Closed Bug 1948285 Opened 10 days ago Closed 6 days ago

[wpt-sync] Sync PR 50712 - [Signature-based SRI] Support `ed25519-...` assertions in CSP.

Categories

(Core :: DOM: Security, task, P4)

Product:
Core
Component:
DOM: Security
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
137 Branch
Tracking Flags:
Tracking Status
firefox137 --- fixed

People

(Reporter: wpt-sync, Unassigned)

References

(
URL
)

Details

(Whiteboard: [wptsync downstream])

Sync web-platform-tests PR 50712 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/50712
Details from upstream follow.

Mike West <mkwst@chromium.org> wrote:

[Signature-based SRI] Support ed25519-... assertions in CSP.

As noted in https://github.com/wicg/signature-based-sri/issues/36, we
should support signature-based assertions in CSP. This CL makes the
smallest change necessary to support the functionality, but we'll likely
want to come back to refactor/rename some things in CSP's infrastructure
now that we're supporting more than hashes.

Bug: 396434688
Change-Id: Ib52e88df46b9828722e986f49901ba712febef02
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6268639
Reviewed-by: Yoav Weiss (@Shopify) \<yoavweiss@chromium.org>
Reviewed-by: Antonio Sartori \<antoniosartori@chromium.org>
Commit-Queue: Mike West \<mkwst@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1420462}

