- first implementation (draft) of LOGJAM common primes, see #589, #120

- output polishing of run_drown() - polishing of run_logjam() - decrease severity to high for LOGJAM, see CVE rating
2025-01-03 23:39:45 +01:00 · 2017-01-18 15:53:01 +01:00 · 2017-01-18 15:53:01 +01:00 · 4433345b16
commit 4433345b16
parent b1c80512e6
1 changed files with 41 additions and 17 deletions
--- a/testssl.sh
+++ b/testssl.sh
@ -9526,6 +9526,7 @@ run_logjam() {
     local -i sclient_success=0
     local exportdhe_cipher_list="EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DHE-DSS-RC4-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA"
     local exportdhe_cipher_list_hex="00,63, 00,65, 00,14, 00,11"
+     local all_dhe_ciphers="cc,15, 00,b3, 00,91, c0,97, 00,a3, 00,9f, cc,aa, c0,a3, c0,9f, 00,6b, 00,6a, 00,39, 00,38, 00,c4, 00,c3, 00,88, 00,87, 00,a7, 00,6d, 00,3a, 00,c5, 00,89, 00,ab, cc,ad, c0,a7, c0,43, c0,45, c0,47, c0,53, c0,57, c0,5b, c0,67, c0,6d, c0,7d, c0,81, c0,85, c0,91, 00,a2, 00,9e, c0,a2, c0,9e, 00,aa, c0,a6, 00,67, 00,40, 00,33, 00,32, 00,be, 00,bd, 00,9a, 00,99, 00,45, 00,44, 00,a6, 00,6c, 00,34, 00,bf, 00,9b, 00,46, 00,b2, 00,90, c0,96, c0,42, c0,44, c0,46, c0,52, c0,56, c0,5a, c0,66, c0,6c, c0,7c, c0,80, c0,84, c0,90, 00,66, 00,18, 00,8e, 00,16, 00,13, 00,1b, 00,8f, 00,63, 00,15, 00,12, 00,1a, 00,65, 00,14, 00,11, 00,19, 00,17, 00,b5, 00,b4, 00,2d"
     local -i i nr_supported_ciphers=0 server_key_exchange_len=0 ephemeral_pub_len=0
     local addtl_warning="" hexc
     local cve="CVE-2015-4000"
@ -9533,6 +9534,7 @@ run_logjam() {
     local hint=""
     local server_key_exchange ephemeral_pub key_bitstring="" dh_p
     local using_sockets=true
+     local spaces="                                           "

     "$SSL_NATIVE" && using_sockets=false

@ -9546,8 +9548,7 @@ run_logjam() {
     fi

     case $nr_supported_ciphers in
-          0)
-               local_problem_ln "$OPENSSL doesn't have any DHE EXPORT ciphers configured"
+          0)   local_problem_ln "$OPENSSL doesn't have any DHE EXPORT ciphers configured"
               fileout "logjam" "WARN" "LOGJAM: Not tested. $OPENSSL doesn't have any DHE EXPORT ciphers configured" "$cve" "$cwe"
               return 3
               ;;
@ -9565,23 +9566,14 @@ run_logjam() {
          sclient_success=$?
          debugme egrep -a "error|failure" $ERRFILE | egrep -av "unable to get local|verify error"
     fi
-     addtl_warning="$addtl_warning, common primes not checked."
-     if "$HAS_DH_BITS" || ( ! "$SSL_NATIVE" && ! "$FAST" && [[ $TLS_NR_CIPHERS -ne 0 ]] ); then
-          if ! "$do_allciphers" && ! "$do_cipher_per_proto"; then
-               addtl_warning="$addtl_warning \"$PROG_NAME -E/-e\" spots candidates"
-          else
-               addtl_warning="$addtl_warning See below for any DH ciphers + bit size"
-          fi
-     fi

     if [[ $sclient_success -eq 0 ]]; then
-          pr_svrty_critical "VULNERABLE (NOT ok)"; out ", uses DHE EXPORT ciphers, common primes not checked."
-          fileout "logjam" "CRITICAL" "LOGJAM: VULNERABLE, uses DHE EXPORT ciphers, common primes not checked." "$cve" "$cwe" "$hint"
+          pr_svrty_high "VULNERABLE (NOT ok):"; out " uses DHE EXPORT ciphers,"
+          fileout "logjam" "HIGH" "LOGJAM: VULNERABLE, uses DHE EXPORT ciphers" "$cve" "$cwe" "$hint"
     else
-          pr_done_best "not vulnerable (OK)"; out "$addtl_warning"
-          fileout "logjam" "OK" "LOGJAM: not vulnerable $addtl_warning" "$cve" "$cwe"
+          pr_done_good "not vulnerable (OK):"; out " no DHE EXPORT ciphers,"; out "$addtl_warning"
+          fileout "logjam" "OK" "LOGJAM: not vulnerable (no DHE EXPORT ciphers) $addtl_warning" "$cve" "$cwe"
     fi
-     outln

     if [[ $DEBUG -ge 2 ]]; then
          if "$using_sockets"; then
@ -9601,7 +9593,7 @@ run_logjam() {

     # Try all ciphers that use an ephemeral DH key. If successful, check whether the key uses a weak prime.
     if "$using_sockets"; then
-          tls_sockets "03" "cc,15, 00,b3, 00,91, c0,97, 00,a3, 00,9f, cc,aa, c0,a3, c0,9f, 00,6b, 00,6a, 00,39, 00,38, 00,c4, 00,c3, 00,88, 00,87, 00,a7, 00,6d, 00,3a, 00,c5, 00,89, 00,ab, cc,ad, c0,a7, c0,43, c0,45, c0,47, c0,53, c0,57, c0,5b, c0,67, c0,6d, c0,7d, c0,81, c0,85, c0,91, 00,a2, 00,9e, c0,a2, c0,9e, 00,aa, c0,a6, 00,67, 00,40, 00,33, 00,32, 00,be, 00,bd, 00,9a, 00,99, 00,45, 00,44, 00,a6, 00,6c, 00,34, 00,bf, 00,9b, 00,46, 00,b2, 00,90, c0,96, c0,42, c0,44, c0,46, c0,52, c0,56, c0,5a, c0,66, c0,6c, c0,7c, c0,80, c0,84, c0,90, 00,66, 00,18, 00,8e, 00,16, 00,13, 00,1b, 00,8f, 00,63, 00,15, 00,12, 00,1a, 00,65, 00,14, 00,11, 00,19, 00,17, 00,b5, 00,b4, 00,2d" "ephemeralkey"
+          tls_sockets "03" "$all_dhe_ciphers" "ephemeralkey"
          sclient_success=$?
          if [[ $sclient_success -eq 0 ]] || [[ $sclient_success -eq 2 ]]; then
               cp "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt" $TMPFILE
@ -9625,13 +9617,45 @@ run_logjam() {
          dh_p="$($OPENSSL pkey -pubin -text -noout <<< "$key_bitstring" | awk '/prime:/,/generator:/' | tail -n +2 | head -n -1)"
          dh_p="$(strip_spaces "$(colon_to_spaces "$(newline_to_spaces "$dh_p")")")"
          [[ "${dh_p:0:2}" == "00" ]] && dh_p="${dh_p:2}"
-          # At this point the DH key's prime has been extracted into $dh_p. Compare is against known weak primes.
+          debugme outln "dh_p: $dh_p"
+          echo "$dh_p" > $TEMPDIR/dh_p.txt
+          common_primes_test $dh_p 
+     else
+          outln " no DH key detected"
+          fileout "LOGJAM_common primes" "OK" "no DH key detected"
     fi
+     outln

     tmpfile_handle $FUNCNAME.txt
     return $sclient_success
 }

+# takes one arg and compares against a predefined set in $TESTSSL_INSTALL_DIR
+common_primes_test() {
+     local common_primes_file="$TESTSSL_INSTALL_DIR/etc/common-primes.txt"
+     local -i lineno_matched=0
+     local comment=""
+
+     if [[ ! -s "$common_primes_file" ]]; then
+          pr_warningln "couldn't read common primes file $common_primes_file"
+          fileout "LOGJAM_common primes" "WARN" "couldn't read common primes file $common_primes_file"
+          return 1
+     else
+          lineno_matched=$(grep -n "$dh_p" "$common_primes_file" 2>/dev/null)
+          if [[ "$lineno_matched" -ne 0 ]]; then
+               # get comment
+               comment="$(awk "NR == $lineno_matched-1" "$common_primes_file" | awk -F'"' '{ print $2 }')"
+#FiXME: probably the high groups/bit sizes whould get a different rating, see paper
+               pr_svrty_high "common prime $comment detected"
+               fileout "LOGJAM_common primes" "HIGH" "common prime $comment detected"
+          else
+               pr_done_good " no common primes detected"
+               fileout "LOGJAM_common primes" "OK" "no common primes detected"
+          fi
+     fi
+     return 0
+}
+

 run_drown() {
     local nr_ciphers_detected ret