1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/http/transport_security_state.h"
7 #if defined(USE_OPENSSL)
8 #include <openssl/ecdsa.h>
9 #include <openssl/ssl.h>
10 #else // !defined(USE_OPENSSL)
20 #include "base/base64.h"
21 #include "base/build_time.h"
22 #include "base/logging.h"
23 #include "base/memory/scoped_ptr.h"
24 #include "base/metrics/histogram.h"
25 #include "base/sha1.h"
26 #include "base/strings/string_number_conversions.h"
27 #include "base/strings/string_util.h"
28 #include "base/strings/utf_string_conversions.h"
29 #include "base/time/time.h"
30 #include "base/values.h"
31 #include "crypto/sha2.h"
32 #include "net/base/dns_util.h"
33 #include "net/cert/x509_cert_types.h"
34 #include "net/cert/x509_certificate.h"
35 #include "net/http/http_security_headers.h"
36 #include "net/ssl/ssl_info.h"
39 #if defined(USE_OPENSSL)
40 #include "crypto/openssl_util.h"
47 std::string HashesToBase64String(const HashValueVector& hashes) {
49 for (size_t i = 0; i != hashes.size(); ++i) {
52 str += hashes[i].ToString();
57 std::string HashHost(const std::string& canonicalized_host) {
58 char hashed[crypto::kSHA256Length];
59 crypto::SHA256HashString(canonicalized_host, hashed, sizeof(hashed));
60 return std::string(hashed, sizeof(hashed));
63 // Returns true if the intersection of |a| and |b| is not empty. If either
64 // |a| or |b| is empty, returns false.
65 bool HashesIntersect(const HashValueVector& a,
66 const HashValueVector& b) {
67 for (HashValueVector::const_iterator i = a.begin(); i != a.end(); ++i) {
68 HashValueVector::const_iterator j =
69 std::find_if(b.begin(), b.end(), HashValuesEqual(*i));
76 bool AddHash(const char* sha1_hash,
77 HashValueVector* out) {
78 HashValue hash(HASH_VALUE_SHA1);
79 memcpy(hash.data(), sha1_hash, hash.size());
86 TransportSecurityState::TransportSecurityState()
88 DCHECK(CalledOnValidThread());
91 TransportSecurityState::Iterator::Iterator(const TransportSecurityState& state)
92 : iterator_(state.enabled_hosts_.begin()),
93 end_(state.enabled_hosts_.end()) {
96 TransportSecurityState::Iterator::~Iterator() {}
98 void TransportSecurityState::SetDelegate(
99 TransportSecurityState::Delegate* delegate) {
100 DCHECK(CalledOnValidThread());
101 delegate_ = delegate;
104 void TransportSecurityState::EnableHost(const std::string& host,
105 const DomainState& state) {
106 DCHECK(CalledOnValidThread());
108 const std::string canonicalized_host = CanonicalizeHost(host);
109 if (canonicalized_host.empty())
112 DomainState state_copy(state);
113 // No need to store this value since it is redundant. (|canonicalized_host|
115 state_copy.domain.clear();
117 enabled_hosts_[HashHost(canonicalized_host)] = state_copy;
121 bool TransportSecurityState::DeleteDynamicDataForHost(const std::string& host) {
122 DCHECK(CalledOnValidThread());
124 const std::string canonicalized_host = CanonicalizeHost(host);
125 if (canonicalized_host.empty())
128 DomainStateMap::iterator i = enabled_hosts_.find(
129 HashHost(canonicalized_host));
130 if (i != enabled_hosts_.end()) {
131 enabled_hosts_.erase(i);
138 bool TransportSecurityState::GetDomainState(const std::string& host,
140 DomainState* result) {
141 DCHECK(CalledOnValidThread());
144 const std::string canonicalized_host = CanonicalizeHost(host);
145 if (canonicalized_host.empty())
148 bool has_preload = GetStaticDomainState(canonicalized_host, sni_enabled,
150 std::string canonicalized_preload = CanonicalizeHost(state.domain);
151 GetDynamicDomainState(host, &state);
153 base::Time current_time(base::Time::Now());
155 for (size_t i = 0; canonicalized_host[i]; i += canonicalized_host[i] + 1) {
156 std::string host_sub_chunk(&canonicalized_host[i],
157 canonicalized_host.size() - i);
158 // Exact match of a preload always wins.
159 if (has_preload && host_sub_chunk == canonicalized_preload) {
164 DomainStateMap::iterator j =
165 enabled_hosts_.find(HashHost(host_sub_chunk));
166 if (j == enabled_hosts_.end())
169 if (current_time > j->second.upgrade_expiry &&
170 current_time > j->second.dynamic_spki_hashes_expiry) {
171 enabled_hosts_.erase(j);
177 state.domain = DNSDomainToString(host_sub_chunk);
179 // Succeed if we matched the domain exactly or if subdomain matches are
181 if (i == 0 || j->second.sts_include_subdomains ||
182 j->second.pkp_include_subdomains) {
193 void TransportSecurityState::ClearDynamicData() {
194 DCHECK(CalledOnValidThread());
195 enabled_hosts_.clear();
198 void TransportSecurityState::DeleteAllDynamicDataSince(const base::Time& time) {
199 DCHECK(CalledOnValidThread());
201 bool dirtied = false;
203 DomainStateMap::iterator i = enabled_hosts_.begin();
204 while (i != enabled_hosts_.end()) {
205 if (i->second.created >= time) {
207 enabled_hosts_.erase(i++);
217 TransportSecurityState::~TransportSecurityState() {
218 DCHECK(CalledOnValidThread());
221 void TransportSecurityState::DirtyNotify() {
222 DCHECK(CalledOnValidThread());
225 delegate_->StateIsDirty(this);
229 std::string TransportSecurityState::CanonicalizeHost(const std::string& host) {
230 // We cannot perform the operations as detailed in the spec here as |host|
231 // has already undergone IDN processing before it reached us. Thus, we check
232 // that there are no invalid characters in the host and lowercase the result.
234 std::string new_host;
235 if (!DNSDomainFromDot(host, &new_host)) {
236 // DNSDomainFromDot can fail if any label is > 63 bytes or if the whole
237 // name is >255 bytes. However, search terms can have those properties.
238 return std::string();
241 for (size_t i = 0; new_host[i]; i += new_host[i] + 1) {
242 const unsigned label_length = static_cast<unsigned>(new_host[i]);
246 for (size_t j = 0; j < label_length; ++j) {
247 new_host[i + 1 + j] = tolower(new_host[i + 1 + j]);
254 // |ReportUMAOnPinFailure| uses these to report which domain was associated
255 // with the public key pinning failure.
257 // DO NOT CHANGE THE ORDERING OF THESE NAMES OR REMOVE ANY OF THEM. Add new
258 // domains at the END of the listing (but before DOMAIN_NUM_EVENTS).
259 enum SecondLevelDomainName {
264 DOMAIN_GOOGLE_ANALYTICS_COM,
265 DOMAIN_GOOGLEPLEX_COM,
267 DOMAIN_GOOGLEUSERCONTENT_COM,
269 DOMAIN_GOOGLEAPIS_COM,
270 DOMAIN_GOOGLEADSERVICES_COM,
271 DOMAIN_GOOGLECODE_COM,
273 DOMAIN_GOOGLESYNDICATION_COM,
274 DOMAIN_DOUBLECLICK_NET,
277 DOMAIN_GOOGLEMAIL_COM,
278 DOMAIN_GOOGLEGROUPS_COM,
280 DOMAIN_TORPROJECT_ORG,
290 DOMAIN_GOOGLECOMMERCE_COM,
517 // Boundary value for UMA_HISTOGRAM_ENUMERATION:
521 // PublicKeyPins contains a number of SubjectPublicKeyInfo hashes for a site.
522 // The validated certificate chain for the site must not include any of
523 // |excluded_hashes| and must include one or more of |required_hashes|.
524 struct PublicKeyPins {
525 const char* const* required_hashes;
526 const char* const* excluded_hashes;
531 bool include_subdomains;
535 SecondLevelDomainName second_level_domain_name;
538 static bool HasPreload(const struct HSTSPreload* entries, size_t num_entries,
539 const std::string& canonicalized_host, size_t i,
540 TransportSecurityState::DomainState* out, bool* ret) {
541 for (size_t j = 0; j < num_entries; j++) {
542 if (entries[j].length == canonicalized_host.size() - i &&
543 memcmp(entries[j].dns_name, &canonicalized_host[i],
544 entries[j].length) == 0) {
545 if (!entries[j].include_subdomains && i != 0) {
548 out->sts_include_subdomains = entries[j].include_subdomains;
549 out->pkp_include_subdomains = entries[j].include_subdomains;
551 if (!entries[j].https_required)
552 out->upgrade_mode = TransportSecurityState::DomainState::MODE_DEFAULT;
553 if (entries[j].pins.required_hashes) {
554 const char* const* sha1_hash = entries[j].pins.required_hashes;
556 AddHash(*sha1_hash, &out->static_spki_hashes);
560 if (entries[j].pins.excluded_hashes) {
561 const char* const* sha1_hash = entries[j].pins.excluded_hashes;
563 AddHash(*sha1_hash, &out->bad_static_spki_hashes);
574 #include "net/http/transport_security_state_static.h"
576 // Returns the HSTSPreload entry for the |canonicalized_host| in |entries|,
577 // or NULL if there is none. Prefers exact hostname matches to those that
578 // match only because HSTSPreload.include_subdomains is true.
580 // |canonicalized_host| should be the hostname as canonicalized by
582 static const struct HSTSPreload* GetHSTSPreload(
583 const std::string& canonicalized_host,
584 const struct HSTSPreload* entries,
585 size_t num_entries) {
586 for (size_t i = 0; canonicalized_host[i]; i += canonicalized_host[i] + 1) {
587 for (size_t j = 0; j < num_entries; j++) {
588 const struct HSTSPreload* entry = entries + j;
590 if (i != 0 && !entry->include_subdomains)
593 if (entry->length == canonicalized_host.size() - i &&
594 memcmp(entry->dns_name, &canonicalized_host[i], entry->length) == 0) {
603 bool TransportSecurityState::AddHSTSHeader(const std::string& host,
604 const std::string& value) {
605 DCHECK(CalledOnValidThread());
607 base::Time now = base::Time::Now();
608 base::TimeDelta max_age;
609 TransportSecurityState::DomainState domain_state;
610 GetDynamicDomainState(host, &domain_state);
611 if (ParseHSTSHeader(value, &max_age, &domain_state.sts_include_subdomains)) {
612 // Handle max-age == 0
613 if (max_age.InSeconds() == 0)
614 domain_state.upgrade_mode = DomainState::MODE_DEFAULT;
616 domain_state.upgrade_mode = DomainState::MODE_FORCE_HTTPS;
617 domain_state.created = now;
618 domain_state.upgrade_expiry = now + max_age;
619 EnableHost(host, domain_state);
625 bool TransportSecurityState::AddHPKPHeader(const std::string& host,
626 const std::string& value,
627 const SSLInfo& ssl_info) {
628 DCHECK(CalledOnValidThread());
630 base::Time now = base::Time::Now();
631 base::TimeDelta max_age;
632 TransportSecurityState::DomainState domain_state;
633 GetDynamicDomainState(host, &domain_state);
634 if (ParseHPKPHeader(value, ssl_info.public_key_hashes,
635 &max_age, &domain_state.pkp_include_subdomains,
636 &domain_state.dynamic_spki_hashes)) {
637 // TODO(palmer): http://crbug.com/243865 handle max-age == 0.
