2
0
mirror of https://github.com/mozilla/cipherscan.git synced 2024-11-22 22:33:40 +01:00

Merge pull request #61 from tomato42/gost-support

GOST support
This commit is contained in:
Julien Vehent 2015-06-10 06:39:37 +02:00
commit 19983c0c2b
3 changed files with 39 additions and 1 deletions

View File

@ -42,6 +42,11 @@ if [[ "$TIMEOUTOUTPUT" =~ BusyBox ]]; then
TIMEOUTBIN="$TIMEOUTBIN -t" TIMEOUTBIN="$TIMEOUTBIN -t"
fi fi
# use custom config file to enable GOST ciphers
if [[ -e $(dirname $0)/openssl.cnf ]]; then
export OPENSSL_CONF="$(dirname $0)/openssl.cnf"
fi
# find a list of trusted CAs on the local system, or use the provided list # find a list of trusted CAs on the local system, or use the provided list
if [ -z "$CACERTS" ]; then if [ -z "$CACERTS" ]; then
for f in /etc/pki/tls/certs/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt; do for f in /etc/pki/tls/certs/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt; do
@ -306,7 +311,12 @@ parse_openssl_output() {
while read data; do while read data; do
if [[ $data =~ Signature\ Algorithm ]]; then if [[ $data =~ Signature\ Algorithm ]]; then
local match=($data) local match=($data)
current_sigalg="${match[2]}" unset match[0]
unset match[1]
local old_IFS="$IFS"
IFS="_"
current_sigalg="${match[*]}"
IFS="$old_IFS"
fi fi
done <<<"$ossl_out" done <<<"$ossl_out"
fi fi

12
openssl.cnf Normal file
View File

@ -0,0 +1,12 @@
openssl_conf = openssl_def
[openssl_def]
engines = engine_section
[engine_section]
gost = gost_section
[gost_section]
engine_id = gost
default_algorithms = ALL
CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet

View File

@ -87,6 +87,7 @@ for r,d,flist in os.walk(path):
tempkeystats = {} tempkeystats = {}
tempecckeystats = {} tempecckeystats = {}
tempdsakeystats = {} tempdsakeystats = {}
tempgostkeystats = {}
tempsigstats = {} tempsigstats = {}
tempticketstats = {} tempticketstats = {}
tempeccfallback = "unknown" tempeccfallback = "unknown"
@ -101,6 +102,7 @@ for r,d,flist in os.walk(path):
DES3 = False DES3 = False
CAMELLIA = False CAMELLIA = False
RC4 = False RC4 = False
GOST89_cipher = False
""" variables to support handshake simulation for different clients """ """ variables to support handshake simulation for different clients """
client_RC4_Only={} client_RC4_Only={}
client_compat={} client_compat={}
@ -124,6 +126,7 @@ for r,d,flist in os.walk(path):
RSA = False RSA = False
ECDH = False ECDH = False
DH = False DH = False
GOST2001_kex = False
SSL2 = False SSL2 = False
SSL3 = False SSL3 = False
TLS1 = False TLS1 = False
@ -220,6 +223,11 @@ for r,d,flist in os.walk(path):
ciphertypes += 1 ciphertypes += 1
name = "y:" + entry['cipher'] name = "y:" + entry['cipher']
tempcipherstats[name] = 1 tempcipherstats[name] = 1
elif 'GOST89-GOST89' in entry['cipher']:
GOST89_cipher = True
ciphertypes += 1
name = "y:" + entry['cipher']
tempcipherstats[name] = 1
else: else:
ciphertypes += 1 ciphertypes += 1
name = "z:" + entry['cipher'] name = "z:" + entry['cipher']
@ -241,6 +249,8 @@ for r,d,flist in os.walk(path):
ECDH = True ECDH = True
elif 'DH' in entry['cipher']: elif 'DH' in entry['cipher']:
DH = True DH = True
elif entry['cipher'].startswith('GOST2001'):
GOST2001_kex = True
else: else:
RSA = True RSA = True
@ -252,6 +262,8 @@ for r,d,flist in os.walk(path):
tempdsakeystats[entry['pubkey'][0]] = 1 tempdsakeystats[entry['pubkey'][0]] = 1
elif 'AECDH' in entry['cipher'] or 'ADH' in entry['cipher']: elif 'AECDH' in entry['cipher'] or 'ADH' in entry['cipher']:
""" skip """ """ skip """
elif 'GOST' in entry['cipher']:
tempgostkeystats[entry['pubkey'][0]] = 1
else: else:
tempkeystats[entry['pubkey'][0]] = 1 tempkeystats[entry['pubkey'][0]] = 1
if ECDSA: if ECDSA:
@ -320,6 +332,8 @@ for r,d,flist in os.walk(path):
keysize['ECDSA ' + s] += 1 keysize['ECDSA ' + s] += 1
for s in tempdsakeystats: for s in tempdsakeystats:
keysize['DSA ' + s] += 1 keysize['DSA ' + s] += 1
for s in tempgostkeystats:
keysize['GOST ' + s] += 1
if dualstack: if dualstack:
dsarsastack += 1 dsarsastack += 1
@ -449,6 +463,8 @@ for r,d,flist in os.walk(path):
handshakestats['ECDH'] += 1 handshakestats['ECDH'] += 1
if DH: if DH:
handshakestats['DH'] += 1 handshakestats['DH'] += 1
if GOST2001_kex:
handshakestats['GOST2001'] += 1
if RSA: if RSA:
handshakestats['RSA'] += 1 handshakestats['RSA'] += 1