3 # Debian/OpenSSL Weak Key Detector
5 # Copyright (C) 2008, Florian Weimer <fw@deneb.enyo.de>
7 # Permission to use, copy, modify, and distribute this software for
8 # any purpose with or without fee is hereby granted, provided that the
9 # above copyright notice and this permission notice appear in all
12 # THE SOFTWARE IS PROVIDED "AS IS" AND FLORIAN WEIMER AND HIS
13 # CONTRIBUTORS DISCLAIM ALL WARRANTIES WITH REGARD TO THIS SOFTWARE
14 # INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN
15 # NO EVENT SHALL FLORIAN WEIMER OR HIS CONTRIBUTORS BE LIABLE FOR ANY
16 # SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
17 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
18 # AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
19 # OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
22 # Blacklist data has been provided by Kees Cook, Peter Palfrader and
25 # Patches and comments are welcome. Please send them to
26 # <fw@deneb.enyo.de>, and use "dowkd" in the subject line.
33 usage: $0 [OPTIONS...] COMMAND [ARGUMENTS...]
37 file: examine files on the command line for weak keys
38 host: examine the specified hosts for weak SSH keys
39 (change destination port with "host -p PORT HOST...")
40 user: examine user SSH keys for weakness; examine all users if no
42 help: show this help screen
43 version: show version information
47 -c FILE: set the database cache file name (default: dowkd.db)
49 dowkd currently handles the following OpenSSH host and user keys,
50 provided they have been generated on a little-endian architecture
51 (such as i386 or amd64): RSA/1024 (both rsa1 and rsa format), RSA/2048
52 and DSA/1024. (The relevant OpenSSH versions in Debian do not support
53 DSA key generation with other sizes.)
55 OpenVPN shared also detected on little-endian architecture.
57 Unencrypted RSA private keys and PEM certificate files generated by
58 OpenSSL are detected, provided they use key lengths of 1024 or 2048
61 Note that the blacklist by dowkd may be incomplete; it is only
62 intended as a quick check.
72 my $db_version = '@DB_VERSION@';
73 my $program_version = '@PROGRAM_VERSION@';
74 my $changelog = <<'EOF';
79 my $db_file = 'dowkd.db';
85 warn "notice: creating database, please wait\n";
86 $db = tie
%db, 'DB_File', $db_file, O_RDWR
| O_CREAT
, 0777, $DB_BTREE
87 or die "error: could not open database: $!\n";
90 while (my $line = <DATA
>) {
91 next if $line =~ /^\**$/;
93 $line =~ /^[0-9a-f]{32}$/ or die "error: invalid data line";
94 $line =~ s/(..)/chr(hex($1))/ge;
98 $found or die "error: no blacklist data found in script\n";
100 # Set at the end so that no incomplete database is left behind.
101 $db{''} = $db_version;
108 $db = tie
%db, 'DB_File', $db_file, O_RDONLY
, 0777, $DB_BTREE
109 or die "error: could not open database: $!\n";
110 my $stored_version = $db{''};
111 $stored_version && $stored_version eq $db_version or create_db
;
118 sub safe_backtick
(@
) {
121 open $fh, '-|', @args
122 or die "error: failed to spawn $args[0]: $!\n";
128 @result = scalar(<$fh>);
131 $?
== 0 or return undef;
140 my $keys_vulnerable = 0;
143 print STDERR
"summary: keys found: $keys_found, weak keys: $keys_vulnerable\n";
146 sub check_hash
($$;$) {
147 my ($name, $hash, $descr) = @_;
149 if (exists $db{$hash}) {
151 $descr = $descr ?
" ($descr)" : '';
152 print "$name: weak key$descr\n";
156 sub ssh_fprint_file
($) {
158 my $data = safe_backtick qw
/ssh-keygen -l -f/, $name;
159 defined $data or return ();
160 my @data = $data =~ /^(\d+) ([0-9a-f]{2}(?::[0-9a-f]{2}){15})/;
161 return @data if @data == 2;
165 sub ssh_fprint_check
($$$$) {
166 my ($name, $type, $length, $hash) = @_;
167 $type =~ /^(?:rsa1?|dsa)\z/ or die;
169 && ($length == 1024 || $length == 2048 || $length == 4096))
170 || ($type eq 'dsa' && $length == 1024)
171 || ($type eq 'rsa1' && $length == 1024)) {
173 $hash =~ s/(..)/chr(hex($1))/ge;
174 check_hash
$name, $hash, "OpenSSH/$type/$length";
175 } elsif ($type eq 'dsa') {
176 print "$name: $length bits DSA key not recommended\n";
178 warn "$name: warning: no blacklist for $type/$length key\n";
184 seek $tmp, 0, 0 or die "seek: $!";
185 truncate $tmp, 0 or die "truncate: $!";
188 sub cleanup_ssh_auth_line
($) {
191 $line =~ /^(?:ssh-(?:rsa|dss)\s|\d+\s+\d+\s+\d)/ and return $line;
194 if ($line =~ /^\s+(.*)/) {
198 if ($line =~ /^"(.*)/) {
202 if ($line =~ /^\\.(.*)/) {
203 # It doesn't matter if we don't deal with \000 properly, we
204 # just need to defuse the backslash character.
208 if ($line =~ /^[a-zA-Z0-9_=+-]+(.*)/) {
209 # Skip multiple harmless characters in one go.
213 if ($line =~ /^.(.*)/) {
214 # Other characters are stripped one by one.
218 return undef; # empty string, no key found
221 if ($line =~ /^"(.*)/) {
225 if ($line =~ /^\\.(.*)/) {
226 # See above, defuse the backslash.
230 if ($line =~ /^[^\\"]+(.*)/) {
234 return undef; # missing closing double quote
237 $line =~ /^(?:ssh-(?:rsa|dss)\s|\d+\s+\d+\s+\d)/ and return $line;
241 sub derive_ssh_auth_type
($) {
243 $line =~ /^ssh-rsa\s/ and return 'rsa';
244 $line =~ /^ssh-dss\s/ and return 'dsa';
245 $line =~ /^\d+\s/ and return 'rsa1';
249 sub from_ssh_auth_line
($$$) {
250 my ($tmp, $name, $line) = @_;
252 return if $line =~ m/^\s*(#|$)/;
255 my $l = cleanup_ssh_auth_line
$line;
259 my $type = derive_ssh_auth_type
$line;
262 print $tmp "$line\n" or die "print: $!";
263 $tmp->flush or die "flush: $!";
264 my ($length, $hash) = ssh_fprint_file
"$tmp";
265 if ($length && $hash) {
266 ssh_fprint_check
"$name", $type, $length, $hash;
271 warn "$name: warning: unparsable line\n";
274 sub from_ssh_auth_file
($) {
277 unless (open $auth, '<', $name) {
278 warn "$name:0: error: open failed: $!\n";
282 my $tmp = new File
::Temp
;
283 while (my $line = <$auth>) {
284 from_ssh_auth_line
$tmp, "$name:$.", $line;
288 sub from_openvpn_key
($) {
291 unless (open $key, '<', $name) {
292 warn "$name:0: open failed: $!\n";
297 while (my $line = <$key>) {
299 if ($line =~ /^-----BEGIN OpenVPN Static key V1-----/) {
302 if ($line =~ /^([0-9a-f]{32})/) {
304 $line =~ s/(..)/chr(hex($1))/ge;
305 check_hash
"$name:$.", $line, "OpenVPN";
308 warn "$name:$.: warning: illegal OpenVPN file format\n";
315 sub openssl_modulus_check
($$) {
316 my ($name, $modulus) = @_;
318 if ($modulus =~ /^Modulus=([A-F0-9]+)$/) {
320 my $length = length($modulus) * 4;
321 if ($length == 1024 || $length == 2048) {
322 my $mod = substr $modulus, length($modulus) - 32;
324 my @mod = $mod =~ /(..)/g;
325 $mod = join('', map { chr(hex($_)) } reverse @mod);
326 check_hash
$name, $mod, "OpenSSL/RSA/$length";
328 warn "$name: warning: no blacklist for OpenSSL/RSA/$length key\n";
331 die "internal error: $modulus\n";
341 unless (open $src, '<', $name) {
342 warn "$name:0: open failed: $!\n";
346 while (my $line = <$src>) {
347 if ($line =~ /^-----BEGIN CERTIFICATE-----/) {
349 $tmp or $tmp = new File
::Temp
;
352 print $tmp $line or die "print: $!";
353 goto LAST
if $line =~ /^-----END CERTIFICATE-----/;
354 } while ($line = <$src>);
356 $tmp->flush or die "flush: $!";
357 my $mod = safe_backtick qw
/openssl x509 -noout -modulus -in/, $tmp;
359 openssl_modulus_check
"$name:$lineno", $mod;
362 warn "$name:$lineno: failed to parse certificate\n";
365 } elsif ($line =~ /^-----BEGIN RSA PRIVATE KEY-----/) {
367 $tmp or $tmp = new File
::Temp
;
370 print $tmp $line or die "print: $!";
371 goto LAST_RSA
if $line =~ /^-----END RSA PRIVATE KEY-----/;
372 } while ($line = <$src>);
374 $tmp->flush or die "flush: $!";
375 my $mod = safe_backtick qw
/openssl rsa -noout -modulus -in/, $tmp;
377 openssl_modulus_check
"$name:$lineno", $mod;
380 warn "$name:$lineno: failed to parse RSA private key\n";
389 sub from_ssh_host
($@
) {
390 my ($port, @names) = @_;
393 my ($name,$aliases,$addrtype,$length,@addrs) = gethostbyname $_;
394 @addrs or warn "warning: host not found: $_\n";
399 push @lines, safe_backtick qw
/ssh-keyscan -t rsa -p/, $port, @names;
400 push @lines, safe_backtick qw
/ssh-keyscan -t dsa -p/, $port, @names;
402 my $tmp = new File
::Temp
;
403 for my $line (@lines) {
404 next if $line =~ /^#/;
405 my ($host, $data) = $line =~ /^(\S+) (.*)$/;
406 from_ssh_auth_line
$tmp, $host, $data;
412 my ($name,$passwd,$uid,$gid,
413 $quota,$comment,$gcos,$dir,$shell,$expire) = getpwnam($user);
415 warn "warning: user $user does not exist\n";
418 for my $name (qw
/authorized_keys authorized_keys2
419 known_hosts known_hosts2
420 id_rsa
.pub id_dsa
.pub identity
.pub
/) {
421 my $file = "$dir/.ssh/$name";
422 from_ssh_auth_file
$file if -r
$file;
426 sub from_user_all
() {
427 # This was one loop initially, but does not work with some Perl
431 while (my $name = getpwent) {
435 from_user
$_ for @names;
438 if (@ARGV && $ARGV[0] eq '-c') {
440 $db_file = shift @ARGV if @ARGV;
444 my $cmd = shift @ARGV;
445 if ($cmd eq 'file') {
446 for my $name (@ARGV) {
447 next if from_openvpn_key
$name;
448 next if from_pem
$name;
449 from_ssh_auth_file
$name;
451 } elsif ($cmd eq 'host') {
457 if ($ARGV[0] eq '-p') {
462 } elsif ($ARGV[0] =~ /-p(\d+)/) {
470 from_ssh_host
$port, @ARGV;
471 } elsif ($cmd eq 'user') {
473 from_user
$_ for @ARGV;
477 } elsif ($cmd eq 'help') {
480 } elsif ($cmd eq 'version') {
481 print "dowkd $program_version (database $db_version)\n\n$changelog";
484 die "error: invalid command, use \"help\" to get help\n";
