search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add signalSyncPoint to the WebGraphicsContext3D command buffer impls.
[chromium-blink-merge.git] / net / cert / cert_verify_proc.cc
bloba7f56b77a115099e217b42a0230499f0f0373c3d
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/cert/cert_verify_proc.h"
6
7 #include "base/metrics/histogram.h"
8 #include "base/sha1.h"
9 #include "build/build_config.h"
10 #include "net/base/net_errors.h"
11 #include "net/cert/cert_status_flags.h"
12 #include "net/cert/cert_verifier.h"
13 #include "net/cert/cert_verify_result.h"
14 #include "net/cert/crl_set.h"
15 #include "net/cert/x509_certificate.h"
16
17 #if defined(USE_NSS) || defined(OS_IOS)
18 #include "net/cert/cert_verify_proc_nss.h"
19 #elif defined(USE_OPENSSL) && !defined(OS_ANDROID)
20 #include "net/cert/cert_verify_proc_openssl.h"
21 #elif defined(OS_ANDROID)
22 #include "net/cert/cert_verify_proc_android.h"
23 #elif defined(OS_MACOSX)
24 #include "net/cert/cert_verify_proc_mac.h"
25 #elif defined(OS_WIN)
26 #include "net/cert/cert_verify_proc_win.h"
27 #else
28 #error Implement certificate verification.
29 #endif
30
31
32 namespace net {
33
34 namespace {
35
36 // Returns true if |type| is |kPublicKeyTypeRSA| or |kPublicKeyTypeDSA|, and
37 // if |size_bits| is < 1024. Note that this means there may be false
38 // negatives: keys for other algorithms and which are weak will pass this
39 // test.
40 bool IsWeakKey(X509Certificate::PublicKeyType type, size_t size_bits) {
41 switch (type) {
42 case X509Certificate::kPublicKeyTypeRSA:
43 case X509Certificate::kPublicKeyTypeDSA:
44 return size_bits < 1024;
45 default:
46 return false;
47 }
48 }
49
50 } // namespace
51
52 // static
53 CertVerifyProc* CertVerifyProc::CreateDefault() {
54 #if defined(USE_NSS) || defined(OS_IOS)
55 return new CertVerifyProcNSS();
56 #elif defined(USE_OPENSSL) && !defined(OS_ANDROID)
57 return new CertVerifyProcOpenSSL();
58 #elif defined(OS_ANDROID)
59 return new CertVerifyProcAndroid();
60 #elif defined(OS_MACOSX)
61 return new CertVerifyProcMac();
62 #elif defined(OS_WIN)
63 return new CertVerifyProcWin();
64 #else
65 return NULL;
66 #endif
67 }
68
69 CertVerifyProc::CertVerifyProc() {}
70
71 CertVerifyProc::~CertVerifyProc() {}
72
73 int CertVerifyProc::Verify(X509Certificate* cert,
74 const std::string& hostname,
75 int flags,
76 CRLSet* crl_set,
77 const CertificateList& additional_trust_anchors,
78 CertVerifyResult* verify_result) {
79 verify_result->Reset();
80 verify_result->verified_cert = cert;
81
82 if (IsBlacklisted(cert)) {
83 verify_result->cert_status |= CERT_STATUS_REVOKED;
84 return ERR_CERT_REVOKED;
85 }
86
87 // If EV verification was requested and no CRLSet is present, or if the
88 // CRLSet has expired, then enable online revocation checks. If the online
89 // check fails, EV status won't be shown.
90 //
91 // TODO(rsleevi): http://crbug.com/142974 - Allow preferences to fully
92 // disable revocation checking.
93 if ((flags & CertVerifier::VERIFY_EV_CERT) &&
94 (!crl_set || crl_set->IsExpired())) {
95 flags |= CertVerifier::VERIFY_REV_CHECKING_ENABLED_EV_ONLY;
96 }
97
98 int rv = VerifyInternal(cert, hostname, flags, crl_set,
99 additional_trust_anchors, verify_result);
100
101 // This check is done after VerifyInternal so that VerifyInternal can fill
102 // in the list of public key hashes.
