# HG changeset patch
# User Kai Engert <kaie@kuix.de>
# Date 1666897160 -7200
# Thu Oct 27 20:59:20 2022 +0200
# Node ID af0b1f5e4c7710f824c6141103e516ca60bc78aa
# Parent adfbf6378df82c8b2e087427a48ddc5cbe13aadd
Bug 1791195 - Add RNP security rules to obsolete our patches to RNP. r=mkmelin,o.nickolay
diff --git a/comm/mail/extensions/openpgp/content/modules/RNP.jsm b/comm/mail/extensions/openpgp/content/modules/RNP.jsm
--- a/comm/mail/extensions/openpgp/content/modules/RNP.jsm
+++ b/comm/mail/extensions/openpgp/content/modules/RNP.jsm
@@ -1863,12 +1863,12 @@ var RNP = {
if (keyBlockStr.length > RNP.maxImportKeyBlockSize) {
throw new Error("rejecting big keyblock");
}
- let tempFFI = new RNPLib.rnp_ffi_t();
- if (RNPLib.rnp_ffi_create(tempFFI.address(), "GPG", "GPG")) {
+ let tempFFI = RNPLib.prepare_ffi();
+ if (!tempFFI) {
throw new Error("Couldn't initialize librnp.");
}
let pubKey;
if (!this.importToFFI(tempFFI, keyBlockStr, true, false, permissive)) {
@@ -1892,12 +1892,12 @@ var RNP = {
if (keyBlockStr.length > RNP.maxImportKeyBlockSize) {
throw new Error("rejecting big keyblock");
}
- let tempFFI = new RNPLib.rnp_ffi_t();
- if (RNPLib.rnp_ffi_create(tempFFI.address(), "GPG", "GPG")) {
+ let tempFFI = RNPLib.prepare_ffi();
+ if (!tempFFI) {
throw new Error("Couldn't initialize librnp.");
}
let keyList = null;
if (!this.importToFFI(tempFFI, keyBlockStr, pubkey, seckey, permissive)) {
@@ -1929,12 +1929,12 @@ var RNP = {
async mergePublicKeyBlocks(fingerprint, ...keyBlocks) {
if (keyBlocks.some(b => b.length > RNP.maxImportKeyBlockSize)) {
throw new Error("keyBlock too big");
}
- let tempFFI = new RNPLib.rnp_ffi_t();
- if (RNPLib.rnp_ffi_create(tempFFI.address(), "GPG", "GPG")) {
+ let tempFFI = RNPLib.prepare_ffi();
+ if (!tempFFI) {
throw new Error("Couldn't initialize librnp.");
}
const pubkey = true;
const seckey = false;
@@ -2067,12 +2067,12 @@ var RNP = {
let result = {};
result.exitCode = -1;
result.importedKeys = [];
result.errorMsg = "";
- let tempFFI = new RNPLib.rnp_ffi_t();
- if (RNPLib.rnp_ffi_create(tempFFI.address(), "GPG", "GPG")) {
+ let tempFFI = RNPLib.prepare_ffi();
+ if (!tempFFI) {
throw new Error("Couldn't initialize librnp.");
}
// TODO: check result
if (this.importToFFI(tempFFI, keyBlockStr, pubkey, seckey, permissive)) {
@@ -3115,12 +3115,12 @@ var RNP = {
*
*/
export_pubkey_strip_sigs_uids(expKey, keepUserIDs, out_binary) {
let expKeyId = this.getKeyIDFromHandle(expKey);
- let tempFFI = new RNPLib.rnp_ffi_t();
- if (RNPLib.rnp_ffi_create(tempFFI.address(), "GPG", "GPG")) {
+ let tempFFI = RNPLib.prepare_ffi();
+ if (!tempFFI) {
throw new Error("Couldn't initialize librnp.");
}
let exportFlags =
RNPLib.RNP_KEY_EXPORT_SUBKEYS | RNPLib.RNP_KEY_EXPORT_PUBLIC;
@@ -3399,12 +3399,12 @@ var RNP = {
))
) {
throw new Error("rnp_output_to_armor failed:" + rv);
}
- let tempFFI = new RNPLib.rnp_ffi_t();
