mirror of
https://github.com/mozilla/cipherscan.git
synced 2024-11-25 23:43:42 +01:00
tests for ordering of sig algs in TLS 1.2 PFS kex
This commit is contained in:
parent
434b383f01
commit
8f5b1eedc9
114
cipherscan
114
cipherscan
@ -874,6 +874,16 @@ display_results_in_terminal() {
|
|||||||
echo "server forces ${sigalgs_fallback[$auth]} with $auth"
|
echo "server forces ${sigalgs_fallback[$auth]} with $auth"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
if [[ ${sigalgs_ordering} == "server" ]]; then
|
||||||
|
echo -e "${c_green}Server side sigalg ordering${c_reset}"
|
||||||
|
elif [[ ${sigalgs_ordering} == "client" ]]; then
|
||||||
|
echo -e "${c_red}Client side sigalg ordering${c_reset}"
|
||||||
|
elif [[ ${sigalgs_ordering} == "unsupported" ]]; then
|
||||||
|
# do nothing - messages above will report that it's unsupported
|
||||||
|
echo -n
|
||||||
|
else
|
||||||
|
echo "Ordering test failure: ${sigalgs_ordering}"
|
||||||
|
fi
|
||||||
|
|
||||||
if [[ ${#sigalgs_preferred_ecdsa[@]} -gt 0 ]]; then
|
if [[ ${#sigalgs_preferred_ecdsa[@]} -gt 0 ]]; then
|
||||||
echo
|
echo
|
||||||
@ -955,6 +965,7 @@ display_results_in_json() {
|
|||||||
|
|
||||||
if [[ $TEST_KEX_SIGALG == "True" ]]; then
|
if [[ $TEST_KEX_SIGALG == "True" ]]; then
|
||||||
echo -n ',"sigalgs":{'
|
echo -n ',"sigalgs":{'
|
||||||
|
echo -n "\"ordering\":\"${sigalgs_ordering}\","
|
||||||
echo -n "\"ECDSA-fallback\":\"${sigalgs_fallback[ECDSA]}\","
|
echo -n "\"ECDSA-fallback\":\"${sigalgs_fallback[ECDSA]}\","
|
||||||
echo -n "\"RSA-fallback\":\"${sigalgs_fallback[RSA]}\""
|
echo -n "\"RSA-fallback\":\"${sigalgs_fallback[RSA]}\""
|
||||||
if [[ ${#sigalgs_preferred_ecdsa[@]} -gt 0 ]]; then
|
if [[ ${#sigalgs_preferred_ecdsa[@]} -gt 0 ]]; then
|
||||||
@ -1660,6 +1671,109 @@ test_kex_sigalgs() {
|
|||||||
[ "$OUTPUTFORMAT" == "terminal" ] && [ $DEBUG -lt 1 ] && echo -n '.'
|
[ "$OUTPUTFORMAT" == "terminal" ] && [ $DEBUG -lt 1 ] && echo -n '.'
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
#
|
||||||
|
# test which ordering is preferred, server or client
|
||||||
|
#
|
||||||
|
if [[ ${#sigalgs_preferred_rsa[@]} -eq 0 \
|
||||||
|
&& ${#sigalgs_preferred_ecdsa[@]} -eq 0 ]]; then
|
||||||
|
sigalgs_ordering="unsupported"
|
||||||
|
elif [[ ${#sigalgs_preferred_rsa[@]} -le 1 \
|
||||||
|
&& ${#sigalgs_preferred_ecdsa[@]} -le 1 ]]; then
|
||||||
|
# if there is just one hash for each signature algorithm, that means
|
||||||
|
# the server essentially forces the signature algorithm on client
|
||||||
|
sigalgs_ordering="server"
|
||||||
|
elif [[ ${#sigalgs_preferred_ecdsa[@]} -gt 1 ]]; then
|
||||||
|
# in case server supports multiple ECDSA sigalgs, test just those,
|
||||||
|
# even if it supports RSA (since those are more important)
|
||||||
|
|
||||||
|
# completely rotate order check if negotiated changes
|
||||||
|
local test_sigalgs=""
|
||||||
|
local i
|
||||||
|
for ((i=${#sigalgs_preferred_ecdsa[@]}-1; i>0; i--)); do
|
||||||
|
test_sigalgs+="ECDSA+${sigalgs_preferred_ecdsa[$i]}:"
|
||||||
|
done
|
||||||
|
test_sigalgs+="ECDSA+${sigalgs_preferred_ecdsa[0]}"
|
||||||
|
|
||||||
|
# prepare the command to run
|
||||||
|
local sslcommand="$TIMEOUTBIN $TIMEOUT $OPENSSLBIN s_client"
|
||||||
|
if [ -n "$CAPATH" ]; then
|
||||||
|
sslcommand+=" -CApath $CAPATH -showcerts"
|
||||||
|
elif [ -e "$CACERTS" ]; then
|
||||||
|
sslcommand+=" -CAfile $CACERTS"
