Adding a hex2curves util.

2025-10-31 05:45:26 +01:00 · 2020-11-28 14:04:00 +01:00
parent ea6d99fe93
commit 57ffe08dd4
4 changed files with 86 additions and 1 deletions
--- a/etc/README.md
+++ b/etc/README.md
@@ -28,6 +28,8 @@ If you want to check trust against e.g. a company internal CA you need to use ``

 * ``cipher-mapping.txt`` contains information about all of the cipher suites defined for SSL/TLS

+* ``curves-mapping.txt`` contains information about all of the eliptic curves defined by IANA
+
 * ``ca_hashes.txt`` is used for HPKP test in order to have a fast comparison with known CAs. Use
   ``~/utils/create_ca_hashes.sh`` for an update

--- a/etc/client-simulation.wiresharked.md
+++ b/etc/client-simulation.wiresharked.md
@@ -14,7 +14,7 @@ The whole process is done manually.
 * Retrieve "handshakebytes" by marking the Record Layer --> Copy --> As a hex stream.
 * Figure out "protos" and "tlsvers" by looking at the supported_versions TLS extension (43=0x002b). May work only on modern clients. Be careful as some do not list all TLS versions here (OpenSSL 1.1.1 lists only TLS 1.2/1.3 here)
 * Adjust "lowest_protocol" and "highest_protocol" accordingly.
-* Get "curves" from at the supported groups TLS extension 10 = 0x00a. Omit any GREASE.
+* For "urves" mark the supported groups TLS extension --> Copy --> As a hex stream, remove any leading GREASE ciphers (?a?a) and supply it to `~/utils/hexstream2curves.sh`
 * Retrieve "alpn" by looking at the alpn TLS extension 16 (=0x0010).
 * Review TLS extension 13 (=0x000d) whether any SHA1 signature algorithm is listed. If not "requiresSha2" is true
 * Leave "maxDhBits"/"minDhBits" and "minRsaBits"/"maxRsaBits" at -1, unless you know for sure what the client can handle
--- a/etc/curves-mapping.txt
+++ b/etc/curves-mapping.txt
@@ -0,0 +1,47 @@
+      0x00,0x00	-	NULL		TPM_ECC_NONE
+      0x00,0x01	-	sect163k1	sect163k1
+      0x00,0x02	-	sect163r1	sect163r1
+      0x00,0x03	-	sect163r2	sect163r2
+      0x00,0x04	-	sect193r1	sect193r1
+      0x00,0x05	-	sect193r2	sect193r2
+      0x00,0x06	-	sect233k1	sect233k1
+      0x00,0x07	-	sect233r1	sect233r1
+      0x00,0x08	-	sect239k1	sect239k1
+      0x00,0x09	-	sect283k1	sect283k1
+      0x00,0x0a	-	sect283r1	sect283r1
+      0x00,0x0b	-	sect409k1	sect409k1
+      0x00,0x0c	-	sect409r1	sect409r1
+      0x00,0x0d	-	sect571k1	sect571k1
+      0x00,0x0e	-	sect571r1	sect571r1
+      0x00,0x0f	-	secp160k1	secp160k1
+      0x00,0x10	-	secp160r1	secp160r1
+      0x00,0x11	-	secp160r2	secp160r2
+      0x00,0x12	-	secp192k1	secp192k1
+      0x00,0x13	-	secp192r1	secp192r1
+      0x00,0x14	-	secp224k1	secp224k1
+      0x00,0x15	-	secp224r1	secp224r1
+      0x00,0x16	-	secp256k1	secp256k1
+      0x00,0x17	-	secp256r1	secp256r1
+      0x00,0x18	-	secp384r1	secp384r1
+      0x00,0x19	-	secp521r1	secp521r1
+      0x00,0x1a   -     brainpoolP256r1	brainpoolP256r1
+      0x00,0x1b   -     brainpoolP384r1	brainpoolP384r1			
+      0x00,0x1c   -     brainpoolP512r1	brainpoolP512r1
+      0x00,0x1d   -     x25519		x25519
+      0x00,0x1e   -     x448		x448
+      0x00,0x1f   -	brainpoolP256r1tls13	brainpoolP256r1tls13
+      0x00,0x20	-	brainpoolP384r1tls13	brainpoolP384r1tls13
+      0x00,0x21   -	brainpoolP512r1tls13	brainpoolP512r1tls13
+      0x00,0x22   -     GC256A      GC256A
+      0x00,0x23   -     GC256B      GC256B
+      0x00,0x24   -     GC256C      GC256C
+      0x00,0x25   -     GC256D      GC256D
+      0x00,0x26   -     GC512A      GC512A
+      0x00,0x27   -     GC512B      GC512B
+      0x00,0x28   -     GC512C      GC512C
+      0x00,0x29	-     curveSM2	curveSM2
+      0x00,0x100  -	ffdhe2048	ffdhe2048
+      0x00,0x101  -     ffdhe3072   ffdhe3072
+      0x00,0x102  -     ffdhe4096   ffdhe4096
+      0x00,0x103  -     ffdhe6144   ffdhe6144
+      0x00,0x104  -     ffdhe8192   ffdhe8192