diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog index 9712df0dc750d..bf21221af5a12 100644 --- a/LayoutTests/ChangeLog +++ b/LayoutTests/ChangeLog @@ -1,3 +1,20 @@ +2021-03-08 John Wilander + + PCM: Align fraud prevention token naming with issue 73 in the Privacy CG repo + https://bugs.webkit.org/show_bug.cgi?id=222838 + + + Reviewed by Brent Fulgham. + + This patch doesn't change functionality and only aligns naming to this W3C Privacy CG issue: + https://github.com/privacycg/private-click-measurement/issues/73 + + * http/tests/privateClickMeasurement/resources/fraudPreventionTestURL.php: Renamed from LayoutTests/http/tests/privateClickMeasurement/resources/signToken.php. + The way this PHP file is used goes beyond signing tokens so it now has a generic name. + * http/tests/privateClickMeasurement/store-private-click-measurement-with-source-nonce-expected.txt: + Re-baselined to reflect the new naming. + * http/tests/privateClickMeasurement/store-private-click-measurement-with-source-nonce.html: + 2021-03-06 Ryan Haddad REGRESSION (r269627?): ASSERTION FAILED: &layoutState().establishedFormattingState(layoutBox.formattingContextRoot()) == this in WebCore::Layout::FormattingState::boxGeometry diff --git a/LayoutTests/http/tests/privateClickMeasurement/resources/signToken.php b/LayoutTests/http/tests/privateClickMeasurement/resources/fraudPreventionTestURL.php similarity index 100% rename from LayoutTests/http/tests/privateClickMeasurement/resources/signToken.php rename to LayoutTests/http/tests/privateClickMeasurement/resources/fraudPreventionTestURL.php diff --git a/LayoutTests/http/tests/privateClickMeasurement/store-private-click-measurement-with-source-nonce-expected.txt b/LayoutTests/http/tests/privateClickMeasurement/store-private-click-measurement-with-source-nonce-expected.txt index 6f8304e3aae75..486c5e2ccb72e 100644 --- a/LayoutTests/http/tests/privateClickMeasurement/store-private-click-measurement-with-source-nonce-expected.txt +++ b/LayoutTests/http/tests/privateClickMeasurement/store-private-click-measurement-with-source-nonce-expected.txt @@ -8,30 +8,30 @@ Frame: '' Token signing request received. REQUEST_METHOD: GET HTTP_HOST: 127.0.0.1:8000 -REQUEST_URI: /privateClickMeasurement/resources/signToken.php +REQUEST_URI: /privateClickMeasurement/resources/fraudPreventionTestURL.php No cookies in token signing request. Request body: REQUEST_METHOD: POST HTTP_HOST: 127.0.0.1:8000 Content type: application/json -REQUEST_URI: /privateClickMeasurement/resources/signToken.php +REQUEST_URI: /privateClickMeasurement/resources/fraudPreventionTestURL.php No cookies in token signing request. Request body: -{"source_engagement_type":"click","source_nonce":"ABCDEFabcdef0123456789","source_secret_token":"secretToken","version":2} +{"source_engagement_type":"click","source_nonce":"ABCDEFabcdef0123456789","source_unlinkable_token":"unlinkableToken","version":2} REQUEST_METHOD: GET HTTP_HOST: 127.0.0.1:8000 -REQUEST_URI: /privateClickMeasurement/resources/signToken.php +REQUEST_URI: /privateClickMeasurement/resources/fraudPreventionTestURL.php No cookies in token signing request. Request body: REQUEST_METHOD: POST HTTP_HOST: 127.0.0.1:8000 Content type: application/json -REQUEST_URI: /privateClickMeasurement/resources/signToken.php +REQUEST_URI: /privateClickMeasurement/resources/fraudPreventionTestURL.php No cookies in token signing request. Request body: -{"source_engagement_type":"click","source_site":"127.0.0.1","source_id":3,"attributed_on_site":"localhost","trigger_data":12,"version":2,"source_unlinkable_token":"unlinkableToken","source_unlinkable_token_signature":"signature"} +{"source_engagement_type":"click","source_site":"127.0.0.1","source_id":3,"attributed_on_site":"localhost","trigger_data":12,"version":2,"source_secret_token":"secretToken","source_secret_token_signature":"signature"} No stored Private Click Measurement data. diff --git a/LayoutTests/http/tests/privateClickMeasurement/store-private-click-measurement-with-source-nonce.html b/LayoutTests/http/tests/privateClickMeasurement/store-private-click-measurement-with-source-nonce.html index a544a9aed0e72..c3624a72d654d 100644 --- a/LayoutTests/http/tests/privateClickMeasurement/store-private-click-measurement-with-source-nonce.html +++ b/LayoutTests/http/tests/privateClickMeasurement/store-private-click-measurement-with-source-nonce.html @@ -51,11 +51,11 @@ function runTest() { if (window.testRunner) { if (!window.location.search) { - testRunner.setPrivateClickMeasurementTokenPublicKeyURLForTesting("http://127.0.0.1:8000/privateClickMeasurement/resources/signToken.php?dummy=" + dummy); - testRunner.setPrivateClickMeasurementTokenSignatureURLForTesting("http://127.0.0.1:8000/privateClickMeasurement/resources/signToken.php?dummy=" + dummy); - testRunner.setPrivateClickMeasurementAttributionReportURLForTesting("http://127.0.0.1:8000/privateClickMeasurement/resources/signToken.php?dummy=" + dummy + "&last=true"); + testRunner.setPrivateClickMeasurementTokenPublicKeyURLForTesting("http://127.0.0.1:8000/privateClickMeasurement/resources/fraudPreventionTestURL.php?dummy=" + dummy); + testRunner.setPrivateClickMeasurementTokenSignatureURLForTesting("http://127.0.0.1:8000/privateClickMeasurement/resources/fraudPreventionTestURL.php?dummy=" + dummy); + testRunner.setPrivateClickMeasurementAttributionReportURLForTesting("http://127.0.0.1:8000/privateClickMeasurement/resources/fraudPreventionTestURL.php?dummy=" + dummy + "&last=true"); testRunner.setPrivateClickMeasurementOverrideTimerForTesting(true); - testRunner.setFraudPreventionValuesForTesting("secretToken", "unlinkableToken", "signature", "WF3Ugg"); + testRunner.setPrivateClickMeasurementFraudPreventionValuesForTesting("unlinkableToken", "secretToken", "signature", "WF3Ugg"); targetLink.href = "http://localhost:8000/privateClickMeasurement/store-private-click-measurement-with-source-nonce.html?dummy=" + dummy; activateElement("targetLink"); diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog index 5509ec3a68999..f60e0bfc0b851 100644 --- a/Source/WebCore/ChangeLog +++ b/Source/WebCore/ChangeLog @@ -1,3 +1,43 @@ +2021-03-08 John Wilander + + PCM: Align fraud prevention token naming with issue 73 in the Privacy CG repo + https://bugs.webkit.org/show_bug.cgi?id=222838 + + + Reviewed by Brent Fulgham. + + This patch doesn't change functionality and only aligns naming to this W3C Privacy CG issue: + https://github.com/privacycg/private-click-measurement/issues/73 + + Naming for PCM fraud prevention is updated like this: + + /.well-known/private-click-measurement/sign-secret-token/ changed to + /.well-known/private-click-measurement/sign-unlinkable-token/ + + /.well-known/private-click-measurement/get-unlinkable-token-public-key/ changed to + /.well-known/private-click-measurement/get-token-public-key/ + + source_secret_token in requests for