1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "net/cert/cert_verify_proc.h" 6 7 #include "base/basictypes.h" 8 #include "base/metrics/histogram.h" 9 #include "base/sha1.h" 10 #include "base/strings/stringprintf.h" 11 #include "build/build_config.h" 12 #include "net/base/net_errors.h" 13 #include "net/base/net_util.h" 14 #include "net/base/registry_controlled_domains/registry_controlled_domain.h" 15 #include "net/cert/cert_status_flags.h" 16 #include "net/cert/cert_verifier.h" 17 #include "net/cert/cert_verify_result.h" 18 #include "net/cert/crl_set.h" 19 #include "net/cert/x509_certificate.h" 20 #include "url/url_canon.h" 21 22 #if defined(USE_NSS) || defined(OS_IOS) 23 #include "net/cert/cert_verify_proc_nss.h" 24 #elif defined(USE_OPENSSL_CERTS) && !defined(OS_ANDROID) 25 #include "net/cert/cert_verify_proc_openssl.h" 26 #elif defined(OS_ANDROID) 27 #include "net/cert/cert_verify_proc_android.h" 28 #elif defined(OS_MACOSX) 29 #include "net/cert/cert_verify_proc_mac.h" 30 #elif defined(OS_WIN) 31 #include "net/cert/cert_verify_proc_win.h" 32 #else 33 #error Implement certificate verification. 34 #endif 35 36 37 namespace net { 38 39 namespace { 40 41 // Constants used to build histogram names 42 const char kLeafCert[] = "Leaf"; 43 const char kIntermediateCert[] = "Intermediate"; 44 const char kRootCert[] = "Root"; 45 // Matches the order of X509Certificate::PublicKeyType 46 const char* const kCertTypeStrings[] = { 47 "Unknown", 48 "RSA", 49 "DSA", 50 "ECDSA", 51 "DH", 52 "ECDH" 53 }; 54 // Histogram buckets for RSA/DSA/DH key sizes. 55 const int kRsaDsaKeySizes[] = {512, 768, 1024, 1536, 2048, 3072, 4096, 8192, 56 16384}; 57 // Histogram buckets for ECDSA/ECDH key sizes. The list is based upon the FIPS 58 // 186-4 approved curves. 59 const int kEccKeySizes[] = {163, 192, 224, 233, 256, 283, 384, 409, 521, 571}; 60 61 const char* CertTypeToString(int cert_type) { 62 if (cert_type < 0 || 63 static_cast<size_t>(cert_type) >= arraysize(kCertTypeStrings)) { 64 return "Unsupported"; 65 } 66 return kCertTypeStrings[cert_type]; 67 } 68 69 void RecordPublicKeyHistogram(const char* chain_position, 70 bool baseline_keysize_applies, 71 size_t size_bits, 72 X509Certificate::PublicKeyType cert_type) { 73 std::string histogram_name = 74 base::StringPrintf("CertificateType2.%s.%s.%s", 75 baseline_keysize_applies ? "BR" : "NonBR", 76 chain_position, 77 CertTypeToString(cert_type)); 78 // Do not use UMA_HISTOGRAM_... macros here, as it caches the Histogram 79 // instance and thus only works if |histogram_name| is constant. 80 base::HistogramBase* counter = NULL; 81 82 // Histogram buckets are contingent upon the underlying algorithm being used. 83 if (cert_type == X509Certificate::kPublicKeyTypeECDH || 84 cert_type == X509Certificate::kPublicKeyTypeECDSA) { 85 // Typical key sizes match SECP/FIPS 186-3 recommendations for prime and 86 // binary curves - which range from 163 bits to 571 bits. 87 counter = base::CustomHistogram::FactoryGet( 88 histogram_name, 89 base::CustomHistogram::ArrayToCustomRanges(kEccKeySizes, 90 arraysize(kEccKeySizes)), 91 base::HistogramBase::kUmaTargetedHistogramFlag); 92 } else { 93 // Key sizes < 1024 bits should cause errors, while key sizes > 16K are not 94 // uniformly supported by the underlying cryptographic libraries. 