- if (RNPLib.rnp_ffi_create(tempFFI.address(), "GPG", "GPG")) {
+ let tempFFI = RNPLib.prepare_ffi();
+ if (!tempFFI) {
throw new Error("Couldn't initialize librnp.");
}
let internalPassword = await OpenPGPMasterpass.retrieveOpenPGPPassword();
diff --git a/comm/mail/extensions/openpgp/content/modules/RNPLib.jsm b/mail/extensions/openpgp/content/modules/RNPLib/comm.jsm
--- a/comm/mail/extensions/openpgp/content/modules/RNPLib.jsm
+++ b/comm/mail/extensions/openpgp/content/modules/RNPLib.jsm
@@ -13,11 +13,11 @@ XPCOMUtils.defineLazyModuleGetters(this,
OpenPGPMasterpass: "chrome://openpgp/content/modules/masterpass.jsm",
Services: "resource://gre/modules/Services.jsm",
setTimeout: "resource://gre/modules/Timer.jsm",
});
-const MIN_RNP_VERSION = [0, 16, 0];
+const MIN_RNP_VERSION = [0, 16, 2];
var systemOS = Services.appinfo.OS.toLowerCase();
var abi = ctypes.default_abi;
// Open librnp. Determine the path to the chrome directory and look for it
@@ -149,10 +149,12 @@ function enableRNPLibJS() {
// this must be delayed until after "librnp" is initialized
RNPLib = {
path: librnpPath,
+ // Handle to the RNP library and primary key data store.
+ // Kept at null if init fails.
ffi: null,
// returns rnp_input_t, destroy using rnp_input_destroy
async createInputFromPath(path) {
// IOUtils.read always returns an array.
@@ -265,13 +267,204 @@ function enableRNPLibJS() {
const min_version = this.rnp_version_for(...MIN_RNP_VERSION);
const this_version = this.rnp_version();
return Boolean(this_version >= min_version);
},
+ /**
+ * Prepare an RNP library handle, and in addition set all the
+ * application's preferences for library behavior.
+ *
+ * Other application code should NOT call rnp_ffi_create directly,
+ * but obtain an RNP library handle from this function.
+ */
+ prepare_ffi() {
+ let ffi = new rnp_ffi_t();
+ if (this._rnp_ffi_create(ffi.address(), "GPG", "GPG")) {
+ return null;
+ }
+
+ // Treat MD5 as insecure.
+ if (
+ this.rnp_add_security_rule(
+ ffi,
+ this.RNP_FEATURE_HASH_ALG,
+ this.RNP_ALGNAME_MD5,
+ this.RNP_SECURITY_OVERRIDE,
+ 0,
+ this.RNP_SECURITY_INSECURE
+ )
+ ) {
+ return null;
+ }
+
+ // Use RNP's default rule for SHA1 used with data signatures,
+ // and use our override to allow it for key signatures.
+ if (
+ this.rnp_add_security_rule(
+ ffi,
+ this.RNP_FEATURE_HASH_ALG,
+ this.RNP_ALGNAME_SHA1,
+ this.RNP_SECURITY_VERIFY_KEY | this.RNP_SECURITY_OVERRIDE,
+ 0,
+ this.RNP_SECURITY_DEFAULT
+ )
+ ) {
+ return null;
+ }
+
+ /*
+ // Security rules API does not yet support PK and SYMM algs.
+ //
+ // If a hash algorithm is already disabled at build time,
+ // and an attempt is made to set a security rule for that
+ // algorithm, then RNP returns a failure.
+ //
+ // Ideally, RNP should allow these calls (regardless of build time
+ // settings) to define an application security rule, that is
+ // independent of the configuration used for building the
+ // RNP library.
+
+ if (
+ this.rnp_add_security_rule(
+ ffi,
+ this.RNP_FEATURE_HASH_ALG,
+ this.RNP_ALGNAME_SM3,
+ this.RNP_SECURITY_OVERRIDE,
+ 0,
+ this.RNP_SECURITY_PROHIBITED
+ )
+ ) {
+ return null;
+ }
+
+ if (
+ this.rnp_add_security_rule(
+ ffi,
+ this.RNP_FEATURE_PK_ALG,
+ this.RNP_ALGNAME_SM2,
+ this.RNP_SECURITY_OVERRIDE,
+ 0,
+ this.RNP_SECURITY_PROHIBITED
+ )
+ ) {
+ return null;
+ }
+
+ if (
+ this.rnp_add_security_rule(
+ ffi,
+ this.RNP_FEATURE_SYMM_ALG,
+ this.RNP_ALGNAME_SM4,
+ this.RNP_SECURITY_OVERRIDE,
+ 0,
+ this.RNP_SECURITY_PROHIBITED
+ )
+ ) {
+ return null;
+ }
+ */
+
+ return ffi;
+ },
+
+ /**
+ * Test the correctness of security rules, in particular, test
+ * if the given hash algorithm is allowed at the given time.
+ *
+ * This is an application consistency test. If the behavior isn't
+ * according to the expectation, the function throws an error.
+ *
+ * @param {string} hashAlg - Test this hash algorithm
+ * @param {time_t} time - Test status at this timestamp
+ * @param {boolean} keySigAllowed - Test if using the hash algorithm
+ * is allowed for signatures found inside OpenPGP keys.
+ * @param {boolean} dataSigAllowed - Test if using the hash algorithm
+ * is allowed for signatures on data.
+ */
+ _confirmSecurityRule(hashAlg, time, keySigAllowed, dataSigAllowed) {
+ let level = new ctypes.uint32_t();
+ let flag = new ctypes.uint32_t();
+
+ flag.value = this.RNP_SECURITY_VERIFY_DATA;
+ let testDataSuccess = false;
+ if (
+ !RNPLib.rnp_get_security_rule(
+ this.ffi,
+ this.RNP_FEATURE_HASH_ALG,
+ hashAlg,
+ time,
+ flag.address(),
+ null,
+ level.address()
+ )
+ ) {
+ if (dataSigAllowed) {
+ testDataSuccess = level.value == RNPLib.RNP_SECURITY_DEFAULT;
+ } else {
+ testDataSuccess = level.value < RNPLib.RNP_SECURITY_DEFAULT;
+ }
+ }
+
+ if (!testDataSuccess) {
+ throw new Error("security configuration for data signatures failed");
+ }
+
+ flag.value = this.RNP_SECURITY_VERIFY_KEY;
+ let testKeySuccess = false;
+ if (
+ !RNPLib.rnp_get_security_rule(
+ this.ffi,
+ this.RNP_FEATURE_HASH_ALG,
+ hashAlg,
+ time,
+ flag.address(),
+ null,
+ level.address()
+ )
+ ) {
+ if (keySigAllowed) {
+ testKeySuccess = level.value == RNPLib.RNP_SECURITY_DEFAULT;
+ } else {
+ testKeySuccess = level.value < RNPLib.RNP_SECURITY_DEFAULT;
+ }
+ }
+
+ if (!testKeySuccess) {
+ throw new Error("security configuration for key signatures failed");
+ }
+ },
+
+ /**
+ * Perform tests that the RNP library behaves according to the
+ * defined security rules.
+ * If a problem is found, the function throws an error.
+ */
+ _sanityCheckSecurityRules() {
+ let time_t_now = Math.round(Date.now() / 1000);
+ let ten_years_in_seconds = 10 * 365 * 24 * 60 * 60;
+ let ten_years_future = time_t_now + ten_years_in_seconds;
+
+ this._confirmSecurityRule(this.RNP_ALGNAME_MD5, time_t_now, false, false);
+ this._confirmSecurityRule(
+ this.RNP_ALGNAME_MD5,
+ ten_years_future,
+ false,
+ false
+ );
+
+ this._confirmSecurityRule(this.RNP_ALGNAME_SHA1, time_t_now, true, false);
+ this._confirmSecurityRule(
+ this.RNP_ALGNAME_SHA1,
+ ten_years_future,
+ true,
+ false
+ );
+ },
+
async init() {
- this.ffi = new rnp_ffi_t();
- if (this.rnp_ffi_create(this.ffi.address(), "GPG", "GPG")) {
+ this.ffi = this.prepare_ffi();
+ if (!this.ffi) {
throw new Error("Couldn't initialize librnp.");
}
this.rnp_ffi_set_log_fd(this.ffi, 2); // stderr
@@ -286,10 +479,18 @@ function enableRNPLibJS() {
null
);
let { pubRingPath, secRingPath } = this.getFilenames();
+ try {
+ this._sanityCheckSecurityRules();
+ } catch (e) {
+ // Disable all RNP operation
+ this.ffi = null;
+ throw e;
+ }
+
await this.loadWithFallback(pubRingPath, this.RNP_LOAD_SAVE_PUBLIC_KEYS);
await this.loadWithFallback(secRingPath, this.RNP_LOAD_SAVE_SECRET_KEYS);
let pubnum = new ctypes.size_t();
this.rnp_get_public_key_count(this.ffi, pubnum.address());
@@ -481,10 +682,14 @@ function enableRNPLibJS() {
* @param {string} path - The file path to save to.
