MozillaWiki

Extension Manager:Addon Update Security:Signature: Difference between revisions

(New page: This page sets out more details about the digital signature method of securing add-on update manifests. == Update Public Key == In order to verify the signature in the update manifest, a...)
 
 
(11 intermediate revisions by the same user not shown)
Line 5: Line 5:
In order to verify the signature in the update manifest, a public key is required. This must be included in the original add-on xpi. Including the key in the install.rdf makes checking for a key on install and retrieving the key at update time easier than the alternative option of including it as a file in the xpi.
In order to verify the signature in the update manifest, a public key is required. This must be included in the original add-on xpi. Including the key in the install.rdf makes checking for a key on install and retrieving the key at update time easier than the alternative option of including it as a file in the xpi.


The key shall be DER encoded and then base64 encoded for inclusion as an em:updateKey resource in the install manifest. An example of this is below:
The SubjectPublicKeyInfo sequence (as defined in RFC 3280 and elsewhere) shall be DER encoded and then base64 encoded for inclusion as an em:updateKey resource in the install manifest. An example of this is below:


<pre>
<pre>
<?xml version="1.0"?>
<?xml version="1.0"?>
<RDF:RDF xmlns:em="http://www.mozilla.org/2004/em-rdf#"
 
         xmlns:RDF="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
<RDF:RDF xmlns:RDF="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
  <RDF:Description about="urn:mozilla:install-manifest">
         xmlns="http://www.mozilla.org/2004/em-rdf#">
    <em:id>TabSidebar@blueprintit.co.uk</em:id>
<RDF:Description about="urn:mozilla:install-manifest">
    <em:version>2.0a1</em:version>
<id>{1280606b-2510-4fe0-97ef-9b5a22eafe80}</id>
    <em:name>Tab Sidebar</em:name>
    <em:description>Displays previews of your tabs in your sidebar.</em:description>
<name>Console²</name>
    <em:updateURL>http://www.oxymoronical.com/web/firefox/TabSidebar/update.rdf</em:updateURL>
<version>0.3.8</version>
    <em:targetApplication>
      <RDF:Description>
<description>The next generation error console.</description>
        <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>
<iconURL>chrome://console2/skin/import/Error.png</iconURL>
        <em:minVersion>1.5</em:minVersion>
<homepageURL>http://console2.mozdev.org/index.html</homepageURL>
        <em:maxVersion>3.0a5pre</em:maxVersion>
<updateURL>http://console2.mozdev.org/update.xml</updateURL>
      </RDF:Description>
    </em:targetApplication>
<creator>zeniko</creator>
    <em:publicKey>MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8tygA/cOMS/cyFn3Lf30Dskkd
<contributor>Philip Chee</contributor>
                  Q0i6NlLfKVxTYUmLge/tEb3QMHlBdM9D0mMpzybq7rFI7aFscUFEcDo9WVd5ieyZ
<contributor>All contributors to the Toolkit 1.8 JavaScript Console</contributor>
                  cPotUd1WyUXZHXKluMfkE4asnXedLcICqrXEUJDxeWHSA36FrMW4uASxbl42/Ibi
<targetApplication><!-- Firefox -->
                  e/liyRgPpmzDged+jQIDAQAB</em:publicKey>
<RDF:Description>
<id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</id>
<minVersion>1.5</minVersion>
<maxVersion>3.0.*</maxVersion>
</RDF:Description>
</targetApplication>
<targetApplication><!-- Thunderbird -->
<RDF:Description>
<id>{3550f703-e582-4d05-9a08-453d09bdfdc6}</id>
<minVersion>1.5</minVersion>
<maxVersion>3.0.*</maxVersion>
</RDF:Description>
</targetApplication>
<targetApplication><!-- SeaMonkey -->
<RDF:Description>
<id>{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}</id>
<minVersion>1.0</minVersion>
<maxVersion>2.0.*</maxVersion>
</RDF:Description>
</targetApplication>
<targetApplication><!-- Flock -->
<RDF:Description>
<id>{a463f10c-3994-11da-9945-000d60ca027b}</id>
<minVersion>0.5</minVersion>
<maxVersion>0.*</maxVersion>
</RDF:Description>
</targetApplication>
 
<targetApplication><!-- Sunbird -->
<RDF:Description>
<id>{718e30fb-e89b-41dd-9da7-e25a45638b28}</id>
<minVersion>0.3.1</minVersion>
<maxVersion>0.6.*</maxVersion>
</RDF:Description>
</targetApplication>
 
<targetApplication><!-- eMusic DLM -->
<RDF:Description>
<id>dlm@emusic.com</id>
<minVersion>4.0a1</minVersion>
<maxVersion>4.0.0.*</maxVersion>
</RDF:Description>
</targetApplication>
 
<targetApplication><!-- Netscape Navigator-->
<RDF:Description>
<id>{3db10fab-e461-4c80-8b97-957ad5f8ea47}</id>
<minVersion>9.0a</minVersion>
<maxVersion>9.0.*</maxVersion>
</RDF:Description>
</targetApplication>
<em:updateKey>MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8tygA/cOMS/cyFn3Lf30Dskkd
              Q0i6NlLfKVxTYUmLge/tEb3QMHlBdM9D0mMpzybq7rFI7aFscUFEcDo9WVd5ieyZ
              cPotUd1WyUXZHXKluMfkE4asnXedLcICqrXEUJDxeWHSA36FrMW4uASxbl42/Ibi
              e/liyRgPpmzDged+jQIDAQAB</em:updateKey>
   </RDF:Description>
   </RDF:Description>
</RDF:RDF>
</RDF:RDF>
Line 36: Line 93:
The update signature is generated from a string of text that is pulled out of the update manifest. It is important that this string remains the same for a given update manifest no matter how the manifest was serialized. This is partly because our rdf code generally changes the format of the serialized data.
The update signature is generated from a string of text that is pulled out of the update manifest. It is important that this string remains the same for a given update manifest no matter how the manifest was serialized. This is partly because our rdf code generally changes the format of the serialized data.


To ensure this the following form is used for the text string:
In order to make this signing forwards compatible as much as possible the string must essentially be a serialisation of all the data in the RDF relevant to the extension that is in use now or may be used in future versions. The simplest method for this is to serialise the data as an RDF fragment using certain rules to ensure that the serialisation remains the same as all.
 
=== Basic XML Output Rules ===
 
Because we are only outputting a fragment there is no xml prolog in the string. Additionally there is no declaration of the namespace prefixes used. The only two prefixes that should appear are <code>RDF</code> and <code>em</code>.
 
The serialised string is "pretty-printed" xml. This is done for readability in diagnostic situations. Essentially each child tag is indented one level above it's parent tag. The level of indent chosen is 2 spaces. The rules for outputting the rdf as set out in the next section ensure that an element only ever contains character data, or a number of child elements, never both. Lines are separated by a single \n character regardless of platform.
 
If the element contains only character data then it is outputted as a single line with spaces at the start indenting the tag to one level of indent higher than that of the parent element. If the literal data happens to contain newlines then it is still outputted as is, i.e. no attempt to indent the character data is performed.
 