95 counter = base::CustomHistogram::FactoryGet( 96 histogram_name, 97 base::CustomHistogram::ArrayToCustomRanges(kRsaDsaKeySizes, 98 arraysize(kRsaDsaKeySizes)), 99 base::HistogramBase::kUmaTargetedHistogramFlag); 100 } 101 counter->Add(size_bits); 102 } 103 104 // Returns true if |type| is |kPublicKeyTypeRSA| or |kPublicKeyTypeDSA|, and 105 // if |size_bits| is < 1024. Note that this means there may be false 106 // negatives: keys for other algorithms and which are weak will pass this 107 // test. 108 bool IsWeakKey(X509Certificate::PublicKeyType type, size_t size_bits) { 109 switch (type) { 110 case X509Certificate::kPublicKeyTypeRSA: 111 case X509Certificate::kPublicKeyTypeDSA: 112 return size_bits < 1024; 113 default: 114 return false; 115 } 116 } 117 118 // Returns true if |cert| contains a known-weak key. Additionally, histograms 119 // the observed keys for future tightening of the definition of what 120 // constitutes a weak key. 121 bool ExaminePublicKeys(const scoped_refptr<X509Certificate>& cert, 122 bool should_histogram) { 123 // The effective date of the CA/Browser Forum's Baseline Requirements - 124 // 2012-07-01 00:00:00 UTC. 125 const base::Time kBaselineEffectiveDate = 126 base::Time::FromInternalValue(GG_INT64_C(12985574400000000)); 127 // The effective date of the key size requirements from Appendix A, v1.1.5 128 // 2014-01-01 00:00:00 UTC. 129 const base::Time kBaselineKeysizeEffectiveDate = 130 base::Time::FromInternalValue(GG_INT64_C(13033008000000000)); 131 132 size_t size_bits = 0; 133 X509Certificate::PublicKeyType type = X509Certificate::kPublicKeyTypeUnknown; 134 bool weak_key = false; 135 bool baseline_keysize_applies = 136 cert->valid_start() >= kBaselineEffectiveDate && 137 cert->valid_expiry() >= kBaselineKeysizeEffectiveDate; 138 139 X509Certificate::GetPublicKeyInfo(cert->os_cert_handle(), &size_bits, &type); 140 if (should_histogram) { 141 RecordPublicKeyHistogram(kLeafCert, baseline_keysize_applies, size_bits, 142 type); 143 } 144 if (IsWeakKey(type, size_bits)) 145 weak_key = true; 146 147 const X509Certificate::OSCertHandles& intermediates = 148 cert->GetIntermediateCertificates(); 149 for (size_t i = 0; i < intermediates.size(); ++i) { 150 X509Certificate::GetPublicKeyInfo(intermediates[i], &size_bits, &type); 151 if (should_histogram) { 152 RecordPublicKeyHistogram( 153 (i < intermediates.size() - 1) ? kIntermediateCert : kRootCert, 154 baseline_keysize_applies, 155 size_bits, 156 type); 157 } 158 if (!weak_key && IsWeakKey(type, size_bits)) 159 weak_key = true; 160 } 161 162 return weak_key; 163 } 164 165 } // namespace 166 167 // static 168 CertVerifyProc* CertVerifyProc::CreateDefault() { 169 #if defined(USE_NSS) || defined(OS_IOS) 170 return new CertVerifyProcNSS(); 171 #elif defined(USE_OPENSSL_CERTS) && !defined(OS_ANDROID) 172 return new CertVerifyProcOpenSSL(); 173 #elif defined(OS_ANDROID) 174 return new CertVerifyProcAndroid(); 175 #elif defined(OS_MACOSX) 176 return new CertVerifyProcMac(); 177 #elif defined(OS_WIN) 178 return new CertVerifyProcWin(); 179 #else 180 return NULL; 181 #endif 182 } 183 184 CertVerifyProc::CertVerifyProc() {} 185 186 CertVerifyProc::~CertVerifyProc() {} 187 188 int CertVerifyProc::Verify(X509Certificate* cert, 189 const std::string& hostname, 190 int flags, 191 CRLSet* crl_set, 192 const CertificateList& additional_trust_anchors, 193 CertVerifyResult* verify_result) { 194 verify_result->Reset(); 195 verify_result->verified_cert = cert; 196 197 if (IsBlacklisted(cert)) { 198 verify_result->cert_status |= CERT_STATUS_REVOKED; 199 return ERR_CERT_REVOKED; 200 } 201 202 // We do online revocation checking for EV certificates that aren't covered 203 // by a fresh CRLSet. 204 // TODO(rsleevi): http://crbug.com/142974 - Allow preferences to fully 205 // disable revocation checking. 206 if (flags & CertVerifier::VERIFY_EV_CERT) 207 flags |= CertVerifier::VERIFY_REV_CHECKING_ENABLED_EV_ONLY; 208 209 int rv = VerifyInternal(cert, hostname, flags, crl_set, 210 additional_trust_anchors, verify_result); 211 212 UMA_HISTOGRAM_BOOLEAN("Net.CertCommonNameFallback", 213 verify_result->common_name_fallback_used); 214 if (!verify_result->is_issued_by_known_root) { 215 UMA_HISTOGRAM_BOOLEAN("Net.CertCommonNameFallbackPrivateCA", 216 verify_result->common_name_fallback_used); 217 } 218 219 // This check is done after VerifyInternal so that VerifyInternal can fill 220 // in the list of public key hashes. 221 if (IsPublicKeyBlacklisted(verify_result->public_key_hashes)) { 222 verify_result->cert_status |= CERT_STATUS_REVOKED; 223 rv = MapCertStatusToNetError(verify_result->cert_status); 224 } 225 226 std::vector<std::string> dns_names, ip_addrs; 227 cert->GetSubjectAltName(&dns_names, &ip_addrs); 228 if (HasNameConstraintsViolation(verify_result->public_key_hashes, 229 cert->subject().common_name, 230 dns_names, 231 ip_addrs)) { 232 verify_result->cert_status |= CERT_STATUS_NAME_CONSTRAINT_VIOLATION; 233 rv = MapCertStatusToNetError(verify_result->cert_status); 234 } 235 236 // Check for weak keys in the entire verified chain. 237 bool weak_key = ExaminePublicKeys(verify_result->verified_cert, 238 verify_result->is_issued_by_known_root); 239 240 if (weak_key) { 241 verify_result->cert_status |= CERT_STATUS_WEAK_KEY; 242 // Avoid replacing a more serious error, such as an OS/library failure, 243 // by ensuring that if verification failed, it failed with a certificate 244 // error. 245 if (rv == OK || IsCertificateError(rv)) 246 rv = MapCertStatusToNetError(verify_result->cert_status); 247 } 248 249 // Treat certificates signed using broken signature algorithms as invalid. 250 if (verify_result->has_md2 || verify_result->has_md4) { 251 verify_result->cert_status |= CERT_STATUS_INVALID; 252 rv = MapCertStatusToNetError(verify_result->cert_status); 253 } 254 255 // Flag certificates using weak signature algorithms. 256 if (verify_result->has_md5) { 257 verify_result->cert_status |= CERT_STATUS_WEAK_SIGNATURE_ALGORITHM; 258 // Avoid replacing a more serious error, such as an OS/library failure, 259 // by ensuring that if verification failed, it failed with a certificate 260 // error. 261 if (rv == OK || IsCertificateError(rv)) 262 rv = MapCertStatusToNetError(verify_result->cert_status); 263 } 264 265 if (verify_result->has_sha1) 266 verify_result->cert_status |= CERT_STATUS_SHA1_SIGNATURE_PRESENT; 267 268 // Flag certificates from publicly-trusted CAs that are issued to intranet 269 // hosts. While the CA/Browser Forum Baseline Requirements (v1.1) permit 270 // these to be issued until 1 November 2015, they represent a real risk for 271 // the deployment of gTLDs and are being phased out ahead of the hard 272 // deadline. 273 if (verify_result->is_issued_by_known_root && IsHostnameNonUnique(hostname)) { 274 verify_result->cert_status |= CERT_STATUS_NON_UNIQUE_NAME; 275 // CERT_STATUS_NON_UNIQUE_NAME will eventually become a hard error. For 276 // now treat it as a warning and do not map it to an error return value. 277 } 278 279 return rv; 280 } 281 282 // static 283 bool CertVerifyProc::IsBlacklisted(X509Certificate* cert) { 284 static const unsigned kComodoSerialBytes = 16; 285 static const uint8 kComodoSerials[][kComodoSerialBytes] = { 286 // Not a real certificate. For testing only. 287 {0x07,0x7a,0x59,0xbc,0xd5,0x34,0x59,0x60,0x1c,0xa6,0x90,0x72,0x67,0xa6,0xdd,0x1c}, 288 289 // The next nine certificates all expire on Fri Mar 14 23:59:59 2014. 290 // Some serial numbers actually have a leading 0x00 byte required to 291 // encode a positive integer in DER if the most significant bit is 0. 292 // We omit the leading 0x00 bytes to make all serial numbers 16 bytes. 293 294 // Subject: CN=mail.google.com 295 // subjectAltName dNSName: mail.google.com, www.mail.google.com 296 {0x04,0x7e,0xcb,0xe9,0xfc,0xa5,0x5f,0x7b,0xd0,0x9e,0xae,0x36,0xe1,0x0c,0xae,0x1e}, 297 // Subject: CN=global trustee 298 // subjectAltName dNSName: global trustee 299 // Note: not a CA certificate. 300 {0xd8,0xf3,0x5f,0x4e,0xb7,0x87,0x2b,0x2d,0xab,0x06,0x92,0xe3,0x15,0x38,0x2f,0xb0}, 301 // Subject: CN=login.live.com 302 // subjectAltName dNSName: login.live.com, www.login.live.com 303 {0xb0,0xb7,0x13,0x3e,0xd0,0x96,0xf9,0xb5,0x6f,0xae,0x91,0xc8,0x74,0xbd,0x3a,0xc0}, 304 // Subject: CN=addons.mozilla.org 305 // subjectAltName dNSName: addons.mozilla.org, www.addons.mozilla.org 306 {0x92,0x39,0xd5,0x34,0x8f,0x40,0xd1,0x69,0x5a,0x74,0x54,0x70,0xe1,0xf2,0x3f,0x43}, 307 // Subject: CN=login.skype.com 308 // subjectAltName dNSName: login.skype.com, www.login.skype.com 309 {0xe9,0x02,0x8b,0x95,0x78,0xe4,0x15,0xdc,0x1a,0x71,0x0a,0x2b,0x88,0x15,0x44,0x47}, 310 // Subject: CN=login.yahoo.com 311 // subjectAltName dNSName: login.yahoo.com, www.login.yahoo.com 312 {0xd7,0x55,0x8f,0xda,0xf5,0xf1,0x10,0x5b,0xb2,0x13,0x28,0x2b,0x70,0x77,0x29,0xa3}, 