summaryrefslogtreecommitdiff
path: root/includes/lib/check_weak_key.php
diff options
context:
space:
mode:
Diffstat (limited to 'includes/lib/check_weak_key.php')
-rw-r--r--includes/lib/check_weak_key.php215
1 files changed, 123 insertions, 92 deletions
diff --git a/includes/lib/check_weak_key.php b/includes/lib/check_weak_key.php
index d2aa33d..59c6cd6 100644
--- a/includes/lib/check_weak_key.php
+++ b/includes/lib/check_weak_key.php
@@ -33,37 +33,18 @@ require_once 'general.php';
*/
function checkWeakKeyCSR($csr, $encoding = "PEM")
{
- // non-PEM-encodings may be binary so don't use echo
- $descriptorspec = array(
- 0 => array("pipe", "r"), // STDIN for child
- 1 => array("pipe", "w"), // STDOUT for child
- );
$encoding = escapeshellarg($encoding);
- $proc = proc_open("openssl req -inform $encoding -text -noout",
- $descriptorspec, $pipes);
-
- if (is_resource($proc))
- {
- fwrite($pipes[0], $csr);
- fclose($pipes[0]);
-
- $csrText = "";
- while (!feof($pipes[1]))
- {
- $csrText .= fread($pipes[1], 8192);
- }
- fclose($pipes[1]);
-
- if (($status = proc_close($proc)) !== 0 || $csrText === "")
- {
- return _("I didn't receive a valid Certificate Request, hit ".
- "the back button and try again.");
- }
- } else {
+ $status = runCommand("openssl req -inform $encoding -text -noout",
+ $csr, $csrText);
+ if ($status === true) {
return failWithId("checkWeakKeyCSR(): Failed to start OpenSSL");
}
-
-
+
+ if ($status !== 0 || $csrText === "") {
+ return _("I didn't receive a valid Certificate Request. Hit ".
+ "the back button and try again.");
+ }
+
return checkWeakKeyText($csrText);
}
@@ -80,37 +61,18 @@ function checkWeakKeyCSR($csr, $encoding = "PEM")
*/
function checkWeakKeyX509($cert, $encoding = "PEM")
{
- // non-PEM-encodings may be binary so don't use echo
- $descriptorspec = array(
- 0 => array("pipe", "r"), // STDIN for child
- 1 => array("pipe", "w"), // STDOUT for child
- );
$encoding = escapeshellarg($encoding);
- $proc = proc_open("openssl x509 -inform $encoding -text -noout",
- $descriptorspec, $pipes);
-
- if (is_resource($proc))
- {
- fwrite($pipes[0], $cert);
- fclose($pipes[0]);
-
- $certText = "";
- while (!feof($pipes[1]))
- {
- $certText .= fread($pipes[1], 8192);
- }
- fclose($pipes[1]);
-
- if (($status = proc_close($proc)) !== 0 || $certText === "")
- {
- return _("I didn't receive a valid Certificate Request, hit ".
- "the back button and try again.");
- }
- } else {
- return failWithId("checkWeakKeyCSR(): Failed to start OpenSSL");
+ $status = runCommand("openssl x509 -inform $encoding -text -noout",
+ $cert, $certText);
+ if ($status === true) {
+ return failWithId("checkWeakKeyX509(): Failed to start OpenSSL");
}
-
-
+
+ if ($status !== 0 || $certText === "") {
+ return _("I didn't receive a valid Certificate Request. Hit ".
+ "the back button and try again.");
+ }
+
return checkWeakKeyText($certText);
}
@@ -127,16 +89,17 @@ function checkWeakKeyX509($cert, $encoding = "PEM")
*/
function checkWeakKeySPKAC($spkac, $spkacname = "SPKAC")
{
- /* Check for the debian OpenSSL vulnerability */
-
- $spkac = escapeshellarg($spkac);
$spkacname = escapeshellarg($spkacname);
- $spkacText = `echo $spkac | openssl spkac -spkac $spkacname`;
- if ($spkacText === null) {
- return _("I didn't receive a valid Certificate Request, hit the ".
- "back button and try again.");
+ $status = runCommand("openssl spkac -spkac $spkacname", $spkac, $spkacText);
+ if ($status === true) {
+ return failWithId("checkWeakKeySPKAC(): Failed to start OpenSSL");
}
-
+
+ if ($status !== 0 || $spkacText === "") {
+ return _("I didn't receive a valid Certificate Request. Hit the ".
+ "back button and try again.");
+ }
+
return checkWeakKeyText($spkacText);
}
@@ -157,7 +120,7 @@ function checkWeakKeyText($text)
$algorithm))
{
return failWithId("checkWeakKeyText(): Couldn't extract the ".
- "public key algorithm used");
+ "public key algorithm used.\nData:\n$text");
} else {
$algorithm = $algorithm[1];
}
@@ -165,16 +128,15 @@ function checkWeakKeyText($text)
if ($algorithm === "rsaEncryption")
{
- if (!preg_match('/^\s*RSA Public Key: \((\d+) bit\)$/m', $text,
- $keysize))
+ if (!preg_match('/^\s*RSA Public Key: \((\d+) bit\)$/m', $text, $keysize))
{
return failWithId("checkWeakKeyText(): Couldn't parse the RSA ".
- "key size");
+ "key size.\nData:\n$text");
} else {
$keysize = intval($keysize[1]);
}
-
- if ($keysize < 1024)
+
+ if ($keysize < 2048)
{
return sprintf(_("The keys that you use are very small ".
"and therefore insecure. Please generate stronger ".
@@ -182,14 +144,8 @@ function checkWeakKeyText($text)
"found in %sthe wiki%s"),
"<a href='//wiki.cacert.org/WeakKeys#SmallKey'>",
"</a>");
- } elseif ($keysize < 2048) {
- // not critical but log so we have some statistics about
- // affected users
- trigger_error("checkWeakKeyText(): Certificate for small ".
- "key (< 2048 bit) requested", E_USER_NOTICE);
}
-
-
+
$debianVuln = checkDebianVulnerability($text, $keysize);
if ($debianVuln === true)
{
@@ -204,19 +160,20 @@ function checkWeakKeyText($text)
// not vulnerable => do nothing
} else {
return failWithId("checkWeakKeyText(): Something went wrong in".
- "checkDebianVulnerability()");
+ "checkDebianVulnerability().\nKeysize: $keysize\n".
+ "Data:\n$text");
}
-
+
if (!preg_match('/^\s*Exponent: (\d+) \(0x[0-9a-fA-F]+\)$/m', $text,
$exponent))
{
return failWithId("checkWeakKeyText(): Couldn't parse the RSA ".
- "exponent");
+ "exponent.\nData:\n$text");
} else {
$exponent = $exponent[1]; // exponent might be very big =>
//handle as string using bc*()
- if (bccomp($exponent, "3") === 0)
+ if (bccomp($exponent, "65537") < 0)
{
return sprintf(_("The keys you use might be insecure. ".
"Although there is currently no known attack for ".
@@ -228,9 +185,9 @@ function checkWeakKeyText($text)
"<a href='//wiki.cacert.org/WeakKeys#SmallExponent'>",
"</a>");
} elseif (!(bccomp($exponent, "65537") >= 0 &&
- (bccomp($exponent, "100000") === -1 ||
- // speed things up if way smaller than 2^256
- bccomp($exponent, bcpow("2", "256")) === -1) )) {
+ (bccomp($exponent, "100000") === -1 ||
+ // speed things up if way smaller than 2^256
+ bccomp($exponent, bcpow("2", "256")) === -1) )) {
// 65537 <= exponent < 2^256 recommended by NIST
// not critical but log so we have some statistics about
// affected users
@@ -239,10 +196,83 @@ function checkWeakKeyText($text)
E_USER_NOTICE);
}
}
- }
- /* No weakness found */
- return "";
+ // No weakness found
+ return "";
+ } // End RSA
+
+/*
+//Fails to work due to outdated OpenSSL 0.9.8o
+//For this to work OpenSSL 1.0.1f or newer is required
+//which is currently unavailable on the systems
+//If DSA2048 or longer is used the CSR hangs pending on the signer.
+ if ($algorithm === "dsaEncryption")
+ {
+ if (!preg_match('/^\s*Public Key Algorithm:\s+dsaEncryption\s+pub:\s+([0-9a-fA-F:\s]+)\s+P:\s+([0-9a-fA-F:\s]+)\s+Q:\s+([0-9a-fA-F:\s]+)\s+G:\s+([0-9a-fA-F:\s]+)\s+$/sm', $text, $keydetail))
+ {
+ return failWithId("checkWeakKeyText(): Couldn't parse the DSA ".