<pre>
<parentElement>
  <literalElement1>Literal character data</literalElement1>
  <literalElement2>Literal character
data with
newlines</literalElement2>
  <literalElement3>Literal character data</literalElement3>
</parentElement>
</pre>
 
If the element contains other elements, then the start and end tag each appear on a line by themselves (indented one level deeper than the parent element). Each child element will then appear as specified, one level of indent deeper.
 
<pre>
<element>
  <childElement>
    <grandChildElement>Literal data</grandChildElement>
  <childElement>
</element>
</pre>
 
In the event that a start tag contains attributes they should be outputted single-space separated with no spaces between the attribute name, = and values. e.g.:
 
<pre>
<element attr1="value1" attr2="value2">
</element>
</pre>
 
=== RDF Output Rules ===
 
When serialising a resource that is an RDF container (Seq, Bag, Alt), output as an element with the prefix RDF and the local name matching the container type. If the resource is not anonymous, include it's uri as an <code>about</code> attribute. The element should contain one <code>RDF:li</code> for every item in the container in order containing the serialisation of the contained resource. The <code>RDF:li</code> contains an element that will either be an <code>RDF:Description</code> or a container type depending on the resource. Following the <code>RDF:li</code> elements, output the other properties as detailed for a non-container resource.
 
When serialising a resource that is not an RDF container output as a <code>RDF:Description</code> element. If the resource is not anonymous, include the uri of the resource as an <code>about</code> attribute on the element. Inside the element output each property of the <code>em</code> namespace in order of property uri. Where a property has multiple targets, serialise each one and output in sorted order.
 
When a property points to a literal value output as a simple element with property name and containing the literal.
 
When a property points to a resource output as an element with property name and containing the serialisation of the resource as specified above.
 
There is one main issue with this serialisation. It cannot handle the situation where resources are referenced from multiple places or recursively. Resolving both of these would require coming up with a method of generating anonymous uri's that were not random in nature. Neither of these issues are possible with the current update RDF schema.
 
=== Example output ===
 
Given the following example update RDF:
 
<pre>
<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:em="http://www.mozilla.org/2004/em-rdf#">
 
<Description about="urn:mozilla:extension:{1280606b-2510-4fe0-97ef-9b5a22eafe80}">
<em:updates>
<Seq>
<li resource="urn:mozilla:extension:{1280606b-2510-4fe0-97ef-9b5a22eafe80}:0.3.8"/>
<li resource="urn:mozilla:extension:{1280606b-2510-4fe0-97ef-9b5a22eafe80}:0.3.7"/>
</Seq>
</em:updates>
</Description>
 
<Description about="urn:mozilla:extension:{1280606b-2510-4fe0-97ef-9b5a22eafe80}:0.3.8">
<em:version>0.3.7</em:version>
<em:targetApplication><!-- Firefox -->
<Description>
<em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>
<em:minVersion>1.5</em:minVersion>
<em:maxVersion>3.0.*</em:maxVersion>
<em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.8.xpi</em:updateLink>
</Description>
</em:targetApplication>
<em:targetApplication><!-- Thunderbird -->
<Description>
<em:id>{3550f703-e582-4d05-9a08-453d09bdfdc6}</em:id>
<em:minVersion>1.5</em:minVersion>
<em:maxVersion>3.0.*</em:maxVersion>
<em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.8.xpi</em:updateLink>
</Description>
</em:targetApplication>
<em:targetApplication><!-- SeaMonkey -->
<Description>
<em:id>{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}</em:id>
<em:minVersion>1.0</em:minVersion>
<em:maxVersion>1.5.*</em:maxVersion>
<em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.8.xpi</em:updateLink>
</Description>
</em:targetApplication>
<em:targetApplication><!-- Flock -->
<Description>
<em:id>{a463f10c-3994-11da-9945-000d60ca027b}</em:id>
<em:minVersion>0.5</em:minVersion>
<em:maxVersion>0.9.*</em:maxVersion>
<em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.8.xpi</em:updateLink>
</Description>
</em:targetApplication>
<em:targetApplication><!-- Sunbird -->
<Description>
<em:id>{718e30fb-e89b-41dd-9da7-e25a45638b28}</em:id>
<em:minVersion>0.3.1</em:minVersion>
<em:maxVersion>0.7.*</em:maxVersion>
<em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.8.xpi</em:updateLink>
</Description>
</em:targetApplication>
<em:targetApplication><!-- eMusic DLM -->
<Description>
<em:id>dlm@emusic.com</em:id>
<em:minVersion>4.0a1</em:minVersion>
<em:maxVersion>4.0.0.*</em:maxVersion>
<em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.8.xpi</em:updateLink>
</Description>
</em:targetApplication>
 
<em:targetApplication><!-- Netscape -->
<Description>
<em:id>{3db10fab-e461-4c80-8b97-957ad5f8ea47}</em:id>
<em:minVersion>9.0a</em:minVersion>
<em:maxVersion>9.0.*</em:maxVersion>
<em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.8.xpi</em:updateLink>
</Description>
</em:targetApplication>
</Description>
 
<Description about="urn:mozilla:extension:{1280606b-2510-4fe0-97ef-9b5a22eafe80}:0.3.7">
<em:version>0.3.7</em:version>
<em:targetApplication><!-- Firefox -->
<Description>
<em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>
<em:minVersion>1.5</em:minVersion>
<em:maxVersion>3.0.*</em:maxVersion>
<em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.7.xpi</em:updateLink>
</Description>
</em:targetApplication>
<em:targetApplication><!-- Thunderbird -->
<Description>
<em:id>{3550f703-e582-4d05-9a08-453d09bdfdc6}</em:id>
<em:minVersion>1.5</em:minVersion>
<em:maxVersion>3.0.*</em:maxVersion>
<em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.7.xpi</em:updateLink>
</Description>
</em:targetApplication>
<em:targetApplication><!-- SeaMonkey -->
<Description>
<em:id>{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}</em:id>
<em:minVersion>1.0</em:minVersion>
<em:maxVersion>1.5.*</em:maxVersion>
<em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.7.xpi</em:updateLink>
</Description>
</em:targetApplication>
<em:targetApplication><!-- Flock -->
<Description>
<em:id>{a463f10c-3994-11da-9945-000d60ca027b}</em:id>
<em:minVersion>0.5</em:minVersion>
<em:maxVersion>0.8.*</em:maxVersion>
<em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.7.xpi</em:updateLink>
</Description>
</em:targetApplication>
<em:targetApplication><!-- Sunbird -->
<Description>
<em:id>{718e30fb-e89b-41dd-9da7-e25a45638b28}</em:id>
<em:minVersion>0.3.1</em:minVersion>
<em:maxVersion>0.6.*</em:maxVersion>
<em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.7.xpi</em:updateLink>
</Description>
</em:targetApplication>
<em:targetApplication><!-- eMusic DLM -->
<Description>
<em:id>dlm@emusic.com</em:id>
<em:minVersion>4.0a1</em:minVersion>
<em:maxVersion>4.0.0.*</em:maxVersion>
<em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.7.xpi</em:updateLink>
</Description>
</em:targetApplication>
</Description>


  <updatestring> ::= <id> <versionlist>
</RDF>
  <versionlist> ::= <version> | <version> <versionlist>
</pre>
  <version> ::= ":" <versionnumber> <targetapplist>
  <targetapplist> ::= <targetapp> | <targetapp> <targetapplist>
  <targetapp> ::= "(" <id> ":" <minVersion> ":" <maxVersion> ":" <updateLink> <opt-updateHash> ")"
  <opt-updateHash> ::= "" | ":" <updateHash>


Note that the strings in the targetapplist are sorted in alphabetical order before being concatenated. This is because the update manifest format does not include any ordering information about the target application arcs (correctly) so we must introduce some mechanism that leaves the order the same each time.
We serialise as the following:


The string includes the add-on's id, the version of every listed update and all the target application information as well as the url of the updated xpi and if present the hash for that xpi.
<pre>
<RDF:Description about="urn:mozilla:extension:{1280606b-2510-4fe0-97ef-9b5a22eafe80}">
  <em:updates>
    <RDF:Seq>
      <RDF:li>
        <RDF:Description about="urn:mozilla:extension:{1280606b-2510-4fe0-97ef-9b5a22eafe80}:0.3.8">
          <em:targetApplication>
            <RDF:Description>
              <em:id>dlm@emusic.com</em:id>
              <em:maxVersion>4.0.0.*</em:maxVersion>
              <em:minVersion>4.0a1</em:minVersion>
              <em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.8.xpi</em:updateLink>
            </RDF:Description>
          </em:targetApplication>
          <em:targetApplication>
            <RDF:Description>
              <em:id>{3550f703-e582-4d05-9a08-453d09bdfdc6}</em:id>
              <em:maxVersion>3.0.*</em:maxVersion>
              <em:minVersion>1.5</em:minVersion>
              <em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.8.xpi</em:updateLink>
            </RDF:Description>
          </em:targetApplication>
          <em:targetApplication>
            <RDF:Description>
              <em:id>{3db10fab-e461-4c80-8b97-957ad5f8ea47}</em:id>
              <em:maxVersion>9.0.*</em:maxVersion>
              <em:minVersion>9.0a</em:minVersion>
              <em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.8.xpi</em:updateLink>
            </RDF:Description>
          </em:targetApplication>
          <em:targetApplication>
            <RDF:Description>
              <em:id>{718e30fb-e89b-41dd-9da7-e25a45638b28}</em:id>
              <em:maxVersion>0.7.*</em:maxVersion>
              <em:minVersion>0.3.1</em:minVersion>
              <em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.8.xpi</em:updateLink>
            </RDF:Description>
          </em:targetApplication>
          <em:targetApplication>
            <RDF:Description>
              <em:id>{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}</em:id>
              <em:maxVersion>1.5.*</em:maxVersion>
              <em:minVersion>1.0</em:minVersion>
              <em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.8.xpi</em:updateLink>
            </RDF:Description>
          </em:targetApplication>
          <em:targetApplication>
            <RDF:Description>
              <em:id>{a463f10c-3994-11da-9945-000d60ca027b}</em:id>
              <em:maxVersion>0.9.*</em:maxVersion>
              <em:minVersion>0.5</em:minVersion>
              <em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.8.xpi</em:updateLink>
            </RDF:Description>
          </em:targetApplication>
          <em:targetApplication>
            <RDF:Description>
              <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>
              <em:maxVersion>3.0.*</em:maxVersion>
              <em:minVersion>1.5</em:minVersion>
              <em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.8.xpi</em:updateLink>
            </RDF:Description>
          </em:targetApplication>
          <em:version>0.3.7</em:version>
        </RDF:Description>
      </RDF:li>
      <RDF:li>
        <RDF:Description about="urn:mozilla:extension:{1280606b-2510-4fe0-97ef-9b5a22eafe80}:0.3.7">
          <em:targetApplication>
            <RDF:Description>
              <em:id>dlm@emusic.com</em:id>
              <em:maxVersion>4.0.0.*</em:maxVersion>
              <em:minVersion>4.0a1</em:minVersion>
              <em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.7.xpi</em:updateLink>
            </RDF:Description>
          </em:targetApplication>
          <em:targetApplication>
            <RDF:Description>
              <em:id>{3550f703-e582-4d05-9a08-453d09bdfdc6}</em:id>
              <em:maxVersion>3.0.*</em:maxVersion>
              <em:minVersion>1.5</em:minVersion>
              <em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.7.xpi</em:updateLink>
            </RDF:Description>
          </em:targetApplication>
          <em:targetApplication>
            <RDF:Description>
              <em:id>{718e30fb-e89b-41dd-9da7-e25a45638b28}</em:id>
              <em:maxVersion>0.6.*</em:maxVersion>
              <em:minVersion>0.3.1</em:minVersion>
              <em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.7.xpi</em:updateLink>
            </RDF:Description>
          </em:targetApplication>
          <em:targetApplication>
            <RDF:Description>
              <em:id>{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}</em:id>
              <em:maxVersion>1.5.*</em:maxVersion>
              <em:minVersion>1.0</em:minVersion>
              <em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.7.xpi</em:updateLink>
            </RDF:Description>
          </em:targetApplication>
          <em:targetApplication>
            <RDF:Description>
              <em:id>{a463f10c-3994-11da-9945-000d60ca027b}</em:id>
              <em:maxVersion>0.8.*</em:maxVersion>
              <em:minVersion>0.5</em:minVersion>
              <em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.7.xpi</em:updateLink>
            </RDF:Description>
          </em:targetApplication>
          <em:targetApplication>
            <RDF:Description>
              <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>
              <em:maxVersion>3.0.*</em:maxVersion>
              <em:minVersion>1.5</em:minVersion>
              <em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.7.xpi</em:updateLink>
            </RDF:Description>
          </em:targetApplication>
          <em:version>0.3.7</em:version>
        </RDF:Description>
      </RDF:li>
    </RDF:Seq>
  </em:updates>
</RDF:Description>
</pre>


This is then signed using the author's private key. The signature is base64 encoded and added as an em:signature resource to the add-on's update manifest. Following is an example update manifest with an included signature:
This is then signed using the author's private key. The signature is base64 encoded and added as an em:signature resource to the add-on's update manifest. Following is the example update manifest with an included signature. Note the vast difference between the original hand written rdf and what mozilla's rdf serialiser generates. Despite this the rdf remains the same and so the above method of generating the string to sign yields the same result.


<pre>
<pre>
<?xml version="1.0"?>
<?xml version="1.0"?>
<RDF:RDF xmlns:em="http://www.mozilla.org/2004/em-rdf#"
<RDF:RDF xmlns:em="http://www.mozilla.org/2004/em-rdf#"
        xmlns:NC="http://home.netscape.com/NC-rdf#"
         xmlns:RDF="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
         xmlns:RDF="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
   <RDF:Description RDF:about="urn:mozilla:extension:TabSidebar@blueprintit.co.uk">
   <RDF:Description RDF:about="rdf:#$F6q1N"
    <em:updates>
                  em:id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"
      <RDF:Seq>
                  em:minVersion="1.5"
        <RDF:li RDF:resource="urn:mozilla:extension:TabSidebar@blueprintit.co.uk:1.1.5"/>
                  em:maxVersion="3.0.*"
      </RDF:Seq>
                  em:updateLink="http://downloads.mozdev.org/console2/console2-0.3.8.xpi" />
     </em:updates>
  <RDF:Description RDF:about="rdf:#$77q1N"
     <em:signature>J9bFaHr+u1PiJ777xlV2ApUTNkgbVXh/NfjdBXDlkZ8CjSsHXhFmuYD6AJqr/nYk
                  em:id="dlm@emusic.com"
                  1qkLryqEEdYo3NrLotpc5Kgy2r1J0wghNUDCNnjwjzh9LJT38KCnoqv2djb5VOmN
                  em:minVersion="4.0a1"
                  1HYLHwn3+qD+DdGBUy8VV3EeRzxiGL+wjXn0o4T5Ok4=</em:signature>
                  em:maxVersion="4.0.0.*"
                  em:updateLink="http://downloads.mozdev.org/console2/console2-0.3.8.xpi" />
  <RDF:Description RDF:about="rdf:#$w7q1N"
                  em:id="{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}"
                  em:minVersion="1.0"
                  em:maxVersion="1.5.*"
                  em:updateLink="http://downloads.mozdev.org/console2/console2-0.3.7.xpi" />
  <RDF:Description RDF:about="urn:mozilla:extension:{1280606b-2510-4fe0-97ef-9b5a22eafe80}:0.3.7"
                  em:version="0.3.7">
    <em:targetApplication RDF:resource="rdf:#$k7q1N"/>
    <em:targetApplication RDF:resource="rdf:#$q7q1N"/>
    <em:targetApplication RDF:resource="rdf:#$w7q1N"/>
     <em:targetApplication RDF:resource="rdf:#$C7q1N"/>
     <em:targetApplication RDF:resource="rdf:#$I7q1N"/>
    <em:targetApplication RDF:resource="rdf:#$O7q1N"/>
   </RDF:Description>
   </RDF:Description>
   <RDF:Description RDF:about="urn:mozilla:extension:TabSidebar@blueprintit.co.uk:1.1.5">
   <RDF:Description RDF:about="urn:mozilla:extension:{1280606b-2510-4fe0-97ef-9b5a22eafe80}:0.3.8"
    <em:version>1.1.5</em:version>
                  em:version="0.3.7">
     <em:targetApplication>
     <em:targetApplication RDF:resource="rdf:#$F6q1N"/>
      <RDF:Description>
    <em:targetApplication RDF:resource="rdf:#$L6q1N"/>
        <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>
    <em:targetApplication RDF:resource="rdf:#$R6q1N"/>
        <em:minVersion>2.0b1</em:minVersion>
    <em:targetApplication RDF:resource="rdf:#$X6q1N"/>
        <em:maxVersion>2.0.0.*</em:maxVersion>
    <em:targetApplication RDF:resource="rdf:#$17q1N"/>
        <em:updateLink>http://www.oxymoronical.com/site/files/845/default/3/TabSidebar-1.1.5.xpi</em:updateLink>
    <em:targetApplication RDF:resource="rdf:#$77q1N"/>
      </RDF:Description>
     <em:targetApplication RDF:resource="rdf:#$d7q1N"/>
     </em:targetApplication>
   </RDF:Description>
   </RDF:Description>
  <RDF:Description RDF:about="rdf:#$C7q1N"
                  em:id="{a463f10c-3994-11da-9945-000d60ca027b}"
                  em:minVersion="0.5"
                  em:maxVersion="0.8.*"
                  em:updateLink="http://downloads.mozdev.org/console2/console2-0.3.7.xpi" />
  <RDF:Description RDF:about="rdf:#$R6q1N"
                  em:id="{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}"
                  em:minVersion="1.0"
                  em:maxVersion="1.5.*"
                  em:updateLink="http://downloads.mozdev.org/console2/console2-0.3.8.xpi" />
  <RDF:Description RDF:about="rdf:#$X6q1N"
                  em:id="{a463f10c-3994-11da-9945-000d60ca027b}"
                  em:minVersion="0.5"
                  em:maxVersion="0.9.*"
                  em:updateLink="http://downloads.mozdev.org/console2/console2-0.3.8.xpi" />
  <RDF:Description RDF:about="rdf:#$L6q1N"
                  em:id="{3550f703-e582-4d05-9a08-453d09bdfdc6}"
                  em:minVersion="1.5"
                  em:maxVersion="3.0.*"
                  em:updateLink="http://downloads.mozdev.org/console2/console2-0.3.8.xpi" />
  <RDF:Description RDF:about="rdf:#$O7q1N"
                  em:id="dlm@emusic.com"
                  em:minVersion="4.0a1"
                  em:maxVersion="4.0.0.*"
                  em:updateLink="http://downloads.mozdev.org/console2/console2-0.3.7.xpi" />
  <RDF:Description RDF:about="rdf:#$d7q1N"
                  em:id="{3db10fab-e461-4c80-8b97-957ad5f8ea47}"
                  em:minVersion="9.0a"
                  em:maxVersion="9.0.*"
                  em:updateLink="http://downloads.mozdev.org/console2/console2-0.3.8.xpi" />
  <RDF:Seq RDF:about="rdf:#$C6q1N">
    <RDF:li RDF:resource="urn:mozilla:extension:{1280606b-2510-4fe0-97ef-9b5a22eafe80}:0.3.8"/>
    <RDF:li RDF:resource="urn:mozilla:extension:{1280606b-2510-4fe0-97ef-9b5a22eafe80}:0.3.7"/>
  </RDF:Seq>
  <RDF:Description RDF:about="rdf:#$I7q1N"
                  em:id="{718e30fb-e89b-41dd-9da7-e25a45638b28}"
                  em:minVersion="0.3.1"
                  em:maxVersion="0.6.*"
                  em:updateLink="http://downloads.mozdev.org/console2/console2-0.3.7.xpi" />
  <RDF:Description RDF:about="rdf:#$17q1N"
                  em:id="{718e30fb-e89b-41dd-9da7-e25a45638b28}"
                  em:minVersion="0.3.1"
                  em:maxVersion="0.7.*"
                  em:updateLink="http://downloads.mozdev.org/console2/console2-0.3.8.xpi" />
  <RDF:Description RDF:about="rdf:#$k7q1N"
                  em:id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"
                  em:minVersion="1.5"
                  em:maxVersion="3.0.*"
                  em:updateLink="http://downloads.mozdev.org/console2/console2-0.3.7.xpi" />
  <RDF:Description RDF:about="urn:mozilla:extension:{1280606b-2510-4fe0-97ef-9b5a22eafe80}">
    <em:updates RDF:resource="rdf:#$C6q1N"/>
    <em:signature>cDwqOLlQYeSg0Kt05tW4uF80ySlQV6d5T9yTfw6rsA8Suf8TJy2rjeBCujIDwPrG
W/OQpjm+RgWbMHU9Qqp1NLs7Eia//Y4RGGAsieVvczX4MkXZiZlwnIi+7hb7lxXR
zpIR6DXAtvZHquXr02hXEa86xnlQt/1/rzwzBYHuI9Y=</em:signature>
  </RDF:Description>
  <RDF:Description RDF:about="rdf:#$q7q1N"
                  em:id="{3550f703-e582-4d05-9a08-453d09bdfdc6}"
                  em:minVersion="1.5"
                  em:maxVersion="3.0.*"
                  em:updateLink="http://downloads.mozdev.org/console2/console2-0.3.7.xpi" />
</RDF:RDF>
</RDF:RDF>
</pre>
</pre>
Line 84: Line 520:


In order to make this work we must choose an appropriate key type and hashing algorithm for generating the digital signature. As far as the implementation goes this choice is largely irrelevant. So long as NSS supports the choice it is a trivial change to make the code work.
In order to make this work we must choose an appropriate key type and hashing algorithm for generating the digital signature. As far as the implementation goes this choice is largely irrelevant. So long as NSS supports the choice it is a trivial change to make the code work.
=== Key Type ===
* RSA
* DSA
Must also consider key size.


=== Hashing Algorithm ===
=== Hashing Algorithm ===
Line 103: Line 532:
* SHA512
* SHA512


If we select SHA1 as the hashing algorithm then either key type can be chosen, indeed it would not be necessary to standardise on the key type at all.
Since we have no need to support older apps or anything we should probably just choose SHA512 as being the strongest hashing method we have available right now.
 
=== Key Type ===
 
* RSA
* DSA
 
Since DSA cannot be used with the SHA512 hashing algorithm we should use RSA key types.
 
=== Signature Format ===
 
The signature format is very similar (but not identical) to the format of a certificate. In ASN.1 syntax, the required signature is:
 
<pre>
  ManifestSignature  ::=  SEQUENCE  {
        signatureAlgorithm  AlgorithmIdentifier,
        signatureValue      BIT STRING  }
</pre>
where signatureAlgorithm and signatureValue are as defined in RFC 3280.

Latest revision as of 22:38, 24 April 2008

This page sets out more details about the digital signature method of securing add-on update manifests.

Update Public Key

In order to verify the signature in the update manifest, a public key is required. This must be included in the original add-on xpi. Including the key in the install.rdf makes checking for a key on install and retrieving the key at update time easier than the alternative option of including it as a file in the xpi.

The SubjectPublicKeyInfo sequence (as defined in RFC 3280 and elsewhere) shall be DER encoded and then base64 encoded for inclusion as an em:updateKey resource in the install manifest. An example of this is below: 

<?xml version="1.0"?>

<RDF:RDF xmlns:RDF="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
         xmlns="http://www.mozilla.org/2004/em-rdf#">
	<RDF:Description about="urn:mozilla:install-manifest">
		<id>{1280606b-2510-4fe0-97ef-9b5a22eafe80}</id>
		
		<name>Console²</name>
		<version>0.3.8</version>
		
		<description>The next generation error console.</description>
		<iconURL>chrome://console2/skin/import/Error.png</iconURL>
		<homepageURL>http://console2.mozdev.org/index.html</homepageURL>
		<updateURL>http://console2.mozdev.org/update.xml</updateURL>
		
		<creator>zeniko</creator>
		<contributor>Philip Chee</contributor>
		<contributor>All contributors to the Toolkit 1.8 JavaScript Console</contributor>
		<targetApplication><!-- Firefox -->
			<RDF:Description>
				<id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</id>
				<minVersion>1.5</minVersion>
				<maxVersion>3.0.*</maxVersion>
			</RDF:Description>
		</targetApplication>
		
		<targetApplication><!-- Thunderbird -->
			<RDF:Description>
				<id>{3550f703-e582-4d05-9a08-453d09bdfdc6}</id>
				<minVersion>1.5</minVersion>
				<maxVersion>3.0.*</maxVersion>
			</RDF:Description>
		</targetApplication>
		
		<targetApplication><!-- SeaMonkey -->
			<RDF:Description>
				<id>{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}</id>
				<minVersion>1.0</minVersion>
				<maxVersion>2.0.*</maxVersion>
			</RDF:Description>
		</targetApplication>
		
		<targetApplication><!-- Flock -->
			<RDF:Description>
				<id>{a463f10c-3994-11da-9945-000d60ca027b}</id>
				<minVersion>0.5</minVersion>
				<maxVersion>0.*</maxVersion>
			</RDF:Description>
		</targetApplication>

		<targetApplication><!-- Sunbird -->
			<RDF:Description>
				<id>{718e30fb-e89b-41dd-9da7-e25a45638b28}</id>
				<minVersion>0.3.1</minVersion>
				<maxVersion>0.6.*</maxVersion>
			</RDF:Description>
		</targetApplication>

		<targetApplication><!-- eMusic DLM -->
			<RDF:Description>
				<id>dlm@emusic.com</id>
				<minVersion>4.0a1</minVersion>
				<maxVersion>4.0.0.*</maxVersion>
			</RDF:Description>
		</targetApplication>

		<targetApplication><!-- Netscape Navigator-->
			<RDF:Description>
				<id>{3db10fab-e461-4c80-8b97-957ad5f8ea47}</id>
				<minVersion>9.0a</minVersion>
				<maxVersion>9.0.*</maxVersion>
			</RDF:Description>
		</targetApplication>
		<em:updateKey>MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8tygA/cOMS/cyFn3Lf30Dskkd
		              Q0i6NlLfKVxTYUmLge/tEb3QMHlBdM9D0mMpzybq7rFI7aFscUFEcDo9WVd5ieyZ
		              cPotUd1WyUXZHXKluMfkE4asnXedLcICqrXEUJDxeWHSA36FrMW4uASxbl42/Ibi
		              e/liyRgPpmzDged+jQIDAQAB</em:updateKey>
  </RDF:Description>
</RDF:RDF>

Update Manifest Signature

The update signature is generated from a string of text that is pulled out of the update manifest. It is important that this string remains the same for a given update manifest no matter how the manifest was serialized. This is partly because our rdf code generally changes the format of the serialized data.

In order to make this signing forwards compatible as much as possible the string must essentially be a serialisation of all the data in the RDF relevant to the extension that is in use now or may be used in future versions. The simplest method for this is to serialise the data as an RDF fragment using certain rules to ensure that the serialisation remains the same as all.

Basic XML Output Rules

Because we are only outputting a fragment there is no xml prolog in the string. Additionally there is no declaration of the namespace prefixes used. The only two prefixes that should appear are RDF and em.

The serialised string is "pretty-printed" xml. This is done for readability in diagnostic situations. Essentially each child tag is indented one level above it's parent tag. The level of indent chosen is 2 spaces. The rules for outputting the rdf as set out in the next section ensure that an element only ever contains character data, or a number of child elements, never both. Lines are separated by a single \n character regardless of platform.

