Closed
Bug 1112487
Opened 10 years ago
Closed 10 years ago
The signing certificates with key usage only non-repudiation is taken as invalid for signing
Categories
(Core :: Security: PSM, defect)
Tracking
()
RESOLVED
FIXED
mozilla37
People
(Reporter: toomas.nurmoja, Assigned: mozbgz)
Details
(Keywords: regression)
Attachments
(2 files)
|
1.62 KB,
patch
|
keeler
:
review+
|
Details | Diff | Splinter Review |
|
4.18 KB,
application/zip
|
Details |
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:34.0) Gecko/20100101 Firefox/34.0 Build ID: 20141127110442 Steps to reproduce: 1. Import signing certificate (key usage: only non-repudiation) to Thunderbird certificate manager. 2. set the signing certificate to the imported certificate 3. sign with certificate and send the message. Actual results: For the received singed message Thunderbird claims that: "The received message has signature, but the signature is invalid" "The certificate used to sign the message was issued by a certificate authority that you do not trust for issuing this kind of certificate." Expected results: Thunderbird should inform that "message is signed" and "includes a valid signature". If the signing certificate has in key usage field in addition to non-repudiation the digital signature usage, then message "includes a valid signature". According the RFC5820: "The digitalSignature bit is asserted when the subject public key is used for verifying digital signatures, other than signatures on certificates (bit 5) and CRLs (bit 6), such as those used in an entity authentication service, a data origin authentication service, and/or an integrity service. The nonRepudiation bit is asserted when the subject public key is used to verify digital signatures, other than signatures on certificates (bit 5) and CRLs (bit 6), used to provide a non-repudiation service that protects against the signing entity falsely denying some action." Not to trust the certificates with only non-repudiation key usage field is not correct way.
(In reply to Toomas Nurmoja from comment #0) > Not to trust the certificates with only non-repudiation key usage field is > not correct way. It's usually better to only describe the issue rather than trying to diagnose/guess the cause, unless you've really looked at the underlying code. NSS (and Thunderbird, therefore) will gladly accept a nonRepudiation-(aka contentCommitment)-KU-extension-only certficate for S/MIME message signing, cf. https://hg.mozilla.org/projects/nss/annotate/05473539d2c3/lib/certdb/certdb.c#l1179 and bug 217721 comment 16 ff. The cause of your issue must be different one, though the current PSM code makes it fairly difficult to figure out what the real verification error is, unfortunately - quite a few of these cases are collapsed into "SIUntrustedCA" (as mentioned in bug 336599 comment 30), see https://hg.mozilla.org/comm-central/file/d655acbc5efe/mailnews/extensions/smime/content/msgReadSecurityInfo.js#l95 (Also, note that without having a test message [.eml file] attached to this bug which allows reproducing the problem it's virtually impossible to further track this down.)
(In reply to Kaspar Brand from comment #1) > The cause of your issue must be different one Wait... seems that your guess was probably right, when considering Tb 31 or later - as a consequence of bug 915930: I didn't realize that PSM completely abandoned NSS in favor of mozilla::pkix for certificate validation, even for S/MIME (I was under the impression that mozilla::pkix was targeted at SSL/TLS only). The current implementation in CertVerifier.cpp indeed only supports the digitalSignature KU for email signing. I'm going to attach a patch which adds support for a nonRepudiation-only KU cert for the certificateUsageEmailSigner case.
Status: UNCONFIRMED → NEW
Component: Security → Security: PSM
Ever confirmed: true
OS: Linux → All
Product: Thunderbird → Core
Hardware: x86_64 → All
Version: 36 → 31 Branch
David, are you ok with restoring the certUsageEmailSigner case from NSS (and CERT_VerifyCertificate) in CertVerifier (see also comment 1 above)?
Flags: needinfo?(dkeeler)
Attachment #8538283 -
Flags: review?(dkeeler)
|
Reporter | |
Comment 4•10 years ago
|
||
(In reply to Kaspar Brand from comment #3) > Created attachment 8538283 [details] [diff] [review] > Also accept nonRepudiation only keyUsage extension for message signing Thank you ! This patch will help me a lot.
|
||
Updated•10 years ago
|
Assignee: nobody → mozbugzilla
Status: NEW → ASSIGNED
Comment on attachment 8538283 [details] [diff] [review] Also accept nonRepudiation only keyUsage extension for message signing Review of attachment 8538283 [details] [diff] [review]: ----------------------------------------------------------------- This seems reasonable, but please do a try build and ensure that this fixes the problem before checking it in.
Attachment #8538283 -
Flags: review?(dkeeler) → review+
|
||
Updated•10 years ago
|
Flags: needinfo?(dkeeler)
(In reply to David Keeler (:keeler) [use needinfo?] from comment #5) > This seems reasonable, but please do a try build and ensure that this fixes > the problem before checking it in. I neither have tryserver nor commit privileges, but I did build Tb with this patch applied and verified that a message signed with a non-repudiation-KU-only cert again successfully verifies. (Note that for Tb 31.3.0, there's still the option to temporarily disable security.use_mozillapkix_verification, which will make verification succeed again - that's what originally helped me in tracking down the issue). If someone else submits a try build, this would allow the reporter to re-test, I assume (Toomas: are you able to attach a sample message, in any case?).
|
|
Reporter | |
Comment 7•10 years ago
|
||
> If someone else submits a try build, this would allow the reporter to
> re-test, I assume (Toomas: are you able to attach a sample message, in any
> case?).
Yes, I created in test environment a sample message. I attach it with CA certificate.
Toomas(In reply to Toomas Nurmoja from comment #7) > Yes, I created in test environment a sample message. I attach it with CA > certificate. Thanks. I can confirm that applying the patch from attachment 8538283 [details] [diff] [review] does fix the issue - verification of the message signed by the "User 1" certificate (with a nonRepudiation-only KU extension) succeeds again. Adding the checkin-needed keyword.
Keywords: checkin-needed
|
||
Comment 9•10 years ago
|
||
can we get a try run link here thanks!
Flags: needinfo?(mozbugzilla)
Keywords: checkin-needed
|
Assignee | |
Comment 10•10 years ago
|
||
(In reply to Carsten Book [:Tomcat] from comment #9) > can we get a try run link here thanks! Magnus, would you be willing to submit a tryserver build for me? Seems that otherwise we can't proceed with fixing this bug (a regression introduced with Tb 31, actually).
Flags: needinfo?(mozbugzilla) → needinfo?(mkmelin+mozilla)
Keywords: regression
|
|
||
Comment 11•10 years ago
|
||
Sure, here you go - https://treeherder.mozilla.org/ui/#/jobs?repo=try&revision=1e69ec931de3
Flags: needinfo?(mkmelin+mozilla)
|
|
Assignee | |
Comment 12•10 years ago
|
||
(In reply to Magnus Melin from comment #11) > Sure, here you go - > https://treeherder.mozilla.org/ui/#/jobs?repo=try&revision=1e69ec931de3 Thanks. Looking at other runs from these days, "533 success 2 failed 5 busted 0 exception 11 retry" seems like the expected outcome for a mozilla-central build these days (or more specifically, the failures can't be attributed to the changes introduced with this patch). Re-adding the checkin-needed keyword.
Keywords: checkin-needed
|
||
Comment 13•10 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/f1ba8432414d
Keywords: checkin-needed
|
|
||
Comment 14•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/f1ba8432414d
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla37
You need to log in
before you can comment on or make changes to this bug.
Description
•