search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge Chromium + Blink git repositories
[chromium-blink-merge.git] / net / cert / cert_verify_proc.cc
blobbb379ff000ccb2c7b70d38d9666f6a6dbac25e9c
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/cert/cert_verify_proc.h"
6
7 #include <stdint.h>
8
9 #include "base/metrics/histogram.h"
10 #include "base/metrics/histogram_macros.h"
11 #include "base/sha1.h"
12 #include "base/strings/stringprintf.h"
13 #include "base/time/time.h"
14 #include "build/build_config.h"
15 #include "net/base/net_errors.h"
16 #include "net/base/net_util.h"
17 #include "net/base/registry_controlled_domains/registry_controlled_domain.h"
18 #include "net/cert/cert_status_flags.h"
19 #include "net/cert/cert_verifier.h"
20 #include "net/cert/cert_verify_proc_whitelist.h"
21 #include "net/cert/cert_verify_result.h"
22 #include "net/cert/crl_set.h"
23 #include "net/cert/x509_certificate.h"
24 #include "url/url_canon.h"
25
26 #if defined(USE_NSS_CERTS) || defined(OS_IOS)
27 #include "net/cert/cert_verify_proc_nss.h"
28 #elif defined(USE_OPENSSL_CERTS) && !defined(OS_ANDROID)
29 #include "net/cert/cert_verify_proc_openssl.h"
30 #elif defined(OS_ANDROID)
31 #include "net/cert/cert_verify_proc_android.h"
32 #elif defined(OS_MACOSX)
33 #include "net/cert/cert_verify_proc_mac.h"
34 #elif defined(OS_WIN)
35 #include "net/cert/cert_verify_proc_win.h"
36 #else
37 #error Implement certificate verification.
38 #endif
39
40 namespace net {
41
42 namespace {
43
44 // Constants used to build histogram names
45 const char kLeafCert[] = "Leaf";
46 const char kIntermediateCert[] = "Intermediate";
47 const char kRootCert[] = "Root";
48 // Matches the order of X509Certificate::PublicKeyType
49 const char* const kCertTypeStrings[] = {
50 "Unknown",
51 "RSA",
52 "DSA",
53 "ECDSA",
54 "DH",
55 "ECDH"
56 };
57 // Histogram buckets for RSA/DSA/DH key sizes.
58 const int kRsaDsaKeySizes[] = {512, 768, 1024, 1536, 2048, 3072, 4096, 8192,
59 16384};
60 // Histogram buckets for ECDSA/ECDH key sizes. The list is based upon the FIPS
61 // 186-4 approved curves.
62 const int kEccKeySizes[] = {163, 192, 224, 233, 256, 283, 384, 409, 521, 571};
63
64 const char* CertTypeToString(int cert_type) {
65 if (cert_type < 0 ||
66 static_cast<size_t>(cert_type) >= arraysize(kCertTypeStrings)) {
67 return "Unsupported";
68 }
69 return kCertTypeStrings[cert_type];
70 }
71
72 void RecordPublicKeyHistogram(const char* chain_position,
73 bool baseline_keysize_applies,
74 size_t size_bits,
75 X509Certificate::PublicKeyType cert_type) {
76 std::string histogram_name =
77 base::StringPrintf("CertificateType2.%s.%s.%s",
78 baseline_keysize_applies ? "BR" : "NonBR",
79 chain_position,
80 CertTypeToString(cert_type));
81 // Do not use UMA_HISTOGRAM_... macros here, as it caches the Histogram
82 // instance and thus only works if |histogram_name| is constant.
83 base::HistogramBase* counter = NULL;
84
85 // Histogram buckets are contingent upon the underlying algorithm being used.
86 if (cert_type == X509Certificate::kPublicKeyTypeECDH ||
87 cert_type == X509Certificate::kPublicKeyTypeECDSA) {
88 // Typical key sizes match SECP/FIPS 186-3 recommendations for prime and
89 // binary curves - which range from 163 bits to 571 bits.
90 counter = base::CustomHistogram::FactoryGet(
91 histogram_name,
92 base::CustomHistogram::ArrayToCustomRanges(kEccKeySizes,
93 arraysize(kEccKeySizes)),
94 base::HistogramBase::kUmaTargetedHistogramFlag);
95 } else {
96 // Key sizes < 1024 bits should cause errors, while key sizes > 16K are not
97 // uniformly supported by the underlying cryptographic libraries.
98 counter = base::CustomHistogram::FactoryGet(
99 histogram_name,
100 base::CustomHistogram::ArrayToCustomRanges(kRsaDsaKeySizes,
101 arraysize(kRsaDsaKeySizes)),
102 base::HistogramBase::kUmaTargetedHistogramFlag);
103 }
104 counter->Add(size_bits);
105 }
106
107 // Returns true if |type| is |kPublicKeyTypeRSA| or |kPublicKeyTypeDSA|, and
108 // if |size_bits| is < 1024. Note that this means there may be false
109 // negatives: keys for other algorithms and which are weak will pass this
110 // test.
111 bool IsWeakKey(X509Certificate::PublicKeyType type, size_t size_bits) {
112 switch (type) {
113 case X509Certificate::kPublicKeyTypeRSA:
114 case X509Certificate::kPublicKeyTypeDSA:
115 return size_bits < 1024;
116 default:
117 return false;
118 }
119 }
120
121 // Returns true if |cert| contains a known-weak key. Additionally, histograms
122 // the observed keys for future tightening of the definition of what
123 // constitutes a weak key.
124 bool ExaminePublicKeys(const scoped_refptr<X509Certificate>& cert,
125 bool should_histogram) {
126 // The effective date of the CA/Browser Forum's Baseline Requirements -
127 // 2012-07-01 00:00:00 UTC.
128 const base::Time kBaselineEffectiveDate =
129 base::Time::FromInternalValue(INT64_C(12985574400000000));
130 // The effective date of the key size requirements from Appendix A, v1.1.5
131 // 2014-01-01 00:00:00 UTC.
132 const base::Time kBaselineKeysizeEffectiveDate =
133 base::Time::FromInternalValue(INT64_C(13033008000000000));
134
135 size_t size_bits = 0;
136 X509Certificate::PublicKeyType type = X509Certificate::kPublicKeyTypeUnknown;
137 bool weak_key = false;
138 bool baseline_keysize_applies =
139 cert->valid_start() >= kBaselineEffectiveDate &&
140 cert->valid_expiry() >= kBaselineKeysizeEffectiveDate;
141
142 X509Certificate::GetPublicKeyInfo(cert->os_cert_handle(), &size_bits, &type);
143 if (should_histogram) {
144 RecordPublicKeyHistogram(kLeafCert, baseline_keysize_applies, size_bits,
145 type);
146 }
147 if (IsWeakKey(type, size_bits))
148 weak_key = true;
149
150 const X509Certificate::OSCertHandles& intermediates =
151 cert->GetIntermediateCertificates();
152 for (size_t i = 0; i < intermediates.size(); ++i) {
153 X509Certificate::GetPublicKeyInfo(intermediates[i], &size_bits, &type);
154 if (should_histogram) {
155 RecordPublicKeyHistogram(
156 (i < intermediates.size() - 1) ? kIntermediateCert : kRootCert,
157 baseline_keysize_applies,
158 size_bits,
159 type);
160 }
161 if (!weak_key && IsWeakKey(type, size_bits))
162 weak_key = true;
163 }
164
165 return weak_key;
166 }
167
168 } // namespace
169
170 // static
171 CertVerifyProc* CertVerifyProc::CreateDefault() {
172 #if defined(USE_NSS_CERTS) || defined(OS_IOS)
173 return new CertVerifyProcNSS();
174 #elif defined(USE_OPENSSL_CERTS) && !defined(OS_ANDROID)
175 return new CertVerifyProcOpenSSL();
176 #elif defined(OS_ANDROID)
177 return new CertVerifyProcAndroid();
178 #elif defined(OS_MACOSX)
179 return new CertVerifyProcMac();
180 #elif defined(OS_WIN)
181 return new CertVerifyProcWin();
182 #else
183 return NULL;
184 #endif
185 }
186
187 CertVerifyProc::CertVerifyProc() {}
188
189 CertVerifyProc::~CertVerifyProc() {}
190
191 int CertVerifyProc::Verify(X509Certificate* cert,
192 const std::string& hostname,
193 const std::string& ocsp_response,
194 int flags,
195 CRLSet* crl_set,
196 const CertificateList& additional_trust_anchors,
197 CertVerifyResult* verify_result) {
198 verify_result->Reset();
199 verify_result->verified_cert = cert;
200
201 if (IsBlacklisted(cert)) {
202 verify_result->cert_status |= CERT_STATUS_REVOKED;
203 return ERR_CERT_REVOKED;
204 }
205
206 // We do online revocation checking for EV certificates that aren't covered
207 // by a fresh CRLSet.
208 // TODO(rsleevi): http://crbug.com/142974 - Allow preferences to fully
209 // disable revocation checking.
210 if (flags & CertVerifier::VERIFY_EV_CERT)
211 flags |= CertVerifier::VERIFY_REV_CHECKING_ENABLED_EV_ONLY;
212
213 int rv = VerifyInternal(cert, hostname, ocsp_response, flags, crl_set,
214 additional_trust_anchors, verify_result);
215
216 UMA_HISTOGRAM_BOOLEAN("Net.CertCommonNameFallback",
217 verify_result->common_name_fallback_used);
218 if (!verify_result->is_issued_by_known_root) {
219 UMA_HISTOGRAM_BOOLEAN("Net.CertCommonNameFallbackPrivateCA",
220 verify_result->common_name_fallback_used);
221 }
222
223 // This check is done after VerifyInternal so that VerifyInternal can fill
224 // in the list of public key hashes.
225 if (IsPublicKeyBlacklisted(verify_result->public_key_hashes)) {
226 verify_result->cert_status |= CERT_STATUS_REVOKED;
227 rv = MapCertStatusToNetError(verify_result->cert_status);
228 }
229
230 std::vector<std::string> dns_names, ip_addrs;
231 cert->GetSubjectAltName(&dns_names, &ip_addrs);
232 if (HasNameConstraintsViolation(verify_result->public_key_hashes,
233 cert->subject().common_name,
234 dns_names,
235 ip_addrs)) {
236 verify_result->cert_status |= CERT_STATUS_NAME_CONSTRAINT_VIOLATION;
237 rv = MapCertStatusToNetError(verify_result->cert_status);
238 }
239
240 if (IsNonWhitelistedCertificate(*verify_result->verified_cert,
241 verify_result->public_key_hashes)) {
242 verify_result->cert_status |= CERT_STATUS_AUTHORITY_INVALID;
243 rv = MapCertStatusToNetError(verify_result->cert_status);
244 }
245
246 // Check for weak keys in the entire verified chain.
247 bool weak_key = ExaminePublicKeys(verify_result->verified_cert,
248 verify_result->is_issued_by_known_root);
249
250 if (weak_key) {
251 verify_result->cert_status |= CERT_STATUS_WEAK_KEY;
252 // Avoid replacing a more serious error, such as an OS/library failure,
253 // by ensuring that if verification failed, it failed with a certificate
254 // error.
255 if (rv == OK || IsCertificateError(rv))
256 rv = MapCertStatusToNetError(verify_result->cert_status);
257 }
258
259 // Treat certificates signed using broken signature algorithms as invalid.
260 if (verify_result->has_md2 || verify_result->has_md4) {
261 verify_result->cert_status |= CERT_STATUS_INVALID;
262 rv = MapCertStatusToNetError(verify_result->cert_status);
263 }
264
265 // Flag certificates using weak signature algorithms.
266 if (verify_result->has_md5) {
267 verify_result->cert_status |= CERT_STATUS_WEAK_SIGNATURE_ALGORITHM;
268 // Avoid replacing a more serious error, such as an OS/library failure,
269 // by ensuring that if verification failed, it failed with a certificate
270 // error.
271 if (rv == OK || IsCertificateError(rv))
272 rv = MapCertStatusToNetError(verify_result->cert_status);
273 }
274
275 if (verify_result->has_sha1)
276 verify_result->cert_status |= CERT_STATUS_SHA1_SIGNATURE_PRESENT;
277
278 // Flag certificates from publicly-trusted CAs that are issued to intranet
279 // hosts. While the CA/Browser Forum Baseline Requirements (v1.1) permit
280 // these to be issued until 1 November 2015, they represent a real risk for
281 // the deployment of gTLDs and are being phased out ahead of the hard
282 // deadline.
283 if (verify_result->is_issued_by_known_root && IsHostnameNonUnique(hostname)) {
284 verify_result->cert_status |= CERT_STATUS_NON_UNIQUE_NAME;
285 // CERT_STATUS_NON_UNIQUE_NAME will eventually become a hard error. For
286 // now treat it as a warning and do not map it to an error return value.
287 }
288
289 // Flag certificates using too long validity periods.
290 if (verify_result->is_issued_by_known_root && HasTooLongValidity(*cert)) {
291 verify_result->cert_status |= CERT_STATUS_VALIDITY_TOO_LONG;
292 if (rv == OK)
293 rv = MapCertStatusToNetError(verify_result->cert_status);
294 }
295
296 return rv;
297 }
298
299 // static
300 bool CertVerifyProc::IsBlacklisted(X509Certificate* cert) {
301 static const unsigned kComodoSerialBytes = 16;
302 static const uint8_t kComodoSerials[][kComodoSerialBytes] = {
303 // Not a real certificate. For testing only.
304 {0x07,0x7a,0x59,0xbc,0xd5,0x34,0x59,0x60,0x1c,0xa6,0x90,0x72,0x67,0xa6,0xdd,0x1c},
305
306 // The next nine certificates all expire on Fri Mar 14 23:59:59 2014.
307 // Some serial numbers actually have a leading 0x00 byte required to
308 // encode a positive integer in DER if the most significant bit is 0.
309 // We omit the leading 0x00 bytes to make all serial numbers 16 bytes.
310
311 // Subject: CN=mail.google.com
312 // subjectAltName dNSName: mail.google.com, www.mail.google.com
313 {0x04,0x7e,0xcb,0xe9,0xfc,0xa5,0x5f,0x7b,0xd0,0x9e,0xae,0x36,0xe1,0x0c,0xae,0x1e},
314 // Subject: CN=global trustee
315 // subjectAltName dNSName: global trustee
316 // Note: not a CA certificate.
317 {0xd8,0xf3,0x5f,0x4e,0xb7,0x87,0x2b,0x2d,0xab,0x06,0x92,0xe3,0x15,0x38,0x2f,0xb0},
318 // Subject: CN=login.live.com
319 // subjectAltName dNSName: login.live.com, www.login.live.com
320 {0xb0,0xb7,0x13,0x3e,0xd0,0x96,0xf9,0xb5,0x6f,0xae,0x91,0xc8,0x74,0xbd,0x3a,0xc0},
321 // Subject: CN=addons.mozilla.org
322 // subjectAltName dNSName: addons.mozilla.org, www.addons.mozilla.org
323 {0x92,0x39,0xd5,0x34,0x8f,0x40,0xd1,0x69,0x5a,0x74,0x54,0x70,0xe1,0xf2,0x3f,0x43},
324 // Subject: CN=login.skype.com
325 // subjectAltName dNSName: login.skype.com, www.login.skype.com
326 {0xe9,0x02,0x8b,0x95,0x78,0xe4,0x15,0xdc,0x1a,0x71,0x0a,0x2b,0x88,0x15,0x44,0x47},
327 // Subject: CN=login.yahoo.com
328 // subjectAltName dNSName: login.yahoo.com, www.login.yahoo.com
329 {0xd7,0x55,0x8f,0xda,0xf5,0xf1,0x10,0x5b,0xb2,0x13,0x28,0x2b,0x70,0x77,0x29,0xa3},
330 // Subject: CN=www.google.com
331 // subjectAltName dNSName: www.google.com, google.com
332 {0xf5,0xc8,0x6a,0xf3,0x61,0x62,0xf1,0x3a,0x64,0xf5,0x4f,0x6d,0xc9,0x58,0x7c,0x06},
333 // Subject: CN=login.yahoo.com
334 // subjectAltName dNSName: login.yahoo.com
335 {0x39,0x2a,0x43,0x4f,0x0e,0x07,0xdf,0x1f,0x8a,0xa3,0x05,0xde,0x34,0xe0,0xc2,0x29},
336 // Subject: CN=login.yahoo.com
337 // subjectAltName dNSName: login.yahoo.com
338 {0x3e,0x75,0xce,0xd4,0x6b,0x69,0x30,0x21,0x21,0x88,0x30,0xae,0x86,0xa8,0x2a,0x71},
339 };
340
341 const std::string& serial_number = cert->serial_number();
342 if (!serial_number.empty() && (serial_number[0] & 0x80) != 0) {
343 // This is a negative serial number, which isn't technically allowed but
344 // which probably happens. In order to avoid confusing a negative serial
345 // number with a positive one once the leading zeros have been removed, we
346 // disregard it.
347 return false;
348 }
349
350 base::StringPiece serial(serial_number);
351 // Remove leading zeros.
352 while (serial.size() > 1 && serial[0] == 0)
353 serial.remove_prefix(1);
354
355 if (serial.size() == kComodoSerialBytes) {
356 for (unsigned i = 0; i < arraysize(kComodoSerials); i++) {
357 if (memcmp(kComodoSerials[i], serial.data(), kComodoSerialBytes) == 0) {
358 UMA_HISTOGRAM_ENUMERATION("Net.SSLCertBlacklisted", i,
359 arraysize(kComodoSerials) + 1);
360 return true;
361 }
362 }
363 }
364
365 // CloudFlare revoked all certificates issued prior to April 2nd, 2014. Thus
366 // all certificates where the CN ends with ".cloudflare.com" with a prior
367 // issuance date are rejected.
368 //
369 // The old certs had a lifetime of five years, so this can be removed April
370 // 2nd, 2019.
371 const std::string& cn = cert->subject().common_name;
372 static const char kCloudFlareCNSuffix[] = ".cloudflare.com";
373 // kCloudFlareEpoch is the base::Time internal value for midnight at the
374 // beginning of April 2nd, 2014, UTC.
375 static const int64_t kCloudFlareEpoch = INT64_C(13040870400000000);
376 if (cn.size() > arraysize(kCloudFlareCNSuffix) - 1 &&
377 cn.compare(cn.size() - (arraysize(kCloudFlareCNSuffix) - 1),
378 arraysize(kCloudFlareCNSuffix) - 1,
379 kCloudFlareCNSuffix) == 0 &&
380 cert->valid_start() < base::Time::FromInternalValue(kCloudFlareEpoch)) {
381 return true;
382 }
383
384 return false;
385 }
386
387 // static
388 // NOTE: This implementation assumes and enforces that the hashes are SHA1.
