Closed
Bug 1421413
Opened 7 years ago
Closed 7 years ago
add a preference to control the accepted signature algorithms for add-ons
Categories
(Core :: Security: PSM, enhancement, P1)
Core
Security: PSM
Tracking
()
VERIFIED
FIXED
mozilla59
Tracking | Status | |
---|---|---|
firefox59 | --- | verified |
People
(Reporter: keeler, Assigned: keeler)
References
Details
(Whiteboard: [psm-assigned])
Attachments
(3 files)
For the great add-on signature changening, we'll eventually need a preference we can use to enable/disable COSE signature checking. In the meantime, it would also be useful to have a way to easily disable SHA-1 in add-on signatures (i.e. in the old PKCS#7 format). We can add an integer preference to control this policy.
Comment hidden (mozreview-request) |
Comment 2•7 years ago
|
||
mozreview-review |
Comment on attachment 8932630 [details] bug 1421413 - add a preference to control which add-on signature algorithms are valid https://reviewboard.mozilla.org/r/203682/#review209204 ::: security/manager/ssl/tests/unit/test_signed_apps.js:329 (Diff revision 1) > Cr.NS_ERROR_SIGNED_JAR_UNSIGNED_ENTRY)); > }); > > +add_test(function setPrefToDisableSHA1() { > + // Setting this to 1 means only PKCS#7 with SHA-256 is accepted. > + Services.prefs.setIntPref("security.signed_app_signatures.policy", 1); Nit: Seems fragile to do it this way; why not push the pref for each test?
Attachment #8932630 -
Flags: review?(jjones) → review+
Comment hidden (mozreview-request) |
Assignee | ||
Comment 4•7 years ago
|
||
Thanks! Here's try: https://treeherder.mozilla.org/#/jobs?repo=try&revision=bb559992cf2d
Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/e0293c32f167 add a preference to control which add-on signature algorithms are valid r=jcj
Comment 6•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/e0293c32f167
Status: NEW → RESOLVED
Closed: 7 years ago
status-firefox59:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla59
This issue is verified as fixed on Firefox 59.0a1(20180112100121) under Wind 7 64-bit and Mac OS X 10.13. The preference is displayed in about:config as security.signed_app_signatures.policy with the default value 2. (please see the attached screenshot) Modifying the value to “0”, Firefox will accept SHA1 or SHA256 signatures. Modifying the value to “1”, Firefox will accept only SHA256 signatures. Please see the attached video.
Status: RESOLVED → VERIFIED
Comment 8•6 years ago
|
||
With bug 1403844 the preference security.signed_app_signatures.policy changed [1]. The meaning of 0 and 1 remains the same but as you noted the default is 2 now (it is interpreted as binary 0b10). So it would be good to test the default too, which should behave the same as "0", as well as 0b11 = "3", which should be behave the same as "1". [1] https://searchfox.org/mozilla-central/rev/7476b71e0010ab3277b77cc0ae4d998c4b1d2b64/security/manager/ssl/security-prefs.js#81
Flags: needinfo?(cosmin.badescu)
I can confirm that: With the default value “2”, Firefox will accept SHA1 or SHA256. Modifying the value to “3”, Firefox will accept only SHA256. Thanks for the help! I also noticed that if you introduce a random number, for example “72” it will work as the default value “2” or if you use “83” it will work as the value “3”. Is this expected? Please see the attached videos.
Flags: needinfo?(cosmin.badescu) → needinfo?(franziskuskiefer)
Comment 10•6 years ago
|
||
> I also noticed that if you introduce a random number, for example “72” it will work as the default value “2” or if you use “83” it will work as the value “3”.
Yes this is expected. 72 = 0b1001000 is interpreted as 0b000, which says COSE disabled, ignore files, PKCS#7 must verify with SHA-1 and/or SHA-256 PKCS#7 allowed. 83 = 0b1010011 is interpreted as 0b011, which says COSE is verified if present, PKCS#7 must verify with SHA-256 PKCS#7 allowed.
Flags: needinfo?(franziskuskiefer)
You need to log in
before you can comment on or make changes to this bug.
Description
•