Mir

Merge lp:~mir-team/mir/160-bit-finally into lp:mir

  1. 160-bit-finally
  2. Merge into development-branch
Proposed by Brandon Schaefer
Status: Merged
Approved by: Brandon Schaefer
Approved revision: no longer in the source branch.
Merged at revision: 3270
Proposed branch: lp:~mir-team/mir/160-bit-finally
Merge into: lp:mir
Prerequisite: lp:~mir-team/mir/public-cookie-api
Diff against target: 210 lines (+90/-14)
7 files modified
debian/copyright (+16/-0)
src/cookie/CMakeLists.txt (+1/-0)
src/cookie/authority.cpp (+13/-12)
src/cookie/const_memcmp.cpp (+33/-0)
src/cookie/const_memcmp.h (+26/-0)
src/include/cookie/mir/cookie/blob.h (+1/-1)
src/server/input/default_event_builder.cpp (+0/-1)
To merge this branch: bzr merge lp:~mir-team/mir/160-bit-finally
Reviewer Review Type Date Requested Status
PS Jenkins bot (community) continuous-integration Approve
Kevin DuBois (community) Approve
Mir CI Bot continuous-integration Needs Fixing
Alberto Aguirre (community) Approve
Review via email: mp+283751@code.launchpad.net

This proposal supersedes a proposal from 2016-01-24.

Commit message

mir-cookie: Use a constant time memcmp to verify cookie contents

Additionally use the full SHA1 size of 160 bits for the cookie MAC.

Description of the change

mir-cookie: Use a constant time memcmp to verify cookie contents

Additionally use the full SHA1 size of 160 bits for the cookie MAC.

To post a comment you must log in.
Revision history for this message
Mir CI Bot (mir-ci-bot) wrote :

PASSED: Continuous integration, rev:3270
https://mir-jenkins.ubuntu.com/job/mir-ci/146/
Executed test runs:
    None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/147/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/146/rebuild

review: Approve (continuous-integration)
Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

FAILED: Continuous integration, rev:3270
http://jenkins.qa.ubuntu.com/job/mir-ci/6118/
Executed test runs:
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-android-vivid-i386-build/5673/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-clang-vivid-amd64-build/4580/console
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-vivid-touch/5629
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-xenial-amd64-ci/442
        deb: http://jenkins.qa.ubuntu.com/job/mir-xenial-amd64-ci/442/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-xenial-i386-ci/442
        deb: http://jenkins.qa.ubuntu.com/job/mir-xenial-i386-ci/442/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-builder-vivid-armhf/5626
        deb: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-builder-vivid-armhf/5626/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-runner-touch/8061
    SUCCESS: http://s-jenkins.ubuntu-ci:8080/job/touch-flash-device/26994

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/6118/rebuild

review: Needs Fixing (continuous-integration)
Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

FAILED: Continuous integration, rev:3270
http://jenkins.qa.ubuntu.com/job/mir-ci/6120/
Executed test runs:
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-android-vivid-i386-build/5675/console
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-clang-vivid-amd64-build/4582
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-vivid-touch/5631
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-xenial-amd64-ci/444/console
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-xenial-i386-ci/444
        deb: http://jenkins.qa.ubuntu.com/job/mir-xenial-i386-ci/444/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-builder-vivid-armhf/5628
        deb: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-builder-vivid-armhf/5628/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-runner-touch/8063
    SUCCESS: http://s-jenkins.ubuntu-ci:8080/job/touch-flash-device/26998

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/6120/rebuild

review: Needs Fixing (continuous-integration)
Revision history for this message
Alan Griffiths (alan-griffiths) wrote :

E: Unable to locate package libsodium-dev
apt download failed. Exit value: 100

That ought to be there. Restarting

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

FAILED: Continuous integration, rev:3270
http://jenkins.qa.ubuntu.com/job/mir-ci/6121/
Executed test runs:
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-android-vivid-i386-build/5676/console
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-clang-vivid-amd64-build/4583
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-vivid-touch/5632
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-xenial-amd64-ci/445
        deb: http://jenkins.qa.ubuntu.com/job/mir-xenial-amd64-ci/445/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-xenial-i386-ci/445
        deb: http://jenkins.qa.ubuntu.com/job/mir-xenial-i386-ci/445/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-builder-vivid-armhf/5629
        deb: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-builder-vivid-armhf/5629/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-runner-touch/8064
    SUCCESS: http://s-jenkins.ubuntu-ci:8080/job/touch-flash-device/27006

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/6121/rebuild

review: Needs Fixing (continuous-integration)
Revision history for this message
Kevin DuBois (kdub) wrote :

Is it too difficult to write an equivalent function to sodium_memcmp()? Or, perhaps, are we looking to use more functions from this library in the near future? I'd rather have an internal memcmp (if its not to difficult to write) than add an additional dependency.

review: Needs Information
Revision history for this message
Brandon Schaefer (brandontschaefer) wrote :

Decided to just grab the function we will be using from sodium (since its an MIT/ISC)

Revision history for this message
Mir CI Bot (mir-ci-bot) wrote :

PASSED: Continuous integration, rev:3271
https://mir-jenkins.ubuntu.com/job/mir-ci/154/
Executed test runs:
    None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/154/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/154/rebuild

review: Approve (continuous-integration)
Revision history for this message
Mir CI Bot (mir-ci-bot) wrote :

FAILED: Continuous integration, rev:3272
https://mir-jenkins.ubuntu.com/job/mir-ci/155/
Executed test runs:
    None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/155/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/155/rebuild

review: Needs Fixing (continuous-integration)
Revision history for this message
Alberto Aguirre (albaguirre) wrote :

LGTM.

review: Approve
Revision history for this message
Mir CI Bot (mir-ci-bot) wrote :

PASSED: Continuous integration, rev:3272
https://mir-jenkins.ubuntu.com/job/mir-ci/156/
Executed test runs:
    None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/156/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/156/rebuild

review: Approve (continuous-integration)
Revision history for this message
Mir CI Bot (mir-ci-bot) wrote :

FAILED: Continuous integration, rev:3273
https://mir-jenkins.ubuntu.com/job/mir-ci/157/
Executed test runs:
    None: https://mir-jenkins.ubuntu.com/job/generic-update-mp/157/console

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/mir-ci/157/rebuild

review: Needs Fixing (continuous-integration)
Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

FAILED: Continuous integration, rev:3271
http://jenkins.qa.ubuntu.com/job/mir-ci/6125/
Executed test runs:
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-android-vivid-i386-build/5680/console
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-clang-vivid-amd64-build/4587
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-vivid-touch/5636
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-xenial-amd64-ci/449
        deb: http://jenkins.qa.ubuntu.com/job/mir-xenial-amd64-ci/449/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-xenial-i386-ci/449
        deb: http://jenkins.qa.ubuntu.com/job/mir-xenial-i386-ci/449/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-builder-vivid-armhf/5633
        deb: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-builder-vivid-armhf/5633/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-runner-touch/8068
    SUCCESS: http://s-jenkins.ubuntu-ci:8080/job/touch-flash-device/27023

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/6125/rebuild

review: Needs Fixing (continuous-integration)
Revision history for this message
Kevin DuBois (kdub) wrote :

alright, thanks for removing the dependency for the one function. lgtm too.

review: Approve
Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

PASSED: Continuous integration, rev:3273
http://jenkins.qa.ubuntu.com/job/mir-ci/6126/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-android-vivid-i386-build/5682
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-clang-vivid-amd64-build/4589
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-vivid-touch/5638
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-xenial-touch/334
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-xenial-amd64-ci/450
        deb: http://jenkins.qa.ubuntu.com/job/mir-xenial-amd64-ci/450/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-xenial-i386-ci/450
        deb: http://jenkins.qa.ubuntu.com/job/mir-xenial-i386-ci/450/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-builder-vivid-armhf/5635
        deb: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-builder-vivid-armhf/5635/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-runner-touch/8070
    SUCCESS: http://s-jenkins.ubuntu-ci:8080/job/touch-flash-device/27027
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-builder-xenial-armhf/330
        deb: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-builder-xenial-armhf/330/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-runner-xenial-touch/186
    SUCCESS: http://s-jenkins.ubuntu-ci:8080/job/touch-flash-device/27030

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/6126/rebuild

review: Approve (continuous-integration)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/copyright'
2--- debian/copyright 2015-02-22 07:46:25 +0000
3+++ debian/copyright 2016-01-25 18:06:54 +0000
4@@ -153,3 +153,19 @@
5 THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
6 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
7 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
8+
9+ Files: src/cookie/const_memcmp.h src/cookie/const_memcmp.cpp
10+ Copyright: Copyright (c) 2013-2016
11+ Frank Denis <j at pureftpd dot org>
12+
13+ Permission to use, copy, modify, and/or distribute this software for any
14+ purpose with or without fee is hereby granted, provided that the above
15+ copyright notice and this permission notice appear in all copies.
16+
17+ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
18+ WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
19+ MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
20+ ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
21+ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
22+ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
23+ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
24
25=== modified file 'src/cookie/CMakeLists.txt'
26--- src/cookie/CMakeLists.txt 2016-01-25 18:06:53 +0000
27+++ src/cookie/CMakeLists.txt 2016-01-25 18:06:54 +0000
28@@ -24,6 +24,7 @@
29
30 ${symbol_map}
31 authority.cpp
32+ const_memcmp.cpp
33 hmac_cookie.cpp
34 )
35
36
37=== modified file 'src/cookie/authority.cpp'
38--- src/cookie/authority.cpp 2016-01-25 18:06:53 +0000
39+++ src/cookie/authority.cpp 2016-01-25 18:06:54 +0000
40@@ -20,6 +20,7 @@
41 #include "mir/cookie/authority.h"
42 #include "mir/cookie/blob.h"
43 #include "hmac_cookie.h"
44+#include "const_memcmp.h"
45 #include "format.h"
46
47 #include <algorithm>
48@@ -28,6 +29,7 @@
49 #include <system_error>
50
51 #include <nettle/hmac.h>
52+
53 #include <linux/random.h>
54 #include <sys/types.h>
55 #include <sys/stat.h>
56@@ -41,7 +43,8 @@
57 {
58 std::string const random_device_path{"/dev/random"};
59 std::string const urandom_device_path{"/dev/urandom"};
60-int const wait_seconds{30};
61+uint32_t const wait_seconds{30};
62+uint32_t const mac_byte_size{20};
63
64 size_t cookie_size_from_format(mir::cookie::Format const& format)
65 {
66@@ -141,9 +144,9 @@
67 {
68 /*
69 SHA_1 Format:
70- 1 byte = FORMAT
71- 8 btyes = TIMESTAMP
72- 8 BYTES = MAC
73+ 1 byte = FORMAT
74+ 8 bytes = TIMESTAMP
75+ 20 bytes = MAC
76 */
77
78 if (raw_cookie.size() != cookie_size_from_format(mir::cookie::Format::hmac_sha_1_8))
79@@ -162,11 +165,10 @@
80 auto ptr = raw_cookie.data();
81 ptr++;
82
83- memcpy(&timestamp, ptr, 8);
84+ memcpy(&timestamp, ptr, sizeof(uint64_t));
85 ptr += sizeof(timestamp);
86
87- // FIXME Soon to be 20 bytes
88- std::vector<uint8_t> mac(8);
89+ std::vector<uint8_t> mac(mac_byte_size);
90 memcpy(mac.data(), ptr, mac.size());
91
92 std::unique_ptr<mir::cookie::Cookie> cookie =
93@@ -183,10 +185,9 @@
94 private:
95 std::vector<uint8_t> calculate_cookie(uint64_t const& timestamp)
96 {
97- // FIXME Soon to change to 160bits, for now uint64_t
98- std::vector<uint8_t> mac(sizeof(uint64_t));
99+ std::vector<uint8_t> mac(mac_byte_size);
100 hmac_sha1_update(&ctx, sizeof(timestamp), reinterpret_cast<uint8_t const*>(&timestamp));
101- hmac_sha1_digest(&ctx, sizeof(uint64_t), reinterpret_cast<uint8_t*>(mac.data()));
102+ hmac_sha1_digest(&ctx, mac.size(), mac.data());
103
104 return mac;
105 }
106@@ -198,8 +199,8 @@
107 auto const this_stream = cookie->serialize();
108 auto const other_stream = calculated_cookie->serialize();
109
110- // FIXME Need to do a constant memcmp here!
111- return std::equal(std::begin(this_stream), std::end(this_stream), std::begin(other_stream));
112+ return this_stream.size() == other_stream.size() &&
113+ mir::cookie::const_memcmp(this_stream.data(), other_stream.data(), this_stream.size()) == 0;
114 }
115
116 struct hmac_sha1_ctx ctx;
117
118=== added file 'src/cookie/const_memcmp.cpp'
119--- src/cookie/const_memcmp.cpp 1970-01-01 00:00:00 +0000
120+++ src/cookie/const_memcmp.cpp 2016-01-25 18:06:54 +0000
121@@ -0,0 +1,33 @@
122+/*
123+ * Copyright (c) 2013-2016
124+ * Frank Denis <j at pureftpd dot org>
125+ *
126+ * Permission to use, copy, modify, and/or distribute this software for any
127+ * purpose with or without fee is hereby granted, provided that the above
128+ * copyright notice and this permission notice appear in all copies.
129+ *
130+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
131+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
132+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
133+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
134+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
135+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
136+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
137+ */
138+
139+#include "const_memcmp.h"
140+
141+int mir::cookie::const_memcmp(void const* const b1_, void const* const b2_, size_t len)
142+{
143+ volatile unsigned char const* b1 = (volatile unsigned char const*) b1_;
144+ volatile unsigned char const* b2 = (volatile unsigned char const*) b2_;
145+
146+ size_t i;
147+ unsigned char d = (unsigned char) 0U;
148+
149+ for (i = 0U; i < len; i++)
150+ {
151+ d |= b1[i] ^ b2[i];
152+ }
153+ return (1 & ((d - 1) >> 8)) - 1;
154+}
155
156=== added file 'src/cookie/const_memcmp.h'
157--- src/cookie/const_memcmp.h 1970-01-01 00:00:00 +0000
158+++ src/cookie/const_memcmp.h 2016-01-25 18:06:54 +0000
159@@ -0,0 +1,26 @@
160+/*
161+ * Copyright (c) 2013-2016
162+ * Frank Denis <j at pureftpd dot org>
163+ *
164+ * Permission to use, copy, modify, and/or distribute this software for any
165+ * purpose with or without fee is hereby granted, provided that the above
166+ * copyright notice and this permission notice appear in all copies.
167+ *
168+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
169+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
170+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
171+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
172+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
173+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
174+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
175+ */
176+
177+#include "stddef.h"
178+
179+namespace mir
180+{
181+namespace cookie
182+{
183+int const_memcmp(void const* const b1_, void const* const b2_, size_t len);
184+}
185+}
186
187=== modified file 'src/include/cookie/mir/cookie/blob.h'
188--- src/include/cookie/mir/cookie/blob.h 2016-01-25 18:06:53 +0000
189+++ src/include/cookie/mir/cookie/blob.h 2016-01-25 18:06:54 +0000
190@@ -25,7 +25,7 @@
191 {
192 namespace cookie
193 {
194-size_t const default_blob_size = 17;
195+size_t const default_blob_size = 29;
196 using Blob = std::array<uint8_t, default_blob_size>;
197 }
198 }
199
200=== modified file 'src/server/input/default_event_builder.cpp'
201--- src/server/input/default_event_builder.cpp 2016-01-25 18:06:53 +0000
202+++ src/server/input/default_event_builder.cpp 2016-01-25 18:06:54 +0000
203@@ -69,7 +69,6 @@
204 const float x_axis_value = 0;
205 const float y_axis_value = 0;
206 std::vector<uint8_t> vec_cookie{};
207- // FIXME Moving to 160bits soon
208 if (action == mir_pointer_action_button_up || action == mir_pointer_action_button_down)
209 {
210 auto const cookie = cookie_authority->make_cookie(timestamp.count());

Subscribers

People subscribed via source and target branches