Monday, October 22, 2018

Too much fuzz around libssh's CVE-2018-10933

So the other day this trivial looking vulnerability in libssh was disclosed and fixed. The headlines, made it look as if exploitation is really easy. There's even a video of someone demonstrating the exploit.

What seems to be missing however is an actually vulnerable implementation. Allow me to explain.

Just like the currently available public exploit, my idea was to send SSH2_MSG_USERAUTH_SUCCESS instead of SSH2_MSG_USERAUTH_REQUEST. To get this done I choose to patch OpenSSH and let it handle the rest of the SSH protocol for me.

$ autoreconf
$ ./configure
$ make

Next I started the libssh 0.7.5 example ssh_server_fork, fired up my patched OpenSSH and... Nothing.

Looking at the server log:

[2018/10/22 01:15:55.264597, 3] ssh_packet_socket_callback:  packet: read type 52 [len=124,padding=73,comp=50,payload=50]
[2018/10/22 01:15:55.264732, 3] ssh_packet_process:  Dispatching handler for packet type 52
[2018/10/22 01:15:55.264799, 3] ssh_packet_userauth_success:  Authentication successful
[2018/10/22 01:15:55.264853, 3] ssh_packet_socket_callback:  Processing 80 bytes left in socket buffer

[2018/10/22 01:15:55.267131, 3] ssh_message_channel_request_reply_default:  Sending a default channel_request denied to channel 0
[2018/10/22 01:15:55.267222, 3] packet_send2:  packet: wrote [len=12,padding=6,comp=5,payload=5]
[2018/10/22 01:15:55.267363, 3] ssh_socket_unbuffered_write:  Enabling POLLOUT for socket
[2018/10/22 01:15:55.269561, 1] ssh_socket_exception_callback:  Socket exception callback: 1 (0)
[2018/10/22 01:15:55.269667, 1] ssh_socket_exception_callback: 
Socket error: disconnected

So, I was successfully authenticated, but then disconnected. As described in RFC4252 §6, message 52 is SSH_MSG_USERAUTH_SUCCESS.

Source code diving time! I'll not go into all the details that I went through to get to understand libssh and cut right to it. Looking at examples/ssh_server_fork.c, this is essentially what's going on:
  • setup the libssh server and, when a client connects
  • call handle_session
  • setup libssh callbacks, including the auth_password_function
  • while (sdata.authenticated == 0 || == NULL)
  • ssh_event_dopoll(event, 100)
So what is this sdata? If we look at the auth_password function that was assigned as callback function for auth_password_function, we see:

    if (strcmp(user, USER) == 0 && strcmp(pass, PASS) == 0) {
        sdata->authenticated = 1;
        return SSH_AUTH_SUCCESS;

This part of the example implementation of ssh_server_fork is authenticating the user by the provided username and password and only if these match, sdata->authenticated is set to 1. The while-loop will therefore never exit when the exploit is used to authenticate.

The other examples provided in the libssh source package, all use a local state variable to check if the user properly authenticated. I have yet to find any service that implements libssh in a different way.

So, this clearly demonstrates the following paragraph from the original NCC Group's article on this vulnerability:

Not all libSSH servers will necessarily be vulnerable to the authentication bypass; since the authentication bypass sets the internal libSSH state machine to authenticated without ever giving any registered authentication callbacks an opportunity to execute, servers developed using libSSH which maintain additional custom session state may fail to function correctly if a user is authenticated without this state being created.

If you have found a service implementation that is actually vulnerable, I'd be very interested to hear about it in the comments.

Friday, July 21, 2017

SSH-Auth-Caret - Use SSH Agent Socket from remote host

Let's say you have two systems that can connect to the same server. Client1 contains a private key and its SSH agent is forwarded to the server. Now you want to use a private key in that agent on Client2. There are ofcourse some security concerns when using SSH Agent Forwarding, so please do a proper security assessment before using any of this information.

       | SSH Server |
         /a.       \b.
 -----------      ----------      -------------
|  Client 1 |    | Client 2 | c. | Auth.Server |
| |=        |    |          |----| (eg Github) |
| | prv.key |    | ssh/git/ |     -------------
| O         |    | other    |
 -----------      ----------

a. Setup an SSH connection from Client1 to the server, with SSH Agent Forwarding.

On to the server find the socket you want to use. Assuming the sockets are in /tmp/ssh-* and named agent.*, you can use:

server> for SOCK in /tmp/ssh-*/agent*; do export SSH_AUTH_SOCK=$SOCK; echo $SSH_AUTH_SOCK; ssh-add -l; echo; done

b. Copy or note the path of the socket that has the key you'd like to use. Then connect to the server, from client2, and specify a socket forward:

client2> ssh -o StreamLocalBindUnlink=yes -L/tmp/agent-server:/tmp/ssh-S0ck3t/agent.12345 server.example

The StreamLocalBindUnlink=yes allows ssh to remove the local socket (/tmp/agent-server) if it already exists.

/tmp/agent-server is the name of the local socket, you can choose this freely.

/tmp/ssh-S0ck3t/agent.12345 is the copied or noted path of the socket on the server.

c. Keep the SSH connection to the server open. In another terminal you can now use the socket by specifying it in SSH_AUTH_SOCKET:

client2> export SSH_AUTH_SOCK=/tmp/agent-server
client2> ssh-add -l

I've made a script to help finding and selecting the right socket. You can find it on GitHub:

Saturday, December 19, 2015

TPM authentication in OpenVPN and PuTTY SSH

With my new laptop I wanted to ensure my private keys would be safe. This is a brief summary of the steps I've taken to use a private key in my laptop's TPM to authenticate with OpenVPN and SSH.

Create a virtual smart card

Ensure the TPM is activated.

Start a Command Prompt as admin.
Create a Virtual Smart Card [1].
tpmvscmgr.exe create /name "[hostname] VSC" /pin prompt /adminkey random /generate

Enter PIN:
Confirm PIN:
Creating TPM Smart Card...
Initializing the Virtual Smart Card component...
Creating the Virtual Smart Card component...
Initializing the Virtual Smart Card Simulator...
Creating the Virtual Smart Card Simulator...
Initializing the Virtual Smart Card Reader...
Creating the Virtual Smart Card Reader...
Waiting for TPM Smart Card Device...
Authenticating to the TPM Smart Card...
Generating filesystem on the TPM Smart Card...
TPM Smart Card created.
Smart Card Reader Device Instance ID = ROOT\SMARTCARDREADER\0000

Generate a signing request and have the request signed to obtain a certificate.

Create a request template in Notepad and save this as TPM-cert-template.inf [2].
Subject = "CN=[hostname],O=[Organisation],L=[Location],ST=[State],C=[Country]"
Keylength = 2048
Exportable = FALSE
UserProtected = TRUE
MachineKeySet = FALSE
ProviderName = "Microsoft Base Smart Card Crypto Provider"
ProviderType = 1
RequestType = PKCS10
KeyUsage = 0x80

Then generate a Certificate Request (CSR):
certreq -new -f TPM-cert-template.inf TPM-cert.csr

Send the CSR to your CA and have it signed. You should get a certificate in return.

Install the certificate

Double click the received certificate file (most likely .crt or .cer).
Click on the "Install certificate" button and follow the wizard.

When it's done, obtain the fingerprint of the certificate from the Details tab.

Configure OpenVPN to use the cryptoapi and certificate

Edit the OpenVPN profile.
Instead of a "cert" and "key" configure "cryptoapicert" with your fingerprint:
cryptoapicert "THUMB:92 50 9d ea 52 f4 95 ee be a1 c0 4f ab f8 a2 2b 4d 91 0c 0a"

Save the profile and connect.