If the element contains only character data then it is outputted as a single line with spaces at the start indenting the tag to one level of indent higher than that of the parent element. If the literal data happens to contain newlines then it is still outputted as is, i.e. no attempt to indent the character data is performed. 

<parentElement>
  <literalElement1>Literal character data</literalElement1>
  <literalElement2>Literal character
data with
newlines</literalElement2>
  <literalElement3>Literal character data</literalElement3>
</parentElement>

If the element contains other elements, then the start and end tag each appear on a line by themselves (indented one level deeper than the parent element). Each child element will then appear as specified, one level of indent deeper. 

<element>
  <childElement>
    <grandChildElement>Literal data</grandChildElement>
  <childElement>
</element>

In the event that a start tag contains attributes they should be outputted single-space separated with no spaces between the attribute name, = and values. e.g.: 

<element attr1="value1" attr2="value2">
</element>

RDF Output Rules

When serialising a resource that is an RDF container (Seq, Bag, Alt), output as an element with the prefix RDF and the local name matching the container type. If the resource is not anonymous, include it's uri as an about attribute. The element should contain one RDF:li for every item in the container in order containing the serialisation of the contained resource. The RDF:li contains an element that will either be an RDF:Description or a container type depending on the resource. Following the RDF:li elements, output the other properties as detailed for a non-container resource.

When serialising a resource that is not an RDF container output as a RDF:Description element. If the resource is not anonymous, include the uri of the resource as an about attribute on the element. Inside the element output each property of the em namespace in order of property uri. Where a property has multiple targets, serialise each one and output in sorted order.

When a property points to a literal value output as a simple element with property name and containing the literal.

When a property points to a resource output as an element with property name and containing the serialisation of the resource as specified above.

There is one main issue with this serialisation. It cannot handle the situation where resources are referenced from multiple places or recursively. Resolving both of these would require coming up with a method of generating anonymous uri's that were not random in nature. Neither of these issues are possible with the current update RDF schema.

Example output

Given the following example update RDF: 

<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:em="http://www.mozilla.org/2004/em-rdf#">

	<Description about="urn:mozilla:extension:{1280606b-2510-4fe0-97ef-9b5a22eafe80}">
		<em:updates>
			<Seq>
				<li resource="urn:mozilla:extension:{1280606b-2510-4fe0-97ef-9b5a22eafe80}:0.3.8"/>
				<li resource="urn:mozilla:extension:{1280606b-2510-4fe0-97ef-9b5a22eafe80}:0.3.7"/>
			</Seq>
		</em:updates>
	</Description>

	<Description about="urn:mozilla:extension:{1280606b-2510-4fe0-97ef-9b5a22eafe80}:0.3.8">
		<em:version>0.3.7</em:version>
		
		<em:targetApplication><!-- Firefox -->
			<Description>
				<em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>
				<em:minVersion>1.5</em:minVersion>
				<em:maxVersion>3.0.*</em:maxVersion>
				<em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.8.xpi</em:updateLink>
			</Description>
		</em:targetApplication>
		
		<em:targetApplication><!-- Thunderbird -->
			<Description>
				<em:id>{3550f703-e582-4d05-9a08-453d09bdfdc6}</em:id>
				<em:minVersion>1.5</em:minVersion>
				<em:maxVersion>3.0.*</em:maxVersion>
				<em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.8.xpi</em:updateLink>
			</Description>
		</em:targetApplication>
		
		<em:targetApplication><!-- SeaMonkey -->
			<Description>
				<em:id>{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}</em:id>
				<em:minVersion>1.0</em:minVersion>
				<em:maxVersion>1.5.*</em:maxVersion>
				<em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.8.xpi</em:updateLink>
			</Description>
		</em:targetApplication>
		
		<em:targetApplication><!-- Flock -->
			<Description>
				<em:id>{a463f10c-3994-11da-9945-000d60ca027b}</em:id>
				<em:minVersion>0.5</em:minVersion>
				<em:maxVersion>0.9.*</em:maxVersion>
				<em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.8.xpi</em:updateLink>
			</Description>
		</em:targetApplication>
		
		<em:targetApplication><!-- Sunbird -->
			<Description>
				<em:id>{718e30fb-e89b-41dd-9da7-e25a45638b28}</em:id>
				<em:minVersion>0.3.1</em:minVersion>
				<em:maxVersion>0.7.*</em:maxVersion>
				<em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.8.xpi</em:updateLink>
			</Description>
		</em:targetApplication>
		
		<em:targetApplication><!-- eMusic DLM -->
			<Description>
				<em:id>dlm@emusic.com</em:id>
				<em:minVersion>4.0a1</em:minVersion>
				<em:maxVersion>4.0.0.*</em:maxVersion>
				<em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.8.xpi</em:updateLink>
			</Description>
		</em:targetApplication>

		<em:targetApplication><!-- Netscape -->
			<Description>
				<em:id>{3db10fab-e461-4c80-8b97-957ad5f8ea47}</em:id>
				<em:minVersion>9.0a</em:minVersion>
				<em:maxVersion>9.0.*</em:maxVersion>
				<em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.8.xpi</em:updateLink>
			</Description>
		</em:targetApplication>
	</Description>

	<Description about="urn:mozilla:extension:{1280606b-2510-4fe0-97ef-9b5a22eafe80}:0.3.7">
		<em:version>0.3.7</em:version>
		
		<em:targetApplication><!-- Firefox -->
			<Description>
				<em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>
				<em:minVersion>1.5</em:minVersion>
				<em:maxVersion>3.0.*</em:maxVersion>
				<em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.7.xpi</em:updateLink>
			</Description>
		</em:targetApplication>
		
		<em:targetApplication><!-- Thunderbird -->
			<Description>
				<em:id>{3550f703-e582-4d05-9a08-453d09bdfdc6}</em:id>
				<em:minVersion>1.5</em:minVersion>
				<em:maxVersion>3.0.*</em:maxVersion>
				<em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.7.xpi</em:updateLink>
			</Description>
		</em:targetApplication>
		
		<em:targetApplication><!-- SeaMonkey -->
			<Description>
				<em:id>{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}</em:id>
				<em:minVersion>1.0</em:minVersion>
				<em:maxVersion>1.5.*</em:maxVersion>
				<em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.7.xpi</em:updateLink>
			</Description>
		</em:targetApplication>
		
		<em:targetApplication><!-- Flock -->
			<Description>
				<em:id>{a463f10c-3994-11da-9945-000d60ca027b}</em:id>
				<em:minVersion>0.5</em:minVersion>
				<em:maxVersion>0.8.*</em:maxVersion>
				<em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.7.xpi</em:updateLink>
			</Description>
		</em:targetApplication>
		
		<em:targetApplication><!-- Sunbird -->
			<Description>
				<em:id>{718e30fb-e89b-41dd-9da7-e25a45638b28}</em:id>
				<em:minVersion>0.3.1</em:minVersion>
				<em:maxVersion>0.6.*</em:maxVersion>
				<em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.7.xpi</em:updateLink>
			</Description>
		</em:targetApplication>
		
		<em:targetApplication><!-- eMusic DLM -->
			<Description>
				<em:id>dlm@emusic.com</em:id>
				<em:minVersion>4.0a1</em:minVersion>
				<em:maxVersion>4.0.0.*</em:maxVersion>
				<em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.7.xpi</em:updateLink>
			</Description>
		</em:targetApplication>
	</Description>

</RDF>

We serialise as the following: 

<RDF:Description about="urn:mozilla:extension:{1280606b-2510-4fe0-97ef-9b5a22eafe80}">
  <em:updates>
    <RDF:Seq>
      <RDF:li>
        <RDF:Description about="urn:mozilla:extension:{1280606b-2510-4fe0-97ef-9b5a22eafe80}:0.3.8">
          <em:targetApplication>
            <RDF:Description>
              <em:id>dlm@emusic.com</em:id>
              <em:maxVersion>4.0.0.*</em:maxVersion>
              <em:minVersion>4.0a1</em:minVersion>
              <em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.8.xpi</em:updateLink>
            </RDF:Description>
          </em:targetApplication>
          <em:targetApplication>
            <RDF:Description>
              <em:id>{3550f703-e582-4d05-9a08-453d09bdfdc6}</em:id>
              <em:maxVersion>3.0.*</em:maxVersion>
              <em:minVersion>1.5</em:minVersion>
              <em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.8.xpi</em:updateLink>
            </RDF:Description>
          </em:targetApplication>
          <em:targetApplication>
            <RDF:Description>
              <em:id>{3db10fab-e461-4c80-8b97-957ad5f8ea47}</em:id>
              <em:maxVersion>9.0.*</em:maxVersion>
              <em:minVersion>9.0a</em:minVersion>
              <em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.8.xpi</em:updateLink>
            </RDF:Description>
          </em:targetApplication>
          <em:targetApplication>
            <RDF:Description>
              <em:id>{718e30fb-e89b-41dd-9da7-e25a45638b28}</em:id>
              <em:maxVersion>0.7.*</em:maxVersion>
              <em:minVersion>0.3.1</em:minVersion>
              <em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.8.xpi</em:updateLink>
            </RDF:Description>
          </em:targetApplication>
          <em:targetApplication>
            <RDF:Description>
              <em:id>{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}</em:id>
              <em:maxVersion>1.5.*</em:maxVersion>
              <em:minVersion>1.0</em:minVersion>
              <em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.8.xpi</em:updateLink>
            </RDF:Description>
          </em:targetApplication>
          <em:targetApplication>
            <RDF:Description>
              <em:id>{a463f10c-3994-11da-9945-000d60ca027b}</em:id>
              <em:maxVersion>0.9.*</em:maxVersion>
              <em:minVersion>0.5</em:minVersion>
              <em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.8.xpi</em:updateLink>
            </RDF:Description>
          </em:targetApplication>
          <em:targetApplication>
            <RDF:Description>
              <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>
              <em:maxVersion>3.0.*</em:maxVersion>
              <em:minVersion>1.5</em:minVersion>
              <em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.8.xpi</em:updateLink>
            </RDF:Description>
          </em:targetApplication>
          <em:version>0.3.7</em:version>
        </RDF:Description>
      </RDF:li>
      <RDF:li>
        <RDF:Description about="urn:mozilla:extension:{1280606b-2510-4fe0-97ef-9b5a22eafe80}:0.3.7">
          <em:targetApplication>
            <RDF:Description>
              <em:id>dlm@emusic.com</em:id>
              <em:maxVersion>4.0.0.*</em:maxVersion>
              <em:minVersion>4.0a1</em:minVersion>
              <em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.7.xpi</em:updateLink>
            </RDF:Description>
          </em:targetApplication>
          <em:targetApplication>
            <RDF:Description>
              <em:id>{3550f703-e582-4d05-9a08-453d09bdfdc6}</em:id>
              <em:maxVersion>3.0.*</em:maxVersion>
              <em:minVersion>1.5</em:minVersion>
              <em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.7.xpi</em:updateLink>
            </RDF:Description>
          </em:targetApplication>
          <em:targetApplication>
            <RDF:Description>
              <em:id>{718e30fb-e89b-41dd-9da7-e25a45638b28}</em:id>
              <em:maxVersion>0.6.*</em:maxVersion>
              <em:minVersion>0.3.1</em:minVersion>
              <em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.7.xpi</em:updateLink>
            </RDF:Description>
          </em:targetApplication>
          <em:targetApplication>
            <RDF:Description>
              <em:id>{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}</em:id>
              <em:maxVersion>1.5.*</em:maxVersion>
              <em:minVersion>1.0</em:minVersion>
              <em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.7.xpi</em:updateLink>
            </RDF:Description>
          </em:targetApplication>
          <em:targetApplication>
            <RDF:Description>
              <em:id>{a463f10c-3994-11da-9945-000d60ca027b}</em:id>
              <em:maxVersion>0.8.*</em:maxVersion>
              <em:minVersion>0.5</em:minVersion>
              <em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.7.xpi</em:updateLink>
            </RDF:Description>
          </em:targetApplication>
          <em:targetApplication>
            <RDF:Description>
              <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>
              <em:maxVersion>3.0.*</em:maxVersion>
              <em:minVersion>1.5</em:minVersion>
              <em:updateLink>http://downloads.mozdev.org/console2/console2-0.3.7.xpi</em:updateLink>
            </RDF:Description>
          </em:targetApplication>
          <em:version>0.3.7</em:version>
        </RDF:Description>
      </RDF:li>
    </RDF:Seq>
  </em:updates>
</RDF:Description>

This is then signed using the author's private key. The signature is base64 encoded and added as an em:signature resource to the add-on's update manifest. Following is the example update manifest with an included signature. Note the vast difference between the original hand written rdf and what mozilla's rdf serialiser generates. Despite this the rdf remains the same and so the above method of generating the string to sign yields the same result. 

