yahoo-eng-team team mailing list archive

[Dolph Mathews <1427485@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

Fernet tokens all start with a plaintext string of either "F00" or "F01"
indicating either "version 0" (normal unscoped and scoped tokens) or
"version 1" (trust-based tokens). That versioning lies outside of the
integrity-verified portion of the token, and is thus susceptible to
manipulation by end users.

With only two token versions, this doesn't present any issues that I'm
aware of, but to harden ourselves against the future, we should move
that versioning information into the integrity-verified portion of the
message. Otherwise, we carry of risk of future implementations
inadvertently introducing privilege escalation vulnerabilities, a means
for end users to disable authorization checks by supplying older
versions, etc, etc.

In addition, the format prefix was originally intended to make it easier
for remote clients (keystonemiddleware.auth_token) to parse apart and
validate tokens without going back to talk to Keystone. Since that's not
the plan here (Fernet tokens must be validated with Keystone, since
that's the only place where the encryption keys are accessible), the
entire format prefix ("F00" / "F01") can be dropped, as long as Keystone
can still validate the tokens it's issuing.

** Affects: keystone
     Importance: Medium
     Assignee: Dolph Mathews (dolph)
         Status: New


** Tags: fernet

** Tags added: fernet

** Summary changed:

- Fernet tokens contain non-integrity verified version identifier
+ Fernet tokens contain a version identifier that is not integrity verified

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1427485

Title:
  Fernet tokens contain a version identifier that is not integrity
  verified

Status in OpenStack Identity (Keystone):
  New

Bug description:
  Fernet tokens all start with a plaintext string of either "F00" or
  "F01" indicating either "version 0" (normal unscoped and scoped
  tokens) or "version 1" (trust-based tokens). That versioning lies
  outside of the integrity-verified portion of the token, and is thus
  susceptible to manipulation by end users.

  With only two token versions, this doesn't present any issues that I'm
  aware of, but to harden ourselves against the future, we should move
  that versioning information into the integrity-verified portion of the
  message. Otherwise, we carry of risk of future implementations
  inadvertently introducing privilege escalation vulnerabilities, a
  means for end users to disable authorization checks by supplying older
  versions, etc, etc.

  In addition, the format prefix was originally intended to make it
  easier for remote clients (keystonemiddleware.auth_token) to parse
  apart and validate tokens without going back to talk to Keystone.
  Since that's not the plan here (Fernet tokens must be validated with
  Keystone, since that's the only place where the encryption keys are
  accessible), the entire format prefix ("F00" / "F01") can be dropped,
  as long as Keystone can still validate the tokens it's issuing.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1427485/+subscriptions