Issues playing around with digest.sh

Christopher Schultz Tue, 31 Jan 2023 10:52:05 -0800

All,

I was trying to run digest.sh today with some potentially unusualarguments and it was behaving in ways I didn't expect.

First, I wanted to get it to generate PBKDF2 hashes, and so I tried themost obvious thing I could think of:


$ digest.sh -a 'PBKDF2' 'secret'

I got this error output:

Jan 31, 2023 11:11:59 AM org.apache.tomcat.util.IntrospectionUtilssetPropertyWARNING: IntrospectionUtils: InvocationTargetException for classorg.apache.catalina.realm.MessageDigestCredentialHandler algorithm=PBKDF2)

java.lang.reflect.InvocationTargetException

atjava.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(NativeMethod)atjava.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:78)atjava.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

        at java.base/java.lang.reflect.Method.invoke(Method.java:567)

atorg.apache.tomcat.util.IntrospectionUtils.setProperty(IntrospectionUtils.java:70)atorg.apache.tomcat.util.IntrospectionUtils.setProperty(IntrospectionUtils.java:46)

        at org.apache.catalina.realm.RealmBase.main(RealmBase.java:1492)

        at java.base/java.lang.reflect.Method.invoke(Method.java:567)
        at org.apache.catalina.startup.Tool.main(Tool.java:230)

Caused by: java.security.NoSuchAlgorithmException: PBKDF2 MessageDigestnot available

        at 
java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
        at java.base/java.security.Security.getImpl(Security.java:700)

atjava.base/java.security.MessageDigest.getInstance(MessageDigest.java:183)atorg.apache.tomcat.util.security.ConcurrentMessageDigest.init(ConcurrentMessageDigest.java:118)atorg.apache.catalina.realm.MessageDigestCredentialHandler.setAlgorithm(MessageDigestCredentialHandler.java:90)

        ... 12 more

java.lang.reflect.InvocationTargetException

        at java.base/java.lang.reflect.Method.invoke(Method.java:567)

atorg.apache.tomcat.util.IntrospectionUtils.setProperty(IntrospectionUtils.java:70)atorg.apache.tomcat.util.IntrospectionUtils.setProperty(IntrospectionUtils.java:46)

        at org.apache.catalina.realm.RealmBase.main(RealmBase.java:1492)

        at java.base/java.lang.reflect.Method.invoke(Method.java:567)
        at org.apache.catalina.startup.Tool.main(Tool.java:230)

Caused by: java.security.NoSuchAlgorithmException: PBKDF2SecretKeyFactory not availableatjava.base/javax.crypto.SecretKeyFactory.<init>(SecretKeyFactory.java:118)atjava.base/javax.crypto.SecretKeyFactory.getInstance(SecretKeyFactory.java:164)atorg.apache.catalina.realm.SecretKeyCredentialHandler.setAlgorithm(SecretKeyCredentialHandler.java:56)

        ... 12 more

secret:9e667cf452bd6eddc71d9613605a2dd75527d8fb9aa2b97c918d7aa3ae9ef995$20000$69049fa7dec3dc9761092ff7b4d39ac5f7b798ec

Woah. Two failures and a success? Interesting.

The two failures tell me that both the MessageDigestCredentialHandlerand the SecretKeyCredentialHandler both failed to set that algorithm,because it doesn't exist (in either one). Super ugly and scary, buttechnically correct.

What about that "success" I got instead? Well... it includes 2 $ symbolswith 20000 in between them, indicating that 20000 rounds of *something*was done. The default number of rounds for SecretKeyCredentialHandler is20000 so it's likely that I got the default algorithm for that class,which is PBKDF2WithHmacSHA1.

Honestly, I should probably just have gotten an error saying "couldn'tdecide what to do" instead of getting a weird default, especially whenthe default algorithm for RealmBase (which really does this work) issingle-iteration, non-salted SHA-215.

These switching-defaults happen because of the way the handler ischosen. The code is here in RealmBase:


        CredentialHandler handler = null;

        if (handlerClassName == null) {

for (Class<? extends DigestCredentialHandlerBase> clazz :credentialHandlerClasses) {

                try {
                    handler = clazz.getConstructor().newInstance();

if (IntrospectionUtils.setProperty(handler,"algorithm", algorithm)) {

                        break;
                    }
                } catch (ReflectiveOperationException e) {
                    // This isn't good.
                    throw new RuntimeException(e);
                }
            }
        } else {
            try {
                Class<?> clazz = Class.forName(handlerClassName);

handler = (DigestCredentialHandlerBase)clazz.getConstructor().newInstance();IntrospectionUtils.setProperty(handler, "algorithm",algorithm);

            } catch (ReflectiveOperationException e) {
                throw new RuntimeException(e);
            }
        }

        if (handler == null) {

throw new RuntimeException(newNoSuchAlgorithmException(algorithm));

If we get (swallowed) errors while trying to find out whichCredentialHandler should performing the password mutation, then we justalways use the last one we tried. That effectively changes the defaultCredentialHandler to the last one in the search list. I think we shouldset handler=null in the case where the algorithm failed to be set.


Okay, what about specifying the correct algorithm name?

$ digest.sh -a 'PBKDF2WithHmacSHA1' 'secret'

Jan 31, 2023 1:31:28 PM org.apache.tomcat.util.IntrospectionUtilssetPropertyWARNING: IntrospectionUtils: InvocationTargetException for classorg.apache.catalina.realm.MessageDigestCredentialHandleralgorithm=PBKDF2WithHmacSHA1)

java.lang.reflect.InvocationTargetException

        at java.base/java.lang.reflect.Method.invoke(Method.java:567)

atorg.apache.tomcat.util.IntrospectionUtils.setProperty(IntrospectionUtils.java:70)atorg.apache.tomcat.util.IntrospectionUtils.setProperty(IntrospectionUtils.java:46)

        at org.apache.catalina.realm.RealmBase.main(RealmBase.java:1492)

        at java.base/java.lang.reflect.Method.invoke(Method.java:567)
        at org.apache.catalina.startup.Tool.main(Tool.java:230)

Caused by: java.security.NoSuchAlgorithmException: PBKDF2WithHmacSHA1MessageDigest not available

        at 
java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
        at java.base/java.security.Security.getImpl(Security.java:700)

        ... 12 more

secret:548a028e43ca1cd1690a445e0c15fc255ad4d9626d7ca9724c4ff20a9354e7b6$20000$8d79de026f8ee9262a6f85d295338c41d1657181

One failure and one success. This time, we actually got exactly what wewanted, but we still got a really scary error message. Okay, it' awarning, but it still looks scary. Would you use that output forauthentication if you got a stack trace like that?

I'm not sure how best to change that. I can think of two obviouspotential solutions:


1. Modify the logger at runtime to suppress warnings

2. Modify IntrospectionUtils.setProperty to allow errors to besuppressed instead of logged as error

I'm not sure if #1 is easily doable given lots of ways to configurelogging and I'm not sure there is any appetite to do #2. We may beunable to suppress the warnings, but maybe we can add a message laterthat says "you can ignore any warnings you see above about missingalgorithms".

The final problem I see is, unfortunately, a nasty quoting problem. Idiscovered that PBKDF2 has a collision problem with passwords longerthan the core hashing algorithm's block size. In those cases, theoriginal password is hashed one time all by itself, and then the resultis fed into the iterated salted algorithm. That means that any passwordthat is longer than e.g. 20 bytes for SHA1 will have the exact samePBKDF2 output as the SHA1 hash of that password does.

I wanted to test this using the sample inputs provided on the Wikipediapage for PBKDF2[1], which is "eBkXQTfuBqp'cTcar&g*" (without thedouble-quotes). Note that it contains a single quote.

I could not get digest.sh to accept that password on the command-lineregardless of the way I quoted it.


digset.sh calls tool-wrapper.sh using "@*". This should be correct.

tool-wrapper.sh calls eval exec ... "@*" which is where I think theproblem is. I think eval "unrwaps" the "@*" and the resultingcommand-line has a bare value at the end. In this case, it's a weirdthing that includes a trifecta of problematic characters on thecommand-line: a single quote, an ampersand, and an asterisk.

I'm not sure how to get around that other than replacing "eval exec"with "exec" or maybe removing both of them. I don't know the history ofdecisions that led to the use of "eval exec" but I'm sure there are GoodReasons for those things to be in there. If they have to stay, I thinkwe have a definite limitation of the digest.sh tool in that somecharacters simply cannot be used in command-line parameters, which is areal shame.


-chris

[1] https://en.wikipedia.org/wiki/PBKDF2

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Issues playing around with digest.sh

Reply via email to