Don't recommend enabling the chacha & CBC ciphers, nor ETM MACs in case the user disabled them to address the Terrapin vulnerability. (#229)

2024-06-24 08:23:51 +02:00 · 2023-12-19 17:16:58 -05:00 · 2023-12-19 17:16:58 -05:00 · a0f99942a2
commit a0f99942a2
parent c259a83782
1 changed files with 45 additions and 0 deletions
--- a/src/ssh_audit/ssh_audit.py
+++ b/src/ssh_audit/ssh_audit.py
@ -474,6 +474,16 @@ def post_process_findings(banner: Optional[Banner], algs: Algorithms, client_aud

        return ret

+    def _get_chacha_ciphers_not_enabled(db: Dict[str, Dict[str, List[List[Optional[str]]]]], algs: Algorithms) -> List[str]:
+        '''Returns a list of all chacha20-poly1305 in our algorithm database.'''
+        ret = []
+
+        for cipher in db["enc"]:
+            if cipher.startswith("chacha20-poly1305") and cipher not in _get_chacha_ciphers_enabled(algs):
+                ret.append(cipher)
+
+        return ret
+
    def _get_cbc_ciphers_enabled(algs: Algorithms) -> List[str]:
        '''Returns a list of CBC ciphers that the peer supports.'''
        ret = []
@ -486,6 +496,16 @@ def post_process_findings(banner: Optional[Banner], algs: Algorithms, client_aud

        return ret

+    def _get_cbc_ciphers_not_enabled(db: Dict[str, Dict[str, List[List[Optional[str]]]]], algs: Algorithms) -> List[str]:
+        '''Returns a list of all CBC ciphers in our algorithm database.'''
+        ret = []
+
+        for cipher in db["enc"]:
+            if cipher.endswith("-cbc") and cipher not in _get_cbc_ciphers_enabled(algs):
+                ret.append(cipher)
+
+        return ret
+
    def _get_etm_macs_enabled(algs: Algorithms) -> List[str]:
        '''Returns a list of ETM MACs that the peer supports.'''
        ret = []
@ -498,10 +518,25 @@ def post_process_findings(banner: Optional[Banner], algs: Algorithms, client_aud

        return ret

+    def _get_etm_macs_not_enabled(db: Dict[str, Dict[str, List[List[Optional[str]]]]], algs: Algorithms) -> List[str]:
+        '''Returns a list of ETM MACs in our algorithm database.'''
+        ret = []
+
+        for mac in db["mac"]:
+            if mac.endswith("-etm@openssh.com") and mac not in _get_etm_macs_enabled(algs):
+                ret.append(mac)
+
+        return ret
+

    algorithm_recommendation_suppress_list = []
    algs_to_note = []

+
+    #
+    # Post-processing of the OpenSSH diffie-hellman-group-exchange-sha256 fallback mechanism bug/feature.
+    #
+
    # If the server is OpenSSH, and the diffie-hellman-group-exchange-sha256 key exchange was found with modulus size 2048, add a note regarding the bug that causes the server to support 2048-bit moduli no matter the configuration.
    if (algs.ssh2kex is not None and 'diffie-hellman-group-exchange-sha256' in algs.ssh2kex.kex_algorithms and 'diffie-hellman-group-exchange-sha256' in algs.ssh2kex.dh_modulus_sizes() and algs.ssh2kex.dh_modulus_sizes()['diffie-hellman-group-exchange-sha256'] == 2048) and (banner is not None and banner.software is not None and banner.software.find('OpenSSH') != -1):

@ -523,6 +558,11 @@ def post_process_findings(banner: Optional[Banner], algs: Algorithms, client_aud

    db = SSH2_KexDB.get_db()

+
+    #
+    # Post-processing of algorithms related to the Terrapin vulnerability (CVE-2023-48795).
+    #
+
    # Without the strict KEX marker, the chacha20-poly1305 ciphers are always vulnerable.
    for chacha_cipher in _get_chacha_ciphers_enabled(algs):
        if kex_strict_marker:
@ -555,6 +595,11 @@ def post_process_findings(banner: Optional[Banner], algs: Algorithms, client_aud
    if len(algs_to_note) > 0:
        notes = "Be aware that, while this target properly supports the strict key exchange method (via the kex-strict-?-v00@openssh.com marker) needed to protect against the Terrapin vulnerability (CVE-2023-48795), all peers must also support this feature as well, otherwise the vulnerability will still be present.  The following algorithms would allow an unpatched peer to create vulnerable SSH channels with this target: %s" % ", ".join(algs_to_note)

+    # Add the chacha ciphers, CBC ciphers, and ETM MACs to the recommendation suppression list if they are not enabled on the server.  That way they are not recommended to the user to enable if they were explicitly disabled to handle the Terrapin vulnerability.  However, they can still be recommended for disabling.
+    algorithm_recommendation_suppress_list += _get_chacha_ciphers_not_enabled(db, algs)
+    algorithm_recommendation_suppress_list += _get_cbc_ciphers_not_enabled(db, algs)
+    algorithm_recommendation_suppress_list += _get_etm_macs_not_enabled(db, algs)
+
    return algorithm_recommendation_suppress_list, notes