313 // Subject: CN=www.google.com 314 // subjectAltName dNSName: www.google.com, google.com 315 {0xf5,0xc8,0x6a,0xf3,0x61,0x62,0xf1,0x3a,0x64,0xf5,0x4f,0x6d,0xc9,0x58,0x7c,0x06}, 316 // Subject: CN=login.yahoo.com 317 // subjectAltName dNSName: login.yahoo.com 318 {0x39,0x2a,0x43,0x4f,0x0e,0x07,0xdf,0x1f,0x8a,0xa3,0x05,0xde,0x34,0xe0,0xc2,0x29}, 319 // Subject: CN=login.yahoo.com 320 // subjectAltName dNSName: login.yahoo.com 321 {0x3e,0x75,0xce,0xd4,0x6b,0x69,0x30,0x21,0x21,0x88,0x30,0xae,0x86,0xa8,0x2a,0x71}, 322 }; 323 324 const std::string& serial_number = cert->serial_number(); 325 if (!serial_number.empty() && (serial_number[0] & 0x80) != 0) { 326 // This is a negative serial number, which isn't technically allowed but 327 // which probably happens. In order to avoid confusing a negative serial 328 // number with a positive one once the leading zeros have been removed, we 329 // disregard it. 330 return false; 331 } 332 333 base::StringPiece serial(serial_number); 334 // Remove leading zeros. 335 while (serial.size() > 1 && serial[0] == 0) 336 serial.remove_prefix(1); 337 338 if (serial.size() == kComodoSerialBytes) { 339 for (unsigned i = 0; i < arraysize(kComodoSerials); i++) { 340 if (memcmp(kComodoSerials[i], serial.data(), kComodoSerialBytes) == 0) { 341 UMA_HISTOGRAM_ENUMERATION("Net.SSLCertBlacklisted", i, 342 arraysize(kComodoSerials) + 1); 343 return true; 344 } 345 } 346 } 347 348 // CloudFlare revoked all certificates issued prior to April 2nd, 2014. Thus 349 // all certificates where the CN ends with ".cloudflare.com" with a prior 350 // issuance date are rejected. 351 // 352 // The old certs had a lifetime of five years, so this can be removed April 353 // 2nd, 2019. 354 const std::string& cn = cert->subject().common_name; 355 static const char kCloudFlareCNSuffix[] = ".cloudflare.com"; 356 // kCloudFlareEpoch is the base::Time internal value for midnight at the 357 // beginning of April 2nd, 2014, UTC. 358 static const int64 kCloudFlareEpoch = INT64_C(13040870400000000); 359 if (cn.size() > arraysize(kCloudFlareCNSuffix) - 1 && 360 cn.compare(cn.size() - (arraysize(kCloudFlareCNSuffix) - 1), 361 arraysize(kCloudFlareCNSuffix) - 1, 362 kCloudFlareCNSuffix) == 0 && 363 cert->valid_start() < base::Time::FromInternalValue(kCloudFlareEpoch)) { 364 return true; 365 } 366 367 return false; 368 } 369 370 // static 371 // NOTE: This implementation assumes and enforces that the hashes are SHA1. 372 bool CertVerifyProc::IsPublicKeyBlacklisted( 373 const HashValueVector& public_key_hashes) { 374 static const unsigned kNumHashes = 17; 375 static const uint8 kHashes[kNumHashes][base::kSHA1Length] = { 376 // Subject: CN=DigiNotar Root CA 377 // Issuer: CN=Entrust.net x2 and self-signed 378 {0x41, 0x0f, 0x36, 0x36, 0x32, 0x58, 0xf3, 0x0b, 0x34, 0x7d, 379 0x12, 0xce, 0x48, 0x63, 0xe4, 0x33, 0x43, 0x78, 0x06, 0xa8}, 380 // Subject: CN=DigiNotar Cyber CA 381 // Issuer: CN=GTE CyberTrust Global Root 382 {0xc4, 0xf9, 0x66, 0x37, 0x16, 