Formpost middleware should support stronger hash functions

Bug #1794601 reported by Tim Burke on 2018-09-26
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Object Storage (swift)
Undecided
Unassigned

Bug Description

Currently, formpost only uses SHA1 [1] when computing HMACs. People have been sounding the alarm for a while now [2], and not so long ago Google announced a practical attack on SHA1 [3]. We've already enabled SHA-256 and SHA-512 for tempurl [4], so let's do something similar for formpost.

[1] https://github.com/openstack/swift/blob/2.19.0/swift/common/middleware/formpost.py#L374
[2] https://www.schneier.com/blog/archives/2012/10/when_will_we_se.html
[3] https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
[4] https://review.openstack.org/#/c/525770/

Tim Burke (1-tim-z) wrote :

Yeah, I think the tempurl work at https://github.com/openstack/swift/commit/5a4d3bdfc will be a really good guide. This is nice and self-contained; good first-contribution material. The main points we'd look for in a patch would be:

* new config option listed in etc/proxy-server.conf-sample,
* formpost's filter_factory parsing the new option, including it in the call to register_swift_info, and passing it on to the actual filter,
* formpost's filter growing some new parsing so it can differentiate between hash functions and validate any of the configured digests,
* updated docs in the formpost middleware's docstring, and
* unit tests to demonstrate the new functionality.

Might be an opportunity to pull some logic from common/middleware/tempurl.py out to common/utils.py and use it here too, but it's really optional.

tags: added: low-hanging-fruit
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers