3 # Debian/OpenSSL Weak Key Detector
5 # Copyright (C) 2008, Florian Weimer <fw@deneb.enyo.de>
7 # Permission to use, copy, modify, and distribute this software for
8 # any purpose with or without fee is hereby granted, provided that the
9 # above copyright notice and this permission notice appear in all
12 # THE SOFTWARE IS PROVIDED "AS IS" AND FLORIAN WEIMER AND HIS
13 # CONTRIBUTORS DISCLAIM ALL WARRANTIES WITH REGARD TO THIS SOFTWARE
14 # INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN
15 # NO EVENT SHALL FLORIAN WEIMER OR HIS CONTRIBUTORS BE LIABLE FOR ANY
16 # SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
17 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
18 # AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
19 # OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
22 # Blacklist data has been provided by Kees Cook, Peter Palfrader and
25 # Patches and comments are welcome. Please send them to
26 # <fw@deneb.enyo.de>, and use "dowkd" in the subject line.
33 usage: $0 [OPTIONS...] COMMAND [ARGUMENTS...]
37 file: examine files on the command line for weak keys
38 host: examine the specified hosts for weak SSH keys
39 user: examine user SSH keys for weakness; examine all users if no
41 help: show this help screen
42 version: show version information
46 -c FILE: set the database cache file name (default: dowkd.db)
48 dowkd currently handles the following OpenSSH host and user keys,
49 provided they have been generated on a little-endian architecture
50 (such as i386 or amd64): RSA/1024 (both rsa1 and rsa format), RSA/2048
51 and DSA/1024. (The relevant OpenSSH versions in Debian do not support
52 DSA key generation with other sizes.)
54 OpenVPN shared also detected on little-endian architecture.
56 Unencrypted RSA private keys and PEM certificate files generated by
57 OpenSSL are detected, provided they use key lengths of 1024 or 2048
60 Note that the blacklist by dowkd may be incomplete; it is only
61 intended as a quick check.
71 my $db_version = '@DB_VERSION@';
72 my $program_version = '@PROGRAM_VERSION@';
73 my $changelog = <<'EOF';
78 my $db_file = 'dowkd.db';
84 warn "notice: creating database, please wait\n";
85 $db = tie
%db, 'DB_File', $db_file, O_RDWR
| O_CREAT
, 0777, $DB_BTREE
86 or die "error: could not open database: $!\n";
89 while (my $line = <DATA
>) {
90 next if $line =~ /^\**$/;
92 $line =~ /^[0-9a-f]{32}$/ or die "error: invalid data line";
93 $line =~ s/(..)/chr(hex($1))/ge;
97 $found or die "error: no blacklist data found in script\n";
99 # Set at the end so that no incomplete database is left behind.
100 $db{''} = $db_version;
107 $db = tie
%db, 'DB_File', $db_file, O_RDONLY
, 0777, $DB_BTREE
108 or die "error: could not open database: $!\n";
109 my $stored_version = $db{''};
110 $stored_version && $stored_version eq $db_version or create_db
;
117 sub safe_backtick
(@
) {
120 open $fh, '-|', @args
121 or die "error: failed to spawn $args[0]: $!\n";
127 @result = scalar(<$fh>);
130 $?
== 0 or return undef;
139 my $keys_vulnerable = 0;
142 print STDERR
"summary: keys found: $keys_found, weak keys: $keys_vulnerable\n";
145 sub check_hash
($$;$) {
146 my ($name, $hash, $descr) = @_;
148 if (exists $db{$hash}) {
150 $descr = $descr ?
" ($descr)" : '';
151 print "$name: weak key$descr\n";
155 sub ssh_fprint_file
($) {
157 my $data = safe_backtick qw
/ssh-keygen -l -f/, $name;
158 defined $data or return ();
159 my @data = $data =~ /^(\d+) ([0-9a-f]{2}(?::[0-9a-f]{2}){15})/;
160 return @data if @data == 2;
164 sub ssh_fprint_check
($$$$) {
165 my ($name, $type, $length, $hash) = @_;
166 $type =~ /^(?:rsa1?|dsa)\z/ or die;
168 && ($length == 1024 || $length == 2048 || $length == 4096))
169 || ($type eq 'dsa' && $length == 1024)
170 || ($type eq 'rsa1' && $length == 1024)) {
172 $hash =~ s/(..)/chr(hex($1))/ge;
173 check_hash
$name, $hash, "OpenSSH/$type/$length";
174 } elsif ($type eq 'dsa') {
175 print "$name: $length bits DSA key not recommended\n";
177 warn "$name: warning: no blacklist for $type/$length key\n";
183 seek $tmp, 0, 0 or die "seek: $!";
184 truncate $tmp, 0 or die "truncate: $!";
187 sub cleanup_ssh_auth_line
($) {
190 $line =~ /^(?:ssh-(?:rsa|dss)\s|\d+\s+\d+\s+\d)/ and return $line;
193 if ($line =~ /^\s+(.*)/) {
197 if ($line =~ /^"(.*)/) {
201 if ($line =~ /^\\.(.*)/) {
202 # It doesn't matter if we don't deal with \000 properly, we
203 # just need to defuse the backslash character.
207 if ($line =~ /^[a-zA-Z0-9_=+-]+(.*)/) {
208 # Skip multiple harmless characters in one go.
212 if ($line =~ /^.(.*)/) {
213 # Other characters are stripped one by one.
217 return undef; # empty string, no key found
220 if ($line =~ /^"(.*)/) {
224 if ($line =~ /^\\.(.*)/) {
225 # See above, defuse the backslash.
229 if ($line =~ /^[^\\"]+(.*)/) {
233 return undef; # missing closing double quote
236 $line =~ /^(?:ssh-(?:rsa|dss)\s|\d+\s+\d+\s+\d)/ and return $line;
240 sub derive_ssh_auth_type
($) {
242 $line =~ /^ssh-rsa\s/ and return 'rsa';
243 $line =~ /^ssh-dss\s/ and return 'dsa';
244 $line =~ /^\d+\s/ and return 'rsa1';
248 sub from_ssh_auth_line
($$$) {
249 my ($tmp, $name, $line) = @_;
251 return if $line =~ m/^\s*(#|$)/;
254 my $l = cleanup_ssh_auth_line
$line;
258 my $type = derive_ssh_auth_type
$line;
261 print $tmp "$line\n" or die "print: $!";
262 $tmp->flush or die "flush: $!";
263 my ($length, $hash) = ssh_fprint_file
"$tmp";
264 if ($length && $hash) {
265 ssh_fprint_check
"$name", $type, $length, $hash;
270 warn "$name: warning: unparsable line\n";
273 sub from_ssh_auth_file
($) {
276 unless (open $auth, '<', $name) {
277 warn "$name:0: error: open failed: $!\n";
281 my $tmp = new File
::Temp
;
282 while (my $line = <$auth>) {
283 from_ssh_auth_line
$tmp, "$name:$.", $line;
287 sub from_openvpn_key
($) {
290 unless (open $key, '<', $name) {
291 warn "$name:0: open failed: $!\n";
296 while (my $line = <$key>) {
298 if ($line =~ /^-----BEGIN OpenVPN Static key V1-----/) {
301 if ($line =~ /^([0-9a-f]{32})/) {
303 $line =~ s/(..)/chr(hex($1))/ge;
304 check_hash
"$name:$.", $line, "OpenVPN";
307 warn "$name:$.: warning: illegal OpenVPN file format\n";
314 sub openssl_modulus_check
($$) {
315 my ($name, $modulus) = @_;
317 if ($modulus =~ /^Modulus=([A-F0-9]+)$/) {
319 my $length = length($modulus) * 4;
320 if ($length == 1024 || $length == 2048) {
321 my $mod = substr $modulus, length($modulus) - 32;
323 my @mod = $mod =~ /(..)/g;
324 $mod = join('', map { chr(hex($_)) } reverse @mod);
325 check_hash
$name, $mod, "OpenSSL/RSA/$length";
327 warn "$name: warning: no blacklist for OpenSSL/RSA/$length key\n";
330 die "internal error: $modulus\n";
340 unless (open $src, '<', $name) {
341 warn "$name:0: open failed: $!\n";
345 while (my $line = <$src>) {
346 if ($line =~ /^-----BEGIN CERTIFICATE-----/) {
348 $tmp or $tmp = new File
::Temp
;
351 print $tmp $line or die "print: $!";
352 goto LAST
if $line =~ /^-----END CERTIFICATE-----/;
353 } while ($line = <$src>);
355 $tmp->flush or die "flush: $!";
356 my $mod = safe_backtick qw
/openssl x509 -noout -modulus -in/, $tmp;
358 openssl_modulus_check
"$name:$lineno", $mod;
361 warn "$name:$lineno: failed to parse certificate\n";
364 } elsif ($line =~ /^-----BEGIN RSA PRIVATE KEY-----/) {
366 $tmp or $tmp = new File
::Temp
;
369 print $tmp $line or die "print: $!";
370 goto LAST_RSA
if $line =~ /^-----END RSA PRIVATE KEY-----/;
371 } while ($line = <$src>);
373 $tmp->flush or die "flush: $!";
374 my $mod = safe_backtick qw
/openssl rsa -noout -modulus -in/, $tmp;
376 openssl_modulus_check
"$name:$lineno", $mod;
379 warn "$name:$lineno: failed to parse RSA private key\n";
388 sub from_ssh_host
(@
) {
392 my ($name,$aliases,$addrtype,$length,@addrs) = gethostbyname $_;
393 @addrs or warn "warning: host not found: $_\n";
398 push @lines, safe_backtick qw
/ssh-keyscan -t rsa/, @names;
399 push @lines, safe_backtick qw
/ssh-keyscan -t dsa/, @names;
401 my $tmp = new File
::Temp
;
402 for my $line (@lines) {
403 next if $line =~ /^#/;
404 my ($host, $data) = $line =~ /^(\S+) (.*)$/;
405 from_ssh_auth_line
$tmp, $host, $data;
411 my ($name,$passwd,$uid,$gid,
412 $quota,$comment,$gcos,$dir,$shell,$expire) = getpwnam($user);
414 warn "warning: user $user does not exist\n";
417 for my $name (qw
/authorized_keys authorized_keys2
418 known_hosts known_hosts2
419 id_rsa
.pub id_dsa
.pub identity
.pub
/) {
420 my $file = "$dir/.ssh/$name";
421 from_ssh_auth_file
$file if -r
$file;
425 sub from_user_all
() {
426 # This was one loop initially, but does not work with some Perl
430 while (my $name = getpwent) {
434 from_user
$_ for @names;
437 if (@ARGV && $ARGV[0] eq '-c') {
439 $db_file = shift @ARGV if @ARGV;
443 my $cmd = shift @ARGV;
444 if ($cmd eq 'file') {
445 for my $name (@ARGV) {
446 next if from_openvpn_key
$name;
447 next if from_pem
$name;
448 from_ssh_auth_file
$name;
450 } elsif ($cmd eq 'host') {
452 } elsif ($cmd eq 'user') {
454 from_user
$_ for @ARGV;
458 } elsif ($cmd eq 'help') {
461 } elsif ($cmd eq 'version') {
462 print "dowkd $program_version (database $db_version)\n\n$changelog";
465 die "error: invalid command, use \"help\" to get help\n";
