Open Bug 1682613 Opened 3 years ago Updated 22 days ago

Move Add-ons to SHA-256 Signatures and disable SHA-1 Signatures for Add-ons

Categories

(Toolkit :: Add-ons Manager, defect, P3)

Product:
Toolkit
Component:
Add-ons Manager
Type:
defect

Tracking

()

Tracking Flags:
Tracking Status
firefox94 --- affected

People

(Reporter: kathleen.a.wilson, Unassigned, NeedInfo)

References

(Depends on 1 open bug)

Details

Attachments

(1 file)

Bug 1682613 ensure addon manager works with sha1 disabled
48 bytes, text/x-phabricator-request
Details | Review

From RedHat:
Add-ons are using SHA-1 Signatures.
This is causing a problem with our attempt to disable all sha-1 signature in Fedora and RHEL. Is there a plan to move add-ons off SHA-1?

This might fit better here - not 100% sure though.

Component: System Add-ons: Off-train Deployment → Operations: Marketplace
Product: Firefox → Cloud Services
QA Contact: operations-mkt

Moving to AMO, and probably a better place later.

There's the redhat bug with more details https://bugzilla.redhat.com/show_bug.cgi?id=1908018

Shane want's a ni?

Component: Operations: Marketplace → Add-ons Manager
Flags: needinfo?(mixedpuppy)
Product: Cloud Services → Toolkit
QA Contact: operations-mkt

:hkario, can you help point me to whatever patch Redhat is using to disable sha1? I'd like to test against that.

As a side note, is Redhat disabling all sha1? There are a lot of code paths using sha1 for various things, I'd be surprised if addon install is the only thing broken.

Flags: needinfo?(mixedpuppy) → needinfo?(hkario)

A WIP to test the addon manager and other extension functionality when sha1 is disabled. This does include at least one incompatibility in the identity api.

Assignee: nobody → mixedpuppy
Severity: -- → S3
Priority: -- → P3

The code for disabling SHA-1 in signatures in general is something Bob was working on, I don't know how it looks like.

Flags: needinfo?(hkario) → needinfo?(rrelyea)

I can try to give some context here, but mostly on the TLS side of things.

Yes, Red Hat intends to disable all SHA-1 usage eventually, with SHA-1 signatures being our first priority.
As described in https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2,
most of SHA-1 TLS usage is already disabled in Fedora 33 by default
(with HMAC usage being a notable exception)
using a system-wide configuration mechanism named 'crypto-policies'.
This is the nss config for a Fedora 33 system with a DEFAULT policy.
https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/blob/b21c8114995e07965c2ccde5f5767d0618d854bf/tests/outputs/DEFAULT-nss.txt

As you have said, SHA-1 is used for more than just that, so we'd like to identify the other usages as well.
I presume that SHA-1 signatures in addons is one that comes with
both high risk to the users and high migration planning costs,
and I can just hope the rest of them would be more trivial.

Take the latest firefox with NSS >= 3.59.
go to your firefox profile and edit pkcs11.txt
Add the following to the end of the paragraph with name=NSS Internal PKCS #11 Module
config="disallow=sha1"

Make sure there's no blank line between config and the NSS=, the result should look something like this:

library=
name=NSS Internal PKCS #11 Module
parameters="configdir='/rrelyea.local/firefox/Profiles/LocalUser' certPrefix=''
keyPrefix='' secmod='secmod.db' flags=optimizeSpace manufacturerID='Mozilla.org
' libraryDescription='PSM Internal Crypto Services' cryptoTokenDescription='Gene
ric Crypto Services' dbTokenDescription='Software Security Device' cryptoSlotDes
cription='PSM Internal Cryptographic Services' dbSlotDescription='PSM Private Ke
ys' FIPSSlotDescription='PSM Internal FIPS-140-1 Cryptographic Services' FIPSTok
enDescription='PSM FIPS-140-1 User Private Key Services' minPS=0"
NSS=trustOrder=75 cipherOrder=100 slotParams={0x00000001=[slotFlags=RSA,RC4,RC2,
DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,RANDOM askpw=any timeout=30 ] } Flags=
internal,critical
config="disallow=sha1"

It's not all sha1 usage, it's all sha1 usage in signatures that we've disabled (and in tls). Before 3.59 nss could only disable sha1 usage in certificate signatures and tls.

Flags: needinfo?(rrelyea)
status-firefox94: --- → affected
Flags: needinfo?(dveditz)

All my addons have been disabled today because I have added
config="disallow=SHA1:RSA:DHE-RSA:HMAC-SHA1:HMAC-SHA256:HMAC-SHA384:AES128-CBC:AES256-CBC"
to ~/.mozilla/firefox/<profile>/pkcs11.txt to disable RSA/SHA1 TLS handshake signatures (bug 1600449,bug 1600437) and other legacy stuff.

Changing security.signed_app_signatures.policy from 2 (0b_01_0) to 7 (0b_11_1), 5 (0b_10_1) or 3 (0b_01_1), deleting app.update.lastUpdateTime.xpi-signature-verification, restarting Firefox and wating didn't work.
xpinstall.signatures.required=false would work in Nightly but is bad.

Please remove RSA/SHA1 and sign with future-proof ECDSA P-384/SHA384: https://github.com/mozilla/addons-server/blob/f73f923058200520d135d8915f87c4d4478e1c26/src/olympia/lib/crypto/signing.py#L130-L131

Assignee: mixedpuppy → nobody
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: