bug 1255: Check for other algorithms than RSA in check_weak_keys()
authorMichael Tänzer <neo@nhng.de>
Sun, 9 Mar 2014 02:00:33 +0000 (03:00 +0100)
committerMichael Tänzer <neo@nhng.de>
Sun, 9 Mar 2014 02:00:33 +0000 (03:00 +0100)
Implemented a check for DSA but is currently disable because the OpenSSL
on the signer would fail anyway. Unknown algorithms are now blocked.

Signed-off-by: Michael Tänzer <neo@nhng.de>
includes/lib/check_weak_key.php

index 217b885..7f96a88 100644 (file)
@@ -126,17 +126,16 @@ function checkWeakKeyText($text)
        }
 
 
        }
 
 
-       if ($algorithm === "rsaEncryption")
-       {
-               if (!preg_match('/^\s*RSA Public Key: \((\d+) bit\)$/m', $text,
-               $keysize))
+       switch ((string)$algorithm) {
+       case "rsaEncryption":
+               if (!preg_match('/^\s*RSA Public Key: \((\d+) bit\)$/m', $text, $keysize))
                {
                        return failWithId("checkWeakKeyText(): Couldn't parse the RSA ".
                                                "key size.\nData:\n$text");
                } else {
                        $keysize = intval($keysize[1]);
                }
                {
                        return failWithId("checkWeakKeyText(): Couldn't parse the RSA ".
                                                "key size.\nData:\n$text");
                } else {
                        $keysize = intval($keysize[1]);
                }
-                       
+
                if ($keysize < 2048)
                {
                        return sprintf(_("The keys that you use are very small ".
                if ($keysize < 2048)
                {
                        return sprintf(_("The keys that you use are very small ".
@@ -146,8 +145,7 @@ function checkWeakKeyText($text)
                                        "<a href='//wiki.cacert.org/WeakKeys#SmallKey'>",
                                        "</a>");
                }
                                        "<a href='//wiki.cacert.org/WeakKeys#SmallKey'>",
                                        "</a>");
                }
-                       
-                       
+
                $debianVuln = checkDebianVulnerability($text, $keysize);
                if ($debianVuln === true)
                {
                $debianVuln = checkDebianVulnerability($text, $keysize);
                if ($debianVuln === true)
                {
@@ -165,7 +163,7 @@ function checkWeakKeyText($text)
                                        "checkDebianVulnerability().\nKeysize: $keysize\n".
                                        "Data:\n$text");
                }
                                        "checkDebianVulnerability().\nKeysize: $keysize\n".
                                        "Data:\n$text");
                }
-                       
+
                if (!preg_match('/^\s*Exponent: (\d+) \(0x[0-9a-fA-F]+\)$/m', $text,
                $exponent))
                {
                if (!preg_match('/^\s*Exponent: (\d+) \(0x[0-9a-fA-F]+\)$/m', $text,
                $exponent))
                {
@@ -187,9 +185,9 @@ function checkWeakKeyText($text)
                                                "<a href='//wiki.cacert.org/WeakKeys#SmallExponent'>",
                                                "</a>");
                        } elseif (!(bccomp($exponent, "65537") >= 0 &&
                                                "<a href='//wiki.cacert.org/WeakKeys#SmallExponent'>",
                                                "</a>");
                        } elseif (!(bccomp($exponent, "65537") >= 0 &&
-                       (bccomp($exponent, "100000") === -1 ||
-                       // speed things up if way smaller than 2^256
-                       bccomp($exponent, bcpow("2", "256")) === -1) )) {
+                                       (bccomp($exponent, "100000") === -1 ||
+                                       // speed things up if way smaller than 2^256
+                                       bccomp($exponent, bcpow("2", "256")) === -1) )) {
                                // 65537 <= exponent < 2^256 recommended by NIST
                                // not critical but log so we have some statistics about
                                // affected users
                                // 65537 <= exponent < 2^256 recommended by NIST
                                // not critical but log so we have some statistics about