|
||||||
|
fi
|
||||||
|
sslcommand+=" $SCLIENTARGS -connect $TARGET -cipher $supported_ecdsa_ciphers"
|
||||||
|
# since some ciphers supported by server may be SSLv2 only, we need to
|
||||||
|
# force use of TLSv1.2, otherwise openssl will send a SSLv2 compatible
|
||||||
|
# client hello
|
||||||
|
sslcommand+=" -no_ssl2 -no_ssl3"
|
||||||
|
|
||||||
|
ratelimit
|
||||||
|
verbose "Test ordering of sigalgs with $sslcommand -sigalgs $test_sigalgs"
|
||||||
|
local tmp=$(echo Q | $sslcommand -sigalgs $test_sigalgs 2>/dev/null)
|
||||||
|
parse_openssl_output <<<"$tmp"
|
||||||
|
verbose "server selected $current_cipher, $current_protocol, $current_kex_sigalg"
|
||||||
|
if [[ -z $current_protocol || $current_cipher == "(NONE)" \
|
||||||
|
|| $current_cipher == "0000" ]]; then
|
||||||
|
sigalgs_ordering="intolerant"
|
||||||
|
elif [[ -z $current_kex_sigalg ]] || [[ ! $current_cipher =~ DHE-ECDSA ]]; then
|
||||||
|
sigalgs_ordering="order-fallback"
|
||||||
|
else
|
||||||
|
if [[ ${sigalgs_preferred_ecdsa[0]} == $current_kex_sigalg ]]; then
|
||||||
|
sigalgs_ordering="server"
|
||||||
|
elif [[ ${sigalgs_preferred_ecdsa[${#sigalgs_preferred_ecdsa[@]}-1]} \
|
||||||
|
== $current_kex_sigalg ]]; then
|
||||||
|
sigalgs_ordering="client"
|
||||||
|
else
|
||||||
|
sigalgs_ordering="indeterminate"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
# test ordering with RSA ciphers
|
||||||
|
|
||||||
|
# completely rotate order check if negotiated changes
|
||||||
|
local test_sigalgs=""
|
||||||
|
local i
|
||||||
|
for ((i=${#sigalgs_preferred_rsa[@]}-1; i>0; i--)); do
|
||||||
|
test_sigalgs+="RSA+${sigalgs_preferred_rsa[$i]}:"
|
||||||
|
done
|
||||||
|
test_sigalgs+="RSA+${sigalgs_preferred_rsa[0]}"
|
||||||
|
|
||||||
|
# prepare the command to run
|
||||||
|
local sslcommand="$TIMEOUTBIN $TIMEOUT $OPENSSLBIN s_client"
|
||||||
|
if [ -n "$CAPATH" ]; then
|
||||||
|
sslcommand+=" -CApath $CAPATH -showcerts"
|
||||||
|
elif [ -e "$CACERTS" ]; then
|
||||||
|
sslcommand+=" -CAfile $CACERTS"
|
||||||
|
fi
|
||||||
|
sslcommand+=" $SCLIENTARGS -connect $TARGET -cipher $supported_rsa_ciphers"
|
||||||
|
# since some ciphers supported by server may be SSLv2 only, we need to
|
||||||
|
# force use of TLSv1.2, otherwise openssl will send a SSLv2 compatible
|
||||||
|
# client hello
|
||||||
|
sslcommand+=" -no_ssl2 -no_ssl3"
|
||||||
|
|
||||||
|
ratelimit
|
||||||
|
verbose "Test ordering of sigalgs with $sslcommand -sigalgs $test_sigalgs"
|
||||||
|
local tmp=$(echo Q | $sslcommand -sigalgs $test_sigalgs 2>/dev/null)
|
||||||
|
parse_openssl_output <<<"$tmp"
|
||||||
|
verbose "server selected $current_cipher, $current_protocol, $current_kex_sigalg"
|
||||||
|
if [[ -z $current_protocol || $current_cipher == "(NONE)" \
|
||||||
|
|| $current_cipher == "0000" ]]; then
|
||||||
|
sigalgs_ordering="intolerant"
|
||||||
|
elif [[ -z $current_kex_sigalg ]] || [[ ! $current_cipher =~ DHE-RSA ]]; then
|
||||||
|
sigalgs_ordering="order-fallback"
|
||||||
|
else
|
||||||
|
if [[ ${sigalgs_preferred_rsa[0]} == $current_kex_sigalg ]]; then
|
||||||
|
sigalgs_ordering="server"
|
||||||
|
elif [[ ${sigalgs_preferred_rsa[${#sigalgs_preferred_rsa[@]}-1]} \
|
||||||
|
== $current_kex_sigalg ]]; then
|
||||||
|
sigalgs_ordering="client"
|
||||||
|
else
|
||||||
|