* @param {number} keyRingFlag - RNP_LOAD_SAVE_PUBLIC_KEYS or
* RNP_LOAD_SAVE_SECRET_KEYS.
*/
async saveKeyRing(path, keyRingFlag) {
+ if (!this.ffi) {
+ return;
+ }
+
let oldPath = path + ".old";
// Ignore failure, oldPath might not exist yet.
await IOUtils.copy(path, oldPath).catch(() => {});
@@ -540,10 +745,13 @@ function enableRNPLibJS() {
tmpPath: path + ".tmp-new",
});
},
async saveKeys() {
+ if (!this.ffi) {
+ return;
+ }
let { pubRingPath, secRingPath } = this.getFilenames();
let saveThem = async () => {
await this.saveKeyRing(pubRingPath, this.RNP_LOAD_SAVE_PUBLIC_KEYS);
await this.saveKeyRing(secRingPath, this.RNP_LOAD_SAVE_SECRET_KEYS);
@@ -600,11 +808,13 @@ function enableRNPLibJS() {
abi,
ctypes.char.ptr
),
// Get a RNP library handle.
- rnp_ffi_create: librnp.declare(
+ // Mark with leading underscore, to clarify that this function
+ // shouldn't be called directly - you should call prepare_ffi().
+ _rnp_ffi_create: librnp.declare(
"rnp_ffi_create",
abi,
rnp_result_t,
rnp_ffi_t.ptr,
ctypes.char.ptr,
@@ -1713,10 +1923,22 @@ function enableRNPLibJS() {
ctypes.uint32_t.ptr,
ctypes.uint64_t.ptr,
ctypes.uint32_t.ptr
),
+ rnp_add_security_rule: librnp.declare(
+ "rnp_add_security_rule",
+ abi,
+ rnp_result_t,
+ rnp_ffi_t,
+ ctypes.char.ptr,
+ ctypes.char.ptr,
+ ctypes.uint32_t,
+ ctypes.uint64_t,
+ ctypes.uint32_t
+ ),
+
rnp_result_t,
rnp_ffi_t,
rnp_password_cb_t,
rnp_input_t,
rnp_output_t,
@@ -1748,11 +1970,26 @@ function enableRNPLibJS() {
RNP_KEY_SIGNATURE_NON_SELF_SIG: 4,
RNP_SUCCESS: 0x00000000,
+ RNP_FEATURE_SYMM_ALG: "symmetric algorithm",
RNP_FEATURE_HASH_ALG: "hash algorithm",
+ RNP_FEATURE_PK_ALG: "public key algorithm",
+ RNP_ALGNAME_MD5: "MD5",
+ RNP_ALGNAME_SHA1: "SHA1",
+ RNP_ALGNAME_SM2: "SM2",
+ RNP_ALGNAME_SM3: "SM3",
+ RNP_ALGNAME_SM4: "SM4",
+
+ RNP_SECURITY_OVERRIDE: 1,
+ RNP_SECURITY_VERIFY_KEY: 2,
+ RNP_SECURITY_VERIFY_DATA: 4,
+ RNP_SECURITY_REMOVE_ALL: 65536,
+
+ RNP_SECURITY_PROHIBITED: 0,
+ RNP_SECURITY_INSECURE: 1,
RNP_SECURITY_DEFAULT: 2,
/* Common error codes */
RNP_ERROR_GENERIC: 0x10000000, // 268435456
RNP_ERROR_BAD_FORMAT: 0x10000001, // 268435457