From 3be7a854cbd45a70835136237dbd9e44f1f24837 Mon Sep 17 00:00:00 2001 From: David Cooper Date: Fri, 22 Nov 2024 14:05:33 -0800 Subject: [PATCH] Add support for RFC 8998 and draft-yang-tls-hybrid-sm2-mlkem The commit adds support for RFC 8998 and draft-yang-tls-hybrid-sm2-mlkem. This includes support for the TLS_SM4_GCM_SM3 and TLS_SM4_CCM_SM3 cipher suites, the key exchange groups curveSM2 and curveSM2MLKEM768, and SM2 public keys and signatures. While this commit adds support to tls_sockets() to decrypt server responses encrypted under SM4 GCM or CCM, OpenSSL does not support performing key derivation using curveSM2. So, tls_sockets() can not decrypt server responses if the key exchange was performed using curveSM2 or curveSM2MLKEM768. --- etc/cipher-mapping.txt | 2 + etc/curves-mapping.txt | 1 + etc/curves.txt | 3 +- etc/tls_data.txt | 86 +++++++++++++- openssl-iana.mapping.html | 4 + testssl.sh | 236 ++++++++++++++++++++++++-------------- 6 files changed, 240 insertions(+), 92 deletions(-) diff --git a/etc/cipher-mapping.txt b/etc/cipher-mapping.txt index 1125f87..275b301 100644 --- a/etc/cipher-mapping.txt +++ b/etc/cipher-mapping.txt @@ -139,6 +139,8 @@ 0x13,0x01 - TLS_AES_128_GCM_SHA256 TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD 0x13,0x04 - TLS_AES_128_CCM_SHA256 TLS_AES_128_CCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESCCM(128) Mac=AEAD 0x13,0x05 - TLS_AES_128_CCM_8_SHA256 TLS_AES_128_CCM_8_SHA256 TLSv1.3 Kx=any Au=any Enc=AESCCM8(128) Mac=AEAD + 0x00,0xC6 - TLS_SM4_GCM_SM3 TLS_SM4_GCM_SM3 TLSv1.3 Kx=any Au=any Enc=SM4GCM(128) Mac=AEAD + 0x00,0xC7 - TLS_SM4_CCM_SM3 TLS_SM4_CCM_SM3 TLSv1.3 Kx=any Au=any Enc=SM4CCM(128) Mac=AEAD 0xC0,0x2F - ECDHE-RSA-AES128-GCM-SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD 0xC0,0x2B - ECDHE-ECDSA-AES128-GCM-SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD 0xC0,0x27 - ECDHE-RSA-AES128-SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256 diff --git a/etc/curves-mapping.txt b/etc/curves-mapping.txt index 627c54a..a70a768 100644 --- a/etc/curves-mapping.txt +++ b/etc/curves-mapping.txt @@ -51,4 +51,5 @@ 0x11,0xeb - SecP256r1MLKEM768 SecP256r1MLKEM768 0x11,0xec - X25519MLKEM768 X25519MLKEM768 0x11,0xed - SecP384r1MLKEM1024 SecP384r1MLKEM1024 + 0x11,0xee - curveSM2MLKEM768 curveSM2MLKEM768 0x63,0x99 - X25519Kyber768Draft00 X25519Kyber768Draft00 diff --git a/etc/curves.txt b/etc/curves.txt index cbb7595..5576e30 100644 --- a/etc/curves.txt +++ b/etc/curves.txt @@ -31,4 +31,5 @@ 30, curve448, 31, brainpoolP256r1tls13, 32, brainpoolP384r1tls13, -33, brainpoolP512r1tls13 +33, brainpoolP512r1tls13, +41, curveSM2 diff --git a/etc/tls_data.txt b/etc/tls_data.txt index 093b041..da41815 100644 --- a/etc/tls_data.txt +++ b/etc/tls_data.txt @@ -3,9 +3,9 @@ # see #807 and #806 (especially # https://github.com/testssl/testssl.sh/issues/806#issuecomment-318686374) -# 7 ciphers defined for TLS 1.3 in RFCs 8446 and 9150 +# 9 ciphers defined for TLS 1.3 in RFCs 8446, 8998, and 9150 readonly TLS13_CIPHER=" -13,01, 13,02, 13,03, 13,04, 13,05, c0,b4, c0,b5" +13,01, 13,02, 13,03, 13,04, 13,05, 00,c6, 00,c7, c0,b4, c0,b5" # 113 standard cipher + 4x GOST for TLS 1.2 and SPDY/NPN HTTP2/ALPN declare TLS12_CIPHER=" @@ -146,7 +146,15 @@ xS6XqyNhhqGBhQOBggAEDjRvgELV732xXBsz5NJuirkmran6haJy2Phqqc4qPROm 79ZjkNvTbrsL9GVNvOmyUJv+PyxG1Zn6OsIxck747cJ/IGeOv7hcA+/J728TfWk= -----END PRIVATE KEY----- " - "22" "23" "24" "25" "26" "27" "28" "29" "2a" "2b" "2c" "2d" "2e" "2f" + "22" "23" "24" "25" "26" "27" "28" + "29" # OpenSSL does not support key derivation with curveSM2 +# "-----BEGIN PRIVATE KEY----- +# MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQgEbF8017wu8z9hM6R +# yyzdXvRLH72yLFwKtuvuMh2gf8KhRANCAAR2NofXnIdTmLZF93KUGLek9CimS+Ft +# NjHGzG7f+5hic6kauGfQ1+IIetrqZn9zUirs/PO99zmLDUYHo2krOLT0 +# -----END PRIVATE KEY----- +# " + "2a" "2b" "2c" "2d" "2e" "2f" "30" "31" "32" "33" "34" "35" "36" "37" "38" "39" "3a" "3b" "3c" "3d" "3e" "3f" "40" "41" "42" "43" "44" "45" "46" "47" "48" "49" "4a" "4b" "4c" "4d" "4e" "4f" "50" "51" "52" "53" "54" "55" "56" "57" "58" "59" "5a" "5b" "5c" "5d" "5e" "5f" @@ -681,7 +689,72 @@ dw2uLhtVpkl8Doh/wNPKoTLnAiFRih6ivuz24oY3Gp9fa6gsi/wXfgnHaHRsBQeB iUk= -----END PRIVATE KEY----- ---END HYBRID PRIV KEY--- -" ) +" +# OpenSSL does not support key derivation with curveSM2 +# [4590]="---BEGIN HYBRID PRIV KEY--- +# -----BEGIN PRIVATE KEY----- +# MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQgx6wXUaQJu3IxLcyf +# 0QZGKhUuTfJJEf/Rus0NAXPHFy6hRANCAARjmUu5EHJr/uoXG1beSvs1j99Eo/iI +# umHdgXXEHIC+b+q+cKqrQDi8ODhVzOcE54FGLxbCX3LIOcBDLgi8J9yn +# -----END PRIVATE KEY----- +# -----BEGIN PRIVATE KEY----- +# MIIJvgIBADALBglghkgBZQMEBAIEggmqMIIJpgRAi/aIz5Gow3kZmVmVyvfFs1Hj +# abvukCyEWbAyJ/3iNnuCFdFascAmnBbKkfEX6alNYSHYOpb5uoAqYhuwpMmpbgSC +# CWD/IVoZtFvprFv0uG691T5fUc+EEAskVr4/rL+ACLO6BBF6shdqgKwGQ37j0mN0 +# 92sHQsBrArj/Ob9cRq+0kLwyJxWSZ3baGqMxhZRy2JUd7BFIpBVEEb+riZ62Ob2g +# cGZWcKSTM8/R17EmB4ZYLCcTqFa7MwMFIRzM4k9Aoq3FlWb2lscPEa5QsCR9sjU5 +# 6avzl7XM2r5y0XimGEmGpmoOvLyZRo5lOzGxU0Si9T+o8bPIBMpVN0t4tF1XTF+o +# WyzelREtd1ueuHSK0S0YIJeFeQXSJHe5Sa9Gp6CZ84fA+m6+CCHkEDVCw4THwgow +# 8ihihTsIFjnIhzXMgDc814j6+Ll1hJppUbRXym48mh4BiJ+YSCbkAByUJj1uzDls +# cbDNiHdXRABjUSOXkIHK6V9x9DQzKbXC2xxElAMBBADVIMzQdhe4qB7Kyz2jYhpb +# tFNZyQxmqTOQ0sZ0coqyp8abvEZkpl6c8J6M8ohn603qNjvkrMsK5WHXOhqnu8CI +# DFBmKDm4sIhNp5KY+2ufdz9DtAsYCktiZIb7Fszn60bHQDJ7aRDgOMuihkQ3am1M +# ET/c4jyPB0LCtg5J9lJ3do9MW5OstwIeu1ka1hHGWcY+G8tVuHrpGbHC8s4HUIM6 +# Gmv6MV6uwMAJFTV1OWdp+2TxA7jWg78Hw0ucpGbu5UiAdaBfIAh6AxCf5LJlDKTz +# 9JdYKsbJEhMkYqdfyG21AVm9Gxyp12EHY0wZemGYclktlbg8cYcSK1DF6yb3TEXR +# g4SvYXbl6LYt5EiFKlcVanbiILykBih4JVJvAcvZ8aWB13cQ+DkINV7kSFjIMhgU +# NpVI8st19XLWer2uwV79MbWydMxSOCjRswXOiXvlxJ1rebI3ysJKEiYQ6wg82Frv +# pMOT8gtJY2i8mnWyiXoEWB6kHCQWELncGa22cwk8iVeRJHyht56PRR1Igj6ZxR9g +# XCzcEw39S2/z+g2sulk86seLhCb39F8oBY0SCW5rw2rkYjQP8kCgNq/Z9YHT5L7G +# uFVS4llGLGtMl1tmi6EkemMfehD5QU9wi65z563kw332FDa4oBrkGYej4W4ra5Kh +# C8KwmihCmc5bo5IhnDIKRFgTYwkg9IbJwMa0kSds4iU3AZDrgYIq7E1kWxT9A5iQ +# UmiPK6UrecMPaqUbokt+SMIsJwD/KcxCtMlcYbw5Wlf6A7ix+gjz+X30pwwe2oBy +# jFPbCEA3cEhMJilgtkU/tYiFBlEwuMVJ6US05i1H9GP9rILbTIJxJBpCaTfd8aw+ +# yYVdQFHZhrmEqV2+ZhyahZggA2EmZrIyF5iawK0PFzRUkwX/IWCPLB9iQIyFmDFy +# wICQu7DNMbO4SpFDM7NeMKxciadXo3JT6AkRkBhGy0JanBGsFC/FfCyaW2z0NVYm +# 7BH1GC9G13MGNh6qIAt4o6BUosS6IXfsB0ZyoAgaNKlUsM38CjGT8zTv12KQyV6G +# WzVpyUmaM28ousdGiFPx8YPiUhabKpRq2F/Xp5kscD40lx6OoSZjRILgc34IVTTU +# YS2n028LaH/x1WKJmoZVCyml7LPiqQMbWmfJq1herJfU1zS6UQLwpWiYc4Vh+S2j +# Ka7H+wj4AJvR9F0zQo8hhz7h4oesw8Op4VzbpMXSksbhMxgLtgPsKDkFaaJNkcHI +# ArgfyadDjAnfhxNsLH6aZpct+kbP8Cjl2KVWW52Im4T8eUEqFwxE8kJc4BxkZMAH +# 56AsJwXypZ3a6zNm5Uo1GgjgUF46hiN+bB+hlosOlEFDSqVSGLAV9ZuGwMtluACj +# KcwEmwvX0iJjC06KM1ypCLyQQisp+3+r+2/qun3BdzzkqAH1ppR/aK5xwBOPUXaE +# ch7KfHSbxFo0mj0WgrKCmnlpcFM5hCtvipaUxDTZqb3d9aYtXERfkXjlcy8P3C1X +# iZ/7m3O0ARJlxWRJS5aGeDVeFCj/Ob7R6CX2irxi9AccRh4i0XSxEaXkcSvo2CaS +# mmt0wnJXA8vNkalBQQs/Vb458yZWrM/OwagLaBv7VRA8gVuZWD9fc3Nt2k07pkGx +# 0SaREUUSOEwsuFj8UnEfSQDmQ7Qt9o5D813WFCtJtniM5SBO6yoz/AdiuwANq3kl +# 2MPNywb9FsnTMyGAAj4dHCRgtmk0dnZbrAIbbAfUeCHzIckYwiwwjBt522OxlYLw +# 8InDZJJ7i0rvCV72SFPG57r0qJxLoE9UY5xLOzwNq7KGWIaEJnd3gHeQ8TAiOx5t +# JRHSo5FmInajPLtA9pTT6qP+pTLSmahJSzVVdp+7hprROCePW1MlVWJydhtTeo3K +# uAX7kh+Wx1VYNbBV539LKTUAMYHYNALQGoQxt7GMp8DYWm95OX6r1UvOEIMc61z2 +# kxNNl6ashYOBuHtboiTnqZb6JQa6xUU4u6qWa2c6yxHp0Qr4Z5Db1HJ/NRvI0XKV +# yR7UrGfng0EYiQ3gtCqwZ1WTmj5vEHRM4K/5ERvexRWEuKeAzKEcsL+PyiCWcGub +# nDrbp4tN3MVbmAPVsKr6c6IR4F898Q2euzpTGnoTYHiaNopqmT/yZ6zLdaScBCY3 +# XG0PGW34Rm0bvEXW2F4+URNQ+w86Ci6ICGv82K0rVFIlek0kLMlHm1m10nGENnuq +# VSzXS5WbCIXNsT93GkZKy6SCR7gvrLTh98QdpK/NOK0Bs8vIGGdII1/ddrNfQCf0 +# YVqBeL9omQ926rce+DbZgyTf3A4mwYlAWpiGimQgSqh/mHEmkIhywECw+UKatIBG +# UX3BMXgs6yyWIlnjZxQdlFynSsn8hSvbCKvn3J/rmB/0MFt+4Wxf+0vqMTmkdIhT +# 9YP4UQ+lQDAHNLj7qZ1stDZmcDl5MTTfVYzeSRmnZn6s+Z1XACkmbF6UWpEPtpLi +# GrEIhXM07H1DRMXDQBdsyA/k4grwxRiY+GxvRmaNN4J4WDvEMp0ikaWxVh9ipMsq +# hXuMyL80dCV0ZSzz4KDAXLIgtIGNtU4G9rDI1JPW9BBUyyfc5TpCJ7qTICfeHIXq +# 54oLuUsxQEJEax79+6z5mLl0domstGaN1RoqnIUDNZMJdwSK0JkIuCZNPJjQ6i51 +# LIS6SqDC+5r0TDEqVHErkSB/vSwNlwFU1hLmjGtNg8ZSrAkRxEjCCVQQhdYxTPJu +# sdNbnyLJlymKCiL2JeUOdW6jghXRWrHAJpwWypHxF+mpTWEh2DqW+bqAKmIbsKTJ +# qW4= +# -----END PRIVATE KEY----- +# ---END HYBRID PRIV KEY-- +# " + ) # Public keys corresponding to the keys in TLS13_KEY_SHARES readonly -a TLS13_PUBLIC_KEY_SHARES=( @@ -698,7 +771,9 @@ readonly -a