Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KeyCheck should be verified when attempting user keys from vault storage (currently only from initial passphrase) #51

Open
danielweck opened this issue Jul 25, 2019 · 2 comments
Open

KeyCheck should be verified when attempting user keys from vault storage (currently only from initial passphrase) #51

danielweck opened this issue Jul 25, 2019 · 2 comments

Comments

@danielweck
Copy link
Member

The KeyCheck is correctly verified in DecryptUserKey():

readium-lcp-client/src/lcp-client-lib/CryptoppCryptoProvider.cpp

Lines 232 to 276 in e4c02fd

Status CryptoppCryptoProvider::DecryptUserKey(
const std::string & userPassphrase,
ILicense * license,
KeyType & userKey1,
KeyType & userKey2
)
{
try
{
#if ENABLE_PROFILE_NAMES
IEncryptionProfile * profile = m_encryptionProfilesManager->GetProfile(license->Crypto()->EncryptionProfile());
if (profile == nullptr)
{
return Status(StatusCode::ErrorCommonEncryptionProfileNotFound, "ErrorCommonEncryptionProfileNotFound");
}
#else
IEncryptionProfile * profile = m_encryptionProfilesManager->GetProfile();
#endif //ENABLE_PROFILE_NAMES
std::unique_ptr<IHashAlgorithm> hashAlgorithm(profile->CreateUserKeyAlgorithm());
hashAlgorithm->UpdateHash(userPassphrase);
userKey1 = hashAlgorithm->Hash();
Status resx = this->LegacyPassphraseUserKey(userKey1, userKey2);
if (!Status::IsSuccess(resx)) {
return resx;
}
//http://www.w3.org/2009/xmlenc11#aes256-gcm
//http://www.w3.org/2001/04/xmlenc#aes256-cbc
const std::string algorithm = license->Crypto()->ContentKeyAlgorithm();
std::unique_ptr<ISymmetricAlgorithm> contentKeyAlgorithm(profile->CreateContentKeyAlgorithm(userKey2, algorithm));
std::string id = contentKeyAlgorithm->Decrypt(license->Crypto()->UserKeyCheck());
if (!EqualsUtf8(id, license->Id()))
{
return Status(StatusCode::ErrorDecryptionUserPassphraseNotValid, "ErrorDecryptionUserPassphraseNotValid");
}
return Status(StatusCode::ErrorCommonSuccess);
}
catch (const CryptoPP::Exception & ex)
{
return Status(StatusCode::ErrorDecryptionUserPassphraseNotValid, "ErrorDecryptionUserPassphraseNotValid: " + ex.GetWhat());
}
}

However, it should also be verified in DecryptContentKey():

readium-lcp-client/src/lcp-client-lib/CryptoppCryptoProvider.cpp

Lines 278 to 310 in e4c02fd

Status CryptoppCryptoProvider::DecryptContentKey(
const KeyType & userKey,
ILicense * license,
KeyType & contentKey
)
{
try
{
#if ENABLE_PROFILE_NAMES
IEncryptionProfile * profile = m_encryptionProfilesManager->GetProfile(license->Crypto()->EncryptionProfile());
if (profile == nullptr)
{
return Status(StatusCode::ErrorCommonEncryptionProfileNotFound, "ErrorCommonEncryptionProfileNotFound");
}
#else
IEncryptionProfile * profile = m_encryptionProfilesManager->GetProfile();
#endif //ENABLE_PROFILE_NAMES
//http://www.w3.org/2009/xmlenc11#aes256-gcm
//http://www.w3.org/2001/04/xmlenc#aes256-cbc
const std::string algorithm = license->Crypto()->ContentKeyAlgorithm();
std::unique_ptr<ISymmetricAlgorithm> contentKeyAlgorithm(profile->CreateContentKeyAlgorithm(userKey, algorithm));
std::string decryptedContentKey = contentKeyAlgorithm->Decrypt(license->Crypto()->ContentKey());
contentKey.assign(decryptedContentKey.begin(), decryptedContentKey.end());
return Status(StatusCode::ErrorCommonSuccess);
}
catch (const CryptoPP::Exception & ex)
{
return Status(StatusCode::ErrorDecryptionLicenseEncrypted, "ErrorDecryptionLicenseEncrypted: " + ex.GetWhat());
}
}

