CO4:= $(call dirObjects,common/sha2)

<meta http-equiv="content-type" content="text/html; charset=utf-8"/>

<title>- no title specified</title>

<meta name="generator" content="LibreOffice 5.1.6.2 (Linux)"/>

<meta name="created" content="00:00:00"/>

<meta name="changed" content="2018-06-21T14:25:04.182337599"/>

<meta name="DCTERMS.issued" content="2018-04-09T10:14:20.507318741"/>

<meta name="DCTERMS.language" content="en-US"/>

<meta name="DCTERMS.modified" content="2018-04-09T10:14:29.569131327"/>

<meta name="DCTERMS.provenance" content=""/>

<meta name="DCTERMS.source" content="http://xml.openoffice.org/odf2xhtml"/>

<meta name="DCTERMS.subject" content=","/>

<meta name="DCTERMS.title" content=""/>

<style type="text/css">

p { margin-left: 0.79in; margin-right: 0.79in; color: #000000 }

td p { margin-left: 0.79in; margin-right: 0.79in; color: #000000; font-size: 12pt }

h1 { margin-left: 0.79in; margin-right: 0.79in; color: #000000 }

h2 { margin-left: 0.79in; margin-right: 0.79in; color: #000000 }

h2.cjk { font-family: "Noto Sans CJK SC Regular" }

h2.ctl { font-family: "FreeSans" }

p.p1 { margin-bottom: 0.1in; font-family: "Liberation Serif"; font-size: 12pt; line-height: 120% }

p.p4 { margin-bottom: 0.1in; font-family: "Liberation Serif"; font-size: 12pt; line-height: 120% }

td p.p6 { margin-bottom: 0.1in; font-family: "Liberation Serif"; font-size: 12pt; line-height: 120% }

p.p5 { margin-bottom: 0.1in; font-family: "Liberation Serif"; font-size: 12pt; line-height: 120% }

p.p7 { margin-bottom: 0.1in; font-family: "Liberation Serif"; font-size: 12pt; line-height: 120% }

p.p2 { margin-bottom: 0.1in; font-family: "Liberation Serif"; font-size: 12pt; line-height: 120% }

p.p9 { margin-bottom: 0.1in; font-family: "Liberation Serif"; font-size: 12pt; line-height: 120% }

p.p10 { margin-bottom: 0in; font-family: "Liberation Serif"; font-size: 12pt; line-height: 120% }

</style>

<body lang="en-US" text="#000000" dir="ltr">

<p>&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;<!--This file was converted to xhtml by LibreOffice - see http://cgit.freedesktop.org/libreoffice/core/tree/filter/source/xslt for the code.-->

<h1><a name="a__Replacement_of_use_of_SHA-1_in_the_SRP_Client_Proof_with_a_SHA-2_Message_Digest"></a>

Replacement of use of SHA-1 in the SRP Client Proof with a SHA-2

Message Digest</h1>

<p class="p1">The Firebird implementation of the Secure Remote

Protocol (SRP) for password based user authentication has been

updated following a security review of the original Firebird SRP-6a

implementation taking into account current NIST guidance on the use

of SHA-1 – see NIST Special Publication 800-131A, Revision 1,

Transitions: Recommendation for Transitioning the Use of

Cryptographic Algorithms and Key Lengths

(<a href="http://dx.doi.org/10.6028/NIST.SP.800-131Ar1">http://dx.doi.org/10.6028/NIST.SP.800-131Ar1</a>)

chapter 9. This guidance disallows the general use of SHA-1 for

“Digital Signature Generation” whilst permitting continued use

for “Digital Signature Verification”. The background to making

this change is given below.</p>

<p class="p4">By default, the SHA-256 message digest is now used

instead of SHA-1 for generating the Client Proof. Alternatively,

SHA-1 (deprecated and for legacy use only) may be used for the Client

Proof. Separate AuthServer and AuthClient plugins are available for

each supported message digest, with the following names:</p>

<table width="703" cellpadding="0" cellspacing="0">

<col width="174">

<col width="528">

<tr>

<td width="174" style="border: none; padding: 0in">

<ul>

<li/>

<p class="p6" align="left" style="margin-right: 0in">•Srp&nbsp;</p>

</ul>

</td>

<td width="528" style="border: none; padding: 0in">

<p class="p4" align="left">SHA-1 Client Proof</p>

</td>

</tr>

<tr>

<td width="174" style="border: none; padding: 0in">

<ul>

<li/>

<p class="p6" align="left" style="margin-right: 0in">•Srp256&nbsp;</p>

</ul>

</td>

<td width="528" style="border: none; padding: 0in">

<p class="p4" align="left">SHA-256 Client Proof</p>

</td>

</tr>

<p class="p5">Both client and server must have an SRP authentication

plugin in common in order to enable successfully authentication of a

user's password.

<p class="p5">There is no change to the SRP User Manager. This is

still called (“Srp”) and the User Manager and the security

database are not affected by the choice of message digest used to

compute the client proof.</p>

<p class="p4">The “firebird.conf” default configuration file

entries for AuthServer and AuthClient are now:</p>

<p class="p4">AuthServer = Srp256<br/>

AuthClient = Srp256, Srp,

Legacy_Auth (Non -windows clients)<br/>

AuthClient = Srp256, Srp,

Win_Sspi, Legacy_Auth (windows clients)</p>

<p class="p4">With these settings, a Firebird Server is using Srp256

to authenticate a client using SHA-256 to compute the client proof

and is thus compatible with Firebird 3.0.4 or newer clients. On the

other hand, a Firebird client will authenticate the user with any

server version down to at least 2.5.</p>

<p class="p7">A deployment where both client and servers support the

legacy Srp (using SHA-1) and one or more of the SHA-2 authentication

plugins (e.g. Srp256) should be avoided. This is because an attacker

might be able to disrupt the Srp256 authentication thereby forcing

Firebird to use the weaker Srp SHA-1 client proof without the user

being aware.</p>

<h2 class="western"><a name="a__REASON_FOR_CHANGE"></a>REASON FOR

CHANGE</h2>

<p class="p1">Review of the Firebird SRP implementation appears to

indicate that most uses of SHA-1 continue to be permitted under NIST

guidance except for its use in generating the client proof. The SRP

client proof may be characterised as a “Poor Man's Digital

Signature” in that it provides a two party proof of identity rather

than the third party proof normally expected from a Digital Signature

i.e. it is not a non-repudiable proof. Nevertheless, it is believed

that generation of the client proof falls under the heading of

“Digital Signature Generation” when considering the NIST

Guidance.</p>

<p class="p2">Continued use of SHA-1 in order to generate the client

proof appears to risk leakage of the encryption key used to encrypt

“over-the-wire” encryption and which hence also provides peer

entity authentication during the lifetime of the connection. This may

result in an attacker being able to monitor confidential

communication either during the connection or at some later date and

this could include leakage of an encryption key used to encrypt the

user database, if this is passed from client to server during the

connection.</p>

<p class="p2">Such an attack is viable if weaknesses in SHA-1 can be

exploited to allow a brute force attack on the client proof to be

computationally feasible. All parts of the message on which the

client proof is based may be known to an attacker with the exception

of the shared session key and such an attack would concentrate on

revealing this key. If it were possible to reveal the shared session

key in real time then additionally a man-in-the-middle attack would

be feasible.</p>

<p class="p2">The severity of this issue is viewed as Important but

not Critical. Users that rely on SRP (using SHA-1)/over the wire

encryption to protect confidential communication have a long term

risk that the confidentiality of &nbsp;their data may be compromised.

The attack may also be mitigated through the use of other procedures

to protect communications (e.g. a secure VPN).</p>

<p class="p9">The update adds a new directory to the source code tree

(src/common/sha2) containing an implementation of the SHA-2 family of

message digests derived from the implementation published by Olivier

Gay &lt;<a href="mailto:[email protected]">[email protected]</a>&gt;

