Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 10 Sep 2015 10:57:41 +0800
From: Kai Zhao <loverszhao@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: auditing our use of FMT_* flags

Hi,

On Tue, Sep 8, 2015 at 11:42 PM, Kai Zhao <loverszhao@...il.com> wrote:
>
> I think the current patch can detect the #1, #2 error. For #3, I wrote
> a pseudo code based on your ideas.
>
>     original:
>
>         original_split_ret = split(ciphertext, 0, format);
>         original_binary_ret = binary(ciphertext);
>         original_salt_ret = salt(ciphertext);
>
>         set_key();
>
>         original_crypt_ret = crypt_all(&count, NULL);
>         original_cmp_ret = cmp_all(binary, original_crypt_all);
>
>         copy original binary -> original binary
>         copy original salt   -> original salt
>
>     change ciphertext case:
>
>         new_split_ret = split(ciphertext, 0, format);
>         new_binary_ret = binary(ciphertext);
>         new_salt_ret = salt(ciphertext);
>
>         set_key();
>
>         new_crypt_ret = crypt_all(&count, NULL);
>         new_cmp_ret = cmp_all(binary, original_crypt_all);
>
>         copy new binary -> new binary
>         copy new salt   -> new salt
>
>     compare:
>
>         if (original_split_ret != new_split_ret)
>             goto should_set_fmt_split;
>
>         if (original_binary_ret != new_binary_ret)
>             goto should_set_fmt_split;
>
>         if (original_salt_ret != new_salt_ret)
>             goto should_set_fmt_split;
>
>         if (original_crypt_ret != new_crypt_ret)
>             goto should_set_fmt_split;
>
>         if (original_cmp_ret != new_cmp_ret)
>             goto should_set_fmt_split;
>
>         if (original bianry != new binary)
>             goto should_set_fmt_split;
>
>         if (original salt != new salt)
>             goto should_set_fmt_split;
>
>     should_set_fmt_split and implement it in split()
>
> Do you think this conform to your ideas ?
>

I try to find the #3 error, here is my step:

    If (did not set FMT_SPLIT_... ) and (binary_size is not 0)

        get the original binary

        change case

        get the current binary

        if (current binary is the same as original binary)

            we should check these formats, maybe it need to add
            FMT_SPLIT... and unifies case in split()

When should unify case in split() and add FMT_SPLIT... ?

I think we should do this when the binary() is case-insensitive.
E.g. the binary() of "HAVAL-256-3" is case-insensitive, so the
return of binary() is same when we change the case of ciphertext.

If my understand is right, the 'AFS' format maybe has the #3 error.

The binary() uses atoi16[] which is case-insensitive.

void common_init(void)
{
    atoi16['A'] = atoi16['a'];
    atoi16['B'] = atoi16['b'];
    atoi16['C'] = atoi16['c'];
    atoi16['D'] = atoi16['d'];
    atoi16['E'] = atoi16['e'];
    atoi16['F'] = atoi16['f'];
}

static void *get_binary(char *ciphertext)
{
    static ARCH_WORD out[6];
    char base64[14];
    int known_long;
    int index;
    unsigned int value;

    out[0] = out[1] = 0;
    strcpy(base64, AFS_SALT);
    known_long = 0;

    for (index = 0; index < 16; index += 2) {
        value = (int)atoi16[ARCH_INDEX(ciphertext[index + 4])] << 4;
        value |= atoi16[ARCH_INDEX(ciphertext[index + 5])];

        out[index >> 3] |= (value | 1) << ((index << 2) & 0x18);

        if (atoi64[value >>= 1] == 0x7F)
            known_long = 1;
        else
            base64[(index >> 1) + 2] = value;
    }

    if (known_long)
        out[2] = ~(ARCH_WORD)0;
    else
        memcpy(&out[2], DES_std_get_binary(base64), 16);

    return out;
}


Thanks,

Kai

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