Implement SHA-256 fingerprint support

net/base/transport_security_state_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/base/transport_security_state.h"
 
 #include <algorithm>
 #include <string>
+#include <vector>
 
 #include "base/base64.h"
 #include "base/file_path.h"
 #include "base/sha1.h"
 #include "base/string_piece.h"
+#include "crypto/sha2.h"
 #include "net/base/asn1_util.h"
 #include "net/base/cert_test_util.h"
 #include "net/base/cert_verifier.h"
 #include "net/base/cert_verify_result.h"
 #include "net/base/net_errors.h"
 #include "net/base/net_log.h"
 #include "net/base/ssl_info.h"
 #include "net/base/test_completion_callback.h"
 #include "net/base/test_root_certs.h"
+#include "net/base/x509_cert_types.h"
 #include "net/base/x509_certificate.h"
 #include "net/http/http_util.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 #if defined(USE_OPENSSL)
 #include "crypto/openssl_util.h"
 #else
 #include "crypto/nss_util.h"
 #endif
 
@@ skipping 51 matching lines @@
   EXPECT_FALSE(state.ParseSTSHeader(now, "max-age=34889 includesubdomains"));
 
   // Check that |state| was not updated by expecting the default
   // values for its predictable fields.
   EXPECT_EQ(state.upgrade_mode,
             TransportSecurityState::DomainState::MODE_FORCE_HTTPS);
   EXPECT_FALSE(state.include_subdomains);
 }
 
 static bool GetPublicKeyHash(const net::X509Certificate::OSCertHandle& cert,
-                             SHA1Fingerprint* fingerprint) {
+                             HashValue* fingerprint,
+                             HashValueTag tag) {
   std::string der_bytes;
   if (!net::X509Certificate::GetDEREncoded(cert, &der_bytes))
     return false;
 
   base::StringPiece spki;
   if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki))
     return false;
 
-  base::SHA1HashBytes(reinterpret_cast<const unsigned char*>(spki.data()),
-                      spki.size(), fingerprint->data);
+  fingerprint->tag = tag;
+  switch (tag) {
+    case HASH_VALUE_SHA1:
+      base::SHA1HashBytes(reinterpret_cast<const unsigned char*>(spki.data()),
+                          spki.size(), fingerprint->data());
+      break;
+    case HASH_VALUE_SHA256:
+      crypto::SHA256HashString(spki, fingerprint->data(),
+                               crypto::kSHA256Length);
+      break;
+    default:
+      NOTREACHED() << "Unknown HashValueTag " << tag;
+  }
+
   return true;
 }
 
-static std::string GetPinFromCert(X509Certificate* cert) {
-  SHA1Fingerprint spki_hash;
-  EXPECT_TRUE(GetPublicKeyHash(cert->os_cert_handle(), &spki_hash));
+static std::string GetPinFromCert(X509Certificate* cert, HashValueTag tag) {
+  HashValue spki_hash;
+  EXPECT_TRUE(GetPublicKeyHash(cert->os_cert_handle(), &spki_hash, tag));
 
   std::string base64;
-  base::Base64Encode(base::StringPiece(reinterpret_cast<char*>(spki_hash.data),
-                                       sizeof(spki_hash.data)),
-                     &base64);
-  return "pin-sha1=" + HttpUtil::Quote(base64);
+  base::Base64Encode(base::StringPiece(
+      reinterpret_cast<char*>(spki_hash.data()), spki_hash.size()), &base64);
+
+  std::string label;
+  switch (tag) {
+    case HASH_VALUE_SHA1:
+      label = "pin-sha1=";
+      break;
+    case HASH_VALUE_SHA256:
+      label = "pin-sha256=";
+      break;
+    default:
+      NOTREACHED() << "Unknown HashValueTag " << tag;
+  }
+
+  return label + HttpUtil::Quote(base64);
 }
 
-TEST_F(TransportSecurityStateTest, BogusPinsHeaders) {
+static void TestBogusPinsHeaders(HashValueTag tag) {
   TransportSecurityState::DomainState state;
   SSLInfo ssl_info;
   ssl_info.cert =
       ImportCertFromFile(GetTestCertsDirectory(), "test_mail_google_com.pem");
-  std::string good_pin = GetPinFromCert(ssl_info.cert);
+  std::string good_pin = GetPinFromCert(ssl_info.cert, tag);
   base::Time now = base::Time::Now();
 
   // The backup pin is fake --- it just has to not be in the chain.
   std::string backup_pin = "pin-sha1=" +
       HttpUtil::Quote("6dcfXufJLW3J6S/9rRe4vUlBj5g=");
 
   EXPECT_FALSE(state.ParsePinsHeader(now, "", ssl_info));
   EXPECT_FALSE(state.ParsePinsHeader(now, "    ", ssl_info));
   EXPECT_FALSE(state.ParsePinsHeader(now, "abc", ssl_info));
   EXPECT_FALSE(state.ParsePinsHeader(now, "  abc", ssl_info));
@@ skipping 38 matching lines @@
       ssl_info));
   EXPECT_FALSE(state.ParsePinsHeader(now, "max-age=34889.23", ssl_info));
 
   // Check that |state| was not updated by expecting the default
   // values for its predictable fields.
   EXPECT_EQ(state.upgrade_mode,
             TransportSecurityState::DomainState::MODE_FORCE_HTTPS);
   EXPECT_FALSE(state.include_subdomains);
 }
 
+TEST_F(TransportSecurityStateTest, BogusPinsHeadersSHA1) {
+  TestBogusPinsHeaders(HASH_VALUE_SHA1);
+}
+
+TEST_F(TransportSecurityStateTest, BogusPinsHeadersSHA256) {
+  TestBogusPinsHeaders(HASH_VALUE_SHA256);
+}
+
 TEST_F(TransportSecurityStateTest, ValidSTSHeaders) {
   TransportSecurityState::DomainState state;
   base::Time expiry;
   base::Time now = base::Time::Now();
 
   EXPECT_TRUE(state.ParseSTSHeader(now, "max-age=243"));
   expiry = now + base::TimeDelta::FromSeconds(243);
   EXPECT_EQ(expiry, state.upgrade_expiry);
   EXPECT_FALSE(state.include_subdomains);
 
@@ skipping 40 matching lines @@
   EXPECT_TRUE(state.ParseSTSHeader(
       now,
       "  max-age=999999999999999999999999999999999999999999999  ;"
       "  incLudesUbdOmains   "));
   expiry = now + base::TimeDelta::FromSeconds(
       TransportSecurityState::kMaxHSTSAgeSecs);
   EXPECT_EQ(expiry, state.upgrade_expiry);
   EXPECT_TRUE(state.include_subdomains);
 }
 
-TEST_F(TransportSecurityStateTest, ValidPinsHeaders) {
+static void TestValidPinsHeaders(HashValueTag tag) {
   TransportSecurityState::DomainState state;
   base::Time expiry;
   base::Time now = base::Time::Now();
 
   // Set up a realistic SSLInfo with a realistic cert chain.
   FilePath certs_dir = GetTestCertsDirectory();
   scoped_refptr<X509Certificate> ee_cert =
       ImportCertFromFile(certs_dir, "2048-rsa-ee-by-2048-rsa-intermediate.pem");
   ASSERT_NE(static_cast<X509Certificate*>(NULL), ee_cert);
   scoped_refptr<X509Certificate> intermediate =
@@ skipping 19 matching lines @@
   scoped_ptr<CertVerifier> verifier(CertVerifier::CreateDefault());
   TestCompletionCallback callback;
   CertVerifier::RequestHandle handle = NULL;
   rv = verifier->Verify(ssl_info.cert, "127.0.0.1", 0, NULL, &result,
                         callback.callback(), &handle, BoundNetLog());
   rv = callback.GetResult(rv);
   ASSERT_EQ(OK, rv);
   // Normally, ssl_client_socket_nss would do this, but for a unit test we
   // fake it.
   ssl_info.public_key_hashes = result.public_key_hashes;
-  std::string good_pin = GetPinFromCert(ssl_info.cert);
+  std::string good_pin = GetPinFromCert(ssl_info.cert, /*tag*/HASH_VALUE_SHA1);
+  DLOG(WARNING) << "good pin: " << good_pin;
 
   // The backup pin is fake --- we just need an SPKI hash that does not match
   // the hash of any SPKI in the certificate chain.
   std::string backup_pin = "pin-sha1=" +
       HttpUtil::Quote("6dcfXufJLW3J6S/9rRe4vUlBj5g=");
 
   EXPECT_TRUE(state.ParsePinsHeader(
       now,
       "max-age=243; " + good_pin + ";" + backup_pin,
       ssl_info));
@@ skipping 55 matching lines @@
   EXPECT_TRUE(state.ParsePinsHeader(
       now,
       "  max-age=999999999999999999999999999999999999999999999  ;  " +
           backup_pin + ";" + good_pin + ";   ",
       ssl_info));
   expiry = now +
       base::TimeDelta::FromSeconds(TransportSecurityState::kMaxHSTSAgeSecs);
   EXPECT_EQ(expiry, state.dynamic_spki_hashes_expiry);
 }
 
+TEST_F(TransportSecurityStateTest, ValidPinsHeadersSHA1) {
+  TestValidPinsHeaders(HASH_VALUE_SHA1);
+}
+
+TEST_F(TransportSecurityStateTest, ValidPinsHeadersSHA256) {
+  TestValidPinsHeaders(HASH_VALUE_SHA256);
+}
+
 TEST_F(TransportSecurityStateTest, SimpleMatches) {
   TransportSecurityState state;
   TransportSecurityState::DomainState domain_state;
   const base::Time current_time(base::Time::Now());
   const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
 
   EXPECT_FALSE(state.GetDomainState("yahoo.com", true, &domain_state));
   domain_state.upgrade_expiry = expiry;
   state.EnableHost("yahoo.com", domain_state);
   EXPECT_TRUE(state.GetDomainState("yahoo.com", true, &domain_state));
@@ skipping 407 matching lines @@
   EXPECT_FALSE(state.GetDomainState(kLongName, true, &domain_state));
 }
 
 TEST_F(TransportSecurityStateTest, BuiltinCertPins) {
   TransportSecurityState state;
   TransportSecurityState::DomainState domain_state;
 
   EXPECT_TRUE(state.GetDomainState("chrome.google.com", true, &domain_state));
   EXPECT_TRUE(HasPins("chrome.google.com"));
 
-  FingerprintVector hashes;
+  HashValueVector hashes;
   // Checks that a built-in list does exist.
   EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(hashes));
   EXPECT_FALSE(HasPins("www.paypal.com"));
 
   EXPECT_TRUE(HasPins("docs.google.com"));
   EXPECT_TRUE(HasPins("1.docs.google.com"));
   EXPECT_TRUE(HasPins("sites.google.com"));
   EXPECT_TRUE(HasPins("drive.google.com"));
   EXPECT_TRUE(HasPins("spreadsheets.google.com"));
   EXPECT_TRUE(HasPins("health.google.com"));
@@ skipping 25 matching lines @@
   EXPECT_TRUE(HasPins("oauth.twitter.com"));
   EXPECT_TRUE(HasPins("mobile.twitter.com"));
   EXPECT_TRUE(HasPins("dev.twitter.com"));
   EXPECT_TRUE(HasPins("business.twitter.com"));
   EXPECT_TRUE(HasPins("platform.twitter.com"));
   EXPECT_TRUE(HasPins("si0.twimg.com"));
   EXPECT_TRUE(HasPins("twimg0-a.akamaihd.net"));
 }
 
 static bool AddHash(const std::string& type_and_base64,
-                    FingerprintVector* out) {
-  std::string hash_str;
-  if (type_and_base64.find("sha1/") == 0 &&
-      base::Base64Decode(type_and_base64.substr(5, type_and_base64.size() - 5),
-                         &hash_str) &&
-      hash_str.size() == base::kSHA1Length) {
-    SHA1Fingerprint hash;
-    memcpy(hash.data, hash_str.data(), sizeof(hash.data));
-    out->push_back(hash);
-    return true;
-  }
-  return false;
+                    HashValueVector* out) {
+  HashValue hash;
+
+  if (!TransportSecurityState::ParsePin(type_and_base64, &hash))
+    return false;
+
+  out->push_back(hash);
+  return true;
 }
 
 TEST_F(TransportSecurityStateTest, PinValidationWithRejectedCerts) {
   // kGoodPath is plus.google.com via Google Internet Authority.
   static const char* kGoodPath[] = {
     "sha1/4BjDjn8v2lWeUFQnqSs0BgbIcrU=",
     "sha1/QMVAHW+MuvCLAO3vse6H0AWzuc0=",
     "sha1/SOZo+SvSspXXR9gjIBBPM5iQn9Q=",
     NULL,
   };
 
   // kBadPath is plus.google.com via Trustcenter, which contains a required
   // certificate (Equifax root), but also an excluded certificate
   // (Trustcenter).
   static const char* kBadPath[] = {
     "sha1/4BjDjn8v2lWeUFQnqSs0BgbIcrU=",
     "sha1/gzuEEAB/bkqdQS3EIjk2by7lW+k=",
     "sha1/SOZo+SvSspXXR9gjIBBPM5iQn9Q=",
     NULL,
   };
 
