Implement SHA-256 fingerprint support
The HTTP-based Public Key Pinning Internet Draft
(tools.ietf.org/html/draft-ietf-websec-key-pinning) requires this.
Per wtc, give the *Fingeprint* types more meaningful *HashValue* names.
Cleaning up lint along the way.
BUG=117914
TEST=net_unittests, unit_tests TransportSecurityPersisterTest
Review URL: https://chromiumcodereview.appspot.com/10826257
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@155365 0039d316-1c4b-4281-b951-d872f2087c98
diff --git a/net/base/transport_security_state_unittest.cc b/net/base/transport_security_state_unittest.cc
index ec20313..4b0aeadf 100644
--- a/net/base/transport_security_state_unittest.cc
+++ b/net/base/transport_security_state_unittest.cc
@@ -6,11 +6,13 @@
#include <algorithm>
#include <string>
+#include <vector>
#include "base/base64.h"
#include "base/file_path.h"
#include "base/sha1.h"
#include "base/string_piece.h"
+#include "crypto/sha2.h"
#include "net/base/asn1_util.h"
#include "net/base/cert_test_util.h"
#include "net/base/cert_verifier.h"
@@ -20,6 +22,7 @@
#include "net/base/ssl_info.h"
#include "net/base/test_completion_callback.h"
#include "net/base/test_root_certs.h"
+#include "net/base/x509_cert_types.h"
#include "net/base/x509_certificate.h"
#include "net/http/http_util.h"
#include "testing/gtest/include/gtest/gtest.h"
@@ -91,7 +94,7 @@
}
static bool GetPublicKeyHash(const net::X509Certificate::OSCertHandle& cert,
- SHA1Fingerprint* fingerprint) {
+ HashValue* hash) {
std::string der_bytes;
if (!net::X509Certificate::GetDEREncoded(cert, &der_bytes))
return false;
@@ -100,28 +103,50 @@
if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki))
return false;
- base::SHA1HashBytes(reinterpret_cast<const unsigned char*>(spki.data()),
- spki.size(), fingerprint->data);
+ switch (hash->tag) {
+ case HASH_VALUE_SHA1:
+ base::SHA1HashBytes(reinterpret_cast<const unsigned char*>(spki.data()),
+ spki.size(), hash->data());
+ break;
+ case HASH_VALUE_SHA256:
+ crypto::SHA256HashString(spki, hash->data(), crypto::kSHA256Length);
+ break;
+ default:
+ NOTREACHED() << "Unknown HashValueTag " << hash->tag;
+ }
+
return true;
}
-static std::string GetPinFromCert(X509Certificate* cert) {
- SHA1Fingerprint spki_hash;
+static std::string GetPinFromCert(X509Certificate* cert, HashValueTag tag) {
+ HashValue spki_hash(tag);
EXPECT_TRUE(GetPublicKeyHash(cert->os_cert_handle(), &spki_hash));
std::string base64;
- base::Base64Encode(base::StringPiece(reinterpret_cast<char*>(spki_hash.data),
- sizeof(spki_hash.data)),
- &base64);
- return "pin-sha1=" + HttpUtil::Quote(base64);
+ base::Base64Encode(base::StringPiece(
+ reinterpret_cast<char*>(spki_hash.data()), spki_hash.size()), &base64);
+
+ std::string label;
+ switch (tag) {
+ case HASH_VALUE_SHA1:
+ label = "pin-sha1=";
+ break;
+ case HASH_VALUE_SHA256:
+ label = "pin-sha256=";
+ break;
+ default:
+ NOTREACHED() << "Unknown HashValueTag " << tag;
+ }
+
+ return label + HttpUtil::Quote(base64);
}
-TEST_F(TransportSecurityStateTest, BogusPinsHeaders) {
+static void TestBogusPinsHeaders(HashValueTag tag) {
TransportSecurityState::DomainState state;
SSLInfo ssl_info;
ssl_info.cert =
ImportCertFromFile(GetTestCertsDirectory(), "test_mail_google_com.pem");
- std::string good_pin = GetPinFromCert(ssl_info.cert);
+ std::string good_pin = GetPinFromCert(ssl_info.cert, tag);
base::Time now = base::Time::Now();
// The backup pin is fake --- it just has to not be in the chain.