638 domain_state.created = now;
639 domain_state.dynamic_spki_hashes_expiry = now + max_age;
640 EnableHost(host, domain_state);
646 bool TransportSecurityState::AddHSTS(const std::string& host,
647 const base::Time& expiry,
648 bool include_subdomains) {
649 DCHECK(CalledOnValidThread());
651 // Copy-and-modify the existing DomainState for this host (if any).
652 TransportSecurityState::DomainState domain_state;
653 const std::string canonicalized_host = CanonicalizeHost(host);
654 const std::string hashed_host = HashHost(canonicalized_host);
655 DomainStateMap::const_iterator i = enabled_hosts_.find(
657 if (i != enabled_hosts_.end())
658 domain_state = i->second;
660 domain_state.created = base::Time::Now();
661 domain_state.sts_include_subdomains = include_subdomains;
662 domain_state.upgrade_expiry = expiry;
663 domain_state.upgrade_mode = DomainState::MODE_FORCE_HTTPS;
664 EnableHost(host, domain_state);
668 bool TransportSecurityState::AddHPKP(const std::string& host,
669 const base::Time& expiry,
670 bool include_subdomains,
671 const HashValueVector& hashes) {
672 DCHECK(CalledOnValidThread());
674 // Copy-and-modify the existing DomainState for this host (if any).
675 TransportSecurityState::DomainState domain_state;
676 const std::string canonicalized_host = CanonicalizeHost(host);
677 const std::string hashed_host = HashHost(canonicalized_host);
678 DomainStateMap::const_iterator i = enabled_hosts_.find(
680 if (i != enabled_hosts_.end())
681 domain_state = i->second;
683 domain_state.created = base::Time::Now();
684 domain_state.pkp_include_subdomains = include_subdomains;
685 domain_state.dynamic_spki_hashes_expiry = expiry;
686 domain_state.dynamic_spki_hashes = hashes;
687 EnableHost(host, domain_state);
692 bool TransportSecurityState::IsGooglePinnedProperty(const std::string& host,
694 std::string canonicalized_host = CanonicalizeHost(host);
695 const struct HSTSPreload* entry =
696 GetHSTSPreload(canonicalized_host, kPreloadedSTS, kNumPreloadedSTS);
698 if (entry && entry->pins.required_hashes == kGoogleAcceptableCerts)
702 entry = GetHSTSPreload(canonicalized_host, kPreloadedSNISTS,
703 kNumPreloadedSNISTS);
704 if (entry && entry->pins.required_hashes == kGoogleAcceptableCerts)
712 void TransportSecurityState::ReportUMAOnPinFailure(const std::string& host) {
713 std::string canonicalized_host = CanonicalizeHost(host);
715 const struct HSTSPreload* entry =
716 GetHSTSPreload(canonicalized_host, kPreloadedSTS, kNumPreloadedSTS);
719 entry = GetHSTSPreload(canonicalized_host, kPreloadedSNISTS,
720 kNumPreloadedSNISTS);
724 // We don't care to report pin failures for dynamic pins.
729 DCHECK(entry->pins.required_hashes);
730 DCHECK(entry->second_level_domain_name != DOMAIN_NOT_PINNED);
732 UMA_HISTOGRAM_ENUMERATION("Net.PublicKeyPinFailureDomain",
733 entry->second_level_domain_name, DOMAIN_NUM_EVENTS);
737 bool TransportSecurityState::IsBuildTimely() {
738 const base::Time build_time = base::GetBuildTime();
739 // We consider built-in information to be timely for 10 weeks.
