3 # Debian/OpenSSL Weak Key Detector
5 # Copyright (C) 2008, Florian Weimer <fw@deneb.enyo.de>
7 # Permission to use, copy, modify, and distribute this software for
8 # any purpose with or without fee is hereby granted, provided that the
9 # above copyright notice and this permission notice appear in all
12 # THE SOFTWARE IS PROVIDED "AS IS" AND FLORIAN WEIMER AND HIS
13 # CONTRIBUTORS DISCLAIM ALL WARRANTIES WITH REGARD TO THIS SOFTWARE
14 # INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN
15 # NO EVENT SHALL FLORIAN WEIMER OR HIS CONTRIBUTORS BE LIABLE FOR ANY
16 # SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
17 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
18 # AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
19 # OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
22 # Blacklist data has been provided by Kees Cook, Peter Palfrader and
25 # Patches and comments are welcome. Please send them to
26 # <fw@deneb.enyo.de>, and use "dowkd" in the subject line.
33 usage: $0 [OPTIONS...] COMMAND [ARGUMENTS...]
37 file: examine files on the command line for weak keys
38 host: examine the specified hosts for weak SSH keys
39 (change destination port with "host -p PORT HOST...")
40 user: examine user SSH keys for weakness; examine all users if no
42 help: show this help screen
43 version: show version information
47 -c FILE: set the database cache file name (default: dowkd.db)
49 dowkd currently handles the following OpenSSH host and user keys,
50 provided they have been generated on a little-endian architecture
51 (such as i386 or amd64):
53 RSA/1024, RSA/2048 (both rsa1 and rsa format)
56 (The relevant OpenSSH versions in Debian do not support DSA key
57 generation with other sizes.)
59 OpenVPN shared also detected if they have been created on
60 little-endian architectures.
62 Unencrypted RSA private keys and PEM certificate files generated by
63 OpenSSL are detected, provided they use key lengths of 1024 or 2048
64 bits (again, only for little-endian architectures).
66 Note that the blacklist by dowkd may be incomplete; it is only
67 intended as a quick check.
77 my $db_version = '@DB_VERSION@';
78 my $program_version = '@PROGRAM_VERSION@';
79 my $changelog = <<'EOF';
84 my $db_file = 'dowkd.db';
90 warn "notice: creating database, please wait\n";
91 $db = tie
%db, 'DB_File', $db_file, O_RDWR
| O_CREAT
, 0777, $DB_BTREE
92 or die "error: could not open database: $!\n";
95 while (my $line = <DATA
>) {
96 next if $line =~ /^\**$/;
98 $line =~ /^[0-9a-f]{32}$/ or die "error: invalid data line";
99 $line =~ s/(..)/chr(hex($1))/ge;
103 $found or die "error: no blacklist data found in script\n";
105 # Set at the end so that no incomplete database is left behind.
106 $db{''} = $db_version;
113 $db = tie
%db, 'DB_File', $db_file, O_RDONLY
, 0777, $DB_BTREE
114 or die "error: could not open database: $!\n";
115 my $stored_version = $db{''};
116 $stored_version && $stored_version eq $db_version or create_db
;
123 sub safe_backtick
(@
) {
126 open $fh, '-|', @args
127 or die "error: failed to spawn $args[0]: $!\n";
133 @result = scalar(<$fh>);
136 $?
== 0 or return undef;
145 my $keys_vulnerable = 0;
148 print STDERR
"summary: keys found: $keys_found, weak keys: $keys_vulnerable\n";
151 sub check_hash
($$;$) {
152 my ($name, $hash, $descr) = @_;
154 if (exists $db{$hash}) {
156 $descr = $descr ?
" ($descr)" : '';
157 print "$name: weak key$descr\n";
161 sub ssh_fprint_file
($) {
163 my $data = safe_backtick qw
/ssh-keygen -l -f/, $name;
164 defined $data or return ();
165 my @data = $data =~ /^(\d+) ([0-9a-f]{2}(?::[0-9a-f]{2}){15})/;
166 return @data if @data == 2;
170 sub ssh_fprint_check
($$$$) {
171 my ($name, $type, $length, $hash) = @_;
172 $type =~ /^(?:rsa1?|dsa)\z/ or die;
174 && ($length == 1024 || $length == 2048 || $length == 4096))
175 || ($type eq 'dsa' && $length == 1024)
176 || ($type eq 'rsa1' && $length == 1024)) {
178 $hash =~ s/(..)/chr(hex($1))/ge;
179 check_hash
$name, $hash, "OpenSSH/$type/$length";
180 } elsif ($type eq 'dsa') {
181 print "$name: $length bits DSA key not recommended\n";
183 warn "$name: warning: no blacklist for $type/$length key\n";
189 seek $tmp, 0, 0 or die "seek: $!";
190 truncate $tmp, 0 or die "truncate: $!";
193 sub cleanup_ssh_auth_line
($) {
196 $line =~ /^(?:ssh-(?:rsa|dss)\s|\d+\s+\d+\s+\d)/ and return $line;
199 if ($line =~ /^\s+(.*)/) {
203 if ($line =~ /^"(.*)/) {
207 if ($line =~ /^\\.(.*)/) {
208 # It doesn't matter if we don't deal with \000 properly, we
209 # just need to defuse the backslash character.
213 if ($line =~ /^[a-zA-Z0-9_=+-]+(.*)/) {
214 # Skip multiple harmless characters in one go.
218 if ($line =~ /^.(.*)/) {
219 # Other characters are stripped one by one.
223 return undef; # empty string, no key found
226 if ($line =~ /^"(.*)/) {
230 if ($line =~ /^\\.(.*)/) {
231 # See above, defuse the backslash.
235 if ($line =~ /^[^\\"]+(.*)/) {
239 return undef; # missing closing double quote
242 $line =~ /^(?:ssh-(?:rsa|dss)\s|\d+\s+\d+\s+\d)/ and return $line;
246 sub derive_ssh_auth_type
($) {
248 $line =~ /^ssh-rsa\s/ and return 'rsa';
249 $line =~ /^ssh-dss\s/ and return 'dsa';
250 $line =~ /^\d+\s/ and return 'rsa1';
254 sub from_ssh_auth_line
($$$) {
255 my ($tmp, $name, $line) = @_;
259 my $l = cleanup_ssh_auth_line
$line;
263 my $type = derive_ssh_auth_type
$line;
266 print $tmp "$line\n" or die "print: $!";
267 $tmp->flush or die "flush: $!";
268 my ($length, $hash) = ssh_fprint_file
"$tmp";
269 if ($length && $hash) {
270 ssh_fprint_check
"$name", $type, $length, $hash;
277 sub from_ssh_auth_file
($) {
280 unless (open $auth, '<', $name) {
281 warn "$name:0: error: open failed: $!\n";
285 my $tmp = new File
::Temp
;
287 while (my $line = <$auth>) {
288 next if $line =~ m/^\s*(#|$)/;
289 my $status = from_ssh_auth_line
$tmp, "$name:$.", $line;
291 $last_status and warn "$name:$.: warning: unparsable line\n";
293 $last_status = $status;
297 sub from_openvpn_key
($) {
300 unless (open $key, '<', $name) {
301 warn "$name:0: open failed: $!\n";
306 while (my $line = <$key>) {
308 if ($line =~ /^-----BEGIN OpenVPN Static key V1-----/) {
311 if ($line =~ /^([0-9a-f]{32})/) {
313 $line =~ s/(..)/chr(hex($1))/ge;
314 check_hash
"$name:$.", $line, "OpenVPN";
317 warn "$name:$.: warning: illegal OpenVPN file format\n";
324 sub openssl_modulus_check
($$) {
325 my ($name, $modulus) = @_;
327 if ($modulus =~ /^Modulus=([A-F0-9]+)$/) {
329 my $length = length($modulus) * 4;
330 if ($length == 1024 || $length == 2048) {
331 my $mod = substr $modulus, length($modulus) - 32;
333 my @mod = $mod =~ /(..)/g;
334 $mod = join('', map { chr(hex($_)) } reverse @mod);
335 check_hash
$name, $mod, "OpenSSL/RSA/$length";
337 warn "$name: warning: no blacklist for OpenSSL/RSA/$length key\n";
340 die "internal error: $modulus\n";
350 unless (open $src, '<', $name) {
351 warn "$name:0: open failed: $!\n";
355 while (my $line = <$src>) {
356 if ($line =~ /^-----BEGIN CERTIFICATE-----/) {
358 $tmp or $tmp = new File
::Temp
;
361 print $tmp $line or die "print: $!";
362 goto LAST
if $line =~ /^-----END CERTIFICATE-----/;
363 } while ($line = <$src>);
365 $tmp->flush or die "flush: $!";
366 my $mod = safe_backtick qw
/openssl x509 -noout -modulus -in/, $tmp;
368 openssl_modulus_check
"$name:$lineno", $mod;
371 warn "$name:$lineno: failed to parse certificate\n";
374 } elsif ($line =~ /^-----BEGIN RSA PRIVATE KEY-----/) {
376 $tmp or $tmp = new File
::Temp
;
379 print $tmp $line or die "print: $!";
380 goto LAST_RSA
if $line =~ /^-----END RSA PRIVATE KEY-----/;
381 } while ($line = <$src>);
383 $tmp->flush or die "flush: $!";
384 my $mod = safe_backtick qw
/openssl rsa -noout -modulus -in/, $tmp;
386 openssl_modulus_check
"$name:$lineno", $mod;
389 warn "$name:$lineno: failed to parse RSA private key\n";
398 sub from_ssh_host
($@
) {
399 my ($port, @names) = @_;
402 my ($name,$aliases,$addrtype,$length,@addrs) = gethostbyname $_;
403 @addrs or warn "warning: host not found: $_\n";
408 push @lines, safe_backtick qw
/ssh-keyscan -t rsa -p/, $port, @names;
409 push @lines, safe_backtick qw
/ssh-keyscan -t dsa -p/, $port, @names;
411 my $tmp = new File
::Temp
;
412 for my $line (@lines) {
413 next if $line =~ /^#/;
414 my ($host, $data) = $line =~ /^(\S+) (.*)$/;
415 from_ssh_auth_line
$tmp, $host, $data
416 or die "$host: warning: unparsable line\n";
422 my ($name,$passwd,$uid,$gid,
423 $quota,$comment,$gcos,$dir,$shell,$expire) = getpwnam($user);
425 warn "warning: user $user does not exist\n";
428 for my $name (qw
/authorized_keys authorized_keys2
429 known_hosts known_hosts2
430 id_rsa
.pub id_dsa
.pub identity
.pub
/) {
431 my $file = "$dir/.ssh/$name";
432 from_ssh_auth_file
$file if -r
$file;
436 sub from_user_all
() {
437 # This was one loop initially, but does not work with some Perl
441 while (my $name = getpwent) {
445 from_user
$_ for @names;
448 if (@ARGV && $ARGV[0] eq '-c') {
450 $db_file = shift @ARGV if @ARGV;
454 my $cmd = shift @ARGV;
455 if ($cmd eq 'file') {
456 for my $name (@ARGV) {
457 next if from_openvpn_key
$name;
458 next if from_pem
$name;
459 from_ssh_auth_file
$name;
461 } elsif ($cmd eq 'host') {
467 if ($ARGV[0] eq '-p') {
472 } elsif ($ARGV[0] =~ /-p(\d+)/) {
480 from_ssh_host
$port, @ARGV;
481 } elsif ($cmd eq 'user') {
483 from_user
$_ for @ARGV;
487 } elsif ($cmd eq 'help') {
490 } elsif ($cmd eq 'version') {
491 print "dowkd $program_version (database $db_version)\n\n$changelog";
494 die "error: invalid command, use \"help\" to get help\n";
