SecurityEngineering/Public Key Pinning/Implementation Details: Difference between revisions

SecurityEngineering/Public Key Pinning/Implementation Details (view source)

Revision as of 23:33, 18 July 2014

1,437 bytes added , 18 July 2014

→‎Important Files

Dkeeler

Confirmed users

308

edits

@@ Line 3: / Line 3: @@
 === Important Files ===
-TODO
+{|
+|-
+| [https://mxr.mozilla.org/mozilla-central/source/security/manager/boot/src/StaticHPKPins.h security/manager/boot/src/StaticHPKPins.h]
+| The built-in preload list.
+|-
+| [https://mxr.mozilla.org/mozilla-central/source/security/manager/boot/src/StaticHPKPins.errors security/manager/boot/src/StaticHPKPins.errors]
+| A log of debugging information from the last time the preload list was generated.
+|-
+| [https://mxr.mozilla.org/mozilla-central/source/security/manager/tools/genHPKPStaticPins.js security/manager/tools/genHPKPStaticPins.js]
+| Generates the preload list.
+|-
+| [https://mxr.mozilla.org/mozilla-central/source/security/manager/tools/PreloadedHPKPins.json security/manager/tools/PreloadedHPKPins.json]
+| Mozilla-specific information used when generating the preload list.
+|-
+| [https://mxr.mozilla.org/mozilla-central/source/security/manager/boot/src/PublicKeyPinningService.cpp security/manager/boot/src/PublicKeyPinningService.cpp]
+| The core of the HPKP implementation.
+|-
+| [https://mxr.mozilla.org/mozilla-central/source/security/certverifier/NSSCertDBTrustDomain.cpp security/certverifier/NSSCertDBTrustDomain.cpp]
+| NSSCertDBTrustDomain::IsChainValid is where certificate verification (indirectly) calls into the PublicKeyPinningService.
+|-
+| [https://mxr.mozilla.org/mozilla-central/source/security/certverifier/CertVerifier.cpp security/certverifier/CertVerifier.cpp]
+| (See anything involving "chainValidation".)
+|}
 === Something is Broken, and we Think it's Pinning ===
 TODO