740 return (base::Time::Now() - build_time).InDays() < 70 /* 10 weeks */;
743 bool TransportSecurityState::GetStaticDomainState(
744 const std::string& canonicalized_host,
747 DCHECK(CalledOnValidThread());
749 out->upgrade_mode = DomainState::MODE_FORCE_HTTPS;
750 out->sts_include_subdomains = false;
751 out->pkp_include_subdomains = false;
753 const bool is_build_timely = IsBuildTimely();
755 for (size_t i = 0; canonicalized_host[i]; i += canonicalized_host[i] + 1) {
756 std::string host_sub_chunk(&canonicalized_host[i],
757 canonicalized_host.size() - i);
758 out->domain = DNSDomainToString(host_sub_chunk);
760 if (is_build_timely &&
761 HasPreload(kPreloadedSTS, kNumPreloadedSTS, canonicalized_host, i, out,
767 HasPreload(kPreloadedSNISTS, kNumPreloadedSNISTS, canonicalized_host, i,
776 bool TransportSecurityState::GetDynamicDomainState(const std::string& host,
777 DomainState* result) {
778 DCHECK(CalledOnValidThread());
781 const std::string canonicalized_host = CanonicalizeHost(host);
782 if (canonicalized_host.empty())
785 base::Time current_time(base::Time::Now());
787 for (size_t i = 0; canonicalized_host[i]; i += canonicalized_host[i] + 1) {
788 std::string host_sub_chunk(&canonicalized_host[i],
789 canonicalized_host.size() - i);
790 DomainStateMap::iterator j =
791 enabled_hosts_.find(HashHost(host_sub_chunk));
792 if (j == enabled_hosts_.end())
795 if (current_time > j->second.upgrade_expiry &&
796 current_time > j->second.dynamic_spki_hashes_expiry) {
797 enabled_hosts_.erase(j);
803 state.domain = DNSDomainToString(host_sub_chunk);
805 // Succeed if we matched the domain exactly or if subdomain matches are
807 if (i == 0 || j->second.sts_include_subdomains ||
808 j->second.pkp_include_subdomains) {
820 void TransportSecurityState::AddOrUpdateEnabledHosts(
821 const std::string& hashed_host, const DomainState& state) {
822 DCHECK(CalledOnValidThread());
823 enabled_hosts_[hashed_host] = state;
826 TransportSecurityState::DomainState::DomainState()
827 : upgrade_mode(MODE_DEFAULT),
828 created(base::Time::Now()),
829 sts_include_subdomains(false),
830 pkp_include_subdomains(false) {
833 TransportSecurityState::DomainState::~DomainState() {
836 bool TransportSecurityState::DomainState::CheckPublicKeyPins(
837 const HashValueVector& hashes) const {
838 // Validate that hashes is not empty. By the time this code is called (in
839 // production), that should never happen, but it's good to be defensive.
840 // And, hashes *can* be empty in some test scenarios.
841 if (hashes.empty()) {
842 LOG(ERROR) << "Rejecting empty public key chain for public-key-pinned "
847 if (HashesIntersect(bad_static_spki_hashes, hashes)) {
848 LOG(ERROR) << "Rejecting public key chain for domain " << domain
849 << ". Validated chain: " << HashesToBase64String(hashes)
850 << ", matches one or more bad hashes: "
851 << HashesToBase64String(bad_static_spki_hashes);
855 // If there are no pins, then any valid chain is acceptable.
856 if (dynamic_spki_hashes.empty() && static_spki_hashes.empty())
859 if (HashesIntersect(dynamic_spki_hashes, hashes) ||
860 HashesIntersect(static_spki_hashes, hashes)) {
864 LOG(ERROR) << "Rejecting public key chain for domain " << domain
865 << ". Validated chain: " << HashesToBase64String(hashes)
866 << ", expected: " << HashesToBase64String(dynamic_spki_hashes)
867 << " or: " << HashesToBase64String(static_spki_hashes);
871 bool TransportSecurityState::DomainState::ShouldUpgradeToSSL() const {
872 return upgrade_mode == MODE_FORCE_HTTPS;
875 bool TransportSecurityState::DomainState::ShouldSSLErrorsBeFatal() const {
879 bool TransportSecurityState::DomainState::HasPublicKeyPins() const {
880 return static_spki_hashes.size() > 0 ||
881 bad_static_spki_hashes.size() > 0 ||
882 dynamic_spki_hashes.size() > 0;