Add SHA-256 fingerprint functions to x509 certs.

Previously, the x509 cert implementation only had SHA-1 based fingerprinting for
quickly creating indexing appropriate hashes. Since SHA-1 is likely
cryptographically broken, these fingerprints should not be used for any security
decisions. This adds slow SHA-256 fingerprint support for when fingerprints are
needed for security decisions.

R=rsleevi@chromium.org
BUG=262615

Review URL: https://codereview.chromium.org/412263003

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@285851 0039d316-1c4b-4281-b951-d872f2087c98

net/cert/x509_certificate.cc

@@ -14,6 +14,7 @@
 #include "base/base64.h"
 #include "base/lazy_instance.h"
 #include "base/logging.h"
+#include "base/memory/scoped_ptr.h"
 #include "base/memory/singleton.h"
 #include "base/metrics/histogram.h"
 #include "base/pickle.h"
@@ -22,6 +23,7 @@
 #include "base/strings/string_util.h"
 #include "base/synchronization/lock.h"
 #include "base/time/time.h"
+#include "crypto/secure_hash.h"
 #include "net/base/net_util.h"
 #include "net/base/registry_controlled_domains/registry_controlled_domain.h"
 #include "net/cert/pem_tokenizer.h"
@@ -705,6 +707,37 @@ bool X509Certificate::GetPEMEncodedChain(
   return true;
 }
 
+// static
+SHA256HashValue X509Certificate::CalculateCAFingerprint256(
+    const OSCertHandles& intermediates) {
+  SHA256HashValue sha256;
+  memset(sha256.data, 0, sizeof(sha256.data));
+
+  scoped_ptr<crypto::SecureHash> hash(
+      crypto::SecureHash::Create(crypto::SecureHash::SHA256));
+
+  for (size_t i = 0; i < intermediates.size(); ++i) {
+    std::string der_encoded;
+    if (!GetDEREncoded(intermediates[i], &der_encoded))
+      return sha256;
+    hash->Update(der_encoded.c_str(), der_encoded.length());
+  }
+  hash->Finish(sha256.data, sizeof(sha256.data));
+
+  return sha256;
+}
+
+// static
+SHA256HashValue X509Certificate::CalculateChainFingerprint256(
+    const OSCertHandle& leaf,
+    const OSCertHandles& intermediates) {
+  OSCertHandles chain;
+  chain.push_back(leaf);
+  chain.insert(chain.end(), intermediates.begin(), intermediates.end());
+
+  return CalculateCAFingerprint256(chain);
+}
+
 X509Certificate::X509Certificate(OSCertHandle cert_handle,
                                  const OSCertHandles& intermediates)
     : cert_handle_(DupOSCertHandle(cert_handle)) {

net/cert/x509_certificate.h

@@ -389,13 +389,37 @@ class NET_EXPORT X509Certificate
 
   // Calculates the SHA-1 fingerprint of the certificate.  Returns an empty
   // (all zero) fingerprint on failure.
+  //
+  // For calculating fingerprints, prefer SHA-1 for performance when indexing,
+  // but callers should use IsSameOSCert() before assuming two certificates are
+  // the same.
   static SHA1HashValue CalculateFingerprint(OSCertHandle cert_handle);
 
   // Calculates the SHA-1 fingerprint of the intermediate CA certificates.
   // Returns an empty (all zero) fingerprint on failure.
+  //
+  // See SHA-1 caveat on CalculateFingerprint().
   static SHA1HashValue CalculateCAFingerprint(
       const OSCertHandles& intermediates);
 
+  // Calculates the SHA-256 fingerprint of the intermediate CA certificates.
+  // Returns an empty (all zero) fingerprint on failure.
+  //
+  // The implementation currently relies on the crypto::SecureHash utilities,
+  // which are not as fast as implementing this directly for each platform since
+  // the consumers are not expected to be performance critical. If performance
+  // is a concern going forward, it may be warranted to implement this on a
+  // per-platform basis.
+  static SHA256HashValue CalculateCAFingerprint256(
+      const OSCertHandles& intermediates);
+
+  // Calculates the SHA-256 fingerprint for the complete chain, including the
+  // leaf certificate and all intermediate CA certificates. Returns an empty
+  // (all zero) fingerprint on failure.
+  static SHA256HashValue CalculateChainFingerprint256(
+      const OSCertHandle& leaf,
+      const OSCertHandles& intermediates);
+
  private:
   friend class base::RefCountedThreadSafe<X509Certificate>;
   friend class TestRootCerts;  // For unit tests

