[tor-bugs] #9167 [Flashproxy]: Find a more stable key pinning scheme for www.google.com
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Jun 28 17:19:30 UTC 2013
#9167: Find a more stable key pinning scheme for www.google.com
------------------------+---------------------------------------------------
Reporter: dcf | Owner: dcf
Type: defect | Status: new
Priority: normal | Milestone:
Component: Flashproxy | Version:
Keywords: | Parent:
Points: | Actualpoints:
------------------------+---------------------------------------------------
I've had to update the public key pin for www.google.com in
[https://gitweb.torproject.org/flashproxy.git/blob/HEAD:/flashproxy-reg-
appspot flashproxy-reg-appspot] often:
[https://gitweb.torproject.org/flashproxy.git/commitdiff/b159ab5b1a00bd774aa9b4a01215be62f0f1d05a
March 31],
[https://gitweb.torproject.org/flashproxy.git/commitdiff/b48bfc63db523303f7dde5c0c5bc96c68c71f042
June 13], and again today on June 28.
[https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h?revision=209003&view=markup
transport_security_state_static.h] in the Chromium source code is where
the pins are stored, I believe. That file
[https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h?view=log
hasn't had any google.com changes] since March 28. That makes me think
we're doing something wrong and hashing more than we're supposed to.
[https://github.com/agl/transport-security-state-
generate/blob/master/transport_security_state_static_generate.go
transport_security_state_static_generate.go] is the program used to
generate the Chromium file. It does:
{{{
h := sha1.New()
h.Write(cert.RawSubjectPublicKeyInfo)
}}}
Whereas flashproxy-reg-appspot does:
{{{
pubkey_der = cert.get_pubkey().as_der()
pubkey_digest = sha1(pubkey_der).digest()
}}}
The Chromium source code says:
{{{
// This file is automatically generated by
transport_security_state_static_generate.go
// These are SubjectPublicKeyInfo hashes for public key pinning. The
// hashes are SHA1 digests.
...
static const char kSPKIHash_Google1024[] =
"\x40\xc5\x40\x1d\x6f\x8c\xba\xf0\x8b\x00"
"\xed\xef\xb1\xee\x87\xd0\x05\xb3\xb9\xcd";
static const char kSPKIHash_Google2048[] =
"\x01\xb9\x21\xc5\x8d\x0b\xdf\x8d\xe0\x29"
"\xff\x9c\x92\x2e\xcd\x55\x6a\x7e\xa3\x39";
static const char kSPKIHash_GoogleBackup1024[] =
"\x7d\x5b\xa3\xca\x8e\x37\x65\x1d\x7c\x71"
"\xc3\xe3\xb7\x74\xcd\xe9\x7b\x1b\x59\x43";
static const char kSPKIHash_GoogleBackup2048[] =
"\xbe\xae\xce\xca\x34\xa7\xa8\xe7\x28\xf6"
"\x7c\x8c\x08\x31\x9d\xcb\xbe\xde\x8a\x33";
static const char kSPKIHash_GoogleG2[] =
"\x43\xda\xd6\x30\xee\x53\xf8\xa9\x80\xca"
"\x6e\xfd\x85\xf4\x6a\xa3\x79\x90\xe0\xea";
...
static const char* const kGoogleAcceptableCerts[] = {
kSPKIHash_VeriSignClass3,
kSPKIHash_VeriSignClass3_G3,
kSPKIHash_Google1024,
kSPKIHash_Google2048,
kSPKIHash_GoogleBackup1024,
kSPKIHash_GoogleBackup2048,
kSPKIHash_GoogleG2,
kSPKIHash_EquifaxSecureCA,
kSPKIHash_GeoTrustGlobal,
NULL,
};
}}}
None of these digests match what we have in flashproxy-reg-appspot:
{{{
# SHA-1 digest of expected public keys. Any of these is valid. See
# http://www.imperialviolet.org/2011/05/04/pinning.html for the reason
behind
# hashing the public key, not the entire certificate.
PUBKEY_SHA1 = tuple(x.decode("hex") for x in (
"c70ccd442ff4528c603aefef85206fd693990e09",
"1697e17a8a3317f031721b7b6293cd50643bbbd3",
"291e750bafedac444486327e50f26f64d840991a",
"1e3f66cfa0eb03136297fdb238ad6619c30ff375",
))
}}}
Our other programs using pins (flashproxy-reg-email and facilitator-email-
poller) have been more stable historically but could benefit from whatever
works for flashproxy-reg-appspot.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9167>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list