Enable SSH authentication with the Virtual SmartCard

Download and install puttywincrypt [3].
Configure putty to use the certificate under Connection -> SSH -> Auth by entering [4]:

Update: WinSCP

WinSCP turned out to work with the certificate through pageant when using "SCP" as protocol and checking the checkbox in SSH, Authentication "Attempt authentication using Pageant".

Update: Listing
wmic path win32_PnPEntity where "DeviceID like '%smartcardreader%'" get Caption,DeviceID

Update: Dell XPS 13
After updating my XPS 13's TPM firware to 2.0 I was no longer able to use the TPM certificate for authentication. Trying to revert back to firmware 1.2,  that showed to be working before, failed with an error "Invalid source version". Contacting Dell did not help. They answerd my mails for support with links to online content that I had already found or was irrelevant and finally let me know "TPM is not supported by [Dell]. If the problem is not solved I advise you to contact Intel." Thanks to a post I've found on Reddit [5] I was finally able to revert back to version 1.2 and issue a new certificate.

Sources used

Thursday, April 25, 2013

WiFi QR-code generator

Usage preview

With current (Android) mobiles it is possible to add a WiFi network by scanning a QR-code. Barcode Scanner by ZXing Team is one of the apps recognizing the WiFi QR-codes. Other QR-code generators online (that support WiFi-QR) generate the QR-code server side, which means the data, including the password, is sent over the internet. Since I wasn't comfortable with this, I have created an open source Javascript alternative.

Use this generator to generate a QR-code without having your precious WiFi information sent over the internet. Such a QR-code might, for example, be useful to allow your guests to easily add your WiFi network to their phone when visiting.

Select the encryption used in your network (WEP, WPA or none).
Enter your SSID.
Enter the password for the network.
If the SSID is hidden, set the visibility button to 'Hidden'.
Click 'Generate' and/or 'Print'

Friday, April 12, 2013

PKCS#7 and OpenSSL

In an earlier post I have tried to demonstrate how to verify a PKCS#7 manually, because I wanted to know how such messages work and why it would be secure. Judging by the reactions that were posted I think a lot  you are actually more interested in a proper way of decrypting and verifying PKCS#7 messages with OpenSSL. Therefore I will show you how to encrypt, decrypt, sign and verify PKCS#7 messages, with OpenSSL in a more proper way.

NOTE: to actually use these methods securely could, and probably does, require decent understanding of data encryption!

If you are in doubt, feel free to leave a message and I'll try to be of assistance.


Before we can start encrypting and signing messages we'll require some keys and certificates. Let's create a self-signed certificate based on a new key with the subject "PKCS#7 example".

openssl req -x509 -nodes -newkey rsa:1024 -keyout keyfile.key -out certificate.cer -subj "/CN=PKCS#7 example"

This should result in the creation of two new files:
  • certificate.cer - containing a PEM-encoded X.509 certificate
  • keyfile.key - containing a PEM-encoded (RSA) private key
To view ASN.1 encoded files, both, DER and PEM, with more ease I have created two aliases in my terminal:

alias oad='openssl asn1parse -inform der -in'
alias oap='openssl asn1parse -inform pem -in'

oad is used to "OpenSSL ASN.1 dump DER"
oap is used to "OpenSSL ASN.1 dump PEM"

