gbucchino/CryptoDit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3 Commits 1 Branch 0 Tags 3.7 MiB
C 99.5%
Shell 0.5%
3488933d1d
Go to file
gbucchino 3488933d1d remove unused variable
2026-02-18 16:05:24 +01:00
audit remove unused variable 2026-02-18 16:05:24 +01:00
examples First commit 2026-01-31 16:45:53 +01:00
.gitignore First commit 2026-01-31 16:45:53 +01:00
argparse.c First commit 2026-01-31 16:45:53 +01:00
argparse.h First commit 2026-01-31 16:45:53 +01:00
certificate.c remove unused variable 2026-02-18 16:05:24 +01:00
certificate.h First commit 2026-01-31 16:45:53 +01:00
common.h First commit 2026-01-31 16:45:53 +01:00
cryptodit remove unused variable 2026-02-18 16:05:24 +01:00
entropy_ebpf.c First commit 2026-01-31 16:45:53 +01:00
entropy_ebpf.o Add x509 v1 2026-02-03 09:31:54 +01:00
entropy.c First commit 2026-01-31 16:45:53 +01:00
entropy.h First commit 2026-01-31 16:45:53 +01:00
error.h First commit 2026-01-31 16:45:53 +01:00
exec.sh First commit 2026-01-31 16:45:53 +01:00
main.c First commit 2026-01-31 16:45:53 +01:00
README.md First commit 2026-01-31 16:45:53 +01:00
speed.c First commit 2026-01-31 16:45:53 +01:00
speed.h First commit 2026-01-31 16:45:53 +01:00
utils.c First commit 2026-01-31 16:45:53 +01:00
utils.h First commit 2026-01-31 16:45:53 +01:00

README.md

CryptoDit

CryptoDit (short for Cryptography Audit). This program audit the cryptography modules.

  • The program check the speed for generating RSA/ECDSA key
  • Check if the RSA key are compliant with FIPS Key size, exponent, ownership, file permissions, etc.)
  • Check the entropy pool in the kernel with the eBPF technology

Requirements

The program use the library of OpenSSL for reading a certificate and eBPF for the entropy module. It's important to install the following package:

  • libssl-dev.
  • bpftool
  • clang-11
  • libbpf-dev
  • gcc and gcc-multilib

Examples

Speed test

$ ./cryptodit -m speed -type all
Module: speed
The generation of the RSA key 2048 bits took 116 ms
The generation of the RSA key 4192 bits took 2218 ms
The generation of the EC key secp256 took 1 ms

RSA public key compliance

$ ./cryptodit -m certificate -type rsa -pubin public.pem
Module: certificate
File information
	Filename: public.pem
	File size: 182
	Permission: 644

Checking file ownerships compliance...
Audit passed with success. The owner of the file isn't root.

Checking file permissions compliance...
The certificate has the correct permission for the owner.
The group has the permission to manipulate the file. Should be removed.
The other has the permission to manipulate the file. Should be removed.

Checking FIPS compliance...
Certificate information:
	Key size: 64 bytes (512)
	Exponent: 65537
	Format RSA key: SPKI

Exponent result:
	The exponent is correct, the FIPS compliance is respected.
Keysize result:
	The key size is lower than 2048. The key should be at least 2048 bits.

X.509 compliance

$ ./cryptodit -m certificate -type x509 -pubin cert.pem

Entropy

$ sudo ./cryptodit -m entropy
Module: entropy
libbpf: elf: skipping unrecognized data section(8) .rodata.str1.1
proc: (openssl); pid: 85059
proc: (WebExtensions); pid: 4520
proc: (Privileged; pid: 4549
proc: (Isolated; pid: 82753
proc: (MainThread); pid: 85089
proc: (tracker-extract); pid: 85188
proc: (tracker-extract); pid: 85209
proc: (terminator); pid: 8774
proc: (python3); pid: 85231