From 57ffe08dd4513a9183dc4b891b2506be990d918f Mon Sep 17 00:00:00 2001
From: Alexander Troost <alexander.troost@kpn.com>
Date: Sat, 28 Nov 2020 14:04:00 +0100
Subject: [PATCH] Adding a hex2curves util.

---
 etc/README.md                        |  2 ++
 etc/client-simulation.wiresharked.md |  2 +-
 etc/curves-mapping.txt               | 47 ++++++++++++++++++++++++++++
 utils/hexstream2curves.sh            | 36 +++++++++++++++++++++
 4 files changed, 86 insertions(+), 1 deletion(-)
 create mode 100644 etc/curves-mapping.txt
 create mode 100755 utils/hexstream2curves.sh

diff --git a/etc/README.md b/etc/README.md
index 3550ac5..51f1d1d 100644
--- a/etc/README.md
+++ b/etc/README.md
@@ -28,6 +28,8 @@ If you want to check trust against e.g. a company internal CA you need to use ``
 
 * ``cipher-mapping.txt`` contains information about all of the cipher suites defined for SSL/TLS
 
+* ``curves-mapping.txt`` contains information about all of the eliptic curves defined by IANA
+
 * ``ca_hashes.txt`` is used for HPKP test in order to have a fast comparison with known CAs. Use
    ``~/utils/create_ca_hashes.sh`` for an update
 
diff --git a/etc/client-simulation.wiresharked.md b/etc/client-simulation.wiresharked.md
index 60c66d9..f5a9ae9 100644
--- a/etc/client-simulation.wiresharked.md
+++ b/etc/client-simulation.wiresharked.md
@@ -14,7 +14,7 @@ The whole process is done manually.
 * Retrieve "handshakebytes" by marking the Record Layer --> Copy --> As a hex stream.
 * Figure out "protos" and "tlsvers" by looking at the supported_versions TLS extension (43=0x002b). May work only on modern clients. Be careful as some do not list all TLS versions here (OpenSSL 1.1.1 lists only TLS 1.2/1.3 here)
 * Adjust "lowest_protocol" and "highest_protocol" accordingly.
-* Get "curves" from at the supported groups TLS extension 10 = 0x00a. Omit any GREASE.
+* For "urves" mark the supported groups TLS extension --> Copy --> As a hex stream, remove any leading GREASE ciphers (?a?a) and supply it to `~/utils/hexstream2curves.sh`
 * Retrieve "alpn" by looking at the alpn TLS extension 16 (=0x0010).
 * Review TLS extension 13 (=0x000d) whether any SHA1 signature algorithm is listed. If not "requiresSha2" is true
 * Leave "maxDhBits"/"minDhBits" and "minRsaBits"/"maxRsaBits" at -1, unless you know for sure what the client can handle
diff --git a/etc/curves-mapping.txt b/etc/curves-mapping.txt
new file mode 100644
index 0000000..1b348ec
--- /dev/null
+++ b/etc/curves-mapping.txt
@@ -0,0 +1,47 @@
+      0x00,0x00	-	NULL		TPM_ECC_NONE
+      0x00,0x01	-	sect163k1	sect163k1
+      0x00,0x02	-	sect163r1	sect163r1
+      0x00,0x03	-	sect163r2	sect163r2
+      0x00,0x04	-	sect193r1	sect193r1
+      0x00,0x05	-	sect193r2	sect193r2
+      0x00,0x06	-	sect233k1	sect233k1
+      0x00,0x07	-	sect233r1	sect233r1
+      0x00,0x08	-	sect239k1	sect239k1
+      0x00,0x09	-	sect283k1	sect283k1
+      0x00,0x0a	-	sect283r1	sect283r1
+      0x00,0x0b	-	sect409k1	sect409k1
+      0x00,0x0c	-	sect409r1	sect409r1
+      0x00,0x0d	-	sect571k1	sect571k1
+      0x00,0x0e	-	sect571r1	sect571r1
+      0x00,0x0f	-	secp160k1	secp160k1
+      0x00,0x10	-	secp160r1	secp160r1
+      0x00,0x11	-	secp160r2	secp160r2
+      0x00,0x12	-	secp192k1	secp192k1
+      0x00,0x13	-	secp192r1	secp192r1
+      0x00,0x14	-	secp224k1	secp224k1
+      0x00,0x15	-	secp224r1	secp224r1
+      0x00,0x16	-	secp256k1	secp256k1
+      0x00,0x17	-	secp256r1	secp256r1
+      0x00,0x18	-	secp384r1	secp384r1
+      0x00,0x19	-	secp521r1	secp521r1
+      0x00,0x1a   -     brainpoolP256r1	brainpoolP256r1
+      0x00,0x1b   -     brainpoolP384r1	brainpoolP384r1			
+      0x00,0x1c   -     brainpoolP512r1	brainpoolP512r1
+      0x00,0x1d   -     x25519		x25519
+      0x00,0x1e   -     x448		x448
+      0x00,0x1f   -	brainpoolP256r1tls13	brainpoolP256r1tls13
+      0x00,0x20	-	brainpoolP384r1tls13	brainpoolP384r1tls13
+      0x00,0x21   -	brainpoolP512r1tls13	brainpoolP512r1tls13
+      0x00,0x22   -     GC256A      GC256A
+      0x00,0x23   -     GC256B      GC256B
+      0x00,0x24   -     GC256C      GC256C
+      0x00,0x25   -     GC256D      GC256D
+      0x00,0x26   -     GC512A      GC512A
+      0x00,0x27   -     GC512B      GC512B
+      0x00,0x28   -     GC512C      GC512C
+      0x00,0x29	-     curveSM2	curveSM2
+      0x00,0x100  -	ffdhe2048	ffdhe2048
+      0x00,0x101  -     ffdhe3072   ffdhe3072
+      0x00,0x102  -     ffdhe4096   ffdhe4096
+      0x00,0x103  -     ffdhe6144   ffdhe6144
+      0x00,0x104  -     ffdhe8192   ffdhe8192
diff --git a/utils/hexstream2curves.sh b/utils/hexstream2curves.sh
new file mode 100755
index 0000000..f62e154
--- /dev/null
+++ b/utils/hexstream2curves.sh
@@ -0,0 +1,36 @@
+#!/bin/bash
+
+hs="$1"
+len=${#hs}
+echo "# curves: $((len/4))"
+
+mapfile="etc/curves-mapping.txt"
+[ -s $mapfile ] || mapfile="../$mapfile"
+[ -s $mapfile ] || exit 255
+
+cur=""
+first=true
+
+for ((i=0; i<len ; i+=4)); do
+	printf "%02d" "$i"
+	echo -n ": ${hs:$i:4}"
+	grepstr="0x${hs:$i:2},0x${hs:$((i+2)):2}"
+        echo -n " --> $grepstr --> "
+        cur=$(grep -i -E "^ *${grepstr}" $mapfile | awk '{ print $3 }')
+	if [[ $grepstr == 0x00,0xff ]]; then
+		echo TPM_ECC_NONE
+	else
+		echo $cur
+	fi
+	if "$first"; then
+		curves="$cur"
+		first=false
+	else
+		curves="$curves:$cur"
+	fi
+done
+
+echo
+# remove leading : because of GREASE, and trailing because of TPM_ECC_NONE
+curves="${curves%:}"
+echo ${curves#:}