389 bool CertVerifyProc::IsPublicKeyBlacklisted(
390 const HashValueVector& public_key_hashes) {
391 static const unsigned kNumSHA1Hashes = 14;
392 static const uint8_t kSHA1Hashes[kNumSHA1Hashes][base::kSHA1Length] = {
393 // Subject: CN=DigiNotar Root CA
394 // Issuer: CN=Entrust.net x2 and self-signed
395 {0x41, 0x0f, 0x36, 0x36, 0x32, 0x58, 0xf3, 0x0b, 0x34, 0x7d,
396 0x12, 0xce, 0x48, 0x63, 0xe4, 0x33, 0x43, 0x78, 0x06, 0xa8},
397 // Subject: CN=DigiNotar Cyber CA
398 // Issuer: CN=GTE CyberTrust Global Root
399 {0xc4, 0xf9, 0x66, 0x37, 0x16, 0xcd, 0x5e, 0x71, 0xd6, 0x95,
400 0x0b, 0x5f, 0x33, 0xce, 0x04, 0x1c, 0x95, 0xb4, 0x35, 0xd1},
401 // Subject: CN=DigiNotar Services 1024 CA
402 // Issuer: CN=Entrust.net
403 {0xe2, 0x3b, 0x8d, 0x10, 0x5f, 0x87, 0x71, 0x0a, 0x68, 0xd9,
404 0x24, 0x80, 0x50, 0xeb, 0xef, 0xc6, 0x27, 0xbe, 0x4c, 0xa6},
405 // Subject: CN=DigiNotar PKIoverheid CA Organisatie - G2
406 // Issuer: CN=Staat der Nederlanden Organisatie CA - G2
407 {0x7b, 0x2e, 0x16, 0xbc, 0x39, 0xbc, 0xd7, 0x2b, 0x45, 0x6e,
408 0x9f, 0x05, 0x5d, 0x1d, 0xe6, 0x15, 0xb7, 0x49, 0x45, 0xdb},
409 // Subject: CN=DigiNotar PKIoverheid CA Overheid en Bedrijven
410 // Issuer: CN=Staat der Nederlanden Overheid CA
411 {0xe8, 0xf9, 0x12, 0x00, 0xc6, 0x5c, 0xee, 0x16, 0xe0, 0x39,
412 0xb9, 0xf8, 0x83, 0x84, 0x16, 0x61, 0x63, 0x5f, 0x81, 0xc5},
413 // Issuer: CN=Trustwave Organization Issuing CA, Level 2
414 // Covers two certificates, the latter of which expires Apr 15 21:09:30
415 // 2021 GMT.
416 {0xe1, 0x2d, 0x89, 0xf5, 0x6d, 0x22, 0x76, 0xf8, 0x30, 0xe6,
417 0xce, 0xaf, 0xa6, 0x6c, 0x72, 0x5c, 0x0b, 0x41, 0xa9, 0x32},
418 // Cyberoam CA certificate. Private key leaked, but this certificate would
419 // only have been installed by Cyberoam customers. The certificate expires
420 // in 2036, but we can probably remove in a couple of years (2014).
421 {0xd9, 0xf5, 0xc6, 0xce, 0x57, 0xff, 0xaa, 0x39, 0xcc, 0x7e,
422 0xd1, 0x72, 0xbd, 0x53, 0xe0, 0xd3, 0x07, 0x83, 0x4b, 0xd1},
423 // Win32/Sirefef.gen!C generates fake certificates with this public key.
424 {0xa4, 0xf5, 0x6e, 0x9e, 0x1d, 0x9a, 0x3b, 0x7b, 0x1a, 0xc3,
425 0x31, 0xcf, 0x64, 0xfc, 0x76, 0x2c, 0xd0, 0x51, 0xfb, 0xa4},
426 // Three retired intermediate certificates from Symantec. No compromise;
427 // just for robustness. All expire May 17 23:59:59 2018.