TLS13_PUBLIC_KEY_SHARES=( "00,1f,00,41,04,76,4e,e2,fd,65,8d,47,ce,f7,99,59,5f,7d,42,ff,5d,83,d6,d3,87,dd,79,57,f6,2a,57,d1,52,2f,1a,a0,83,5f,93,1b,30,ff,25,55,3a,e5,5f,4f,c1,a2,be,b1,2c,d6,44,f6,8a,2c,b4,67,e8,32,5c,3a,d8,89,2a,8f,d7" "00,20,00,61,04,03,f3,4d,78,58,a7,ba,43,90,a5,7f,80,96,97,1c,77,43,67,44,be,7d,61,d6,26,84,8e,55,49,d4,04,08,3c,94,ca,6e,21,1f,62,fb,b8,75,dd,39,96,82,fe,ac,6f,3d,0c,73,40,36,37,9e,a7,ab,0e,4c,08,07,ea,c5,8f,5a,96,38,ac,ea,c9,9b,76,2a,55,64,da,31,37,3a,6b,2b,86,ea,3d,d8,08,bd,e1,7d,0b,c9,6d,92,31,1c,a1" "00,21,00,81,04,0e,34,6f,80,42,d5,ef,7d,b1,5c,1b,33,e4,d2,6e,8a,b9,26,ad,a9,fa,85,a2,72,d8,f8,6a,a9,ce,2a,3d,13,a6,d2,25,23,a5,23,ab,ab,40,d5,e4,c5,04,ff,41,e1,bf,3b,ce,4a,a9,12,5a,be,e7,01,e7,ce,d5,ba,2f,9a,5f,85,a3,96,13,f8,a5,2c,64,93,18,2b,b0,e5,0e,d0,9b,ef,d6,63,90,db,d3,6e,bb,0b,f4,65,4d,bc,e9,b2,50,9b,fe,3f,2c,46,d5,99,fa,3a,c2,31,72,4e,f8,ed,c2,7f,20,67,8e,bf,b8,5c,03,ef,c9,ef,6f,13,7d,69" - "22" "23" "24" "25" "26" "27" "28" "29" "2a" "2b" "2c" "2d" "2e" "2f" + "22" "23" "24" "25" "26" "27" "28" + "00,29,00,41,04,76,36,87,d7,9c,87,53,98,b6,45,f7,72,94,18,b7,a4,f4,28,a6,4b,e1,6d,36,31,c6,cc,6e,df,fb,98,62,73,a9,1a,b8,67,d0,d7,e2,08,7a,da,ea,66,7f,73,52,2a,ec,fc,f3,bd,f7,39,8b,0d,46,07,a3,69,2b,38,b4,f4" + "2a" "2b" "2c" "2d" "2e" "2f" "30" "31" "32" "33" "34" "35" "36" "37" "38" "39" "3a" "3b" "3c" "3d" "3e" "3f" "40" "41" "42" "43" "44" "45" "46" "47" "48" "49" "4a" "4b" "4c" "4d" "4e" "4f" "50" "51" "52" "53" "54" "55" "56" "57" "58" "59" "5a" "5b" "5c" "5d" "5e" "5f" @@ -723,5 +798,6 @@ readonly -a TLS13_PUBLIC_KEY_SHARES=( [4587]="11,eb,04,e1,04,8f,b0,68,58,17,4b,90,09,0b,6f,6e,98,fc,80,b4,10,cf,ce,78,1f,89,62,7e,fe,a8,8e,bb,35,a8,0f,31,0d,35,ef,25,64,0c,b0,88,b5,49,64,95,15,1c,62,78,ff,7d,1d,b1,7e,26,6c,39,5b,dc,ca,31,04,fe,80,f5,f9,03,82,02,1c,17,80,4f,6b,74,98,09,03,48,b6,8e,b0,34,99,8e,96,1c,09,d6,1c,02,9c,68,27,c3,4b,10,25,82,67,47,88,92,e5,c8,df,b7,15,b5,17,b7,84,a6,50,f2,98,35,fc,23,25,03,95,0b,fe,11,5d,0f,52,0f,2d,47,91,d3,57,c1,02,9a,87,f5,19,37,b2,52,a9,2f,a6,56,58,0c,c9,51,7c,5e,49,19,4a,33,f0,aa,79,83,1c,1a,9c,34,bc,a8,79,61,fb,43,a3,78,2d,6a,03,81,92,c8,0f,f0,9a,2d,b8,e6,a5,89,14,49,3d,50,94,b6,41,ac,8e,e7,95,0a,12,83,02,a9,7e,c1,5a,63,71,71,45,5d,b4,9c,3e,80,7d,17,f2,a0,68,f0,12,6f,aa,39,d7,26,30,66,4b,9b,31,6a,c5,35,25,83,c2,04,94,f8,c2,70,60,21,4d,13,32,57,24,c4,a8,92,a5,18,d2,7c,ae,f4,91,79,3b,46,92,d0,62,af,e0,37,07,a3,99,71,0f,e4,c8,61,60,15,e3,3b,89,29,a2,34,89,c3,7a,a5,14,05,6e,6c,5b,9a,10,39,de,e8,a5,90,6b,aa,9a,bc,03,e1,91,71,f7,84,38,ad,d9,42,ef,99,4e,fa,79,41,6c,48,b1,3f,ec,2f,5a,3c,b7,96,1b,7e,4c,06,19,9d,67,6d,1d,bc,48,a3,98,9d,30,4a,38,29,44,bb,3b,8b,2b,24,20,8a,de,66,5c,a7,83,35,46,81,91,69,56,92,23,12,16,b0,e4,89,dc,aa,44,69,c7,76,a7,3c,8f,65,17,11,75,46,8c,44,b5,ae,40,b3,43,4a,a2,17,d5,d0,af,70,43,6d,d3,58,27,ee,48,6e,19,27,8a,fb,65,95,c9,0a,56,0f,9c,59,bd,03,65,10,7c,82,00,1b,48,58,47,7b,15,e7,16,6b,eb,91,99,93,7b,e8,f9,1e,77,66,c8,3b,f5,2a,d3,a0,71,73,d5,87,85,2b,0a,b9,22,87,5b,46,a4,94,58,6c,e0,50,bf,93,13,68,dc,f1,71,38,11,34,52,76,6e,2e,b3,51,95,c8,20,55,18,a8,0e,e8,a5,38,48,77,f4,7a,63,d5,f0,0e,fe,c6,63,0b,93,9c,f3,c2,a7,49,38,2d,14,2c,7c,19,5b,04,4a,da,60,89,dc,88,10,38,3c,47,09,a2,0c,b5,ba,3b,0a,ba,dd,c7,c7,fa,71,57,d5,75,b2,bf,5b,67,67,98,68,7c,00,bb,1b,fb,c8,95,b8,96,cc,3a,cf,95,d5,ca,07,02,79,02,ea,8f,a5,63,6c,b4,90,1b,e1,f3,64,7d,08,63,e8,06,78,d8,64,04,f9,ea,3c,e3,e5,55,9c,ea,3b,07,8a,60,49,e7,92,4b,82,6d,e0,36,50,71,f1,a6,97,62,cd,36,85,7c,b0,32,ce,34,7b,6a,0f,b9,8a,42,a3,14,2e,c0,1c,03,45,58,76,f5,6e,03,16,36,56,5c,b7,a0,64,c8,bd,4a,c2,33,75,7c,0d,b9,7e,61,06,7e,41,12,22,24,4b,26,80,fc,64,18,13,41,32,d5,64,dc,2c,60,08,3a,90,53,e2,c5,51,db,73,74,6a,05,56,66,48,cc,01,57,d1,c4,24,54,cc,6c,6b,09,9d,68,2c,a4,2f,87,30,8b,d5,bd,10,d8,55,45,55,79,82,f7,9f,f2,95,6c,69,f2,7c,c4,20,04,46,a0,b5,7e,65,1d,6e,b6,7c,17,62,aa,7b,44,94,05,70,12,16,e4,52,7d,23,94,6a,e5,ce,ad,29,92,a5,e5,1c,92,61,a5,aa,db,78,8e,92,93,f5,15,cc,b4,62,c8,13,d5,67,86,12,7d,15,cb,ba,21,23,36,81,ec,8d,9e,a1,0c,5e,c1,bc,15,42,23,c5,38,63,5e,a5,37,ed,b9,45,38,20,16,98,b1,52,d1,09,70,c8,95,48,75,f8,c6,b2,a1,1b,bc,77,58,c0,aa,b2,1a,fa,85,19,06,97,38,26,10,74,46,c7,42,bb,5b,72,10,4b,9c,69,87,f4,46,00,15,39,94,88,d3,72,06,96,b4,6d,c7,a1,a7,e1,ce,93,9b,a2,35,d3,82,65,d0,b1,11,9b,2e,e8,61,19,53,00,6d,d3,02,bc,1f,7c,48,f2,f8,99,df,68,bd,b7,a3,b6,92,99,cd,aa,51,3f,36,19,88,45,96,a8,a4,27,60,03,b4,c9,cc,59,18,35,24,73,24,5a,01,61,e3,11,34,b7,a1,db,ab,b7,cc,79,8d,cd,d3,2c,af,05,c5,59,d7,07,b4,cc,05,e1,a8,0a,d5,d3,31,fd,46,5f,e7,02,ae,c5,0a,1a,b4,a7,7c,df,22,a2,68,cb,5d,9c,f2,97,12,cb,57,d0,c2,5d,4c,08,0f,eb,a4,89,0c,f5,49,f4,68,69,fe,eb,99,59,a8,41,49,ca,c6,2b,05,56,aa,db,56,32,02,98,0f,a5,25,6b,68,4f,9e,91,64,2f,04,26,35,2c,49,bc,0b,01,9b,33,be,de,52,53,06,d5,07,4a,88,60,90,a2,c6,1e,8a,98,de,91,93,eb,97,15,41,0c,51,13,3c,8b,02,c1,94,04,f3,93,19,25,3f,c1,f6,bb,74,91,3e,7f,1c,75,3f,ea,83,b5,c9,a1,52,b3,28,61,eb,76,4b,49,b2,b9,a8,66,72,77,6f,b7,45,6f,58,38,13,3a,79,06,78,6c,ae,9f,ac,1d,be,33,01,a8,39,6d,0c,b6,4e,a1,cc,2b,77,d2,41,b7,51,97,36,04,17,d5,84,2d,1f,56,ad,7a,38,46,54,91,2a,62,93,95,d3,66,a3,e8,aa,8d,47,ba,ac,18,9b,5a,53,1b,5c,93,c8,83,01,93,cb,4d,e8,11,65,89,4e,99,42,cc,42,57,8d,72,2a,1d,ab,25,bd,8e,00,d0,dc,c5,0f,b0,cb,4c,f8,33,70,09,f1,f5,c6,3d,59,0f,32,bb,e5,87,87,20,cb,25,4c,ce,41,d8,b5,94,33,fc,e6,92,53,5f,6a,f0" [4588]="11,ec,04,c0,65,55,33,83,63,2a,4d,62,11,db,f0,05,14,00,cb,34,78,35,00,63,9f,7a,ac,41,bb,60,7b,05,9c,35,5c,6b,53,73,58,6c,9e,d8,10,a4,40,8b,48,97,65,b6,23,2c,ec,88,bd,94,49,0a,e9,a8,54,46,55,3f,af,e5,61,a7,67,33,2e,65,23,25,2a,7c,7d,c1,0c,9a,9b,42,ea,da,4e,a7,ab,73,b0,b5,92,21,a0,79,f9,96,b3,8c,ab,17,fa,30,2d,37,47,7e,53,c9,07,7b,a2,6d,37,25,b9,1b,5c,2f,64,b9,a3,a0,ec,40,29,95,c4,e9,c1,69,0d,04,8f,af,32,52,4b,c9,91,a2,8a,01,a5,a9,24,ee,4a,a4,d6,e7,87,d3,c7,1b,4b,a9,3f,12,15,73,ed,06,8a,95,a3,c6,ef,5c,bb,7f,82,9c,1c,54,4c,2c,e2,73,51,15,74,d7,87,9f,de,46,1c,78,26,70,69,37,7a,19,47,14,dc,e3,34,7e,b6,7b,bb,98,36,12,d2,34,91,d8,09,29,86,bc,ea,4b,5d,a9,13,29,fd,c5,22,b8,75,6f,83,77,bb,81,73,04,70,42,45,dd,09,10,68,8b,60,fe,26,2f,0e,56,be,43,f4,a4,ea,f6,06,30,59,24,c2,65,b7,1b,f4,55,e2,48,61,e3,f4,00,46,16,21,3b,68,ae,ee,68,74,4a,a7,0d,88,a2,83,ec,d4,b0,20,98,90,5e,7c,1e,c8,e9,9d,8b,e3,26,79,90,c3,2e,30,04,60,75,8b,ee,b3,b3,30,b0,ba,12,8b,b3,e5,c7,54,e4,ab,31,5a,55,bb,25,27,47,06,4a,4f,bf,8b,b3,e3,81,5f,74,c9,44,df,6c,49,7f,c2,65,cf,a0,a7,69,d6,7f,3f,92,41,2e,97,4c,ac,01,8a,a6,9b,bc,50,58,52,c5,ec,58,da,75,11,dc,90,20,41,79,1e,e9,39,5c,06,99,7f,93,11,a7,d5,44,85,fe,2c,bd,d5,61,4c,ac,bb,36,a1,5c,43,fc,b8,6c,34,a6,01,92,77,5a,0c,f9,10,1d,e4,46,43,b0,8b,bd,68,29,5f,9a,29,d5,26,88,9b,12,9a,0c,03,29,2c,c2,0e,b6,61,54,12,29,a5,c9,e2,03,0c,d3,6c,15,24,7e,90,1c,2c,6c,37,b2,0d,72,b6,d6,9a,89,33,68,68,be,75,0f,1a,24,3e,9c,f4,75,b2,31,52,09,ab,c9,8a,bc,3c,eb,64,6e,84,13,9b,80,6b,b4,4c,79,b4,6a,4c,1e,39,11,69,33,a4,6c,0d,e6,06,cd,11,bb,59,37,be,88,43,84,9f,2a,45,05,94,38,17,f8,7b,8f,82,49,e1,e7,c0,28,34,6a,0a,5c,b0,c2,2c,c2,4b,64,52,32,e3,87,e2,c4,6f,52,80,4e,01,c1,80,19,b3,84,8c,a1,6f,95,c7,7a,fd,d4,5f,de,ba,c4,a3,f0,30,72,ac,7f,9a,a0,85,14,18,62,0e,a3,68,a2,03,48,bc,4a,50,dc,c5,64,08,f2,1b,76,eb,5b,f5,56,a5,e7,b0,07,b6,56,3c,d4,13,95,1c,82,71,9a,c8,38,4b,fa,25,c4,36,8d,41,24,64,02,59,cf,69,91,21,de,0a,80,7e,ea,8d,c2,7b,48,24,1a,6a,fa,a6,1a,25,48,9b,3b,c1,49,8a,47,10,5e,a1,b5,6e,24,42,fc,fc,44,a8,99,b3,60,24,23,c4,3b,71,5e,89,5a,52,01,c5,0c,84,42,85,1a,9c,3d,65,a1,27,72,43,98,32,40,05,90,71,d7,d4,98,41,13,c7,2c,d0,8b,a8,5b,24,29,54,1b,fb,83,a4,a4,44,97,df,b8,7d,a6,97,ca,32,93,57,8b,d8,5e,08,65,42,81,e3,6a,5c,e0,1a,ef,d0,1d,93,98,c5,4d,f5,a0,3a,37,ae,c2,f5,5d,98,6c,95,1a,c7,58,d4,a9,32,f6,ea,8f,af,79,48,66,94,ab,47,e4,89,f6,09,63,56,48,6b,27,63,98,43,f9,1a,04,ea,62,4c,02,1f,94,a5,4a,4f,77,37,06,03,b5,e2,ba,aa,a9,16,43,8d,91,a2,81,f0,1c,09,e6,81,ff,f0,95,42,68,32,d2,a8,bc,7f,18,bf,d5,f1,14,3f,28,14,a2,3a,86,2f,94,ad,18,46,8d,7e,3b,1d,13,e1,19,d0,98,49,d4,bb,03,90,12,8c,f5,17,22,57,ca,0b,93,cc,1e,3e,b0,a7,4e,c9,8b,b5,da,6e,9e,76,c9,1e,d7,98,05,a8,c2,0e,05,bd,b4,30,bf,1d,e6,10,e7,74,73,00,00,9b,f2,27,1b,5d,b5,b6,c3,28,b3,01,3b,a0,0a,32,52,21,b8,ae,10,bc,5d,d2,70,47,6d,02,ca,95,aa,80,de,6b,5f,c7,04,af,f6,16,1c,a7,fb,54,e7,79,71,c8,22,4d,ae,81,55,0b,81,b2,c1,c4,b8,24,48,4d,46,50,ac,02,19,01,f8,01,65,0b,73,61,87,19,42,cc,29,25,52,b1,18,5f,69,63,65,b3,3d,cb,91,b6,31,3c,40,b4,8a,6f,08,ca,90,ab,a0,4a,b7,e2,b3,b0,f5,89