1190127 - pinning implementation doesn't handle long HPKP headers

Status: RESOLVED WONTFIX

(Core :: Security: PSM, defect, P3)

Description

[Adm Selec]

User Agent: Mozilla/5.0 (Windows NT 6.1; rv:39.0) Gecko/20100101 Firefox/39.0
Build ID: 20150630154324

Steps to reproduce:

1. Visit https://rc4.io
2. Try to open https://pinningtest.rc4.io


Actual results:

The site loads successfully.


Expected results:

An error occurred during a connection to pinningtest.rc4.io. The server uses key pinning (HPKP) but no trusted certificate chain could be constructed that matches the pinset. Key pinning violations cannot be overridden. (Error code: mozilla_pkix_error_key_pinning_failure)

Comment 1

[Dana Keeler (she/her) (use needinfo) [:keeler] (on leave)]

The backend restricts the storage space it uses for the security state of any given site. rc4.io sends a long header ('pin-sha256="OIfOyh0t3fDi9OhthcB1tvG2x9hlSKJS6F6nDTfU06M="; pin-sha256="zYVmN2SmJk5Jo4hrJOEK4/43KzCS9Ne5fYuE4kzok2E="; pin-sha256="JsIzHjL+GzNoPLg9bMVah1pacOfntk2CrPl0BkBttkc="; pin-sha256="GbG532k8WC6OZpnjU6ONwKMr3LhSdjk6ZhwEsVHhgBE="; pin-sha256="CG/qev4gAXd3Mscc8VuS3w3hlYguKTxecz23YeD9pZA="; pin-sha256="MfFdEhtHwkisVDkQ9u9I4nKEEENqM0dagSAgQLD1zkQ="; pin-sha256="oYxDc4K35fcrLT8YPLKxG5wrc6e0os7gA8nr+lyQmzw="; pin-sha256="rZS5JHWhAMExpWG8KOZTGnufu4EVcjak6yBRqa6S6zA="; pin-sha256="rMxCv8znPWVu3nxjMxBUSqtbCYOGPVt/EQUG+kRoZzQ="; pin-sha256="J61DGT429L+x0XpXOY1gyYFSJ+fNMqOCgNYLkfb3leQ="; pin-sha256="yT0iaiK9uCqkAso/o1VR/qufhfcWf4aGkYdFTsYHorg="; pin-sha256="Fb6w3IAZsJFTRw0HvHiN4/OzDn+xNRF2/z06QfE0Kks="; pin-sha256="J/jnM3XWHJzBMrEMRm//Rd8RsMGm1G8lJynobIa/Z1g="; pin-sha256="NR0kHztPF2eRaYUHMUo4w8f/sSZHhAgeAHCUUGRuJHc="; pin-sha256="Y9GTsbjJn5VI4jhRZUpDvOTzyFfjpE9n01eE7wH1KTs="; pin-sha256="fYM6N/aqq6/gR2jrhGZuIhAVSH8B0VGy9TOumsusQz8="; pin-sha256="G96s8LDMdcDxOtAalXFsdzuXzDu8CsWrY8tqVnP5wjk="; pin-sha256="s0ByagdvLeURr/2dw51QiVRcEPBbK5NG8D1L0VizdkA="; pin-sha256="vOex9s62XXETm1G2Jh6MBW2fIYuxabhtStWP8A6r8rc="; pin-sha256="2w1DMHVJ2ACkz/GUfyqu3t6BlYFlQs5FMa4x09Tnxos="; pin-sha256="uMruvOi/OsLREG7/Tux/tUNzBawpINObj3V9mKFZnXA="; pin-sha256="XLWA0Hz3PhkDxqwo2OW2N54vOnqz154D2GjRKqfnjCw="; pin-sha256="lYYwQWCPLBycXNKrLKmQbdK7dCsFYFczm8YVFJj+EDk="; pin-sha256="o8UgXnsXRH/UZ9S/DKM01BKByPSPOsTQvBhIUF2QdbE="; pin-sha256="LzXpUII8GYYSZDVe2L0OrSEyl6c79AySVI66z38PL1o="; pin-sha256="5JGS5KldZw+8BBHhVGNmu+dpizZHjbfNiXkqnlHk1+4="; pin-sha256="f0JcQ/dVRUgRY2S5FbayzDbfV2lrUXGn8p7eyoX75iM="; max-age=630720000; includeSubDomains; report-uri="https://report-uri.io/report/735cf8694efb3cb261f511e8c34ffdd2"') which it fails to store. Maybe we should up the limit. We should certainly be more clear in the error message to the console (see bug 1124649).

Comment 2

[Dana Keeler (she/her) (use needinfo) [:keeler] (on leave)]

Morgan, this is the bug I was talking about. Here's the specific check that is failing:

https://hg.mozilla.org/mozilla-central/file/2ddec2dedced/security/manager/ssl/DataStorage.cpp#l240

We can increase that limit, but it would be nice to also do something that will decrease the size of the data we're storing. One option would be to just gzip the file, but since the thing that will make it large is long lists of sha-256 hashes, we probably won't get great compression out of that. Another option would be to convert the file from text to binary. That is, currently we write out the representation of whatever data/metadata we're storing as human-readable text. We could significantly reduce the file size by using some binary format instead (maybe protobuf?).

Other files you'll have to have a look at:

https://dxr.mozilla.org/mozilla-central/source/security/manager/ssl/nsSiteSecurityService.cpp
https://dxr.mozilla.org/mozilla-central/source/security/manager/ssl/tests/unit/test_sss_readstate_huge.js
https://dxr.mozilla.org/mozilla-central/source/security/manager/ssl/tests/unit/test_sss_savestate.js

etc.

Comment 4

[Dana Keeler (she/her) (use needinfo) [:keeler] (on leave)]

Bug 1412438 disabled HPKP by default, so I don't think we'll address this.