428 // See https://bugzilla.mozilla.org/show_bug.cgi?id=966060
429 {0x68, 0x5e, 0xec, 0x0a, 0x39, 0xf6, 0x68, 0xae, 0x8f, 0xd8,
430 0x96, 0x4f, 0x98, 0x74, 0x76, 0xb4, 0x50, 0x4f, 0xd2, 0xbe},
431 {0x0e, 0x50, 0x2d, 0x4d, 0xd1, 0xe1, 0x60, 0x36, 0x8a, 0x31,
432 0xf0, 0x6a, 0x81, 0x04, 0x31, 0xba, 0x6f, 0x72, 0xc0, 0x41},
433 {0x93, 0xd1, 0x53, 0x22, 0x29, 0xcc, 0x2a, 0xbd, 0x21, 0xdf,
434 0xf5, 0x97, 0xee, 0x32, 0x0f, 0xe4, 0x24, 0x6f, 0x3d, 0x0c},
435 // C=IN, O=National Informatics Centre, CN=NIC CA 2011. Issued by
436 // C=IN, O=India PKI, CN=CCA India 2011.
437 // Expires March 11th 2016.
438 {0x07, 0x7a, 0xc7, 0xde, 0x8d, 0xa5, 0x58, 0x64, 0x3a, 0x06,
439 0xc5, 0x36, 0x9e, 0x55, 0x4f, 0xae, 0xb3, 0xdf, 0xa1, 0x66},
440 // C=IN, O=National Informatics Centre, CN=NIC CA 2014. Issued by
441 // C=IN, O=India PKI, CN=CCA India 2014.
442 // Expires: March 5th, 2024.
443 {0xe5, 0x8e, 0x31, 0x5b, 0xaa, 0xee, 0xaa, 0xc6, 0xe7, 0x2e,
444 0xc9, 0x57, 0x36, 0x70, 0xca, 0x2f, 0x25, 0x4e, 0xc3, 0x47},
445 // C=DE, O=Fraunhofer, OU=Fraunhofer Corporate PKI,
446 // CN=Fraunhofer Service CA 2007.
447 // Expires: Jun 30 2019.
448 // No compromise, just for robustness. See
449 // https://bugzilla.mozilla.org/show_bug.cgi?id=1076940
450 {0x38, 0x4d, 0x0c, 0x1d, 0xc4, 0x77, 0xa7, 0xb3, 0xf8, 0x67,
451 0x86, 0xd0, 0x18, 0x51, 0x9f, 0x58, 0x9f, 0x1e, 0x9e, 0x25},
452 };
453
454 static const unsigned kNumSHA256Hashes = 4;
455 static const uint8_t kSHA256Hashes[kNumSHA256Hashes][crypto::kSHA256Length] =
456 {
457 // Two intermediates issued by TurkTrust to *.ego.gov.tr and
458 // e-islem.kktcmerkezbankasi.org. Expires July 6 2021 and August 5 2021,
459 // respectively.
460 // See http://googleonlinesecurity.blogspot.com/2013/01/enhancing-digital-certificate-security.html
461 {0x3e, 0xdb, 0xd9, 0xac, 0xe6, 0x39, 0xba, 0x1a,
462 0x2d, 0x4a, 0xd0, 0x47, 0x18, 0x71, 0x1f, 0xda,
463 0x23, 0xe8, 0x59, 0xb2, 0xfb, 0xf5, 0xd1, 0x37,
464 0xd4, 0x24, 0x04, 0x5e, 0x79, 0x19, 0xdf, 0xb9},
465 {0xc1, 0x73, 0xf0, 0x62, 0x64, 0x56, 0xca, 0x85,
466 0x4f, 0xf2, 0xa7, 0xf0, 0xb1, 0x33, 0xa7, 0xcf,
467 0x4d, 0x02, 0x11, 0xe5, 0x52, 0xf2, 0x4b, 0x3e,
468 0x33, 0xad, 0xe8, 0xc5, 0x9f, 0x0a, 0x42, 0x4c},
469
470 // xs4all certificate. Expires March 19 2016.
471 // https://raymii.org/s/blog/How_I_got_a_valid_SSL_certificate_for_my_ISPs_main_website.html
472 {0xf2, 0xbb, 0xe0, 0x4c, 0x5d, 0xc7, 0x0d, 0x76,
473 0x3e, 0x89, 0xc5, 0xa0, 0x52, 0x70, 0x48, 0xcd,
474 0x9e, 0xcd, 0x39, 0xeb, 0x62, 0x1e, 0x20, 0x72,
475 0xff, 0x9a, 0x5f, 0x84, 0x32, 0x57, 0x1a, 0xa0},
476
477 // Japanese National Institute of Informatics intermediate. No suggestion
478 // of compromise, it's just being discontinued.
