2.1 KiB
2.1 KiB
CryptoDit
CryptoDit (short for Cryptography Audit). This program audit the cryptography modules.
- The program check the speed for generating RSA/ECDSA key
- Check if the RSA key are compliant with FIPS Key size, exponent, ownership, file permissions, etc.)
- Check the entropy pool in the kernel with the eBPF technology
Requirements
The program use the library of OpenSSL for reading a certificate and eBPF for the entropy module. It's important to install the following package:
- libssl-dev.
- bpftool
- clang-11
- libbpf-dev
- gcc and gcc-multilib
Examples
Speed test
$ ./cryptodit -m speed -type all
Module: speed
The generation of the RSA key 2048 bits took 116 ms
The generation of the RSA key 4192 bits took 2218 ms
The generation of the EC key secp256 took 1 ms
RSA public key compliance
$ ./cryptodit -m certificate -type rsa -pubin public.pem
Module: certificate
File information
Filename: public.pem
File size: 182
Permission: 644
Checking file ownerships compliance...
Audit passed with success. The owner of the file isn't root.
Checking file permissions compliance...
The certificate has the correct permission for the owner.
The group has the permission to manipulate the file. Should be removed.
The other has the permission to manipulate the file. Should be removed.
Checking FIPS compliance...
Certificate information:
Key size: 64 bytes (512)
Exponent: 65537
Format RSA key: SPKI
Exponent result:
The exponent is correct, the FIPS compliance is respected.
Keysize result:
The key size is lower than 2048. The key should be at least 2048 bits.
X.509 compliance
$ ./cryptodit -m certificate -type x509 -pubin cert.pem
Entropy
$ sudo ./cryptodit -m entropy
Module: entropy
libbpf: elf: skipping unrecognized data section(8) .rodata.str1.1
proc: (openssl); pid: 85059
proc: (WebExtensions); pid: 4520
proc: (Privileged; pid: 4549
proc: (Isolated; pid: 82753
proc: (MainThread); pid: 85089
proc: (tracker-extract); pid: 85188
proc: (tracker-extract); pid: 85209
proc: (terminator); pid: 8774
proc: (python3); pid: 85231