Re: [Freeipa-devel] [PATCH 0014] [py3] Replace M2Crypto RC4 with python-cryptography ARC4
Dne 23.7.2015 v 11:06 Christian Heimes napsal(a): On 2015-07-23 10:54, Jan Cholasta wrote: Hi, Dne 23.7.2015 v 10:43 Christian Heimes napsal(a): This patch removes the dependency on M2Crypto in favor for cryptography. Cryptography is more strict about the key size and doesn't support non-standard key sizes: from M2Crypto import RC4 from ipaserver.dcerpc import arcfour_encrypt RC4.RC4(b'key').update(b'data') 'o\r@\x8c' arcfour_encrypt(b'key', b'data') Traceback (most recent call last): ... ValueError: Invalid key size (24) for RC4. Standard key sizes 40, 56, 64, 80, 128, 192 and 256 are supported: arcfour_encrypt(b'key12', b'data') '\xcd\xf80d' RC4.RC4(b'key12').update(b'data') '\xcd\xf80d' http://cryptography.readthedocs.org/en/latest/hazmat/primitives/symmetric-encryption/#cryptography.hazmat.primitives.ciphers.algorithms.ARC4 https://fedorahosted.org/freeipa/ticket/5148 NACK on the spec file change. There is a BuildRequires and Requires on m2crypto, replace them with BuildRequires and Requires on python-cryptography. Argh, m2crypto ... I was looking for M2Crypto (case sensitive). Here is an updated patch. An additional Requires: python-cryptography is not required. server-trust-ad depends on ipa-server which depends on the ipa-python package. The ipa-python package already has Requires: python-cryptography. Thanks, ACK. Pushed to master: a908be2785d4388e3c97c7cd543c817c527d73c9 -- Jan Cholasta -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0014] [py3] Replace M2Crypto RC4 with python-cryptography ARC4
On Thu, 23 Jul 2015, Christian Heimes wrote: On 2015-07-23 11:06, Alexander Bokovoy wrote: On Thu, 23 Jul 2015, Christian Heimes wrote: This patch removes the dependency on M2Crypto in favor for cryptography. Cryptography is more strict about the key size and doesn't support non-standard key sizes: from M2Crypto import RC4 from ipaserver.dcerpc import arcfour_encrypt RC4.RC4(b'key').update(b'data') 'o\r@\x8c' arcfour_encrypt(b'key', b'data') Traceback (most recent call last): ... ValueError: Invalid key size (24) for RC4. Standard key sizes 40, 56, 64, 80, 128, 192 and 256 are supported: arcfour_encrypt(b'key12', b'data') '\xcd\xf80d' RC4.RC4(b'key12').update(b'data') '\xcd\xf80d' Note that we are using NTLMv2 or Kerberos user session keys which are 128 bit long in this context. And please rework the spec file change as Honza noted. Thanks for the feedback regarding the key size, 128bit works. Is RC4 really the only supported algorithm for session keys? RC4 is insecure, especially the first few bytes have a high bias. It may not be much of an issue for short-lived session keys, though. It is not a session key algorithm. It is an algorithm used to encrypt trust authentication information when passing it over. We pass trust authentication information in clear, then encrypt it with a session key for the transfer and on the receiving side DC does unwrapping and uses the clear-text version of the trust secret to derive all needed cross-realm keys. MS-LSAD puts it this way (5.1.1): - Implementations of this protocol protect the LSAPR_TRUSTED_DOMAIN_AUTH_BLOB structure by encrypting the data referenced by that structure's AuthBlob field. The RC4 algorithm is used to encrypt the data on request (and reply) and decrypt the data on receipt. The key, required during runtime by the RC4 algorithm, is the 16-byte key specified by the method that uses this structure (for example, see section 3.1.4.7.10). The size of data (the AuthSize field of LSAPR_TRUSTED_DOMAIN_AUTH_BLOB) must remain unencrypted. -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0014] [py3] Replace M2Crypto RC4 with python-cryptography ARC4