479 // Expires March 27th 2019
480 // See https://bugzilla.mozilla.org/show_bug.cgi?id=1188582
481 {0x5c, 0x72, 0x2c, 0xb7, 0x0f, 0xb3, 0x11, 0xf2,
482 0x1e, 0x0d, 0xa0, 0xe7, 0xd1, 0x2e, 0xbc, 0x8e,
483 0x05, 0xf6, 0x07, 0x96, 0xbc, 0x49, 0xcf, 0x51,
484 0x18, 0x49, 0xd5, 0xbc, 0x62, 0x03, 0x03, 0x82},
485 };
486
487 for (unsigned i = 0; i < kNumSHA1Hashes; i++) {
488 for (HashValueVector::const_iterator j = public_key_hashes.begin();
489 j != public_key_hashes.end(); ++j) {
490 if (j->tag == HASH_VALUE_SHA1 &&
491 memcmp(j->data(), kSHA1Hashes[i], base::kSHA1Length) == 0) {
492 return true;
493 }
494 }
495 }
496
497 for (unsigned i = 0; i < kNumSHA256Hashes; i++) {
498 for (HashValueVector::const_iterator j = public_key_hashes.begin();
499 j != public_key_hashes.end(); ++j) {
500 if (j->tag == HASH_VALUE_SHA256 &&
501 memcmp(j->data(), kSHA256Hashes[i], crypto::kSHA256Length) == 0) {
502 return true;
503 }
504 }
505 }
506
507 return false;
508 }
509
510 static const size_t kMaxDomainLength = 18;
511
512 // CheckNameConstraints verifies that every name in |dns_names| is in one of
513 // the domains specified by |domains|. The |domains| array is terminated by an
514 // empty string.
515 static bool CheckNameConstraints(const std::vector<std::string>& dns_names,
516 const char domains[][kMaxDomainLength]) {
517 for (std::vector<std::string>::const_iterator i = dns_names.begin();
518 i != dns_names.end(); ++i) {
519 bool ok = false;
520 url::CanonHostInfo host_info;
521 const std::string dns_name = CanonicalizeHost(*i, &host_info);
522 if (host_info.IsIPAddress())
523 continue;
524
525 const size_t registry_len = registry_controlled_domains::GetRegistryLength(
526 dns_name,
527 registry_controlled_domains::EXCLUDE_UNKNOWN_REGISTRIES,
528 registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES);
529 // If the name is not in a known TLD, ignore it. This permits internal
530 // names.
531 if (registry_len == 0)
532 continue;
533
534 for (size_t j = 0; domains[j][0]; ++j) {
535 const size_t domain_length = strlen(domains[j]);
536 // The DNS name must have "." + domains[j] as a suffix.
537 if (i->size() <= (1 /* period before domain */ + domain_length))
538 continue;
539
540 const char* suffix = &dns_name[i->size() - domain_length - 1];
541 if (suffix[0] != '.')
542 continue;
543 if (memcmp(&suffix[1], domains[j], domain_length) != 0)
544 continue;
545 ok = true;
546 break;
547 }
548
549 if (!ok)
550 return false;
551 }
552
553 return true;
554 }
555
556 // PublicKeyDomainLimitation contains a SHA1, SPKI hash and a pointer to an
557 // array of fixed-length strings that contain the domains that the SPKI is
558 // allowed to issue for.
559 struct PublicKeyDomainLimitation {
560 uint8_t public_key[base::kSHA1Length];
561 const char (*domains)[kMaxDomainLength];
562 };
563
564 // static
565 bool CertVerifyProc::HasNameConstraintsViolation(
566 const HashValueVector& public_key_hashes,
567 const std::string& common_name,
568 const std::vector<std::string>& dns_names,
569 const std::vector<std::string>& ip_addrs) {
570 static const char kDomainsANSSI[][kMaxDomainLength] = {
571 "fr", // France
572 "gp", // Guadeloupe
573 "gf", // Guyane
574 "mq", // Martinique
575 "re", // Réunion
576 "yt", // Mayotte
577 "pm", // Saint-Pierre et Miquelon
578 "bl", // Saint Barthélemy
579 "mf", // Saint Martin
580 "wf", // Wallis et Futuna
581 "pf", // Polynésie française
582 "nc", // Nouvelle Calédonie
583 "tf", // Terres australes et antarctiques françaises
584 "",
585 };
586
587 static const char kDomainsIndiaCCA[][kMaxDomainLength] = {
588 "gov.in",
589 "nic.in",
590 "ac.in",
591 "rbi.org.in",
592 "bankofindia.co.in",
593 "ncode.in",
594 "tcs.co.in",
595 "",
596 };
597
598 static const char kDomainsTest[][kMaxDomainLength] = {
599 "example.com",
600 "",
601 };
602
603 static const PublicKeyDomainLimitation kLimits[] = {
604 // C=FR, ST=France, L=Paris, O=PM/SGDN, OU=DCSSI,
605 // CN=IGC/A/emailAddress=igca@sgdn.pm.gouv.fr
606 {
607 {0x79, 0x23, 0xd5, 0x8d, 0x0f, 0xe0, 0x3c, 0xe6, 0xab, 0xad,
608 0xae, 0x27, 0x1a, 0x6d, 0x94, 0xf4, 0x14, 0xd1, 0xa8, 0x73},
609 kDomainsANSSI,
610 },
611 // C=IN, O=India PKI, CN=CCA India 2007
612 // Expires: July 4th 2015.
