[tor-bugs] #29614 [Applications/Tor Browser]: Use SHA-256 algorithm for Windows timestamping
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu May 7 20:51:01 UTC 2020
#29614: Use SHA-256 algorithm for Windows timestamping
-------------------------------------------------+-------------------------
Reporter: gk | Owner: gk
Type: defect | Status:
| needs_review
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-sign, tbb-security, tbb-8.5, | Actual Points:
GeorgKoppen202004, TorBrowserTeam202004R |
Parent ID: #33168 | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by sysrqb):
Okay, we're making progress on this. After misreading comment:17, gk
walked me through the details of this process.
For comparison, when using Authenticode Timestamping (with SHA-1),
`osslsigncode verify` output something like:
`$ osslsigncode verify torbrowser-install-win64-9.5a12_cs.exe`
{{{
Signature verification: ok
Number of signers: 1
Signer #0:
Subject: /businessCategory=Private
Organization/jurisdictionC=US/jurisdictionST=Washington/serialNumber=39070/street=#203/street=80
S Washington St/postalCode=98104/C=US/ST=Washington/L=Seattle/O=The Tor
Project, Inc./CN=The Tor Project, Inc.
Issuer : /C=US/O=DigiCert
Inc/OU=www.digicert.com/CN=DigiCert EV Code Signing CA (SHA2)
Serial : 0F622EF31D0F1EF94E520DBD7A43E58C
Number of certificates: 4
Cert #0:
Subject: /C=US/O=DigiCert
Inc/OU=www.digicert.com/CN=DigiCert EV Code Signing CA (SHA2)
Issuer : /C=US/O=DigiCert
Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
Serial : 03F1B4E15F3A82F1149678B3D7D8475C
------------------
Cert #1:
Subject: /businessCategory=Private
Organization/jurisdictionC=US/jurisdictionST=Washington/serialNumber=39070/street=#203/street=80
S Washington St/postalCode=98104/C=US/ST=Washington/L=Seattle/O=The Tor
Project, Inc./CN=The Tor Project, Inc.
Issuer : /C=US/O=DigiCert
Inc/OU=www.digicert.com/CN=DigiCert EV Code Signing CA (SHA2)
Serial : 0F622EF31D0F1EF94E520DBD7A43E58C
------------------
Cert #2:
Subject: /C=US/O=DigiCert
Inc/OU=www.digicert.com/CN=DigiCert Assured ID CA-1
Issuer : /C=US/O=DigiCert
Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root CA
Serial : 06FDF9039603ADEA000AEB3F27BBBA1B
------------------
Cert #3:
Subject: /C=US/O=DigiCert/CN=DigiCert Timestamp Responder
Issuer : /C=US/O=DigiCert
Inc/OU=www.digicert.com/CN=DigiCert Assured ID CA-1
Serial : 03019A023AFF58B16BD6D5EAE617F066
}}}
Now, with RFC 3161 Timestamping (using any hashing algorithm, but in this
case using SHA-256), `osslsigncode verify` only prints the code signing
certificates (as gk described). This makes sense, because the RFC 2161
timestamp is appended onto the pkcs7 structure embedded in the PE file,
and timestamping does not result in a new and independent cert chain.
{{{
Signature verification: ok
Number of signers: 1
Signer #0:
Subject: /businessCategory=Private
Organization/jurisdictionC=US/jurisdictionST=Washington/serialNumber=39070/street=#203/street=80
S Washington St/postalCode=98104/C=US/ST=Washington/L=Seattle/O=The Tor
Project, Inc./CN=The Tor Project, Inc.
Issuer : /C=US/O=DigiCert
Inc/OU=www.digicert.com/CN=DigiCert EV Code Signing CA (SHA2)
Serial : 0F622EF31D0F1EF94E520DBD7A43E58C
Number of certificates: 2
Cert #0:
Subject: /C=US/O=DigiCert
Inc/OU=www.digicert.com/CN=DigiCert EV Code Signing CA (SHA2)
Issuer : /C=US/O=DigiCert
Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
Serial : 03F1B4E15F3A82F1149678B3D7D8475C
------------------
Cert #1:
Subject: /businessCategory=Private
Organization/jurisdictionC=US/jurisdictionST=Washington/serialNumber=39070/street=#203/street=80
S Washington St/postalCode=98104/C=US/ST=Washington/L=Seattle/O=The Tor
Project, Inc./CN=The Tor Project, Inc.
Issuer : /C=US/O=DigiCert
Inc/OU=www.digicert.com/CN=DigiCert EV Code Signing CA (SHA2)
Serial : 0F622EF31D0F1EF94E520DBD7A43E58C
Succeeded
}}}
Using `openssl pkcs7`, as gk described, we can see the asn.1 object
appended within the unauthenticated portion. First, we must extract the
signatures from the file, then we can parse the resulting pkcs7 object:
{{{
$ osslsigncode extract-signature -pem -in torbrowser-install-
win64-9.5a12_cs.exe -out torbrowser-install-win64-9.5a12_cs.exe.sigs
$ openssl pkcs7 -print -in torbrowser-install-win64-9.5a12_cs.exe.sigs
}}}
{{{
unauth_attr:
object: undefined (1.3.6.1.4.1.311.3.3.1)
set:
SEQUENCE:
0:d=0 hl=4 l=3761 cons: SEQUENCE
4:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signedData
15:d=1 hl=4 l=3746 cons: cont [ 0 ]
19:d=2 hl=4 l=3742 cons: SEQUENCE
23:d=3 hl=2 l= 1 prim: INTEGER :03
26:d=3 hl=2 l= 15 cons: SET
28:d=4 hl=2 l= 13 cons: SEQUENCE
30:d=5 hl=2 l= 9 prim: OBJECT :sha256
41:d=5 hl=2 l= 0 prim: NULL
43:d=3 hl=2 l= 120 cons: SEQUENCE
45:d=4 hl=2 l= 11 prim: OBJECT :id-smime-ct-TSTInfo
[snip]
282:d=8 hl=2 l= 47 cons: SEQUENCE
284:d=9 hl=2 l= 3 prim: OBJECT :commonName
289:d=9 hl=2 l= 40 prim: PRINTABLESTRING :DigiCert SHA2
Assured ID Timestamping CA
331:d=6 hl=2 l= 30 cons: SEQUENCE
333:d=7 hl=2 l= 13 prim: UTCTIME :191001000000Z
348:d=7 hl=2 l= 13 prim: UTCTIME :301017000000Z
363:d=6 hl=2 l= 76 cons: SEQUENCE
365:d=7 hl=2 l= 11 cons: SET
367:d=8 hl=2 l= 9 cons: SEQUENCE
369:d=9 hl=2 l= 3 prim: OBJECT :countryName
374:d=9 hl=2 l= 2 prim: PRINTABLESTRING :US
378:d=7 hl=2 l= 23 cons: SET
380:d=8 hl=2 l= 21 cons: SEQUENCE
382:d=9 hl=2 l= 3 prim: OBJECT :organizationName
387:d=9 hl=2 l= 14 prim: PRINTABLESTRING :DigiCert, Inc.
403:d=7 hl=2 l= 36 cons: SET
405:d=8 hl=2 l= 34 cons: SEQUENCE
407:d=9 hl=2 l= 3 prim: OBJECT :commonName
412:d=9 hl=2 l= 27 prim: PRINTABLESTRING :TIMESTAMP-
SHA256-2019-10-15
[snip]
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29614#comment:20>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list