We need to implement a software integrity check of the softoken using DSA. Here is my proposal. 1. Write a tool that generates a DSA key pair and generates a signature. 2. During the build, we invoke the tool on the softoken after it is built. Store the public key and the signature in a file. Discard the private key. 3. Distribute the public key/signature file with the softoken. The public key/signature file must be installed in the same directory as the softoken. 4. The software integrity check of the softoken uses platform-dependent techniques to discover its installation directory. It then reads itself (as a file) and the public key/signature file to verify the signature.
Priority: -- → P1
Target Milestone: --- → 3.7
Version: 3.5 → 3.2.2
Moved to target milestone 3.8 because the original NSS 3.7 release has been renamed 3.8.
Target Milestone: 3.7 → 3.8
Created attachment 113076 [details] [diff] [review] Add freebl_GetLibraryFilePathname to libfreebl.a temporarily This patch adds freebl_GetLibraryFilePathname to libfreebl.a temporarily. The new function is defined in the new file mozilla/security/nss/lib/freebl/libpath.c and has the same semantics as the NSPR 4.3 function PR_GetLibraryFilePathname. This patch should be backed out when NSPR 4.3 is released.
Created attachment 113078 [details] [diff] [review] Add freebl_GetLibraryFilePathname to libfreebl.a temporarily, v2 Use __LP64__ instead of __LP64 on HP-UX.
Attachment #113076 - Attachment is obsolete: true
Created attachment 113658 [details] [diff] [review] Include the *.chk files in mdbinary.jar The *.chk files need to be included in our binary distributions.
I got this error once: ./Linux2.4_x86_glibc_PTH_DBG.OBJ/shlibsign -v -i ../../../../dist/Linux2.4_x86_g libc_PTH_DBG.OBJ/lib/libsoftokn3.so Generating DSA Key Pair....Generating PQG Params: An I/O error occurred during s ecurity authorization.
Created attachment 113696 [details] [diff] [review] Include the *.chk files in mdbinary.jar, v2 The previous patch doesn't work if mozilla/dist/$(OBJDIR)/lib/*.chk are not symbolic links. The changes to cmd/shlibsign/Makefile are good changes in general because they put all the configuration/assignments before the rules, which is the right order. The change to cmd/shlibsign/manifest.mn is what causes the *.chk files to be included in mdbinary.jar. It requires that CHECKLOC be defined before coreconf/rules.mk is included in Makefile, which is why I put the configuration/assignments and rules in the right order.
Attachment #113658 - Attachment is obsolete: true
Code is checked in and Running
Status: NEW → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.