(see https://github.com/ouah/sha2). The following copyright notice is

included at the request of the original author and applies to the

files in src/common/sha2:</p>

<p class="p10" style="margin-bottom: 0.2in">FIPS 180-2

SHA-224/256/384/512 implementation</p>

<p class="p10" style="margin-bottom: 0.2in">Last update: 02/02/2007</p>

<p class="p10" style="margin-bottom: 0.2in">Issue date: &nbsp;04/30/2005</p>

<p class="p10" style="margin-bottom: 0.2in">https://github.com/ouah/sha2</p>

<p class="p10" style="margin-bottom: 0.2in">&nbsp;</p>

<p class="p10" style="margin-bottom: 0.2in">Copyright (C) 2005, 2007

Olivier Gay &lt;[email protected]&gt;</p>

<p class="p10" style="margin-bottom: 0.2in">All rights reserved.</p>

<p class="p10" style="margin-bottom: 0.2in">&nbsp;</p>

<p class="p10" style="margin-bottom: 0.2in">Redistribution and use in

source and binary forms, with or without</p>

<p class="p10" style="margin-bottom: 0.2in">modification, are

permitted provided that the following conditions</p>

<p class="p10" style="margin-bottom: 0.2in">are met:</p>

<p class="p10" style="margin-bottom: 0.2in">1. Redistributions of

source code must retain the above copyright</p>

<p class="p10" style="margin-bottom: 0.2in">&nbsp; &nbsp;notice, this

list of conditions and the following disclaimer.</p>

<p class="p10" style="margin-bottom: 0.2in">2. Redistributions in

binary form must reproduce the above copyright</p>

<p class="p10" style="margin-bottom: 0.2in">&nbsp; &nbsp;notice, this

list of conditions and the following disclaimer in the</p>

<p class="p10" style="margin-bottom: 0.2in">&nbsp; &nbsp;documentation

and/or other materials provided with the distribution.</p>

<p class="p10" style="margin-bottom: 0.2in">3. Neither the name of

the project nor the names of its contributors</p>

<p class="p10" style="margin-bottom: 0.2in">&nbsp; &nbsp;may be used

to endorse or promote products derived from this software</p>

<p class="p10" style="margin-bottom: 0.2in">&nbsp; &nbsp;without

specific prior written permission.</p>

<p class="p10" style="margin-bottom: 0.2in">&nbsp;</p>

<p class="p10" style="margin-bottom: 0.2in">THIS SOFTWARE IS PROVIDED

BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND</p>

<p class="p10" style="margin-bottom: 0.2in">ANY EXPRESS OR IMPLIED

WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE</p>

<p class="p10" style="margin-bottom: 0.2in">IMPLIED WARRANTIES OF

MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE</p>

<p class="p10" style="margin-bottom: 0.2in">ARE DISCLAIMED. &nbsp;IN

NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE</p>

<p class="p10" style="margin-bottom: 0.2in">FOR ANY DIRECT, INDIRECT,

INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL</p>

<p class="p10" style="margin-bottom: 0.2in">DAMAGES (INCLUDING, BUT

NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS</p>

<p class="p10" style="margin-bottom: 0.2in">OR SERVICES; LOSS OF USE,

DATA, OR PROFITS; OR BUSINESS INTERRUPTION)</p>

<p class="p10" style="margin-bottom: 0.2in">HOWEVER CAUSED AND ON ANY

THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT</p>

<p class="p10" style="margin-bottom: 0.2in">LIABILITY, OR TORT

(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY</p>

<p class="p10" style="margin-bottom: 0.2in">OUT OF THE USE OF THIS

SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF</p>

<p class="p10" style="margin-bottom: 0.2in">SUCH DAMAGE.</p>

file(GLOB common_src "common/*.cpp" "common/classes/*.cpp" "common/config/*.cpp" "common/os/${OS_DIR}/*.cpp" "common/sha2/*.cpp")

class SrpClient : public StdPlugin<IClientImpl<SrpClient, CheckStatusWrapper> >

virtual RemotePassword* RemotePasswordFactory()=0;

};

template <class SHA> class SrpClientImpl FB_FINAL : public SrpClient

{

explicit SrpClientImpl<SHA>(IPluginConfig* ipc)

: SrpClient(ipc) {}

RemotePassword* RemotePasswordFactory()

{

return FB_NEW RemotePasswordImpl<SHA>;

}

client = RemotePasswordFactory();

SimpleFactory<SrpClientImpl<Sha1> > factory_sha1;

SimpleFactory<SrpClientImpl<sha224> > factory_sha224;

SimpleFactory<SrpClientImpl<sha256> > factory_sha256;

SimpleFactory<SrpClientImpl<sha384> > factory_sha384;

SimpleFactory<SrpClientImpl<sha512> > factory_sha512;

iPlugin->registerPluginFactory(IPluginManager::TYPE_AUTH_CLIENT, RemotePassword::plugName, &factory_sha1);

iPlugin->registerPluginFactory(IPluginManager::TYPE_AUTH_CLIENT, RemotePassword::pluginName(224).c_str(), &factory_sha224);

iPlugin->registerPluginFactory(IPluginManager::TYPE_AUTH_CLIENT, RemotePassword::pluginName(256).c_str(), &factory_sha256);

iPlugin->registerPluginFactory(IPluginManager::TYPE_AUTH_CLIENT, RemotePassword::pluginName(384).c_str(), &factory_sha384);

iPlugin->registerPluginFactory(IPluginManager::TYPE_AUTH_CLIENT, RemotePassword::pluginName(512).c_str(), &factory_sha512);

RemotePasswordImpl<Firebird::Sha1> server;

-lpthread -Wl,-rpath,../../../../gen/Debug/firebird/lib -lrt -o ${file} && ./${file}

template<class SHA>void runTest(int argc, char** argv)

Firebird::BigInteger s("02E268803000000079A478A700000002D1A6979000000026E1601C000000054F");

Firebird::BigInteger s;

RemotePassword* server = FB_NEW RemotePasswordImpl<SHA>();

RemotePassword* client = FB_NEW RemotePasswordImpl<SHA>();

Firebird::BigInteger cProof = client->clientProof(account, salt.c_str(), key1);

Firebird::BigInteger sProof = server->clientProof(account, salt.c_str(), key2);

printf("Proof length = %d\n",cProof.length());

int main(int argc, char** argv)

{

runTest<Firebird::Sha1>(argc,argv);

runTest<Firebird::sha224>(argc,argv);

runTest<Firebird::sha256>(argc,argv);

runTest<Firebird::sha384>(argc,argv);

runTest<Firebird::sha512>(argc,argv);

}