The only reason why the current code "works" is because of a fortunate side effect from the CryptoPP lib, which emits an error when an attempt to decrypt a cypher using the wrong key is made, because of incorrect padding number parsing:

readium-lcp-client/src/third-parties/cryptopp/filters.cpp

Line 762 in e4c02fd

throw InvalidCiphertext("StreamTransformationFilter: invalid W3C block padding found");

The source of the problem is DecryptLicenseByStorage():

readium-lcp-client/src/lcp-client-lib/LcpService.cpp

Lines 410 to 459 in e4c02fd

Status LcpService::DecryptLicenseByStorage(ILicense * license)
{
if (m_storageProvider == nullptr)
{
return Status(StatusCode::ErrorCommonNoStorageProvider, "ErrorCommonNoStorageProvider");
}
std::string userKeyHex = m_storageProvider->GetValue(
UserKeysVaultId,
BuildStorageProviderKey(license)
);
if (!userKeyHex.empty())
{
KeyType userKey1;
Status res = m_cryptoProvider->ConvertHexToRaw(userKeyHex, userKey1);
if (!Status::IsSuccess(res))
return res;
KeyType userKey2;
res = m_cryptoProvider->LegacyPassphraseUserKey(userKey1, userKey2);
if (!Status::IsSuccess(res))
return res;
res = this->DecryptLicenseByUserKey(license, userKey2);
if (Status::IsSuccess(res)) {
return res;
}
}
std::unique_ptr<KvStringsIterator> it(m_storageProvider->EnumerateVault(UserKeysVaultId));
for (it->First(); !it->IsDone(); it->Next())
{
std::string userKeyHex = it->Current();
KeyType userKey1;
Status res = m_cryptoProvider->ConvertHexToRaw(userKeyHex, userKey1);
if (!Status::IsSuccess(res))
continue;
KeyType userKey2;
res = m_cryptoProvider->LegacyPassphraseUserKey(userKey1, userKey2);
if (!Status::IsSuccess(res))
continue;
res = this->DecryptLicenseByUserKey(license, userKey2);
if (Status::IsSuccess(res))
return res;
}
return Status(StatusCode::ErrorDecryptionLicenseEncrypted, "ErrorDecryptionLicenseEncrypted");
}

...more specifically m_storageProvider->EnumerateVault which will find the first existing user key that "works", without actually verifying the KeyCheck!

This is the call chain:

OpenLicense() => CheckDecrypted() => DecryptLicenseOnOpening() => DecryptLicenseByStorage()

Then DecryptLicenseByUserKey() => DecryptContentKey() where the KeyCheck verification is missing. Thankfully, we have the CryptoPP "crash" to simulate the KeyCheck verification, but this is VERY hacky!

The line that crashes:

readium-lcp-client/src/lcp-client-lib/CryptoppCryptoProvider.cpp

Line 301 in e4c02fd

std::string decryptedContentKey = contentKeyAlgorithm->Decrypt(license->Crypto()->ContentKey());

...is caught here:

readium-lcp-client/src/lcp-client-lib/CryptoppCryptoProvider.cpp

Lines 306 to 309 in e4c02fd

catch (const CryptoPP::Exception & ex)
{
return Status(StatusCode::ErrorDecryptionLicenseEncrypted, "ErrorDecryptionLicenseEncrypted: " + ex.GetWhat());
}

...which allows graceful continuation of the m_storageProvider->EnumerateVault iteration, here:

readium-lcp-client/src/lcp-client-lib/LcpService.cpp

Lines 454 to 456 in e4c02fd

res = this->DecryptLicenseByUserKey(license, userKey2);
if (Status::IsSuccess(res))
return res;

danielweck added a commit that referenced this issue Jul 25, 2019
@danielweck
this fix introduces a KeyCheck verification for the code path that te…
f89dcac 
…sts existing user keys available in the secret vault (as opposed to the codepath that uses the passphrase to unlock the license), see #51
@danielweck
Copy link
Member Author

Fixed in the feature/latest-working-build-config branch (Pull Request #49)
f89dcac

@danielweck danielweck mentioned this issue Jul 25, 2019
Open
@danielweck
Copy link
Member Author

Follow-up fix for more general UTF8 validation checks:
1c4bb3f

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@danielweck