Changeset 225

Timestamp:

Mar 4, 2009, 11:39:50 PM (16 years ago)

Author:

katerina

Message:

Fix for ticket #150 (flawed input verification in SRP). Release 2.5.4

Location:

trunk

Files:

• Makefile.in (modified) (1 diff)
• configure.ac (modified) (1 diff)
• depend.dep (modified) (1 diff)
• depend.sum (modified) (1 diff)
• docs/Changelog (modified) (1 diff)
• src/sh_forward.c (modified) (2 diffs)
• src/sh_srp.c (modified) (2 diffs)
• test/testhash.sh (modified) (1 diff)

trunk/Makefile.in

@@ -1674 +1674 @@
 sh_kern.o: $(srcsrc)/sh_kern.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_kern.h sh_ks_xor.h $(srcinc)/sh_unix.h $(srcinc)/sh_hash.h 
 sh_suidchk.o: $(srcsrc)/sh_suidchk.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_suidchk.h $(srcinc)/sh_hash.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_schedule.h $(srcinc)/sh_calls.h 
-sh_srp.o: $(srcsrc)/sh_srp.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_mem.h $(srcinc)/sh_utils.h $(srcinc)/sh_srp.h $(srcinc)/bignum.h 
+sh_srp.o: $(srcsrc)/sh_srp.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_mem.h $(srcinc)/sh_utils.h $(srcinc)/sh_srp.h $(srcinc)/bignum.h $(srcinc)/CuTest.h 
 sh_fifo.o: $(srcsrc)/sh_fifo.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_mem.h $(srcinc)/sh_unix.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h $(srcinc)/sh_fifo.h 
 sh_tools.o: $(srcsrc)/sh_tools.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_mem.h $(srcinc)/sh_error.h $(srcinc)/sh_tools.h $(srcinc)/sh_utils.h $(srcinc)/sh_tiger.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h $(srcinc)/rijndael-api-fst.h $(srcinc)/rijndael-api-fst.h 

trunk/configure.ac

@@ -12 +12 @@
 dnl start
 dnl
-AM_INIT_AUTOMAKE(samhain, 2.5.3)
+AM_INIT_AUTOMAKE(samhain, 2.5.4)
 AC_DEFINE([SAMHAIN], 1, [Application is samhain])
 AC_CANONICAL_HOST

trunk/depend.dep

@@ -22 +22 @@
 sh_kern.o: $(srcsrc)/sh_kern.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_kern.h sh_ks_xor.h $(srcinc)/sh_unix.h $(srcinc)/sh_hash.h 
 sh_suidchk.o: $(srcsrc)/sh_suidchk.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_suidchk.h $(srcinc)/sh_hash.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_schedule.h $(srcinc)/sh_calls.h 
-sh_srp.o: $(srcsrc)/sh_srp.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_mem.h $(srcinc)/sh_utils.h $(srcinc)/sh_srp.h $(srcinc)/bignum.h 
+sh_srp.o: $(srcsrc)/sh_srp.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_mem.h $(srcinc)/sh_utils.h $(srcinc)/sh_srp.h $(srcinc)/bignum.h $(srcinc)/CuTest.h 
 sh_fifo.o: $(srcsrc)/sh_fifo.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_mem.h $(srcinc)/sh_unix.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h $(srcinc)/sh_fifo.h 
 sh_tools.o: $(srcsrc)/sh_tools.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_mem.h $(srcinc)/sh_error.h $(srcinc)/sh_tools.h $(srcinc)/sh_utils.h $(srcinc)/sh_tiger.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h $(srcinc)/rijndael-api-fst.h $(srcinc)/rijndael-api-fst.h 

trunk/depend.sum

@@ -1 @@
-3041707433
+2676345821

trunk/docs/Changelog

@@ -1 +1 @@
 2.5.4:
+        * fix for incorrect input check in SRP implementation (discovered
+          by Thomas Ptacek)
         * option KernelCheckPCI to switch off check of PCI expansion ROMs
         

trunk/src/sh_forward.c

@@ -1200 +1200 @@
                       /* --- Now send H(A,B,H(Sc)) and check. --- 
                        */
-                      if (foo_Sc != NULL)
+                      if (foo_Sc != NULL && 0 == sh_srp_check_zero (foo_Sc))
                         {
                           sh_srp_M(foo_A, 
@@ -4157 +4157 @@
                                        conn->A, 
                                        conn->client_entry->verifier);
-                  if (foo_Ss == NULL)
+
+                  if (foo_Ss == NULL || 0 != sh_srp_check_zero (foo_Ss))
                     {
                       status_update (conn->client_entry, CLT_FAILED);

trunk/src/sh_srp.c

@@ -388 +388 @@
   if (res != BIG_OK)             val = (-1);
   else if (0 != big_zerop(&AB) ) val = (-1); /* 0 != (sign == 0) */
+  else if (0 != big_zerop(&r) )  val = (-1); /* 0 != (sign == 0) */
   else                           val =    0;
 
@@ -711 +712 @@
 
 
-
-
+#ifdef SH_CUTEST
+#include "CuTest.h"
+
+void Test_srp (CuTest *tc)
+{
+#if defined(USE_SRP_PROTOCOL) && (defined (SH_WITH_CLIENT) || defined (SH_WITH_SERVER))
+
+  int result;
+  char     modulus[80*4];
+  bignum   a, b, c;
+  bigerr_t res;
+  char    *str = NULL;
+
+  res = sh_srp_init();
+  CuAssertTrue(tc, res == 0);
+
+  (void) sl_strlcpy(modulus, SRP_MODULUS_1024_1, sizeof(modulus));
+  (void) sl_strlcat(modulus, SRP_MODULUS_1024_2, sizeof(modulus));
+  (void) sl_strlcat(modulus, SRP_MODULUS_1024_3, sizeof(modulus));
+  (void) sl_strlcat(modulus, SRP_MODULUS_1024_4, sizeof(modulus));
+
+  res = big_create(&a);
+  CuAssertTrue(tc, res == BIG_OK);
+
+  /* Check plain zero 
+   */
+  result = sh_srp_check_zero ("0");
+  CuAssertTrue(tc, result != 0);
+  
+  res = big_set_string ("0",  16, &a);
+  CuAssertTrue(tc, res == BIG_OK);
+
+  result = sh_srp_check_zero (big_string(&a, 16));
+  CuAssertTrue(tc, result != 0);
+
+  /* Check modulus (equals 0 % M) 
+   */
+  result = sh_srp_check_zero (modulus);
+  CuAssertTrue(tc, result != 0);
+
+  res = big_set_string (modulus,  16, &a);
+  CuAssertTrue(tc, res == BIG_OK);
+
+  result = sh_srp_check_zero (big_string(&a, 16));
+  CuAssertTrue(tc, result != 0);
+
+  /* Check non-zero 
+   */
+  modulus[0] = 'a';
+
+  result = sh_srp_check_zero (modulus);
+  CuAssertTrue(tc, result == 0);
+
+  res = big_set_string (modulus,  16, &a);
+  CuAssertTrue(tc, res == BIG_OK);
+
+  result = sh_srp_check_zero (big_string(&a, 16));
+  CuAssertTrue(tc, result == 0);
+
+  modulus[0] = 'f';
+
+  /* Check multiple of modulus 
+   */
+  res = big_set_string (modulus,  16, &a);
+  CuAssertTrue(tc, res == BIG_OK);
+
+  res = big_create(&b);
+  CuAssertTrue(tc, res == BIG_OK);
+
+  res = big_create(&c);
+  CuAssertTrue(tc, res == BIG_OK);
+
+  res = big_set_string ("deadbeef", 16, &b);
+  CuAssertTrue(tc, res == BIG_OK);
+
+  res = big_mul (&a, &b, &c);
+  CuAssertTrue(tc, res == BIG_OK);
+
+  str = strdup(big_string (&c, 16));
+  CuAssertPtrNotNull(tc, str);
+
+  result = sh_srp_check_zero (str);
+  CuAssertTrue(tc, result != 0);
+
+#else
+  (void) tc; /* fix compiler warning */
+#endif
+  return;
+}
+#endif
+
+
+

trunk/test/testhash.sh

@@ -37 +37 @@
         fi
         #
-        ${TOP_SRCDIR}/configure --quiet $TRUST --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file --enable-debug 
+        ${TOP_SRCDIR}/configure --quiet $TRUST --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file --enable-debug
         #
         fail=0