor": - if (!minorUpdate) { + if (!minorUpdate || minorUpdate.unsupported) { minorUpdate = update; } else if ( + !update.unsupported && vc.compare(minorUpdate.appVersion, update.appVersion) <= 0 ) { minorUpdate = update; View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/3f9… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/3f9… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.2.0esr-14.0-1] fixup! Bug 4234: Use the Firefox Update Process for Base Browser.
by Pier Angelo Vendrame (＠pierov) 02 Sep '24

02 Sep '24

Pier Angelo Vendrame pushed to branch base-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 5661f525 by Pier Angelo Vendrame at 2024-09-02T10:23:38+02:00 fixup! Bug 4234: Use the Firefox Update Process for Base Browser. Bug 42747: Discard unsupported updates earlier. Firefox's updater has a function to select updates, which checks mainly the version number. Therefore, a more recent update that is unsupported will be chosen over a compatible one. We patch this to be able to provide an alternative update path to Windows 7. - - - - - 1 changed file: - toolkit/mozapps/update/UpdateService.sys.mjs Changes: ===================================== toolkit/mozapps/update/UpdateService.sys.mjs ===================================== @@ -3700,18 +3700,20 @@ export class UpdateService { switch (update.type) { case "major": - if (!majorUpdate) { + if (!majorUpdate || majorUpdate.unsupported) { majorUpdate = update; } else if ( + !update.unsupported && vc.compare(majorUpdate.appVersion, update.appVersion) <= 0 ) { majorUpdate = update; } break; case "minor": - if (!minorUpdate) { + if (!minorUpdate || minorUpdate.unsupported) { minorUpdate = update; } else if ( + !update.unsupported && vc.compare(minorUpdate.appVersion, update.appVersion) <= 0 ) { minorUpdate = update; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/5661f52… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/5661f52… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.2.0esr-14.0-1] 2 commits: fixup! Bug 4234: Use the Firefox Update Process for Base Browser.
by Pier Angelo Vendrame (＠pierov) 02 Sep '24

02 Sep '24

Pier Angelo Vendrame pushed to branch tor-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: af856ef0 by Pier Angelo Vendrame at 2024-09-02T10:11:08+02:00 fixup! Bug 4234: Use the Firefox Update Process for Base Browser. Bug 42747: Discard unsupported updates earlier. Firefox's updater has a function to select updates, which checks mainly the version number. Therefore, a more recent update that is unsupported will be chosen over a compatible one. We patch this to be able to provide an alternative update path to Windows 7. - - - - - aa6ba139 by Pier Angelo Vendrame at 2024-09-02T10:11:12+02:00 fixup! Bug 19121: reinstate the update.xml hash check Bug 42737: Drop the hash check on updates. Updates are already signed, the hash check is redundant. Revert "Bug 19121: reinstate the update.xml hash check" This reverts commit 14ac8e5c0aff14dda4b15e435db58bea80960389. - - - - - 3 changed files: - toolkit/mozapps/update/UpdateService.sys.mjs - toolkit/mozapps/update/UpdateTelemetry.sys.mjs - toolkit/mozapps/update/nsIUpdateService.idl Changes: ===================================== toolkit/mozapps/update/UpdateService.sys.mjs ===================================== @@ -2110,8 +2110,6 @@ class UpdatePatch { // over writing nsIUpdatePatch attributes. _attrNames = [ "errorCode", - "hashFunction", - "hashValue", "finalURL", "selected", "size", @@ -2164,8 +2162,6 @@ class UpdatePatch { } break; case "finalURL": - case "hashFunction": - case "hashValue": case "state": case "type": case "URL": @@ -2186,8 +2182,6 @@ class UpdatePatch { */ serialize(updates) { var patch = updates.createElementNS(URI_UPDATE_NS, "patch"); - patch.setAttribute("hashFunction", this.hashFunction); - patch.setAttribute("hashValue", this.hashValue); patch.setAttribute("size", this.size); patch.setAttribute("type", this.type); patch.setAttribute("URL", this.URL); @@ -3757,18 +3751,20 @@ export class UpdateService { switch (update.type) { case "major": - if (!majorUpdate) { + if (!majorUpdate || majorUpdate.unsupported) { majorUpdate = update; } else if ( + !update.unsupported && vc.compare(majorUpdate.appVersion, update.appVersion) <= 0 ) { majorUpdate = update; } break; case "minor": - if (!minorUpdate) { + if (!minorUpdate || minorUpdate.unsupported) { minorUpdate = update; } else if ( + !update.unsupported && vc.compare(minorUpdate.appVersion, update.appVersion) <= 0 ) { minorUpdate = update; @@ -5876,56 +5872,7 @@ class Downloader { } LOG("Downloader:_verifyDownload downloaded size == expected size."); - let fileStream = Cc[ - "@mozilla.org/network/file-input-stream;1" - ].createInstance(Ci.nsIFileInputStream); - fileStream.init( - destination, - FileUtils.MODE_RDONLY, - FileUtils.PERMS_FILE, - 0 - ); - - let digest; - try { - let hash = Cc["@mozilla.org/security/hash;1"].createInstance( - Ci.nsICryptoHash - ); - var hashFunction = - Ci.nsICryptoHash[this._patch.hashFunction.toUpperCase()]; - if (hashFunction == undefined) { - throw Components.Exception("", Cr.NS_ERROR_UNEXPECTED); - } - hash.init(hashFunction); - hash.updateFromStream(fileStream, -1); - // NOTE: For now, we assume that the format of _patch.hashValue is hex - // encoded binary (such as what is typically output by programs like - // sha1sum). In the future, this may change to base64 depending on how - // we choose to compute these hashes. - hash = hash.finish(false); - digest = Array.from(hash, (c, i) => - hash.charCodeAt(i).toString(16).padStart(2, "0") - ).join(""); - } catch (e) { - LOG( - "Downloader:_verifyDownload - failed to compute hash of the downloaded update archive" - ); - digest = ""; - } - - fileStream.close(); - - if (digest == this._patch.hashValue.toLowerCase()) { - LOG("Downloader:_verifyDownload hashes match."); - return true; - } - - LOG("Downloader:_verifyDownload hashes do not match. "); - AUSTLMY.pingDownloadCode( - this.isCompleteUpdate, - AUSTLMY.DWNLD_ERR_VERIFY_NO_HASH_MATCH - ); - return false; + return true; } /** @@ -6565,9 +6512,6 @@ class Downloader { " is higher than patch size: " + this._patch.size ); - // It's important that we use a different code than - // NS_ERROR_CORRUPTED_CONTENT so that tests can verify the difference - // between a hash error and a wrong download error. AUSTLMY.pingDownloadCode( this.isCompleteUpdate, AUSTLMY.DWNLD_ERR_PATCH_SIZE_LARGER @@ -6586,9 +6530,6 @@ class Downloader { " is not equal to expected patch size: " + this._patch.size ); - // It's important that we use a different code than - // NS_ERROR_CORRUPTED_CONTENT so that tests can verify the difference - // between a hash error and a wrong download error. AUSTLMY.pingDownloadCode( this.isCompleteUpdate, AUSTLMY.DWNLD_ERR_PATCH_SIZE_NOT_EQUAL ===================================== toolkit/mozapps/update/UpdateTelemetry.sys.mjs ===================================== @@ -190,7 +190,6 @@ export var AUSTLMY = { DWNLD_ERR_VERIFY_NO_REQUEST: 13, DWNLD_ERR_VERIFY_PATCH_SIZE_NOT_EQUAL: 14, DWNLD_ERR_WRITE_FAILURE: 15, - DWNLD_ERR_VERIFY_NO_HASH_MATCH: 16, // Temporary failure code to see if there are failures without an update phase DWNLD_UNKNOWN_PHASE_ERR_WRITE_FAILURE: 40, ===================================== toolkit/mozapps/update/nsIUpdateService.idl ===================================== @@ -39,17 +39,6 @@ interface nsIUpdatePatch : nsISupports */ attribute AString finalURL; - /** - * The hash function to use when determining this file's integrity - */ - attribute AString hashFunction; - - /** - * The value of the hash function named above that should be computed if - * this file is not corrupt. - */ - attribute AString hashValue; - /** * The size of this file, in bytes. */ View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/a6ebf6… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/a6ebf6… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser] Pushed new tag mullvad-browser-115.15.0esr-13.5-1-build2
by ma1 (＠ma1) 31 Aug '24

31 Aug '24

ma1 pushed new tag mullvad-browser-115.15.0esr-13.5-1-build2 at The Tor Project / Applications / Mullvad Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/tree/mullv… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag base-browser-115.15.0esr-13.5-1-build2
by ma1 (＠ma1) 31 Aug '24

31 Aug '24

ma1 pushed new tag base-browser-115.15.0esr-13.5-1-build2 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/base-brow… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag tor-browser-115.15.0esr-13.5-1-build2
by ma1 (＠ma1) 31 Aug '24

31 Aug '24

ma1 pushed new tag tor-browser-115.15.0esr-13.5-1-build2 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-115.15.0esr-13.5-1] Bug 1885101: Match screen and window properties with top window for...
by ma1 (＠ma1) 31 Aug '24

31 Aug '24

ma1 pushed to branch mullvad-browser-115.15.0esr-13.5-1 at The Tor Project / Applications / Mullvad Browser Commits: 5436ef3f by Fatih at 2024-08-31T13:56:21+08:00 Bug 1885101: Match screen and window properties with top window for ScreenRect, ScreenAvailRect and WindowOuterSize. r=timhuang,emilio This patch removes test_iframe.html. We remove it because the newly introduced test covers the tests done in that test. The reason for removing it in the first place is now that screen properties are inherited/spoofed xorigin, we get a 4px difference. The reasosn for 4px difference is the test runner runs tests in an iframe with a 2px border on each side. Differential Revision: https://phabricator.services.mozilla.com/D215509 - - - - - 7 changed files: - docshell/base/BrowsingContext.h - docshell/base/CanonicalBrowsingContext.cpp - dom/base/nsGlobalWindowOuter.cpp - dom/base/nsScreen.cpp - dom/base/nsScreen.h - layout/base/nsPresContext.cpp - layout/base/nsPresContext.h Changes: ===================================== docshell/base/BrowsingContext.h ===================================== @@ -32,6 +32,9 @@ #include "nsILoadInfo.h" #include "nsILoadContext.h" #include "nsThreadUtils.h" +// It seems ESR-115 is missing the definitions of CSSIntSize, so add this +// header to include it +#include "Units.h" class nsDocShellLoadState; class nsGlobalWindowInner; @@ -266,7 +269,10 @@ struct EmbedderColorSchemes { * a content process. */ \ FIELD(EmbeddedInContentDocument, bool) \ /* If true, this browsing context is within a hidden embedded document. */ \ - FIELD(IsUnderHiddenEmbedderElement, bool) + FIELD(IsUnderHiddenEmbedderElement, bool) \ + /* Used to propagate window.top's inner size for RFPTarget::Window* \ + * protections */ \ + FIELD(TopInnerSizeForRFP, mozilla::CSSIntSize) // BrowsingContext, in this context, is the cross process replicated // environment in which information about documents is stored. In @@ -1231,6 +1237,10 @@ class BrowsingContext : public nsILoadContext, public nsWrapperCache { const bool& aIsUnderHiddenEmbedderElement, ContentParent* aSource); + bool CanSet(FieldIndex<IDX_TopInnerSizeForRFP>, bool, ContentParent*) { + return IsTop(); + } + bool CanSet(FieldIndex<IDX_EmbeddedInContentDocument>, bool, ContentParent* aSource) { return CheckOnlyEmbedderCanSet(aSource); ===================================== docshell/base/CanonicalBrowsingContext.cpp ===================================== @@ -318,6 +318,7 @@ void CanonicalBrowsingContext::ReplacedBy( txn.SetEmbedderColorSchemes(GetEmbedderColorSchemes()); txn.SetHasRestoreData(GetHasRestoreData()); txn.SetShouldDelayMediaFromStart(GetShouldDelayMediaFromStart()); + txn.SetTopInnerSizeForRFP(GetTopInnerSizeForRFP()); // Propagate some settings on BrowsingContext replacement so they're not lost // on bfcached navigations. These are important for GeckoView (see bug ===================================== dom/base/nsGlobalWindowOuter.cpp ===================================== @@ -3581,9 +3581,10 @@ CSSIntSize nsGlobalWindowOuter::GetOuterSize(CallerType aCallerType, ErrorResult& aError) { if (nsIGlobalObject::ShouldResistFingerprinting(aCallerType, RFPTarget::Unknown)) { - CSSSize size; - aError = GetInnerSize(size); - return RoundedToInt(size); + if (BrowsingContext* bc = GetBrowsingContext()) { + return bc->Top()->GetTopInnerSizeForRFP(); + } + return {}; } // Windows showing documents in RDM panes and any subframes within them ===================================== dom/base/nsScreen.cpp ===================================== @@ -81,7 +81,7 @@ nsDeviceContext* nsScreen::GetDeviceContext() const { nsresult nsScreen::GetRect(CSSIntRect& aRect) { // Return window inner rect to prevent fingerprinting. if (ShouldResistFingerprinting()) { - return GetWindowInnerRect(aRect); + return GetTopWindowInnerRectForRFP(aRect); } // Here we manipulate the value of aRect to represent the screen size, @@ -113,7 +113,7 @@ nsresult nsScreen::GetRect(CSSIntRect& aRect) { nsresult nsScreen::GetAvailRect(CSSIntRect& aRect) { // Return window inner rect to prevent fingerprinting. if (ShouldResistFingerprinting()) { - return GetWindowInnerRect(aRect); + return GetTopWindowInnerRectForRFP(aRect); } // Here we manipulate the value of aRect to represent the screen size, @@ -208,20 +208,14 @@ JSObject* nsScreen::WrapObject(JSContext* aCx, return Screen_Binding::Wrap(aCx, this, aGivenProto); } -nsresult nsScreen::GetWindowInnerRect(CSSIntRect& aRect) { - aRect.x = 0; - aRect.y = 0; - nsCOMPtr<nsPIDOMWindowInner> win = GetOwner(); - if (!win) { - return NS_ERROR_FAILURE; +nsresult nsScreen::GetTopWindowInnerRectForRFP(CSSIntRect& aRect) { + aRect = {}; + if (nsPIDOMWindowInner* inner = GetOwner()) { + if (BrowsingContext* bc = inner->GetBrowsingContext()) { + CSSIntSize size = bc->Top()->GetTopInnerSizeForRFP(); + aRect = {0, 0, size.width, size.height}; + } } - double width; - double height; - nsresult rv = win->GetInnerWidth(&width); - NS_ENSURE_SUCCESS(rv, rv); - rv = win->GetInnerHeight(&height); - NS_ENSURE_SUCCESS(rv, rv); - aRect.SizeTo(std::round(width), std::round(height)); return NS_OK; } ===================================== dom/base/nsScreen.h ===================================== @@ -127,7 +127,9 @@ class nsScreen : public mozilla::DOMEventTargetHelper { nsDeviceContext* GetDeviceContext() const; nsresult GetRect(mozilla::CSSIntRect& aRect); nsresult GetAvailRect(mozilla::CSSIntRect& aRect); - nsresult GetWindowInnerRect(mozilla::CSSIntRect& aRect); + // Sometime between ESR-115 and ESR-128 the function signature changed, so we + // revert to the ESR-115 way of doing things + nsresult GetTopWindowInnerRectForRFP(mozilla::CSSIntRect& aRect); private: explicit nsScreen(nsPIDOMWindowInner* aWindow); ===================================== layout/base/nsPresContext.cpp ===================================== @@ -1448,6 +1448,26 @@ void nsPresContext::SetOverrideDPPX(float aDPPX) { MediaFeatureChangePropagation::JustThisDocument); } +void nsPresContext::UpdateTopInnerSizeForRFP() { +// RFPTarget::WindowOuterSize does not exist in ESR-115 so use fallback + if (!mDocument->ShouldResistFingerprinting(RFPTarget::Unknown) || + !mDocument->GetBrowsingContext() || + !mDocument->GetBrowsingContext()->IsTop()) { + return; + } + + CSSSize size = CSSPixel::FromAppUnits(GetVisibleArea().Size()); + + // The upstream version of this patch had conditional logic based on the + // dom.innerSize.rounding pref which does not exist in ESR-115, so we + // pick the branch it would have taken for the pref's default value (2) + size.width = std::truncf(size.width); + size.height = std::truncf(size.height); + + Unused << mDocument->GetBrowsingContext()->SetTopInnerSizeForRFP( + CSSIntSize{(int)size.width, (int)size.height}); +} + gfxSize nsPresContext::ScreenSizeInchesForFontInflation(bool* aChanged) { if (aChanged) { *aChanged = false; @@ -2979,6 +2999,8 @@ void nsPresContext::SetVisibleArea(const nsRect& r) { {mozilla::MediaFeatureChangeReason::ViewportChange}, MediaFeatureChangePropagation::JustThisDocument); } + + UpdateTopInnerSizeForRFP(); } } ===================================== layout/base/nsPresContext.h ===================================== @@ -549,6 +549,7 @@ class nsPresContext : public nsISupports, public mozilla::SupportsWeakPtr { void SetFullZoom(float aZoom); void SetOverrideDPPX(float); void SetInRDMPane(bool aInRDMPane); + void UpdateTopInnerSizeForRFP(); public: float GetFullZoom() { return mFullZoom; } View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/543… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/543… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-115.15.0esr-13.5-1] Bug 1885101: Match screen and window properties with top window for...
by ma1 (＠ma1) 31 Aug '24

31 Aug '24

ma1 pushed to branch base-browser-115.15.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: d8af0f3f by Fatih at 2024-08-31T13:56:14+08:00 Bug 1885101: Match screen and window properties with top window for ScreenRect, ScreenAvailRect and WindowOuterSize. r=timhuang,emilio This patch removes test_iframe.html. We remove it because the newly introduced test covers the tests done in that test. The reason for removing it in the first place is now that screen properties are inherited/spoofed xorigin, we get a 4px difference. The reasosn for 4px difference is the test runner runs tests in an iframe with a 2px border on each side. Differential Revision: https://phabricator.services.mozilla.com/D215509 - - - - - 7 changed files: - docshell/base/BrowsingContext.h - docshell/base/CanonicalBrowsingContext.cpp - dom/base/nsGlobalWindowOuter.cpp - dom/base/nsScreen.cpp - dom/base/nsScreen.h - layout/base/nsPresContext.cpp - layout/base/nsPresContext.h Changes: ===================================== docshell/base/BrowsingContext.h ===================================== @@ -32,6 +32,9 @@ #include "nsILoadInfo.h" #include "nsILoadContext.h" #include "nsThreadUtils.h" +// It seems ESR-115 is missing the definitions of CSSIntSize, so add this +// header to include it +#include "Units.h" class nsDocShellLoadState; class nsGlobalWindowInner; @@ -266,7 +269,10 @@ struct EmbedderColorSchemes { * a content process. */ \ FIELD(EmbeddedInContentDocument, bool) \ /* If true, this browsing context is within a hidden embedded document. */ \ - FIELD(IsUnderHiddenEmbedderElement, bool) + FIELD(IsUnderHiddenEmbedderElement, bool) \ + /* Used to propagate window.top's inner size for RFPTarget::Window* \ + * protections */ \ + FIELD(TopInnerSizeForRFP, mozilla::CSSIntSize) // BrowsingContext, in this context, is the cross process replicated // environment in which information about documents is stored. In @@ -1231,6 +1237,10 @@ class BrowsingContext : public nsILoadContext, public nsWrapperCache { const bool& aIsUnderHiddenEmbedderElement, ContentParent* aSource); + bool CanSet(FieldIndex<IDX_TopInnerSizeForRFP>, bool, ContentParent*) { + return IsTop(); + } + bool CanSet(FieldIndex<IDX_EmbeddedInContentDocument>, bool, ContentParent* aSource) { return CheckOnlyEmbedderCanSet(aSource); ===================================== docshell/base/CanonicalBrowsingContext.cpp ===================================== @@ -318,6 +318,7 @@ void CanonicalBrowsingContext::ReplacedBy( txn.SetEmbedderColorSchemes(GetEmbedderColorSchemes()); txn.SetHasRestoreData(GetHasRestoreData()); txn.SetShouldDelayMediaFromStart(GetShouldDelayMediaFromStart()); + txn.SetTopInnerSizeForRFP(GetTopInnerSizeForRFP()); // Propagate some settings on BrowsingContext replacement so they're not lost // on bfcached navigations. These are important for GeckoView (see bug ===================================== dom/base/nsGlobalWindowOuter.cpp ===================================== @@ -3581,9 +3581,10 @@ CSSIntSize nsGlobalWindowOuter::GetOuterSize(CallerType aCallerType, ErrorResult& aError) { if (nsIGlobalObject::ShouldResistFingerprinting(aCallerType, RFPTarget::Unknown)) { - CSSSize size; - aError = GetInnerSize(size); - return RoundedToInt(size); + if (BrowsingContext* bc = GetBrowsingContext()) { + return bc->Top()->GetTopInnerSizeForRFP(); + } + return {}; } // Windows showing documents in RDM panes and any subframes within them ===================================== dom/base/nsScreen.cpp ===================================== @@ -81,7 +81,7 @@ nsDeviceContext* nsScreen::GetDeviceContext() const { nsresult nsScreen::GetRect(CSSIntRect& aRect) { // Return window inner rect to prevent fingerprinting. if (ShouldResistFingerprinting()) { - return GetWindowInnerRect(aRect); + return GetTopWindowInnerRectForRFP(aRect); } // Here we manipulate the value of aRect to represent the screen size, @@ -113,7 +113,7 @@ nsresult nsScreen::GetRect(CSSIntRect& aRect) { nsresult nsScreen::GetAvailRect(CSSIntRect& aRect) { // Return window inner rect to prevent fingerprinting. if (ShouldResistFingerprinting()) { - return GetWindowInnerRect(aRect); + return GetTopWindowInnerRectForRFP(aRect); } // Here we manipulate the value of aRect to represent the screen size, @@ -208,20 +208,14 @@ JSObject* nsScreen::WrapObject(JSContext* aCx, return Screen_Binding::Wrap(aCx, this, aGivenProto); } -nsresult nsScreen::GetWindowInnerRect(CSSIntRect& aRect) { - aRect.x = 0; - aRect.y = 0; - nsCOMPtr<nsPIDOMWindowInner> win = GetOwner(); - if (!win) { - return NS_ERROR_FAILURE; +nsresult nsScreen::GetTopWindowInnerRectForRFP(CSSIntRect& aRect) { + aRect = {}; + if (nsPIDOMWindowInner* inner = GetOwner()) { + if (BrowsingContext* bc = inner->GetBrowsingContext()) { + CSSIntSize size = bc->Top()->GetTopInnerSizeForRFP(); + aRect = {0, 0, size.width, size.height}; + } } - double width; - double height; - nsresult rv = win->GetInnerWidth(&width); - NS_ENSURE_SUCCESS(rv, rv); - rv = win->GetInnerHeight(&height); - NS_ENSURE_SUCCESS(rv, rv); - aRect.SizeTo(std::round(width), std::round(height)); return NS_OK; } ===================================== dom/base/nsScreen.h ===================================== @@ -127,7 +127,9 @@ class nsScreen : public mozilla::DOMEventTargetHelper { nsDeviceContext* GetDeviceContext() const; nsresult GetRect(mozilla::CSSIntRect& aRect); nsresult GetAvailRect(mozilla::CSSIntRect& aRect); - nsresult GetWindowInnerRect(mozilla::CSSIntRect& aRect); + // Sometime between ESR-115 and ESR-128 the function signature changed, so we + // revert to the ESR-115 way of doing things + nsresult GetTopWindowInnerRectForRFP(mozilla::CSSIntRect& aRect); private: explicit nsScreen(nsPIDOMWindowInner* aWindow); ===================================== layout/base/nsPresContext.cpp ===================================== @@ -1448,6 +1448,26 @@ void nsPresContext::SetOverrideDPPX(float aDPPX) { MediaFeatureChangePropagation::JustThisDocument); } +void nsPresContext::UpdateTopInnerSizeForRFP() { +// RFPTarget::WindowOuterSize does not exist in ESR-115 so use fallback + if (!mDocument->ShouldResistFingerprinting(RFPTarget::Unknown) || + !mDocument->GetBrowsingContext() || + !mDocument->GetBrowsingContext()->IsTop()) { + return; + } + + CSSSize size = CSSPixel::FromAppUnits(GetVisibleArea().Size()); + + // The upstream version of this patch had conditional logic based on the + // dom.innerSize.rounding pref which does not exist in ESR-115, so we + // pick the branch it would have taken for the pref's default value (2) + size.width = std::truncf(size.width); + size.height = std::truncf(size.height); + + Unused << mDocument->GetBrowsingContext()->SetTopInnerSizeForRFP( + CSSIntSize{(int)size.width, (int)size.height}); +} + gfxSize nsPresContext::ScreenSizeInchesForFontInflation(bool* aChanged) { if (aChanged) { *aChanged = false; @@ -2979,6 +2999,8 @@ void nsPresContext::SetVisibleArea(const nsRect& r) { {mozilla::MediaFeatureChangeReason::ViewportChange}, MediaFeatureChangePropagation::JustThisDocument); } + + UpdateTopInnerSizeForRFP(); } } ===================================== layout/base/nsPresContext.h ===================================== @@ -549,6 +549,7 @@ class nsPresContext : public nsISupports, public mozilla::SupportsWeakPtr { void SetFullZoom(float aZoom); void SetOverrideDPPX(float); void SetInRDMPane(bool aInRDMPane); + void UpdateTopInnerSizeForRFP(); public: float GetFullZoom() { return mFullZoom; } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/d8af0f3… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/d8af0f3… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.15.0esr-13.5-2] Bug 1885101: Match screen and window properties with top window for...
by ma1 (＠ma1) 31 Aug '24

31 Aug '24

ma1 pushed to branch tor-browser-115.15.0esr-13.5-2 at The Tor Project / Applications / Tor Browser Commits: ff2ba9f1 by Fatih at 2024-08-31T13:56:08+08:00 Bug 1885101: Match screen and window properties with top window for ScreenRect, ScreenAvailRect and WindowOuterSize. r=timhuang,emilio This patch removes test_iframe.html. We remove it because the newly introduced test covers the tests done in that test. The reason for removing it in the first place is now that screen properties are inherited/spoofed xorigin, we get a 4px difference. The reasosn for 4px difference is the test runner runs tests in an iframe with a 2px border on each side. Differential Revision: https://phabricator.services.mozilla.com/D215509 - - - - - 7 changed files: - docshell/base/BrowsingContext.h - docshell/base/CanonicalBrowsingContext.cpp - dom/base/nsGlobalWindowOuter.cpp - dom/base/nsScreen.cpp - dom/base/nsScreen.h - layout/base/nsPresContext.cpp - layout/base/nsPresContext.h Changes: ===================================== docshell/base/BrowsingContext.h ===================================== @@ -32,6 +32,9 @@ #include "nsILoadInfo.h" #include "nsILoadContext.h" #include "nsThreadUtils.h" +// It seems ESR-115 is missing the definitions of CSSIntSize, so add this +// header to include it +#include "Units.h" class nsDocShellLoadState; class nsGlobalWindowInner; @@ -266,7 +269,10 @@ struct EmbedderColorSchemes { * a content process. */ \ FIELD(EmbeddedInContentDocument, bool) \ /* If true, this browsing context is within a hidden embedded document. */ \ - FIELD(IsUnderHiddenEmbedderElement, bool) + FIELD(IsUnderHiddenEmbedderElement, bool) \ + /* Used to propagate window.top's inner size for RFPTarget::Window* \ + * protections */ \ + FIELD(TopInnerSizeForRFP, mozilla::CSSIntSize) // BrowsingContext, in this context, is the cross process replicated // environment in which information about documents is stored. In @@ -1231,6 +1237,10 @@ class BrowsingContext : public nsILoadContext, public nsWrapperCache { const bool& aIsUnderHiddenEmbedderElement, ContentParent* aSource); + bool CanSet(FieldIndex<IDX_TopInnerSizeForRFP>, bool, ContentParent*) { + return IsTop(); + } + bool CanSet(FieldIndex<IDX_EmbeddedInContentDocument>, bool, ContentParent* aSource) { return CheckOnlyEmbedderCanSet(aSource); ===================================== docshell/base/CanonicalBrowsingContext.cpp ===================================== @@ -318,6 +318,7 @@ void CanonicalBrowsingContext::ReplacedBy( txn.SetEmbedderColorSchemes(GetEmbedderColorSchemes()); txn.SetHasRestoreData(GetHasRestoreData()); txn.SetShouldDelayMediaFromStart(GetShouldDelayMediaFromStart()); + txn.SetTopInnerSizeForRFP(GetTopInnerSizeForRFP()); // Propagate some settings on BrowsingContext replacement so they're not lost // on bfcached navigations. These are important for GeckoView (see bug ===================================== dom/base/nsGlobalWindowOuter.cpp ===================================== @@ -3582,9 +3582,10 @@ CSSIntSize nsGlobalWindowOuter::GetOuterSize(CallerType aCallerType, ErrorResult& aError) { if (nsIGlobalObject::ShouldResistFingerprinting(aCallerType, RFPTarget::Unknown)) { - CSSSize size; - aError = GetInnerSize(size); - return RoundedToInt(size); + if (BrowsingContext* bc = GetBrowsingContext()) { + return bc->Top()->GetTopInnerSizeForRFP(); + } + return {}; } // Windows showing documents in RDM panes and any subframes within them ===================================== dom/base/nsScreen.cpp ===================================== @@ -81,7 +81,7 @@ nsDeviceContext* nsScreen::GetDeviceContext() const { nsresult nsScreen::GetRect(CSSIntRect& aRect) { // Return window inner rect to prevent fingerprinting. if (ShouldResistFingerprinting()) { - return GetWindowInnerRect(aRect); + return GetTopWindowInnerRectForRFP(aRect); } // Here we manipulate the value of aRect to represent the screen size, @@ -113,7 +113,7 @@ nsresult nsScreen::GetRect(CSSIntRect& aRect) { nsresult nsScreen::GetAvailRect(CSSIntRect& aRect) { // Return window inner rect to prevent fingerprinting. if (ShouldResistFingerprinting()) { - return GetWindowInnerRect(aRect); + return GetTopWindowInnerRectForRFP(aRect); } // Here we manipulate the value of aRect to represent the screen size, @@ -208,20 +208,14 @@ JSObject* nsScreen::WrapObject(JSContext* aCx, return Screen_Binding::Wrap(aCx, this, aGivenProto); } -nsresult nsScreen::GetWindowInnerRect(CSSIntRect& aRect) { - aRect.x = 0; - aRect.y = 0; - nsCOMPtr<nsPIDOMWindowInner> win = GetOwner(); - if (!win) { - return NS_ERROR_FAILURE; +nsresult nsScreen::GetTopWindowInnerRectForRFP(CSSIntRect& aRect) { + aRect = {}; + if (nsPIDOMWindowInner* inner = GetOwner()) { + if (BrowsingContext* bc = inner->GetBrowsingContext()) { + CSSIntSize size = bc->Top()->GetTopInnerSizeForRFP(); + aRect = {0, 0, size.width, size.height}; + } } - double width; - double height; - nsresult rv = win->GetInnerWidth(&width); - NS_ENSURE_SUCCESS(rv, rv); - rv = win->GetInnerHeight(&height); - NS_ENSURE_SUCCESS(rv, rv); - aRect.SizeTo(std::round(width), std::round(height)); return NS_OK; } ===================================== dom/base/nsScreen.h ===================================== @@ -127,7 +127,9 @@ class nsScreen : public mozilla::DOMEventTargetHelper { nsDeviceContext* GetDeviceContext() const; nsresult GetRect(mozilla::CSSIntRect& aRect); nsresult GetAvailRect(mozilla::CSSIntRect& aRect); - nsresult GetWindowInnerRect(mozilla::CSSIntRect& aRect); + // Sometime between ESR-115 and ESR-128 the function signature changed, so we + // revert to the ESR-115 way of doing things + nsresult GetTopWindowInnerRectForRFP(mozilla::CSSIntRect& aRect); private: explicit nsScreen(nsPIDOMWindowInner* aWindow); ===================================== layout/base/nsPresContext.cpp ===================================== @@ -1448,6 +1448,26 @@ void nsPresContext::SetOverrideDPPX(float aDPPX) { MediaFeatureChangePropagation::JustThisDocument); } +void nsPresContext::UpdateTopInnerSizeForRFP() { +// RFPTarget::WindowOuterSize does not exist in ESR-115 so use fallback + if (!mDocument->ShouldResistFingerprinting(RFPTarget::Unknown) || + !mDocument->GetBrowsingContext() || + !mDocument->GetBrowsingContext()->IsTop()) { + return; + } + + CSSSize size = CSSPixel::FromAppUnits(GetVisibleArea().Size()); + + // The upstream version of this patch had conditional logic based on the + // dom.innerSize.rounding pref which does not exist in ESR-115, so we + // pick the branch it would have taken for the pref's default value (2) + size.width = std::truncf(size.width); + size.height = std::truncf(size.height); + + Unused << mDocument->GetBrowsingContext()->SetTopInnerSizeForRFP( + CSSIntSize{(int)size.width, (int)size.height}); +} + gfxSize nsPresContext::ScreenSizeInchesForFontInflation(bool* aChanged) { if (aChanged) { *aChanged = false; @@ -2979,6 +2999,8 @@ void nsPresContext::SetVisibleArea(const nsRect& r) { {mozilla::MediaFeatureChangeReason::ViewportChange}, MediaFeatureChangePropagation::JustThisDocument); } + + UpdateTopInnerSizeForRFP(); } } ===================================== layout/base/nsPresContext.h ===================================== @@ -549,6 +549,7 @@ class nsPresContext : public nsISupports, public mozilla::SupportsWeakPtr { void SetFullZoom(float aZoom); void SetOverrideDPPX(float); void SetInRDMPane(bool aInRDMPane); + void UpdateTopInnerSizeForRFP(); public: float GetFullZoom() { return mFullZoom; } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/ff2ba9f… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/ff2ba9f… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.15.0esr-13.5-1] Bug 1885101: Match screen and window properties with top window for...
by ma1 (＠ma1) 31 Aug '24

31 Aug '24

ma1 pushed to branch tor-browser-115.15.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: fdbe54d5 by Fatih at 2024-08-29T22:23:54+00:00 Bug 1885101: Match screen and window properties with top window for ScreenRect, ScreenAvailRect and WindowOuterSize. r=timhuang,emilio This patch removes test_iframe.html. We remove it because the newly introduced test covers the tests done in that test. The reason for removing it in the first place is now that screen properties are inherited/spoofed xorigin, we get a 4px difference. The reasosn for 4px difference is the test runner runs tests in an iframe with a 2px border on each side. Differential Revision: https://phabricator.services.mozilla.com/D215509 - - - - - 7 changed files: - docshell/base/BrowsingContext.h - docshell/base/CanonicalBrowsingContext.cpp - dom/base/nsGlobalWindowOuter.cpp - dom/base/nsScreen.cpp - dom/base/nsScreen.h - layout/base/nsPresContext.cpp - layout/base/nsPresContext.h Changes: ===================================== docshell/base/BrowsingContext.h ===================================== @@ -32,6 +32,9 @@ #include "nsILoadInfo.h" #include "nsILoadContext.h" #include "nsThreadUtils.h" +// It seems ESR-115 is missing the definitions of CSSIntSize, so add this +// header to include it +#include "Units.h" class nsDocShellLoadState; class nsGlobalWindowInner; @@ -266,7 +269,10 @@ struct EmbedderColorSchemes { * a content process. */ \ FIELD(EmbeddedInContentDocument, bool) \ /* If true, this browsing context is within a hidden embedded document. */ \ - FIELD(IsUnderHiddenEmbedderElement, bool) + FIELD(IsUnderHiddenEmbedderElement, bool) \ + /* Used to propagate window.top's inner size for RFPTarget::Window* \ + * protections */ \ + FIELD(TopInnerSizeForRFP, mozilla::CSSIntSize) // BrowsingContext, in this context, is the cross process replicated // environment in which information about documents is stored. In @@ -1231,6 +1237,10 @@ class BrowsingContext : public nsILoadContext, public nsWrapperCache { const bool& aIsUnderHiddenEmbedderElement, ContentParent* aSource); + bool CanSet(FieldIndex<IDX_TopInnerSizeForRFP>, bool, ContentParent*) { + return IsTop(); + } + bool CanSet(FieldIndex<IDX_EmbeddedInContentDocument>, bool, ContentParent* aSource) { return CheckOnlyEmbedderCanSet(aSource); ===================================== docshell/base/CanonicalBrowsingContext.cpp ===================================== @@ -318,6 +318,7 @@ void CanonicalBrowsingContext::ReplacedBy( txn.SetEmbedderColorSchemes(GetEmbedderColorSchemes()); txn.SetHasRestoreData(GetHasRestoreData()); txn.SetShouldDelayMediaFromStart(GetShouldDelayMediaFromStart()); + txn.SetTopInnerSizeForRFP(GetTopInnerSizeForRFP()); // Propagate some settings on BrowsingContext replacement so they're not lost // on bfcached navigations. These are important for GeckoView (see bug ===================================== dom/base/nsGlobalWindowOuter.cpp ===================================== @@ -3582,9 +3582,10 @@ CSSIntSize nsGlobalWindowOuter::GetOuterSize(CallerType aCallerType, ErrorResult& aError) { if (nsIGlobalObject::ShouldResistFingerprinting(aCallerType, RFPTarget::Unknown)) { - CSSSize size; - aError = GetInnerSize(size); - return RoundedToInt(size); + if (BrowsingContext* bc = GetBrowsingContext()) { + return bc->Top()->GetTopInnerSizeForRFP(); + } + return {}; } // Windows showing documents in RDM panes and any subframes within them ===================================== dom/base/nsScreen.cpp ===================================== @@ -81,7 +81,7 @@ nsDeviceContext* nsScreen::GetDeviceContext() const { nsresult nsScreen::GetRect(CSSIntRect& aRect) { // Return window inner rect to prevent fingerprinting. if (ShouldResistFingerprinting()) { - return GetWindowInnerRect(aRect); + return GetTopWindowInnerRectForRFP(aRect); } // Here we manipulate the value of aRect to represent the screen size, @@ -113,7 +113,7 @@ nsresult nsScreen::GetRect(CSSIntRect& aRect) { nsresult nsScreen::GetAvailRect(CSSIntRect& aRect) { // Return window inner rect to prevent fingerprinting. if (ShouldResistFingerprinting()) { - return GetWindowInnerRect(aRect); + return GetTopWindowInnerRectForRFP(aRect); } // Here we manipulate the value of aRect to represent the screen size, @@ -208,20 +208,14 @@ JSObject* nsScreen::WrapObject(JSContext* aCx, return Screen_Binding::Wrap(aCx, this, aGivenProto); } -nsresult nsScreen::GetWindowInnerRect(CSSIntRect& aRect) { - aRect.x = 0; - aRect.y = 0; - nsCOMPtr<nsPIDOMWindowInner> win = GetOwner(); - if (!win) { - return NS_ERROR_FAILURE; +nsresult nsScreen::GetTopWindowInnerRectForRFP(CSSIntRect& aRect) { + aRect = {}; + if (nsPIDOMWindowInner* inner = GetOwner()) { + if (BrowsingContext* bc = inner->GetBrowsingContext()) { + CSSIntSize size = bc->Top()->GetTopInnerSizeForRFP(); + aRect = {0, 0, size.width, size.height}; + } } - double width; - double height; - nsresult rv = win->GetInnerWidth(&width); - NS_ENSURE_SUCCESS(rv, rv); - rv = win->GetInnerHeight(&height); - NS_ENSURE_SUCCESS(rv, rv); - aRect.SizeTo(std::round(width), std::round(height)); return NS_OK; } ===================================== dom/base/nsScreen.h ===================================== @@ -127,7 +127,9 @@ class nsScreen : public mozilla::DOMEventTargetHelper { nsDeviceContext* GetDeviceContext() const; nsresult GetRect(mozilla::CSSIntRect& aRect); nsresult GetAvailRect(mozilla::CSSIntRect& aRect); - nsresult GetWindowInnerRect(mozilla::CSSIntRect& aRect); + // Sometime between ESR-115 and ESR-128 the function signature changed, so we + // revert to the ESR-115 way of doing things + nsresult GetTopWindowInnerRectForRFP(mozilla::CSSIntRect& aRect); private: explicit nsScreen(nsPIDOMWindowInner* aWindow); ===================================== layout/base/nsPresContext.cpp ===================================== @@ -1448,6 +1448,26 @@ void nsPresContext::SetOverrideDPPX(float aDPPX) { MediaFeatureChangePropagation::JustThisDocument); } +void nsPresContext::UpdateTopInnerSizeForRFP() { +// RFPTarget::WindowOuterSize does not exist in ESR-115 so use fallback + if (!mDocument->ShouldResistFingerprinting(RFPTarget::Unknown) || + !mDocument->GetBrowsingContext() || + !mDocument->GetBrowsingContext()->IsTop()) { + return; + } + + CSSSize size = CSSPixel::FromAppUnits(GetVisibleArea().Size()); + + // The upstream version of this patch had conditional logic based on the + // dom.innerSize.rounding pref which does not exist in ESR-115, so we + // pick the branch it would have taken for the pref's default value (2) + size.width = std::truncf(size.width); + size.height = std::truncf(size.height); + + Unused << mDocument->GetBrowsingContext()->SetTopInnerSizeForRFP( + CSSIntSize{(int)size.width, (int)size.height}); +} + gfxSize nsPresContext::ScreenSizeInchesForFontInflation(bool* aChanged) { if (aChanged) { *aChanged = false; @@ -2979,6 +2999,8 @@ void nsPresContext::SetVisibleArea(const nsRect& r) { {mozilla::MediaFeatureChangeReason::ViewportChange}, MediaFeatureChangePropagation::JustThisDocument); } + + UpdateTopInnerSizeForRFP(); } } ===================================== layout/base/nsPresContext.h ===================================== @@ -549,6 +549,7 @@ class nsPresContext : public nsISupports, public mozilla::SupportsWeakPtr { void SetFullZoom(float aZoom); void SetOverrideDPPX(float); void SetInRDMPane(bool aInRDMPane); + void UpdateTopInnerSizeForRFP(); public: float GetFullZoom() { return mFullZoom; } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/fdbe54d… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/fdbe54d… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-115.15.0esr-13.5-1] Bug 1909099 - Always clean up old session restore and sync log files....
by ma1 (＠ma1) 31 Aug '24

31 Aug '24

ma1 pushed to branch mullvad-browser-115.15.0esr-13.5-1 at The Tor Project / Applications / Mullvad Browser Commits: 0dab02ba by Sam Foster at 2024-08-31T13:05:25+08:00 Bug 1909099 - Always clean up old session restore and sync log files. r=markh,sessionstore-reviewers,dao Differential Revision: https://phabricator.services.mozilla.com/D217520 - - - - - 1 changed file: - services/common/logmanager.sys.mjs Changes: ===================================== services/common/logmanager.sys.mjs ===================================== @@ -363,12 +363,7 @@ LogManager.prototype = { filename, this._log ); - // It's not completely clear to markh why we only do log cleanups - // for errors, but for now the Sync semantics have been copied... - // (one theory is that only cleaning up on error makes it less - // likely old error logs would be removed, but that's not true if - // there are occasional errors - let's address this later!) - if (reason == this.ERROR_LOG_WRITTEN && !this._cleaningUpFileLogs) { + if (!this._cleaningUpFileLogs) { this._log.trace("Running cleanup."); try { await this.cleanupLogs(); View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/0da… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/0da… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-115.15.0esr-13.5-1] Bug 1909099 - Always clean up old session restore and sync log files....
by ma1 (＠ma1) 31 Aug '24

31 Aug '24

ma1 pushed to branch base-browser-115.15.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 37d1cbad by Sam Foster at 2024-08-31T13:05:16+08:00 Bug 1909099 - Always clean up old session restore and sync log files. r=markh,sessionstore-reviewers,dao Differential Revision: https://phabricator.services.mozilla.com/D217520 - - - - - 1 changed file: - services/common/logmanager.sys.mjs Changes: ===================================== services/common/logmanager.sys.mjs ===================================== @@ -363,12 +363,7 @@ LogManager.prototype = { filename, this._log ); - // It's not completely clear to markh why we only do log cleanups - // for errors, but for now the Sync semantics have been copied... - // (one theory is that only cleaning up on error makes it less - // likely old error logs would be removed, but that's not true if - // there are occasional errors - let's address this later!) - if (reason == this.ERROR_LOG_WRITTEN && !this._cleaningUpFileLogs) { + if (!this._cleaningUpFileLogs) { this._log.trace("Running cleanup."); try { await this.cleanupLogs(); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/37d1cba… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/37d1cba… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.15.0esr-13.5-2] Bug 1909099 - Always clean up old session restore and sync log files....
by ma1 (＠ma1) 31 Aug '24

31 Aug '24

ma1 pushed to branch tor-browser-115.15.0esr-13.5-2 at The Tor Project / Applications / Tor Browser Commits: 699a06bf by Sam Foster at 2024-08-31T13:05:09+08:00 Bug 1909099 - Always clean up old session restore and sync log files. r=markh,sessionstore-reviewers,dao Differential Revision: https://phabricator.services.mozilla.com/D217520 - - - - - 1 changed file: - services/common/logmanager.sys.mjs Changes: ===================================== services/common/logmanager.sys.mjs ===================================== @@ -363,12 +363,7 @@ LogManager.prototype = { filename, this._log ); - // It's not completely clear to markh why we only do log cleanups - // for errors, but for now the Sync semantics have been copied... - // (one theory is that only cleaning up on error makes it less - // likely old error logs would be removed, but that's not true if - // there are occasional errors - let's address this later!) - if (reason == this.ERROR_LOG_WRITTEN && !this._cleaningUpFileLogs) { + if (!this._cleaningUpFileLogs) { this._log.trace("Running cleanup."); try { await this.cleanupLogs(); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/699a06b… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/699a06b… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.2.0esr-14.0-1] Bug 1909099 - Always clean up old session restore and sync log files....
by ma1 (＠ma1) 31 Aug '24

31 Aug '24

ma1 pushed to branch mullvad-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 3b5161cd by Sam Foster at 2024-08-31T13:04:47+08:00 Bug 1909099 - Always clean up old session restore and sync log files. r=markh,sessionstore-reviewers,dao Differential Revision: https://phabricator.services.mozilla.com/D217520 - - - - - 1 changed file: - toolkit/modules/LogManager.sys.mjs Changes: ===================================== toolkit/modules/LogManager.sys.mjs ===================================== @@ -384,12 +384,7 @@ export class LogManager { filename, this._log ); - // It's not completely clear to markh why we only do log cleanups - // for errors, but for now the Sync semantics have been copied... - // (one theory is that only cleaning up on error makes it less - // likely old error logs would be removed, but that's not true if - // there are occasional errors - let's address this later!) - if (reason == this.ERROR_LOG_WRITTEN && !this._cleaningUpFileLogs) { + if (!this._cleaningUpFileLogs) { this._log.trace("Running cleanup."); try { await this.cleanupLogs(); View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/3b5… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/3b5… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.2.0esr-14.0-1] Bug 1909099 - Always clean up old session restore and sync log files....
by ma1 (＠ma1) 31 Aug '24

31 Aug '24

ma1 pushed to branch base-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: dfd03239 by Sam Foster at 2024-08-31T13:04:35+08:00 Bug 1909099 - Always clean up old session restore and sync log files. r=markh,sessionstore-reviewers,dao Differential Revision: https://phabricator.services.mozilla.com/D217520 - - - - - 1 changed file: - toolkit/modules/LogManager.sys.mjs Changes: ===================================== toolkit/modules/LogManager.sys.mjs ===================================== @@ -384,12 +384,7 @@ export class LogManager { filename, this._log ); - // It's not completely clear to markh why we only do log cleanups - // for errors, but for now the Sync semantics have been copied... - // (one theory is that only cleaning up on error makes it less - // likely old error logs would be removed, but that's not true if - // there are occasional errors - let's address this later!) - if (reason == this.ERROR_LOG_WRITTEN && !this._cleaningUpFileLogs) { + if (!this._cleaningUpFileLogs) { this._log.trace("Running cleanup."); try { await this.cleanupLogs(); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/dfd0323… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/dfd0323… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.2.0esr-14.0-1] Bug 1909099 - Always clean up old session restore and sync log files....
by ma1 (＠ma1) 31 Aug '24

31 Aug '24

ma1 pushed to branch tor-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: a6ebf61b by Sam Foster at 2024-08-31T13:04:26+08:00 Bug 1909099 - Always clean up old session restore and sync log files. r=markh,sessionstore-reviewers,dao Differential Revision: https://phabricator.services.mozilla.com/D217520 - - - - - 1 changed file: - toolkit/modules/LogManager.sys.mjs Changes: ===================================== toolkit/modules/LogManager.sys.mjs ===================================== @@ -384,12 +384,7 @@ export class LogManager { filename, this._log ); - // It's not completely clear to markh why we only do log cleanups - // for errors, but for now the Sync semantics have been copied... - // (one theory is that only cleaning up on error makes it less - // likely old error logs would be removed, but that's not true if - // there are occasional errors - let's address this later!) - if (reason == this.ERROR_LOG_WRITTEN && !this._cleaningUpFileLogs) { + if (!this._cleaningUpFileLogs) { this._log.trace("Running cleanup."); try { await this.cleanupLogs(); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/a6ebf61… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/a6ebf61… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.2.0esr-14.0-1] Bug 1760806 - WebCrypto: ECDH and ECDSA JWK import to check that the crv in...
by ma1 (＠ma1) 31 Aug '24