oap certificate.cer
    0:d=0  hl=4 l= 512 cons: SEQUENCE
    4:d=1  hl=4 l= 361 cons: SEQUENCE
    8:d=2  hl=2 l=   3 cons: cont [ 0 ]
   10:d=3  hl=2 l=   1 prim: INTEGER           :02
   13:d=2  hl=2 l=   9 prim: INTEGER           :D28124BDCEECCCCC
   24:d=2  hl=2 l=  13 cons: SEQUENCE
   26:d=3  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
   37:d=3  hl=2 l=   0 prim: NULL
   39:d=2  hl=2 l=  25 cons: SEQUENCE
   41:d=3  hl=2 l=  23 cons: SET
   43:d=4  hl=2 l=  21 cons: SEQUENCE
   45:d=5  hl=2 l=   3 prim: OBJECT            :commonName
   50:d=5  hl=2 l=  14 prim: UTF8STRING        :PKCS#7 example
   66:d=2  hl=2 l=  30 cons: SEQUENCE
   68:d=3  hl=2 l=  13 prim: UTCTIME           :130412203318Z
   83:d=3  hl=2 l=  13 prim: UTCTIME           :130512203318Z
   98:d=2  hl=2 l=  25 cons: SEQUENCE
  100:d=3  hl=2 l=  23 cons: SET
  102:d=4  hl=2 l=  21 cons: SEQUENCE
  104:d=5  hl=2 l=   3 prim: OBJECT            :commonName
  109:d=5  hl=2 l=  14 prim: UTF8STRING        :PKCS#7 example
  125:d=2  hl=3 l= 159 cons: SEQUENCE
  128:d=3  hl=2 l=  13 cons: SEQUENCE
  130:d=4  hl=2 l=   9 prim: OBJECT            :rsaEncryption
  141:d=4  hl=2 l=   0 prim: NULL
  143:d=3  hl=3 l= 141 prim: BIT STRING
  287:d=2  hl=2 l=  80 cons: cont [ 3 ]
  289:d=3  hl=2 l=  78 cons: SEQUENCE
  291:d=4  hl=2 l=  29 cons: SEQUENCE
  293:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Key Identifier
  298:d=5  hl=2 l=  22 prim: OCTET STRING      [HEX DUMP]:0414B2ED2165623A8E3E5EB9652E781590C314EFC5B6
  322:d=4  hl=2 l=  31 cons: SEQUENCE
  324:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key Identifier
  329:d=5  hl=2 l=  24 prim: OCTET STRING      [HEX DUMP]:30168014B2ED2165623A8E3E5EB9652E781590C314EFC5B6
  355:d=4  hl=2 l=  12 cons: SEQUENCE
  357:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Basic Constraints
  362:d=5  hl=2 l=   5 prim: OCTET STRING      [HEX DUMP]:30030101FF
  369:d=1  hl=2 l=  13 cons: SEQUENCE
  371:d=2  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
  382:d=2  hl=2 l=   0 prim: NULL
  384:d=1  hl=3 l= 129 prim: BIT STRING


Encryption can be used to make a message only available to the target receiver and prevents eavesdropping. The message is encrypted with a public key, quiet often stored in a certificate. Because of the mathematical properties of the private and public key, the message can only be read with possession of the private key. In this example I'll show you how to encrypt a message that is only readable when decrypted with the private key created before. To encrypt a message we'll be using the newly created certificate we're using the smime command of OpenSSL. Have a look at the help for all the available options of this command (openssl smime --help).

Store the message we'll be encrypting in a file:
echo "This message won't be readable until decrypted again." > plain-original.txt

Then encrypt this message using the key from the certificate.cer created earlier. If the outform isn't specified the default output format is smime, for now I'll use pem:
openssl smime -encrypt -in plain-original.txt -outform pem -out encrypted.p7 certificate.cer

Verifiy the encrypted.p7 contains content that looks a bit like this:
oap encrypted.p7
-----BEGIN PKCS7-----
-----END PKCS7-----


A PKCS#7 encrypted message can be recognized by the PKCS#7 content type, which is pkcs7-envelopedData:
oap encrypted.p7
    0:d=0  hl=4 l= 316 cons: SEQUENCE
    4:d=1  hl=2 l=   9 prim: OBJECT            :pkcs7-envelopedData
   15:d=1  hl=4 l= 301 cons: cont [ 0 ]
   19:d=2  hl=4 l= 297 cons: SEQUENCE
   23:d=3  hl=2 l=   1 prim: INTEGER           :00
   26:d=3  hl=3 l= 192 cons: SET
   29:d=4  hl=3 l= 189 cons: SEQUENCE
   32:d=5  hl=2 l=   1 prim: INTEGER           :00
   35:d=5  hl=2 l=  38 cons: SEQUENCE
   37:d=6  hl=2 l=  25 cons: SEQUENCE
   39:d=7  hl=2 l=  23 cons: SET
   41:d=8  hl=2 l=  21 cons: SEQUENCE
   43:d=9  hl=2 l=   3 prim: OBJECT            :commonName
   48:d=9  hl=2 l=  14 prim: UTF8STRING        :PKCS#7 example
   64:d=6  hl=2 l=   9 prim: INTEGER           :D28124BDCEECCCCC
   75:d=5  hl=2 l=  13 cons: SEQUENCE
   77:d=6  hl=2 l=   9 prim: OBJECT            :rsaEncryption
   88:d=6  hl=2 l=   0 prim: NULL
   90:d=5  hl=3 l= 128 prim: OCTET STRING      [HEX DUMP]:7A7782B34EC3C63ABAD847DC4C028AFB8C1072CB1A43154A7CBFB2CB5B31874FB0D5EF8607AE442762595CDB6C15BD6C0373F0CD21B25396AF457F3699BC87C09B7F2552BB7A9A03EE7EBD3FF8961A00D161BED2CF3214E491D18A26B3992DD1129AC2F4FC860A3E1A84C6F2115E788F6436EAD35A257FAD50D871D34E50F335
  221:d=3  hl=2 l=  97 cons: SEQUENCE
  223:d=4  hl=2 l=   9 prim: OBJECT            :pkcs7-data
  234:d=4  hl=2 l=  26 cons: SEQUENCE
  236:d=5  hl=2 l=   8 prim: OBJECT            :rc2-cbc
  246:d=5  hl=2 l=  14 cons: SEQUENCE
  248:d=6  hl=2 l=   2 prim: INTEGER           :A0
  252:d=6  hl=2 l=   8 prim: OCTET STRING      [HEX DUMP]:A05AF334241D3C3C
  262:d=4  hl=2 l=  56 prim: cont [ 0 ]

To decrypt a PKCS#7 envelopedData message we need access to the private key. In this example I will use the private key we've stored in the keyfile.key before. The OpenSSL smime command in used again:
openssl smime -decrypt -inform pem -in encrypted.p7 -inkey keyfile.key
This message won't be readable until decrypted again.


Signing a message in PKCS#7 format is almost as simple as encrypting it. Signing is done with the private key. This allows anyone who has access to the public key to verify that the message was signed by the owner of the matching private key and is used to proof the origin of a message.

Create a message to be signed:
echo "This message could only have been sent by me." > unsigned-original.txt

In this example I'm adding the -nodetach option. This option tells OpenSSL to include the original message in the PKCS#7 structure too. Besides the private key the certificate is also required for signing. This is used by OpenSSL to include a reference to the certificate in the signed message (an Issuer - SerialNumber combination, which should be unique). This reference enables the receiver to find the matching certificate, and thus public key. The command I'm using is as follows:
openssl smime -sign -nodetach -in unsigned-original.txt -out signed.p7 -outform pem -inkey keyfile.key -signer certificate.cer

The content is again PEM-encoded and can be parsed with asn1parse:
cat signed.p7
-----BEGIN PKCS7-----
-----END PKCS7-----

oap signed.p7
    0:d=0  hl=4 l=1046 cons: SEQUENCE
    4:d=1  hl=2 l=   9 prim: OBJECT            :pkcs7-signedData
   15:d=1  hl=4 l=1031 cons: cont [ 0 ]
   19:d=2  hl=4 l=1027 cons: SEQUENCE
   23:d=3  hl=2 l=   1 prim: INTEGER           :01
   26:d=3  hl=2 l=  11 cons: SET
   28:d=4  hl=2 l=   9 cons: SEQUENCE
   30:d=5  hl=2 l=   5 prim: OBJECT            :sha1
   37:d=5  hl=2 l=   0 prim: NULL
   39:d=3  hl=2 l=  62 cons: SEQUENCE
   41:d=4  hl=2 l=   9 prim: OBJECT            :pkcs7-data
   52:d=4  hl=2 l=  49 cons: cont [ 0 ]
   54:d=5  hl=2 l=  47 prim: OCTET STRING      :This message could only have been sent by me.

  103:d=3  hl=4 l= 516 cons: cont [ 0 ]
  107:d=4  hl=4 l= 512 cons: SEQUENCE
  111:d=5  hl=4 l= 361 cons: SEQUENCE
  115:d=6  hl=2 l=   3 cons: cont [ 0 ]
  117:d=7  hl=2 l=   1 prim: INTEGER           :02
  120:d=6  hl=2 l=   9 prim: INTEGER           :D28124BDCEECCCCC
  131:d=6  hl=2 l=  13 cons: SEQUENCE
  133:d=7  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
  144:d=7  hl=2 l=   0 prim: NULL
  146:d=6  hl=2 l=  25 cons: SEQUENCE
  148:d=7  hl=2 l=  23 cons: SET
  150:d=8  hl=2 l=  21 cons: SEQUENCE
  152:d=9  hl=2 l=   3 prim: OBJECT            :commonName
  157:d=9  hl=2 l=  14 prim: UTF8STRING        :PKCS#7 example
  173:d=6  hl=2 l=  30 cons: SEQUENCE
  175:d=7  hl=2 l=  13 prim: UTCTIME           :130412203318Z
  190:d=7  hl=2 l=  13 prim: UTCTIME           :130512203318Z
  205:d=6  hl=2 l=  25 cons: SEQUENCE
  207:d=7  hl=2 l=  23 cons: SET
  209:d=8  hl=2 l=  21 cons: SEQUENCE
  211:d=9  hl=2 l=   3 prim: OBJECT            :commonName
  216:d=9  hl=2 l=  14 prim: UTF8STRING        :PKCS#7 example
  232:d=6  hl=3 l= 159 cons: SEQUENCE
  235:d=7  hl=2 l=  13 cons: SEQUENCE
  237:d=8  hl=2 l=   9 prim: OBJECT            :rsaEncryption
  248:d=8  hl=2 l=   0 prim: NULL
  250:d=7  hl=3 l= 141 prim: BIT STRING
  394:d=6  hl=2 l=  80 cons: cont [ 3 ]
  396:d=7  hl=2 l=  78 cons: SEQUENCE
  398:d=8  hl=2 l=  29 cons: SEQUENCE
  400:d=9  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Key Identifier
  405:d=9  hl=2 l=  22 prim: OCTET STRING      [HEX DUMP]:0414B2ED2165623A8E3E5EB9652E781590C314EFC5B6
  429:d=8  hl=2 l=  31 cons: SEQUENCE
  431:d=9  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key Identifier
  436:d=9  hl=2 l=  24 prim: OCTET STRING      [HEX DUMP]:30168014B2ED2165623A8E3E5EB9652E781590C314EFC5B6
  462:d=8  hl=2 l=  12 cons: SEQUENCE
  464:d=9  hl=2 l=   3 prim: OBJECT            :X509v3 Basic Constraints
  469:d=9  hl=2 l=   5 prim: OCTET STRING      [HEX DUMP]:30030101FF
  476:d=5  hl=2 l=  13 cons: SEQUENCE
  478:d=6  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
  489:d=6  hl=2 l=   0 prim: NULL
  491:d=5  hl=3 l= 129 prim: BIT STRING
  623:d=3  hl=4 l= 423 cons: SET
  627:d=4  hl=4 l= 419 cons: SEQUENCE
  631:d=5  hl=2 l=   1 prim: INTEGER           :01
  634:d=5  hl=2 l=  38 cons: SEQUENCE
  636:d=6  hl=2 l=  25 cons: SEQUENCE
  638:d=7  hl=2 l=  23 cons: SET
  640:d=8  hl=2 l=  21 cons: SEQUENCE
  642:d=9  hl=2 l=   3 prim: OBJECT            :commonName
  647:d=9  hl=2 l=  14 prim: UTF8STRING        :PKCS#7 example
  663:d=6  hl=2 l=   9 prim: INTEGER           :D28124BDCEECCCCC
  674:d=5  hl=2 l=   9 cons: SEQUENCE
  676:d=6  hl=2 l=   5 prim: OBJECT            :sha1
  683:d=6  hl=2 l=   0 prim: NULL
  685:d=5  hl=3 l= 216 cons: cont [ 0 ]
  688:d=6  hl=2 l=  24 cons: SEQUENCE
  690:d=7  hl=2 l=   9 prim: OBJECT            :contentType
  701:d=7  hl=2 l=  11 cons: SET
  703:d=8  hl=2 l=   9 prim: OBJECT            :pkcs7-data
  714:d=6  hl=2 l=  28 cons: SEQUENCE
  716:d=7  hl=2 l=   9 prim: OBJECT            :signingTime
  727:d=7  hl=2 l=  15 cons: SET
  729:d=8  hl=2 l=  13 prim: UTCTIME           :130412211115Z
  744:d=6  hl=2 l=  35 cons: SEQUENCE
  746:d=7  hl=2 l=   9 prim: OBJECT            :messageDigest
  757:d=7  hl=2 l=  22 cons: SET
  759:d=8  hl=2 l=  20 prim: OCTET STRING      [HEX DUMP]:B42A16215A4C519EF094C9ABD42D6C1B457685D6
  781:d=6  hl=2 l= 121 cons: SEQUENCE
  783:d=7  hl=2 l=   9 prim: OBJECT            :S/MIME Capabilities
  794:d=7  hl=2 l= 108 cons: SET
  796:d=8  hl=2 l= 106 cons: SEQUENCE
  798:d=9  hl=2 l=  11 cons: SEQUENCE
  800:d=10 hl=2 l=   9 prim: OBJECT            :aes-256-cbc
  811:d=9  hl=2 l=  11 cons: SEQUENCE
  813:d=10 hl=2 l=   9 prim: OBJECT            :aes-192-cbc
  824:d=9  hl=2 l=  11 cons: SEQUENCE
  826:d=10 hl=2 l=   9 prim: OBJECT            :aes-128-cbc
  837:d=9  hl=2 l=  10 cons: SEQUENCE
  839:d=10 hl=2 l=   8 prim: OBJECT            :des-ede3-cbc
  849:d=9  hl=2 l=  14 cons: SEQUENCE
  851:d=10 hl=2 l=   8 prim: OBJECT            :rc2-cbc
  861:d=10 hl=2 l=   2 prim: INTEGER           :80
  865:d=9  hl=2 l=  13 cons: SEQUENCE
  867:d=10 hl=2 l=   8 prim: OBJECT            :rc2-cbc
  877:d=10 hl=2 l=   1 prim: INTEGER           :40
  880:d=9  hl=2 l=   7 cons: SEQUENCE
  882:d=10 hl=2 l=   5 prim: OBJECT            :des-cbc
  889:d=9  hl=2 l=  13 cons: SEQUENCE
  891:d=10 hl=2 l=   8 prim: OBJECT            :rc2-cbc
  901:d=10 hl=2 l=   1 prim: INTEGER           :28
  904:d=5  hl=2 l=  13 cons: SEQUENCE
  906:d=6  hl=2 l=   9 prim: OBJECT            :rsaEncryption
  917:d=6  hl=2 l=   0 prim: NULL
  919:d=5  hl=3 l= 128 prim: OCTET STRING      [HEX DUMP]:7AB63445189B572CBA73883A57A43413D6D76116314DE54CAFA98713ED29997ECB6DB7DCD2CD4D668B51A445EDE3E36A9AFBD48625ACB7EC7BD2AFF3197CA36414F973218F5A7623A360D25B7755FC23809E62B2276418CFECB9A605213AF83F11A5859284B6861087804EAF4AF4FA2CBA685246280867E2C941EAA7619F4DB9


