aeris
/
cryptcheck
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
96 Commits
2 Branches
Tree: 48cd65e6e2
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '48cd65e6e2'
${ noResults }
cryptcheck/lib/cryptcheck/tls/server.rb

server.rb 15KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512 
  1. require 'socket'

  2. require 'openssl'

  3. require 'httparty'

  4. 

  5. module CryptCheck

  6. 	module Tls

  7. 		class Server

  8. 			TCP_TIMEOUT = 10

  9. 			SSL_TIMEOUT = 2*TCP_TIMEOUT

  10. 

  11. 			class TLSException < ::StandardError

  12. 			end

  13. 			class TLSNotAvailableException < TLSException

  14. 				def to_s

  15. 					'TLS seems not supported on this server'

  16. 				end

  17. 			end

  18. 			class MethodNotAvailable < TLSException

  19. 			end

  20. 			class CipherNotAvailable < TLSException

  21. 			end

  22. 			class InappropriateFallback < TLSException

  23. 			end

  24. 			class Timeout < ::StandardError

  25. 			end

  26. 			class TLSTimeout < Timeout

  27. 			end

  28. 			class ConnectionError < ::StandardError

  29. 			end

  30. 

  31. 			attr_reader :certs, :keys, :dh

  32. 

  33. 			def initialize(hostname, family, ip, port)

  34. 				@hostname, @family, @ip, @port = hostname, family, ip, port

  35. 				@dh                            = []

  36. 

  37. 				@name = "#@ip:#@port"

  38. 				@name += " [#@hostname]" if @hostname

  39. 

  40. 				Logger.info { @name.colorize :blue }

  41. 

  42. 				fetch_supported_methods

  43. 				fetch_supported_ciphers

  44. 				fetch_dh

  45. 				fetch_ciphers_preferences

  46. 				fetch_ecdsa_certs

  47. 				fetch_supported_curves

  48. 				fetch_curves_preference

  49. 

  50. 				check_fallback_scsv

  51. 

  52. 				verify_certs

  53. 				exit

  54. 			end

  55. 

  56. 			def supported_method?(method)

  57. 				ssl_client method

  58. 				Logger.info { "  Method #{method}" }

  59. 				true

  60. 			rescue TLSException

  61. 				Logger.debug { "  Method #{method} : not supported" }

  62. 				false

  63. 			end

  64. 

  65. 			def fetch_supported_methods

  66. 				Logger.info { '' }

  67. 				Logger.info { 'Supported methods' }

  68. 				@supported_methods = Method.select { |m| supported_method? m }

  69. 			end

  70. 

  71. 			def supported_cipher?(method, cipher)

  72. 				connection = ssl_client method, cipher

  73. 				Logger.info { "  Cipher #{cipher}" }

  74. 				dh = connection.tmp_key

  75. 				if dh

  76. 					Logger.info { "    PFS : #{dh}" }

  77. 				end

  78. 				connection

  79. 			rescue TLSException

  80. 				Logger.debug { "  Cipher #{cipher} : not supported" }

  81. 				nil

  82. 			end

  83. 

  84. 			def fetch_supported_ciphers

  85. 				Logger.info { '' }

  86. 				Logger.info { 'Supported ciphers' }

  87. 				@supported_ciphers = @supported_methods.collect do |method|

  88. 					ciphers = Cipher[method].collect do |cipher|

  89. 						connection = supported_cipher? method, cipher

  90. 						next nil unless connection

  91. 						[cipher, connection]

  92. 					end.compact.to_h

  93. 					[method, ciphers]

  94. 				end.to_h

  95. 			end

  96. 

  97. 			def fetch_ciphers_preferences

  98. 				Logger.info { '' }

  99. 				Logger.info { 'Cipher suite preferences' }

  100. 

  101. 				@preferences = @supported_ciphers.collect do |method, ciphers|

  102. 					ciphers     = ciphers.keys

  103. 					preferences = if ciphers.size < 2

  104. 									  Logger.info { "  #{method}  : " + 'not applicable'.colorize(:unknown) }

  105. 									  nil

  106. 								  else

  107. 									  a, b, _ = ciphers

  108. 									  ab      = ssl_client(method, [a, b]).cipher.first

  109. 									  ba      = ssl_client(method, [b, a]).cipher.first

  110. 									  if ab != ba

  111. 										  Logger.info { "  #{method} : " + 'client preference'.colorize(:warning) }

  112. 										  :client

  113. 									  else

  114. 										  sort        = -> (a, b) do

  115. 											  connection = ssl_client method, [a, b]

  116. 											  cipher     = connection.cipher.first

  117. 											  cipher == a.name ? -1 : 1

  118. 										  end

  119. 										  preferences = ciphers.sort &sort

  120. 										  Logger.info { "  #{method}  : " + preferences.collect { |c| c.to_s :short }.join(', ') }

  121. 										  preferences

  122. 									  end

  123. 								  end

  124. 					[method, preferences]

  125. 				end.to_h

  126. 			end

  127. 

