Formpost middleware should support stronger hash functions

Bug #1794601 reported by Tim Burke
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Object Storage (swift)
Fix Released
Undecided
Unassigned

Bug Description

Currently, formpost only uses SHA1 [1] when computing HMACs. People have been sounding the alarm for a while now [2], and not so long ago Google announced a practical attack on SHA1 [3]. We've already enabled SHA-256 and SHA-512 for tempurl [4], so let's do something similar for formpost.

[1] https://github.com/openstack/swift/blob/2.19.0/swift/common/middleware/formpost.py#L374
[2] https://www.schneier.com/blog/archives/2012/10/when_will_we_se.html
[3] https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
[4] https://review.openstack.org/#/c/525770/

Revision history for this message
Tim Burke (1-tim-z) wrote :

Yeah, I think the tempurl work at https://github.com/openstack/swift/commit/5a4d3bdfc will be a really good guide. This is nice and self-contained; good first-contribution material. The main points we'd look for in a patch would be:

* new config option listed in etc/proxy-server.conf-sample,
* formpost's filter_factory parsing the new option, including it in the call to register_swift_info, and passing it on to the actual filter,
* formpost's filter growing some new parsing so it can differentiate between hash functions and validate any of the configured digests,
* updated docs in the formpost middleware's docstring, and
* unit tests to demonstrate the new functionality.

Might be an opportunity to pull some logic from common/middleware/tempurl.py out to common/utils.py and use it here too, but it's really optional.

tags: added: low-hanging-fruit
Changed in swift:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to swift (master)

Reviewed: https://review.opendev.org/c/openstack/swift/+/838434
Committed: https://opendev.org/openstack/swift/commit/ef31baf3fc064f7c83c7116d8d4374295915ec1c
Submitter: "Zuul (22348)"
Branch: master

commit ef31baf3fc064f7c83c7116d8d4374295915ec1c
Author: Matthew Oliver <email address hidden>
Date: Tue Apr 19 15:23:30 2022 +1000

    formpost: Add support for sha256/512 signatures

    Sha1 has known to be deprecated for a while so allow the formpost
    middleware to use SHA256 and SHA512. Follow the tempurl model and
    accept signatures of the form:

       <hex-encoded signature>

    or

       sha1:<base64-encoded signature>
       sha256:<base64-encoded signature>
       sha512:<base64-encoded signature>

    where the base64-encoding can be either standard or URL-safe, and the
    trailing '=' chars may be stripped off.

    As part of this, pull the signature-parsing out to a new function, and
    add detection for hex-encoded sha512 signatures to tempurl.

    Change-Id: Iaba3725551bd47d75067a634a7571485b9afa2de
    Related-Change: Ia9dd1a91cc3c9c946f5f029cdefc9e66bcf01046
    Co-Authored-By: Tim Burke <email address hidden>
    Closes-Bug: #1794601

Changed in swift:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/swift 2.30.0

This issue was fixed in the openstack/swift 2.30.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers