net/base/cert_verify_proc.cc - Issue 10826257: Implement SHA-256 fingerprint support

Side by Side Diff: net/base/cert_verify_proc.cc

Issue 10826257: Implement SHA-256 fingerprint support (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/

Patch Set: Created 8 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/base/cert_verify_proc.h"	5 #include "net/base/cert_verify_proc.h"

6	6

7 #include "base/metrics/histogram.h"	7 #include "base/metrics/histogram.h"

8 #include "base/sha1.h"	8 #include "base/sha1.h"

9 #include "build/build_config.h"	9 #include "build/build_config.h"

10 #include "net/base/cert_status_flags.h"	10 #include "net/base/cert_status_flags.h"

(...skipping 199 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
210 arraysize(kComodoSerials) + 1);	210 arraysize(kComodoSerials) + 1);

211 return true;	211 return true;

212 }	212 }

213 }	213 }

214 }	214 }

215	215

216 return false;	216 return false;

217 }	217 }

218	218

219 // static	219 // static

	220 // NOTE: This implementation assumes and enforces that the hashes are SHA1.

220 bool CertVerifyProc::IsPublicKeyBlacklisted(	221 bool CertVerifyProc::IsPublicKeyBlacklisted(

221 const std::vector<SHA1Fingerprint>& public_key_hashes) {	222 const std::vector<HashValueVector>& public_key_hashes) {

222 static const unsigned kNumHashes = 9;	223 static const unsigned kNumHashes = 9;

223 static const uint8 kHashes[kNumHashes][base::kSHA1Length] = {	224 static const uint8 kHashes[kNumHashes][base::kSHA1Length] = {

224 // Subject: CN=DigiNotar Root CA	225 // Subject: CN=DigiNotar Root CA

225 // Issuer: CN=Entrust.net x2 and self-signed	226 // Issuer: CN=Entrust.net x2 and self-signed

226 {0x41, 0x0f, 0x36, 0x36, 0x32, 0x58, 0xf3, 0x0b, 0x34, 0x7d,	227 {0x41, 0x0f, 0x36, 0x36, 0x32, 0x58, 0xf3, 0x0b, 0x34, 0x7d,

227 0x12, 0xce, 0x48, 0x63, 0xe4, 0x33, 0x43, 0x78, 0x06, 0xa8},	228 0x12, 0xce, 0x48, 0x63, 0xe4, 0x33, 0x43, 0x78, 0x06, 0xa8},

228 // Subject: CN=DigiNotar Cyber CA	229 // Subject: CN=DigiNotar Cyber CA

229 // Issuer: CN=GTE CyberTrust Global Root	230 // Issuer: CN=GTE CyberTrust Global Root

230 {0xc4, 0xf9, 0x66, 0x37, 0x16, 0xcd, 0x5e, 0x71, 0xd6, 0x95,	231 {0xc4, 0xf9, 0x66, 0x37, 0x16, 0xcd, 0x5e, 0x71, 0xd6, 0x95,

231 0x0b, 0x5f, 0x33, 0xce, 0x04, 0x1c, 0x95, 0xb4, 0x35, 0xd1},	232 0x0b, 0x5f, 0x33, 0xce, 0x04, 0x1c, 0x95, 0xb4, 0x35, 0xd1},

(...skipping 24 matching lines...) Expand all Loading...
256 // 2021 GMT.	257 // 2021 GMT.

257 {0xe1, 0x2d, 0x89, 0xf5, 0x6d, 0x22, 0x76, 0xf8, 0x30, 0xe6,	258 {0xe1, 0x2d, 0x89, 0xf5, 0x6d, 0x22, 0x76, 0xf8, 0x30, 0xe6,

258 0xce, 0xaf, 0xa6, 0x6c, 0x72, 0x5c, 0x0b, 0x41, 0xa9, 0x32},	259 0xce, 0xaf, 0xa6, 0x6c, 0x72, 0x5c, 0x0b, 0x41, 0xa9, 0x32},

259 // Cyberoam CA certificate. Private key leaked, but this certificate would	260 // Cyberoam CA certificate. Private key leaked, but this certificate would

260 // only have been installed by Cyberoam customers. The certificate expires	261 // only have been installed by Cyberoam customers. The certificate expires

261 // in 2036, but we can probably remove in a couple of years (2014).	262 // in 2036, but we can probably remove in a couple of years (2014).

262 {0xd9, 0xf5, 0xc6, 0xce, 0x57, 0xff, 0xaa, 0x39, 0xcc, 0x7e,	263 {0xd9, 0xf5, 0xc6, 0xce, 0x57, 0xff, 0xaa, 0x39, 0xcc, 0x7e,

263 0xd1, 0x72, 0xbd, 0x53, 0xe0, 0xd3, 0x07, 0x83, 0x4b, 0xd1},	264 0xd1, 0x72, 0xbd, 0x53, 0xe0, 0xd3, 0x07, 0x83, 0x4b, 0xd1},

264 };	265 };

265	266

	267 const HashValueVector& sha1_hashes = public_key_hashes[HASH_VALUE_SHA1];
	Ryan Sleevi 2012/08/11 01:39:55 BUG: Accessing HASH_VALUE_SHA1 without checking th BUG: Accessing HASH_VALUE_SHA1 without checking that .size() >= HASH_VALUE_SHA1 Seems like you really want an std::map<HashValueTag, HashValueVector> here as the arg, but for presumably perf, you're relying on the fact that a HashValueTag is a viable index into an std::vector<>. I think that's really non-obvious, and minimally requires more defensiveness. My gut is that "adding DCHECKs" wouldn't be in itself sufficient palmer 2012/08/14 19:40:42 Well, the constructor guarantees that public_key_h Show quoted text On 2012/08/11 01:39:55, Ryan Sleevi wrote: > BUG: Accessing HASH_VALUE_SHA1 without checking that .size() >= HASH_VALUE_SHA1 > > Seems like you really want an std::map<HashValueTag, HashValueVector> here as > the arg, but for presumably perf, you're relying on the fact that a HashValueTag > is a viable index into an std::vector<>. I think that's really non-obvious, and > minimally requires more defensiveness. > > My gut is that "adding DCHECKs" wouldn't be in itself sufficient Well, the constructor guarantees that public_key_hashes has the right number of items. Can't we count on that? As I recall using a vector of vectors instead of a map of vectors was your idea... :) I'm fine with changing it to a map if people think it's necessary or better. Ryan Sleevi 2012/08/14 20:02:51 What constructor? public_key_hashes is an input a Show quoted text On 2012/08/14 19:40:42, Chris P. wrote: > On 2012/08/11 01:39:55, Ryan Sleevi wrote: > > BUG: Accessing HASH_VALUE_SHA1 without checking that .size() >= > HASH_VALUE_SHA1 > > > > Seems like you really want an std::map<HashValueTag, HashValueVector> here as > > the arg, but for presumably perf, you're relying on the fact that a > HashValueTag > > is a viable index into an std::vector<>. I think that's really non-obvious, > and > > minimally requires more defensiveness. > > > > My gut is that "adding DCHECKs" wouldn't be in itself sufficient > > Well, the constructor guarantees that public_key_hashes has the right number of > items. Can't we count on that? What constructor? public_key_hashes is an input argument here. There's no guarantee that the caller ensured it's in the proper form - or that it's not an empty vector. That's what I meant here. Adding DCHECKs is great, but since it seems very unlikely that caller's will be directly supplying hashes (as opposed to crafting them from user/network input), it seems risky. Show quoted text > > As I recall using a vector of vectors instead of a map of vectors was your > idea... :) I'm fine with changing it to a map if people think it's necessary or > better. You could pass a (fixed-size) array of (dynamically-sized) vectors ;-) At least then the compiler "should" warn, IIRC. More testing is needed to confirm I'm not completely mistaken here IsPublicKeyBlacklisted(const std::vector<HashValueVector> (&public_key_hashes)[HASH_VALUES_TAG_COUNT]) That will pass a reference to a fixed-size array of 2 vectors. Beyond the ugliness (which can probably be accomodated with a typedef), I don't recall what the behaviour is for copy-assignment between two arrays - whether it performs a memory-wise copy or if it invokes each members' copy constructor.
266 for (unsigned i = 0; i < kNumHashes; i++) {	268 for (unsigned i = 0; i < kNumHashes; i++) {

267 for (std::vector<SHA1Fingerprint>::const_iterator	269 for (HashValueVector::const_iterator j = sha1_hashes.begin();

268 j = public_key_hashes.begin(); j != public_key_hashes.end(); ++j) {	270 j != sha1_hashes.end(); ++j) {

269 if (memcmp(j->data, kHashes[i], base::kSHA1Length) == 0)	271 if (j->tag == HASH_VALUE_SHA1 &&

	272 memcmp(j->data(), kHashes[i], base::kSHA1Length) == 0) {

270 return true;	273 return true;

	274 }

271 }	275 }

272 }	276 }

273	277

274 return false;	278 return false;

275 }	279 }

276	280

277 } // namespace net	281 } // namespace net

OLD	NEW

« chrome/browser/ui/webui/net_internals/net_internals_ui.cc ('K') | « net/base/cert_verify_proc.h ('k') | net/base/cert_verify_proc_mac.cc » ('j') | net/base/ssl_info.h » ('J')