summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Tänzer <neo@nhng.de>2014-03-11 23:51:11 +0100
committerMichael Tänzer <neo@nhng.de>2014-03-11 23:51:11 +0100
commit29cc1c30533de1f6caa6fa163b95970eee5ab8ef (patch)
tree95b8488238bfa79a310d9657ab41c479dc2d0b79
parentaa325469783363f865665ec7e8cfe24e1157059f (diff)
downloadcacert-29cc1c30533de1f6caa6fa163b95970eee5ab8ef.tar.gz
cacert-29cc1c30533de1f6caa6fa163b95970eee5ab8ef.tar.xz
cacert-29cc1c30533de1f6caa6fa163b95970eee5ab8ef.zip
Source code taken from cacert-20140310.tar.bz2
-rw-r--r--includes/lib/check_weak_key.php95
-rw-r--r--pages/index/0.php6
-rw-r--r--www/keygenIE.js4
3 files changed, 91 insertions, 14 deletions
diff --git a/includes/lib/check_weak_key.php b/includes/lib/check_weak_key.php
index 217b885..8ad2ccf 100644
--- a/includes/lib/check_weak_key.php
+++ b/includes/lib/check_weak_key.php
@@ -128,15 +128,14 @@ function checkWeakKeyText($text)
if ($algorithm === "rsaEncryption")
{
- if (!preg_match('/^\s*RSA Public Key: \((\d+) bit\)$/m', $text,
- $keysize))
+ if (!preg_match('/^\s*RSA Public Key: \((\d+) bit\)$/m', $text, $keysize))
{
return failWithId("checkWeakKeyText(): Couldn't parse the RSA ".
"key size.\nData:\n$text");
} else {
$keysize = intval($keysize[1]);
}
-
+
if ($keysize < 2048)
{
return sprintf(_("The keys that you use are very small ".
@@ -146,8 +145,7 @@ function checkWeakKeyText($text)
"<a href='//wiki.cacert.org/WeakKeys#SmallKey'>",
"</a>");
}
-
-
+
$debianVuln = checkDebianVulnerability($text, $keysize);
if ($debianVuln === true)
{
@@ -165,7 +163,7 @@ function checkWeakKeyText($text)
"checkDebianVulnerability().\nKeysize: $keysize\n".
"Data:\n$text");
}
-
+
if (!preg_match('/^\s*Exponent: (\d+) \(0x[0-9a-fA-F]+\)$/m', $text,
$exponent))
{
@@ -187,9 +185,9 @@ function checkWeakKeyText($text)
"<a href='//wiki.cacert.org/WeakKeys#SmallExponent'>",
"</a>");
} elseif (!(bccomp($exponent, "65537") >= 0 &&
- (bccomp($exponent, "100000") === -1 ||
- // speed things up if way smaller than 2^256
- bccomp($exponent, bcpow("2", "256")) === -1) )) {
+ (bccomp($exponent, "100000") === -1 ||
+ // speed things up if way smaller than 2^256
+ bccomp($exponent, bcpow("2", "256")) === -1) )) {
// 65537 <= exponent < 2^256 recommended by NIST
// not critical but log so we have some statistics about
// affected users
@@ -198,10 +196,83 @@ function checkWeakKeyText($text)
E_USER_NOTICE);
}
}
- }
- /* No weakness found */
- return "";
+ // No weakness found
+ return "";
+ } // End RSA
+
+/*
+//Fails to work due to outdated OpenSSL 0.9.8o
+//For this to work OpenSSL 1.0.1f or newer is required
+//which is currently unavailable on the systems
+//If DSA2048 or longer is used the CSR hangs pending on the signer.
+ if ($algorithm === "dsaEncryption")
+ {
+ if (!preg_match('/^\s*Public Key Algorithm:\s+dsaEncryption\s+pub:\s+([0-9a-fA-F:\s]+)\s+P:\s+([0-9a-fA-F:\s]+)\s+Q:\s+([0-9a-fA-F:\s]+)\s+G:\s+([0-9a-fA-F:\s]+)\s+$/sm', $text, $keydetail))
+ {
+ return failWithId("checkWeakKeyText(): Couldn't parse the DSA ".
+ "key size.\nData:\n$text");
+ }
+
+ $key_pub = strtr(preg_replace("/[^0-9a-fA-F]/", "", $keydetail[1]), "ABCDEF", "abcdef");
+ $key_P = strtr(preg_replace("/[^0-9a-fA-F]/", "", $keydetail[2]), "ABCDEF", "abcdef");
+ $key_Q = strtr(preg_replace("/[^0-9a-fA-F]/", "", $keydetail[3]), "ABCDEF", "abcdef");
+ $key_G = strtr(preg_replace("/[^0-9a-fA-F]/", "", $keydetail[4]), "ABCDEF", "abcdef");
+
+ //Verify the numbers provided by the client
+ $num_pub = @gmp_init($key_pub, 16);
+ $num_P = @gmp_init($key_P, 16);
+ $num_Q = @gmp_init($key_Q, 16);
+ $num_G = @gmp_init($key_G, 16);
+
+ $bit_P = ltrim(gmp_strval($num_P, 2), "0");
+ $keysize = strlen($bit_P);
+
+ if ($keysize < 2048) {
+ return sprintf(_("The keys that you use are very small ".