+ "key size.\nData:\n$text");
+ }
+
+ $key_pub = strtr(preg_replace("/[^0-9a-fA-F]/", "", $keydetail[1]), "ABCDEF", "abcdef");
+ $key_P = strtr(preg_replace("/[^0-9a-fA-F]/", "", $keydetail[2]), "ABCDEF", "abcdef");
+ $key_Q = strtr(preg_replace("/[^0-9a-fA-F]/", "", $keydetail[3]), "ABCDEF", "abcdef");
+ $key_G = strtr(preg_replace("/[^0-9a-fA-F]/", "", $keydetail[4]), "ABCDEF", "abcdef");
+
+ //Verify the numbers provided by the client
+ $num_pub = @gmp_init($key_pub, 16);
+ $num_P = @gmp_init($key_P, 16);
+ $num_Q = @gmp_init($key_Q, 16);
+ $num_G = @gmp_init($key_G, 16);
+
+ $bit_P = ltrim(gmp_strval($num_P, 2), "0");
+ $keysize = strlen($bit_P);
+
+ if ($keysize < 2048) {
+ return sprintf(_("The keys that you use are very small ".
+ "and therefore insecure. Please generate stronger ".
+ "keys. More information about this issue can be ".
+ "found in %sthe wiki%s"),
+ "<a href='//wiki.cacert.org/WeakKeys#SmallKey'>",
+ "</a>");
+ }
+
+ //Following checks based on description of key generation in Wikipedia
+ //These checks do not ensure a strong key, but at least check for enough sanity in the key material
+ // cf. https://en.wikipedia.org/wiki/Digital_Signature_Algorithm#Key_generation
+
+ //Check that P is prime
+ if(!gmp_testprime($num_P)) {
+ return failWithId("checkWeakKeyText(): The supplied DSA ".
+ "key does seem to have a non-prime public modulus.\nData:\n$text");
+ }
+
+ //Check that Q is prime
+ if(!gmp_testprime($num_Q)) {
+ return failWithId("checkWeakKeyText(): The supplied DSA ".
+ "key does seem to have a non-prime Q-value.\nData:\n$text");
+ }
+
+ //Check if P-1 is diviseable by Q
+ if(0 !== gmp_cmp("1", gmp_mod($num_P, $num_Q))) {
+ return failWithId("checkWeakKeyText(): The supplied DSA ".
+ "key does seem to have P mod Q === 1 (i.e. P-1 is not diviseable by Q).\nData:\n$text");
+ }
+
+ //Check the numbers are all less than the public modulus P
+ if(0 <= gmp_cmp($num_Q, $num_P) || 0 <= gmp_cmp($num_G, $num_P) || 0 <= gmp_cmp($num_pub, $num_P)) {
+ return failWithId("checkWeakKeyText(): The supplied DSA ".
+ "key does seem to be normalized to have Q < P, G < P and pub < P.\nData:\n$text");
+ }
+
+ // No weakness found
+ return "";
+ } // End DSA
+*/
+
+
+ return _("The keys you supplied use an unrecognized algorithm. ".
+ "For security reasons these keys can not be signed by CAcert.");
}
/**
@@ -268,7 +298,8 @@ function checkDebianVulnerability($text, $keysize = 0)
$algorithm))
{
trigger_error("checkDebianVulnerability(): Couldn't extract ".
- "the public key algorithm used", E_USER_WARNING);
+ "the public key algorithm used.\nData:\n$text",
+ E_USER_WARNING);
return null;
} else {
$algorithm = $algorithm[1];
@@ -281,7 +312,7 @@ function checkDebianVulnerability($text, $keysize = 0)
$keysize))
{
trigger_error("checkDebianVulnerability(): Couldn't parse the ".
- "RSA key size", E_USER_WARNING);
+ "RSA key size.\nData:\n$text", E_USER_WARNING);
return null;
} else {
$keysize = intval($keysize[1]);
@@ -312,7 +343,7 @@ function checkDebianVulnerability($text, $keysize = 0)
$text, $modulus))
{
trigger_error("checkDebianVulnerability(): Couldn't extract the ".
- "RSA modulus", E_USER_WARNING);
+ "RSA modulus.\nData:\n$text", E_USER_WARNING);
return null;
} else {
$modulus = $modulus[1];
@@ -339,7 +370,7 @@ function checkDebianVulnerability($text, $keysize = 0)
// $checksum and $blacklist should be safe, but just to make sure
$checksum = escapeshellarg($checksum);
$blacklist = escapeshellarg($blacklist);
- exec("grep $checksum $blacklist", $dummy, $debianVuln);
+ $debianVuln = runCommand("grep $checksum $blacklist");
if ($debianVuln === 0) // grep returned something => it is on the list
{
return true;