mirror of
https://github.com/jtesta/ssh-audit.git
synced 2024-11-23 02:51:41 +01:00
Fixed parsing of ecdsa-sha2-nistp* CA signatures on host keys. Additionally, they are now flagged as potentially back-doored, just as standard host keys are. (#239)
This commit is contained in:
parent
f326d58068
commit
73b669b49d
@ -181,6 +181,7 @@ For convenience, a web front-end on top of the command-line tool is available at
|
||||
### v3.2.0-dev (???)
|
||||
- Expanded filter of CBC ciphers to flag for the Terrapin vulnerability. It now includes more rarely found ciphers.
|
||||
- Color output is disabled if the `NO_COLOR` environment variable is set (see https://no-color.org/).
|
||||
- Fixed parsing of ecdsa-sha2-nistp* CA signatures on host keys. Additionally, they are now flagged as potentially back-doored, just as standard host keys are.
|
||||
|
||||
### v3.1.0 (2023-12-20)
|
||||
- Added test for the Terrapin message prefix truncation vulnerability ([CVE-2023-48795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795)).
|
||||
|
@ -180,7 +180,7 @@ class HostKeyTest:
|
||||
hostkey_min_good = 256
|
||||
hostkey_min_warn = 224
|
||||
hostkey_warn_str = HostKeyTest.SMALL_ECC_MODULUS_WARNING
|
||||
if ca_key_type.startswith('ssh-ed25519') or host_key_type.startswith('ecdsa-sha2-nistp'):
|
||||
if ca_key_type.startswith('ssh-ed25519') or ca_key_type.startswith('ecdsa-sha2-nistp'):
|
||||
cakey_min_good = 256
|
||||
cakey_min_warn = 224
|
||||
cakey_warn_str = HostKeyTest.SMALL_ECC_MODULUS_WARNING
|
||||
@ -209,6 +209,10 @@ class HostKeyTest:
|
||||
elif (0 < ca_modulus_size < cakey_min_good) and (cakey_warn_str not in key_warn_comments):
|
||||
key_warn_comments.append(cakey_warn_str)
|
||||
|
||||
# If the CA key type uses ECDSA with a NIST P-curve, fail it for possibly being back-doored.
|
||||
if ca_key_type.startswith('ecdsa-sha2-nistp'):
|
||||
key_fail_comments.append('CA key uses elliptic curves that are suspected as being backdoored by the U.S. National Security Agency')
|
||||
|
||||
# If this host key type is in the RSA family, then mark them all as parsed (since results in one are valid for them all).
|
||||
if host_key_type in HostKeyTest.RSA_FAMILY:
|
||||
for rsa_type in HostKeyTest.RSA_FAMILY:
|
||||
|
@ -212,6 +212,15 @@ class KexDH: # pragma: nocover
|
||||
# CA's modulus. Bingo.
|
||||
ca_key_n, ca_key_n_len, ptr = KexDH.__get_bytes(ca_key, ptr) # pylint: disable=unused-variable
|
||||
|
||||
if ca_key_type.startswith("ecdsa-sha2-nistp") and ca_key_n_len > 0:
|
||||
self.out.d("Found ecdsa-sha2-nistp* CA key type.")
|
||||
|
||||
# 0x04 signifies that this is an uncompressed public key (meaning that full X and Y values are provided in ca_key_n.
|
||||
if ca_key_n[0] == 4:
|
||||
ca_key_n_len = ca_key_n_len - 1 # Subtract the 0x04 byte.
|
||||
ca_key_n_len = int(ca_key_n_len / 2) # Divide by 2 since the modulus is the size of either the X or Y value.
|
||||
|
||||
|
||||
else:
|
||||
self.out.d("Certificate type %u found; this is not usually valid in the context of a host key! Skipping it..." % cert_type)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user