  128. 			def fetch_dh

  129. 				@dh = @supported_ciphers.collect do |_, ciphers|

  130. 					ciphers.values.collect(&:tmp_key).select { |d| d.is_a? OpenSSL::PKey::DH }.collect &:size

  131. 				end.flatten

  132. 			end

  133. 

  134. 			def fetch_ecdsa_certs

  135. 				@ecdsa_certs = {}

  136. 

  137. 				@supported_ciphers.each do |method, ciphers|

  138. 					ecdsa = ciphers.keys.detect &:ecdsa?

  139. 					next unless ecdsa

  140. 

  141. 					@ecdsa_certs = Curve.collect do |curve|

  142. 						begin

  143. 							connection = ssl_client method, ecdsa, curves: curve

  144. 							[curve, connection]

  145. 						rescue TLSException

  146. 							nil

  147. 						end

  148. 					end.compact.to_h

  149. 

  150. 					break

  151. 				end

  152. 			end

  153. 

  154. 			def fetch_supported_curves

  155. 				Logger.info { '' }

  156. 				Logger.info { 'Supported elliptic curves' }

  157. 				@supported_curves = []

  158. 

  159. 				ecdsa_curve = @ecdsa_certs.keys.first

  160. 				if ecdsa_curve

  161. 					# If we have an ECDSA cipher, we need at least the certificate curve to do handshake,

  162. 					# but with lowest priority to check for ECHDE and not just ECDSA

  163. 

  164. 					@supported_ciphers.each do |method, ciphers|

  165. 						ecdsa = ciphers.keys.detect &:ecdsa?

  166. 						next unless ecdsa

  167. 						@supported_curves = Curve.select do |curve|

  168. 							next true if curve == ecdsa_curve # ECDSA curve is always supported

  169. 							begin

  170. 								connection       = ssl_client method, ecdsa, curves: [curve, ecdsa_curve]

  171. 								# Not too fast !!!

  172. 								# Handshake will **always** succeed, because ECDSA curve is always supported

  173. 								# So, need to test for the real curve

  174. 								dh               = connection.tmp_key

  175. 								negociated_curve = dh.curve

  176. 								supported        = negociated_curve != ecdsa_curve

  177. 								if supported

  178. 									Logger.info { "  ECC curve #{curve}" }

  179. 								else

  180. 									Logger.debug { "  ECC curve #{curve} : not supported" }

  181. 								end

  182. 								supported

  183. 							rescue TLSException

  184. 								false

  185. 							end

  186. 						end

  187. 						break

  188. 					end

  189. 				else

  190. 					# If we have no ECDSA ciphers, ECC supported are only ECDH ones

  191. 					# So peak an ECDH cipher and test all curves

  192. 					@supported_ciphers.each do |method, ciphers|

  193. 						ecdh = ciphers.keys.detect { |c| c.ecdh? or c.ecdhe? }

  194. 						next unless ecdh

  195. 						@supported_curves = Curve.select do |curve|

  196. 							begin

  197. 								ssl_client method, ecdh, curves: curve

  198. 								Logger.info { "  ECC curve #{curve}" }

  199. 								true

  200. 							rescue TLSException

  201. 								Logger.debug { "  ECC curve #{curve} : not supported" }

  202. 								false

  203. 							end

  204. 						end

  205. 						break

  206. 					end

  207. 				end

  208. 			end

  209. 

  210. 			def fetch_curves_preference

  211. 				@curves_preference = if @supported_curves.size < 2

  212. 										 Logger.info { 'Curves preference : ' + 'not applicable'.colorize(:unknown) }

  213. 										 nil

  214. 									 else

  215. 										 method, cipher = @supported_ciphers.collect do |method, ciphers|

  216. 											 cipher = ciphers.keys.detect { |c| c.ecdh? or c.ecdhe? }

  217. 											 [method, cipher]

  218. 										 end.detect { |n| !n.nil? }

  219. 

