Re: [Firebird-devel] Fwd: [FB-Tracker] Commented: (CORE-5788) Proposed Security Patch: Replacement of use of SHA-1 in the SRP Client Proof with SHA-256

[Alex Peshkoff via Firebird-devel]

On 21.06.2018 16:36, Mark Rotteveel wrote:
On 21-6-2018 14:07, Alex Peshkoff via Firebird-devel wrote:
I've forwarded this FYI to devel & admin.

     [ 
http://tracker.firebirdsql.org/browse/CORE-5788?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=33942#action_33942 
]


Status of Srp256 plugin in FB3 & FB4.

In master branch Srp256 (with enhanced security) becomes single 
default authentication plugin. That means that with default 
configuration clients earlier than FB 3.0.4 will be not able to 
attach to FB4. This should not be severe problem - hopefully most of 
clients will be upgraded when FB4 is released.

In B3_0_Release default plugin is old Srp - I've decided not to break 
compatibility with existing clients in point release. Hope that fits 
requirements of most users. People who need enhanced security should 
upgrade all clients to at least 3.0.4 and set
AuthServer=Srp256
in firebird.conf.

In all cases hashes stored in security database are fully compatible 
between Srp & Srp256, i.e. security.db does not require any upgrade.

If I understand the patch correctly, then - looking at the Jaybird 
code - the only place affected would be

    byte[] clientProof(String user, String password, byte[] salt, 
BigInteger serverPublicKey) {
        final byte[] K = getClientSessionKey(user, password, salt, 
serverPublicKey);
        final BigInteger n1 = fromBigByteArray(sha1(toBigByteArray(N)));
        final BigInteger n2 = fromBigByteArray(sha1(toBigByteArray(g)));
        final byte[] M = sha1(toBigByteArray(n1.modPow(n2, N)),
sha1(user.toUpperCase().getBytes(StandardCharsets.UTF_8)), salt,
            toBigByteArray(publicKey), 
toBigByteArray(serverPublicKey), K);

        sessionKey = K;
        return M;
    }

and then specifically the line

final byte[] M = sha1(toBigByteArray(n1.modPow(n2, N)),
    sha1(user.toUpperCase().getBytes(StandardCharsets.UTF_8)), salt,
    toBigByteArray(publicKey), toBigByteArray(serverPublicKey), K);

should become

final byte[] M = shaXXX(
    toBigByteArray(n1.modPow(n2, N)), // n1 in FB
    sha1(user.toUpperCase().getBytes(StandardCharsets.UTF_8)),  // n2 
in FB
    salt,
    toBigByteArray(publicKey),
    toBigByteArray(serverPublicKey),
    K);

Where XXX is the relevant SHA variant applied.

That is everything continues to use SHA-1, except the generating of M 
itself.

As far as I can see - yes.
The only detail that you need to support both cases depending upon 
plugin name.


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel