Merge lp:~mir-team/mir/160-bit-finally into lp:mir
- 160-bit-finally
- Merge into development-branch
Status: | Merged |
---|---|
Approved by: | Brandon Schaefer |
Approved revision: | no longer in the source branch. |
Merged at revision: | 3270 |
Proposed branch: | lp:~mir-team/mir/160-bit-finally |
Merge into: | lp:mir |
Prerequisite: | lp:~mir-team/mir/public-cookie-api |
Diff against target: |
210 lines (+90/-14) 7 files modified
debian/copyright (+16/-0) src/cookie/CMakeLists.txt (+1/-0) src/cookie/authority.cpp (+13/-12) src/cookie/const_memcmp.cpp (+33/-0) src/cookie/const_memcmp.h (+26/-0) src/include/cookie/mir/cookie/blob.h (+1/-1) src/server/input/default_event_builder.cpp (+0/-1) |
To merge this branch: | bzr merge lp:~mir-team/mir/160-bit-finally |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
PS Jenkins bot (community) | continuous-integration | Approve | |
Kevin DuBois (community) | Approve | ||
Mir CI Bot | continuous-integration | Needs Fixing | |
Alberto Aguirre (community) | Approve | ||
Review via email: mp+283751@code.launchpad.net |
This proposal supersedes a proposal from 2016-01-24.
Commit message
mir-cookie: Use a constant time memcmp to verify cookie contents
Additionally use the full SHA1 size of 160 bits for the cookie MAC.
Description of the change
mir-cookie: Use a constant time memcmp to verify cookie contents
Additionally use the full SHA1 size of 160 bits for the cookie MAC.
Mir CI Bot (mir-ci-bot) wrote : | # |
PS Jenkins bot (ps-jenkins) wrote : | # |
FAILED: Continuous integration, rev:3270
http://
Executed test runs:
FAILURE: http://
FAILURE: http://
SUCCESS: http://
SUCCESS: http://
deb: http://
SUCCESS: http://
deb: http://
SUCCESS: http://
deb: http://
SUCCESS: http://
SUCCESS: http://
Click here to trigger a rebuild:
http://
PS Jenkins bot (ps-jenkins) wrote : | # |
FAILED: Continuous integration, rev:3270
http://
Executed test runs:
FAILURE: http://
SUCCESS: http://
SUCCESS: http://
FAILURE: http://
SUCCESS: http://
deb: http://
SUCCESS: http://
deb: http://
SUCCESS: http://
SUCCESS: http://
Click here to trigger a rebuild:
http://
Alan Griffiths (alan-griffiths) wrote : | # |
E: Unable to locate package libsodium-dev
apt download failed. Exit value: 100
That ought to be there. Restarting
PS Jenkins bot (ps-jenkins) wrote : | # |
FAILED: Continuous integration, rev:3270
http://
Executed test runs:
FAILURE: http://
SUCCESS: http://
SUCCESS: http://
SUCCESS: http://
deb: http://
SUCCESS: http://
deb: http://
SUCCESS: http://
deb: http://
SUCCESS: http://
SUCCESS: http://
Click here to trigger a rebuild:
http://
Kevin DuBois (kdub) wrote : | # |
Is it too difficult to write an equivalent function to sodium_memcmp()? Or, perhaps, are we looking to use more functions from this library in the near future? I'd rather have an internal memcmp (if its not to difficult to write) than add an additional dependency.
Brandon Schaefer (brandontschaefer) wrote : | # |
Decided to just grab the function we will be using from sodium (since its an MIT/ISC)
Mir CI Bot (mir-ci-bot) wrote : | # |
PASSED: Continuous integration, rev:3271
https:/
Executed test runs:
None: https:/
Click here to trigger a rebuild:
https:/
Mir CI Bot (mir-ci-bot) wrote : | # |
FAILED: Continuous integration, rev:3272
https:/
Executed test runs:
None: https:/
Click here to trigger a rebuild:
https:/
Mir CI Bot (mir-ci-bot) wrote : | # |
PASSED: Continuous integration, rev:3272
https:/
Executed test runs:
None: https:/
Click here to trigger a rebuild:
https:/
Mir CI Bot (mir-ci-bot) wrote : | # |
FAILED: Continuous integration, rev:3273
https:/
Executed test runs:
None: https:/
Click here to trigger a rebuild:
https:/
PS Jenkins bot (ps-jenkins) wrote : | # |
FAILED: Continuous integration, rev:3271
http://
Executed test runs:
FAILURE: http://
SUCCESS: http://
SUCCESS: http://
SUCCESS: http://
deb: http://
SUCCESS: http://
deb: http://
SUCCESS: http://
deb: http://
SUCCESS: http://
SUCCESS: http://
Click here to trigger a rebuild:
http://
Kevin DuBois (kdub) wrote : | # |
alright, thanks for removing the dependency for the one function. lgtm too.
PS Jenkins bot (ps-jenkins) wrote : | # |
PASSED: Continuous integration, rev:3273
http://
Executed test runs:
SUCCESS: http://
SUCCESS: http://
SUCCESS: http://
SUCCESS: http://
SUCCESS: http://
deb: http://
SUCCESS: http://
deb: http://
SUCCESS: http://
deb: http://
SUCCESS: http://
SUCCESS: http://
SUCCESS: http://
deb: http://
SUCCESS: http://
SUCCESS: http://
Click here to trigger a rebuild:
http://
Preview Diff
1 | === modified file 'debian/copyright' |
2 | --- debian/copyright 2015-02-22 07:46:25 +0000 |
3 | +++ debian/copyright 2016-01-25 18:06:54 +0000 |
4 | @@ -153,3 +153,19 @@ |
5 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
6 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
7 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
8 | + |
9 | + Files: src/cookie/const_memcmp.h src/cookie/const_memcmp.cpp |
10 | + Copyright: Copyright (c) 2013-2016 |
11 | + Frank Denis <j at pureftpd dot org> |
12 | + |
13 | + Permission to use, copy, modify, and/or distribute this software for any |
14 | + purpose with or without fee is hereby granted, provided that the above |
15 | + copyright notice and this permission notice appear in all copies. |
16 | + |
17 | + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
18 | + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
19 | + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR |
20 | + ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
21 | + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |
22 | + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
23 | + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
24 | |
25 | === modified file 'src/cookie/CMakeLists.txt' |
26 | --- src/cookie/CMakeLists.txt 2016-01-25 18:06:53 +0000 |
27 | +++ src/cookie/CMakeLists.txt 2016-01-25 18:06:54 +0000 |
28 | @@ -24,6 +24,7 @@ |
29 | |
30 | ${symbol_map} |
31 | authority.cpp |
32 | + const_memcmp.cpp |
33 | hmac_cookie.cpp |
34 | ) |
35 | |
36 | |
37 | === modified file 'src/cookie/authority.cpp' |
38 | --- src/cookie/authority.cpp 2016-01-25 18:06:53 +0000 |
39 | +++ src/cookie/authority.cpp 2016-01-25 18:06:54 +0000 |
40 | @@ -20,6 +20,7 @@ |
41 | #include "mir/cookie/authority.h" |
42 | #include "mir/cookie/blob.h" |
43 | #include "hmac_cookie.h" |
44 | +#include "const_memcmp.h" |
45 | #include "format.h" |
46 | |
47 | #include <algorithm> |
48 | @@ -28,6 +29,7 @@ |
49 | #include <system_error> |
50 | |
51 | #include <nettle/hmac.h> |
52 | + |
53 | #include <linux/random.h> |
54 | #include <sys/types.h> |
55 | #include <sys/stat.h> |
56 | @@ -41,7 +43,8 @@ |
57 | { |
58 | std::string const random_device_path{"/dev/random"}; |
59 | std::string const urandom_device_path{"/dev/urandom"}; |
60 | -int const wait_seconds{30}; |
61 | +uint32_t const wait_seconds{30}; |
62 | +uint32_t const mac_byte_size{20}; |
63 | |
64 | size_t cookie_size_from_format(mir::cookie::Format const& format) |
65 | { |
66 | @@ -141,9 +144,9 @@ |
67 | { |
68 | /* |
69 | SHA_1 Format: |
70 | - 1 byte = FORMAT |
71 | - 8 btyes = TIMESTAMP |
72 | - 8 BYTES = MAC |
73 | + 1 byte = FORMAT |
74 | + 8 bytes = TIMESTAMP |
75 | + 20 bytes = MAC |
76 | */ |
77 | |
78 | if (raw_cookie.size() != cookie_size_from_format(mir::cookie::Format::hmac_sha_1_8)) |
79 | @@ -162,11 +165,10 @@ |
80 | auto ptr = raw_cookie.data(); |
81 | ptr++; |
82 | |
83 | - memcpy(×tamp, ptr, 8); |
84 | + memcpy(×tamp, ptr, sizeof(uint64_t)); |
85 | ptr += sizeof(timestamp); |
86 | |
87 | - // FIXME Soon to be 20 bytes |
88 | - std::vector<uint8_t> mac(8); |
89 | + std::vector<uint8_t> mac(mac_byte_size); |
90 | memcpy(mac.data(), ptr, mac.size()); |
91 | |
92 | std::unique_ptr<mir::cookie::Cookie> cookie = |
93 | @@ -183,10 +185,9 @@ |
94 | private: |
95 | std::vector<uint8_t> calculate_cookie(uint64_t const& timestamp) |
96 | { |
97 | - // FIXME Soon to change to 160bits, for now uint64_t |
98 | - std::vector<uint8_t> mac(sizeof(uint64_t)); |
99 | + std::vector<uint8_t> mac(mac_byte_size); |
100 | hmac_sha1_update(&ctx, sizeof(timestamp), reinterpret_cast<uint8_t const*>(×tamp)); |
101 | - hmac_sha1_digest(&ctx, sizeof(uint64_t), reinterpret_cast<uint8_t*>(mac.data())); |
102 | + hmac_sha1_digest(&ctx, mac.size(), mac.data()); |
103 | |
104 | return mac; |
105 | } |
106 | @@ -198,8 +199,8 @@ |
107 | auto const this_stream = cookie->serialize(); |
108 | auto const other_stream = calculated_cookie->serialize(); |
109 | |
110 | - // FIXME Need to do a constant memcmp here! |
111 | - return std::equal(std::begin(this_stream), std::end(this_stream), std::begin(other_stream)); |
112 | + return this_stream.size() == other_stream.size() && |
113 | + mir::cookie::const_memcmp(this_stream.data(), other_stream.data(), this_stream.size()) == 0; |
114 | } |
115 | |
116 | struct hmac_sha1_ctx ctx; |
117 | |
118 | === added file 'src/cookie/const_memcmp.cpp' |
119 | --- src/cookie/const_memcmp.cpp 1970-01-01 00:00:00 +0000 |
120 | +++ src/cookie/const_memcmp.cpp 2016-01-25 18:06:54 +0000 |
121 | @@ -0,0 +1,33 @@ |
122 | +/* |
123 | + * Copyright (c) 2013-2016 |
124 | + * Frank Denis <j at pureftpd dot org> |
125 | + * |
126 | + * Permission to use, copy, modify, and/or distribute this software for any |
127 | + * purpose with or without fee is hereby granted, provided that the above |
128 | + * copyright notice and this permission notice appear in all copies. |
129 | + * |
130 | + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
131 | + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
132 | + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR |
133 | + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
134 | + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |
135 | + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
136 | + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
137 | + */ |
138 | + |
139 | +#include "const_memcmp.h" |
140 | + |
141 | +int mir::cookie::const_memcmp(void const* const b1_, void const* const b2_, size_t len) |
142 | +{ |
143 | + volatile unsigned char const* b1 = (volatile unsigned char const*) b1_; |
144 | + volatile unsigned char const* b2 = (volatile unsigned char const*) b2_; |
145 | + |
146 | + size_t i; |
147 | + unsigned char d = (unsigned char) 0U; |
148 | + |
149 | + for (i = 0U; i < len; i++) |
150 | + { |
151 | + d |= b1[i] ^ b2[i]; |
152 | + } |
153 | + return (1 & ((d - 1) >> 8)) - 1; |
154 | +} |
155 | |
156 | === added file 'src/cookie/const_memcmp.h' |
157 | --- src/cookie/const_memcmp.h 1970-01-01 00:00:00 +0000 |
158 | +++ src/cookie/const_memcmp.h 2016-01-25 18:06:54 +0000 |
159 | @@ -0,0 +1,26 @@ |
160 | +/* |
161 | + * Copyright (c) 2013-2016 |
162 | + * Frank Denis <j at pureftpd dot org> |
163 | + * |
164 | + * Permission to use, copy, modify, and/or distribute this software for any |
165 | + * purpose with or without fee is hereby granted, provided that the above |
166 | + * copyright notice and this permission notice appear in all copies. |
167 | + * |
168 | + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
169 | + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
170 | + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR |
171 | + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
172 | + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |
173 | + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
174 | + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
175 | + */ |
176 | + |
177 | +#include "stddef.h" |
178 | + |
179 | +namespace mir |
180 | +{ |
181 | +namespace cookie |
182 | +{ |
183 | +int const_memcmp(void const* const b1_, void const* const b2_, size_t len); |
184 | +} |
185 | +} |
186 | |
187 | === modified file 'src/include/cookie/mir/cookie/blob.h' |
188 | --- src/include/cookie/mir/cookie/blob.h 2016-01-25 18:06:53 +0000 |
189 | +++ src/include/cookie/mir/cookie/blob.h 2016-01-25 18:06:54 +0000 |
190 | @@ -25,7 +25,7 @@ |
191 | { |
192 | namespace cookie |
193 | { |
194 | -size_t const default_blob_size = 17; |
195 | +size_t const default_blob_size = 29; |
196 | using Blob = std::array<uint8_t, default_blob_size>; |
197 | } |
198 | } |
199 | |
200 | === modified file 'src/server/input/default_event_builder.cpp' |
201 | --- src/server/input/default_event_builder.cpp 2016-01-25 18:06:53 +0000 |
202 | +++ src/server/input/default_event_builder.cpp 2016-01-25 18:06:54 +0000 |
203 | @@ -69,7 +69,6 @@ |
204 | const float x_axis_value = 0; |
205 | const float y_axis_value = 0; |
206 | std::vector<uint8_t> vec_cookie{}; |
207 | - // FIXME Moving to 160bits soon |
208 | if (action == mir_pointer_action_button_up || action == mir_pointer_action_button_down) |
209 | { |
210 | auto const cookie = cookie_authority->make_cookie(timestamp.count()); |
PASSED: Continuous integration, rev:3270 /mir-jenkins. ubuntu. com/job/ mir-ci/ 146/ /mir-jenkins. ubuntu. com/job/ generic- update- mp/147/ console
https:/
Executed test runs:
None: https:/
Click here to trigger a rebuild: /mir-jenkins. ubuntu. com/job/ mir-ci/ 146/rebuild
https:/