31 Aug '24

ma1 pushed to branch mullvad-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 56aaa8f3 by Anna Weine at 2024-08-31T13:01:28+08:00 Bug 1760806 - WebCrypto: ECDH and ECDSA JWK import to check that the crv in params and crv in alg are the same r=keeler https://treeherder.mozilla.org/jobs?repo=try&revision=ed7936b105dea8e58… Differential Revision: https://phabricator.services.mozilla.com/D217273 - - - - - 4 changed files: - dom/crypto/WebCryptoTask.cpp - dom/crypto/test/test-vectors.js - dom/crypto/test/test_WebCrypto_ECDH.html - dom/crypto/test/test_WebCrypto_ECDSA.html Changes: ===================================== dom/crypto/WebCryptoTask.cpp ===================================== @@ -1802,7 +1802,8 @@ class ImportEcKeyTask : public ImportKeyTask { return; } - if (mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_RAW)) { + if (mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_RAW) || + mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_JWK)) { RootedDictionary<EcKeyImportParams> params(aCx); mEarlyRv = Coerce(aCx, params, aAlgorithm); if (NS_FAILED(mEarlyRv) || !params.mNamedCurve.WasPassed()) { @@ -1907,11 +1908,21 @@ class ImportEcKeyTask : public ImportKeyTask { return NS_ERROR_DOM_NOT_SUPPORTED_ERR; } - // Extract 'crv' parameter from JWKs. + // Checking the 'crv' consistency if (mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_JWK)) { - if (!NormalizeToken(mJwk.mCrv.Value(), mNamedCurve)) { + // the curve stated in 'crv field' + nsString namedCurveFromCrv; + if (!NormalizeToken(mJwk.mCrv.Value(), namedCurveFromCrv)) { return NS_ERROR_DOM_NOT_SUPPORTED_ERR; } + + // https://w3c.github.io/webcrypto/#ecdh-operations + // https://w3c.github.io/webcrypto/#ecdsa-operations + // If namedCurve is not equal to the namedCurve member of + // normalizedAlgorithm (mNamedCurve in our case), throw a DataError. + if (!mNamedCurve.Equals(namedCurveFromCrv)) { + return NS_ERROR_DOM_DATA_ERR; + } } return NS_OK; } ===================================== dom/crypto/test/test-vectors.js ===================================== @@ -901,6 +901,13 @@ let tv = { y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8", }, + jwk_different_crv: { + kty: "EC", + crv: "P-521", + x: "XOe4bjsyZgQD5jcS7wmY3q4QJ_rsPBvp92-TTf61jpg", + y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8", + }, + // The crv parameter is missing. jwk_missing_crv: { kty: "EC", @@ -1017,6 +1024,18 @@ let tv = { }, }, + // An ECDSA key in JWK format, which an "crv" field doesn't match the alg's crv. + ecdsa_jwk_crv_mismatch: { + pub_jwk: { + kty: "EC", + crv: "P-256", + alg: "ECDSA", + + x: "XOe4bjsyZgQD5jcS7wmY3q4QJ_rsPBvp92-TTf61jpg", + y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8", + }, + }, + ecdsa_bad: { pub_jwk: { kty: "EC", ===================================== dom/crypto/test/test_WebCrypto_ECDH.html ===================================== @@ -152,12 +152,24 @@ TestArray.addTest( } ); +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Verify that ECDH import fails with a key with a mismatched 'crv' field", + function() { + var that = this; + var alg = { name: "ECDH", namedCurve: "P-521"}; + + crypto.subtle.importKey("jwk", tv.ecdsa_jwk_crv_mismatch.pub_jwk, alg, true, ["verify"]) + .then(error(that), complete(that)); + } +); + // ----------------------------------------------------------------------------- TestArray.addTest( "JWK import an ECDH public and private key and derive bits (P-256)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -182,7 +194,7 @@ TestArray.addTest( "JWK import an ECDH public and private key and derive bits (P-384)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-384"}; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -207,7 +219,7 @@ TestArray.addTest( "JWK import an ECDH public and private key and derive bits (P-521)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve : "P-521" }; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -232,7 +244,7 @@ TestArray.addTest( "JWK import/export roundtrip with ECDH (P-256)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve : "P-256" }; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -277,7 +289,7 @@ TestArray.addTest( "PKCS8 import/export roundtrip with ECDH (P-256)", function() { var that = this; - var alg = { name: "ECDH", namedCurve: "P-256" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; function doExportPriv(x) { return crypto.subtle.exportKey("pkcs8", x); @@ -296,7 +308,7 @@ TestArray.addTest( "Test that importing bad JWKs fails", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; var tvs = tv.ecdh_p256_negative; function doTryImport(jwk) { @@ -306,6 +318,7 @@ TestArray.addTest( } doTryImport(tvs.jwk_bad_crv)() + .then(error(that), doTryImport(tvs.jwk_different_crv)) .then(error(that), doTryImport(tvs.jwk_missing_crv)) .then(error(that), doTryImport(tvs.jwk_missing_x)) .then(error(that), doTryImport(tvs.jwk_missing_y)) @@ -349,7 +362,7 @@ TestArray.addTest( "Derive an HMAC key from two ECDH keys and test sign/verify", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-521" }; var algDerived = { name: "HMAC", hash: {name: "SHA-1"} }; var pubKey, privKey; @@ -396,10 +409,11 @@ TestArray.addTest( "Derive an HKDF key from two ECDH keys and derive an HMAC key from that", function() { var that = this; + var alg = { name: "ECDH", namedCurve: "P-256" }; async function doTest() { - let privKey = await crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_priv, "ECDH", false, ["deriveKey"]); - let pubKey = await crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_pub, "ECDH", false, []); + let privKey = await crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_priv, alg, false, ["deriveKey"]); + let pubKey = await crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_pub, alg, false, []); let ecdhAlg = { name: "ECDH", public: pubKey }; let hkdfAlg = { name: "HKDF", hash: "SHA-256", salt: new Uint8Array(), info: new Uint8Array() }; let hkdfKey = await crypto.subtle.deriveKey(ecdhAlg, privKey, hkdfAlg, false, ["deriveKey"]); @@ -454,7 +468,7 @@ TestArray.addTest( "SPKI/JWK import ECDH keys (P-256) and derive a known secret", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; var pubKey, privKey; function setPub(x) { pubKey = x; } ===================================== dom/crypto/test/test_WebCrypto_ECDSA.html ===================================== @@ -91,7 +91,7 @@ TestArray.addTest( "ECDSA JWK import and reject a known-bad signature", function() { var that = this; - var alg = { name: "ECDSA", namedCurve: "P-256", hash: "SHA-256" }; + var alg = { name: "ECDSA", namedCurve: "P-521", hash: "SHA-512" }; function doVerify(x) { return crypto.subtle.verify(alg, x, tv.ecdsa_verify.sig_tampered, @@ -141,6 +141,18 @@ TestArray.addTest( } ); +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Verify that ECDSA import fails with a key with a mismatched 'crv' field", + function() { + var that = this; + var alg = { name: "ECDSA", namedCurve: "P-521", hash: "SHA-512" }; + + crypto.subtle.importKey("jwk", tv.ecdsa_jwk_crv_mismatch.pub_jwk, alg, true, ["verify"]) + .then(error(that), complete(that)); + } +); + // ----------------------------------------------------------------------------- TestArray.addTest( "Verify that ECDSA import fails with a known-bad public key", View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/56a… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/56a… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.2.0esr-14.0-1] Bug 1760806 - WebCrypto: ECDH and ECDSA JWK import to check that the crv in...
by ma1 (＠ma1) 31 Aug '24

31 Aug '24

ma1 pushed to branch tor-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 9380dbe6 by Anna Weine at 2024-08-31T12:38:09+08:00 Bug 1760806 - WebCrypto: ECDH and ECDSA JWK import to check that the crv in params and crv in alg are the same r=keeler https://treeherder.mozilla.org/jobs?repo=try&revision=ed7936b105dea8e58… Differential Revision: https://phabricator.services.mozilla.com/D217273 - - - - - 4 changed files: - dom/crypto/WebCryptoTask.cpp - dom/crypto/test/test-vectors.js - dom/crypto/test/test_WebCrypto_ECDH.html - dom/crypto/test/test_WebCrypto_ECDSA.html Changes: ===================================== dom/crypto/WebCryptoTask.cpp ===================================== @@ -1802,7 +1802,8 @@ class ImportEcKeyTask : public ImportKeyTask { return; } - if (mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_RAW)) { + if (mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_RAW) || + mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_JWK)) { RootedDictionary<EcKeyImportParams> params(aCx); mEarlyRv = Coerce(aCx, params, aAlgorithm); if (NS_FAILED(mEarlyRv) || !params.mNamedCurve.WasPassed()) { @@ -1907,11 +1908,21 @@ class ImportEcKeyTask : public ImportKeyTask { return NS_ERROR_DOM_NOT_SUPPORTED_ERR; } - // Extract 'crv' parameter from JWKs. + // Checking the 'crv' consistency if (mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_JWK)) { - if (!NormalizeToken(mJwk.mCrv.Value(), mNamedCurve)) { + // the curve stated in 'crv field' + nsString namedCurveFromCrv; + if (!NormalizeToken(mJwk.mCrv.Value(), namedCurveFromCrv)) { return NS_ERROR_DOM_NOT_SUPPORTED_ERR; } + + // https://w3c.github.io/webcrypto/#ecdh-operations + // https://w3c.github.io/webcrypto/#ecdsa-operations + // If namedCurve is not equal to the namedCurve member of + // normalizedAlgorithm (mNamedCurve in our case), throw a DataError. + if (!mNamedCurve.Equals(namedCurveFromCrv)) { + return NS_ERROR_DOM_DATA_ERR; + } } return NS_OK; } ===================================== dom/crypto/test/test-vectors.js ===================================== @@ -901,6 +901,13 @@ let tv = { y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8", }, + jwk_different_crv: { + kty: "EC", + crv: "P-521", + x: "XOe4bjsyZgQD5jcS7wmY3q4QJ_rsPBvp92-TTf61jpg", + y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8", + }, + // The crv parameter is missing. jwk_missing_crv: { kty: "EC", @@ -1017,6 +1024,18 @@ let tv = { }, }, + // An ECDSA key in JWK format, which an "crv" field doesn't match the alg's crv. + ecdsa_jwk_crv_mismatch: { + pub_jwk: { + kty: "EC", + crv: "P-256", + alg: "ECDSA", + + x: "XOe4bjsyZgQD5jcS7wmY3q4QJ_rsPBvp92-TTf61jpg", + y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8", + }, + }, + ecdsa_bad: { pub_jwk: { kty: "EC", ===================================== dom/crypto/test/test_WebCrypto_ECDH.html ===================================== @@ -152,12 +152,24 @@ TestArray.addTest( } ); +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Verify that ECDH import fails with a key with a mismatched 'crv' field", + function() { + var that = this; + var alg = { name: "ECDH", namedCurve: "P-521"}; + + crypto.subtle.importKey("jwk", tv.ecdsa_jwk_crv_mismatch.pub_jwk, alg, true, ["verify"]) + .then(error(that), complete(that)); + } +); + // ----------------------------------------------------------------------------- TestArray.addTest( "JWK import an ECDH public and private key and derive bits (P-256)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -182,7 +194,7 @@ TestArray.addTest( "JWK import an ECDH public and private key and derive bits (P-384)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-384"}; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -207,7 +219,7 @@ TestArray.addTest( "JWK import an ECDH public and private key and derive bits (P-521)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve : "P-521" }; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -232,7 +244,7 @@ TestArray.addTest( "JWK import/export roundtrip with ECDH (P-256)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve : "P-256" }; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -277,7 +289,7 @@ TestArray.addTest( "PKCS8 import/export roundtrip with ECDH (P-256)", function() { var that = this; - var alg = { name: "ECDH", namedCurve: "P-256" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; function doExportPriv(x) { return crypto.subtle.exportKey("pkcs8", x); @@ -296,7 +308,7 @@ TestArray.addTest( "Test that importing bad JWKs fails", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; var tvs = tv.ecdh_p256_negative; function doTryImport(jwk) { @@ -306,6 +318,7 @@ TestArray.addTest( } doTryImport(tvs.jwk_bad_crv)() + .then(error(that), doTryImport(tvs.jwk_different_crv)) .then(error(that), doTryImport(tvs.jwk_missing_crv)) .then(error(that), doTryImport(tvs.jwk_missing_x)) .then(error(that), doTryImport(tvs.jwk_missing_y)) @@ -349,7 +362,7 @@ TestArray.addTest( "Derive an HMAC key from two ECDH keys and test sign/verify", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-521" }; var algDerived = { name: "HMAC", hash: {name: "SHA-1"} }; var pubKey, privKey; @@ -396,10 +409,11 @@ TestArray.addTest( "Derive an HKDF key from two ECDH keys and derive an HMAC key from that", function() { var that = this; + var alg = { name: "ECDH", namedCurve: "P-256" }; async function doTest() { - let privKey = await crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_priv, "ECDH", false, ["deriveKey"]); - let pubKey = await crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_pub, "ECDH", false, []); + let privKey = await crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_priv, alg, false, ["deriveKey"]); + let pubKey = await crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_pub, alg, false, []); let ecdhAlg = { name: "ECDH", public: pubKey }; let hkdfAlg = { name: "HKDF", hash: "SHA-256", salt: new Uint8Array(), info: new Uint8Array() }; let hkdfKey = await crypto.subtle.deriveKey(ecdhAlg, privKey, hkdfAlg, false, ["deriveKey"]); @@ -454,7 +468,7 @@ TestArray.addTest( "SPKI/JWK import ECDH keys (P-256) and derive a known secret", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; var pubKey, privKey; function setPub(x) { pubKey = x; } ===================================== dom/crypto/test/test_WebCrypto_ECDSA.html ===================================== @@ -91,7 +91,7 @@ TestArray.addTest( "ECDSA JWK import and reject a known-bad signature", function() { var that = this; - var alg = { name: "ECDSA", namedCurve: "P-256", hash: "SHA-256" }; + var alg = { name: "ECDSA", namedCurve: "P-521", hash: "SHA-512" }; function doVerify(x) { return crypto.subtle.verify(alg, x, tv.ecdsa_verify.sig_tampered, @@ -141,6 +141,18 @@ TestArray.addTest( } ); +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Verify that ECDSA import fails with a key with a mismatched 'crv' field", + function() { + var that = this; + var alg = { name: "ECDSA", namedCurve: "P-521", hash: "SHA-512" }; + + crypto.subtle.importKey("jwk", tv.ecdsa_jwk_crv_mismatch.pub_jwk, alg, true, ["verify"]) + .then(error(that), complete(that)); + } +); + // ----------------------------------------------------------------------------- TestArray.addTest( "Verify that ECDSA import fails with a known-bad public key", View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/9380dbe… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/9380dbe… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.2.0esr-14.0-1] Bug 1760806 - WebCrypto: ECDH and ECDSA JWK import to check that the crv in...
by ma1 (＠ma1) 31 Aug '24

31 Aug '24

ma1 pushed to branch base-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 62e7b72b by Anna Weine at 2024-08-31T12:40:33+08:00 Bug 1760806 - WebCrypto: ECDH and ECDSA JWK import to check that the crv in params and crv in alg are the same r=keeler https://treeherder.mozilla.org/jobs?repo=try&revision=ed7936b105dea8e58… Differential Revision: https://phabricator.services.mozilla.com/D217273 - - - - - 4 changed files: - dom/crypto/WebCryptoTask.cpp - dom/crypto/test/test-vectors.js - dom/crypto/test/test_WebCrypto_ECDH.html - dom/crypto/test/test_WebCrypto_ECDSA.html Changes: ===================================== dom/crypto/WebCryptoTask.cpp ===================================== @@ -1802,7 +1802,8 @@ class ImportEcKeyTask : public ImportKeyTask { return; } - if (mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_RAW)) { + if (mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_RAW) || + mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_JWK)) { RootedDictionary<EcKeyImportParams> params(aCx); mEarlyRv = Coerce(aCx, params, aAlgorithm); if (NS_FAILED(mEarlyRv) || !params.mNamedCurve.WasPassed()) { @@ -1907,11 +1908,21 @@ class ImportEcKeyTask : public ImportKeyTask { return NS_ERROR_DOM_NOT_SUPPORTED_ERR; } - // Extract 'crv' parameter from JWKs. + // Checking the 'crv' consistency if (mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_JWK)) { - if (!NormalizeToken(mJwk.mCrv.Value(), mNamedCurve)) { + // the curve stated in 'crv field' + nsString namedCurveFromCrv; + if (!NormalizeToken(mJwk.mCrv.Value(), namedCurveFromCrv)) { return NS_ERROR_DOM_NOT_SUPPORTED_ERR; } + + // https://w3c.github.io/webcrypto/#ecdh-operations + // https://w3c.github.io/webcrypto/#ecdsa-operations + // If namedCurve is not equal to the namedCurve member of + // normalizedAlgorithm (mNamedCurve in our case), throw a DataError. + if (!mNamedCurve.Equals(namedCurveFromCrv)) { + return NS_ERROR_DOM_DATA_ERR; + } } return NS_OK; } ===================================== dom/crypto/test/test-vectors.js ===================================== @@ -901,6 +901,13 @@ let tv = { y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8", }, + jwk_different_crv: { + kty: "EC", + crv: "P-521", + x: "XOe4bjsyZgQD5jcS7wmY3q4QJ_rsPBvp92-TTf61jpg", + y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8", + }, + // The crv parameter is missing. jwk_missing_crv: { kty: "EC", @@ -1017,6 +1024,18 @@ let tv = { }, }, + // An ECDSA key in JWK format, which an "crv" field doesn't match the alg's crv. + ecdsa_jwk_crv_mismatch: { + pub_jwk: { + kty: "EC", + crv: "P-256", + alg: "ECDSA", + + x: "XOe4bjsyZgQD5jcS7wmY3q4QJ_rsPBvp92-TTf61jpg", + y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8", + }, + }, + ecdsa_bad: { pub_jwk: { kty: "EC", ===================================== dom/crypto/test/test_WebCrypto_ECDH.html ===================================== @@ -152,12 +152,24 @@ TestArray.addTest( } ); +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Verify that ECDH import fails with a key with a mismatched 'crv' field", + function() { + var that = this; + var alg = { name: "ECDH", namedCurve: "P-521"}; + + crypto.subtle.importKey("jwk", tv.ecdsa_jwk_crv_mismatch.pub_jwk, alg, true, ["verify"]) + .then(error(that), complete(that)); + } +); + // ----------------------------------------------------------------------------- TestArray.addTest( "JWK import an ECDH public and private key and derive bits (P-256)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -182,7 +194,7 @@ TestArray.addTest( "JWK import an ECDH public and private key and derive bits (P-384)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-384"}; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -207,7 +219,7 @@ TestArray.addTest( "JWK import an ECDH public and private key and derive bits (P-521)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve : "P-521" }; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -232,7 +244,7 @@ TestArray.addTest( "JWK import/export roundtrip with ECDH (P-256)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve : "P-256" }; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -277,7 +289,7 @@ TestArray.addTest( "PKCS8 import/export roundtrip with ECDH (P-256)", function() { var that = this; - var alg = { name: "ECDH", namedCurve: "P-256" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; function doExportPriv(x) { return crypto.subtle.exportKey("pkcs8", x); @@ -296,7 +308,7 @@ TestArray.addTest( "Test that importing bad JWKs fails", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; var tvs = tv.ecdh_p256_negative; function doTryImport(jwk) { @@ -306,6 +318,7 @@ TestArray.addTest( } doTryImport(tvs.jwk_bad_crv)() + .then(error(that), doTryImport(tvs.jwk_different_crv)) .then(error(that), doTryImport(tvs.jwk_missing_crv)) .then(error(that), doTryImport(tvs.jwk_missing_x)) .then(error(that), doTryImport(tvs.jwk_missing_y)) @@ -349,7 +362,7 @@ TestArray.addTest( "Derive an HMAC key from two ECDH keys and test sign/verify", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-521" }; var algDerived = { name: "HMAC", hash: {name: "SHA-1"} }; var pubKey, privKey; @@ -396,10 +409,11 @@ TestArray.addTest( "Derive an HKDF key from two ECDH keys and derive an HMAC key from that", function() { var that = this; + var alg = { name: "ECDH", namedCurve: "P-256" }; async function doTest() { - let privKey = await crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_priv, "ECDH", false, ["deriveKey"]); - let pubKey = await crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_pub, "ECDH", false, []); + let privKey = await crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_priv, alg, false, ["deriveKey"]); + let pubKey = await crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_pub, alg, false, []); let ecdhAlg = { name: "ECDH", public: pubKey }; let hkdfAlg = { name: "HKDF", hash: "SHA-256", salt: new Uint8Array(), info: new Uint8Array() }; let hkdfKey = await crypto.subtle.deriveKey(ecdhAlg, privKey, hkdfAlg, false, ["deriveKey"]); @@ -454,7 +468,7 @@ TestArray.addTest( "SPKI/JWK import ECDH keys (P-256) and derive a known secret", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; var pubKey, privKey; function setPub(x) { pubKey = x; } ===================================== dom/crypto/test/test_WebCrypto_ECDSA.html ===================================== @@ -91,7 +91,7 @@ TestArray.addTest( "ECDSA JWK import and reject a known-bad signature", function() { var that = this; - var alg = { name: "ECDSA", namedCurve: "P-256", hash: "SHA-256" }; + var alg = { name: "ECDSA", namedCurve: "P-521", hash: "SHA-512" }; function doVerify(x) { return crypto.subtle.verify(alg, x, tv.ecdsa_verify.sig_tampered, @@ -141,6 +141,18 @@ TestArray.addTest( } ); +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Verify that ECDSA import fails with a key with a mismatched 'crv' field", + function() { + var that = this; + var alg = { name: "ECDSA", namedCurve: "P-521", hash: "SHA-512" }; + + crypto.subtle.importKey("jwk", tv.ecdsa_jwk_crv_mismatch.pub_jwk, alg, true, ["verify"]) + .then(error(that), complete(that)); + } +); + // ----------------------------------------------------------------------------- TestArray.addTest( "Verify that ECDSA import fails with a known-bad public key", View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/62e7b72… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/62e7b72… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-115.15.0esr-13.5-1] Bug 1760806 - WebCrypto: ECDH and ECDSA JWK import to check that the crv in...
by ma1 (＠ma1) 31 Aug '24

