pinning implementation doesn't handle long HPKP headers

NEW
Unassigned

Status

()

Core
Security: PSM
P3
normal
2 years ago
a month ago

People

(Reporter: Adm Selec, Unassigned)

Tracking

(Blocks: 1 bug)

39 Branch
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [psm-backlog])

(Reporter)

Description

2 years ago
User Agent: Mozilla/5.0 (Windows NT 6.1; rv:39.0) Gecko/20100101 Firefox/39.0
Build ID: 20150630154324

Steps to reproduce:

1. Visit https://rc4.io
2. Try to open https://pinningtest.rc4.io


Actual results:

The site loads successfully.


Expected results:

An error occurred during a connection to pinningtest.rc4.io. The server uses key pinning (HPKP) but no trusted certificate chain could be constructed that matches the pinset. Key pinning violations cannot be overridden. (Error code: mozilla_pkix_error_key_pinning_failure)

Updated

2 years ago
Blocks: 787133

Updated

2 years ago
Component: Untriaged → Security: PSM
Product: Firefox → Core
The backend restricts the storage space it uses for the security state of any given site. rc4.io sends a long header ('pin-sha256="OIfOyh0t3fDi9OhthcB1tvG2x9hlSKJS6F6nDTfU06M="; pin-sha256="zYVmN2SmJk5Jo4hrJOEK4/43KzCS9Ne5fYuE4kzok2E="; pin-sha256="JsIzHjL+GzNoPLg9bMVah1pacOfntk2CrPl0BkBttkc="; pin-sha256="GbG532k8WC6OZpnjU6ONwKMr3LhSdjk6ZhwEsVHhgBE="; pin-sha256="CG/qev4gAXd3Mscc8VuS3w3hlYguKTxecz23YeD9pZA="; pin-sha256="MfFdEhtHwkisVDkQ9u9I4nKEEENqM0dagSAgQLD1zkQ="; pin-sha256="oYxDc4K35fcrLT8YPLKxG5wrc6e0os7gA8nr+lyQmzw="; pin-sha256="rZS5JHWhAMExpWG8KOZTGnufu4EVcjak6yBRqa6S6zA="; pin-sha256="rMxCv8znPWVu3nxjMxBUSqtbCYOGPVt/EQUG+kRoZzQ="; pin-sha256="J61DGT429L+x0XpXOY1gyYFSJ+fNMqOCgNYLkfb3leQ="; pin-sha256="yT0iaiK9uCqkAso/o1VR/qufhfcWf4aGkYdFTsYHorg="; pin-sha256="Fb6w3IAZsJFTRw0HvHiN4/OzDn+xNRF2/z06QfE0Kks="; pin-sha256="J/jnM3XWHJzBMrEMRm//Rd8RsMGm1G8lJynobIa/Z1g="; pin-sha256="NR0kHztPF2eRaYUHMUo4w8f/sSZHhAgeAHCUUGRuJHc="; pin-sha256="Y9GTsbjJn5VI4jhRZUpDvOTzyFfjpE9n01eE7wH1KTs="; pin-sha256="fYM6N/aqq6/gR2jrhGZuIhAVSH8B0VGy9TOumsusQz8="; pin-sha256="G96s8LDMdcDxOtAalXFsdzuXzDu8CsWrY8tqVnP5wjk="; pin-sha256="s0ByagdvLeURr/2dw51QiVRcEPBbK5NG8D1L0VizdkA="; pin-sha256="vOex9s62XXETm1G2Jh6MBW2fIYuxabhtStWP8A6r8rc="; pin-sha256="2w1DMHVJ2ACkz/GUfyqu3t6BlYFlQs5FMa4x09Tnxos="; pin-sha256="uMruvOi/OsLREG7/Tux/tUNzBawpINObj3V9mKFZnXA="; pin-sha256="XLWA0Hz3PhkDxqwo2OW2N54vOnqz154D2GjRKqfnjCw="; pin-sha256="lYYwQWCPLBycXNKrLKmQbdK7dCsFYFczm8YVFJj+EDk="; pin-sha256="o8UgXnsXRH/UZ9S/DKM01BKByPSPOsTQvBhIUF2QdbE="; pin-sha256="LzXpUII8GYYSZDVe2L0OrSEyl6c79AySVI66z38PL1o="; pin-sha256="5JGS5KldZw+8BBHhVGNmu+dpizZHjbfNiXkqnlHk1+4="; pin-sha256="f0JcQ/dVRUgRY2S5FbayzDbfV2lrUXGn8p7eyoX75iM="; max-age=630720000; includeSubDomains; report-uri="https://report-uri.io/report/735cf8694efb3cb261f511e8c34ffdd2"') which it fails to store. Maybe we should up the limit. We should certainly be more clear in the error message to the console (see bug 1124649).
Summary: HPKP includeSubDomains doesn't work → pinning implementation doesn't handle long HPKP headers
Morgan, this is the bug I was talking about. Here's the specific check that is failing:

https://hg.mozilla.org/mozilla-central/file/2ddec2dedced/security/manager/ssl/DataStorage.cpp#l240

We can increase that limit, but it would be nice to also do something that will decrease the size of the data we're storing. One option would be to just gzip the file, but since the thing that will make it large is long lists of sha-256 hashes, we probably won't get great compression out of that. Another option would be to convert the file from text to binary. That is, currently we write out the representation of whatever data/metadata we're storing as human-readable text. We could significantly reduce the file size by using some binary format instead (maybe protobuf?).

Other files you'll have to have a look at:

https://dxr.mozilla.org/mozilla-central/source/security/manager/ssl/nsSiteSecurityService.cpp
https://dxr.mozilla.org/mozilla-central/source/security/manager/ssl/tests/unit/test_sss_readstate_huge.js
https://dxr.mozilla.org/mozilla-central/source/security/manager/ssl/tests/unit/test_sss_savestate.js

etc.

Updated

2 years ago
Status: UNCONFIRMED → NEW
Ever confirmed: true
Whiteboard: [psm-backlog]

Updated

a year ago
Blocks: 1091176
Duplicate of this bug: 1395957
Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.