Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
The bakery module seems to add a signature to the cookie based on parts of the user data. I'm not sure I follow why you bother with such as a signature. The hash is created with the same encryption key as the cookie is encrypted with, so if you can encrypt cookies you can also create the hash correctly, so it doesn't add any security if my understanding is correct.
Should the signature just be removed and to save some CPU cycles?
Comment | File | Size | Author |
---|---|---|---|
#11 | bakery-606262-11.patch | 10.68 KB | Steven Jones |
#6 | bakery-606262.patch | 9.64 KB | Steven Jones |
#4 | bakery-606262.patch | 5.8 KB | Steven Jones |
Comments
Comment #1
Steven Jones CreditAttribution: Steven Jones commentedOkay, maybe I do see why it is valuable, you're using the 'ecb' block chaining mode on the encryption, you should probably be using 'cbc' at least.
Comment #2
juliangb CreditAttribution: juliangb commentedAny chance of a bit more of an explanation as to why the signature is required, for docs, and why a change of the chaining mode should be made?
Comment #3
Steven Jones CreditAttribution: Steven Jones commentedThis one is a little complex, but here's why the hash is currently needed:
Cookie encryption is done using AES in ECB mode, this means that each block of stuff encrypted is done so in isolation, so someone could take a cookie and swap an encrypted block from another cookie into it. It would be a hard attack to pull off, and I could only think that you would somehow swap out the timestamp of the cookie being valid, but the potential is there.
This 'attack' is currently stopped by adding the hash, so that even if some of the critical data is swapped out, then data in the hash won't be.
What should happen is the hash stays (does no harm really) and the encryption mode is changed to CBC, this would require adding an IV setting to the UI.
Does that make sense?
Comment #4
Steven Jones CreditAttribution: Steven Jones commentedAttached is a patch that does the following:
Implement encryption/decryption in the style of:
http://www.itnewb.com/v/PHP-Encryption-Decryption-Using-the-MCrypt-Libra...
Changes the cypher mode to CTR.
Uses the users entered key to generate a stronger key.
Moves the signature for tamper prevention into the encryption/decryption function itself, which then validates everything in the payload.
This needs eyes on before anyone even thinks about committing it.
Comment #5
Steven Jones CreditAttribution: Steven Jones commentedThis section is just all wrong, tabs and a non-existent $mo variable.
Doxygen doesn't meet coding standards.
Powered by Dreditor.
Comment #6
Steven Jones CreditAttribution: Steven Jones commentedAttached patch addresses the issues above, and adds the following:
Should I be patching against 7.x or 6.x?
Comment #7
juliangb CreditAttribution: juliangb commentedIs there any reason why we have to have the bakery_mix and bakery_unmix functions now?
By the way, I presume that this patch would have to be tested applied to both the master and slave installation?
Powered by Dreditor.
Comment #8
Steven Jones CreditAttribution: Steven Jones commentedYup it'll need testing in isolation to make sure the encryption is doing what it should, and in a master/slave environment.
I've added an 'unmix' function because I think it makes it clearer that bakery_mix and bakery_unmix are opposites of each other.
Comment #9
gregglesThis seems like a nice improvement since it also provides the base64 encoding which is useful in other ways.
The variable $base64encode should ideally be $base64_encoded or something to match Drupal style a bit more.
The best person to review this is David Strauss. Any chance you could re-roll it and then we can ping him?
Comment #10
Steven Jones CreditAttribution: Steven Jones commentedThe patch from #6 actually still applies! But I suspect that there are now lots more places that need to be changed a little. I will work on it...
Comment #11
Steven Jones CreditAttribution: Steven Jones commentedHere's a patch against 7.x-1.x (HEAD). Completely untested.
Comment #12
gregglesHmmm, 7.x-1.x-dev isn't the best place for new patches right now but 6.x-2.x is. Any chance you could reroll it for 6.x-2.x?
Comment #13
Steven Jones CreditAttribution: Steven Jones commentedWill look at this when I get a chance.
Comment #14
gregglesUpdating status to reflect the situation.
Thanks for your help on this, Steven!
Comment #15
coltraneNote, if #1013952: Bakery cookies insecure gets in this will need to be updated for it.
Comment #16
Steven Jones CreditAttribution: Steven Jones commentedComment #17
David StraussActually, the original reason for the hash is because I wrote the original with minimal data (basically, just username) and no encryption. The encryption and additional data were added later. I support using a more secure encryption method, but encryption should generally not be used in place of signature verification.