net/cert/x509_certificate_unittest.cc

@@ -375,6 +375,80 @@ TEST(X509CertificateTest, CAFingerprints) {
                      cert_chain2_ca_fingerprint, 20) == 0);
   EXPECT_TRUE(memcmp(cert_chain3->ca_fingerprint().data,
                      cert_chain3_ca_fingerprint, 20) == 0);
+
+  // Test the SHA-256 hash calculation functions explicitly since they are not
+  // used by X509Certificate internally.
+  static const uint8 cert_chain1_ca_fingerprint_256[32] = {
+    0x51, 0x15, 0x30, 0x49, 0x97, 0x54, 0xf8, 0xb4, 0x17, 0x41,
+    0x6b, 0x58, 0x78, 0xb0, 0x89, 0xd2, 0xc3, 0xae, 0x66, 0xc1,
+    0x16, 0x80, 0xa0, 0x78, 0xe7, 0x53, 0x45, 0xa2, 0xfb, 0x80,
+    0xe1, 0x07
+  };
+  static const uint8 cert_chain2_ca_fingerprint_256[32] = {
+    0x00, 0xbd, 0x2b, 0x0e, 0xdd, 0x83, 0x40, 0xb1, 0x74, 0x6c,
+    0xc3, 0x95, 0xc0, 0xe3, 0x55, 0xb2, 0x16, 0x58, 0x53, 0xfd,
+    0xb9, 0x3c, 0x52, 0xda, 0xdd, 0xa8, 0x22, 0x8b, 0x07, 0x00,
+    0x2d, 0xce
+  };
+  // The SHA-256 hash of nothing.
+  static const uint8 cert_chain3_ca_fingerprint_256[32] = {
+    0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb,
+    0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4,
+    0x64, 0x9b, 0x93, 0x4c, 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52,
+    0xb8, 0x55
+  };
+  SHA256HashValue ca_fingerprint_256_chain_1 =
+      X509Certificate::CalculateCAFingerprint256(
+          cert_chain1->GetIntermediateCertificates());
+  SHA256HashValue ca_fingerprint_256_chain_2 =
+      X509Certificate::CalculateCAFingerprint256(
+          cert_chain2->GetIntermediateCertificates());
+  SHA256HashValue ca_fingerprint_256_chain_3 =
+      X509Certificate::CalculateCAFingerprint256(
+          cert_chain3->GetIntermediateCertificates());
+  EXPECT_TRUE(memcmp(ca_fingerprint_256_chain_1.data,
+                     cert_chain1_ca_fingerprint_256, 32) == 0);
+  EXPECT_TRUE(memcmp(ca_fingerprint_256_chain_2.data,
+                     cert_chain2_ca_fingerprint_256, 32) == 0);
+  EXPECT_TRUE(memcmp(ca_fingerprint_256_chain_3.data,
+                     cert_chain3_ca_fingerprint_256, 32) == 0);
+
+  static const uint8 cert_chain1_full_chain_fingerprint_256[32] = {
+    0xac, 0xff, 0xcc, 0x63, 0x0d, 0xd0, 0xa7, 0x19, 0x78, 0xb5,
+    0x8a, 0x47, 0x8b, 0x67, 0x97, 0xcb, 0x8d, 0xe1, 0x6a, 0x8a,
+    0x57, 0x70, 0xda, 0x9a, 0x53, 0x72, 0xe2, 0xa0, 0x08, 0xab,
+    0xcc, 0x8f
+  };
+  static const uint8 cert_chain2_full_chain_fingerprint_256[32] = {
+    0x67, 0x3a, 0x11, 0x20, 0xd6, 0x94, 0x14, 0xe4, 0x16, 0x9f,
+    0x58, 0xe2, 0x8b, 0xf7, 0x27, 0xed, 0xbb, 0xe8, 0xa7, 0xff,
+    0x1c, 0x8c, 0x0f, 0x21, 0x38, 0x16, 0x7c, 0xad, 0x1f, 0x22,
+    0x6f, 0x9b
+  };
+  static const uint8 cert_chain3_full_chain_fingerprint_256[32] = {
+    0x16, 0x7a, 0xbd, 0xb4, 0x57, 0x04, 0x65, 0x3c, 0x3b, 0xef,
+    0x6e, 0x6a, 0xa6, 0x02, 0x73, 0x30, 0x3e, 0x34, 0x1b, 0x43,
+    0xc2, 0x7c, 0x98, 0x52, 0x9f, 0x34, 0x7f, 0x55, 0x97, 0xe9,
+    0x1a, 0x10
+  };
+  SHA256HashValue ca_fingerprint_256_full_chain_1 =
+      X509Certificate::CalculateChainFingerprint256(
+          cert_chain1->os_cert_handle(),
+          cert_chain1->GetIntermediateCertificates());
+  SHA256HashValue ca_fingerprint_256_full_chain_2 =
+      X509Certificate::CalculateChainFingerprint256(
+          cert_chain2->os_cert_handle(),
+          cert_chain2->GetIntermediateCertificates());
+  SHA256HashValue ca_fingerprint_256_full_chain_3 =
+      X509Certificate::CalculateChainFingerprint256(
+          cert_chain3->os_cert_handle(),
+          cert_chain3->GetIntermediateCertificates());
+  EXPECT_TRUE(memcmp(ca_fingerprint_256_full_chain_1.data,
+                     cert_chain1_full_chain_fingerprint_256, 32) == 0);
+  EXPECT_TRUE(memcmp(ca_fingerprint_256_full_chain_2.data,
+                     cert_chain2_full_chain_fingerprint_256, 32) == 0);
+  EXPECT_TRUE(memcmp(ca_fingerprint_256_full_chain_3.data,
+                     cert_chain3_full_chain_fingerprint_256, 32) == 0);
 }
 
 TEST(X509CertificateTest, ParseSubjectAltNames) {