On 2015-07-23 11:06, Alexander Bokovoy wrote: > On Thu, 23 Jul 2015, Christian Heimes wrote: >> This patch removes the dependency on M2Crypto in favor for cryptography. >> Cryptography is more strict about the key size and doesn't support >> non-standard key sizes: >> > from M2Crypto import RC4 > from ipaserver.dcerpc import arcfour_encrypt > RC4.RC4(b'key').update(b'data') >> 'o\r@\x8c' > arcfour_encrypt(b'key', b'data') >> Traceback (most recent call last): >> ... >> ValueError: Invalid key size (24) for RC4. >> >> Standard key sizes 40, 56, 64, 80, 128, 192 and 256 are supported: >> > arcfour_encrypt(b'key12', b'data') >> '\xcd\xf80d' > RC4.RC4(b'key12').update(b'data') >> '\xcd\xf80d' > Note that we are using NTLMv2 or Kerberos user session keys which are > 128 bit long in this context. > > And please rework the spec file change as Honza noted. Thanks for the feedback regarding the key size, 128bit works. Is RC4 really the only supported algorithm for session keys? RC4 is insecure, especially the first few bytes have a high bias. It may not be much of an issue for short-lived session keys, though. Christian signature.asc Description: OpenPGP digital signature -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0014] [py3] Replace M2Crypto RC4 with python-cryptography ARC4
On Thu, 23 Jul 2015, Christian Heimes wrote: This patch removes the dependency on M2Crypto in favor for cryptography. Cryptography is more strict about the key size and doesn't support non-standard key sizes: from M2Crypto import RC4 from ipaserver.dcerpc import arcfour_encrypt RC4.RC4(b'key').update(b'data') 'o\r@\x8c' arcfour_encrypt(b'key', b'data') Traceback (most recent call last): ... ValueError: Invalid key size (24) for RC4. Standard key sizes 40, 56, 64, 80, 128, 192 and 256 are supported: arcfour_encrypt(b'key12', b'data') '\xcd\xf80d' RC4.RC4(b'key12').update(b'data') '\xcd\xf80d' Note that we are using NTLMv2 or Kerberos user session keys which are 128 bit long in this context. And please rework the spec file change as Honza noted. -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0014] [py3] Replace M2Crypto RC4 with python-cryptography ARC4
On 2015-07-23 10:54, Jan Cholasta wrote: > Hi, > > Dne 23.7.2015 v 10:43 Christian Heimes napsal(a): >> This patch removes the dependency on M2Crypto in favor for cryptography. >> Cryptography is more strict about the key size and doesn't support >> non-standard key sizes: >> > from M2Crypto import RC4 > from ipaserver.dcerpc import arcfour_encrypt > RC4.RC4(b'key').update(b'data') >> 'o\r@\x8c' > arcfour_encrypt(b'key', b'data') >> Traceback (most recent call last): >> ... >> ValueError: Invalid key size (24) for RC4. >> >> Standard key sizes 40, 56, 64, 80, 128, 192 and 256 are supported: >> > arcfour_encrypt(b'key12', b'data') >> '\xcd\xf80d' > RC4.RC4(b'key12').update(b'data') >> '\xcd\xf80d' >> >> http://cryptography.readthedocs.org/en/latest/hazmat/primitives/symmetric-encryption/#cryptography.hazmat.primitives.ciphers.algorithms.ARC4 >> >> https://fedorahosted.org/freeipa/ticket/5148 > > NACK on the spec file change. There is a BuildRequires and Requires on > m2crypto, replace them with BuildRequires and Requires on > python-cryptography. Argh, m2crypto ... I was looking for M2Crypto (case sensitive). Here is an updated patch. An additional Requires: python-cryptography is not required. server-trust-ad depends on ipa-server which depends on the ipa-python package. The ipa-python package already has Requires: python-cryptography. Christian From d0a6ab9f9c0723af7ca027fd3522a063428b7f34 Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Tue, 21 Jul 2015 15:18:40 +0200 Subject: [PATCH] [py3] Replace M2Crypto RC4 with python-cryptography ARC4 This patch removes the dependency on M2Crypto in favor for cryptography. Cryptography is more strict about the key size and doesn't support non-standard key sizes: >>> from M2Crypto import RC4 >>> from ipaserver.dcerpc import arcfour_encrypt >>> RC4.RC4(b'key').update(b'data') 'o\r@\x8c' >>> arcfour_encrypt(b'key', b'data') Traceback (most recent call last): ... ValueError: Invalid key size (24) for RC4. Standard key sizes 40, 56, 64, 80, 128, 192 and 256 are supported: >>> arcfour_encrypt(b'key12', b'data') '\xcd\xf80d' >>> RC4.RC4(b'key12').update(b'data') '\xcd\xf80d' http://cryptography.readthedocs.org/en/latest/hazmat/primitives/symmetric-encryption/#cryptography.hazmat.primitives.ciphers.algorithms.ARC4 https://fedorahosted.org/freeipa/ticket/5148 --- freeipa.spec.in | 2 -- ipaserver/dcerpc.py | 15 ++- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/freeipa.spec.in b/freeipa.spec.in index fef20e1f7e6fde9b90851a2686e515a6a779f954..bf04582de949e6fe8ae34ea5a96f32598247aa7e 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -84,7 +84,6 @@ BuildRequires: python-lxml BuildRequires: python-pyasn1 >= 0.0.9a BuildRequires: python-qrcode-core >= 5.0.0 BuildRequires: python-dns >= 1.11.1 -BuildRequires: m2crypto BuildRequires: check BuildRequires: libsss_idmap-devel BuildRequires: libsss_nss_idmap-devel >= 1.12.2 @@ -219,7 +218,6 @@ Integrated DNS server is BIND 9. OpenDNSSEC provides key management. Summary: Virtual package to install packages required for Active Directory trusts Group: System Environment/Base Requires: %{name}-server = %version-%release -Requires: m2crypto Requires: samba-python Requires: samba >= %{samba_version} Requires: samba-winbind diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py index 4de5afb540e880e8948749c2cfa9a019eb807c47..578b3ee209ee988bca4d75bd5b898f339625236c 100644 --- a/ipaserver/dcerpc.py +++ b/ipaserver/dcerpc.py @@ -42,7 +42,8 @@ from samba.ndr import ndr_pack, ndr_print from samba import net import samba import random -from M2Crypto import RC4 +from cryptography.hazmat.primitives.ciphers import Cipher, algorithms +from cryptography.hazmat.backends import default_backend try: from ldap.controls import RequestControl as LDAPControl #pylint: disable=F0401 except ImportError: @@ -120,6 +121,14 @@ def assess_dcerpc_exception(num=None,message=None): message "%(message)s" (both may be "None")''') % dict(num=num, message=message) return errors.RemoteRetrieveError(reason=reason) + +def arcfour_encrypt(key, data): +algorithm = algorithms.ARC4(key) +cipher = Cipher(algorithm, mode=None, backend=default_backend()) +encryptor = cipher.encryptor() +return encryptor.update(data) + + class ExtendedDNControl(LDAPControl): # This class attempts to implement LDAP control that would work # with both python-ldap 2.4.x and 2.3.x, thus there is mix of properties @@ -910,10 +919,6 @@ class TrustDomainInstance(object): self.info['is_pdc'] = (result.role == lsa.LSA_ROLE_PRIMARY) def generate_auth(self, trustdom_secret): -def arcfour_encrypt(key, data): -c = RC4.RC4(key) -return c.update(data) - password_blob = string_to_array(trustdom_secret.encode('utf-16-le')) clear_value = drsblobs.AuthInfoClear() -- 2.4.3 signature.asc
Re: [Freeipa-devel] [PATCH 0014] [py3] Replace M2Crypto RC4 with python-cryptography ARC4
On Thu, 23 Jul 2015, Christian Heimes wrote: This patch removes the dependency on M2Crypto in favor for cryptography. Cryptography is more strict about the key size and doesn't support non-standard key sizes: from M2Crypto import RC4 from ipaserver.dcerpc import arcfour_encrypt RC4.RC4(b'key').update(b'data') 'o\r@\x8c' arcfour_encrypt(b'key', b'data') Traceback (most recent call last): ... ValueError: Invalid key size (24) for RC4. Standard key sizes 40, 56, 64, 80, 128, 192 and 256 are supported: arcfour_encrypt(b'key12', b'data') '\xcd\xf80d' RC4.RC4(b'key12').update(b'data') '\xcd\xf80d' http://cryptography.readthedocs.org/en/latest/hazmat/primitives/symmetric-encryption/#cryptography.hazmat.primitives.ciphers.algorithms.ARC4 https://fedorahosted.org/freeipa/ticket/5148 From da4aa9baa932e335ad0bd0f3cfe2551667c7ca76 Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Tue, 21 Jul 2015 15:18:40 +0200 Subject: [PATCH] [py3] Replace M2Crypto RC4 with python-cryptography ARC4 This patch removes the dependency on