-  std::vector<net::SHA1Fingerprint> good_hashes, bad_hashes;
+  HashValueVector good_hashes, bad_hashes;
 
   for (size_t i = 0; kGoodPath[i]; i++) {
     EXPECT_TRUE(AddHash(kGoodPath[i], &good_hashes));
   }
   for (size_t i = 0; kBadPath[i]; i++) {
     EXPECT_TRUE(AddHash(kBadPath[i], &bad_hashes));
   }
 
   TransportSecurityState state;
   TransportSecurityState::DomainState domain_state;
@@ skipping 15 matching lines @@
 
   // kBadPath is plus.google.com via Trustcenter, which is utterly wrong for
   // torproject.org.
   static const char* kBadPath[] = {
     "sha1/4BjDjn8v2lWeUFQnqSs0BgbIcrU=",
     "sha1/gzuEEAB/bkqdQS3EIjk2by7lW+k=",
     "sha1/SOZo+SvSspXXR9gjIBBPM5iQn9Q=",
     NULL,
   };
 
-  std::vector<net::SHA1Fingerprint> good_hashes, bad_hashes;
+  HashValueVector good_hashes, bad_hashes;
 
   for (size_t i = 0; kGoodPath[i]; i++) {
     EXPECT_TRUE(AddHash(kGoodPath[i], &good_hashes));
   }
   for (size_t i = 0; kBadPath[i]; i++) {
     EXPECT_TRUE(AddHash(kBadPath[i], &bad_hashes));
   }
 
   TransportSecurityState state;
   TransportSecurityState::DomainState domain_state;
   EXPECT_TRUE(state.GetDomainState("blog.torproject.org", true, &domain_state));
   EXPECT_TRUE(domain_state.HasPins());
 
   EXPECT_TRUE(domain_state.IsChainOfPublicKeysPermitted(good_hashes));
   EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(bad_hashes));
 }
 
+TEST_F(TransportSecurityStateTest, PinValidationWithRejectedCertsMixedHashes) {
+  static const char* ee_sha1 = "sha1/4BjDjn8v2lWeUFQnqSs0BgbIcrU=";
+  static const char* ee_sha256 =
+      "sha256/sRJBQqWhpaKIGcc1NA7/jJ4vgWj+47oYfyU7waOS1+I=";
+  static const char* google_1024_sha1 = "sha1/QMVAHW+MuvCLAO3vse6H0AWzuc0=";
+  static const char* google_1024_sha256 =
+      "sha256/trlUMquuV/4CDLK3T0+fkXPIxwivyecyrOIyeQR8bQU=";
+  static const char* equifax_sha1 = "sha1/SOZo+SvSspXXR9gjIBBPM5iQn9Q=";
+  static const char* equifax_sha256 =
+      "sha256//1aAzXOlcD2gSBegdf1GJQanNQbEuBoVg+9UlHjSZHY=";
+  static const char* trustcenter_sha1 = "sha1/gzuEEAB/bkqdQS3EIjk2by7lW+k=";
+  static const char* trustcenter_sha256 =
+      "sha256/Dq58KIA4NMLsboWMLU8/aTREzaAGEFW+EtUule8dd/M=";
+
+  // Good chains for plus.google.com chain up through google_1024_sha{1,256}
+  // to equifax_sha{1,256}. Bad chains chain up to equifa through
+  // trustcenter_sha{1,256}, which is a blacklisted key. Even though Equifax
+  // and Google1024 are known-good, the blacklistedness of Trustcenter
+  // should override and cause pin validation failure.
+
+  TransportSecurityState state;
+  TransportSecurityState::DomainState domain_state;
+  EXPECT_TRUE(state.GetDomainState("plus.google.com", true, &domain_state));
+  EXPECT_TRUE(domain_state.HasPins());
+
+  // The statically-defined pins are all SHA-1, so we add some SHA-256 pins
+  // manually:
+  EXPECT_TRUE(AddHash(google_1024_sha256, &domain_state.static_spki_hashes));
+  EXPECT_TRUE(AddHash(trustcenter_sha256,
+                      &domain_state.bad_static_spki_hashes));
+
+  // Try an all-good SHA1 chain.
+  HashValueVector validated_chain;
+  EXPECT_TRUE(AddHash(ee_sha1, &validated_chain));
+  EXPECT_TRUE(AddHash(google_1024_sha1, &validated_chain));
+  EXPECT_TRUE(AddHash(equifax_sha1, &validated_chain));
+  EXPECT_TRUE(domain_state.IsChainOfPublicKeysPermitted(validated_chain));
+
+  // Try an all-bad SHA1 chain.
+  validated_chain.clear();
+  EXPECT_TRUE(AddHash(ee_sha1, &validated_chain));
+  EXPECT_TRUE(AddHash(trustcenter_sha1, &validated_chain));
+  EXPECT_TRUE(AddHash(equifax_sha1, &validated_chain));
+  EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(validated_chain));
+
+  // Try an all-good SHA-256 chain.
+  validated_chain.clear();
+  EXPECT_TRUE(AddHash(ee_sha256, &validated_chain));
+  EXPECT_TRUE(AddHash(google_1024_sha256, &validated_chain));
+  EXPECT_TRUE(AddHash(equifax_sha256, &validated_chain));
+  EXPECT_TRUE(domain_state.IsChainOfPublicKeysPermitted(validated_chain));
+
+  // Try an all-bad SHA-256 chain.
+  validated_chain.clear();
+  EXPECT_TRUE(AddHash(ee_sha256, &validated_chain));
+  EXPECT_TRUE(AddHash(trustcenter_sha256, &validated_chain));
+  EXPECT_TRUE(AddHash(equifax_sha256, &validated_chain));
+  EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(validated_chain));
+
+  // Try a mixed-hash good chain.
+  validated_chain.clear();
+  EXPECT_TRUE(AddHash(ee_sha256, &validated_chain));
+  EXPECT_TRUE(AddHash(google_1024_sha1, &validated_chain));
+  EXPECT_TRUE(AddHash(equifax_sha256, &validated_chain));
+  EXPECT_TRUE(domain_state.IsChainOfPublicKeysPermitted(validated_chain));
+
+  // Try a mixed-hash bad chain.
+  validated_chain.clear();
+  EXPECT_TRUE(AddHash(ee_sha1, &validated_chain));
+  EXPECT_TRUE(AddHash(trustcenter_sha256, &validated_chain));
+  EXPECT_TRUE(AddHash(equifax_sha1, &validated_chain));
+  EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(validated_chain));
+
+  // Try a chain with all good hashes.
+  validated_chain.clear();
+  EXPECT_TRUE(AddHash(ee_sha1, &validated_chain));
+  EXPECT_TRUE(AddHash(google_1024_sha1, &validated_chain));
+  EXPECT_TRUE(AddHash(equifax_sha1, &validated_chain));
+  EXPECT_TRUE(AddHash(ee_sha256, &validated_chain));
+  EXPECT_TRUE(AddHash(google_1024_sha256, &validated_chain));
+  EXPECT_TRUE(AddHash(equifax_sha256, &validated_chain));
+  EXPECT_TRUE(domain_state.IsChainOfPublicKeysPermitted(validated_chain));
+
+  // Try a chain with all bad hashes.
+  validated_chain.clear();
+  EXPECT_TRUE(AddHash(ee_sha1, &validated_chain));
+  EXPECT_TRUE(AddHash(trustcenter_sha1, &validated_chain));
+  EXPECT_TRUE(AddHash(equifax_sha1, &validated_chain));
+  EXPECT_TRUE(AddHash(ee_sha256, &validated_chain));
+  EXPECT_TRUE(AddHash(trustcenter_sha256, &validated_chain));
+  EXPECT_TRUE(AddHash(equifax_sha256, &validated_chain));
+  EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(validated_chain));
+}
+
 TEST_F(TransportSecurityStateTest, OptionalHSTSCertPins) {
   TransportSecurityState state;
   TransportSecurityState::DomainState domain_state;
 
   EXPECT_FALSE(ShouldRedirect("www.google-analytics.com"));
 
   EXPECT_FALSE(HasPins("www.google-analytics.com", false));
   EXPECT_TRUE(HasPins("www.google-analytics.com"));
   EXPECT_TRUE(HasPins("google.com"));
   EXPECT_TRUE(HasPins("www.google.com"));
@@ skipping 119 matching lines @@
   // Expect to fail for SNI hosts when not searching the SNI list:
   EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty(
       "gmail.com", false));
   EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty(
       "googlegroups.com", false));
   EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty(
       "www.googlegroups.com", false));
 }
 
 }  // namespace net