0xcd, 0x5e, 0x71, 0xd6, 0x95, 383 0x0b, 0x5f, 0x33, 0xce, 0x04, 0x1c, 0x95, 0xb4, 0x35, 0xd1}, 384 // Subject: CN=DigiNotar Services 1024 CA 385 // Issuer: CN=Entrust.net 386 {0xe2, 0x3b, 0x8d, 0x10, 0x5f, 0x87, 0x71, 0x0a, 0x68, 0xd9, 387 0x24, 0x80, 0x50, 0xeb, 0xef, 0xc6, 0x27, 0xbe, 0x4c, 0xa6}, 388 // Subject: CN=DigiNotar PKIoverheid CA Organisatie - G2 389 // Issuer: CN=Staat der Nederlanden Organisatie CA - G2 390 {0x7b, 0x2e, 0x16, 0xbc, 0x39, 0xbc, 0xd7, 0x2b, 0x45, 0x6e, 391 0x9f, 0x05, 0x5d, 0x1d, 0xe6, 0x15, 0xb7, 0x49, 0x45, 0xdb}, 392 // Subject: CN=DigiNotar PKIoverheid CA Overheid en Bedrijven 393 // Issuer: CN=Staat der Nederlanden Overheid CA 394 {0xe8, 0xf9, 0x12, 0x00, 0xc6, 0x5c, 0xee, 0x16, 0xe0, 0x39, 395 0xb9, 0xf8, 0x83, 0x84, 0x16, 0x61, 0x63, 0x5f, 0x81, 0xc5}, 396 // Subject: O=Digicert Sdn. Bhd. 397 // Issuer: CN=GTE CyberTrust Global Root 398 // Expires: Jul 17 15:16:54 2012 GMT 399 {0x01, 0x29, 0xbc, 0xd5, 0xb4, 0x48, 0xae, 0x8d, 0x24, 0x96, 400 0xd1, 0xc3, 0xe1, 0x97, 0x23, 0x91, 0x90, 0x88, 0xe1, 0x52}, 401 // Subject: O=Digicert Sdn. Bhd. 402 // Issuer: CN=Entrust.net Certification Authority (2048) 403 // Expires: Jul 16 17:53:37 2015 GMT 404 {0xd3, 0x3c, 0x5b, 0x41, 0xe4, 0x5c, 0xc4, 0xb3, 0xbe, 0x9a, 405 0xd6, 0x95, 0x2c, 0x4e, 0xcc, 0x25, 0x28, 0x03, 0x29, 0x81}, 406 // Issuer: CN=Trustwave Organization Issuing CA, Level 2 407 // Covers two certificates, the latter of which expires Apr 15 21:09:30 408 // 2021 GMT. 409 {0xe1, 0x2d, 0x89, 0xf5, 0x6d, 0x22, 0x76, 0xf8, 0x30, 0xe6, 410 0xce, 0xaf, 0xa6, 0x6c, 0x72, 0x5c, 0x0b, 0x41, 0xa9, 0x32}, 411 // Cyberoam CA certificate. Private key leaked, but this certificate would 412 // only have been installed by Cyberoam customers. The certificate expires 413 // in 2036, but we can probably remove in a couple of years (2014). 414 {0xd9, 0xf5, 0xc6, 0xce, 0x57, 0xff, 0xaa, 0x39, 0xcc, 0x7e, 415 0xd1, 0x72, 0xbd, 0x53, 0xe0, 0xd3, 0x07, 0x83, 0x4b, 0xd1}, 416 // Win32/Sirefef.gen!C generates fake certificates with this public key. 417 {0xa4, 0xf5, 0x6e, 0x9e, 0x1d, 0x9a, 0x3b, 0x7b, 0x1a, 0xc3, 418 0x31, 0xcf, 0x64, 0xfc, 0x76, 0x2c, 0xd0, 0x51, 0xfb, 0xa4}, 419 // ANSSI certificate under which a MITM proxy was mistakenly operated. 420 // Expires: Jul 18 10:05:28 2014 GMT 421 {0x3e, 0xcf, 0x4b, 0xbb, 0xe4, 0x60, 0x96, 0xd5, 0x14, 0xbb, 422 0x53, 0x9b, 0xb9, 0x13, 0xd7, 0x7a, 0xa4, 0xef, 0x31, 0xbf}, 423 // Three retired intermediate certificates from Symantec. No compromise; 424 // just for robustness. All expire May 17 23:59:59 2018. 425 // See https://bugzilla.mozilla.org/show_bug.cgi?id=966060 426 {0x68, 0x5e, 0xec, 0x0a, 0x39, 0xf6, 0x68, 0xae, 0x8f, 0xd8, 427 0x96, 0x4f, 0x98, 0x74, 0x76, 0xb4, 0x50, 0x4f, 0xd2, 0xbe}, 428 {0x0e, 0x50, 0x2d, 0x4d, 0xd1, 0xe1, 0x60, 0x36, 0x8a, 0x31, 429 0xf0, 0x6a, 0x81, 0x04, 0x31, 0xba, 0x6f, 0x72, 0xc0, 0x41}, 430 {0x93, 0xd1, 0x53, 0x22, 0x29, 0xcc, 0x2a, 0xbd, 0x21, 0xdf, 431 0xf5, 0x97, 0xee, 0x32, 0x0f, 0xe4, 0x24, 0x6f, 0x3d, 0x0c}, 432 // C=IN, O=National Informatics Centre, OU=NICCA, CN=NIC Certifying 433 // Authority. Issued by C=IN, O=India PKI, CN=CCA India 2007. 