M2Crypto in favor for cryptography. Cryptography is more strict about the key size and doesn't support non-standard key sizes: from M2Crypto import RC4 from ipaserver.dcerpc import arcfour_encrypt RC4.RC4(b'key').update(b'data') 'o\r@\x8c' arcfour_encrypt(b'key', b'data') Traceback (most recent call last): ... ValueError: Invalid key size (24) for RC4. Standard key sizes 40, 56, 64, 80, 128, 192 and 256 are supported: arcfour_encrypt(b'key12', b'data') '\xcd\xf80d' RC4.RC4(b'key12').update(b'data') '\xcd\xf80d' http://cryptography.readthedocs.org/en/latest/hazmat/primitives/symmetric-encryption/#cryptography.hazmat.primitives.ciphers.algorithms.ARC4 https://fedorahosted.org/freeipa/ticket/5148 --- freeipa.spec.in | 1 + ipaserver/dcerpc.py | 15 ++- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/freeipa.spec.in b/freeipa.spec.in index fef20e1f7e6fde9b90851a2686e515a6a779f954..afae22430515a9f15eced9e16e0a6e192400e6e2 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -150,6 +150,7 @@ Requires(preun): python systemd-units Requires(postun): python systemd-units Requires: python-dns >= 1.11.1 Requires: python-kdcproxy >= 0.3 +Requires: python-cryptography Requires: zip Requires: policycoreutils >= 2.1.12-5 Requires: tar diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py index 4de5afb540e880e8948749c2cfa9a019eb807c47..578b3ee209ee988bca4d75bd5b898f339625236c 100644 --- a/ipaserver/dcerpc.py +++ b/ipaserver/dcerpc.py @@ -42,7 +42,8 @@ from samba.ndr import ndr_pack, ndr_print from samba import net import samba import random -from M2Crypto import RC4 +from cryptography.hazmat.primitives.ciphers import Cipher, algorithms +from cryptography.hazmat.backends import default_backend try: from ldap.controls import RequestControl as LDAPControl #pylint: disable=F0401 except ImportError: @@ -120,6 +121,14 @@ def assess_dcerpc_exception(num=None,message=None): message "%(message)s" (both may be "None")''') % dict(num=num, message=message) return errors.RemoteRetrieveError(reason=reason) + +def arcfour_encrypt(key, data): +algorithm = algorithms.ARC4(key) +cipher = Cipher(algorithm, mode=None, backend=default_backend()) +encryptor = cipher.encryptor() +return encryptor.update(data) + + class ExtendedDNControl(LDAPControl): # This class attempts to implement LDAP control that would work # with both python-ldap 2.4.x and 2.3.x, thus there is mix of properties @@ -910,10 +919,6 @@ class TrustDomainInstance(object): self.info['is_pdc'] = (result.role == lsa.LSA_ROLE_PRIMARY) def generate_auth(self, trustdom_secret): -def arcfour_encrypt(key, data): -c = RC4.RC4(key) -return c.update(data) - password_blob = string_to_array(trustdom_secret.encode('utf-16-le')) clear_value = drsblobs.AuthInfoClear() -- 2.4.3 ACK. Tested by re-establishing trust to AD. -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0014] [py3] Replace M2Crypto RC4 with python-cryptography ARC4
Hi, Dne 23.7.2015 v 10:43 Christian Heimes napsal(a): This patch removes the dependency on M2Crypto in favor for cryptography. Cryptography is more strict about the key size and doesn't support non-standard key sizes: from M2Crypto import RC4 from ipaserver.dcerpc import arcfour_encrypt RC4.RC4(b'key').update(b'data') 'o\r@\x8c' arcfour_encrypt(b'key', b'data') Traceback (most recent call last): ... ValueError: Invalid key size (24) for RC4. Standard key sizes 40, 56, 64, 80, 128, 192 and 256 are supported: arcfour_encrypt(b'key12', b'data') '\xcd\xf80d' RC4.RC4(b'key12').update(b'data') '\xcd\xf80d' http://cryptography.readthedocs.org/en/latest/hazmat/primitives/symmetric-encryption/#cryptography.hazmat.primitives.ciphers.algorithms.ARC4 https://fedorahosted.org/freeipa/ticket/5148 NACK on the spec file change. There is a BuildRequires and Requires on m2crypto, replace them with BuildRequires and Requires on python-cryptography. Honza -- Jan Cholasta -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [PATCH 0014] [py3] Replace M2Crypto RC4 with python-cryptography ARC4
