[Pkg-mozext-commits] [perspectives-extension] 06/19: Perspectives - Hook up SparkMD5 library and fix MD5 functionality

David Prévot taffit at moszumanska.debian.org
Sun Oct 12 16:35:38 UTC 2014 

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to branch master
in repository perspectives-extension.

commit fe399ddad6add3521602fc58dd4e50ef3798c1d1
Author: Dave Schaefer <dave.schaefer at gmail.com>
Date:   Sun Sep 28 13:21:22 2014 -0600

    Perspectives - Hook up SparkMD5 library and fix MD5 functionality
    
    I stress that this is a *temporary* fix,
    to get us up and running again.
    We definitely need to move Perspectives away from MD5
    to newer and more secure hash algorithms.
    
    Many thanks to Gerold M. for figuring this out and supplying working examples!
---
 plugin/chrome/content/credits/contributors.txt |  1 +
 plugin/chrome/content/initialize.xul           |  1 +
 plugin/chrome/content/notaries.js              | 28 +++++++++++++++++++++++---
 plugin/chrome/content/statusbar.xul            |  2 ++
 test/test.html                                 | 15 ++++++++++++++
 5 files changed, 44 insertions(+), 3 deletions(-)

diff --git a/plugin/chrome/content/credits/contributors.txt b/plugin/chrome/content/credits/contributors.txt
index c244cbb..0ae7f44 100644
--- a/plugin/chrome/content/credits/contributors.txt
+++ b/plugin/chrome/content/credits/contributors.txt
@@ -5,6 +5,7 @@ Goofy
 katmagic
 David Lawhon
 Ryan McBride
+Gerold Meisinger
 Jens Mueller
 Ramu Panayappan
 Dave Schaefer
diff --git a/plugin/chrome/content/initialize.xul b/plugin/chrome/content/initialize.xul
index 26ff397..80aa5bb 100644
--- a/plugin/chrome/content/initialize.xul
+++ b/plugin/chrome/content/initialize.xul
@@ -4,6 +4,7 @@
   xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
   <script type="application/x-javascript" src="notaries.js" />
   <script type="application/x-javascript" src="common.js" />
+  <script type="application/x-javascript" src="extlib/spark-md5.min.js"/>
   <script type="text/javascript">
 				
     // don't load or run anything until after the page has loaded
diff --git a/plugin/chrome/content/notaries.js b/plugin/chrome/content/notaries.js
index c772a47..d0fba73 100644
--- a/plugin/chrome/content/notaries.js
+++ b/plugin/chrome/content/notaries.js
@@ -437,6 +437,15 @@ var Perspectives = {
 		return q_count;
 	},
 
+	calculateMD5: function(array) {
+		// calculate the MD5 hash of a given array
+		// uses third-party library SparkMD5.
+		// many thanks to them for sharing under a compatible license.
+		var hash = SparkMD5.ArrayBuffer.hash(array, false );
+		hash = hash.toLowerCase().match(/.{1,2}/g).join(':');
+		return hash;
+	},
+
 	notaryQueriesComplete: function(ti) {
 		try {
 			if(Perspectives.strbundle == null) {
@@ -446,8 +455,14 @@ var Perspectives = {
 			var server_result_list = ti.partial_query_results; 
 			delete ti.partial_query_results; 
 			delete ti.timeout_id; 
-			
-			var test_key = ti.cert.md5Fingerprint.toLowerCase();
+
+			var test_key;
+			if (ti.cert["md5Fingerprint"] !== undefined) {
+				test_key = ti.cert.md5Fingerprint.toLowerCase();
+			}
+			else {
+				test_key = this.calculateMD5(ti.cert.getRawDER({}));
+			}
 			// 2 days (FIXME: make this a pref)
 			var max_stale_sec = 2 * 24 * 3600; 
 			var q_required = Perspectives.getQuorumAsInt();
@@ -565,7 +580,14 @@ var Perspectives = {
 			return;
 		}
   
-		var md5        = ti.cert.md5Fingerprint.toLowerCase();
+		var md5;
+		if (ti.cert["md5Fingerprint"] !== undefined) {
+			// use the built-in browser hash if available
+			md5 = ti.cert.md5Fingerprint.toLowerCase();
+		}
+		else {
+			md5 = this.calculateMD5(ti.cert.getRawDER({}));
+		}
 		ti.state      = ti.browser.securityUI.state;
 
 		ti.is_override_cert = Perspectives.overrideService.isCertUsedForOverrides(ti.cert, true, true);
diff --git a/plugin/chrome/content/statusbar.xul b/plugin/chrome/content/statusbar.xul
index 4a25e6d..6ab3ffd 100644
--- a/plugin/chrome/content/statusbar.xul
+++ b/plugin/chrome/content/statusbar.xul
@@ -8,6 +8,8 @@
 	<stringbundle id="notary_strings" src="chrome://perspectives/locale/notaries.properties" insertbefore="1"/>
  </stringbundleset> 
 
+ <script type="application/x-javascript" src="extlib/spark-md5.min.js"/>
+
   <script type="application/x-javascript" src="common.js"/>
   <script type="application/x-javascript" src="base64.js" />
   <script type="application/x-javascript" src="client_policy.js" />
diff --git a/test/test.html b/test/test.html
index 90e9fb7..522aec6 100644
--- a/test/test.html
+++ b/test/test.html
@@ -5,6 +5,8 @@
 <title>Perspectives - Test cases</title>
 
 <!-- Include every file so we can verify that all of the objects are testable in meta_test() -->
+<script type="text/javascript" src="../extlib/spark-md5.min.js"></script>
+
 <script type="text/javascript" src="../about.js"></script>
 <script type="text/javascript" src="../base64.js"></script>
 <script type="text/javascript" src="../client_policy.js"></script>
@@ -150,6 +152,18 @@ function meta_tests() {
   write_string("Finished");
 }
 
+function hash_tests() {
+
+  write_string("Starting hash tests");
+
+  var known_md5_hash = "ffe5f73de2828ae744f3b126a7744fc3"; // verified independently with three external MD5 calculators
+  var md5_test_string = "This is the Perspectives project browser extension MD5 test";
+  var md5_hash = SparkMD5.hash(md5_test_string);
+  assert((md5_hash === known_md5_hash), "MD5 hash of test string: " + known_md5_hash);
+
+  write_string("Finished");
+}
+
 function client_sanity() {
  write_string("Starting client policy unit tests...");
 
@@ -874,6 +888,7 @@ function run_tests() {
 
     clear();
     meta_tests();
+    hash_tests();
     client_sanity();
     nonrouted_ips();
     quorum_basics();

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-mozext/perspectives-extension.git

More information about the Pkg-mozext-commits mailing list