434 // Expires July 4th, 2015. 435 {0xf5, 0x71, 0x79, 0xfa, 0xea, 0x10, 0xc5, 0x43, 0x8c, 0xb0, 436 0xc6, 0xe1, 0xcc, 0x27, 0x7b, 0x6e, 0x0d, 0xb2, 0xff, 0x54}, 437 // C=IN, O=National Informatics Centre, CN=NIC CA 2011. Issued by 438 // C=IN, O=India PKI, CN=CCA India 2011. 439 // Expires March 11th 2016. 440 {0x07, 0x7a, 0xc7, 0xde, 0x8d, 0xa5, 0x58, 0x64, 0x3a, 0x06, 441 0xc5, 0x36, 0x9e, 0x55, 0x4f, 0xae, 0xb3, 0xdf, 0xa1, 0x66}, 442 // C=IN, O=National Informatics Centre, CN=NIC CA 2014. Issued by 443 // C=IN, O=India PKI, CN=CCA India 2014. 444 // Expires: March 5th, 2024. 445 {0xe5, 0x8e, 0x31, 0x5b, 0xaa, 0xee, 0xaa, 0xc6, 0xe7, 0x2e, 446 0xc9, 0x57, 0x36, 0x70, 0xca, 0x2f, 0x25, 0x4e, 0xc3, 0x47}, 447 }; 448 449 for (unsigned i = 0; i < kNumHashes; i++) { 450 for (HashValueVector::const_iterator j = public_key_hashes.begin(); 451 j != public_key_hashes.end(); ++j) { 452 if (j->tag == HASH_VALUE_SHA1 && 453 memcmp(j->data(), kHashes[i], base::kSHA1Length) == 0) { 454 return true; 455 } 456 } 457 } 458 459 return false; 460 } 461 462 static const size_t kMaxDomainLength = 18; 463 464 // CheckNameConstraints verifies that every name in |dns_names| is in one of 465 // the domains specified by |domains|. The |domains| array is terminated by an 466 // empty string. 467 static bool CheckNameConstraints(const std::vector<std::string>& dns_names, 468 const char domains[][kMaxDomainLength]) { 469 for (std::vector<std::string>::const_iterator i = dns_names.begin(); 470 i != dns_names.end(); ++i) { 471 bool ok = false; 472 url::CanonHostInfo host_info; 473 const std::string dns_name = CanonicalizeHost(*i, &host_info); 474 if (host_info.IsIPAddress()) 475 continue; 476 477 const size_t registry_len = registry_controlled_domains::GetRegistryLength( 478 dns_name, 479 registry_controlled_domains::EXCLUDE_UNKNOWN_REGISTRIES, 480 registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES); 481 // If the name is not in a known TLD, ignore it. This permits internal 482 // names. 483 if (registry_len == 0) 484 continue; 485 486 for (size_t j = 0; domains[j][0]; ++j) { 487 const size_t domain_length = strlen(domains[j]); 488 // The DNS name must have "." + domains[j] as a suffix. 489 if (i->size() <= (1 /* period before domain */ + domain_length)) 490 continue; 491 492 const char* suffix = &dns_name[i->size() - domain_length - 1]; 493 if (suffix[0] != '.') 494 continue; 495 if (memcmp(&suffix[1], domains[j], domain_length) != 0) 496 continue; 497 ok = true; 498 break; 499 } 500 501 if (!ok) 502 return false; 503 } 504 505 return true; 506 } 507 508 // PublicKeyDomainLimitation contains a SHA1, SPKI hash and a pointer to an 509 // array of fixed-length strings that contain the domains that the SPKI is 510 // allowed to issue for. 511 struct PublicKeyDomainLimitation { 512 uint8 public_key[base::kSHA1Length]; 513 const char (*domains)[kMaxDomainLength]; 514 }; 515 516 // static 517 bool CertVerifyProc::HasNameConstraintsViolation( 518 const HashValueVector& public_key_hashes, 519 const std::string& common_name, 520 const std::vector<std::string>& dns_names, 521 const std::vector<std::string>& ip_addrs) { 522 static const char kDomainsANSSI[][kMaxDomainLength] = { 523 "fr", // France 524 "gp", // Guadeloupe 525 "gf", // Guyane 526 "mq", // Martinique 527 "re", // Runion 528 "yt", // Mayotte 529 "pm", // Saint-Pierre et Miquelon 530 "bl", // Saint Barthlemy 531 "mf", // Saint Martin 532 "wf", // Wallis et Futuna 533 "pf", // Polynsie franaise 534 "nc", // Nouvelle Caldonie 535 "tf", // Terres australes et antarctiques franaises 536 "", 537 }; 538 539 static const char kDomainsIndiaCCA[][kMaxDomainLength] = { 540 "gov.in", 541 "nic.in", 542 "ac.in", 543 "rbi.org.in", 544 "bankofindia.co.in", 545 "ncode.in", 546 "tcs.co.in", 547 "", 548 }; 549 550 static const char kDomainsTest[][kMaxDomainLength] = { 551 "example.com", 552 "", 553 }; 554 555 static const PublicKeyDomainLimitation kLimits[] = { 556 // C=FR, ST=France, L=Paris, O=PM/SGDN, OU=DCSSI, 557 // CN=IGC/A/emailAddress=igca (at) sgdn.pm.gouv.fr 558 { 559 {0x79, 0x23, 0xd5, 0x8d, 0x0f, 0xe0, 0x3c, 0xe6, 0xab, 0xad, 560 0xae, 0x27, 0x1a, 0x6d, 0x94, 0xf4, 0x14, 0xd1, 0xa8, 0x73}, 561 kDomainsANSSI, 562 }, 563 // C=IN, O=India PKI, CN=CCA India 2007 564 // Expires: July 4th 2015. 565 { 566 {0xfe, 0xe3, 0x95, 0x21, 0x2d, 0x5f, 0xea, 0xfc, 0x7e, 0xdc, 567 0xcf, 0x88, 0x3f, 0x1e, 0xc0, 0x58, 0x27, 0xd8, 0xb8, 0xe4}, 568 kDomainsIndiaCCA, 569 }, 570 // C=IN, O=India PKI, CN=CCA India 2011 571 // Expires: March 11 2016. 572 { 573 {0xf1, 0x42, 0xf6, 0xa2, 0x7d, 0x29, 0x3e, 0xa8, 0xf9, 0x64, 574 0x52, 0x56, 0xed, 0x07, 0xa8, 0x63, 0xf2, 0xdb, 0x1c, 0xdf}, 575 kDomainsIndiaCCA, 576 }, 577 // C=IN, O=India PKI, CN=CCA India 2014 578 // Expires: March 5 2024. 579 { 580 {0x36, 0x8c, 0x4a, 0x1e, 0x2d, 0xb7, 0x81, 0xe8, 0x6b, 0xed, 581 0x5a, 0x0a, 0x42, 0xb8, 0xc5, 0xcf, 0x6d, 0xb3, 0x57, 0xe1}, 582 kDomainsIndiaCCA, 583 }, 584 // Not a real certificate - just for testing. This is the SPKI hash of 585 // the keys used in net/data/ssl/certificates/name_constraint_*.crt. 586 { 587 {0x61, 0xec, 0x82, 0x8b, 0xdb, 0x5c, 0x78, 0x2a, 0x8f, 0xcc, 588 0x4f, 0x0f, 0x14, 0xbb, 0x85, 0x31, 0x93, 0x9f, 0xf7, 0x3d}, 589 kDomainsTest, 590 }, 591 }; 592 593 for (unsigned i = 0; i < arraysize(kLimits); ++i) { 594 for (HashValueVector::const_iterator j = public_key_hashes.begin(); 595 j != public_key_hashes.end(); ++j) { 596 if (j->tag == HASH_VALUE_SHA1 && 597 memcmp(j->data(), kLimits[i].public_key, base::kSHA1Length) == 0) { 598 if (dns_names.empty() && ip_addrs.empty()) { 599 std::vector<std::string> dns_names; 600 dns_names.push_back(common_name); 601 if (!CheckNameConstraints(dns_names, kLimits[i].domains)) 602 return true; 603 } else { 604 if (!CheckNameConstraints(dns_names, kLimits[i].domains)) 605 return true; 606 } 607 } 608 } 609 } 610 611 return false; 612 } 613 614 } // namespace net 615