This patch removes the dependency on M2Crypto in favor for cryptography. Cryptography is more strict about the key size and doesn't support non-standard key sizes: >>> from M2Crypto import RC4 >>> from ipaserver.dcerpc import arcfour_encrypt >>> RC4.RC4(b'key').update(b'data') 'o\r@\x8c' >>> arcfour_encrypt(b'key', b'data') Traceback (most recent call last): ... ValueError: Invalid key size (24) for RC4. Standard key sizes 40, 56, 64, 80, 128, 192 and 256 are supported: >>> arcfour_encrypt(b'key12', b'data') '\xcd\xf80d' >>> RC4.RC4(b'key12').update(b'data') '\xcd\xf80d' http://cryptography.readthedocs.org/en/latest/hazmat/primitives/symmetric-encryption/#cryptography.hazmat.primitives.ciphers.algorithms.ARC4 https://fedorahosted.org/freeipa/ticket/5148 From da4aa9baa932e335ad0bd0f3cfe2551667c7ca76 Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Tue, 21 Jul 2015 15:18:40 +0200 Subject: [PATCH] [py3] Replace M2Crypto RC4 with python-cryptography ARC4 This patch removes the dependency on M2Crypto in favor for cryptography. Cryptography is more strict about the key size and doesn't support non-standard key sizes: >>> from M2Crypto import RC4 >>> from ipaserver.dcerpc import arcfour_encrypt >>> RC4.RC4(b'key').update(b'data') 'o\r@\x8c' >>> arcfour_encrypt(b'key', b'data') Traceback (most recent call last): ... ValueError: Invalid key size (24) for RC4. Standard key sizes 40, 56, 64, 80, 128, 192 and 256 are supported: >>> arcfour_encrypt(b'key12', b'data') '\xcd\xf80d' >>> RC4.RC4(b'key12').update(b'data') '\xcd\xf80d' http://cryptography.readthedocs.org/en/latest/hazmat/primitives/symmetric-encryption/#cryptography.hazmat.primitives.ciphers.algorithms.ARC4 https://fedorahosted.org/freeipa/ticket/5148 --- freeipa.spec.in | 1 + ipaserver/dcerpc.py | 15 ++- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/freeipa.spec.in b/freeipa.spec.in index fef20e1f7e6fde9b90851a2686e515a6a779f954..afae22430515a9f15eced9e16e0a6e192400e6e2 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -150,6 +150,7 @@ Requires(preun): python systemd-units Requires(postun): python systemd-units Requires: python-dns >= 1.11.1 Requires: python-kdcproxy >= 0.3 +Requires: python-cryptography Requires: zip Requires: policycoreutils >= 2.1.12-5 Requires: tar diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py index 4de5afb540e880e8948749c2cfa9a019eb807c47..578b3ee209ee988bca4d75bd5b898f339625236c 100644 --- a/ipaserver/dcerpc.py +++ b/ipaserver/dcerpc.py @@ -42,7 +42,8 @@ from samba.ndr import ndr_pack, ndr_print from samba import net import samba import random -from M2Crypto import RC4 +from cryptography.hazmat.primitives.ciphers import Cipher, algorithms +from cryptography.hazmat.backends import default_backend try: from ldap.controls import RequestControl as LDAPControl #pylint: disable=F0401 except ImportError: @@ -120,6 +121,14 @@ def assess_dcerpc_exception(num=None,message=None): message "%(message)s" (both may be "None")''') % dict(num=num, message=message) return errors.RemoteRetrieveError(reason=reason) + +def arcfour_encrypt(key, data): +algorithm = algorithms.ARC4(key) +cipher = Cipher(algorithm, mode=None, backend=default_backend()) +encryptor = cipher.encryptor() +return encryptor.update(data) + + class ExtendedDNControl(LDAPControl): # This class attempts to implement LDAP control that would work # with both python-ldap 2.4.x and 2.3.x, thus there is mix of properties @@ -910,10 +919,6 @@ class TrustDomainInstance(object): self.info['is_pdc'] = (result.role == lsa.LSA_ROLE_PRIMARY) def generate_auth(self, trustdom_secret): -def arcfour_encrypt(key, data): -c = RC4.RC4(key) -return c.update(data) - password_blob = string_to_array(trustdom_secret.encode('utf-16-le')) clear_value = drsblobs.AuthInfoClear() -- 2.4.3 signature.asc Description: OpenPGP digital signature -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code