token signature changed to source_unlinkable_token + + source_unlinkable_token in attribution reports changed to source_secret_token + + Variable, member, and function names are being renamed similarly. + + * loader/PrivateClickMeasurement.cpp: + (WebCore::PrivateClickMeasurement::attributionReportJSON const): + (WebCore::PrivateClickMeasurement::tokenSignatureJSON const): + (WebCore::PrivateClickMeasurement::setSourceSecretToken): + (WebCore::PrivateClickMeasurement::SourceSecretToken::isValid const): + (WebCore::PrivateClickMeasurement::setSourceUnlinkableToken): Deleted. + (WebCore::PrivateClickMeasurement::SourceUnlinkableToken::isValid const): Deleted. + * loader/PrivateClickMeasurement.h: + (WebCore::PrivateClickMeasurement::setSourceUnlinkableTokenValue): + (WebCore::PrivateClickMeasurement::sourceUnlinkableToken const): + (WebCore::PrivateClickMeasurement::setSourceSecretTokenValue): Deleted. + * loader/cocoa/PrivateClickMeasurementCocoa.mm: + (WebCore::PrivateClickMeasurement::calculateAndUpdateSourceUnlinkableToken): + (WebCore::PrivateClickMeasurement::calculateAndUpdateSourceSecretToken): + 2021-03-08 Peng Liu [GPUP] Some media tests related to canvas fail when media in GPU Process is enabled diff --git a/Source/WebCore/loader/PrivateClickMeasurement.cpp b/Source/WebCore/loader/PrivateClickMeasurement.cpp index e565dfbee9ffd..5847b9932bcd8 100644 --- a/Source/WebCore/loader/PrivateClickMeasurement.cpp +++ b/Source/WebCore/loader/PrivateClickMeasurement.cpp @@ -37,8 +37,8 @@ namespace WebCore { static const char privateClickMeasurementTriggerAttributionPath[] = "/.well-known/private-click-measurement/trigger-attribution/"; -static const char privateClickMeasurementTokenSignaturePath[] = "/.well-known/private-click-measurement/sign-secret-token/"; -static const char privateClickMeasurementTokenPublicKeyPath[] = "/.well-known/private-click-measurement/get-unlinkable-token-public-key/"; +static const char privateClickMeasurementTokenSignaturePath[] = "/.well-known/private-click-measurement/sign-unlinkable-token/"; +static const char privateClickMeasurementTokenPublicKeyPath[] = "/.well-known/private-click-measurement/get-token-public-key/"; static const char privateClickMeasurementReportAttributionPath[] = "/.well-known/private-click-measurement/report-attribution/"; const size_t privateClickMeasurementAttributionTriggerDataPathSegmentSize = 2; const size_t privateClickMeasurementPriorityPathSegmentSize = 2; @@ -146,9 +146,10 @@ Ref PrivateClickMeasurement::attributionReportJSON() const reportDetails->setInteger("trigger_data"_s, m_attributionTriggerData->data); reportDetails->setInteger("version"_s, 2); - if (m_sourceUnlinkableToken) { - reportDetails->setString("source_unlinkable_token"_s, m_sourceUnlinkableToken->tokenBase64URL); - reportDetails->setString("source_unlinkable_token_signature"_s, m_sourceUnlinkableToken->signatureBase64URL); + // This token has been kept secret this far and cannot be linked to the unlinkable token. + if (m_sourceSecretToken) { + reportDetails->setString("source_secret_token"_s, m_sourceSecretToken->tokenBase64URL); + reportDetails->setString("source_secret_token_signature"_s, m_sourceSecretToken->signatureBase64URL); } return reportDetails; @@ -212,24 +213,25 @@ Ref PrivateClickMeasurement::tokenSignatureJSON() const if (!m_ephemeralSourceNonce || !m_ephemeralSourceNonce->isValid()) return reportDetails; - if (m_sourceSecretToken.valueBase64URL.isEmpty()) + if (m_sourceUnlinkableToken.valueBase64URL.isEmpty()) return reportDetails; reportDetails->setString("source_engagement_type"_s, "click"_s); reportDetails->setString("source_nonce"_s, m_ephemeralSourceNonce->nonce); - reportDetails->setString("source_secret_token"_s, m_sourceSecretToken.valueBase64URL); + // This token can not be linked to the secret token. + reportDetails->setString("source_unlinkable_token"_s, m_sourceUnlinkableToken.valueBase64URL); reportDetails->setInteger("version"_s, 2); return reportDetails; } -void PrivateClickMeasurement::setSourceUnlinkableToken(SourceUnlinkableToken&& token) +void PrivateClickMeasurement::setSourceSecretToken(SourceSecretToken&& token) { if (!token.isValid()) return; - m_sourceUnlinkableToken = WTFMove(token); + m_sourceSecretToken = WTFMove(token); } -bool PrivateClickMeasurement::SourceUnlinkableToken::isValid() const +bool PrivateClickMeasurement::SourceSecretToken::isValid() const { return !(tokenBase64URL.isEmpty() || signatureBase64URL.isEmpty() || keyIDBase64URL.isEmpty()); } diff --git a/Source/WebCore/loader/PrivateClickMeasurement.h b/Source/WebCore/loader/PrivateClickMeasurement.h index 328c5d235f45f..f7c41e66c37c2 100644 --- a/Source/WebCore/loader/PrivateClickMeasurement.h +++ b/Source/WebCore/loader/PrivateClickMeasurement.h @@ -295,7 +295,7 @@ class PrivateClickMeasurement { Optional ephemeralSourceNonce() const { return m_ephemeralSourceNonce; }; void clearEphemeralSourceNonce() { m_ephemeralSourceNonce.reset(); }; - struct SourceUnlinkableToken { + struct SourceSecretToken { String tokenBase64URL; String signatureBase64URL; String keyIDBase64URL; @@ -304,13 +304,13 @@ class PrivateClickMeasurement { }; #if PLATFORM(COCOA) - WEBCORE_EXPORT bool calculateAndUpdateSourceSecretToken(const String& serverPublicKeyBase64URL); - WEBCORE_EXPORT bool calculateAndUpdateSourceUnlinkableToken(const String& serverResponseBase64URL); + WEBCORE_EXPORT bool calculateAndUpdateSourceUnlinkableToken(const String& serverPublicKeyBase64URL); + WEBCORE_EXPORT bool calculateAndUpdateSourceSecretToken(const String& serverResponseBase64URL); #endif - void setSourceSecretTokenValue(const String& value) { m_sourceSecretToken.valueBase64URL = value; } - const Optional& sourceUnlinkableToken() const { return m_sourceUnlinkableToken; } - WEBCORE_EXPORT void setSourceUnlinkableToken(SourceUnlinkableToken&&); + void setSourceUnlinkableTokenValue(const String& value) { m_sourceUnlinkableToken.valueBase64URL = value; } + const Optional& sourceUnlinkableToken() const { return m_sourceSecretToken; } + WEBCORE_EXPORT void setSourceSecretToken(SourceSecretToken&&); template void encode(Encoder&) const; template static Optional decode(Decoder&); @@ -328,7 +328,7 @@ class PrivateClickMeasurement { Optional m_attributionTriggerData; Optional m_earliestTimeToSend; - struct SourceSecretToken { + struct SourceUnlinkableToken { #if PLATFORM(COCOA) RetainPtr blinder; RetainPtr waitingToken; @@ -338,8 +338,8 @@ class PrivateClickMeasurement { }; Optional m_ephemeralSourceNonce; - SourceSecretToken m_sourceSecretToken; - Optional m_sourceUnlinkableToken; + SourceUnlinkableToken m_sourceUnlinkableToken; + Optional m_sourceSecretToken; }; template diff --git a/Source/WebCore/loader/cocoa/PrivateClickMeasurementCocoa.mm b/Source/WebCore/loader/cocoa/PrivateClickMeasurementCocoa.mm index 5d23d0225df2a..d1438fdcd1e48 100644 --- a/Source/WebCore/loader/cocoa/PrivateClickMeasurementCocoa.mm +++ b/Source/WebCore/loader/cocoa/PrivateClickMeasurementCocoa.mm @@ -30,7 +30,7 @@ namespace WebCore { -bool PrivateClickMeasurement::calculateAndUpdateSourceSecretToken(const String& serverPublicKeyBase64URL) +bool PrivateClickMeasurement::calculateAndUpdateSourceUnlinkableToken(const String& serverPublicKeyBase64URL) { #if HAVE(RSA_BSSA) { @@ -40,17 +40,17 @@ auto serverPublicKey = adoptNS([[NSData alloc] initWithBytes:serverPublicKeyData.data() length:serverPublicKeyData.size()]); // FIXME(222018): Check error. - m_sourceSecretToken.blinder = adoptNS([PAL::allocRSABSSATokenBlinderInstance() initWithPublicKey:serverPublicKey.get() error:nullptr]); - if (!m_sourceSecretToken.blinder) + m_sourceUnlinkableToken.blinder = adoptNS([PAL::allocRSABSSATokenBlinderInstance() initWithPublicKey:serverPublicKey.get() error:nullptr]); + if (!m_sourceUnlinkableToken.blinder) return false; } // FIXME(222018): Check error. - m_sourceSecretToken.waitingToken = [m_sourceSecretToken.blinder tokenWaitingActivationWithContent:nullptr error:nullptr]; - if (!m_sourceSecretToken.waitingToken) + m_sourceUnlinkableToken.waitingToken = [m_sourceUnlinkableToken.blinder tokenWaitingActivationWithContent:nullptr error:nullptr]; + if (!m_sourceUnlinkableToken.waitingToken) return false; - m_sourceSecretToken.valueBase64URL = WTF::base64URLEncode([m_sourceSecretToken.waitingToken blindedMessage].bytes, [m_sourceSecretToken.waitingToken blindedMessage].length); + m_sourceUnlinkableToken.valueBase64URL = WTF::base64URLEncode([m_sourceUnlinkableToken.waitingToken blindedMessage].bytes, [m_sourceUnlinkableToken.waitingToken blindedMessage].length); return true; #else UNUSED_PARAM(serverPublicKeyBase64URL); @@ -58,10 +58,10 @@ #endif // HAVE(RSA_BSSA) } -bool PrivateClickMeasurement::calculateAndUpdateSourceUnlinkableToken(const String& serverResponseBase64URL) +bool PrivateClickMeasurement::calculateAndUpdateSourceSecretToken(const String& serverResponseBase64URL) { #if HAVE(RSA_BSSA) - if (!m_sourceSecretToken.waitingToken) + if (!m_sourceUnlinkableToken.waitingToken) return false; { @@ -71,17 +71,17 @@ auto serverResponse = adoptNS([[NSData alloc] initWithBytes:serverResponseData.data() length:serverResponseData.size()]); // FIXME(222018): Check error. - m_sourceSecretToken.readyToken = [m_sourceSecretToken.waitingToken activateTokenWithServerResponse:serverResponse.get() error:nullptr]; - if (!m_sourceSecretToken.readyToken) + m_sourceUnlinkableToken.readyToken = [m_sourceUnlinkableToken.waitingToken activateTokenWithServerResponse:serverResponse.get() error:nullptr]; + if (!m_sourceUnlinkableToken.readyToken) return false; } - SourceUnlinkableToken token; - token.tokenBase64URL = WTF::base64URLEncode([m_sourceSecretToken.readyToken tokenContent].bytes, [m_sourceSecretToken.readyToken tokenContent].length); - token.keyIDBase64URL = WTF::base64URLEncode([m_sourceSecretToken.readyToken keyId].bytes, [m_sourceSecretToken.readyToken keyId].length); - token.signatureBase64URL = WTF::base64URLEncode([m_sourceSecretToken.readyToken signature].bytes, [m_sourceSecretToken.readyToken signature].length); + SourceSecretToken token; + token.tokenBase64URL = WTF::base64URLEncode([m_sourceUnlinkableToken.readyToken tokenContent].bytes, [m_sourceUnlinkableToken.readyToken tokenContent].length); + token.keyIDBase64URL = WTF::base64URLEncode([m_sourceUnlinkableToken.readyToken