31 Aug '24

ma1 pushed to branch mullvad-browser-115.15.0esr-13.5-1 at The Tor Project / Applications / Mullvad Browser Commits: 7d80ca6a by Anna Weine at 2024-08-31T12:30:55+08:00 Bug 1760806 - WebCrypto: ECDH and ECDSA JWK import to check that the crv in params and crv in alg are the same r=keeler https://treeherder.mozilla.org/jobs?repo=try&revision=ed7936b105dea8e58… Differential Revision: https://phabricator.services.mozilla.com/D217273 - - - - - 4 changed files: - dom/crypto/WebCryptoTask.cpp - dom/crypto/test/test-vectors.js - dom/crypto/test/test_WebCrypto_ECDH.html - dom/crypto/test/test_WebCrypto_ECDSA.html Changes: ===================================== dom/crypto/WebCryptoTask.cpp ===================================== @@ -1777,7 +1777,8 @@ class ImportEcKeyTask : public ImportKeyTask { return; } - if (mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_RAW)) { + if (mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_RAW) || + mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_JWK)) { RootedDictionary<EcKeyImportParams> params(aCx); mEarlyRv = Coerce(aCx, params, aAlgorithm); if (NS_FAILED(mEarlyRv) || !params.mNamedCurve.WasPassed()) { @@ -1882,11 +1883,21 @@ class ImportEcKeyTask : public ImportKeyTask { return NS_ERROR_DOM_NOT_SUPPORTED_ERR; } - // Extract 'crv' parameter from JWKs. + // Checking the 'crv' consistency if (mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_JWK)) { - if (!NormalizeToken(mJwk.mCrv.Value(), mNamedCurve)) { + // the curve stated in 'crv field' + nsString namedCurveFromCrv; + if (!NormalizeToken(mJwk.mCrv.Value(), namedCurveFromCrv)) { return NS_ERROR_DOM_NOT_SUPPORTED_ERR; } + + // https://w3c.github.io/webcrypto/#ecdh-operations + // https://w3c.github.io/webcrypto/#ecdsa-operations + // If namedCurve is not equal to the namedCurve member of + // normalizedAlgorithm (mNamedCurve in our case), throw a DataError. + if (!mNamedCurve.Equals(namedCurveFromCrv)) { + return NS_ERROR_DOM_DATA_ERR; + } } return NS_OK; } ===================================== dom/crypto/test/test-vectors.js ===================================== @@ -901,6 +901,13 @@ let tv = { y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8", }, + jwk_different_crv: { + kty: "EC", + crv: "P-521", + x: "XOe4bjsyZgQD5jcS7wmY3q4QJ_rsPBvp92-TTf61jpg", + y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8", + }, + // The crv parameter is missing. jwk_missing_crv: { kty: "EC", @@ -1017,6 +1024,18 @@ let tv = { }, }, + // An ECDSA key in JWK format, which an "crv" field doesn't match the alg's crv. + ecdsa_jwk_crv_mismatch: { + pub_jwk: { + kty: "EC", + crv: "P-256", + alg: "ECDSA", + + x: "XOe4bjsyZgQD5jcS7wmY3q4QJ_rsPBvp92-TTf61jpg", + y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8", + }, + }, + ecdsa_bad: { pub_jwk: { kty: "EC", ===================================== dom/crypto/test/test_WebCrypto_ECDH.html ===================================== @@ -152,12 +152,24 @@ TestArray.addTest( } ); +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Verify that ECDH import fails with a key with a mismatched 'crv' field", + function() { + var that = this; + var alg = { name: "ECDH", namedCurve: "P-521"}; + + crypto.subtle.importKey("jwk", tv.ecdsa_jwk_crv_mismatch.pub_jwk, alg, true, ["verify"]) + .then(error(that), complete(that)); + } +); + // ----------------------------------------------------------------------------- TestArray.addTest( "JWK import an ECDH public and private key and derive bits (P-256)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -182,7 +194,7 @@ TestArray.addTest( "JWK import an ECDH public and private key and derive bits (P-384)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-384"}; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -207,7 +219,7 @@ TestArray.addTest( "JWK import an ECDH public and private key and derive bits (P-521)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve : "P-521" }; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -232,7 +244,7 @@ TestArray.addTest( "JWK import/export roundtrip with ECDH (P-256)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve : "P-256" }; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -277,7 +289,7 @@ TestArray.addTest( "PKCS8 import/export roundtrip with ECDH (P-256)", function() { var that = this; - var alg = { name: "ECDH", namedCurve: "P-256" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; function doExportPriv(x) { return crypto.subtle.exportKey("pkcs8", x); @@ -296,7 +308,7 @@ TestArray.addTest( "Test that importing bad JWKs fails", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; var tvs = tv.ecdh_p256_negative; function doTryImport(jwk) { @@ -306,6 +318,7 @@ TestArray.addTest( } doTryImport(tvs.jwk_bad_crv)() + .then(error(that), doTryImport(tvs.jwk_different_crv)) .then(error(that), doTryImport(tvs.jwk_missing_crv)) .then(error(that), doTryImport(tvs.jwk_missing_x)) .then(error(that), doTryImport(tvs.jwk_missing_y)) @@ -349,7 +362,7 @@ TestArray.addTest( "Derive an HMAC key from two ECDH keys and test sign/verify", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-521" }; var algDerived = { name: "HMAC", hash: {name: "SHA-1"} }; var pubKey, privKey; @@ -391,6 +404,28 @@ TestArray.addTest( } ); +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Derive an HKDF key from two ECDH keys and derive an HMAC key from that", + function() { + var that = this; + var alg = { name: "ECDH", namedCurve: "P-256" }; + + async function doTest() { + let privKey = await crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_priv, alg, false, ["deriveKey"]); + let pubKey = await crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_pub, alg, false, []); + let ecdhAlg = { name: "ECDH", public: pubKey }; + let hkdfAlg = { name: "HKDF", hash: "SHA-256", salt: new Uint8Array(), info: new Uint8Array() }; + let hkdfKey = await crypto.subtle.deriveKey(ecdhAlg, privKey, hkdfAlg, false, ["deriveKey"]); + let hmacAlg = { name: "HMAC", hash: "SHA-256" }; + let hmacKey = await crypto.subtle.deriveKey(hkdfAlg, hkdfKey, hmacAlg, false, ["sign"]); + return crypto.subtle.sign("HMAC", hmacKey, new Uint8Array()); + } + const expected = util.hex2abv("acf62832fa93469824cd997593bc963b28a68e6f73f4516bbe51b35942fe9811"); + doTest().then(memcmp_complete(that, expected), error(that)); + } +); + // ----------------------------------------------------------------------------- TestArray.addTest( "SPKI import/export of public ECDH keys (P-256)", @@ -433,7 +468,7 @@ TestArray.addTest( "SPKI/JWK import ECDH keys (P-256) and derive a known secret", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; var pubKey, privKey; function setPub(x) { pubKey = x; } ===================================== dom/crypto/test/test_WebCrypto_ECDSA.html ===================================== @@ -91,7 +91,7 @@ TestArray.addTest( "ECDSA JWK import and reject a known-bad signature", function() { var that = this; - var alg = { name: "ECDSA", namedCurve: "P-256", hash: "SHA-256" }; + var alg = { name: "ECDSA", namedCurve: "P-521", hash: "SHA-512" }; function doVerify(x) { return crypto.subtle.verify(alg, x, tv.ecdsa_verify.sig_tampered, @@ -141,6 +141,18 @@ TestArray.addTest( } ); +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Verify that ECDSA import fails with a key with a mismatched 'crv' field", + function() { + var that = this; + var alg = { name: "ECDSA", namedCurve: "P-521", hash: "SHA-512" }; + + crypto.subtle.importKey("jwk", tv.ecdsa_jwk_crv_mismatch.pub_jwk, alg, true, ["verify"]) + .then(error(that), complete(that)); + } +); + // ----------------------------------------------------------------------------- TestArray.addTest( "Verify that ECDSA import fails with a known-bad public key", View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/7d8… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/7d8… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-115.15.0esr-13.5-1] Bug 1760806 - WebCrypto: ECDH and ECDSA JWK import to check that the crv in...
by ma1 (＠ma1) 31 Aug '24

31 Aug '24

ma1 pushed to branch base-browser-115.15.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: e9d93c56 by Anna Weine at 2024-08-31T12:30:48+08:00 Bug 1760806 - WebCrypto: ECDH and ECDSA JWK import to check that the crv in params and crv in alg are the same r=keeler https://treeherder.mozilla.org/jobs?repo=try&revision=ed7936b105dea8e58… Differential Revision: https://phabricator.services.mozilla.com/D217273 - - - - - 4 changed files: - dom/crypto/WebCryptoTask.cpp - dom/crypto/test/test-vectors.js - dom/crypto/test/test_WebCrypto_ECDH.html - dom/crypto/test/test_WebCrypto_ECDSA.html Changes: ===================================== dom/crypto/WebCryptoTask.cpp ===================================== @@ -1777,7 +1777,8 @@ class ImportEcKeyTask : public ImportKeyTask { return; } - if (mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_RAW)) { + if (mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_RAW) || + mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_JWK)) { RootedDictionary<EcKeyImportParams> params(aCx); mEarlyRv = Coerce(aCx, params, aAlgorithm); if (NS_FAILED(mEarlyRv) || !params.mNamedCurve.WasPassed()) { @@ -1882,11 +1883,21 @@ class ImportEcKeyTask : public ImportKeyTask { return NS_ERROR_DOM_NOT_SUPPORTED_ERR; } - // Extract 'crv' parameter from JWKs. + // Checking the 'crv' consistency if (mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_JWK)) { - if (!NormalizeToken(mJwk.mCrv.Value(), mNamedCurve)) { + // the curve stated in 'crv field' + nsString namedCurveFromCrv; + if (!NormalizeToken(mJwk.mCrv.Value(), namedCurveFromCrv)) { return NS_ERROR_DOM_NOT_SUPPORTED_ERR; } + + // https://w3c.github.io/webcrypto/#ecdh-operations + // https://w3c.github.io/webcrypto/#ecdsa-operations + // If namedCurve is not equal to the namedCurve member of + // normalizedAlgorithm (mNamedCurve in our case), throw a DataError. + if (!mNamedCurve.Equals(namedCurveFromCrv)) { + return NS_ERROR_DOM_DATA_ERR; + } } return NS_OK; } ===================================== dom/crypto/test/test-vectors.js ===================================== @@ -901,6 +901,13 @@ let tv = { y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8", }, + jwk_different_crv: { + kty: "EC", + crv: "P-521", + x: "XOe4bjsyZgQD5jcS7wmY3q4QJ_rsPBvp92-TTf61jpg", + y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8", + }, + // The crv parameter is missing. jwk_missing_crv: { kty: "EC", @@ -1017,6 +1024,18 @@ let tv = { }, }, + // An ECDSA key in JWK format, which an "crv" field doesn't match the alg's crv. + ecdsa_jwk_crv_mismatch: { + pub_jwk: { + kty: "EC", + crv: "P-256", + alg: "ECDSA", + + x: "XOe4bjsyZgQD5jcS7wmY3q4QJ_rsPBvp92-TTf61jpg", + y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8", + }, + }, + ecdsa_bad: { pub_jwk: { kty: "EC", ===================================== dom/crypto/test/test_WebCrypto_ECDH.html ===================================== @@ -152,12 +152,24 @@ TestArray.addTest( } ); +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Verify that ECDH import fails with a key with a mismatched 'crv' field", + function() { + var that = this; + var alg = { name: "ECDH", namedCurve: "P-521"}; + + crypto.subtle.importKey("jwk", tv.ecdsa_jwk_crv_mismatch.pub_jwk, alg, true, ["verify"]) + .then(error(that), complete(that)); + } +); + // ----------------------------------------------------------------------------- TestArray.addTest( "JWK import an ECDH public and private key and derive bits (P-256)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -182,7 +194,7 @@ TestArray.addTest( "JWK import an ECDH public and private key and derive bits (P-384)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-384"}; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -207,7 +219,7 @@ TestArray.addTest( "JWK import an ECDH public and private key and derive bits (P-521)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve : "P-521" }; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -232,7 +244,7 @@ TestArray.addTest( "JWK import/export roundtrip with ECDH (P-256)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve : "P-256" }; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -277,7 +289,7 @@ TestArray.addTest( "PKCS8 import/export roundtrip with ECDH (P-256)", function() { var that = this; - var alg = { name: "ECDH", namedCurve: "P-256" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; function doExportPriv(x) { return crypto.subtle.exportKey("pkcs8", x); @@ -296,7 +308,7 @@ TestArray.addTest( "Test that importing bad JWKs fails", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; var tvs = tv.ecdh_p256_negative; function doTryImport(jwk) { @@ -306,6 +318,7 @@ TestArray.addTest( } doTryImport(tvs.jwk_bad_crv)() + .then(error(that), doTryImport(tvs.jwk_different_crv)) .then(error(that), doTryImport(tvs.jwk_missing_crv)) .then(error(that), doTryImport(tvs.jwk_missing_x)) .then(error(that), doTryImport(tvs.jwk_missing_y)) @@ -349,7 +362,7 @@ TestArray.addTest( "Derive an HMAC key from two ECDH keys and test sign/verify", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-521" }; var algDerived = { name: "HMAC", hash: {name: "SHA-1"} }; var pubKey, privKey; @@ -391,6 +404,28 @@ TestArray.addTest( } ); +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Derive an HKDF key from two ECDH keys and derive an HMAC key from that", + function() { + var that = this; + var alg = { name: "ECDH", namedCurve: "P-256" }; + + async function doTest() { + let privKey = await crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_priv, alg, false, ["deriveKey"]); + let pubKey = await crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_pub, alg, false, []); + let ecdhAlg = { name: "ECDH", public: pubKey }; + let hkdfAlg = { name: "HKDF", hash: "SHA-256", salt: new Uint8Array(), info: new Uint8Array() }; + let hkdfKey = await crypto.subtle.deriveKey(ecdhAlg, privKey, hkdfAlg, false, ["deriveKey"]); + let hmacAlg = { name: "HMAC", hash: "SHA-256" }; + let hmacKey = await crypto.subtle.deriveKey(hkdfAlg, hkdfKey, hmacAlg, false, ["sign"]); + return crypto.subtle.sign("HMAC", hmacKey, new Uint8Array()); + } + const expected = util.hex2abv("acf62832fa93469824cd997593bc963b28a68e6f73f4516bbe51b35942fe9811"); + doTest().then(memcmp_complete(that, expected), error(that)); + } +); + // ----------------------------------------------------------------------------- TestArray.addTest( "SPKI import/export of public ECDH keys (P-256)", @@ -433,7 +468,7 @@ TestArray.addTest( "SPKI/JWK import ECDH keys (P-256) and derive a known secret", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; var pubKey, privKey; function setPub(x) { pubKey = x; } ===================================== dom/crypto/test/test_WebCrypto_ECDSA.html ===================================== @@ -91,7 +91,7 @@ TestArray.addTest( "ECDSA JWK import and reject a known-bad signature", function() { var that = this; - var alg = { name: "ECDSA", namedCurve: "P-256", hash: "SHA-256" }; + var alg = { name: "ECDSA", namedCurve: "P-521", hash: "SHA-512" }; function doVerify(x) { return crypto.subtle.verify(alg, x, tv.ecdsa_verify.sig_tampered, @@ -141,6 +141,18 @@ TestArray.addTest( } ); +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Verify that ECDSA import fails with a key with a mismatched 'crv' field", + function() { + var that = this; + var alg = { name: "ECDSA", namedCurve: "P-521", hash: "SHA-512" }; + + crypto.subtle.importKey("jwk", tv.ecdsa_jwk_crv_mismatch.pub_jwk, alg, true, ["verify"]) + .then(error(that), complete(that)); + } +); + // ----------------------------------------------------------------------------- TestArray.addTest( "Verify that ECDSA import fails with a known-bad public key", View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/e9d93c5… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/e9d93c5… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.15.0esr-13.5-2] Bug 1760806 - WebCrypto: ECDH and ECDSA JWK import to check that the crv in...
by ma1 (＠ma1) 31 Aug '24

31 Aug '24

ma1 pushed to branch tor-browser-115.15.0esr-13.5-2 at The Tor Project / Applications / Tor Browser Commits: 84c46aeb by Anna Weine at 2024-08-31T12:30:34+08:00 Bug 1760806 - WebCrypto: ECDH and ECDSA JWK import to check that the crv in params and crv in alg are the same r=keeler https://treeherder.mozilla.org/jobs?repo=try&revision=ed7936b105dea8e58… Differential Revision: https://phabricator.services.mozilla.com/D217273 - - - - - 4 changed files: - dom/crypto/WebCryptoTask.cpp - dom/crypto/test/test-vectors.js - dom/crypto/test/test_WebCrypto_ECDH.html - dom/crypto/test/test_WebCrypto_ECDSA.html Changes: ===================================== dom/crypto/WebCryptoTask.cpp ===================================== @@ -1777,7 +1777,8 @@ class ImportEcKeyTask : public ImportKeyTask { return; } - if (mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_RAW)) { + if (mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_RAW) || + mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_JWK)) { RootedDictionary<EcKeyImportParams> params(aCx); mEarlyRv = Coerce(aCx, params, aAlgorithm); if (NS_FAILED(mEarlyRv) || !params.mNamedCurve.WasPassed()) { @@ -1882,11 +1883,21 @@ class ImportEcKeyTask : public ImportKeyTask { return NS_ERROR_DOM_NOT_SUPPORTED_ERR; } - // Extract 'crv' parameter from JWKs. + // Checking the 'crv' consistency if (mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_JWK)) { - if (!NormalizeToken(mJwk.mCrv.Value(), mNamedCurve)) { + // the curve stated in 'crv field' + nsString namedCurveFromCrv; + if (!NormalizeToken(mJwk.mCrv.Value(), namedCurveFromCrv)) { return NS_ERROR_DOM_NOT_SUPPORTED_ERR; } + + // https://w3c.github.io/webcrypto/#ecdh-operations + // https://w3c.github.io/webcrypto/#ecdsa-operations + // If namedCurve is not equal to the namedCurve member of + // normalizedAlgorithm (mNamedCurve in our case), throw a DataError. + if (!mNamedCurve.Equals(namedCurveFromCrv)) { + return NS_ERROR_DOM_DATA_ERR; + } } return NS_OK; } ===================================== dom/crypto/test/test-vectors.js ===================================== @@ -901,6 +901,13 @@ let tv = { y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8", }, + jwk_different_crv: { + kty: "EC", + crv: "P-521", + x: "XOe4bjsyZgQD5jcS7wmY3q4QJ_rsPBvp92-TTf61jpg", + y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8", + }, + // The crv parameter is missing. jwk_missing_crv: { kty: "EC", @@ -1017,6 +1024,18 @@ let tv = { }, }, + // An ECDSA key in JWK format, which an "crv" field doesn't match the alg's crv. + ecdsa_jwk_crv_mismatch: { + pub_jwk: { + kty: "EC", + crv: "P-256", + alg: "ECDSA", + + x: "XOe4bjsyZgQD5jcS7wmY3q4QJ_rsPBvp92-TTf61jpg", + y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8", + }, + }, + ecdsa_bad: { pub_jwk: { kty: "EC", ===================================== dom/crypto/test/test_WebCrypto_ECDH.html ===================================== @@ -152,12 +152,24 @@ TestArray.addTest( } ); +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Verify that ECDH import fails with a key with a mismatched 'crv' field", + function() { + var that = this; + var alg = { name: "ECDH", namedCurve: "P-521"}; + + crypto.subtle.importKey("jwk", tv.ecdsa_jwk_crv_mismatch.pub_jwk, alg, true, ["verify"]) + .then(error(that), complete(that)); + } +); + // ----------------------------------------------------------------------------- TestArray.addTest( "JWK import an ECDH public and private key and derive bits (P-256)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -182,7 +194,7 @@ TestArray.addTest( "JWK import an ECDH public and private key and derive bits (P-384)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-384"}; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -207,7 +219,7 @@ TestArray.addTest( "JWK import an ECDH public and private key and derive bits (P-521)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve : "P-521" }; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -232,7 +244,7 @@ TestArray.addTest( "JWK import/export roundtrip with ECDH (P-256)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve : "P-256" }; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -277,7 +289,7 @@ TestArray.addTest( "PKCS8 import/export roundtrip with ECDH (P-256)", function() { var that = this; - var alg = { name: "ECDH", namedCurve: "P-256" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; function doExportPriv(x) { return crypto.subtle.exportKey("pkcs8", x); @@ -296,7 +308,7 @@ TestArray.addTest( "Test that importing bad JWKs fails", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; var tvs = tv.ecdh_p256_negative; function doTryImport(jwk) { @@ -306,6 +318,7 @@ TestArray.addTest( } doTryImport(tvs.jwk_bad_crv)() + .then(error(that), doTryImport(tvs.jwk_different_crv)) .then(error(that), doTryImport(tvs.jwk_missing_crv)) .then(error(that), doTryImport(tvs.jwk_missing_x)) .then(error(that), doTryImport(tvs.jwk_missing_y)) @@ -349,7 +362,7 @@ TestArray.addTest( "Derive an HMAC key from two ECDH keys and test sign/verify", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-521" }; var algDerived = { name: "HMAC", hash: {name: "SHA-1"} }; var pubKey, privKey; @@ -391,6 +404,28 @@ TestArray.addTest( } ); +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Derive an HKDF key from two ECDH keys and derive an HMAC key from that", + function() { + var that = this; + var alg = { name: "ECDH", namedCurve: "P-256" }; + + async function doTest() { + let privKey = await crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_priv, alg, false, ["deriveKey"]); + let pubKey = await crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_pub, alg, false, []); + let ecdhAlg = { name: "ECDH", public: pubKey }; + let hkdfAlg = { name: "HKDF", hash: "SHA-256", salt: new Uint8Array(), info: new Uint8Array() }; + let hkdfKey = await crypto.subtle.deriveKey(ecdhAlg, privKey, hkdfAlg, false, ["deriveKey"]); + let hmacAlg = { name: "HMAC", hash: "SHA-256" }; + let hmacKey = await crypto.subtle.deriveKey(hkdfAlg, hkdfKey, hmacAlg, false, ["sign"]); + return crypto.subtle.sign("HMAC", hmacKey, new Uint8Array()); + } + const expected = util.hex2abv("acf62832fa93469824cd997593bc963b28a68e6f73f4516bbe51b35942fe9811"); + doTest().then(memcmp_complete(that, expected), error(that)); + } +); + // ----------------------------------------------------------------------------- TestArray.addTest( "SPKI import/export of public ECDH keys (P-256)", @@ -433,7 +468,7 @@ TestArray.addTest( "SPKI/JWK import ECDH keys (P-256) and derive a known secret", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; var pubKey, privKey; function setPub(x) { pubKey = x; } ===================================== dom/crypto/test/test_WebCrypto_ECDSA.html ===================================== @@ -91,7 +91,7 @@ TestArray.addTest( "ECDSA JWK import and reject a known-bad signature", function() { var that = this; - var alg = { name: "ECDSA", namedCurve: "P-256", hash: "SHA-256" }; + var alg = { name: "ECDSA", namedCurve: "P-521", hash: "SHA-512" }; function doVerify(x) { return crypto.subtle.verify(alg, x, tv.ecdsa_verify.sig_tampered, @@ -141,6 +141,18 @@ TestArray.addTest( } ); +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Verify that ECDSA import fails with a key with a mismatched 'crv' field", + function() { + var that = this; + var alg = { name: "ECDSA", namedCurve: "P-521", hash: "SHA-512" }; + + crypto.subtle.importKey("jwk", tv.ecdsa_jwk_crv_mismatch.pub_jwk, alg, true, ["verify"]) + .then(error(that), complete(that)); + } +); + // ----------------------------------------------------------------------------- TestArray.addTest( "Verify that ECDSA import fails with a known-bad public key", View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/84c46ae… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/84c46ae… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.2.0esr-14.0-1] fixup! Firefox preference overrides.
by ma1 (＠ma1) 31 Aug '24

31 Aug '24

ma1 pushed to branch mullvad-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 94077be2 by Morgan at 2024-08-31T10:23:33+08:00 fixup! Firefox preference overrides. Bug 42684: Disable network prefetch - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -459,8 +459,12 @@ pref("privacy.purge_trackers.enabled", false); // credentials dialogs. Hardens against potential credentials phishing. pref("network.auth.subresource-http-auth-allow", 1); +// tor-browser#42684: Disable network prefetch pref("network.dns.disablePrefetch", true); pref("network.dns.disablePrefetchFromHTTPS", true); +pref("dom.prefetch_dns_for_anchor_http_document", false); +pref("dom.prefetch_dns_for_anchor_https_document", false); + pref("network.protocol-handler.external-default", false); pref("network.protocol-handler.external.mailto", false); pref("network.protocol-handler.external.news", false); View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/940… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/940… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.2.0esr-14.0-1] fixup! Firefox preference overrides.
by ma1 (＠ma1) 31 Aug '24

31 Aug '24

ma1 pushed to branch base-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: e02979b1 by Morgan at 2024-08-31T10:23:24+08:00 fixup! Firefox preference overrides. Bug 42684: Disable network prefetch - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -459,8 +459,12 @@ pref("privacy.purge_trackers.enabled", false); // credentials dialogs. Hardens against potential credentials phishing. pref("network.auth.subresource-http-auth-allow", 1); +// tor-browser#42684: Disable network prefetch pref("network.dns.disablePrefetch", true); pref("network.dns.disablePrefetchFromHTTPS", true); +pref("dom.prefetch_dns_for_anchor_http_document", false); +pref("dom.prefetch_dns_for_anchor_https_document", false); + pref("network.protocol-handler.external-default", false); pref("network.protocol-handler.external.mailto", false); pref("network.protocol-handler.external.news", false); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/e02979b… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/e02979b… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.2.0esr-14.0-1] fixup! Firefox preference overrides.
by ma1 (＠ma1) 31 Aug '24

31 Aug '24

ma1 pushed to branch tor-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 546ec417 by Morgan at 2024-08-29T23:43:47+00:00 fixup! Firefox preference overrides. Bug 42684: Disable network prefetch - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -459,8 +459,12 @@ pref("privacy.purge_trackers.enabled", false); // credentials dialogs. Hardens against potential credentials phishing. pref("network.auth.subresource-http-auth-allow", 1); +// tor-browser#42684: Disable network prefetch pref("network.dns.disablePrefetch", true); pref("network.dns.disablePrefetchFromHTTPS", true); +pref("dom.prefetch_dns_for_anchor_http_document", false); +pref("dom.prefetch_dns_for_anchor_https_document", false); + pref("network.protocol-handler.external-default", false); pref("network.protocol-handler.external.mailto", false); pref("network.protocol-handler.external.news", false); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/546ec41… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/546ec41… You're receiving this email because of your account on gitlab.torproject.org.

1 0