Disallow identical names for the Encryption and Crypto-Key headers

This is to be enforced per the following spec change: https://github.com/martinthomson/http-encryption/commit/d11c8263ef3a9fa9cec261898b5d462162045099 BUG=538576 Review-Url: https://codereview.chromium.org/2106333003 Cr-Commit-Position: refs/heads/master@{#403352}

Disallow identical names for the Encryption and Crypto-Key headers
This is to be enforced per the following spec change: https://github.com/martinthomson/http-encryption/commit/d11c8263ef3a9fa9cec261898b5d462162045099 BUG=538576 Review-Url: https://codereview.chromium.org/2106333003 Cr-Commit-Position: refs/heads/master@{#403352}
7da94ee9 · peter · Commit bot · 24e3e377 · 7da94ee9 · 7da94ee9
Commit 7da94ee9 authored Jun 30, 2016 by peter Committed by Commit bot Jun 30, 2016
2 changed files
--- a/components/gcm_driver/crypto/encryption_header_parsers.cc
+++ b/components/gcm_driver/crypto/encryption_header_parsers.cc
@@ -75,6 +75,10 @@ bool EncryptionHeaderIterator::GetNext() {
      net::HttpUtil::NameValuePairsIterator::Values::REQUIRED,
      net::HttpUtil::NameValuePairsIterator::Quotes::NOT_STRICT);

+  bool found_keyid = false;
+  bool found_salt = false;
+  bool found_rs = false;
+
  while (name_value_pairs.GetNext()) {
    const base::StringPiece name(name_value_pairs.name_begin(),
                                 name_value_pairs.name_end());
@@ -82,13 +86,18 @@ bool EncryptionHeaderIterator::GetNext() {
                                  name_value_pairs.value_end());

    if (base::LowerCaseEqualsASCII(name, "keyid")) {
+      if (found_keyid)
+        return false;
      value.CopyToString(&keyid_);
+      found_keyid = true;
    } else if (base::LowerCaseEqualsASCII(name, "salt")) {
-      if (!ValueToDecodedString(value, &salt_))
+      if (found_salt || !ValueToDecodedString(value, &salt_))
        return false;
+      found_salt = true;
    } else if (base::LowerCaseEqualsASCII(name, "rs")) {
-      if (!RecordSizeToInt(value, &rs_))
+      if (found_rs || !RecordSizeToInt(value, &rs_))
        return false;
+      found_rs = true;
    } else {
      // Silently ignore unknown directives for forward compatibility.
    }
@@ -117,6 +126,10 @@ bool CryptoKeyHeaderIterator::GetNext() {
      net::HttpUtil::NameValuePairsIterator::Values::REQUIRED,
      net::HttpUtil::NameValuePairsIterator::Quotes::NOT_STRICT);

+  bool found_keyid = false;
+  bool found_aesgcm128 = false;
+  bool found_dh = false;
+
  while (name_value_pairs.GetNext()) {
    const base::StringPiece name(name_value_pairs.name_begin(),
                                 name_value_pairs.name_end());
@@ -124,13 +137,18 @@ bool CryptoKeyHeaderIterator::GetNext() {
                                  name_value_pairs.value_end());

    if (base::LowerCaseEqualsASCII(name, "keyid")) {
+      if (found_keyid)
+        return false;
      value.CopyToString(&keyid_);
+      found_keyid = true;
    } else if (base::LowerCaseEqualsASCII(name, "aesgcm128")) {
-      if (!ValueToDecodedString(value, &aesgcm128_))
+      if (found_aesgcm128 || !ValueToDecodedString(value, &aesgcm128_))
        return false;
+      found_aesgcm128 = true;
    } else if (base::LowerCaseEqualsASCII(name, "dh")) {
-      if (!ValueToDecodedString(value, &dh_))
+      if (found_dh || !ValueToDecodedString(value, &dh_))
        return false;
+      found_dh = true;
    } else {
      // Silently ignore unknown directives for forward compatibility.
    }

--- a/components/gcm_driver/crypto/encryption_header_parsers_unittest.cc
+++ b/components/gcm_driver/crypto/encryption_header_parsers_unittest.cc
@@ -42,7 +42,6 @@ TEST(EncryptionHeaderParsersTest, ParseValidEncryptionHeaders) {
      "", "sixteencoolbytes", kDefaultRecordSize },
    { "rs=2048", "", "", 2048 },
    { "keyid=foo;someothervalue=1;rs=42", "foo", "", 42 },
-    { "keyid=foo;keyid=bar", "bar", "", kDefaultRecordSize },
  };

  for (size_t i = 0; i < arraysize(expected_results); i++) {
@@ -116,6 +115,10 @@ TEST(EncryptionHeaderParsersTest, ParseInvalidEncryptionHeaders) {
    "rs",
    "rs=",

+    // Supplying the same name multiple times in the same value is invalid.
+    "keyid=foo;keyid=bar",
+    "keyid=foo;bar=baz;keyid=qux",
+
    // The salt must be a URL-safe base64 decodable string.
    "salt=YmV/2ZXJ-sMDA",
    "salt=dHdlbHZlY29vbGJ5dGVz=====",
@@ -187,7 +190,6 @@ TEST(EncryptionHeaderParsersTest, ParseValidCryptoKeyHeaders) {
    { "dh=dHdlbHZlY29vbGJ5dGVz", "", "", "twelvecoolbytes" },
    { "keyid=foo;someothervalue=bar;aesgcm128=dHdlbHZlY29vbGJ5dGVz",
      "foo", "twelvecoolbytes", "" },
-    { "keyid=foo;keyid=bar", "bar", "", "" },
  };

  for (size_t i = 0; i < arraysize(expected_results); i++) {
@@ -262,6 +264,10 @@ TEST(EncryptionHeaderParsersTest, ParseInvalidCryptoKeyHeaders) {
    "dh",
    "dh=",

+    // Supplying the same name multiple times in the same value is invalid.
+    "keyid=foo;keyid=bar",
+    "keyid=foo;bar=baz;keyid=qux",
+
    // The "aesgcm128" parameter must be a URL-safe base64 decodable string.
    "aesgcm128=123$xyz",
    "aesgcm128=foobar;aesgcm128=123$xyz",