103 if (IsPublicKeyBlacklisted(verify_result->public_key_hashes)) {
104 verify_result->cert_status |= CERT_STATUS_REVOKED;
105 rv = MapCertStatusToNetError(verify_result->cert_status);
106 }
107
108 // Check for weak keys in the entire verified chain.
109 size_t size_bits = 0;
110 X509Certificate::PublicKeyType type =
111 X509Certificate::kPublicKeyTypeUnknown;
112 bool weak_key = false;
113
114 X509Certificate::GetPublicKeyInfo(
115 verify_result->verified_cert->os_cert_handle(), &size_bits, &type);
116 if (IsWeakKey(type, size_bits)) {
117 weak_key = true;
118 } else {
119 const X509Certificate::OSCertHandles& intermediates =
120 verify_result->verified_cert->GetIntermediateCertificates();
121 for (size_t i = 0; i < intermediates.size(); ++i) {
122 X509Certificate::GetPublicKeyInfo(intermediates[i], &size_bits, &type);
123 if (IsWeakKey(type, size_bits))
124 weak_key = true;
125 }
126 }
127
128 if (weak_key) {
129 verify_result->cert_status |= CERT_STATUS_WEAK_KEY;
130 // Avoid replacing a more serious error, such as an OS/library failure,
131 // by ensuring that if verification failed, it failed with a certificate
132 // error.
133 if (rv == OK || IsCertificateError(rv))
134 rv = MapCertStatusToNetError(verify_result->cert_status);
135 }
136
137 // Treat certificates signed using broken signature algorithms as invalid.
138 if (verify_result->has_md2 || verify_result->has_md4) {
139 verify_result->cert_status |= CERT_STATUS_INVALID;
140 rv = MapCertStatusToNetError(verify_result->cert_status);
141 }
142
143 // Flag certificates using weak signature algorithms.
144 if (verify_result->has_md5) {
145 verify_result->cert_status |= CERT_STATUS_WEAK_SIGNATURE_ALGORITHM;
146 // Avoid replacing a more serious error, such as an OS/library failure,
147 // by ensuring that if verification failed, it failed with a certificate
148 // error.
149 if (rv == OK || IsCertificateError(rv))
150 rv = MapCertStatusToNetError(verify_result->cert_status);
151 }
152
153 return rv;
154 }
155
156 // static
157 bool CertVerifyProc::IsBlacklisted(X509Certificate* cert) {
158 static const unsigned kComodoSerialBytes = 16;
159 static const uint8 kComodoSerials[][kComodoSerialBytes] = {
160 // Not a real certificate. For testing only.
161 {0x07,0x7a,0x59,0xbc,0xd5,0x34,0x59,0x60,0x1c,0xa6,0x90,0x72,0x67,0xa6,0xdd,0x1c},
162
163 // The next nine certificates all expire on Fri Mar 14 23:59:59 2014.
164 // Some serial numbers actually have a leading 0x00 byte required to
165 // encode a positive integer in DER if the most significant bit is 0.
166 // We omit the leading 0x00 bytes to make all serial numbers 16 bytes.
167
168 // Subject: CN=mail.google.com
169 // subjectAltName dNSName: mail.google.com, www.mail.google.com
170 {0x04,0x7e,0xcb,0xe9,0xfc,0xa5,0x5f,0x7b,0xd0,0x9e,0xae,0x36,0xe1,0x0c,0xae,0x1e},
171 // Subject: CN=global trustee
172 // subjectAltName dNSName: global trustee
173 // Note: not a CA certificate.