Verifying a PKCS#7 message is done to verify the authenticity of the message and to make sure it was sent by someone who has access to the private key. OpenSSL also tries to verify the certificate included in the message (or supplied on the commandline in some cases). Because I'm using a self signed certificate in this example the verification of the certificate will fail; because it's not signed by a trusted party.

openssl smime -verify -in signed.p7 -inform pem
Verification failure
2675740:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error:pk7_smime.c:342:Verify error:self signed certificate

To overcome this we could add the -noverify option. This might look a bit weird (openssl verify -noverify...), but the message is still verified against the certificate. It's just the verification of the certificate itself that is skipped. Nevertheless this option should of course only be used when the full implications are understood!
openssl smime -verify -in signed.p7 -inform pem -noverify
This message could only have been sent by me.
Verification successful


OpenSSL is a verify powerful tool that can be a bit hard to operate. Depending on your (security) requirements some of the examples provided might be more suitable to your situation than others. Using these commands, or tailored versions, for troubleshooting or in testing environments should be OK. If however you plan on using these in a production environment, please, and don't take this lightly, consult someone with decent understanding of data encryption and key management!

openssl smime -encrypt -in plain-original.txt -outform pem -out encrypted.p7 certificate.cer

openssl smime -decrypt -inform pem -in encrypted.p7 -inkey keyfile.key

openssl smime -sign -nodetach -in unsigned-original.txt -out signed.p7 -outform pem -inkey keyfile.key -signer certificate.cer

openssl smime -verify -in signed.p7 -inform pem

Friday, March 30, 2012

Arduino CDP viewer - part 2

Following up on Arduino CDP viewer I have updated CdpSniffino on Github.

The retrieved information is now displayed on the attached LCD.
Issues regarding the unexplained freezes seem to be solved by not using SPI and I²C at the same time. Since the Arduino combined with the Ethernet Shield, still has enough free pins to connect the LCD, I haven't dug into this issue and just control the LCD with parallel connections.

Details on connecting the LCD can be found on the Arduino website - LiquidCrystal Tutorial.
I'm using pins 8, 7, 6, 5, 4, 3 and 2. These pins are configured in lcd_control.cpp.

To read two buttons, I'm using my own DebounceButton library, which you'll have to download to use the latest CdpSniffino too.

One button is used to scroll through the retrieved fields, and the other to scroll through the data in the field (when it's too long to display on the LCD).

As always, suggestions are welcome, but I currently don't have much time to implement new features.
I'm very interested to hear if you're using this tool and what you're using it for. So, if you are, please leave a comment.

Saturday, March 3, 2012

Arduino CDP viewer

Finally having a switch that sends CDP packets at home, I was looking for more information about the workings of this very informative protocol. CDP has saved me a lot time on finding the switch to configure, while working with Cisco IP telephones, and improper configured switches.

Wondering how I'd be able to gather CDP information with a small device like a cable tester, I came up with this Arduino CDP Sniffer - CdpSniffino. The CDP implementation is pretty complete, but I'm still working on a nice way to display the information.

You'll need an Arduino, and the Arduino Ethernet shield (or compatible network interface).
These are some idea's of how the information could be displayed on an LCD display (which I have laying around), using sample data from a Cisco IP phone sending CDP packets:

The LCD support is currently a work in progress, and somehow my Arduino freezes after running for a few minutes. On Github, checkout commit 020bf1e257, for a more stable, Serial-output only, version.

If you have any feature or improvement suggestions, please, let me know in the comments below.

Update: continued in Arduino CDP viewer - part 2