613 {
614 {0xfe, 0xe3, 0x95, 0x21, 0x2d, 0x5f, 0xea, 0xfc, 0x7e, 0xdc,
615 0xcf, 0x88, 0x3f, 0x1e, 0xc0, 0x58, 0x27, 0xd8, 0xb8, 0xe4},
616 kDomainsIndiaCCA,
617 },
618 // C=IN, O=India PKI, CN=CCA India 2011
619 // Expires: March 11 2016.
620 {
621 {0xf1, 0x42, 0xf6, 0xa2, 0x7d, 0x29, 0x3e, 0xa8, 0xf9, 0x64,
622 0x52, 0x56, 0xed, 0x07, 0xa8, 0x63, 0xf2, 0xdb, 0x1c, 0xdf},
623 kDomainsIndiaCCA,
624 },
625 // C=IN, O=India PKI, CN=CCA India 2014
626 // Expires: March 5 2024.
627 {
628 {0x36, 0x8c, 0x4a, 0x1e, 0x2d, 0xb7, 0x81, 0xe8, 0x6b, 0xed,
629 0x5a, 0x0a, 0x42, 0xb8, 0xc5, 0xcf, 0x6d, 0xb3, 0x57, 0xe1},
630 kDomainsIndiaCCA,
631 },
632 // Not a real certificate - just for testing. This is the SPKI hash of
633 // the keys used in net/data/ssl/certificates/name_constraint_*.crt.
634 {
635 {0x61, 0xec, 0x82, 0x8b, 0xdb, 0x5c, 0x78, 0x2a, 0x8f, 0xcc,
636 0x4f, 0x0f, 0x14, 0xbb, 0x85, 0x31, 0x93, 0x9f, 0xf7, 0x3d},
637 kDomainsTest,
638 },
639 };
640
641 for (unsigned i = 0; i < arraysize(kLimits); ++i) {
642 for (HashValueVector::const_iterator j = public_key_hashes.begin();
643 j != public_key_hashes.end(); ++j) {
644 if (j->tag == HASH_VALUE_SHA1 &&
645 memcmp(j->data(), kLimits[i].public_key, base::kSHA1Length) == 0) {
646 if (dns_names.empty() && ip_addrs.empty()) {
647 std::vector<std::string> dns_names;
648 dns_names.push_back(common_name);
649 if (!CheckNameConstraints(dns_names, kLimits[i].domains))
650 return true;
651 } else {
652 if (!CheckNameConstraints(dns_names, kLimits[i].domains))
653 return true;
654 }
655 }
656 }
657 }
658
659 return false;
660 }
661
662 // static
663 bool CertVerifyProc::HasTooLongValidity(const X509Certificate& cert) {
664 const base::Time& start = cert.valid_start();
665 const base::Time& expiry = cert.valid_expiry();
666 if (start.is_max() || start.is_null() || expiry.is_max() ||
667 expiry.is_null() || start > expiry) {
668 return true;
669 }
670
671 base::Time::Exploded exploded_start;
672 base::Time::Exploded exploded_expiry;
673 cert.valid_start().UTCExplode(&exploded_start);
674 cert.valid_expiry().UTCExplode(&exploded_expiry);
675
676 if (exploded_expiry.year - exploded_start.year > 10)
677 return true;
678
679 int month_diff = (exploded_expiry.year - exploded_start.year) * 12 +
680 (exploded_expiry.month - exploded_start.month);
681
682 // Add any remainder as a full month.
683 if (exploded_expiry.day_of_month > exploded_start.day_of_month)
684 ++month_diff;
685
686 static const base::Time time_2012_07_01 =
687 base::Time::FromUTCExploded({2012, 7, 0, 1, 0, 0, 0, 0});
688 static const base::Time time_2015_04_01 =
689 base::Time::FromUTCExploded({2015, 4, 0, 1, 0, 0, 0, 0});
690 static const base::Time time_2019_07_01 =
691 base::Time::FromUTCExploded({2019, 7, 0, 1, 0, 0, 0, 0});
692
693 // For certificates issued before the BRs took effect.
694 if (start < time_2012_07_01 && (month_diff > 120 || expiry > time_2019_07_01))
695 return true;
696
697 // For certificates issued after 1 July 2012: 60 months.
698 if (start >= time_2012_07_01 && month_diff > 60)
699 return true;
700
701 // For certificates issued after 1 April 2015: 39 months.
702 if (start >= time_2015_04_01 && month_diff > 39)
703 return true;
704
705 return false;
706 }
707
708 } // namespace net