Chromium Code Reviews Chromium Code Reviews
Issue 452183002:
Perform dynamic pin checks even when the build is not timely. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/transport_security_state.h" | 5 #include "net/http/transport_security_state.h" |
| 6 | 6 |
| 7 #if defined(USE_OPENSSL) | 7 #if defined(USE_OPENSSL) |
| 8 #include <openssl/ecdsa.h> | 8 #include <openssl/ecdsa.h> |
| 9 #include <openssl/ssl.h> | 9 #include <openssl/ssl.h> |
| 10 #else // !defined(USE_OPENSSL) | 10 #else // !defined(USE_OPENSSL) |
| (...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 126 bool TransportSecurityState::CheckPublicKeyPins( | 126 bool TransportSecurityState::CheckPublicKeyPins( |
| 127 const std::string& host, | 127 const std::string& host, |
| 128 bool sni_available, | 128 bool sni_available, |
| 129 bool is_issued_by_known_root, | 129 bool is_issued_by_known_root, |
| 130 const HashValueVector& public_key_hashes, | 130 const HashValueVector& public_key_hashes, |
| 131 std::string* pinning_failure_log) { | 131 std::string* pinning_failure_log) { |
| 132 // Perform pin validation if, and only if, all these conditions obtain: | 132 // Perform pin validation if, and only if, all these conditions obtain: |
| 133 // | 133 // |
| 134 // * the server's certificate chain chains up to a known root (i.e. not a | 134 // * the server's certificate chain chains up to a known root (i.e. not a |
| 135 // user-installed trust anchor); and | 135 // user-installed trust anchor); and |
| 136 // * the build is recent (very old builds should fail open so that users | |
| 137 // have some chance to recover). | |
| 138 // * the server actually has public key pins. | 136 // * the server actually has public key pins. |
| 139 // | 137 if (!is_issued_by_known_root || !HasPublicKeyPins(host, sni_available)) { |
| 140 // TODO(rsleevi): http://crbug.com/391032 - Only disable static HPKP if the | |
| 141 // build is not timely. | |
| 142 if (!is_issued_by_known_root || !IsBuildTimely() || | |
| 143 !HasPublicKeyPins(host, sni_available)) { | |
| 144 return true; | 138 return true; |
| 145 } | 139 } |
| 146 | 140 |
| 147 bool pins_are_valid = CheckPublicKeyPinsImpl( | 141 bool pins_are_valid = CheckPublicKeyPinsImpl( |
| 148 host, sni_available, public_key_hashes, pinning_failure_log); | 142 host, sni_available, public_key_hashes, pinning_failure_log); |
| 149 if (!pins_are_valid) { | 143 if (!pins_are_valid) { |
| 150 LOG(ERROR) << *pinning_failure_log; | 144 LOG(ERROR) << *pinning_failure_log; |
| 151 ReportUMAOnPinFailure(host); | 145 ReportUMAOnPinFailure(host); |
| 152 } | 146 } |
| 153 | 147 |
| (...skipping 638 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 792 | 786 |
| 793 bool TransportSecurityState::CheckPublicKeyPinsImpl( | 787 bool TransportSecurityState::CheckPublicKeyPinsImpl( |
| 794 const std::string& host, | 788 const std::string& host, |
| 795 bool sni_enabled, | 789 bool sni_enabled, |
| 796 const HashValueVector& hashes, | 790 const HashValueVector& hashes, |
| 797 std::string* failure_log) { | 791 std::string* failure_log) { |
| 798 DomainState dynamic_state; | 792 DomainState dynamic_state; |
| 799 if (GetDynamicDomainState(host, &dynamic_state)) | 793 if (GetDynamicDomainState(host, &dynamic_state)) |
| 800 return dynamic_state.CheckPublicKeyPins(hashes, failure_log); | 794 return dynamic_state.CheckPublicKeyPins(hashes, failure_log); |
| 801 | 795 |
| 796 // Very old builds should fail open so that users have some chance | |
| 797 // to recover. | |
| 798 if (!IsBuildTimely()) | |
| 799 return true; | |
|
Ryan Sleevi
2014/08/12 01:04:53
This seems unnecessary, given that GetStaticDomain
Ryan Hamilton
2014/08/12 14:01:55
Done. Hah! I totally missed that.
| |
| 800 | |
| 802 DomainState static_state; | 801 DomainState static_state; |
| 803 if (GetStaticDomainState(host, sni_enabled, &static_state)) | 802 if (GetStaticDomainState(host, sni_enabled, &static_state)) |
| 804 return static_state.CheckPublicKeyPins(hashes, failure_log); | 803 return static_state.CheckPublicKeyPins(hashes, failure_log); |
| 805 | 804 |
| 806 // HasPublicKeyPins should have returned true in order for this method | 805 // HasPublicKeyPins should have returned true in order for this method |
| 807 // to have been called, so if we fall through to here, it's an error. | 806 // to have been called, so if we fall through to here, it's an error. |
| 808 return false; | 807 return false; |
| 809 } | 808 } |
| 810 | 809 |
| 811 bool TransportSecurityState::GetStaticDomainState(const std::string& host, | 810 bool TransportSecurityState::GetStaticDomainState(const std::string& host, |
| (...skipping 141 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 953 return pkp.spki_hashes.size() > 0 || pkp.bad_spki_hashes.size() > 0; | 952 return pkp.spki_hashes.size() > 0 || pkp.bad_spki_hashes.size() > 0; |
| 954 } | 953 } |
| 955 | 954 |
| 956 TransportSecurityState::DomainState::PKPState::PKPState() { | 955 TransportSecurityState::DomainState::PKPState::PKPState() { |
| 957 } | 956 } |
| 958 | 957 |
| 959 TransportSecurityState::DomainState::PKPState::~PKPState() { | 958 TransportSecurityState::DomainState::PKPState::~PKPState() { |
| 960 } | 959 } |
| 961 | 960 |
| 962 } // namespace | 961 } // namespace |
| OLD | NEW |
