keystonemiddleware

Bug #1490804
Comment #21

Comment 21 for bug 1490804

Revision history for this message

Adam Young (ayoung) wrote on 2015-09-02: Re: PKI Token Revocation Bypass

#21

Dolph; yeah, this is only for checking the revocation list; the tokens themselves need to be valid tokens. It is restricted to PKI based tokens only. The mistake was using the hash of the whole document for the token id; it should have been the same hash of the token tdata that is used for the cryptographic signature. The values being manipulated are the ASN1 specific values that indicate "This next block is signed data" which openssl really should be validating.

For example; here is a diff of a derdump of the origianl file and the modified file, with some lines of context;

$ diff -U 10 /tmp/auth_v3_token_scoped_orig.pem.txt /tmp/auth_v3_token_scoped77.pem.txt
--- /tmp/auth_v3_token_scoped_orig.pem.txt 2015-09-02 11:27:46.423313737 -0400
+++ /tmp/auth_v3_token_scoped77.pem.txt 2015-09-02 11:27:46.398313755 -0400
@@ -4,21 +4,21 @@
    C-[0] (3176)
       C-Sequence (3172)
          Integer (1)
             01
          C-Set (9)
             C-Sequence (7)
                Object Identifier (5)
                   1 3 14 3 2 26 (SHA-1)
          C-Sequence (2692)
             Object Identifier (9)
- 1 2 840 113549 1 7 1 (PKCS #7 Data)
+ 0 26 840 113549 1 7 1
             C-[0] (2677)
                Octet String (2673)
                   7b 22 74 6f 6b 65 6e 22 3a 20 7b 22 6d 65 74 68 6f 64
                   73 22 3a 20 5b 22 70 61 73 73 77 6f 72 64 22 5d 2c 20
                   22 72 6f 6c 65 73 22 3a 20 5b 7b 22 69 64 22 3a 20 22
                   66 30 33 66 64 61 38 66 38 61 33 32 34 39 62 32 61 37
                   30 66 62 31 66 31 37 36 61 37 62 36 33 31 22 2c 20 22
                   6e 61 6d 65 22 3a 20 22 72 6f 6c 65 31 22 7d 2c 20 7b
                   22 69 64 22 3a 20 22 66 30 33 66 64 61 38 66 38 61 33
                   32 34 39 62 32 61 37 30 66 62 31 66 31 37 36 61 37 62

All of the places susceptible to the modifications seem to be this kind of string, with the exception of the final padding;
$ diff -u /tmp/auth_v3_token_scoped_orig.pem /tmp/auth_v3_token_scoped4364.pem
--- /tmp/auth_v3_token_scoped_orig.pem 2015-09-02 11:14:11.414915072 -0400
+++ /tmp/auth_v3_token_scoped4364.pem 2015-09-02 11:14:28.749902282 -0400
@@ -66,4 +66,4 @@
4RQzkShFx97ioGPE9wE1Jv9Yzxo5uTg6z246gi42e50uSIFZMmNMqkUdz0n6Qct+
1zMf8W+e1pykKscVBz757F9n+qAhx15LxxdCKIrQ1kNT8dAyLRBQU0qZeLmLvS3W
nmf/JlQ7LDQmq3XQEHRbQ1s5dz/mwM8IiSm8
------END CMS-----
+-----END CMS-----
\ No newline at end of file

Dolph;  yeah, this is only for checking the revocation list;  the tokens themselves need to be valid tokens.  It is restricted to PKI based  tokens only.  The mistake was using the hash of the whole document for the token id;  it should have been the same hash of the token tdata that is used for the cryptographic signature.  The values being manipulated are the ASN1 specific values that indicate "This next block is signed data"  which openssl really should be validating.

For example;  here is a diff of a derdump of the origianl file and the modified file, with some lines of context;

$ diff -U 10 /tmp/auth_v3_token_scoped_orig.pem.txt /tmp/auth_v3_token_scoped77.pem.txt
--- /tmp/auth_v3_token_scoped_orig.pem.txt	2015-09-02 11:27:46.423313737 -0400
+++ /tmp/auth_v3_token_scoped77.pem.txt	2015-09-02 11:27:46.398313755 -0400
@@ -4,21 +4,21 @@
    C-[0]  (3176)
       C-Sequence  (3172)
          Integer  (1)
             01 
          C-Set  (9)
             C-Sequence  (7)
                Object Identifier  (5)
                   1 3 14 3 2 26 (SHA-1)
          C-Sequence  (2692)
             Object Identifier  (9)
-               1 2 840 113549 1 7 1 (PKCS #7 Data)
+               0 26 840 113549 1 7 1 
             C-[0]  (2677)
                Octet String  (2673)
                   7b 22 74 6f 6b 65 6e 22 3a 20 7b 22 6d 65 74 68 6f 64 
                   73 22 3a 20 5b 22 70 61 73 73 77 6f 72 64 22 5d 2c 20 
                   22 72 6f 6c 65 73 22 3a 20 5b 7b 22 69 64 22 3a 20 22 
                   66 30 33 66 64 61 38 66 38 61 33 32 34 39 62 32 61 37 
                   30 66 62 31 66 31 37 36 61 37 62 36 33 31 22 2c 20 22 
                   6e 61 6d 65 22 3a 20 22 72 6f 6c 65 31 22 7d 2c 20 7b 
                   22 69 64 22 3a 20 22 66 30 33 66 64 61 38 66 38 61 33 
                   32 34 39 62 32 61 37 30 66 62 31 66 31 37 36 61 37 62

All of the places susceptible to the modifications seem to be this kind of string, with the exception of the final padding;
$ diff -u /tmp/auth_v3_token_scoped_orig.pem /tmp/auth_v3_token_scoped4364.pem
--- /tmp/auth_v3_token_scoped_orig.pem	2015-09-02 11:14:11.414915072 -0400
+++ /tmp/auth_v3_token_scoped4364.pem	2015-09-02 11:14:28.749902282 -0400
@@ -66,4 +66,4 @@
 4RQzkShFx97ioGPE9wE1Jv9Yzxo5uTg6z246gi42e50uSIFZMmNMqkUdz0n6Qct+
 1zMf8W+e1pykKscVBz757F9n+qAhx15LxxdCKIrQ1kNT8dAyLRBQU0qZeLmLvS3W
 nmf/JlQ7LDQmq3XQEHRbQ1s5dz/mwM8IiSm8
------END CMS-----
+-----END CMS-----	
\ No newline at end of file