From 43a439e7d001dd223028403f2453347438d13e27 Mon Sep 17 00:00:00 2001 From: Sebastien SAUVAGE Date: Thu, 6 Feb 2014 22:52:17 +0100 Subject: [PATCH] Time attack protection on hmac comparison This fixes issue 2.7 of https://defuse.ca/audits/zerobin.htm, and thus (with commit a24212afda90ca3e4b4ff5ce30d2012709b58a28) also issue 2.8. (cherry picked from commit 0b4db7ece313dd268e51fc47a0293a649927558a) Conflicts: index.php --- lib/filter.php | 31 ++++++++++++ lib/zerobin.php | 118 ++++++++++++++++++++++--------------------- tst/filter.php | 21 ++++++++ tst/mcrypt_mock.php | 17 +++++++ tst/phpunit.xml | 1 + tst/vizhash16x16.php | 5 ++ 6 files changed, 135 insertions(+), 58 deletions(-) create mode 100644 tst/mcrypt_mock.php diff --git a/lib/filter.php b/lib/filter.php index 623b8bb3..2face509 100644 --- a/lib/filter.php +++ b/lib/filter.php @@ -50,4 +50,35 @@ class filter } return number_format($size, ($i ? 2 : 0), '.', ' ') . ' ' . $iec[$i]; } + + /** + * validate paste ID + * + * @access public + * @param string $dataid + * @return bool + */ + public static function is_valid_paste_id($dataid) + { + return (bool) preg_match('#\A[a-f\d]{16}\z#', $dataid); + } + + /** + * fixed time string comparison operation to prevent timing attacks + * https://crackstation.net/hashing-security.htm?=rd#slowequals + * + * @access public + * @param string $a + * @param string $b + * @return bool + */ + public static function slow_equals($a, $b) + { + $diff = strlen($a) ^ strlen($b); + for($i = 0; $i < strlen($a) && $i < strlen($b); $i++) + { + $diff |= ord($a[$i]) ^ ord($b[$i]); + } + return $diff === 0; + } } diff --git a/lib/zerobin.php b/lib/zerobin.php index 0fb350b8..e5ca81c8 100644 --- a/lib/zerobin.php +++ b/lib/zerobin.php @@ -272,8 +272,8 @@ class zerobin $pasteid = $_POST['pasteid']; $parentid = $_POST['parentid']; if ( - !preg_match('#\A[a-f\d]{16}\z#', $pasteid) || - !preg_match('#\A[a-f\d]{16}\z#', $parentid) + !filter::is_valid_paste_id($pasteid) || + !filter::is_valid_paste_id($parentid) ) $this->_return_message(1, 'Invalid data.'); // Comments do not expire (it's the paste that expires) @@ -340,18 +340,21 @@ class zerobin private function _delete($dataid, $deletetoken) { // Is this a valid paste identifier? - if (preg_match('#\A[a-f\d]{16}\z#', $dataid)) + if (!filter::is_valid_paste_id($dataid)) { - // Check that paste exists. - if (!$this->_model()->exists($dataid)) - { - $this->_error = 'Paste does not exist, has expired or has been deleted.'; - return; - } + $this->_error = 'Invalid paste ID.'; + return; + } + + // Check that paste exists. + if (!$this->_model()->exists($dataid)) + { + $this->_error = 'Paste does not exist, has expired or has been deleted.'; + return; } // Make sure token is valid. - if ($deletetoken != hash_hmac('sha1', $dataid , serversalt::get())) + if (filter::slow_equals($deletetoken, hash_hmac('sha1', $dataid , serversalt::get()))) { $this->_error = 'Wrong deletion token. Paste was not deleted.'; return; @@ -372,63 +375,62 @@ class zerobin private function _read($dataid) { // Is this a valid paste identifier? - if (preg_match('#\A[a-f\d]{16}\z#', $dataid)) + if (!filter::is_valid_paste_id($dataid)) { - // Check that paste exists. - if ($this->_model()->exists($dataid)) + $this->_error = 'Invalid paste ID.'; + return; + } + + // Check that paste exists. + if ($this->_model()->exists($dataid)) + { + // Get the paste itself. + $paste = $this->_model()->read($dataid); + + // See if paste has expired. + if ( + isset($paste->meta->expire_date) && + $paste->meta->expire_date < time() + ) { - // Get the paste itself. - $paste = $this->_model()->read($dataid); - - // See if paste has expired. - if ( - isset($paste->meta->expire_date) && - $paste->meta->expire_date < time() - ) - { - // Delete the paste - $this->_model()->delete($dataid); - $this->_error = 'Paste does not exist, has expired or has been deleted.'; - } - // If no error, return the paste. - else - { - // We kindly provide the remaining time before expiration (in seconds) - if ( - property_exists($paste->meta, 'expire_date') - ) $paste->meta->remaining_time = $paste->meta->expire_date - time(); - - // The paste itself is the first in the list of encrypted messages. - $messages = array($paste); - - // If it's a discussion, get all comments. - if ( - property_exists($paste->meta, 'opendiscussion') && - $paste->meta->opendiscussion - ) - { - $messages = array_merge( - $messages, - $this->_model()->readComments($dataid) - ); - } - $this->_data = json_encode($messages); - - // If the paste was meant to be read only once, delete it. - if ( - property_exists($paste->meta, 'burnafterreading') && - $paste->meta->burnafterreading - ) $this->_model()->delete($dataid); - } + // Delete the paste + $this->_model()->delete($dataid); + $this->_error = 'Paste does not exist, has expired or has been deleted.'; } + // If no error, return the paste. else { - $this->_error = 'Paste does not exist or has expired.'; + // We kindly provide the remaining time before expiration (in seconds) + if ( + property_exists($paste->meta, 'expire_date') + ) $paste->meta->remaining_time = $paste->meta->expire_date - time(); + + // The paste itself is the first in the list of encrypted messages. + $messages = array($paste); + + // If it's a discussion, get all comments. + if ( + property_exists($paste->meta, 'opendiscussion') && + $paste->meta->opendiscussion + ) + { + $messages = array_merge( + $messages, + $this->_model()->readComments($dataid) + ); + } + $this->_data = json_encode($messages); + + // If the paste was meant to be read only once, delete it. + if ( + property_exists($paste->meta, 'burnafterreading') && + $paste->meta->burnafterreading + ) $this->_model()->delete($dataid); } } else { - $this->_error = 'Invalid paste ID.'; + $this->_error = 'Paste does not exist or has expired.'; } } diff --git a/tst/filter.php b/tst/filter.php index c8d42399..c058a66a 100644 --- a/tst/filter.php +++ b/tst/filter.php @@ -44,4 +44,25 @@ class filterTest extends PHPUnit_Framework_TestCase $this->assertEquals('1.00 YiB', filter::size_humanreadable(1024 * $exponent)); $this->assertEquals('1.21 YiB', filter::size_humanreadable(1234 * $exponent)); } + + public function testPasteIdValidation() + { + $this->assertTrue(filter::is_valid_paste_id('a242ab7bdfb2581a'), 'valid paste id'); + $this->assertFalse(filter::is_valid_paste_id('foo'), 'invalid hex values'); + $this->assertFalse(filter::is_valid_paste_id('../bar/baz'), 'path attack'); + } + + public function testSlowEquals() + { + $this->assertTrue(filter::slow_equals('foo', 'foo'), 'same string'); + $this->assertFalse(filter::slow_equals('foo', true), 'string and boolean'); + $this->assertFalse(filter::slow_equals('foo', 0), 'string and integer'); + $this->assertFalse(filter::slow_equals('123foo', 123), 'string and integer'); + $this->assertFalse(filter::slow_equals('123foo', '123'), 'different strings'); + $this->assertFalse(filter::slow_equals('6', ' 6'), 'strings with space'); + $this->assertFalse(filter::slow_equals('4.2', '4.20'), 'floats as strings'); + $this->assertFalse(filter::slow_equals('1e3', '1000'), 'integers as strings'); + $this->assertFalse(filter::slow_equals('9223372036854775807', '9223372036854775808'), 'large integers as strings'); + $this->assertFalse(filter::slow_equals('61529519452809720693702583126814', '61529519452809720000000000000000'), 'larger integers as strings'); + } } diff --git a/tst/mcrypt_mock.php b/tst/mcrypt_mock.php new file mode 100644 index 00000000..96b0ed31 --- /dev/null +++ b/tst/mcrypt_mock.php @@ -0,0 +1,17 @@ + ./ + mcrypt_mock.php diff --git a/tst/vizhash16x16.php b/tst/vizhash16x16.php index 82f06a00..b33d48dd 100644 --- a/tst/vizhash16x16.php +++ b/tst/vizhash16x16.php @@ -37,5 +37,10 @@ class vizhash16x16Test extends PHPUnit_Framework_TestCase $this->assertEquals('image/png', $finfo->file($this->_file)); $this->assertNotEquals($pngdata, $vz->generate('2001:1620:2057:dead:beef::cafe:babe')); $this->assertEquals($pngdata, $vz->generate('127.0.0.1')); + + // generating new salt + $salt = serversalt::get(); + require 'mcrypt_mock.php'; + $this->assertNotEquals($salt, serversalt::generate()); } }