<?xml version="1.0"?>
<RDF:RDF xmlns:em="http://www.mozilla.org/2004/em-rdf#"
         xmlns:NC="http://home.netscape.com/NC-rdf#"
         xmlns:RDF="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
  <RDF:Description RDF:about="rdf:#$F6q1N"
                   em:id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"
                   em:minVersion="1.5"
                   em:maxVersion="3.0.*"
                   em:updateLink="http://downloads.mozdev.org/console2/console2-0.3.8.xpi" />
  <RDF:Description RDF:about="rdf:#$77q1N"
                   em:id="dlm@emusic.com"
                   em:minVersion="4.0a1"
                   em:maxVersion="4.0.0.*"
                   em:updateLink="http://downloads.mozdev.org/console2/console2-0.3.8.xpi" />
  <RDF:Description RDF:about="rdf:#$w7q1N"
                   em:id="{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}"
                   em:minVersion="1.0"
                   em:maxVersion="1.5.*"
                   em:updateLink="http://downloads.mozdev.org/console2/console2-0.3.7.xpi" />
  <RDF:Description RDF:about="urn:mozilla:extension:{1280606b-2510-4fe0-97ef-9b5a22eafe80}:0.3.7"
                   em:version="0.3.7">
    <em:targetApplication RDF:resource="rdf:#$k7q1N"/>
    <em:targetApplication RDF:resource="rdf:#$q7q1N"/>
    <em:targetApplication RDF:resource="rdf:#$w7q1N"/>
    <em:targetApplication RDF:resource="rdf:#$C7q1N"/>
    <em:targetApplication RDF:resource="rdf:#$I7q1N"/>
    <em:targetApplication RDF:resource="rdf:#$O7q1N"/>
  </RDF:Description>
  <RDF:Description RDF:about="urn:mozilla:extension:{1280606b-2510-4fe0-97ef-9b5a22eafe80}:0.3.8"
                   em:version="0.3.7">
    <em:targetApplication RDF:resource="rdf:#$F6q1N"/>
    <em:targetApplication RDF:resource="rdf:#$L6q1N"/>
    <em:targetApplication RDF:resource="rdf:#$R6q1N"/>
    <em:targetApplication RDF:resource="rdf:#$X6q1N"/>
    <em:targetApplication RDF:resource="rdf:#$17q1N"/>
    <em:targetApplication RDF:resource="rdf:#$77q1N"/>
    <em:targetApplication RDF:resource="rdf:#$d7q1N"/>
  </RDF:Description>
  <RDF:Description RDF:about="rdf:#$C7q1N"
                   em:id="{a463f10c-3994-11da-9945-000d60ca027b}"
                   em:minVersion="0.5"
                   em:maxVersion="0.8.*"
                   em:updateLink="http://downloads.mozdev.org/console2/console2-0.3.7.xpi" />
  <RDF:Description RDF:about="rdf:#$R6q1N"
                   em:id="{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}"
                   em:minVersion="1.0"
                   em:maxVersion="1.5.*"
                   em:updateLink="http://downloads.mozdev.org/console2/console2-0.3.8.xpi" />
  <RDF:Description RDF:about="rdf:#$X6q1N"
                   em:id="{a463f10c-3994-11da-9945-000d60ca027b}"
                   em:minVersion="0.5"
                   em:maxVersion="0.9.*"
                   em:updateLink="http://downloads.mozdev.org/console2/console2-0.3.8.xpi" />
  <RDF:Description RDF:about="rdf:#$L6q1N"
                   em:id="{3550f703-e582-4d05-9a08-453d09bdfdc6}"
                   em:minVersion="1.5"
                   em:maxVersion="3.0.*"
                   em:updateLink="http://downloads.mozdev.org/console2/console2-0.3.8.xpi" />
  <RDF:Description RDF:about="rdf:#$O7q1N"
                   em:id="dlm@emusic.com"
                   em:minVersion="4.0a1"
                   em:maxVersion="4.0.0.*"
                   em:updateLink="http://downloads.mozdev.org/console2/console2-0.3.7.xpi" />
  <RDF:Description RDF:about="rdf:#$d7q1N"
                   em:id="{3db10fab-e461-4c80-8b97-957ad5f8ea47}"
                   em:minVersion="9.0a"
                   em:maxVersion="9.0.*"
                   em:updateLink="http://downloads.mozdev.org/console2/console2-0.3.8.xpi" />
  <RDF:Seq RDF:about="rdf:#$C6q1N">
    <RDF:li RDF:resource="urn:mozilla:extension:{1280606b-2510-4fe0-97ef-9b5a22eafe80}:0.3.8"/>
    <RDF:li RDF:resource="urn:mozilla:extension:{1280606b-2510-4fe0-97ef-9b5a22eafe80}:0.3.7"/>
  </RDF:Seq>
  <RDF:Description RDF:about="rdf:#$I7q1N"
                   em:id="{718e30fb-e89b-41dd-9da7-e25a45638b28}"
                   em:minVersion="0.3.1"
                   em:maxVersion="0.6.*"
                   em:updateLink="http://downloads.mozdev.org/console2/console2-0.3.7.xpi" />
  <RDF:Description RDF:about="rdf:#$17q1N"
                   em:id="{718e30fb-e89b-41dd-9da7-e25a45638b28}"
                   em:minVersion="0.3.1"
                   em:maxVersion="0.7.*"
                   em:updateLink="http://downloads.mozdev.org/console2/console2-0.3.8.xpi" />
  <RDF:Description RDF:about="rdf:#$k7q1N"
                   em:id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"
                   em:minVersion="1.5"
                   em:maxVersion="3.0.*"
                   em:updateLink="http://downloads.mozdev.org/console2/console2-0.3.7.xpi" />
  <RDF:Description RDF:about="urn:mozilla:extension:{1280606b-2510-4fe0-97ef-9b5a22eafe80}">
    <em:updates RDF:resource="rdf:#$C6q1N"/>
    <em:signature>cDwqOLlQYeSg0Kt05tW4uF80ySlQV6d5T9yTfw6rsA8Suf8TJy2rjeBCujIDwPrG
W/OQpjm+RgWbMHU9Qqp1NLs7Eia//Y4RGGAsieVvczX4MkXZiZlwnIi+7hb7lxXR
zpIR6DXAtvZHquXr02hXEa86xnlQt/1/rzwzBYHuI9Y=</em:signature>
  </RDF:Description>
  <RDF:Description RDF:about="rdf:#$q7q1N"
                   em:id="{3550f703-e582-4d05-9a08-453d09bdfdc6}"
                   em:minVersion="1.5"
                   em:maxVersion="3.0.*"
                   em:updateLink="http://downloads.mozdev.org/console2/console2-0.3.7.xpi" />
</RDF:RDF>

Note that the location of the signature requires multiple signatures in the manifest if the manifest contains information about multiple add-ons. This allows different add-ons to be signed by different keys.

Algorithms and Key Types

In order to make this work we must choose an appropriate key type and hashing algorithm for generating the digital signature. As far as the implementation goes this choice is largely irrelevant. So long as NSS supports the choice it is a trivial change to make the code work.

Hashing Algorithm

If the key type is DSA then the hashing algorithm must be SHA1, otherwise any of the following may be used:

  • MD2
  • MD5
  • SHA1
  • SHA256
  • SHA384
  • SHA512

Since we have no need to support older apps or anything we should probably just choose SHA512 as being the strongest hashing method we have available right now.

Key Type

  • RSA
  • DSA

Since DSA cannot be used with the SHA512 hashing algorithm we should use RSA key types.

Signature Format

The signature format is very similar (but not identical) to the format of a certificate. In ASN.1 syntax, the required signature is: 

   ManifestSignature  ::=  SEQUENCE  {
        signatureAlgorithm   AlgorithmIdentifier,
        signatureValue       BIT STRING  }

where signatureAlgorithm and signatureValue are as defined in RFC 3280.

Retrieved from "https://wiki.allizom.org/index.php?title=Extension_Manager:Addon_Update_Security:Signature&oldid=91444"