+ "and therefore insecure. Please generate stronger ".
+ "keys. More information about this issue can be ".
+ "found in %sthe wiki%s"),
+ "<a href='//wiki.cacert.org/WeakKeys#SmallKey'>",
+ "</a>");
+ }
+
+ //Following checks based on description of key generation in Wikipedia
+ //These checks do not ensure a strong key, but at least check for enough sanity in the key material
+ // cf. https://en.wikipedia.org/wiki/Digital_Signature_Algorithm#Key_generation
+
+ //Check that P is prime
+ if(!gmp_testprime($num_P)) {
+ return failWithId("checkWeakKeyText(): The supplied DSA ".
+ "key does seem to have a non-prime public modulus.\nData:\n$text");
+ }
+
+ //Check that Q is prime
+ if(!gmp_testprime($num_Q)) {
+ return failWithId("checkWeakKeyText(): The supplied DSA ".
+ "key does seem to have a non-prime Q-value.\nData:\n$text");
+ }
+
+ //Check if P-1 is diviseable by Q
+ if(0 !== gmp_cmp("1", gmp_mod($num_P, $num_Q))) {
+ return failWithId("checkWeakKeyText(): The supplied DSA ".
+ "key does seem to have P mod Q === 1 (i.e. P-1 is not diviseable by Q).\nData:\n$text");
+ }
+
+ //Check the numbers are all less than the public modulus P
+ if(0 <= gmp_cmp($num_Q, $num_P) || 0 <= gmp_cmp($num_G, $num_P) || 0 <= gmp_cmp($num_pub, $num_P)) {
+ return failWithId("checkWeakKeyText(): The supplied DSA ".
+ "key does seem to be normalized to have Q < P, G < P and pub < P.\nData:\n$text");
+ }
+
+ // No weakness found
+ return "";
+ } // End DSA
+*/
+
+
+ return _("The keys you supplied use an unrecognized algorithm. ".
+ "For security reasons these keys can not be signed by CAcert.");
}
/**
diff --git a/pages/index/0.php b/pages/index/0.php
index b1359f6..c5301d3 100644
--- a/pages/index/0.php
+++ b/pages/index/0.php
@@ -17,7 +17,11 @@
*/ ?>
<h3><?=_("Are you new to CAcert?")?></h3>
-<p><?=sprintf(_("If you want to have free certificates issued to you, join the %s CAcert Community %s."),"<a href=\"https://www.cacert.org/index.php?id=1\">","</a>")?></p>
+<p><?=_("CAcert.org is a community-driven Certificate Authority that issues certificates to the public at large for free.")?></p>
+
+<p><?=_("CAcert's goal is to promote awareness and education on computer security through the use of encryption, specifically by providing cryptographic certificates. These certificates can be used to digitally sign and encrypt email, authenticate and authorize users connecting to websites and secure data transmission over the internet. Any application that supports the Secure Socket Layer Protocol (SSL or TLS) can make use of certificates signed by CAcert, as can any application that uses X.509 certificates, e.g. for encryption or code signing and document signatures.")?></p>
+
+<p><?=sprintf(_("If you want to have free certificates issued to you, %s join the CAcert Community %s."),'<a href="https://www.cacert.org/index.php?id=1">', '</a>')?></p>
<p><?=sprintf(_("If you want to use certificates issued by CAcert, read the CAcert %s Root Distribution License %s."),'<a href="/policy/RootDistributionLicense.php">',"</a>")?>
<?=sprintf(_("This license applies to using the CAcert %s root keys %s."),'<a href="/index.php?id=3">','</a>')?></p>
diff --git a/www/keygenIE.js b/www/keygenIE.js
index be2d184..4c15b23 100644
--- a/www/keygenIE.js
+++ b/www/keygenIE.js
@@ -247,6 +247,7 @@ var CAcert_keygen_IE = function () {
privateKey.Algorithm = algorithmOid;
privateKey.Length = bits;
privateKey.KeyUsage = 0xffffff; // XCN_NCRYPT_ALLOW_ALL_USAGES
+ privateKey.ExportPolicy = 0x1; // XCN_NCRYPT_ALLOW_EXPORT_FLAG
var request = factory.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10");
request.InitializeFromPrivateKey(
@@ -545,7 +546,8 @@ var CAcert_keygen_IE = function () {
}
cenroll.GenKeyFlags = bits << 16; // keysize is encoded in the uper 16 bits
- //cenroll.GenKeyFlags = cenroll.GenKeyFlags | 0x1; //CRYPT_EXPORTABLE
+ // Allow exporting the private key
+ cenroll.GenKeyFlags = cenroll.GenKeyFlags | 0x1; //CRYPT_EXPORTABLE
generatingKeyNotice.style.display = "";