@@ -180,6 +205,14 @@
EXPECT_FALSE(state.include_subdomains);
}
+TEST_F(TransportSecurityStateTest, BogusPinsHeadersSHA1) {
+ TestBogusPinsHeaders(HASH_VALUE_SHA1);
+}
+
+TEST_F(TransportSecurityStateTest, BogusPinsHeadersSHA256) {
+ TestBogusPinsHeaders(HASH_VALUE_SHA256);
+}
+
TEST_F(TransportSecurityStateTest, ValidSTSHeaders) {
TransportSecurityState::DomainState state;
base::Time expiry;
@@ -240,7 +273,7 @@
EXPECT_TRUE(state.include_subdomains);
}
-TEST_F(TransportSecurityStateTest, ValidPinsHeaders) {
+static void TestValidPinsHeaders(HashValueTag tag) {
TransportSecurityState::DomainState state;
base::Time expiry;
base::Time now = base::Time::Now();
@@ -280,7 +313,8 @@
// Normally, ssl_client_socket_nss would do this, but for a unit test we
// fake it.
ssl_info.public_key_hashes = result.public_key_hashes;
- std::string good_pin = GetPinFromCert(ssl_info.cert);
+ std::string good_pin = GetPinFromCert(ssl_info.cert, /*tag*/HASH_VALUE_SHA1);
+ DLOG(WARNING) << "good pin: " << good_pin;
// The backup pin is fake --- we just need an SPKI hash that does not match
// the hash of any SPKI in the certificate chain.
@@ -356,6 +390,14 @@
EXPECT_EQ(expiry, state.dynamic_spki_hashes_expiry);
}
+TEST_F(TransportSecurityStateTest, ValidPinsHeadersSHA1) {
+ TestValidPinsHeaders(HASH_VALUE_SHA1);
+}
+
+TEST_F(TransportSecurityStateTest, ValidPinsHeadersSHA256) {
+ TestValidPinsHeaders(HASH_VALUE_SHA256);
+}
+
TEST_F(TransportSecurityStateTest, SimpleMatches) {
TransportSecurityState state;
TransportSecurityState::DomainState domain_state;
@@ -783,7 +825,7 @@
EXPECT_TRUE(state.GetDomainState("chrome.google.com", true, &domain_state));
EXPECT_TRUE(HasPins("chrome.google.com"));
- FingerprintVector hashes;
+ HashValueVector hashes;
// Checks that a built-in list does exist.
EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(hashes));
EXPECT_FALSE(HasPins("www.paypal.com"));
@@ -829,18 +871,14 @@
}
static bool AddHash(const std::string& type_and_base64,
- FingerprintVector* out) {
- std::string hash_str;
- if (type_and_base64.find("sha1/") == 0 &&
- base::Base64Decode(type_and_base64.substr(5, type_and_base64.size() - 5),
- &hash_str) &&
- hash_str.size() == base::kSHA1Length) {
- SHA1Fingerprint hash;
- memcpy(hash.data, hash_str.data(), sizeof(hash.data));
- out->push_back(hash);
- return true;
- }
- return false;
+ HashValueVector* out) {
+ HashValue hash;
+
+ if (!TransportSecurityState::ParsePin(type_and_base64, &hash))
+ return false;
+
+ out->push_back(hash);
+ return true;
}
TEST_F(TransportSecurityStateTest, PinValidationWithRejectedCerts) {
@@ -862,7 +900,7 @@
NULL,
};
- std::vector<net::SHA1Fingerprint> good_hashes, bad_hashes;
+ HashValueVector good_hashes, bad_hashes;
for (size_t i = 0; kGoodPath[i]; i++) {
EXPECT_TRUE(AddHash(kGoodPath[i], &good_hashes));
@@ -898,7 +936,7 @@
NULL,
};
- std::vector<net::SHA1Fingerprint> good_hashes, bad_hashes;
+ HashValueVector good_hashes, bad_hashes;
for (size_t i = 0; kGoodPath[i]; i++) {
EXPECT_TRUE(AddHash(kGoodPath[i], &good_hashes));
@@ -916,6 +954,100 @@
EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(bad_hashes));
}
+TEST_F(TransportSecurityStateTest, PinValidationWithRejectedCertsMixedHashes) {
+ static const char* ee_sha1 = "sha1/4BjDjn8v2lWeUFQnqSs0BgbIcrU=";
+ static const char* ee_sha256 =
+ "sha256/sRJBQqWhpaKIGcc1NA7/jJ4vgWj+47oYfyU7waOS1+I=";
+ static const char* google_1024_sha1 = "sha1/QMVAHW+MuvCLAO3vse6H0AWzuc0=";
+ static const char* google_1024_sha256 =
+ "sha256/trlUMquuV/4CDLK3T0+fkXPIxwivyecyrOIyeQR8bQU=";
+ static const char* equifax_sha1 = "sha1/SOZo+SvSspXXR9gjIBBPM5iQn9Q=";
+ static const char* equifax_sha256 =
+ "sha256//1aAzXOlcD2gSBegdf1GJQanNQbEuBoVg+9UlHjSZHY=";
+ static const char* trustcenter_sha1 = "sha1/gzuEEAB/bkqdQS3EIjk2by7lW+k=";
+ static const char* trustcenter_sha256 =
+ "sha256/Dq58KIA4NMLsboWMLU8/aTREzaAGEFW+EtUule8dd/M=";
+
+ // Good chains for plus.google.com chain up through google_1024_sha{1,256}
+ // to equifax_sha{1,256}. Bad chains chain up to Equifax through
+ // trustcenter_sha{1,256}, which is a blacklisted key. Even though Equifax
+ // and Google1024 are known-good, the blacklistedness of Trustcenter
+ // should override and cause pin validation failure.