  220. 										 a, b, _ = @supported_curves

  221. 										 ab, ba  = [a, b], [b, a]

  222. 										 if cipher.ecdsa?

  223. 											 # In case of ECDSA, add the cert key at the end

  224. 											 # Or no negociation possible

  225. 											 ecdsa_curve = @ecdsa_certs.keys.first

  226. 											 ab << ecdsa_curve

  227. 											 ba << ecdsa_curve

  228. 										 end

  229. 										 ab = ssl_client(method, cipher, curves: ab).tmp_key.curve

  230. 										 ba = ssl_client(method, cipher, curves: ba).tmp_key.curve

  231. 										 if ab != ba

  232. 											 Logger.info { 'Curves preference : ' + 'client preference'.colorize(:warning) }

  233. 											 :client

  234. 										 else

  235. 											 sort        = -> (a, b) do

  236. 												 curves = [a, b]

  237. 												 if cipher.ecdsa?

  238. 													 # In case of ECDSA, add the cert key at the end

  239. 													 # Or no negociation possible

  240. 													 curves << ecdsa_curve

  241. 												 end

  242. 												 connection = ssl_client method, cipher, curves: curves

  243. 												 curve      = connection.tmp_key.curve

  244. 												 curve == a.name ? -1 : 1

  245. 											 end

  246. 											 preferences = @supported_curves.sort &sort

  247. 											 Logger.info { 'Curves preference : ' + preferences.collect { |c| c.to_s }.join(', ') }

  248. 											 preferences

  249. 										 end

  250. 									 end

  251. 			end

  252. 

  253. 			def check_fallback_scsv

  254. 				Logger.info { '' }

  255. 

  256. 				@fallback_scsv = false

  257. 				if @supported_methods.size > 1

  258. 					# We will try to connect to the not better supported method

  259. 					method = @supported_methods[1]

  260. 

  261. 					begin

  262. 						ssl_client method, fallback: true

  263. 					rescue InappropriateFallback

  264. 						@fallback_scsv = true

  265. 					end

  266. 				else

  267. 					@fallback_scsv = nil

  268. 				end

  269. 

  270. 				text, color = case @fallback_scsv

  271. 								  when true

  272. 									  ['supported', :good]

  273. 								  when false

  274. 									  ['not supported', :error]

  275. 								  when nil

  276. 									  ['not applicable', :unknown]

  277. 							  end

  278. 				Logger.info { 'Fallback SCSV : ' + text.colorize(color) }

  279. 			end

  280. 

  281. 			Method.each do |method|

  282. 				method = method.name

  283. 				class_eval <<-RUBY_EVAL, __FILE__, __LINE__ + 1

  284. 					def #{method.to_s.downcase}?

  285. 						@supported_methods.detect { |m| m.name == method }

  286. 					end

  287. 				RUBY_EVAL

  288. 			end

  289. 

  290. 			Cipher::TYPES.each do |type, _|

  291. 				class_eval <<-RUBY_EVAL, __FILE__, __LINE__ + 1

  292. 					def #{type}?

  293. 						@supported_ciphers.any? { |c| c.#{type}? }

  294. 					end

  295. 				RUBY_EVAL

  296. 			end

  297. 

  298. 			def ssl?

  299. 				sslv2? or sslv3?

  300. 			end

  301. 

  302. 			def tls?

  303. 				tlsv1? or tlsv1_1? or tlsv1_2?

  304. 			end

  305. 

  306. 			def tls_only?

  307. 				tls? and !ssl?

  308. 			end

  309. 

  310. 			def tlsv1_2_only?

  311. 				tlsv1_2? and not ssl? and not tlsv1? and not tlsv1_1?

  312. 			end

  313. 

  314. 			def pfs?

  315. 				supported_ciphers.any? { |c| c.pfs? }

  316. 			end

  317. 

  318. 			def pfs_only?

  319. 				supported_ciphers.all? { |c| c.pfs? }

  320. 			end

  321. 

  322. 			def ecdhe?

  323. 				supported_ciphers.any? { |c| c.ecdhe? }

  324. 			end

  325. 

  326. 			def ecdhe_only?

  327. 				supported_ciphers.all? { |c| c.ecdhe? }

  328. 			end

  329. 

  330. 			def aead?

  331. 				supported_ciphers.any? { |c| c.aead? }

  332. 			end

  333. 

  334. 			def aead_only?

  335. 				supported_ciphers.all? { |c| c.aead? }

  336. 			end

  337. 

  338. 			def sweet32?

  339. 				supported_ciphers.any? { |c| c.sweet32? }

  340. 			end

  341. 

  342. 			def fallback_scsv?

  343. 				@fallback_scsv

  344. 			end

  345. 

  346. 			def must_staple?

  347. 				@cert.extensions.any? { |e| e.oid == '1.3.6.1.5.5.7.1.24' }

  348. 			end

  349. 

  350. 			private

  351. 			def connect(&block)

  352. 				socket   = ::Socket.new @family, sock_type

  353. 				sockaddr = ::Socket.sockaddr_in @port, @ip

  354. 				#Logger.trace { "Connecting to #{@ip}:#{@port}" }

  355. 				begin

  356. 					status = socket.connect_nonblock sockaddr

  357. 					#Logger.trace { "Connecting to #{@ip}:#{@port} status : #{status}" }

  358. 					raise ConnectionError, status unless status == 0

  359. 					#Logger.trace { "Connected to #{@ip}:#{@port}" }

  360. 					block_given? ? block.call(socket) : nil

  361. 				rescue ::IO::WaitReadable

  362. 					#Logger.trace { "Waiting for read to #{@ip}:#{@port}" }

  363. 					raise Timeout, "Timeout when connect to #{@ip}:#{@port} (max #{TCP_TIMEOUT.humanize})" unless IO.select [socket], nil, nil, TCP_TIMEOUT

  364. 					retry

  365. 				rescue ::IO::WaitWritable

  366. 					#Logger.trace { "Waiting for write to #{@ip}:#{@port}" }

  367. 					raise Timeout, "Timeout when connect to #{@ip}:#{@port} (max #{TCP_TIMEOUT.humanize})" unless IO.select nil, [socket], nil, TCP_TIMEOUT

  368. 					retry

  369. 				ensure

  370. 					socket.close

  371. 				end

  372. 			end

  373. 

  374. 			def ssl_connect(socket, context, method, &block)

  375. 				ssl_socket          = ::OpenSSL::SSL::SSLSocket.new socket, context

  376. 				ssl_socket.hostname = @hostname if @hostname and method != :SSLv2

  377. 				#Logger.trace { "SSL connecting to #{name}" }

  378. 				begin

  379. 					ssl_socket.connect_nonblock

  380. 					#Logger.trace { "SSL connected to #{name}" }

  381. 					return block_given? ? block.call(ssl_socket) : nil

  382. 				rescue ::OpenSSL::SSL::SSLErrorWaitReadable

  383. 					#Logger.trace { "Waiting for SSL read to #{name}" }

  384. 					raise TLSTimeout, "Timeout when TLS connect to #{@ip}:#{@port} (max #{SSL_TIMEOUT.humanize})" unless IO.select [ssl_socket], nil, nil, SSL_TIMEOUT

  385. 					retry

  386. 				rescue ::OpenSSL::SSL::SSLErrorWaitWritable

  387. 					#Logger.trace { "Waiting for SSL write to #{name}" }

  388. 					raise TLSTimeout, "Timeout when TLS connect to #{@ip}:#{@port} (max #{SSL_TIMEOUT.humanize})" unless IO.select nil, [ssl_socket], nil, SSL_TIMEOUT

  389. 					retry

  390. 				rescue ::OpenSSL::SSL::SSLError => e

  391. 					case e.message

  392. 						when /state=SSLv2 read server hello A$/,

  393. 								/state=SSLv3 read server hello A$/,

  394. 								/state=SSLv3 read server hello A: wrong version number$/,

  395. 								/state=SSLv3 read server hello A: tlsv1 alert protocol version$/,

  396. 								/state=SSLv3 read server key exchange A: sslv3 alert handshake failure$/

  397. 							raise MethodNotAvailable, e

  398. 						when /state=SSLv2 read server hello A: peer error no cipher$/,

  399. 								/state=error: no ciphers available$/,

  400. 								/state=SSLv3 read server hello A: sslv3 alert handshake failure$/,

  401. 								/state=error: missing export tmp dh key$/

  402. 							raise CipherNotAvailable, e

  403. 						when /state=SSLv3 read server hello A: tlsv1 alert inappropriate fallback$/

  404. 							raise InappropriateFallback, e

  405. 					end

  406. 					raise

  407. 				rescue ::SystemCallError => e

  408. 					case e.message

  409. 						when /^Connection reset by peer - SSL_connect$/

  410. 							raise TLSNotAvailableException, e

  411. 					end

  412. 					raise

  413. 				ensure

  414. 					ssl_socket.close

  415. 				end

  416. 			end

  417. 

  418. 			def ssl_client(method, ciphers = nil, curves: nil, fallback: false, &block)

  419. 				method      = method.name

  420. 				ssl_context = ::OpenSSL::SSL::SSLContext.new method

  421. 				ssl_context.enable_fallback_scsv if fallback

  422. 

  423. 				if ciphers

  424. 					ciphers = [ciphers] unless ciphers.is_a? Enumerable

  425. 					ciphers = ciphers.collect(&:name).join ':'

  426. 				else

  427. 					ciphers = Cipher::ALL

  428. 				end

  429. 				ssl_context.ciphers = ciphers

  430. 

  431. 				if curves

  432. 					curves                  = [curves] unless curves.is_a? Enumerable

  433. 					# OpenSSL fails if the same curve is selected multiple times

  434. 					# So because Array#uniq preserves order, remove the less prefered ones

  435. 					curves                  = curves.collect(&:name).uniq.join ':'

  436. 					ssl_context.ecdh_curves = curves

  437. 				end

  438. 

  439. 				Logger.trace { "Try method=#{method} / ciphers=#{ciphers} / curves=#{curves} / scsv=#{fallback}" }

  440. 				connect do |socket|

  441. 					ssl_connect socket, ssl_context, method do |ssl_socket|

  442. 						return block_given? ? block.call(ssl_socket) : ssl_socket

  443. 					end

  444. 				end

  445. 			end

  446. 

  447. 			def verify_certs

  448. 				Logger.info { '' }

  449. 				Logger.info { 'Certificates' }

  450. 

  451. 				# Let's begin the fun

  452. 				# First, collect "standard" connections

  453. 				# { method => { cipher => connection, ... }, ... }

  454. 				certs  = @supported_ciphers.values.collect(&:values).flatten 1

  455. 				# Then, collect "ecdsa" connections

  456. 				# { curve => connection, ... }

  457. 				certs  += @ecdsa_certs.values

  458. 				# For anonymous cipher, there is no certificate at all

  459. 				certs = certs.reject { |c| c.peer_cert.nil? }

  460. 				# Then, fetch cert

  461. 				certs  = certs.collect { |c| Cert.new c }

  462. 				# Then, filter cert to keep uniq fingerprint

  463. 				@certs = certs.uniq { |c| c.fingerprint }

  464. 

  465. 				@certs.each do |cert|

  466. 					key      = cert.key

  467. 					identity = cert.valid?(@hostname || @ip)

  468. 					trust    = cert.trusted?

  469. 					Logger.info { "  Certificate #{cert.subject} [#{cert.serial}] issued by #{cert.issuer}" }

  470. 					Logger.info { '    Key : ' + Tls.key_to_s(key) }

  471. 					if identity

  472. 						Logger.info { '    Identity : ' + 'valid'.colorize(:good) }

  473. 					else

  474. 						Logger.info { '    Identity : ' + 'invalid'.colorize(:error) }

  475. 					end

  476. 					if trust == :trusted

  477. 						Logger.info { '    Trust : ' + 'trusted'.colorize(:good) }

  478. 					else

  479. 						Logger.info { '    Trust : ' + 'untrusted'.colorize(:error) + ' - ' + trust }

  480. 					end

  481. 				end

  482. 				@keys   = @certs.collect &:key

  483. 			end

  484. 

  485. 			def uniq_dh

  486. 				dh, find = [], []

  487. 				@dh.each do |k|

  488. 					f = [k.type, k.size]

  489. 					unless find.include? f

  490. 						dh << k

  491. 						find << f

  492. 					end

  493. 				end

  494. 				@dh = dh

  495. 			end

  496. 		end

  497. 

  498. 		class TcpServer < Server

  499. 			private

  500. 			def sock_type

  501. 				::Socket::SOCK_STREAM

  502. 			end

  503. 		end

  504. 

  505. 		class UdpServer < Server

  506. 			private

  507. 			def sock_type

  508. 				::Socket::SOCK_DGRAM

  509. 			end

  510. 		end

  511. 	end

  512. end