keyId].bytes, [m_sourceUnlinkableToken.readyToken keyId].length); + token.signatureBase64URL = WTF::base64URLEncode([m_sourceUnlinkableToken.readyToken signature].bytes, [m_sourceUnlinkableToken.readyToken signature].length); - m_sourceUnlinkableToken = WTFMove(token); + m_sourceSecretToken = WTFMove(token); return true; #else UNUSED_PARAM(serverResponseBase64URL); diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog index 93661739fb712..6f4b59cca057a 100644 --- a/Source/WebKit/ChangeLog +++ b/Source/WebKit/ChangeLog @@ -1,3 +1,61 @@ +2021-03-08 John Wilander + + PCM: Align fraud prevention token naming with issue 73 in the Privacy CG repo + https://bugs.webkit.org/show_bug.cgi?id=222838 + + + Reviewed by Brent Fulgham. + + This patch doesn't change functionality and only aligns naming to this W3C Privacy CG issue: + https://github.com/privacycg/private-click-measurement/issues/73 + + Naming for PCM fraud prevention is updated like this: + + /.well-known/private-click-measurement/sign-secret-token/ changed to + /.well-known/private-click-measurement/sign-unlinkable-token/ + + /.well-known/private-click-measurement/get-unlinkable-token-public-key/ changed to + /.well-known/private-click-measurement/get-token-public-key/ + + source_secret_token in requests for token signature changed to source_unlinkable_token + + source_unlinkable_token in attribution reports changed to source_secret_token + + Variable, member, and function names are being renamed similarly. + + * NetworkProcess/Classifier/ResourceLoadStatisticsDatabaseStore.cpp: + (WebKit::ResourceLoadStatisticsDatabaseStore::buildPrivateClickMeasurementFromDatabase): + * NetworkProcess/NetworkProcess.cpp: + (WebKit::NetworkProcess::setPCMFraudPreventionValuesForTesting): + (WebKit::NetworkProcess::setFraudPreventionValuesForTesting): Deleted. + Renamed setPCMFraudPreventionValuesForTesting() to make it more clear. + * NetworkProcess/NetworkProcess.h: + * NetworkProcess/NetworkProcess.messages.in: + * NetworkProcess/NetworkSession.cpp: + (WebKit::NetworkSession::setPCMFraudPreventionValuesForTesting): + (WebKit::NetworkSession::setFraudPreventionValuesForTesting): Deleted. + Renamed setPCMFraudPreventionValuesForTesting() to make it more clear. + * NetworkProcess/NetworkSession.h: + * NetworkProcess/PrivateClickMeasurementManager.cpp: + (WebKit::PrivateClickMeasurementManager::storeUnattributed): + (WebKit::PrivateClickMeasurementManager::getTokenPublicKey): + (WebKit::PrivateClickMeasurementManager::getSignedUnlinkableToken): + (WebKit::PrivateClickMeasurementManager::setPCMFraudPreventionValuesForTesting): + (WebKit::PrivateClickMeasurementManager::getSignedSecretToken): Deleted. + (WebKit::PrivateClickMeasurementManager::setFraudPreventionValuesForTesting): Deleted. + Renamed setPCMFraudPreventionValuesForTesting() to make it more clear. + * NetworkProcess/PrivateClickMeasurementManager.h: + * UIProcess/API/C/WKPage.cpp: + (WKPageSetPCMFraudPreventionValuesForTesting): + (WKPageSetFraudPreventionValuesForTesting): Deleted. + Renamed WKPageSetPCMFraudPreventionValuesForTesting() to make it more clear. + * UIProcess/API/C/WKPagePrivate.h: + * UIProcess/WebPageProxy.cpp: + (WebKit::WebPageProxy::setPCMFraudPreventionValuesForTesting): + (WebKit::WebPageProxy::setFraudPreventionValuesForTesting): Deleted. + Renamed setPCMFraudPreventionValuesForTesting() to make it more clear. + * UIProcess/WebPageProxy.h: + 2021-03-08 Aditya Keerthi [iOS]