+
+ TransportSecurityState state;
+ TransportSecurityState::DomainState domain_state;
+ EXPECT_TRUE(state.GetDomainState("plus.google.com", true, &domain_state));
+ EXPECT_TRUE(domain_state.HasPins());
+
+ // The statically-defined pins are all SHA-1, so we add some SHA-256 pins
+ // manually:
+ EXPECT_TRUE(AddHash(google_1024_sha256, &domain_state.static_spki_hashes));
+ EXPECT_TRUE(AddHash(trustcenter_sha256,
+ &domain_state.bad_static_spki_hashes));
+
+ // Try an all-good SHA1 chain.
+ HashValueVector validated_chain;
+ EXPECT_TRUE(AddHash(ee_sha1, &validated_chain));
+ EXPECT_TRUE(AddHash(google_1024_sha1, &validated_chain));
+ EXPECT_TRUE(AddHash(equifax_sha1, &validated_chain));
+ EXPECT_TRUE(domain_state.IsChainOfPublicKeysPermitted(validated_chain));
+
+ // Try an all-bad SHA1 chain.
+ validated_chain.clear();
+ EXPECT_TRUE(AddHash(ee_sha1, &validated_chain));
+ EXPECT_TRUE(AddHash(trustcenter_sha1, &validated_chain));
+ EXPECT_TRUE(AddHash(equifax_sha1, &validated_chain));
+ EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(validated_chain));
+
+ // Try an all-good SHA-256 chain.
+ validated_chain.clear();
+ EXPECT_TRUE(AddHash(ee_sha256, &validated_chain));
+ EXPECT_TRUE(AddHash(google_1024_sha256, &validated_chain));
+ EXPECT_TRUE(AddHash(equifax_sha256, &validated_chain));
+ EXPECT_TRUE(domain_state.IsChainOfPublicKeysPermitted(validated_chain));
+
+ // Try an all-bad SHA-256 chain.
+ validated_chain.clear();
+ EXPECT_TRUE(AddHash(ee_sha256, &validated_chain));
+ EXPECT_TRUE(AddHash(trustcenter_sha256, &validated_chain));
+ EXPECT_TRUE(AddHash(equifax_sha256, &validated_chain));
+ EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(validated_chain));
+
+ // Try a mixed-hash good chain.
+ validated_chain.clear();
+ EXPECT_TRUE(AddHash(ee_sha256, &validated_chain));
+ EXPECT_TRUE(AddHash(google_1024_sha1, &validated_chain));
+ EXPECT_TRUE(AddHash(equifax_sha256, &validated_chain));
+ EXPECT_TRUE(domain_state.IsChainOfPublicKeysPermitted(validated_chain));
+
+ // Try a mixed-hash bad chain.
+ validated_chain.clear();
+ EXPECT_TRUE(AddHash(ee_sha1, &validated_chain));
+ EXPECT_TRUE(AddHash(trustcenter_sha256, &validated_chain));
+ EXPECT_TRUE(AddHash(equifax_sha1, &validated_chain));
+ EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(validated_chain));
+
+ // Try a chain with all good hashes.
+ validated_chain.clear();
+ EXPECT_TRUE(AddHash(ee_sha1, &validated_chain));
+ EXPECT_TRUE(AddHash(google_1024_sha1, &validated_chain));
+ EXPECT_TRUE(AddHash(equifax_sha1, &validated_chain));
+ EXPECT_TRUE(AddHash(ee_sha256, &validated_chain));
+ EXPECT_TRUE(AddHash(google_1024_sha256, &validated_chain));
+ EXPECT_TRUE(AddHash(equifax_sha256, &validated_chain));
+ EXPECT_TRUE(domain_state.IsChainOfPublicKeysPermitted(validated_chain));
+
+ // Try a chain with all bad hashes.
+ validated_chain.clear();
+ EXPECT_TRUE(AddHash(ee_sha1, &validated_chain));
+ EXPECT_TRUE(AddHash(trustcenter_sha1, &validated_chain));
+ EXPECT_TRUE(AddHash(equifax_sha1, &validated_chain));
+ EXPECT_TRUE(AddHash(ee_sha256, &validated_chain));
+ EXPECT_TRUE(AddHash(trustcenter_sha256, &validated_chain));
+ EXPECT_TRUE(AddHash(equifax_sha256, &validated_chain));
+ EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(validated_chain));
+}
+
TEST_F(TransportSecurityStateTest, OptionalHSTSCertPins) {
TransportSecurityState state;
TransportSecurityState::DomainState domain_state;
