Chromium Code Reviews Chromium Code Reviews
Issue 1213783005:
Send HPKP violation reports when a pin check fails (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/transport_security_state.h" | 5 #include "net/http/transport_security_state.h" |
| 6 | 6 |
| 7 #if defined(USE_OPENSSL) | 7 #if defined(USE_OPENSSL) |
| 8 #include <openssl/ecdsa.h> | 8 #include <openssl/ecdsa.h> |
| 9 #include <openssl/ssl.h> | 9 #include <openssl/ssl.h> |
| 10 #else // !defined(USE_OPENSSL) | 10 #else // !defined(USE_OPENSSL) |
| (...skipping 495 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 506 return true; | 506 return true; |
| 507 } | 507 } |
| 508 | 508 |
| 509 return false; | 509 return false; |
| 510 } | 510 } |
| 511 | 511 |
| 512 bool TransportSecurityState::CheckPublicKeyPins( | 512 bool TransportSecurityState::CheckPublicKeyPins( |
| 513 const std::string& host, | 513 const std::string& host, |
| 514 bool is_issued_by_known_root, | 514 bool is_issued_by_known_root, |
| 515 const HashValueVector& public_key_hashes, | 515 const HashValueVector& public_key_hashes, |
| 516 uint16_t port, | |
| 517 const X509Certificate* served_certificate_chain, | |
| 518 const X509Certificate* validated_certificate_chain, | |
| 519 const PublicKeyPinReportStatus report_status, | |
| 516 std::string* pinning_failure_log) { | 520 std::string* pinning_failure_log) { |
| 517 // Perform pin validation if, and only if, all these conditions obtain: | 521 // Perform pin validation if, and only if, all these conditions obtain: |
| 518 // | 522 // |
| 519 // * the server's certificate chain chains up to a known root (i.e. not a | 523 // * the server's certificate chain chains up to a known root (i.e. not a |
| 520 // user-installed trust anchor); and | 524 // user-installed trust anchor); and |
| 521 // * the server actually has public key pins. | 525 // * the server actually has public key pins. |
| 522 if (!is_issued_by_known_root || !HasPublicKeyPins(host)) { | 526 if (!is_issued_by_known_root || !HasPublicKeyPins(host)) { |
| 523 return true; | 527 return true; |
| 524 } | 528 } |
| 525 | 529 |
| 526 bool pins_are_valid = | 530 bool pins_are_valid = CheckPublicKeyPinsImpl( |
| 527 CheckPublicKeyPinsImpl(host, public_key_hashes, pinning_failure_log); | 531 host, public_key_hashes, port, served_certificate_chain, |
| 532 validated_certificate_chain, report_status, pinning_failure_log); | |
| 528 if (!pins_are_valid) { | 533 if (!pins_are_valid) { |
| 529 LOG(ERROR) << *pinning_failure_log; | 534 LOG(ERROR) << *pinning_failure_log; |
| 530 ReportUMAOnPinFailure(host); | 535 ReportUMAOnPinFailure(host); |
| 531 } | 536 } |
| 532 | 537 |
| 533 UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", pins_are_valid); | 538 UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", pins_are_valid); |
| 534 return pins_are_valid; | 539 return pins_are_valid; |
| 535 } | 540 } |
| 536 | 541 |
| 537 bool TransportSecurityState::HasPublicKeyPins(const std::string& host) { | 542 bool TransportSecurityState::HasPublicKeyPins(const std::string& host) { |
| (...skipping 276 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 814 #else | 819 #else |
| 815 const base::Time build_time = base::GetBuildTime(); | 820 const base::Time build_time = base::GetBuildTime(); |
| 816 // We consider built-in information to be timely for 10 weeks. | 821 // We consider built-in information to be timely for 10 weeks. |
| 817 return (base::Time::Now() - build_time).InDays() < 70 /* 10 weeks */; | 822 return (base::Time::Now() - build_time).InDays() < 70 /* 10 weeks */; |
| 818 #endif | 823 #endif |
| 819 } | 824 } |
| 820 | 825 |
| 821 bool TransportSecurityState::CheckPublicKeyPinsImpl( | 826 bool TransportSecurityState::CheckPublicKeyPinsImpl( |
| 822 const std::string& host, | 827 const std::string& host, |
| 823 const HashValueVector& hashes, | 828 const HashValueVector& hashes, |
| 829 uint16_t port, | |
| 830 const X509Certificate* served_certificate_chain, | |
| 831 const X509Certificate* validated_certificate_chain, | |
| 832 const PublicKeyPinReportStatus report_status, | |
| 824 std::string* failure_log) { | 833 std::string* failure_log) { |
| 825 PKPState dynamic_state; | 834 PKPState dynamic_state; |
| 826 if (GetDynamicPKPState(host, &dynamic_state)) | 835 if (GetDynamicPKPState(host, &dynamic_state)) { |
| 827 return dynamic_state.CheckPublicKeyPins(hashes, failure_log); | 836 bool result = dynamic_state.CheckPublicKeyPins(hashes, failure_log); |
| 837 | |
| 838 if (result || !reporter_ || | |
| 839 report_status == DO_NOT_SEND_PUBLIC_KEY_PIN_REPORT) | |
| 840 return result; | |
| 841 | |
| 842 GURL report_uri; | |
| 843 std::string serialized_report; | |
| 844 | |
| 845 if (!reporter_->GetHPKPReportUri(dynamic_state, &report_uri)) | |
|
Ryan Sleevi
2015/07/10 16:40:00
Does this mean we can't preload report-uris? Seems
estark
2015/07/10 19:33:30
Done.
| |
| 846 return result; | |
| 847 | |
| 848 if (!reporter_->BuildHPKPReport( | |
| 849 host, port, dynamic_state.expiry, dynamic_state.include_subdomains, | |
| 850 dynamic_state.domain, served_certificate_chain, | |
| 851 validated_certificate_chain, dynamic_state.spki_hashes, | |
| 852 &serialized_report)) { | |
| 853 LOG(ERROR) << "Failed to build HPKP report"; | |
| 854 return result; | |
| 855 } | |
| 856 | |
| 857 reporter_->SendHPKPReport(report_uri, serialized_report); | |
| 858 } | |
| 828 | 859 |
| 829 PKPState static_pkp_state; | 860 PKPState static_pkp_state; |
| 830 STSState unused; | 861 STSState unused; |
| 831 if (GetStaticDomainState(host, &unused, &static_pkp_state)) | 862 if (GetStaticDomainState(host, &unused, &static_pkp_state)) |
| 832 return static_pkp_state.CheckPublicKeyPins(hashes, failure_log); | 863 return static_pkp_state.CheckPublicKeyPins(hashes, failure_log); |
| 833 | 864 |
| 834 // HasPublicKeyPins should have returned true in order for this method | 865 // HasPublicKeyPins should have returned true in order for this method |
| 835 // to have been called, so if we fall through to here, it's an error. | 866 // to have been called, so if we fall through to here, it's an error. |
| 836 return false; | 867 return false; |
| 837 } | 868 } |
| (...skipping 224 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1062 TransportSecurityState::PKPStateIterator::PKPStateIterator( | 1093 TransportSecurityState::PKPStateIterator::PKPStateIterator( |
| 1063 const TransportSecurityState& state) | 1094 const TransportSecurityState& state) |
| 1064 : iterator_(state.enabled_pkp_hosts_.begin()), | 1095 : iterator_(state.enabled_pkp_hosts_.begin()), |
| 1065 end_(state.enabled_pkp_hosts_.end()) { | 1096 end_(state.enabled_pkp_hosts_.end()) { |
| 1066 } | 1097 } |
| 1067 | 1098 |
| 1068 TransportSecurityState::PKPStateIterator::~PKPStateIterator() { | 1099 TransportSecurityState::PKPStateIterator::~PKPStateIterator() { |
| 1069 } | 1100 } |
| 1070 | 1101 |
| 1071 } // namespace | 1102 } // namespace |
| OLD | NEW |
