Blocklist generator for SHA-256(Modulus) and SHA-256(XCoordinate) blo…

…cklists.
CVE-2008-0166 · Apr 19, 2024 · 431b8de · 431b8de
1 parent 1d57798
commit 431b8de
Show file tree

Hide file tree

Showing 4 changed files with 45 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -77,7 +77,7 @@ To generate blocklists for those keys (RSA only) that are compatible with `opens
 ./generate_vulnkey_blocklists.sh <key_size_in_bits>
 ```
 
-To generate blocklists for those keys in a different format that supports both RSA and ECC, build the [dwk_blocklist_generator](https://github.com/CVE-2008-0166/dwk_blocklist_generator) application, then run
+To generate blocklists for those keys in a different format that supports both RSA and ECC, build the [dwk_blocklist_generator](dwk_blocklist_generator) application, then run
 ``` bash
 ./generate_dwk_blocklists.sh <key_size_in_bits_or_curve_name> <private_keys_directory>
 ```

diff --git a/dwk_blocklist_generator/README.md b/dwk_blocklist_generator/README.md
@@ -0,0 +1,6 @@
+# dwk_blocklist_generator
+Debian weak key blocklist generator
+
+``` bash
+go build
+```
diff --git a/dwk_blocklist_generator/go.mod b/dwk_blocklist_generator/go.mod
@@ -0,0 +1,3 @@
+module github.com/CVE-2008-0166/key_generator/dwk_blocklist_generator
+
+go 1.21.6
diff --git a/dwk_blocklist_generator/main.go b/dwk_blocklist_generator/main.go
@@ -0,0 +1,35 @@
+package main
+
+import (
+	"crypto/sha256"
+	"crypto/x509"
+	"encoding/hex"
+	"fmt"
+	"log"
+	"os"
+	"strings"
+)
+
+func main() {
+	if len(os.Args) != 2 {
+		log.Fatalf("Usage: %s <private_keys_directory>\n", os.Args[0])
+	} else if files, err := os.ReadDir(os.Args[1]); err != nil {
+		log.Fatalf("os.ReadDir() => %v\n", err)
+	} else {
+		for _, file := range files {
+			if !strings.HasSuffix(file.Name(), ".key") {
+				continue
+			} else if key, err := os.ReadFile(os.Args[1] + "/" + file.Name()); err != nil {
+				log.Fatalf("os.ReadFile(%s) => %v\n", file.Name(), err)
+			} else if rsakey, err := x509.ParsePKCS1PrivateKey(key); err == nil {
+				sha256_modulus := sha256.Sum256(rsakey.N.Bytes())
+				fmt.Printf("%s\n", hex.EncodeToString(sha256_modulus[:]))
+			} else if eckey, err2 := x509.ParseECPrivateKey(key); err2 == nil {
+				sha256_xcoord := sha256.Sum256(eckey.X.Bytes())
+				fmt.Printf("%s\n", hex.EncodeToString(sha256_xcoord[:]))
+			} else {
+				log.Fatalf("%s: x509.ParsePKCS1PrivateKey() => %v; x509.ParseECPrivateKey() => %v\n", file.Name(), err, err2)
+			}
+		}
+	}
+}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		module github.com/CVE-2008-0166/key_generator/dwk_blocklist_generator

		go 1.21.6