                                // affected users
@@ -198,6 +196,82 @@ function checkWeakKeyText($text)
                                E_USER_NOTICE);
                        }
                }
                                E_USER_NOTICE);
                        }
                }
+
+               break;
+
+/*
+//Fails to work due to outdated OpenSSL 0.9.8o
+//For this to work OpenSSL 1.0.1f or newer is required
+//which is currently unavailable on the systems
+//If DSA2048 or longer is used the CSR hangs pending on the signer.
+       case "dsaEncryption":
+               if (!preg_match('/^\s*Public Key Algorithm:\s+dsaEncryption\s+pub:\s+([0-9a-fA-F:\s]+)\s+P:\s+([0-9a-fA-F:\s]+)\s+Q:\s+([0-9a-fA-F:\s]+)\s+G:\s+([0-9a-fA-F:\s]+)\s+$/sm', $text, $keydetail))
+               {
+                       return failWithId("checkWeakKeyText(): Couldn't parse the DSA ".
+                                       "key size.\nData:\n$text");
+               }
+
+               $key_pub = strtr(preg_replace("/[^0-9a-fA-F]/", "", $keydetail[1]), "ABCDEF", "abcdef");
+               $key_P = strtr(preg_replace("/[^0-9a-fA-F]/", "", $keydetail[2]), "ABCDEF", "abcdef");
+               $key_Q = strtr(preg_replace("/[^0-9a-fA-F]/", "", $keydetail[3]), "ABCDEF", "abcdef");
+               $key_G = strtr(preg_replace("/[^0-9a-fA-F]/", "", $keydetail[4]), "ABCDEF", "abcdef");
+
+               //Verify the numbers provided by the client
+               $num_pub = @gmp_init($key_pub, 16);
+               $num_P = @gmp_init($key_P, 16);
+               $num_Q = @gmp_init($key_Q, 16);
+               $num_G = @gmp_init($key_G, 16);
+
+               $bit_pub = ltrim(gmp_strval($num_pub, 2), "0");
+               $bit_P = ltrim(gmp_strval($num_P, 2), "0");
+               $bit_Q = ltrim(gmp_strval($num_Q, 2), "0");
+               $bit_G = ltrim(gmp_strval($num_G, 2), "0");
+
+               $keysize = strlen($bit_P);
+
+               if ($keysize < 2048) {
+                       return sprintf(_("The keys that you use are very small ".
+                                               "and therefore insecure. Please generate stronger ".
+                                               "keys. More information about this issue can be ".
+                                               "found in %sthe wiki%s"),
+                                       "<a href='//wiki.cacert.org/WeakKeys#SmallKey'>",
+                                       "</a>");
+               }
+
+               //Following checks based on description of key generation in Wikipedia
+               //These checks do not ensure a strong key, but at least check for enough sanity in the key material
+               // cf. https://en.wikipedia.org/wiki/Digital_Signature_Algorithm#Key_generation
+
+               //Check that P is prime
+               if(!gmp_testprime($num_P)) {
+                       return failWithId("checkWeakKeyText(): The supplied DSA ".
+                                       "key does seem to have a non-prime public modulus.\nData:\n$text");
+               }
+
+               //Check that Q is prime
+               if(!gmp_testprime($num_Q)) {
+                       return failWithId("checkWeakKeyText(): The supplied DSA ".
+                                       "key does seem to have a non-prime Q-value.\nData:\n$text");
+               }
+
+               //Check if P-1 is diviseable by Q
+               if(0 !== gmp_cmp("1", gmp_mod($num_P, $num_Q))) {
+                       return failWithId("checkWeakKeyText(): The supplied DSA ".
+                                       "key does seem to have P mod Q === 1 (i.e. P-1 is not diviseable by Q).\nData:\n$text");
+               }
+
+               //Check the numbers are all less than the public modulus P
+               if(0 <= gmp_cmp($num_Q, $num_P)) || 0 <= gmp_cmp($num_G, $num_P)) || 0 <= gmp_cmp($num_Y, $num_P))) {
+                       return failWithId("checkWeakKeyText(): The supplied DSA ".
+                                       "key does seem to be normalized to have Q < P, G < P and Y < P.\nData:\n$text");
+               }
+
+               break;
+*/
+
+       default:
+               return _("The keys you supplied use an unrecognized algorithm. ".
+                       "For security reasons these keys can not be signed by CAcert.");
        }
 
        /* No weakness found */
        }
 
        /* No weakness found */