,93,89,78,c3,93,3b,97,fa,92,b0,8b,c0,6a,29,0b,b3,b9,a6,2f,16,1f,34,67,4b,a2,47,38,ad,01,bf,bb,26,46,3e,17,78,22,68,0d,2a,54,1c,d6,09,15,4a,c5,9f,f4,80,7d,24,e1,30,68,4c,01,b9,b2,a2,11,eb,0e,ba,f6,49,c7,32,b1,ef,5a,ae,37,06,81,08,5c,8a,4f,05,38,c6,b8,7e,5b,77,b2,61,65,a6,22,37,29,11,dc,26,4c,50,44,c2,78,95,4d,83,9c,07,6c,c2,8e,00,08,bf,e5,ce,4b,ba,58,2f,54,83,bb,55,9f,75,7c,c2,fe,63,7c,8a,54,c5,95,c4,c8,b7,c4,cb,62,3b,7f,55,5a,3f,73,a6,b9,2e,dc,54,bd,e1,bf,5c,b9,e2,85,0c,a5,19,ff,ae,0a,7b,2c,14,b4,da,9a,ad,c3,2e,e1,fb,6f,d1,de,9e,c5,dd,6c,0e,5d,63,d0,b0,9a,3c,8d,b4,23,07,c3,74,5b,7d,c1,a3,5f,41,e5,9f,96,73,5f" [4589]="11,ed,06,81,04,11,4f,18,47,b8,9f,e6,f1,83,9a,a1,f6,ca,e2,d0,d0,89,f5,fc,71,77,6a,05,98,d2,32,10,bb,81,a4,b9,62,43,3d,f2,9b,8b,1f,62,f3,6a,f9,bc,fb,af,43,bc,e5,d6,22,67,cb,7e,2b,b6,84,d2,9e,f8,c0,e5,84,49,fb,84,d7,03,8f,5c,3f,77,e6,2a,83,d9,ca,9d,30,5e,21,6e,a1,60,97,68,d9,af,92,a0,6d,d1,71,6d,4f,17,8e,a5,64,6c,f9,e4,57,ce,ac,3c,43,85,1a,f1,da,1c,1d,51,0f,8f,f4,cc,f6,5a,ce,c5,79,14,c8,f8,09,71,02,b5,12,95,b1,75,1a,0f,d5,53,21,a0,91,0b,0a,11,28,9c,b8,2c,a6,13,94,2a,b0,4a,de,8b,30,b4,77,5e,f9,c4,bd,0f,95,39,50,9c,2b,c5,d4,22,f3,90,7d,48,fc,33,55,00,c6,10,c1,a9,be,2b,69,17,b8,4d,e9,dc,34,ed,51,2f,5e,46,8b,66,c3,39,d5,d1,9e,7a,eb,14,17,a6,51,21,e1,64,d7,97,91,f0,ac,64,d6,6b,30,c0,21,80,d6,e4,17,c1,02,8d,8b,d9,19,87,ab,7d,22,98,2e,8b,c8,56,3e,5c,0e,50,a1,4f,88,a3,53,f9,cb,30,0f,6b,48,60,75,b8,7d,c1,9a,14,f0,25,3a,3c,73,0d,45,97,00,98,92,bf,27,53,12,c8,24,98,33,3b,3a,e9,a5,9e,03,62,08,46,36,62,0b,45,9e,a7,7c,80,46,07,88,3c,22,6c,01,01,5c,19,60,03,d1,1d,d3,84,71,b6,60,2d,84,a5,b8,1a,56,35,ff,29,4b,49,45,9e,51,67,86,96,00,ab,8c,ca,bd,3d,e3,85,7c,22,8b,eb,46,0a,b2,a6,6b,1d,d1,75,6e,78,20,05,d9,30,d1,e2,04,38,15,ce,8a,13,5d,3d,b4,3f,2f,f3,96,40,27,9e,3e,3a,68,d2,ec,0c,a0,38,0d,bb,6c,31,45,48,a0,8b,11,61,6d,5b,3f,ab,21,14,01,44,37,90,2b,a2,00,42,a4,7a,62,24,1d,79,b4,d8,da,84,5c,d1,55,dd,9a,8d,fd,60,ab,bb,c3,9e,be,86,25,ba,44,18,a5,cb,80,b4,c7,cc,15,a9,4f,2b,e8,28,f5,99,13,61,6a,2b,c7,15,ac,b4,b8,cc,08,b4,4b,3f,20,26,79,35,61,a9,e0,b7,c9,a7,80,99,38,8f,9a,27,66,ef,57,90,a9,32,ca,4b,7c,aa,69,30,b8,cd,4c,27,5d,f2,b8,10,0a,cd,ee,75,64,58,77,9c,f5,b9,34,26,61,8c,f5,26,8e,68,70,b1,39,74,72,19,41,5a,2f,54,a8,f3,a7,7c,f1,3b,6f,8d,37,42,bd,4a,98,7e,29,44,1e,d7,c7,1d,c8,4d,bf,41,0d,7e,82,76,00,8b,ab,a0,01,cd,b9,30,16,32,4c,b4,ac,a1,10,55,e6,88,37,ec,4a,a9,45,44,d6,25,ba,ce,13,42,f4,52,36,1b,72,c2,4a,c7,a4,88,82,27,99,3c,16,d0,25,cf,47,d0,72,5b,c8,7e,42,89,31,81,f3,c5,69,b4,2b,aa,a8,9e,5d,13,5d,69,b5,0a,52,ec,18,68,ea,69,1e,1c,c7,0c,62,30,47,b3,37,a5,93,4c,a5,98,cc,a3,e9,75,54,35,79,b6,01,46,59,c7,77,72,66,b8,73,fb,31,88,1a,40,84,ac,93,00,2c,5a,04,84,68,3b,0c,87,2d,b1,ab,20,9a,6e,e4,f4,5d,ee,43,c7,a3,e4,a7,e9,27,6f,6a,25,18,57,91,60,69,82,c1,b2,e5,0f,a3,d3,23,c7,37,7c,57,57,b3,aa,54,49,35,49,7e,e4,e8,9c,01,f3,24,7f,18,8d,9a,89,63,30,3a,a3,83,a1,6c,c7,bb,3f,d8,56,38,56,d2,44,42,17,97,86,d9,3c,6d,90,c5,67,c5,17,ce,4b,6e,b4,33,30,54,83,95,ad,e6,15,d7,64,87,d7,42,18,09,b8,10,8b,39,70,95,b0,2e,50,e1,c5,44,28,44,0b,8a,53,27,66,25,86,06,b4,09,eb,0a,75,b8,b3,c2,63,c5,9f,c1,b2,28,38,cf,f3,f1,86,f6,10,61,b7,c7,4c,fe,55,40,16,93,b0,2e,d0,9f,9c,85,c9,f1,81,3c,18,99,3d,6a,e3,ab,fa,67,27,c4,6b,81,8f,71,26,1c,ca,73,8c,0c,72,bb,47,46,dd,20,cf,ad,62,65,f3,00,0f,8e,42,15,bb,34,09,32,87,cd,a2,35,cf,dd,50,5a,77,92,9a,c6,03,24,3e,36,b8,a1,da,26,3c,22,71,08,a5,b4,ca,68,83,53,66,a9,ad,67,43,e8,70,1d,e1,f6,67,4d,44,55,34,46,71,c1,08,1c,4b,e9,41,f6,5b,0d,46,08,ab,6e,78,c2,5b,76,24,ab,75,42,05,4a,2d,dc,b2,a2,89,20,9f,f5,ea,12,e2,14,83,57,b2,36,2e,45,52,30,34,95,3b,b1,41,af,9b,a4,07,87,02,be,1a,5f,f2,a5,8e,fb,10,18,5c,d7,a7,ca,9b,5b,aa,68,8b,e2,33,be,52,18,4b,83,78,28,2a,43,3a,4c,3c,af,ba,07,72,4f,40,4d,d0,72,07,bc,77,50,73,b9,5f,e8,70,2e,e4,94,4c,62,3a,79,37,4b,1c,8c,e5,1d,ba,94,0c,f9,32,33,60,fa,bd,d9,55,aa,30,14,6f,3e,a6,7a,22,8b,84,5e,95,cf,8f,54,11,b7,28,1b,5a,69,5f,c1,b7,4b,23,65,70,30,c5,6f,94,0c,37,2d,ac,4d,b7,d1,c8,6b,45,2e,d0,f6,64,a5,d6,5b,d7,43,79,e6,52,3d,e9,27,7e,99,a0,3b,80,4c,aa,d8,24,a5,a7,1b,be,97,85,7c,8b,f2,95,5c,32,6e,80,a9,45,5a,c2,5f,88,58,59,9d,52,5f,f4,67,c3,d9,a3,31,89,b8,0f,1f,c7,9f,04,fb,44,1e,0a,85,b4,c7,9d,be,ea,bc,31,fb,91,1e,05,ae,5d,bb,af,e2,a9,2d,1b,57,1b,ec,01,7a,19,25,74,7c,39,43,21,d8,66,84,f7,15,fc,f9,be,6d,55,56,3a,76,a8,79,3b,c2,8e,da,cb,b1,5c,5b,5b,36,aa,4a,c5,98,94,37,08,ca,24,63,a7,2b,84,a5,79,8d,cc,e3,08,83,c5,0a,f0,3b,58,c1,e8,a9,db,b0,73,47,0c,7f,fd,bc,2f,ab,93,47,33,77,76,71,e5,08,08,f9,6f,57,21,39,0e,d0,27,3f,11,7c,62,84,84,d1,63,09,18,84,29,37,92,ca,c6,20,9a,a4,2b,55,4a,da,37,f5,8c,af,50,ba,bb,cc,2a,88,b7,bb,4d,f5,6a,cc,c6,3b,c4,7e,76,24,ba,27,c8,f3,71,24,0c,19,50,24,47,77,a7,c7,43,99,88,10,33,87,c9,a4,8c,51,23,e1,96,68,86,cc,74,b2,2d,2c,66,4f,a0,1b,83,2e,50,8c,03,42,2e,cc,75,06,25,6c,7c,f6,04,8a,5e,d5,7b,7a,d7,b5,b6,82,c7,d7,5b,2c,82,61,ae,6e,e4,3a,af,2c,08,b3,7b,72,71,52,39,3f,c7,ac,60,50,48,e9,b8,36,79,81,87,62,ea,70,0b,20,a8,32,34,1a,53,77,7c,b2,0a,c7,bd,86,43,98,d4,a4,74,e1,88,38,ac,c7,e1,f3,9d,4e,31,76,9b,54,4f,a2,05,9b,09,2b,85,59,dc,8b,e5,95,be,29,34,1b,8a,07,2b,dd,b6,ab,0c,01,33,0f,85,40,bb,93,8d,cf,17,bb,6a,77,6c,f4,93,64,1a,a6,2b,8b,92,3f,94,e3,8a,03,61,b9,d2,90,9a,99,86,a6,df,f1,71,c3,bc,b9,d1,57,9f,47,b3,3c,38,0c,1a,d9,b2,9c,3a,11,a2,a3,0b,2f,24,04,69,52,50,8b,9b,1b,1a,a8,49,a5,81,74,65,54,68,b8,34,2b,75,35,c4,9d,e9,12,84,38,d5,5e,99,09,2e,78,74,cd,e9,e2,3b,d3,e6,58,1b,35,1f,6e,34,3f,3a,ea,1b,f6,01,29,af,bb,68,8c,ea,4c,a6,9b,35,96,91,75,8a,ea,06,83,11,76,20,9c,06,74,53,af,ae,00,1d,b4,07,28,1d,21,64,a0,77,0d,ae,2e,1b,55,a6,49,7c,0e,88,7f,c0,d3,ca,a1,32,e7,02,21,51,8a,1e,a2,be,ec,f6,e2,86,37,1a,9f,5f,6b" + [4590]="11,ee,04,e1,04,63,99,4b,b9,10,72,6b,fe,ea,17,1b,56,de,4a,fb,35,8f,df,44,a3,f8,88,ba,61,dd,81,75,c4,1c,80,be,6f,ea,be,70,aa,ab,40,38,bc,38,38,55,cc,e7,04,e7,81,46,2f,16,c2,5f,72,c8,39,c0,43,2e,08,bc,27,dc,a7,a7,d3,6f,0b,68,7f,f1,d5,62,89,9a,86,55,0b,29,a5,ec,b3,e2,a9,03,1b,5a,67,c9,ab,58,5e,ac,97,d4,d7,34,ba,51,02,f0,a5,68,98,73,85,61,f9,2d,a3,29,ae,c7,fb,08,f8,00,9b,d1,f4,5d,33,42,8f,21,87,3e,e1,e2,87,ac,c3,c3,a9,e1,5c,db,a4,c5,d2,92,c6,e1,33,18,0b,b6,03,ec,28,39,05,69,a2,4d,91,c1,c8,02,b8,1f,c9,a7,43,8c,09,df,87,13,6c,2c,7e,9a,66,97,2d,fa,46,cf,f0,28,e5,d8,a5,56,5b,9d,88,9b,84,fc,79,41,2a,17,0c,44,f2,42,5c,e0,1c,64,64,c0,07,e7,a0,2c,27,05,f2,a5,9d,da,eb,33,66,e5,4a,35,1a,08,e0,50,5e,3a,86,23,7e,6c,1f,a1,96,8b,0e,94,41,43,4a,a5,52,18,b0,15,f5,9b,86,c0,cb,65,b8,00,a3,29,cc,04,9b,0b,d7,d2,22,63,0b,4e,8a,33,5c,a9,08,bc,90,42,2b,29,fb,7f,ab,fb,6f,ea,ba,7d,c1,77,3c,e4,a8,01,f5,a6,94,7f,68,ae,71,c0,13,8f,51,76,84,72,1e,ca,7c,74,9b,c4,5a,34,9a,3d,16,82,b2,82,9a,79,69,70,53,39,84,2b,6f,8a,96,94,c4,34,d9,a9,bd,dd,f5,a6,2d,5c,44,5f,91,78,e5,73,2f,0f,dc,2d,57,89,9f,fb,9b,73,b4,01,12,65,c5,64,49,4b,96,86,78,35,5e,14,28,ff,39,be,d1,e8,25,f6,8a,bc,62,f4,07,1c,46,1e,22,d1,74,b1,11,a5,e4,71,2b,e8,d8,26,92,9a,6b,74,c2,72,57,03,cb,cd,91,a9,41,41,0b,3f,55,be,39,f3,26,56,ac,cf,ce,c1,a8,0b,68,1b,fb,55,10,3c,81,5b,99,58,3f,5f,73,73,6d,da,4d,3b,a6,41,b1,d1,26,91,11,45,12,38,4c,2c,b8,58,fc,52,71,1f,49,00,e6,43,b4,2d,f6,8e,43,f3,5d,d6,14,2b,49,b6,78,8c,e5,20,4e,eb,2a,33,fc,07,62,bb,00,0d,ab,79,25,d8,c3,cd,cb,06,fd,16,c9,d3,33,21,80,02,3e,1d,1c,24,60,b6,69,34,76,76,5b,ac,02,1b,6c,07,d4,78,21,f3,21,c9,18,c2,2c,30,8c,1b,79,db,63,b1,95,82,f0,f0,89,c3,64,92,7b,8b,4a,ef,09,5e,f6,48,53,c6,e7,ba,f4,a8,9c,4b,a0,4f,54,63,9c,4b,3b,3c,0d,ab,b2,86,58,86,84,26,77,77,80,77,90,f1,30,22,3b,1e,6d,25,11,d2,a3,91,66,22,76,a3,3c,bb,40,f6,94,d3,ea,a3,fe,a5,32,d2,99,a8,49,4b,35,55,76,9f,bb,86,9a,d1,38,27,8f,5b,53,25,55,62,72,76,1b,53,7a,8d,ca,b8,05,fb,92,1f,96,c7,55,58,35,b0,55,e7,7f,4b,29,35,00,31,81,d8,34,02,d0,1a,84,31,b7,b1,8c,a7,c0,d8,5a,6f,79,39,7e,ab,d5,4b,ce,10,83,1c,eb,5c,f6,93,13,4d,97,a6,ac,85,83,81,b8,7b,5b,a2,24,e7,a9,96,fa,25,06,ba,c5,45,38,bb,aa,96,6b,67,3a,cb,11,e9,d1,0a,f8,67,90,db,d4,72,7f,35,1b,c8,d1,72,95,c9,1e,d4,ac,67,e7,83,41,18,89,0d,e0,b4,2a,b0,67,55,93,9a,3e,6f,10,74,4c,e0,af,f9,11,1b,de,c5,15,84,b8,a7,80,cc,a1,1c,b0,bf,8f,ca,20,96,70,6b,9b,9c,3a,db,a7,8b,4d,dc,c5,5b,98,03,d5,b0,aa,fa,73,a2,11,e0,5f,3d,f1,0d,9e,bb,3a,53,1a,7a,13,60,78,9a,36,8a,6a,99,3f,f2,67,ac,cb,75,a4,9c,04,26,37,5c,6d,0f,19,6d,f8,46,6d,1b,bc,45,d6,d8,5e,3e,51,13,50,fb,0f,3a,0a,2e,88,08,6b,fc,d8,ad,2b,54,52,25,7a,4d,24,2c,c9,47,9b,59,b5,d2,71,84,36,7b,aa,55,2c,d7,4b,95,9b,08,85,cd,b1,3f,77,1a,46,4a,cb,a4,82,47,b8,2f,ac,b4,e1,f7,c4,1d,a4,af,cd,38,ad,01,b3,cb,c8,18,67,48,23,5f,dd,76,b3,5f,40,27,f4,61,5a,81,78,bf,68,99,0f,76,ea,b7,1e,f8,36,d9,83,24,df,dc,0e,26,c1,89,40,5a,98,86,8a,64,20,4a,a8,7f,98,71,26,90,88,72,c0,40,b0,f9,42,9a,b4,80,46,51,7d,c1,31,78,2c,eb,2c,96,22,59,e3,67,14,1d,94,5c,a7,4a,c9,fc,85,2b,db,08,ab,e7,dc,9f,eb,98,1f,f4,30,5b,7e,e1,6c,5f,fb,4b,ea,31,39,a4,74,88,53,f5,83,f8,51,0f,a5,40,30,07,34,b8,fb,a9,9d,6c,b4,36,66,70,39,79,31,34,df,55,8c,de,49,19,a7,66,7e,ac,f9,9d,57,00,29,26,6c,5e,94,5a,91,0f,b6,92,e2,1a,b1,08,85,73,34,ec,7d,43,44,c5,c3,40,17,6c,c8,0f,e4,e2,0a,f0,c5,18,98,f8,6c,6f,46,66,8d,37,82,78,58,3b,c4,32,9d,22,91,a5,b1,56,1f,62,a4,cb,2a,85,7b,8c,c8,bf,34,74,25,74,65,2c,f3,e0,a0,c0,5c,b2,20,b4,81,8d,b5,4e,06,f6,b0,c8,d4,93,d6,f4,10,54,cb,27,dc,e5,3a,42,27,ba,93,20,27,de,1c,85,ea,e7,8a,0b,b9,4b,31,40,42,44,6b,1e,fd,fb,ac,f9,98,b9,74,76,89,ac,b4,66,8d,d5,1a,2a,9c,85,03,35,93,09,77,04,8a,d0,99,08,b8,26,4d,3c,98,d0,ea,2e,75,2c,84,ba,4a,a0,c2,fb,9a,f4,4c,31,2a,54,71,2b,91,20,7f,bd,2c,0d,97,01,54,d6,12,e6,8c,6b,4d,83,c6,52,ac" [25497]="63,99,04,c0,15,45,8a,33,c6,16,72,fb,44,02,c9,c1,42,63,5d,2e,d0,30,a8,9b,a8,84,19,33,bf,23,10,ec,05,67,68,d9,12,0e,88,07,0a,39,85,85,6c,52,6e,24,70,69,38,aa,a1,a7,10,41,b5,4f,5a,99,2f,38,dc,07,0e,ab,a8,a2,44,40,49,7c,47,5d,3a,bd,7c,ea,af,63,11,47,5f,d2,8c,ef,81,b1,4d,e1,57,40,e6,32,0c,49,5d,43,63,62,7e,a8,49,71,7a,85,ea,00,9f,42,54,85,71,97,16,0e,43,35,4b,d1,26,2c,73,c8,cc,f2,43,63,c3,66,17,b4,7c,a7,d2,66,98,b4,60,e8,0b,a7,94,49,75,03,e3,4f,bf,69,ba,e7,67,68,89,c2,8a,4b,24,a2,42,f4,74,92,e3,44,85,bc,9e,da,e3,40,e9,e4,bd,4c,02,20,88,dc,67,2d,25,ba,4f,0a,4b,7c,dc,1f,96,d3,6a,01,86,5b,ad,75,b2,23,c5,c7,39,10,35,34,59,6e,23,fc,c9,cd,c0,17,e0,16,79,4b,04,82,70,d9,1f,62,a4,36,67,d3,00,a9,db,a4,25,09,21,38,f0,0b,d1,17,6a,3d,d5,22,51,1a,a6,0b,97,23,c7,67,32,0b,7c,a0,b3,a7,0d,06,49,01,52,69,9c,4f,f5,37,dd,0c,a7,bc,d0,c2,72,d5,6f,9c,26,aa,c3,ca,0d,84,6b,27,40,f8,1b,e3,55,bb,e4,f0,9a,15,52,2f,a3,da,06,45,c2,10,6e,a3,2a,07,87,61,89,1c,39,b1,52,26,2a,80,a5,a6,4b,2c,b3,3c,40,d7,42,0d,8b,67,90,d6,c6,49,09,a7,6e,d3,f2,c2,ac,b5,46,75,2c,8c,0d,03,0a,d8,f2,b7,19,a7,a4,84,f4,90,48,34,29,aa,00,28,e8,01,bf,2b,02,94,57,e2,62,36,59,61,d2,c0,0e,1c,69,04,57,b0,ba,c3,2c,a4,aa,e7,46,03,45,c9,a1,b6,58,13,ba,3f,ea,80,b3,ef,dc,5c,7f,28,8b,c6,92,18,db,81,0b,43,e1,07,65,b4,be,96,33,58,f0,31,c0,8c,29,9c,4c,d9,a8,95,91,58,e1,e7,61,b5,b5,23,0e,fa,39,62,63,38,3e,d4,3c,df,c1,09,81,ea,4f,0b,a2,7c,e3,08,1f,e6,e1,0f,5e,e0,5f,f1,02,c3,99,fa,6a,6f,45,96,87,31,18,f6,d8,48,13,15,6b,ed,7a,02,1e,da,a5,ec,da,67,07,67,ab,c2,ab,94,a5,07,01,17,54,8e,9c,35,12,55,60,53,02,8b,48,46,06,79,9f,da,6c,f3,51,86,a6,34,16,af,ba,45,ac,77,68,10,0b,c1,ce,f0,0a,c5,20,98,37,42,22,f8,e8,2e,9b,80,52,23,e4,90,f3,01,6e,f9,40,a7,19,c1,9d,59,97,9d,2e,57,06,d2,2a,75,28,c5,5b,aa,0c,a8,94,62,7b,ff,80,c4,6c,01,67,7f,c5,98,61,06,a3,bf,2c,19,32,77,86,7c,1c,42,36,0c,8c,7b,6b,62,01,d7,5a,2c,62,6f,a5,18,1b,19,c3,47,f7,e9,c9,ff,a9,c1,89,31,1d,46,79,2c,35,51,63,4a,f7,66,91,4a,b8,93,f9,40,b9,28,71,29,85,9a,0d,c5,16,c7,7b,ae,b9,4a,cc,50,d3,39,37,54,5f,31,fc,1b,fc,5a,76,23,e5,49,6b,c0,bd,11,1b,a2,b0,ca,36,55,07,54,40,0a,08,c8,49,ca,09,ea,29,73,02,80,d5,30,4c,e6,00,ae,0a,a4,2f,b8,57,4c,2d,75,58,05,8b,b6,c5,55,be,22,e6,48,63,75,c5,aa,f9,8d,e9,4c,8a,51,84,b7,96,b0,2e,14,58,18,99,48,29,de,36,7d,be,e5,8e,01,7c,9d,0f,71,2f,f8,84,7d,6e,d2,88,d0,67,b2,5b,e3,bb,63,bc,53,fa,80,88,29,26,c5,22,54,42,d8,21,82,5d,6a,4a,b1,b7,a2,8f,48,68,c2,c7,2f,79,fa,8d,25,f4,85,7b,47,a5,46,a5,af,3e,88,37,06,f5,41,40,71,02,89,f9,3e,1d,46,43,3e,34,5e,7e,39,4b,f2,25,c8,30,33,59,45,8a,c2,95,4b,94,37,53,b3,f0,03,73,21,d5,36,51,fc,6f,e9,1c,69,dd,a6,47,2b,39,5e,fc,35,c4,a8,84,7e,34,32,b3,76,f5,23,1b,67,07,e7,c8,b3,99,82,36,ec,9b,c7,a3,2c,80,de,09,46,c9,c9,22,cd,19,b9,a7,e0,c8,cb,a3,20,f7,f4,3a,7c,48,44,86,db,96,a4,b0,9d,bd,63,84,54,d9,c6,09,16,03,1e,45,89,65,da,57,2d,b3,33,0a,7b,1a,98,5a,cc,e5,08,ba,8c,35,7e,fe,4a,36,fa,f4,58,c3,fb,c8,e1,66,14,9e,91,b6,02,88,6f,fe,a9,6e,41,cb,63,6d,92,cc,65,c4,a9,9e,69,38,75,ec,6f,0f,89,c7,65,aa,2a,a1,8b,90,ad,e5,83,4b,b2,3e,68,60,84,be,a0,98,32,e6,47,53,41,c4,35,49,ca,10,16,c5,52,53,47,2b,ac,4f,44,1b,6a,04,7a,ab,95,7b,ae,20,b6,cc,be,21,9d,66,0a,c9,b0,a4,0b,2c,36,48,f2,6c,70,1d,56,11,b5,54,0a,7a,75,41,f1,fc,94,97,fc,5f,1c,53,c2,80,d5,64,6e,f9,c4,32,a1,69,fb,f6,b4,d7,63,a9,86,b8,7a,70,30,2f,45,22,47,19,1a,0e,54,b6,c4,58,81,b8,36,c1,2f,b5,67,6e,07,05,7b,68,37,aa,a8,73,46,c7,1b,1c,d8,34,44,83,83,b8,d7,07,76,5a,e9,32,38,30,9f,17,78,b0,c0,11,73,43,f2,c9,10,b1,cc,59,e9,59,f8,44,60,a0,1b,9c,98,f2,43,2e,5b,5a,b1,6a,07,e7,9a,73,79,56,cf,73,05,9a,a6,6a,79,a5,49,1f,c0,97,22,fe,89,e2,e4,66,6d,9a,18,ac,5e,d1,41,ba,dc,99,b4,01,0d,b0,43,11,3e,be,a0,50,d6,39,8a,4f,58,7d,cc,30,ba,c0,e6,41,51,ab,4e" ) diff --git a/openssl-iana.mapping.html b/openssl-iana.mapping.html index 9e90ce2..190a94b 100644 --- a/openssl-iana.mapping.html +++ b/openssl-iana.mapping.html @@ -224,6 +224,10 @@ xB9 TLS_RSA_PSK_WITH_NULL_SHA384 [0xbe] DHE-RSA-CAMELLIA128-SHA256 DH Camellia 128 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 [0xbf] ADH-CAMELLIA128-SHA256 DH Camellia 128 TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 + + [0xc6] ECDH SM4GCM 128 TLS_SM4_GCM_SM3 + [0xc7] ECDH SM4CCM 128 TLS_SM4_CCM_SM3 + [0x5600] TLS_FALLBACK_SCSV TLS_EMPTY_RENEGOTIATION_INFO_SCSV diff --git a/testssl.sh b/testssl.sh index 937d3ba..4a7da1f 100755 --- a/testssl.sh +++ b/testssl.sh @@ -467,7 +467,13 @@ declare TLS_CIPHER_AUTH=() declare TLS_CIPHER_ENC=() declare TLS_CIPHER_EXPORT=() declare TLS_CIPHER_OSSL_SUPPORTED=() -declare TLS13_OSSL_CIPHERS="TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_CCM_SHA256:TLS_AES_128_CCM_8_SHA256:TLS_SHA256_SHA256:TLS_SHA384_SHA384" +declare TLS13_OSSL_CIPHERS="TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_CCM_SHA256:TLS_AES_128_CCM_8_SHA256:TLS_SHA256_SHA256:TLS_SHA384_SHA384:TLS_SM4_GCM_SM3:TLS_SM4_CCM_SM3" + +# Regular expression that matches all TLS 1.3 ciphers (see RFC 8446, RFC 8998, +# RFC 9150, RFC 9367, and draft-irtf-cfrg-aegis-aead-08). +# Note that strip_inconsistent_ciphers() also needs to be updated whenever a new +# TLS 1.3-only cipher suite is added. +declare TLS13_CIPHERS_REGEX="13,0[1-7]|00,[cC][67]|[cC]0,[bB][45]|[cC]1,0[3-6]" ########### Some predefinitions: date, sed (we always use tests for binaries and NOT try to determine @@ -1033,8 +1039,10 @@ strip_inconsistent_ciphers() { local cipherlist="$2" if [[ $proto -lt 4 ]]; then - cipherlist="${cipherlist//, 13,0[0-9a-fA-F]/}" + cipherlist="${cipherlist//, 13,0[1-7]/}" + cipherlist="${cipherlist//, 00,[cC][67]/}" cipherlist="${cipherlist//, [cC]0,[bB][45]/}" + cipherlist="${cipherlist//, [cC]1,0[3-6]/}" fi if [[ $proto -lt 3 ]]; then cipherlist="${cipherlist//, 00,3[b-fB-F]/}" @@ -4176,7 +4184,7 @@ run_cipher_match(){ ! "${ciphers_found2[i]}" && ciphers_to_test+=", ${hexcode2[i]}" done [[ -z "$ciphers_to_test" ]] && break - [[ "$proto" == 04 ]] && [[ ! "$ciphers_to_test" =~ ,\ 13,[0-9a-f][0-9a-f] ]] && [[ ! "$ciphers_to_test" =~ ,\ [cC]0,[bB][45] ]] && break + [[ "$proto" == 04 ]] && [[ ! "$ciphers_to_test" =~ ,\ ($TLS13_CIPHERS_REGEX) ]] && break ciphers_to_test="$(strip_inconsistent_ciphers "$proto" "$ciphers_to_test")" [[ -z "$ciphers_to_test" ]] && break if "$SHOW_SIGALGO"; then @@ -4451,7 +4459,7 @@ run_allciphers() { ! "${ciphers_found2[i]}" && ciphers_to_test+=", ${hexcode2[i]}" done [[ -z "$ciphers_to_test" ]] && break - [[ "$proto" == 04 ]] && [[ ! "$ciphers_to_test" =~ ,\ 13,[0-9a-f][0-9a-f] ]] && [[ ! "$ciphers_to_test" =~ ,\ [cC]0,[bB][45] ]] && break + [[ "$proto" == 04 ]] && [[ ! "$ciphers_to_test" =~ ,\ ($TLS13_CIPHERS_REGEX) ]] && break ciphers_to_test="$(strip_inconsistent_ciphers "$proto" "$ciphers_to_test")" [[ -z "$ciphers_to_test" ]] && break if "$SHOW_SIGALGO"; then @@ -6405,7 +6413,7 @@ sub_cipherlists() { for proto in 04 03 02 01 00; do # If $cipherlist doesn't contain any TLSv1.3 ciphers, then there is # no reason to try a TLSv1.3 ClientHello. - [[ "$proto" == 04 ]] && [[ ! "$6" =~ 13,0 ]] && [[ ! "$6" =~ [cC]0,[bB][45] ]] && continue + [[ "$proto" == 04 ]] && [[ ! "$6" =~ $TLS13_CIPHERS_REGEX ]] && continue [[ $(has_server_protocol "$proto") -eq 1 ]] && continue cipherlist="$(strip_inconsistent_ciphers "$proto" ", $6")" cipherlist="${cipherlist:2}" @@ -6602,9 +6610,9 @@ run_cipherlists() { good_ciphers="00,9C, 00,9D, 00,A0, 00,A1, 00,A4, 00,A5, 00,A8, 00,A9, 00,AC, 00,AD, C0,2D, C0,2E, C0,31, C0,32, C0,50, C0,51, C0,54, C0,55, C0,58, C0,59, C0,5E, C0,5F, C0,62, C0,63, C0,6A, C0,6B, C0,6E, C0,6F, C0,7A, C0,7B, C0,7E, C0,7F, C0,82, C0,83, C0,88, C0,89, C0,8C, C0,8D, C0,8E, C0,8F, C0,92, C0,93, C0,9C, C0,9D, C0,A0, C0,A1, C0,A4, C0,A5, C0,A8, C0,A9, CC,AB, CC,AE, 00,FF" ossl_strong_ciphers='AESGCM:CHACHA20:CamelliaGCM:AESCCM:ARIAGCM:!kPSK:!kRSAPSK:!kRSA:!kDH:!kECDH:!aNULL' - ossl_strong_ciphersuites="TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_CCM_SHA256:TLS_AES_128_CCM_8_SHA256" + ossl_strong_ciphersuites="TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_CCM_SHA256:TLS_AES_128_CCM_8_SHA256:TLS_SM4_GCM_SM3:TLS_SM4_CCM_SM3" # grep AEAD etc/cipher-mapping.txt | grep -E 'TLS_ECDHE|TLS_DHE|TLS_PSK_DHE|TLSv1.3' - strong_ciphers="00,9E, 00,9F, 00,A2, 00,A3, 00,AA, 00,AB, 13,01, 13,02, 13,03, 13,04, 13,05, 16,B7, 16,B8, 16,B9, 16,BA, C0,2B, C0,2C, C0,2F, C0,30, C0,52, C0,53, C0,56, C0,57, C0,5C, C0,5D, C0,60, C0,61, C0,6C, C0,6D, C0,7C, C0,7D, C0,80, C0,81, C0,86, C0,87, C0,8A, C0,8B, C0,90, C0,91, C0,9E, C0,9F, C0,A2, C0,A3, C0,A6, C0,A7, C0,AA, C0,AB, C0,AC, C0,AD, C0,AE, C0,AF, CC,13, CC,14, CC,15, CC,A8, CC,A9, CC,AA, CC,AC, CC,AD, 00,FF" + strong_ciphers="00,9E, 00,9F, 00,A2, 00,A3, 00,AA, 00,AB, 00,C6, 00,C7, 13,01, 13,02, 13,03, 13,04, 13,05, 16,B7, 16,B8, 16,B9, 16,BA, C0,2B, C0,2C, C0,2F, C0,30, C0,52, C0,53, C0,56, C0,57, C0,5C, C0,5D, C0,60, C0,61, C0,6C, C0,6D, C0,7C, C0,7D, C0,80, C0,81, C0,86, C0,87, C0,8A, C0,8B, C0,90, C0,91, C0,9E, C0,9F, C0,A2, C0,A3, C0,A6, C0,A7, C0,AA, C0,AB, C0,AC, C0,AD, C0,AE, C0,AF, CC,13, CC,14, CC,15, CC,A8, CC,A9, CC,AA, CC,AC, CC,AD, 00,FF" # argv[1]: non-TLSv1.3 cipher list to test in OpenSSL syntax # argv[2]: TLSv1.3 cipher list to test in OpenSSL syntax @@ -6745,6 +6753,7 @@ pr_ecdh_curve_quality() { "brainpoolP512r1"*) bits=512 ;; "X25519") bits=253 ;; "X448") bits=448 ;; + "curveSM2") bits=256 ;; esac pr_ecdh_quality "$bits" "$curve" } @@ -6772,6 +6781,7 @@ pr_kem_param_set_quality() { "X25519MLKEM768") bits=192 ;; "SecP384r1MLKEM1024") bits=256 ;; "X25519Kyber768Draft00") bits=128 ;; + "curveSM2MLKEM768") bits=192 ;; esac pr_kem_quality "$bits" "$kem" } @@ -6932,6 +6942,7 @@ read_dhtype_from_file() { [[ "$kx" == "Kx=X25519MLKEM768" ]] && kx="Kx=ECDH/MLKEM" [[ "$kx" == "Kx=SecP384r1MLKEM1024" ]] && kx="Kx=ECDH/MLKEM" [[ "$kx" == "Kx=X25519Kyber768Draft00" ]] && kx="Kx=ECDH/Kyber" + [[ "$kx" == "Kx=curveSM2MLKEM768" ]] && kx="Kx=ECDH/MLKEM" tm_out "$kx" return 0 } @@ -6942,6 +6953,7 @@ read_sigalg_from_file() { sig_alg="$(strip_leading_space "$($OPENSSL x509 -noout -text -in "$1" 2>/dev/null | awk -F':' '/Signature Algorithm/ { print $2; exit; }')")" case "$sig_alg" in + 1.2.156.10197.1.501) tm_out "SM2-with-SM3" ;; 1.3.101.112|ED25519) tm_out "Ed25519" ;; 1.3.101.113|ED448) tm_out "Ed448" ;; 2.16.840.1.101.3.4.3.17) tm_out "ML-DSA-44" ;; @@ -7205,8 +7217,8 @@ run_server_preference() { local list_fwd="DHE-RSA-SEED-SHA:SEED-SHA:DES-CBC3-SHA:RC4-MD5:DES-CBC-SHA:RC4-SHA:AES128-SHA:AES128-SHA256:AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-RSA-AES128-SHA:ECDH-RSA-AES256-SHA:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-DSS-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:AES256-SHA256:ECDHE-RSA-DES-CBC3-SHA:ECDHE-RSA-AES128-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:ADH-AES256-GCM-SHA384:AECDH-AES128-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-AES128-SHA" local list_reverse="ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-RC4-SHA:AECDH-AES128-SHA:ADH-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-DES-CBC3-SHA:AES256-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA:ECDH-RSA-AES128-SHA:ECDH-RSA-DES-CBC3-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:AES256-SHA:AES128-SHA256:AES128-SHA:RC4-SHA:DES-CBC-SHA:RC4-MD5:DES-CBC3-SHA:SEED-SHA:DHE-RSA-SEED-SHA" tls_list_fwd="c0,2c, c0,30, 00,9f, cc,a9, cc,a8, cc,aa, c0,2b, c0,2f, 00,9e, c0,24, c0,28, 00,6b, c0,23, c0,27, 00,67, c0,0a, 00,04, 00,05, 00,09, 00,0a, 00,9a, 00,96, - c0,14, 00,39, c0,09, c0,13, 00,33, 00,9d, 00,9c, 13,01, 13,02, 13,03, 13,04, 13,05, 00,3d, 00,3c, 00,35, 00,2f, 00,ff" - tls_list_rev="00,2f, 00,35, 00,3c, 00,3d, 13,05, 13,04, 13,03, 13,02, 13,01, 00,9c, 00,9d, 00,33, c0,13, c0,09, 00,39, c0,14, 00,96, 00,9a, 00,0a, 00,09, 00,05, 00,04, + c0,14, 00,39, c0,09, c0,13, 00,33, 00,9d, 00,9c, 00,C6, 00,C7, 13,01, 13,02, 13,03, 13,04, 13,05, 00,3d, 00,3c, 00,35, 00,2f, 00,ff" + tls_list_rev="00,2f, 00,35, 00,3c, 00,3d, 13,05, 13,04, 13,03, 13,02, 13,01, 00,C7, 00,C6, 00,9c, 00,9d, 00,33, c0,13, c0,09, 00,39, c0,14, 00,96, 00,9a, 00,0a, 00,09, 00,05, 00,04, c0,0a, 00,67, c0,27, c0,23, 00,6b, c0,28, c0,24, 00,9e, c0,2f, c0,2b, cc,aa, cc,a8, cc,a9, 00,9f, c0,30, c0,2c, 00,ff" local has_cipher_order=false has_tls13_cipher_order=false local addcmd="" addcmd2="" @@ -7236,7 +7248,7 @@ run_server_preference() { tls_sockets "04" \ "c0,2c, c0,30, 00,9f, cc,a9, cc,a8, cc,aa, c0,2b, c0,2f, 00,9a, 00,96, 00,9e, c0,24, c0,28, 00,6b, c0,23, c0,27, 00,67, c0,0a, - c0,14, 00,39, c0,09, c0,13, 00,33, 00,9d, 00,9c, 13,02, + c0,14, 00,39, c0,09, c0,13, 00,33, 00,9d, 00,9c, 00,c6, 00,c7, 13,02, 13,03, 13,01, 13,04, 13,05, c0,b4, c0,b5, 00,3d, 00,3c, 00,35, 00,2f, 00,ff" \ "ephemeralkey" sclient_success=$? @@ -7279,12 +7291,12 @@ run_server_preference() { # Some servers don't have a TLS 1.3 cipher order, see #1163 if [[ "$default_proto" == TLSv1.3 ]]; then - tls_sockets "04" "c0,b5, c0,b4, 13,05, 13,04, 13,03, 13,02, 13,01, 00,ff" + tls_sockets "04" "c0,b5, c0,b4, 13,05, 13,04, 13,03, 13,02, 13,01, 00,c7, 00,c6, 00,ff" [[ $? -ne 0 ]] && ret=1 && prln_fixme "something weird happened around line $((LINENO - 1))" cp "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt" $TMPFILE tls13_cipher1=$(get_cipher $TMPFILE) debugme tm_out "TLS 1.3: --> $tls13_cipher1\n" - tls_sockets "04" "13,01, 13,02, 13,03, 13,04, 13,05, c0,b4, c0,b5, 00,ff" + tls_sockets "04" "00,c6, 00,c7, 13,01, 13,02, 13,03, 13,04, 13,05, c0,b4, c0,b5, 00,ff" [[ $? -ne 0 ]] && ret=1 && prln_fixme "something weird happened around line $((LINENO - 1))" cp "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt" $TMPFILE tls13_cipher2=$(get_cipher $TMPFILE) @@ -8487,13 +8499,11 @@ get_server_certificate() { CERTIFICATE_LIST_ORDERING_PROBLEM=false if [[ "$1" =~ tls1_3 ]]; then [[ $(has_server_protocol "tls1_3") -eq 1 ]] && return 1 - if "$HAS_TLS13" && "$HAS_SIGALGS" && [[ ! "$1" =~ tls1_3_EdDSA ]] && [[ ! "$1" =~ tls1_3_MLDSA ]]; then + if "$HAS_TLS13" && "$HAS_SIGALGS" && [[ "$1" =~ tls1_3_RSA || "$1" =~ tls1_3_ECDSA ]]; then if [[ "$1" =~ tls1_3_RSA ]]; then $OPENSSL s_client $(s_client_options "$STARTTLS $BUGS -showcerts -connect $NODEIP:$PORT $PROXY $SNI -tls1_3 -tlsextdebug -status -msg -sigalgs PSS+SHA256:PSS+SHA384:PSS+SHA512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512") $ERRFILE >$TMPFILE - elif [[ "$1" =~ tls1_3_ECDSA ]]; then - $OPENSSL s_client $(s_client_options "$STARTTLS $BUGS -showcerts -connect $NODEIP:$PORT $PROXY $SNI -tls1_3 -tlsextdebug -status -msg -sigalgs ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512") $ERRFILE >$TMPFILE else - return 1 + $OPENSSL s_client $(s_client_options "$STARTTLS $BUGS -showcerts -connect $NODEIP:$PORT $PROXY $SNI -tls1_3 -tlsextdebug -status -msg -sigalgs ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512") $ERRFILE >$TMPFILE fi sclient_connect_successful $? $TMPFILE || return 1 DETECTED_TLS_VERSION="0304" @@ -8512,6 +8522,8 @@ get_server_certificate() { tls_sockets "04" "$TLS13_CIPHER" "all+" "00,12,00,00, 00,05,00,05,01,00,00,00,00, 00,0d,00,06,00,04,08,07,08,08" elif [[ "$1" =~ tls1_3_MLDSA ]]; then tls_sockets "04" "$TLS13_CIPHER" "all+" "00,12,00,00, 00,05,00,05,01,00,00,00,00, 00,0d,00,08,00,06,09,04,09,05,09,06" + elif [[ "$1" =~ tls1_3_SM2 ]]; then + tls_sockets "04" "$TLS13_CIPHER" "all+" "00,12,00,00, 00,05,00,05,01,00,00,00,00, 00,0d,00,04,00,02,07,08" else return 1 fi @@ -9195,11 +9207,13 @@ certificate_transparency() { if [[ $number_of_certificates -gt 1 ]] && ! "$SSL_NATIVE"; then if [[ "$tls_version" == 0304 ]]; then - ciphers=", 13,01, 13,02, 13,03, 13,04, 13,05, c0,b4, c0,b5" + ciphers=", 00,c6, 00,c7, 13,01, 13,02, 13,03, 13,04, 13,05, c0,b4, c0,b5" if [[ "$cipher" == tls1_3_RSA ]]; then extra_extns=", 00,0d,00,10,00,0e,08,04,08,05,08,06,04,01,05,01,06,01,02,01" elif [[ "$cipher" == tls1_3_ECDSA ]]; then extra_extns=", 00,0d,00,0a,00,08,04,03,05,03,06,03,02,03" + elif [[ "$cipher" == tls1_3_SM2 ]]; then + extra_extns=", 00,0d,00,04,00,02,07,08" else return 1 fi @@ -9383,6 +9397,7 @@ certificate_info() { cert_sig_algo="$(awk -F':' '/Signature Algorithm/ { print $2; if (++Match >= 1) exit; }' <<< "$cert_txt")" cert_sig_algo="${cert_sig_algo// /}" case "$cert_sig_algo" in + 1.2.156.10197.1.501) cert_sig_algo="SM2-with-SM3" ;; 1.3.101.112|ED25519) cert_sig_algo="Ed25519" ;; 1.3.101.113|ED448) cert_sig_algo="Ed448" ;; 2.16.840.1.101.3.4.3.17) cert_sig_algo="ML-DSA-44" ;; @@ -9521,6 +9536,10 @@ certificate_info() { prln_svrty_good "$cert_sig_algo" fileout "${jsonID}${json_postfix}" "OK" "$cert_sig_algo" ;; + SM2-with-SM3) + outln "SM2 with SM3" + fileout "${jsonID}${json_postfix}" "INFO" "SM2 with SM3" + ;; *) out "$cert_sig_algo (" pr_warning "FIXME: can't tell whether this is good or not" @@ -10422,7 +10441,7 @@ run_server_defaults() { local match_found local sessticket_lifetime_hint="" sessticket_proto="" lifetime unit local -i i n - local -i certs_found=0 + local -i certs_found=0 nr_cert_types local -i ret=0 local -a previous_hostcert previous_hostcert_txt previous_hostcert_type local -a previous_hostcert_issuer previous_intermediates previous_ordering_problem keysize tested_cipher @@ -10454,33 +10473,35 @@ run_server_defaults() { ciphers_to_test[9]="tls1_3_ECDSA" ciphers_to_test[10]="tls1_3_EdDSA" ciphers_to_test[11]="tls1_3_MLDSA" + ciphers_to_test[12]="tls1_3_SM2" certificate_type[1]="" ; certificate_type[2]="" certificate_type[3]=""; certificate_type[4]="" certificate_type[5]="" ; certificate_type[6]="" certificate_type[7]="" ; certificate_type[8]="RSASig" certificate_type[9]="ECDSA" ; certificate_type[10]="EdDSA" - certificate_type[11]="MLDSA" + certificate_type[11]="MLDSA" ; certificate_type[12]="SM2" + nr_cert_types=12 if "$SERVER_SIZE_LIMIT_BUG"; then ciphers_to_test[3]="aDSS:aDH:aECDH" ciphers_to_test[6]="aECDSA:aGOST" fi - for (( n=1; n <= 18 ; n++ )); do + for (( n=1; n <= $((nr_cert_types+7)) ; n++ )); do # Some servers use a different certificate if the ClientHello # specifies TLSv1.1 and doesn't include a server name extension. # So, for each public key type for which a certificate was found, # try again, but only with TLSv1.1 and without SNI. if [[ $n -ne 1 ]] && [[ "$OPTIMAL_PROTO" == -ssl2 ]]; then ciphers_to_test[n]="" - elif [[ $n -ge 12 ]]; then + elif [[ $n -gt $nr_cert_types ]]; then ciphers_to_test[n]="" - [[ ${success[n-11]} -eq 0 ]] && [[ $(has_server_protocol "tls1_1") -ne 1 ]] && \ - ciphers_to_test[n]="${ciphers_to_test[n-11]}" && certificate_type[n]="${certificate_type[n-11]}" + [[ ${success[n-nr_cert_types]} -eq 0 ]] && [[ $(has_server_protocol "tls1_1") -ne 1 ]] && \ + ciphers_to_test[n]="${ciphers_to_test[n-nr_cert_types]}" && certificate_type[n]="${certificate_type[n-nr_cert_types]}" fi if [[ -n "${ciphers_to_test[n]}" ]]; then - if [[ $n -ge 12 ]]; then + if [[ $n -gt $nr_cert_types ]]; then sni="$SNI" SNI="" get_server_certificate "${ciphers_to_test[n]}" "tls1_1" @@ -10491,7 +10512,7 @@ run_server_defaults() { success[n]=$? fi if [[ ${success[n]} -eq 0 ]] && [[ -s "$HOSTCERT" ]]; then - [[ $n -ge 12 ]] && [[ ! -e $HOSTCERT.nosni ]] && cp $HOSTCERT $HOSTCERT.nosni + [[ $n -gt $nr_cert_types ]] && [[ ! -e $HOSTCERT.nosni ]] && cp $HOSTCERT $HOSTCERT.nosni cp "$TEMPDIR/$NODEIP.get_server_certificate.txt" $TMPFILE >$ERRFILE if [[ -z "$sessticket_lifetime_hint" ]]; then @@ -10573,7 +10594,7 @@ run_server_defaults() { fi i=$((i + 1)) done - if ! "$match_found" && [[ $n -ge 12 ]] && [[ $certs_found -ne 0 ]]; then + if ! "$match_found" && [[ $n -gt $nr_cert_types ]] && [[ $certs_found -ne 0 ]]; then # A new certificate was found using TLSv1.1 without SNI. # Check to see if the new certificate should be displayed. # It should be displayed if it is either a match for the @@ -10630,7 +10651,7 @@ run_server_defaults() { [[ -n "${previous_intermediates[certs_found]}" ]] && [[ -r $TEMPDIR/hostcert_issuer.pem ]] && \ previous_hostcert_issuer[certs_found]=$(cat $TEMPDIR/hostcert_issuer.pem) previous_ordering_problem[certs_found]=$CERTIFICATE_LIST_ORDERING_PROBLEM - [[ $n -ge 12 ]] && sni_used[certs_found]="" || sni_used[certs_found]="$SNI" + [[ $n -gt $nr_cert_types ]] && sni_used[certs_found]="" || sni_used[certs_found]="$SNI" tls_version[certs_found]="$DETECTED_TLS_VERSION" previous_hostcert_type[certs_found]=" ${certificate_type[n]}" if [[ $DEBUG -ge 1 ]]; then @@ -10898,7 +10919,7 @@ run_server_defaults() { sni="$SNI" ; SNI="" mv $HOSTCERT $HOSTCERT.save # Send same list of cipher suites as OpenSSL 1.1.1 sends (but with - # all 5 TLSv1.3 ciphers offered. + # all 5 TLSv1.3 ciphers from RFC 8446 offered. tls_sockets "04" \ "c0,2c, c0,30, 00,9f, cc,a9, cc,a8, cc,aa, c0,2b, c0,2f, 00,9e, c0,24, c0,28, 00,6b, c0,23, c0,27, 00,67, c0,0a, @@ -10978,18 +10999,18 @@ run_fs() { local fs_cipher_list="DHE-DSS-AES128-GCM-SHA256:DHE-DSS-AES128-SHA256:DHE-DSS-AES128-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-DSS-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-DSS-CAMELLIA128-SHA256:DHE-DSS-CAMELLIA128-SHA:DHE-DSS-CAMELLIA256-SHA256:DHE-DSS-CAMELLIA256-SHA:DHE-DSS-SEED-SHA:DHE-RSA-AES128-CCM8:DHE-RSA-AES128-CCM:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-CCM8:DHE-RSA-AES256-CCM:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA128-SHA256:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA256:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-CHACHA20-POLY1305-OLD:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-SEED-SHA:ECDHE-ECDSA-AES128-CCM8:ECDHE-ECDSA-AES128-CCM:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-AES256-CCM:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-CAMELLIA128-SHA256:ECDHE-ECDSA-CAMELLIA256-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-CAMELLIA128-SHA256:ECDHE-RSA-CAMELLIA256-SHA384:ECDHE-RSA-CHACHA20-POLY1305-OLD:ECDHE-RSA-CHACHA20-POLY1305" local fs_hex_cipher_list="" ciphers_to_test tls13_ciphers_to_test local ecdhe_cipher_list="" tls13_cipher_list="" ecdhe_cipher_list_hex="" ffdhe_cipher_list_hex="" - local curves_hex=("00,01" "00,02" "00,03" "00,04" "00,05" "00,06" "00,07" "00,08" "00,09" "00,0a" "00,0b" "00,0c" "00,0d" "00,0e" "00,0f" "00,10" "00,11" "00,12" "00,13" "00,14" "00,15" "00,16" "00,17" "00,18" "00,19" "00,1a" "00,1b" "00,1c" "00,1d" "00,1e" "00,1f" "00,20" "00,21" "02,00" "02,01" "02,02" "11,eb" "11,ec" "11,ed" "63,99") - local -a curves_ossl=("sect163k1" "sect163r1" "sect163r2" "sect193r1" "sect193r2" "sect233k1" "sect233r1" "sect239k1" "sect283k1" "sect283r1" "sect409k1" "sect409r1" "sect571k1" "sect571r1" "secp160k1" "secp160r1" "secp160r2" "secp192k1" "prime192v1" "secp224k1" "secp224r1" "secp256k1" "prime256v1" "secp384r1" "secp521r1" "brainpoolP256r1" "brainpoolP384r1" "brainpoolP512r1" "X25519" "X448" "brainpoolP256r1tls13" "brainpoolP384r1tls13" "brainpoolP512r1tls13" "MLKEM512" "MLKEM768" "MLKEM1024" "SecP256r1MLKEM768" "X25519MLKEM768" "SecP384r1MLKEM1024" "X25519Kyber768Draft00") - local -a curves_ossl_output=("K-163" "sect163r1" "B-163" "sect193r1" "sect193r2" "K-233" "B-233" "sect239k1" "K-283" "B-283" "K-409" "B-409" "K-571" "B-571" "secp160k1" "secp160r1" "secp160r2" "secp192k1" "P-192" "secp224k1" "P-224" "secp256k1" "P-256" "P-384" "P-521" "brainpoolP256r1" "brainpoolP384r1" "brainpoolP512r1" "X25519" "X448" "brainpoolP256r1tls13" "brainpoolP384r1tls13" "brainpoolP512r1tls13" "MLKEM512" "MLKEM768" "MLKEM1024" "SecP256r1MLKEM768" "X25519MLKEM768" "SecP384r1MLKEM1024" "X25519Kyber768Draft00") - local -ai curves_bits=(163 162 163 193 193 232 233 238 281 282 407 409 570 570 161 161 161 192 192 225 224 256 256 384 521 256 384 512 253 448 256 384 512 128 192 256 192 192 256 128) + local curves_hex=("00,01" "00,02" "00,03" "00,04" "00,05" "00,06" "00,07" "00,08" "00,09" "00,0a" "00,0b" "00,0c" "00,0d" "00,0e" "00,0f" "00,10" "00,11" "00,12" "00,13" "00,14" "00,15" "00,16" "00,17" "00,18" "00,19" "00,1a" "00,1b" "00,1c" "00,1d" "00,1e" "00,1f" "00,20" "00,21" "00,29" "02,00" "02,01" "02,02" "11,eb" "11,ec" "11,ed" "11,ee" "63,99") + local -a curves_ossl=("sect163k1" "sect163r1" "sect163r2" "sect193r1" "sect193r2" "sect233k1" "sect233r1" "sect239k1" "sect283k1" "sect283r1" "sect409k1" "sect409r1" "sect571k1" "sect571r1" "secp160k1" "secp160r1" "secp160r2" "secp192k1" "prime192v1" "secp224k1" "secp224r1" "secp256k1" "prime256v1" "secp384r1" "secp521r1" "brainpoolP256r1" "brainpoolP384r1" "brainpoolP512r1" "X25519" "X448" "brainpoolP256r1tls13" "brainpoolP384r1tls13" "brainpoolP512r1tls13" "curveSM2" "MLKEM512" "MLKEM768" "MLKEM1024" "SecP256r1MLKEM768" "X25519MLKEM768" "SecP384r1MLKEM1024" "curveSM2MLKEM768" "X25519Kyber768Draft00") + local -a curves_ossl_output=("K-163" "sect163r1" "B-163" "sect193r1" "sect193r2" "K-233" "B-233" "sect239k1" "K-283" "B-283" "K-409" "B-409" "K-571" "B-571" "secp160k1" "secp160r1" "secp160r2" "secp192k1" "P-192" "secp224k1" "P-224" "secp256k1" "P-256" "P-384" "P-521" "brainpoolP256r1" "brainpoolP384r1" "brainpoolP512r1" "X25519" "X448" "brainpoolP256r1tls13" "brainpoolP384r1tls13" "brainpoolP512r1tls13" "curveSM2" "MLKEM512" "MLKEM768" "MLKEM1024" "SecP256r1MLKEM768" "X25519MLKEM768" "SecP384r1MLKEM1024" "curveSM2MLKEM768" "X25519Kyber768Draft00") + local -ai curves_bits=(163 162 163 193 193 232 233 238 281 282 407 409 570 570 161 161 161 192 192 225 224 256 256 384 521 256 384 512 253 448 256 384 512 256 128 192 256 192 192 256 192 128) # Many curves have been deprecated, and RFC 8446, Appendix B.3.1.4, states # that these curves MUST NOT be offered in a TLS 1.3 ClientHello. - local -a curves_deprecated=("true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "false" "false" "false" "true" "true" "true" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false") + local -a curves_deprecated=("true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "false" "false" "false" "true" "true" "true" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false") local -a ffdhe_groups_hex=("01,00" "01,01" "01,02" "01,03" "01,04") local -a ffdhe_groups_output=("ffdhe2048" "ffdhe3072" "ffdhe4096" "ffdhe6144" "ffdhe8192") local -a supported_curve local -a sigalgs_hex=("01,01" "01,02" "01,03" "02,01" "02,02" "02,03" "03,01" "03,02" "03,03" "04,01" "04,02" "04,03" "04,20" "05,01" "05,02" "05,03" "05,20" "06,01" "06,02" "06,03" "06,20" "07,08" "08,04" "08,05" "08,06" "08,07" "08,08" "08,09" "08,0a" "08,0b" "08,1a" "08,1b" "08,1c" "09,04" "09,05" "09,06") - local -a sigalgs_strings=("RSA+MD5" "DSA+MD5" "ECDSA+MD5" "RSA+SHA1" "DSA+SHA1" "ECDSA+SHA1" "RSA+SHA224" "DSA+SHA224" "ECDSA+SHA224" "RSA+SHA256" "DSA+SHA256" "ECDSA+SHA256" "RSA+SHA256" "RSA+SHA384" "DSA+SHA384" "ECDSA+SHA384" "RSA+SHA384" "RSA+SHA512" "DSA+SHA512" "ECDSA+SHA512" "RSA+SHA512" "SM2+SM3" "RSA-PSS-RSAE+SHA256" "RSA-PSS-RSAE+SHA384" "RSA-PSS-RSAE+SHA512" "Ed25519" "Ed448" "RSA-PSS-PSS+SHA256" "RSA-PSS-PSS+SHA384" "RSA-PSS-PSS+SHA512" "ECDSA-BRAINPOOL+SHA256" "ECDSA-BRAINPOOL+SHA384" "ECDSA-BRAINPOOL+SHA512" "ML-DSA-44" "ML-DSA-65" "ML-DSA-87") + local -a sigalgs_strings=("RSA+MD5" "DSA+MD5" "ECDSA+MD5" "RSA+SHA1" "DSA+SHA1" "ECDSA+SHA1" "RSA+SHA224" "DSA+SHA224" "ECDSA+SHA224" "RSA+SHA256" "DSA+SHA256" "ECDSA+SHA256" "RSA+SHA256" "RSA+SHA384" "DSA+SHA384" "ECDSA+SHA384" "RSA+SHA384" "RSA+SHA512" "DSA+SHA512" "ECDSA+SHA512" "RSA+SHA512" "sm2sig_sm3" "RSA-PSS-RSAE+SHA256" "RSA-PSS-RSAE+SHA384" "RSA-PSS-RSAE+SHA512" "Ed25519" "Ed448" "RSA-PSS-PSS+SHA256" "RSA-PSS-PSS+SHA384" "RSA-PSS-PSS+SHA512" "ECDSA-BRAINPOOL+SHA256" "ECDSA-BRAINPOOL+SHA384" "ECDSA-BRAINPOOL+SHA512" "ML-DSA-44" "ML-DSA-65" "ML-DSA-87") local -a tls13_supported_sigalgs=("false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false") local -a tls12_supported_sigalgs=("false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false") local rsa_cipher="" ecdsa_cipher="" dss_cipher="" @@ -11023,7 +11044,7 @@ run_fs() { for (( i=0; i < TLS_NR_CIPHERS; i++ )); do fs_cipher="${TLS_CIPHER_RFC_NAME[i]}" hexc="${TLS_CIPHER_HEXCODE[i]}" - if [[ "$fs_cipher" == "TLS_DHE_"* || "$fs_cipher" == "TLS_ECDHE_"* || "${hexc:2:2}" == "13" ]] && \ + if [[ "$fs_cipher" == "TLS_DHE_"* || "$fs_cipher" == "TLS_ECDHE_"* || "${hexc:2:2}" == "13" || "$hexc" == 0x00\,0x[cC][67] ]] && \ [[ ! "$fs_cipher" =~ NULL ]] && [[ ! "$fs_cipher" =~ DES ]] && [[ ! "$fs_cipher" =~ RC4 ]] && \ [[ ! "$fs_cipher" =~ PSK ]] && { "$using_sockets" || "${TLS_CIPHER_OSSL_SUPPORTED[i]}"; }; then fs_hex_cipher_list+=", ${hexc:2:2},${hexc:7:2}" @@ -11055,7 +11076,7 @@ run_fs() { sigalg[nr_supported_ciphers]="" ossl_supported[nr_supported_ciphers]=true nr_supported_ciphers+=1 - done < <(actually_supported_osslciphers "$fs_cipher_list" "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_CCM_SHA256:TLS_AES_128_CCM_8_SHA256" "-V") + done < <(actually_supported_osslciphers "$fs_cipher_list" "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_CCM_SHA256:TLS_AES_128_CCM_8_SHA256:TLS_SM4_GCM_SM3:TLS_SM4_CCM_SM3" "-V") fi if "$using_sockets"; then @@ -11070,7 +11091,7 @@ run_fs() { fi else debugme echo $nr_supported_ciphers - debugme echo $(actually_supported_osslciphers $fs_cipher_list "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_CCM_SHA256:TLS_AES_128_CCM_8_SHA256") + debugme echo $(actually_supported_osslciphers $fs_cipher_list "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_CCM_SHA256:TLS_AES_128_CCM_8_SHA256:TLS_SM4_GCM_SM3:TLS_SM4_CCM_SM3") if [[ "$nr_supported_ciphers" -le "$CLIENT_MIN_FS" ]]; then outln prln_local_problem "You only have $nr_supported_ciphers FS ciphers on the client side " @@ -11091,7 +11112,7 @@ run_fs() { curves_list2="${curves_list2// /:}" fi curves_list1="${curves_list1// /:}" - $OPENSSL s_client $(s_client_options "-cipher $fs_cipher_list -ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_CCM_SHA256:TLS_AES_128_CCM_8_SHA256 $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") >$TMPFILE 2>$ERRFILE $TMPFILE 2>$ERRFILE /dev/null)" hash_clienthello1="${hash_clienthello1#*= }" msg_transcript="FE0000$(printf "%02x" $((${#hash_clienthello1}/2)))$hash_clienthello1$hrr$clienthello2$serverhello" @@ -13141,13 +13159,12 @@ derive-handshake-secret() { "$HAS_PKUTIL" || return 1 - if [[ "$cipher" == *SHA256 ]]; then - hash_fn="-sha256" - elif [[ "$cipher" == *SHA384 ]]; then - hash_fn="-sha384" - else - return 1 - fi + case "$cipher" in + *SHA256) hash_fn="-sha256" ;; + *SHA384) hash_fn="-sha384" ;; + *SM3) hash_fn="-sm3" ;; + *) return 1 ;; + esac if [[ ! "$tmpfile" =~ BEGIN\ HYBRID\ PRIV\ KEY ]]; then # For (EC)DH groups the server's key share is a public key. @@ -13236,6 +13253,17 @@ derive-handshake-secret() { derived_secret="1591dac5cbbf0330a4a84de9c753330e92d01f0a88214b4464972fd668049e93e52f2b16fad922fdc0584478428f282b" fi ;; + "-sm3") early_secret="a4f50a29c327e9acc4ddd4dbe32b75a6a1d77e4bbe823e3d71fdcc1a5fa52757" + if [[ "${TLS_SERVER_HELLO:8:2}" == 7F ]] && [[ 0x${TLS_SERVER_HELLO:10:2} -lt 0x14 ]]; then + # "6465726976656420736563726574" = "derived secret" + # derived_secret="$(derive-secret "$hash_fn" "$early_secret" "6465726976656420736563726574" "")" + derived_secret="e3a3bff7b0dd68bbc5323191304bc0e27c8ae0c19d10ce22649b59fe3b531edb" + else + # "64657269766564" = "derived" + # derived_secret="$(derive-secret "$hash_fn" "$early_secret" "64657269766564" "")" + derived_secret="8bf1d43b3cb61da421895be55c07b3c1f49d7af9f9c728240cee1fc8039252f4" + fi + ;; esac # The approach defined in https://datatracker.ietf.org/doc/html/draft-ietf-tls-hybrid-design @@ -13276,18 +13304,15 @@ derive-handshake-traffic-keys() { local -i hash_len key_len iv_len local handshake_traffic_secret label key iv finished="0000" - if [[ "$cipher" == *SHA256 ]]; then - hash_fn="-sha256" - hash_len=32 - elif [[ "$cipher" == *SHA384 ]]; then - hash_fn="-sha384" - hash_len=48 - else - return 1 - fi + case "$cipher" in + *SHA256) hash_fn="-sha256"; hash_len=32 ;; + *SHA384) hash_fn="-sha384"; hash_len=48 ;; + *SM3) hash_fn="-sm3"; hash_len=32 ;; + *) return 1 ;; + esac iv_len=12 case "$cipher" in - *AES_128*) key_len=16 ;; + *AES_128*|*SM4*) key_len=16 ;; *AES_256*|*CHACHA20_POLY1305*) key_len=32 ;; TLS_SHA256_SHA256) key_len=32; iv_len=32 ;; TLS_SHA384_SHA384) key_len=48; iv_len=48 ;; @@ -13341,6 +13366,9 @@ derive-master-secret() { elif [[ "$cipher" == *SHA384 ]]; then hash_fn="-sha384" zeros="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" + elif [[ "$cipher" == *SM3 ]]; then + hash_fn="-sm3" + zeros="0000000000000000000000000000000000000000000000000000000000000000" else return 1 fi @@ -13370,16 +13398,15 @@ derive-application-traffic-keys() { local -i key_len iv_len local application_traffic_secret_0 label key iv - if [[ "$cipher" == *SHA256 ]]; then - hash_fn="-sha256" - elif [[ "$cipher" == *SHA384 ]]; then - hash_fn="-sha384" - else - return 1 - fi + case "$cipher" in + *SHA256) hash_fn="-sha256" ;; + *SHA384) hash_fn="-sha384" ;; + *SM3) hash_fn="-sm3" ;; + *) return 1 ;; + esac iv_len=12 case "$cipher" in - *AES_128*) key_len=16 ;; + *AES_128*|*SM4*) key_len=16 ;; *AES_256*|*CHACHA20_POLY1305*) key_len=32 ;; TLS_SHA256_SHA256) key_len=32; iv_len=32 ;; TLS_SHA384_SHA384) key_len=48; iv_len=48 ;; @@ -13938,6 +13965,7 @@ ccm-decrypt() { case "$cipher" in *AES_128*) cipher="-aes-128-ecb" ;; *AES_256*) cipher="-aes-256-ecb" ;; + *SM4*) cipher="-sm4-ecb" ;; *) return 7 esac @@ -14006,7 +14034,7 @@ ccm-decrypt() { ccm-encrypt() { local cipher="$1" key="$2" nonce="$3" plaintext="$4" aad="$5" local -i tag_len - local ossl_cipher="-aes-128-ecb" + local ossl_cipher local ciphertext="" tag encrypted_tag local -i i i1 i2 i3 i4 local -i plaintext_len n mod_check @@ -14015,8 +14043,9 @@ ccm-encrypt() { [[ ${#nonce} -ne 24 ]] && return 7 case "$cipher" in - TLS_AES_128_CCM_SHA256) tag_len=32 ;; - TLS_AES_128_CCM_8_SHA256) tag_len=16 ;; + TLS_AES_128_CCM_SHA256) tag_len=32; ossl_cipher="-aes-128-ecb" ;; + TLS_AES_128_CCM_8_SHA256) tag_len=16; ossl_cipher="-aes-128-ecb" ;; + TLS_SM4_CCM_SM3) tag_len=32; ossl_cipher="-sm4-ecb" ;; *) return 7 esac @@ -14305,6 +14334,7 @@ gcm-decrypt() { case "$cipher" in *AES_128*) cipher="-aes-128-ecb" ;; *AES_256*) cipher="-aes-256-ecb" ;; + *SM4*) cipher="-sm4-ecb" ;; *) return 7 esac @@ -14338,6 +14368,7 @@ gcm-encrypt() { case "$1" in *AES_128*) cipher="-aes-128-ecb" ;; *AES_256*) cipher="-aes-256-ecb" ;; + *SM4*) cipher="-sm4-ecb" ;; *) return 7 esac [[ ${#3} -ne 24 ]] && return 7 @@ -14675,6 +14706,9 @@ check_tls_serverhellodone() { elif [[ "$cipher" == *SHA384 ]]; then hash_fn="-sha384" [[ $msg_len -eq 96 ]] || return 2 + elif [[ "$cipher" == *SM3 ]]; then + hash_fn="-sm3" + [[ $msg_len -eq 64 ]] || return 2 else return 2 fi @@ -15207,6 +15241,7 @@ parse_tls_serverhello() { "0019") echo -n "secp521r1" >> $TMPFILE ;; "001D") echo -n "X25519" >> $TMPFILE ;; "001E") echo -n "X448" >> $TMPFILE ;; + "0029") echo -n "curveSM2" >> $TMPFILE ;; "0100") echo -n "ffdhe2048" >> $TMPFILE ;; "0101") echo -n "ffdhe3072" >> $TMPFILE ;; "0102") echo -n "ffdhe4096" >> $TMPFILE ;; @@ -15218,6 +15253,7 @@ parse_tls_serverhello() { "11EB") echo -n "SecP256r1MLKEM768" >> $TMPFILE ;; "11EC") echo -n "X25519MLKEM768" >> $TMPFILE ;; "11ED") echo -n "SecP384r1MLKEM1024" >> $TMPFILE ;; + "11EE") echo -n "curveSM2MLKEM768" >> $TMPFILE ;; "6399") echo -n "X25519Kyber768Draft00" >> $TMPFILE ;; *) echo -n "unknown (${tls_serverhello_ascii:offset:4})" >> $TMPFILE ;; esac @@ -15309,6 +15345,7 @@ parse_tls_serverhello() { 31) dh_bits=256 ; named_curve_str="brainpoolP256r1tls13" ; named_curve_oid="06092B2403030208010107" ;; 32) dh_bits=384 ; named_curve_str="brainpoolP384r1tls13" ; named_curve_oid="06092B240303020801010B" ;; 33) dh_bits=512 ; named_curve_str="brainpoolP512r1tls13" ; named_curve_oid="06092B240303020801010D" ;; + 41) dh_bits=256 ; named_curve_str="curveSM2" ; named_curve_oid="06082a811ccf5501822d" ;; 256) dh_bits=2048 ; named_curve_str="ffdhe2048" ;; 257) dh_bits=3072 ; named_curve_str="ffdhe3072" ;; 258) dh_bits=4096 ; named_curve_str="ffdhe4096" ;; @@ -15320,6 +15357,7 @@ parse_tls_serverhello() { 4587) dh_bits=192 ; named_curve_str="SecP256r1MLKEM768" ;; 4588) dh_bits=192 ; named_curve_str="X25519MLKEM768" ;; 4589) dh_bits=256 ; named_curve_str="SecP384r1MLKEM1024" ;; + 4590) dh_bits=192 ; named_curve_str="curveSM2MLKEM768" ;; 25497) dh_bits=128 ; named_curve_str="X25519Kyber768Draft00" ;; *) named_curve_str="" ; named_curve_oid="" ;; esac @@ -15426,6 +15464,26 @@ parse_tls_serverhello() { key_bitstring+="--END HYBRID CIPHERTEXT--" fi fi + elif [[ $named_curve -eq 4590 ]]; then + # The server's key share is the concatenation of a curveSM2 public key and a ML-KEM-768 ciphertext + if [[ $msg_len -ne 2306 ]]; then + debugme tmln_warning "Malformed key share extension." + [[ $DEBUG -ge 1 ]] && tmpfile_handle ${FUNCNAME[0]}.txt + return 1 + fi + if [[ ! "$OSSL_SUPPORTED_CURVES" =~ MLKEM ]]; then + debugme prln_warning "Your $OPENSSL doesn't support ML-KEM" + else + key_bitstring="3059301306072a8648ce3d020106082a811ccf5501822d034200${tls_serverhello_ascii:offset:130}" + key_bitstring="$(hex2binary "$key_bitstring" | $OPENSSL pkey -pubin -inform DER 2>$ERRFILE)" + if [[ -z "$key_bitstring" ]]; then + debugme prln_warning "Your $OPENSSL doesn't support curveSM2" + else + key_bitstring="--BEGIN HYBRID CIPHERTEXT--${key_bitstring}" + key_bitstring+="-----BEGIN CIPHERTEXT------${tls_serverhello_ascii:$((offset+130)):2176}-----END CIPHERTEXT------" + key_bitstring+="--END HYBRID CIPHERTEXT--" + fi + fi fi if [[ -n "$key_bitstring" ]] && [[ ! "$key_bitstring" =~ BEGIN ]]; then key_bitstring="$(hex2binary "$key_bitstring" | $OPENSSL pkey -pubin -inform DER 2>$ERRFILE)" @@ -16055,6 +16113,10 @@ parse_tls_serverhello() { [[ $DEBUG -ge 3 ]] && echo -e " Peer signing digest: $peering_signing_digest" echo "Peer signature type: $peer_signature_type" >> $TMPFILE [[ $DEBUG -ge 3 ]] && echo -e " Peer signature type: $peer_signature_type\n" + elif [[ 0x$peering_signing_digest -eq 7 ]] && [[ 0x$peer_signature_type -eq 8 ]]; then + peer_signature_type="sm2sig_sm3" + echo "Peer signature type: $peer_signature_type" >> $TMPFILE + [[ $DEBUG -ge 3 ]] && echo -e " Peer signature type: $peer_signature_type\n" elif [[ 0x$peering_signing_digest -eq 9 ]] && \ [[ 0x$peer_signature_type -ge 4 ]] && [[ 0x$peer_signature_type -le 6 ]]; then case $peer_signature_type in @@ -16396,10 +16458,10 @@ prepare_tls_clienthello() { else extension_signature_algorithms=" 00, 0d, # Type: signature_algorithms , see RFC 8446 - 00, 28, 00, 26, # lengths + 00, 2a, 00, 28, # lengths 04,03, 05,03, 06,03, 08,04, 08,05, 08,06, 04,01, 05,01, 06,01, 08,09, 08,0a, 08,0b, 08,07, 08,08, 02,01, 02,03, - 09,04, 09,05, 09,06" + 07,08, 09,04, 09,05, 09,06" fi extension_heartbeat=" @@ -16430,10 +16492,10 @@ prepare_tls_clienthello() { # regardless of whether testssl.sh can decrypt the response. extension_supported_groups=" 00,0a, # Type: Supported Groups, see RFC 8446 - 00,24, 00,22, # lengths + 00,28, 00,26, # lengths 00,1d, 00,17, 00,1e, 00,18, 00,19, 00,1f, 00,20, 00,21, 01,00, 01,01, 02,00, 02,01, 02,02, 11,eb, 11,ec, 11,ed, - 63,99" + 63,99, 00,29, 11,ee" elif [[ "$process_full" == all+ ]]; then # Since the response needs to be decrypted, only include groups that can be # decrypted using $OPENSSL. Place X25519 and X448 early in the list, if they @@ -16467,8 +16529,8 @@ prepare_tls_clienthello() { extension_supported_groups+=", 00,1d" fi ! "$HAS_X448" && extension_supported_groups+=", 00,1e" - extension_supported_groups+=", 02,00, 02,01, 02,02, 11,eb, 11,ec, 11,ed, 63,99" - extension_supported_groups="00,0a, 00,24, 00,22$extension_supported_groups" + extension_supported_groups+=", 02,00, 02,01, 02,02, 11,eb, 11,ec, 11,ed, 63,99, 00,29, 11,ee" + extension_supported_groups="00,0a, 00,28, 00,26$extension_supported_groups" fi code2network "$extension_supported_groups" @@ -16987,7 +17049,7 @@ tls_sockets() { tls_hello_ascii="${tls_hello_ascii%%140303000101}" # Check if the response is a HelloRetryRequest. - original_clienthello="160301$(printf "%04x" "${#clienthello1}")$clienthello1" + original_clienthello="160301$(printf "%04x" "$((${#clienthello1}/2))")$clienthello1" resend_if_hello_retry_request "$original_clienthello" "$tls_hello_ascii" ret=$? if [[ $ret -eq 2 ]]; then @@ -17140,6 +17202,8 @@ tls_sockets() { read -r key iv finished_key <<< "$handshake_traffic_keys" if [[ "$cipher" == *SHA256 ]]; then finished_msg="14000020$(hmac-transcript "-sha256" "$finished_key" "$msg_transcript")" + elif [[ "$cipher" == *SM3 ]]; then + finished_msg="14000020$(hmac-transcript "-sm3" "$finished_key" "$msg_transcript")" else finished_msg="14000030$(hmac-transcript "-sha384" "$finished_key" "$msg_transcript")" fi @@ -21055,7 +21119,7 @@ find_openssl_binary() { local ossl_line1="" yr="" # FIXME: At the moment curves_ossl does not include any post-quantum key-exchange # groups (e.g., MLKEM512, MLKEM768, MLKEM1024, SecP256r1MLKEM768, X25519MLKEM768, - # SecP384r1MLKEM1024). They do not need to be included since they are only + # SecP384r1MLKEM1024, curveSM2MLKEM768). They do not need to be included since they are only # supported by OpenSSL 3.5.0 (and above), and "$OPENSSL list -tls-groups" is used # instead of curves_ossl to populate $OSSL_SUPPORTED_CURVES. If newer versions of # LibreSSL include support for groups that are not in curves_ossl, then they