Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Why not use FIPS-compliant algorithm instead of MD5 #57

Closed
bhavyashah-crest opened this issue Mar 3, 2020 · 5 comments
Closed

Why not use FIPS-compliant algorithm instead of MD5 #57

bhavyashah-crest opened this issue Mar 3, 2020 · 5 comments
Labels
enhancement

Comments

@bhavyashah-crest
Copy link

bhavyashah-crest commented Mar 3, 2020
edited
Loading

Currently, the library uses MD5 algorithm to generate the nonce:
Filename: suds/wsse.py

def setnonce(self, text=None):
        """
        Set I{nonce} which is arbitraty set of bytes to prevent
        reply attacks.
        @param text: The nonce text value.
            Generated when I{None}.
        @type text: str
        """
        if text is None:
            s = []
            s.append(self.username)
            s.append(self.password)
            s.append(Token.sysdate())
            m = md5()
            m.update(':'.join(s).encode("utf-8"))
            self.nonce = m.hexdigest()
        else:
            self.nonce = text

Also, the library uses MD5 algorithm to generate the "mangled id" from url and document attemped to be retrived:
Filename: suds/reader.py

def mangle(self, name, x):
        """
        Mangle the name by hashing the I{name} and appending I{x}.
        @return: the mangled name.
        """
        h = hashlib.md5(name.encode('utf8')).hexdigest()
        return '%s-%s' % (h, x)

As the library uses the MD5 algorithm which is not FIPS-compliant, the Apps using the library gives the below error when running on FIPS enabled platforms:
fips_md.c(146): OpenSSL internal error, assertion failed: Digest update previous FIPS forbidden algorithm error ignored 

Can we update the library to use FIPS-compliant algorithm for the above purposes?
@cackharot
Copy link
Owner

A PR to address this is most welcome. Also if you provide the details of what value it will add to this lib and what effects this will make (e.g, compatibility) it would be easier to understand and contribute.

@bhavyashah-crest
Copy link
Author

Hi @cackharot,
Thanks for your response, here is my analysis:

Analysis for file: suds/wsse.py
Occurrence in code:

def setnonce(self, text=None):
        """
        Set I{nonce} which is arbitraty set of bytes to prevent
        reply attacks.
        @param text: The nonce text value.
            Generated when I{None}.
        @type text: str
        """
        if text is None:
            s = []
            s.append(self.username)
            s.append(self.password)
            s.append(Token.sysdate())
            m = md5()
            m.update(':'.join(s).encode("utf-8"))
            self.nonce = m.hexdigest()
        else:
            self.nonce = text

Issue
The above method uses the MD5 algorithm to generate the nonce that can be used to prevent the reply attacks. As MD5 is not FIPS compliant, the above method could fail on FIPS enabled platforms.

Resolution
While finding an alternative for the MD5, I found that the MD5 function is replaced by SHA-256 and SHA-512 in later versions of Digest Access Authentication (Method which we are using).

Impact
While MD5 produces the message digest that is 128 bit long, sha256 produces the message digest that is 256 bit long. But, as the nonces are the random number issued in the authentication, this should not affect anything.

Analysis for file: suds/reader.py
Occurrence in code:

def mangle(self, name, x):
        """
        Mangle the name by hashing the I{name} and appending I{x}.
        @return: the mangled name.
        """
        h = hashlib.md5(name.encode('utf8')).hexdigest()
        return '%s-%s' % (h, x)

Issue
The above method uses the MD5 algorithm to generate the nonce that can be used to prevent the reply attacks. As MD5 is not FIPS compliant, the above method could fail on FIPS enabled platforms.

Resolution
The above method mangles(generates the hash for) the name variable, appends it with x and returns it. The returned value is used as a name to cache and retrieve the vCenter Server properties.

Impact
Using the sha1 algorithm to generate hashes will provide a hash of 160 bits, which is a little longer than the hash provided by the md5 algorithm. It will not be an issue, as it will only be used as a name to get and set the cache.

@Orangensaft Orangensaft mentioned this issue Mar 6, 2020
Merged
@Orangensaft
Copy link
Contributor

I have opened a pull request to fix this issue :)

@cackharot
Copy link
Owner

Done. Thanks!

@bhavyashah-crest
Copy link
Author

Hi @cackharot,
Thanks for the quick action. Can you please tell me when the new version of the suds-py3 library is being released?
If it is going to take, what can be the procedure to make the above changes in the library which is already released and use it.?
Big thanks,

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Orangensaft @cackharot @bhavyashah-crest