Component: web-platform-tests → DOM: Security
Product: Testing → Core

CI Results

Ran 9 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI

Total 7 tests and 14 subtests

Status Summary

Firefox

OK : 6
PASS : 56
FAIL : 44
ERROR: 1

Chrome

OK : 7
PASS : 78
FAIL : 22

Safari

OK : 6
PASS : 56
FAIL : 44
ERROR: 1

Links

Gecko CI (Treeherder)
GitHub PR Head
GitHub PR Base

Details

New Tests That Don't Pass

  • /subresource-integrity/signatures/tentative/csp.window.html [wpt.fyi]
    • <script>: Valid signature, valid integrity check: loads.: FAIL (Chrome: FAIL, Safari: FAIL)
    • <script>: Valid signatures, integrity check matches one: loads.: FAIL (Chrome: FAIL, Safari: FAIL)
  • /subresource-integrity/signatures/tentative/fetch.any.sharedworker.html [wpt.fyi]
    • fetch(): No signature, valid integrity check: blocked.: FAIL (Chrome: PASS, Safari: FAIL)
    • fetch(): Valid signature, matching integrity check: loads.: FAIL (Chrome: FAIL, Safari: FAIL)
    • fetch(): Valid signature, mismatched integrity check: blocked.: FAIL (Chrome: PASS, Safari: FAIL)
    • fetch(): Valid signature, one valid integrity check: loads.: FAIL (Chrome: FAIL, Safari: FAIL)
    • fetch(): Invalid signature, no integrity check: blocked.: FAIL (Chrome: FAIL, Safari: FAIL)
    • fetch(): Invalid signature, malformed integrity check: blocked.: FAIL (Chrome: FAIL, Safari: FAIL)
    • fetch(): Invalid signature, matching integrity check: blocked.: FAIL (Chrome: FAIL, Safari: FAIL)
    • fetch(): Invalid signature, mismatched integrity check: blocked.: FAIL (Chrome: PASS, Safari: FAIL)
    • fetch(): Invalid signature, one valid integrity check: blocked.: FAIL (Chrome: FAIL, Safari: FAIL)
  • /subresource-integrity/signatures/tentative/fetch.any.html [wpt.fyi]
    • fetch(): No signature, valid integrity check: blocked.: FAIL (Chrome: PASS, Safari: FAIL)
    • fetch(): Valid signature, matching integrity check: loads.: FAIL (Chrome: FAIL, Safari: FAIL)
    • fetch(): Valid signature, mismatched integrity check: blocked.: FAIL (Chrome: PASS, Safari: FAIL)
    • fetch(): Valid signature, one valid integrity check: loads.: FAIL (Chrome: FAIL, Safari: FAIL)
    • fetch(): Invalid signature, no integrity check: blocked.: FAIL (Chrome: FAIL, Safari: FAIL)
    • fetch(): Invalid signature, malformed integrity check: blocked.: FAIL (Chrome: FAIL, Safari: FAIL)
    • fetch(): Invalid signature, matching integrity check: blocked.: FAIL (Chrome: FAIL, Safari: FAIL)
    • fetch(): Invalid signature, mismatched integrity check: blocked.: FAIL (Chrome: PASS, Safari: FAIL)
    • fetch(): Invalid signature, one valid integrity check: blocked.: FAIL (Chrome: FAIL, Safari: FAIL)
  • /subresource-integrity/signatures/tentative/fetch.any.worker.html [wpt.fyi]
    • fetch(): No signature, valid integrity check: blocked.: FAIL (Chrome: PASS, Safari: FAIL)
    • fetch(): Valid signature, matching integrity check: loads.: FAIL (Chrome: FAIL, Safari: FAIL)
    • fetch(): Valid signature, mismatched integrity check: blocked.: FAIL (Chrome: PASS, Safari: FAIL)
    • fetch(): Valid signature, one valid integrity check: loads.: FAIL (Chrome: FAIL, Safari: FAIL)
    • fetch(): Invalid signature, no integrity check: blocked.: FAIL (Chrome: FAIL, Safari: FAIL)
    • fetch(): Invalid signature, malformed integrity check: blocked.: FAIL (Chrome: FAIL, Safari: FAIL)
    • fetch(): Invalid signature, matching integrity check: blocked.: FAIL (Chrome: FAIL, Safari: FAIL)
    • fetch(): Invalid signature, mismatched integrity check: blocked.: FAIL (Chrome: PASS, Safari: FAIL)
    • fetch(): Invalid signature, one valid integrity check: blocked.: FAIL (Chrome: FAIL, Safari: FAIL)
  • /subresource-integrity/signatures/tentative/inline.html [wpt.fyi]
    • valid signature, no integrity => blocked: FAIL (Chrome: PASS, Safari: FAIL)
    • valid signature, invalid integrity => blocked: FAIL (Chrome: PASS, Safari: FAIL)
    • multiple signature, no integrity => blocked: FAIL (Chrome: PASS, Safari: FAIL)
    • multiple signature, invalid integrity => blocked: FAIL (Chrome: PASS, Safari: FAIL)
    • SVG valid signature, no integrity => blocked: FAIL (Chrome: PASS, Safari: FAIL)
    • SVG valid signature, invalid integrity => blocked: FAIL (Chrome: PASS, Safari: FAIL)
  • /subresource-integrity/signatures/tentative/path.window.html [wpt.fyi]
    • fetch(): Valid signature (signature=:7tDPtzmoGvVu/qv3xJgdlyy5ss6FobmL0aR7Gzez3BvyTMSlIOb4ErCNRDyCMK4UesKSwfOrIH1y7xgAdr/OBw==:), matching integrity check: loads.: FAIL (Chrome: FAIL, Safari: FAIL)
    • fetch(): Valid signature (signature=:7tDPtzmoGvVu/qv3xJgdlyy5ss6FobmL0aR7Gzez3BvyTMSlIOb4ErCNRDyCMK4UesKSwfOrIH1y7xgAdr/OBw==:), mismatched integrity check: blocked.: FAIL (Chrome: PASS, Safari: FAIL)
    • <script>: Valid signature (signature=:7tDPtzmoGvVu/qv3xJgdlyy5ss6FobmL0aR7Gzez3BvyTMSlIOb4ErCNRDyCMK4UesKSwfOrIH1y7xgAdr/OBw==:), mismatched integrity check: blocked.: FAIL (Chrome: PASS, Safari: FAIL)
    • fetch(): Valid signature (signature=:nw0vxi/Gj/UDbKTFddPEwKYAP5crT1sE916F+/rjb55LUaoxJcXDFPfUINzMOpHI5i6g6pn9tCOoFb6KwjXGDQ==:), matching integrity check: loads.: FAIL (Chrome: FAIL, Safari: FAIL)
    • fetch(): Valid signature (signature=:nw0vxi/Gj/UDbKTFddPEwKYAP5crT1sE916F+/rjb55LUaoxJcXDFPfUINzMOpHI5i6g6pn9tCOoFb6KwjXGDQ==:), mismatched integrity check: blocked.: FAIL (Chrome: PASS, Safari: FAIL)
    • <script>: Valid signature (signature=:nw0vxi/Gj/UDbKTFddPEwKYAP5crT1sE916F+/rjb55LUaoxJcXDFPfUINzMOpHI5i6g6pn9tCOoFb6KwjXGDQ==:), mismatched integrity check: blocked.: FAIL (Chrome: PASS, Safari: FAIL)
  • /subresource-integrity/signatures/tentative/script.window.html [wpt.fyi]: ERROR (Chrome: OK, Safari: ERROR)
    • <script>: No signature, integrity check: blocked.: FAIL (Chrome: PASS, Safari: FAIL)
    • <script>: Valid signature, mismatched integrity check: blocked.: FAIL (Chrome: PASS, Safari: FAIL)
    • <script>: Valid signatures, integrity check matches neither: blocked.: FAIL (Chrome: PASS, Safari: FAIL)
Pushed by wptsync@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/4e394612c012 [wpt PR 50712] - [Signature-based SRI] Support `ed25519-...` assertions in CSP., a=testonly https://hg.mozilla.org/integration/autoland/rev/e7e62e03e3a6 [wpt PR 50712] - Update wpt metadata, a=testonly

https://hg.mozilla.org/mozilla-central/rev/4e394612c012
https://hg.mozilla.org/mozilla-central/rev/e7e62e03e3a6

Status: NEW → RESOLVED
Closed: 6 days ago
status-firefox137: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 137 Branch
You need to log in before you can comment on or make changes to this bug.