sigalgs_ordering="indeterminate"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# If no options are given, give usage information and exit (with error code)
|
# If no options are given, give usage information and exit (with error code)
|
||||||
|
@ -137,6 +137,7 @@ i+=1
|
|||||||
fallback_ids[' '] = i
|
fallback_ids[' '] = i
|
||||||
pfssigalgfallback = defaultdict(int)
|
pfssigalgfallback = defaultdict(int)
|
||||||
pfssigalgs = defaultdict(int)
|
pfssigalgs = defaultdict(int)
|
||||||
|
pfssigalgsordering = defaultdict(int)
|
||||||
dsarsastack = 0
|
dsarsastack = 0
|
||||||
total = 0
|
total = 0
|
||||||
for r,d,flist in os.walk(path):
|
for r,d,flist in os.walk(path):
|
||||||
@ -157,6 +158,7 @@ for r,d,flist in os.walk(path):
|
|||||||
tempfallbacks = {}
|
tempfallbacks = {}
|
||||||
""" supported ciphers by the server under scan """
|
""" supported ciphers by the server under scan """
|
||||||
tempcipherstats = {}
|
tempcipherstats = {}
|
||||||
|
temppfssigalgordering = {}
|
||||||
temppfssigalgfallback = {}
|
temppfssigalgfallback = {}
|
||||||
temppfssigalgs = {}
|
temppfssigalgs = {}
|
||||||
ciphertypes = 0
|
ciphertypes = 0
|
||||||
@ -255,6 +257,8 @@ for r,d,flist in os.walk(path):
|
|||||||
|
|
||||||
""" collect TLSv1.2 PFS ciphersuite sigalgs """
|
""" collect TLSv1.2 PFS ciphersuite sigalgs """
|
||||||
if 'sigalgs' in results:
|
if 'sigalgs' in results:
|
||||||
|
if results['sigalgs']['ordering']:
|
||||||
|
temppfssigalgordering[results['sigalgs']['ordering']] = 1
|
||||||
if results['sigalgs']['ECDSA-fallback']:
|
if results['sigalgs']['ECDSA-fallback']:
|
||||||
temppfssigalgfallback['ECDSA ' + results['sigalgs']['ECDSA-fallback']] = 1
|
temppfssigalgfallback['ECDSA ' + results['sigalgs']['ECDSA-fallback']] = 1
|
||||||
if results['sigalgs']['RSA-fallback']:
|
if results['sigalgs']['RSA-fallback']:
|
||||||
@ -556,6 +560,8 @@ for r,d,flist in os.walk(path):
|
|||||||
pfssigalgfallback[s] += 1
|
pfssigalgfallback[s] += 1
|
||||||
for s in temppfssigalgs:
|
for s in temppfssigalgs:
|
||||||
pfssigalgs[s] += 1
|
pfssigalgs[s] += 1
|
||||||
|
for s in temppfssigalgordering:
|
||||||
|
pfssigalgsordering[s] += 1
|
||||||
|
|
||||||
""" store cipher stats """
|
""" store cipher stats """
|
||||||
if AESGCM:
|
if AESGCM:
|
||||||
@ -767,6 +773,12 @@ for stat in sorted(pfssigalgs):
|
|||||||
percent = round(pfssigalgs[stat] / total * 100, 4)
|
percent = round(pfssigalgs[stat] / total * 100, 4)
|
||||||
sys.stdout.write(stat.ljust(30) + " " + str(pfssigalgs[stat]).ljust(10) + str(percent).ljust(9) + "\n")
|
sys.stdout.write(stat.ljust(30) + " " + str(pfssigalgs[stat]).ljust(10) + str(percent).ljust(9) + "\n")
|
||||||
|
|
||||||
|
print("\nTLSv1.2 PFS ordering Count Percent ")
|
||||||
|
print("------------------------------+---------+--------")
|
||||||
|
for stat in sorted(pfssigalgsordering):
|
||||||
|
percent = round(pfssigalgsordering[stat] / total * 100, 4)
|
||||||
|
sys.stdout.write(stat.ljust(30) + " " + str(pfssigalgsordering[stat]).ljust(10) + str(percent).ljust(9) + "\n")
|
||||||
|
|
||||||
print("\nTLSv1.2 PFS sigalg fallback Count Percent ")
|
print("\nTLSv1.2 PFS sigalg fallback Count Percent ")
|
||||||
print("------------------------------+---------+--------")
|
print("------------------------------+---------+--------")
|
||||||
for stat in sorted(pfssigalgfallback):
|
for stat in sorted(pfssigalgfallback):
|
||||||
|
Loading…
Reference in New Issue
Block a user