174 {0xd8,0xf3,0x5f,0x4e,0xb7,0x87,0x2b,0x2d,0xab,0x06,0x92,0xe3,0x15,0x38,0x2f,0xb0},
175 // Subject: CN=login.live.com
176 // subjectAltName dNSName: login.live.com, www.login.live.com
177 {0xb0,0xb7,0x13,0x3e,0xd0,0x96,0xf9,0xb5,0x6f,0xae,0x91,0xc8,0x74,0xbd,0x3a,0xc0},
178 // Subject: CN=addons.mozilla.org
179 // subjectAltName dNSName: addons.mozilla.org, www.addons.mozilla.org
180 {0x92,0x39,0xd5,0x34,0x8f,0x40,0xd1,0x69,0x5a,0x74,0x54,0x70,0xe1,0xf2,0x3f,0x43},
181 // Subject: CN=login.skype.com
182 // subjectAltName dNSName: login.skype.com, www.login.skype.com
183 {0xe9,0x02,0x8b,0x95,0x78,0xe4,0x15,0xdc,0x1a,0x71,0x0a,0x2b,0x88,0x15,0x44,0x47},
184 // Subject: CN=login.yahoo.com
185 // subjectAltName dNSName: login.yahoo.com, www.login.yahoo.com
186 {0xd7,0x55,0x8f,0xda,0xf5,0xf1,0x10,0x5b,0xb2,0x13,0x28,0x2b,0x70,0x77,0x29,0xa3},
187 // Subject: CN=www.google.com
188 // subjectAltName dNSName: www.google.com, google.com
189 {0xf5,0xc8,0x6a,0xf3,0x61,0x62,0xf1,0x3a,0x64,0xf5,0x4f,0x6d,0xc9,0x58,0x7c,0x06},
190 // Subject: CN=login.yahoo.com
191 // subjectAltName dNSName: login.yahoo.com
192 {0x39,0x2a,0x43,0x4f,0x0e,0x07,0xdf,0x1f,0x8a,0xa3,0x05,0xde,0x34,0xe0,0xc2,0x29},
193 // Subject: CN=login.yahoo.com
194 // subjectAltName dNSName: login.yahoo.com
195 {0x3e,0x75,0xce,0xd4,0x6b,0x69,0x30,0x21,0x21,0x88,0x30,0xae,0x86,0xa8,0x2a,0x71},
196 };
197
198 const std::string& serial_number = cert->serial_number();
199 if (!serial_number.empty() && (serial_number[0] & 0x80) != 0) {
200 // This is a negative serial number, which isn't technically allowed but
201 // which probably happens. In order to avoid confusing a negative serial
202 // number with a positive one once the leading zeros have been removed, we
203 // disregard it.
204 return false;
205 }
206
207 base::StringPiece serial(serial_number);
208 // Remove leading zeros.
209 while (serial.size() > 1 && serial[0] == 0)
210 serial.remove_prefix(1);
211
212 if (serial.size() == kComodoSerialBytes) {
213 for (unsigned i = 0; i < arraysize(kComodoSerials); i++) {
214 if (memcmp(kComodoSerials[i], serial.data(), kComodoSerialBytes) == 0) {
215 UMA_HISTOGRAM_ENUMERATION("Net.SSLCertBlacklisted", i,
216 arraysize(kComodoSerials) + 1);
217 return true;
218 }
219 }
220 }
221
222 return false;
223 }
224
225 // static
226 // NOTE: This implementation assumes and enforces that the hashes are SHA1.
227 bool CertVerifyProc::IsPublicKeyBlacklisted(
228 const HashValueVector& public_key_hashes) {
229 static const unsigned kNumHashes = 10;
230 static const uint8 kHashes[kNumHashes][base::kSHA1Length] = {
231 // Subject: CN=DigiNotar Root CA
232 // Issuer: CN=Entrust.net x2 and self-signed
233 {0x41, 0x0f, 0x36, 0x36, 0x32, 0x58, 0xf3, 0x0b, 0x34, 0x7d,
234 0x12, 0xce, 0x48, 0x63, 0xe4, 0x33, 0x43, 0x78, 0x06, 0xa8},
235 // Subject: CN=DigiNotar Cyber CA
236 // Issuer: CN=GTE CyberTrust Global Root
237 {0xc4, 0xf9, 0x66, 0x37, 0x16, 0xcd, 0x5e, 0x71, 0xd6, 0x95,
238 0x0b, 0x5f, 0x33, 0xce, 0x04, 0x1c, 0x95, 0xb4, 0x35, 0xd1},
239 // Subject: CN=DigiNotar Services 1024 CA
240 // Issuer: CN=Entrust.net
241 {0xe2, 0x3b, 0x8d, 0x10, 0x5f, 0x87, 0x71, 0x0a, 0x68, 0xd9,
242 0x24, 0x80, 0x50, 0xeb, 0xef, 0xc6, 0x27, 0xbe, 0x4c, 0xa6},
243 // Subject: CN=DigiNotar PKIoverheid CA Organisatie - G2
244 // Issuer: CN=Staat der Nederlanden Organisatie CA - G2
245 {0x7b, 0x2e, 0x16, 0xbc, 0x39, 0xbc, 0xd7, 0x2b, 0x45, 0x6e,
246 0x9f, 0x05, 0x5d, 0x1d, 0xe6, 0x15, 0xb7, 0x49, 0x45, 0xdb},
247 // Subject: CN=DigiNotar PKIoverheid CA Overheid en Bedrijven
248 // Issuer: CN=Staat der Nederlanden Overheid CA
249 {0xe8, 0xf9, 0x12, 0x00, 0xc6, 0x5c, 0xee, 0x16, 0xe0, 0x39,
250 0xb9, 0xf8, 0x83, 0x84, 0x16, 0x61, 0x63, 0x5f, 0x81, 0xc5},
251 // Subject: O=Digicert Sdn. Bhd.
252 // Issuer: CN=GTE CyberTrust Global Root
253 // Expires: Jul 17 15:16:54 2012 GMT
254 {0x01, 0x29, 0xbc, 0xd5, 0xb4, 0x48, 0xae, 0x8d, 0x24, 0x96,
255 0xd1, 0xc3, 0xe1, 0x97, 0x23, 0x91, 0x90, 0x88, 0xe1, 0x52},
256 // Subject: O=Digicert Sdn. Bhd.
257 // Issuer: CN=Entrust.net Certification Authority (2048)
258 // Expires: Jul 16 17:53:37 2015 GMT
259 {0xd3, 0x3c, 0x5b, 0x41, 0xe4, 0x5c, 0xc4, 0xb3, 0xbe, 0x9a,
260 0xd6, 0x95, 0x2c, 0x4e, 0xcc, 0x25, 0x28, 0x03, 0x29, 0x81},
261 // Issuer: CN=Trustwave Organization Issuing CA, Level 2
262 // Covers two certificates, the latter of which expires Apr 15 21:09:30
263 // 2021 GMT.
264 {0xe1, 0x2d, 0x89, 0xf5, 0x6d, 0x22, 0x76, 0xf8, 0x30, 0xe6,
265 0xce, 0xaf, 0xa6, 0x6c, 0x72, 0x5c, 0x0b, 0x41, 0xa9, 0x32},
266 // Cyberoam CA certificate. Private key leaked, but this certificate would
267 // only have been installed by Cyberoam customers. The certificate expires
268 // in 2036, but we can probably remove in a couple of years (2014).
269 {0xd9, 0xf5, 0xc6, 0xce, 0x57, 0xff, 0xaa, 0x39, 0xcc, 0x7e,
270 0xd1, 0x72, 0xbd, 0x53, 0xe0, 0xd3, 0x07, 0x83, 0x4b, 0xd1},
271 // Win32/Sirefef.gen!C generates fake certifciates with this public key.
272 {0xa4, 0xf5, 0x6e, 0x9e, 0x1d, 0x9a, 0x3b, 0x7b, 0x1a, 0xc3,
273 0x31, 0xcf, 0x64, 0xfc, 0x76, 0x2c, 0xd0, 0x51, 0xfb, 0xa4},
274 };
275
276 for (unsigned i = 0; i < kNumHashes; i++) {
277 for (HashValueVector::const_iterator j = public_key_hashes.begin();
278 j != public_key_hashes.end(); ++j) {
279 if (j->tag == HASH_VALUE_SHA1 &&
280 memcmp(j->data(), kHashes[i], base::kSHA1Length) == 0) {
281 return true;
282 }
283 }
284 }
285
286 return false;
287 }
288
289 } // namespace net