Re: [Firebird-devel] Fwd: [FB-Tracker] Commented: (CORE-5788) Proposed Security Patch: Replacement of use of SHA-1 in the SRP Client Proof with SHA-256

[Mark Rotteveel]

On 21-6-2018 14:07, Alex Peshkoff via Firebird-devel wrote:
I've forwarded this FYI to devel & admin.

     [ 
http://tracker.firebirdsql.org/browse/CORE-5788?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=33942#action_33942 
]


Status of Srp256 plugin in FB3 & FB4.

In master branch Srp256 (with enhanced security) becomes single default 
authentication plugin. That means that with default configuration 
clients earlier than FB 3.0.4 will be not able to attach to FB4. This 
should not be severe problem - hopefully most of clients will be 
upgraded when FB4 is released.

In B3_0_Release default plugin is old Srp - I've decided not to break 
compatibility with existing clients in point release. Hope that fits 
requirements of most users. People who need enhanced security should 
upgrade all clients to at least 3.0.4 and set
AuthServer=Srp256
in firebird.conf.

In all cases hashes stored in security database are fully compatible 
between Srp & Srp256, i.e. security.db does not require any upgrade.

If I understand the patch correctly, then - looking at the Jaybird code 
- the only place affected would be

    byte[] clientProof(String user, String password, byte[] salt, 
BigInteger serverPublicKey) {
        final byte[] K = getClientSessionKey(user, password, salt, 
serverPublicKey);
        final BigInteger n1 = fromBigByteArray(sha1(toBigByteArray(N)));
        final BigInteger n2 = fromBigByteArray(sha1(toBigByteArray(g)));
        final byte[] M = sha1(toBigByteArray(n1.modPow(n2, N)),
            sha1(user.toUpperCase().getBytes(StandardCharsets.UTF_8)), 
salt,
            toBigByteArray(publicKey), toBigByteArray(serverPublicKey), K);

        sessionKey = K;
        return M;
    }

and then specifically the line

final byte[] M = sha1(toBigByteArray(n1.modPow(n2, N)),
    sha1(user.toUpperCase().getBytes(StandardCharsets.UTF_8)), salt,
    toBigByteArray(publicKey), toBigByteArray(serverPublicKey), K);

should become

final byte[] M = shaXXX(
    toBigByteArray(n1.modPow(n2, N)), // n1 in FB
    sha1(user.toUpperCase().getBytes(StandardCharsets.UTF_8)),  // n2 in FB
    salt,
    toBigByteArray(publicKey),
    toBigByteArray(serverPublicKey),
    K);

Where XXX is the relevant SHA variant applied.

That is everything continues to use SHA-1, except the generating of M 
itself.
--
Mark Rotteveel

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel