mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-06 08:49:45 +01:00
Add support for TLSv1.3 draft 23
This commit adds support for draft 23, which contains 2 changes that are relevant for testssl.sh. It adds a few new values for the signature_algorithms extension and it changes to extension number for the key_share extension from 40 to 51. With the change in the extension number, it is no longer possible to send a single ClientHello that works for all supported drafts of TLSv1.3. (I tried sending a ClientHello with two key share extensions, 40 and 51, but that didn't work.) So, this commit adds a test to determine_optimal_proto() to determine whether TLSv1.3 is supported and if so whether draft 23 is supported or only some earlier draft (18-22). In subsequent tests, the ClientHello uses the appropriate number for the key share (40 or 51) and specifies the appropriate draft version(s) in the supported_versions extension (either 23 or 18-22). In the case of run_protocols() the test for each draft version uses the appropriate key share extension number so that servers that support both draft 23 and an earlier draft can be detected.
This commit is contained in:
David Cooper
David Cooper
parent
b0f4253ff2
commit
7387f87597
80
testssl.sh
80
testssl.sh
@ -255,6 +255,9 @@ HEADERFILE=""
|
|||||||
HEADERVALUE=""
|
HEADERVALUE=""
|
||||||
HTTP_STATUS_CODE=""
|
HTTP_STATUS_CODE=""
|
||||||
PROTOS_OFFERED="" # this is a global to keep the info which protocol is being offered. See has_server_protocol()
|
PROTOS_OFFERED="" # this is a global to keep the info which protocol is being offered. See has_server_protocol()
|
||||||
|
KEY_SHARE_EXTN_NR="33" # The extension number for key_share was changed from 40 to 51 in TLSv1.3 draft 23. In order to
|
||||||
|
# support draft 23 in additional to earlier drafts, need to know which extension number to use.
|
||||||
|
# Note that it appears that a single ClientHello cannot advertise both draft 23 and earlier drafts.
|
||||||
TLS_EXTENSIONS=""
|
TLS_EXTENSIONS=""
|
||||||
BAD_SERVER_HELLO_CIPHER=false # reserved for cases where a ServerHello doesn't contain a cipher offered in the ClientHello
|
BAD_SERVER_HELLO_CIPHER=false # reserved for cases where a ServerHello doesn't contain a cipher offered in the ClientHello
|
||||||
GOST_STATUS_PROBLEM=false
|
GOST_STATUS_PROBLEM=false
|
||||||
@ -4242,6 +4245,7 @@ run_protocols() {
|
|||||||
local supported_no_ciph2="supported but couldn't detect a cipher"
|
local supported_no_ciph2="supported but couldn't detect a cipher"
|
||||||
local latest_supported="" # version.major and version.minor of highest version supported by the server.
|
local latest_supported="" # version.major and version.minor of highest version supported by the server.
|
||||||
local detected_version_string latest_supported_string
|
local detected_version_string latest_supported_string
|
||||||
|
local key_share_extn_nr="$KEY_SHARE_EXTN_NR"
|
||||||
local lines nr_ciphers_detected
|
local lines nr_ciphers_detected
|
||||||
local tls13_ciphers_to_test=""
|
local tls13_ciphers_to_test=""
|
||||||
local drafts_offered=""
|
local drafts_offered=""
|
||||||
@ -4612,6 +4616,7 @@ run_protocols() {
|
|||||||
outln "offered (OK)"
|
outln "offered (OK)"
|
||||||
fileout "tls1_3" "OK" "TLSv1.3 is offered"
|
fileout "tls1_3" "OK" "TLSv1.3 is offered"
|
||||||
else
|
else
|
||||||
|
KEY_SHARE_EXTN_NR="28"
|
||||||
tls_sockets "04" "$TLS13_CIPHER" "" "00, 2b, 00, 03, 02, 7f, 12"
|
tls_sockets "04" "$TLS13_CIPHER" "" "00, 2b, 00, 03, 02, 7f, 12"
|
||||||
[[ $? -eq 0 ]] && drafts_offered="draft 18"
|
[[ $? -eq 0 ]] && drafts_offered="draft 18"
|
||||||
tls_sockets "04" "$TLS13_CIPHER" "" "00, 2b, 00, 03, 02, 7f, 13"
|
tls_sockets "04" "$TLS13_CIPHER" "" "00, 2b, 00, 03, 02, 7f, 13"
|
||||||
@ -4634,11 +4639,18 @@ run_protocols() {
|
|||||||
[[ -n "$drafts_offered" ]] && drafts_offered+=", "
|
[[ -n "$drafts_offered" ]] && drafts_offered+=", "
|
||||||
drafts_offered+="draft 22"
|
drafts_offered+="draft 22"
|
||||||
fi
|
fi
|
||||||
|
KEY_SHARE_EXTN_NR="33"
|
||||||
|
tls_sockets "04" "$TLS13_CIPHER" "" "00, 2b, 00, 03, 02, 7f, 17"
|
||||||
|
if [[ $? -eq 0 ]]; then
|
||||||
|
[[ -n "$drafts_offered" ]] && drafts_offered+=", "
|
||||||
|
drafts_offered+="draft 23"
|
||||||
|
fi
|
||||||
tls_sockets "04" "$TLS13_CIPHER" "" "00, 2b, 00, 03, 02, 03, 04"
|
tls_sockets "04" "$TLS13_CIPHER" "" "00, 2b, 00, 03, 02, 03, 04"
|
||||||
if [[ $? -eq 0 ]]; then
|
if [[ $? -eq 0 ]]; then
|
||||||
[[ -n "$drafts_offered" ]] && drafts_offered+=", "
|
[[ -n "$drafts_offered" ]] && drafts_offered+=", "
|
||||||
drafts_offered+="final"
|
drafts_offered+="final"
|
||||||
fi
|
fi
|
||||||
|
KEY_SHARE_EXTN_NR="$key_share_extn_nr"
|
||||||
if [[ -n "$drafts_offered" ]]; then
|
if [[ -n "$drafts_offered" ]]; then
|
||||||
pr_done_best "offered (OK)"; outln ": $drafts_offered"
|
pr_done_best "offered (OK)"; outln ": $drafts_offered"
|
||||||
fileout "tls1_3" "OK" "TLSv1.3 offered: $drafts_offered"
|
fileout "tls1_3" "OK" "TLSv1.3 offered: $drafts_offered"
|
||||||
@ -9772,7 +9784,21 @@ parse_tls_serverhello() {
|
|||||||
0018) tls_extensions+="TLS server extension \"token binding\" (id=24), len=$extension_len\n" ;;
|
0018) tls_extensions+="TLS server extension \"token binding\" (id=24), len=$extension_len\n" ;;
|
||||||
0019) tls_extensions+="TLS server extension \"cached info\" (id=25), len=$extension_len\n" ;;
|
0019) tls_extensions+="TLS server extension \"cached info\" (id=25), len=$extension_len\n" ;;
|
||||||
0023) tls_extensions+="TLS server extension \"session ticket\" (id=35), len=$extension_len\n" ;;
|
0023) tls_extensions+="TLS server extension \"session ticket\" (id=35), len=$extension_len\n" ;;
|
||||||
0028) tls_extensions+="TLS server extension \"key share\" (id=40), len=$extension_len\n"
|
0028|0033)
|
||||||
|
# The key share extension was renumbered from 40 to 51 in TLSv1.3 draft 23 since a few
|
||||||
|
# implementations have been using 40 for the extended_random extension. Since the
|
||||||
|
# server's version may not yet have been determined, assume that both values represent the
|
||||||
|
# key share extension.
|
||||||
|
if [[ "$extension_type" == "00$KEY_SHARE_EXTN_NR" ]]; then
|
||||||
|
tls_extensions+="TLS server extension \"key share\""
|
||||||
|
else
|
||||||
|
tls_extensions+="TLS server extension \"unrecognized extension\""
|
||||||
|
fi
|
||||||
|
if [[ "$extension_type" == "0028" ]]; then
|
||||||
|
tls_extensions+=" (id=40), len=$extension_len\n"
|
||||||
|
else
|
||||||
|
tls_extensions+=" (id=51), len=$extension_len\n"
|
||||||
|
fi
|
||||||
if [[ "$process_full" == "all" ]] || [[ "$process_full" == "ephemeralkey" ]]; then
|
if [[ "$process_full" == "all" ]] || [[ "$process_full" == "ephemeralkey" ]]; then
|
||||||
if [[ $extension_len -lt 4 ]]; then
|
if [[ $extension_len -lt 4 ]]; then
|
||||||
debugme tmln_warning "Malformed key share extension."
|
debugme tmln_warning "Malformed key share extension."
|
||||||
@ -10505,7 +10531,7 @@ generate_key_share_extension() {
|
|||||||
list_len="$(printf "%04x" "$len")"
|
list_len="$(printf "%04x" "$len")"
|
||||||
len+=2
|
len+=2
|
||||||
extn_len="$(printf "%04x" "$len")"
|
extn_len="$(printf "%04x" "$len")"
|
||||||
tm_out "00,28,${extn_len:0:2},${extn_len:2:2},${list_len:0:2},${list_len:2:2}$key_shares"
|
tm_out "00,$KEY_SHARE_EXTN_NR,${extn_len:0:2},${extn_len:2:2},${list_len:0:2},${list_len:2:2}$key_shares"
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -10614,9 +10640,10 @@ socksend_tls_clienthello() {
|
|||||||
else
|
else
|
||||||
extension_signature_algorithms="
|
extension_signature_algorithms="
|
||||||
00, 0d, # Type: signature_algorithms , see draft-ietf-tls-tls13
|
00, 0d, # Type: signature_algorithms , see draft-ietf-tls-tls13
|
||||||
00, 1c, 00, 1a, # lengths
|
00, 22, 00, 20, # lengths
|
||||||
04,03, 05,03, 06,03, 08,04, 08,05, 08,06,
|
04,03, 05,03, 06,03, 08,04, 08,05, 08,06,
|
||||||
04,01, 05,01, 06,01, 08,07, 08,08, 02,01, 02,03"
|
04,01, 05,01, 06,01, 08,09, 08,0a, 08,0b,
|
||||||
|
08,07, 08,08, 02,01, 02,03"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
extension_heartbeat="
|
extension_heartbeat="
|
||||||
@ -10706,18 +10733,25 @@ socksend_tls_clienthello() {
|
|||||||
# from the one specified in $tls_low_byte to SSLv3.
|
# from the one specified in $tls_low_byte to SSLv3.
|
||||||
for (( i=0x$tls_low_byte; i >=0; i=i-1 )); do
|
for (( i=0x$tls_low_byte; i >=0; i=i-1 )); do
|
||||||
if [[ 0x$i -eq 4 ]]; then
|
if [[ 0x$i -eq 4 ]]; then
|
||||||
# FIXME: The ClientHello currently indicates support
|
# FIXME: The ClientHello currently advertises support for various
|
||||||
# for drafts 18, 19, 20, and 21 of TLSv1.3 in addition
|
# draft versions of TLSv1.3. Eventually it should only adversize
|
||||||
# to the final version of TLSv1.3. In the future, the
|
# support for the final version (0304).
|
||||||
# draft versions should be removed.
|
if [[ "$KEY_SHARE_EXTN_NR" == "33" ]]; then
|
||||||
extension_supported_versions+=", 03, 04, 7f, 16, 7f, 15, 7f, 14, 7f, 13, 7f, 12"
|
extension_supported_versions+=", 7f, 17"
|
||||||
|
else
|
||||||
|
extension_supported_versions+=", 7f, 16, 7f, 15, 7f, 14, 7f, 13, 7f, 12"
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
extension_supported_versions+=", 03, $(printf "%02x" $i)"
|
extension_supported_versions+=", 03, $(printf "%02x" $i)"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
[[ -n "$all_extensions" ]] && all_extensions+=","
|
[[ -n "$all_extensions" ]] && all_extensions+=","
|
||||||
# FIXME: Adjust the lengths ("+11" and "+9") when the draft versions of TLSv1.3 are removed.
|
# FIXME: Adjust the lengths ("+11" and "+9") when the draft versions of TLSv1.3 are removed.
|
||||||
all_extensions+="00, 2b, 00, $(printf "%02x" $((2*0x$tls_low_byte+13))), $(printf "%02x" $((2*0x$tls_low_byte+12)))$extension_supported_versions"
|
if [[ "$KEY_SHARE_EXTN_NR" == "33" ]]; then
|
||||||
|
all_extensions+="00, 2b, 00, $(printf "%02x" $((2*0x$tls_low_byte+3))), $(printf "%02x" $((2*0x$tls_low_byte+2)))$extension_supported_versions"
|
||||||
|
else
|
||||||
|
all_extensions+="00, 2b, 00, $(printf "%02x" $((2*0x$tls_low_byte+11))), $(printf "%02x" $((2*0x$tls_low_byte+10)))$extension_supported_versions"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ ! "$extra_extensions_list" =~ " 0023 " ]]; then
|
if [[ ! "$extra_extensions_list" =~ " 0023 " ]]; then
|
||||||
@ -10743,7 +10777,7 @@ socksend_tls_clienthello() {
|
|||||||
all_extensions+="$extension_supported_groups"
|
all_extensions+="$extension_supported_groups"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ -n "$extensions_key_share" ]] && [[ ! "$extra_extensions_list" =~ " 0028 " ]]; then
|
if [[ -n "$extensions_key_share" ]] && [[ ! "$extra_extensions_list" =~ " 00$KEY_SHARE_EXTN_NR " ]]; then
|
||||||
[[ -n "$all_extensions" ]] && all_extensions+=","
|
[[ -n "$all_extensions" ]] && all_extensions+=","
|
||||||
all_extensions+="$extensions_key_share"
|
all_extensions+="$extensions_key_share"
|
||||||
fi
|
fi
|
||||||
@ -10994,7 +11028,7 @@ resend_if_hello_retry_request() {
|
|||||||
# included in the next ClientHello.
|
# included in the next ClientHello.
|
||||||
j=8+$len_extn
|
j=8+$len_extn
|
||||||
new_extra_extns+="${tls_hello_ascii:i:j}"
|
new_extra_extns+="${tls_hello_ascii:i:j}"
|
||||||
elif [[ "$extn_type" == "0028" ]]; then
|
elif [[ "$extn_type" == "00$KEY_SHARE_EXTN_NR" ]]; then
|
||||||
# If the HRR includes a key_share extension, then it specifies the
|
# If the HRR includes a key_share extension, then it specifies the
|
||||||
# group to be used in the next ClientHello. So, create a key_share
|
# group to be used in the next ClientHello. So, create a key_share
|
||||||
# extension that specifies this group.
|
# extension that specifies this group.
|
||||||
@ -11035,7 +11069,7 @@ resend_if_hello_retry_request() {
|
|||||||
j=$i+6
|
j=$i+6
|
||||||
part2=$j+3
|
part2=$j+3
|
||||||
len_extn=3*$(hex2dec "${extra_extensions:j:2}${extra_extensions:part2:2}")
|
len_extn=3*$(hex2dec "${extra_extensions:j:2}${extra_extensions:part2:2}")
|
||||||
if [[ "$extn_type" != "0028" ]] && [[ "$extn_type" != "002c" ]]; then
|
if [[ "$extn_type" != "00$KEY_SHARE_EXTN_NR" ]] && [[ "$extn_type" != "002c" ]]; then
|
||||||
j=12+$len_extn
|
j=12+$len_extn
|
||||||
new_extra_extns+=",${extra_extensions:i:j}"
|
new_extra_extns+=",${extra_extensions:i:j}"
|
||||||
fi
|
fi
|
||||||
@ -15169,6 +15203,26 @@ determine_optimal_proto() {
|
|||||||
[[ $? -ne 0 ]] && exit -2
|
[[ $? -ne 0 ]] && exit -2
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# NOTE: The following code is only needed as long as draft versions of TLSv1.3 prior to draft 23
|
||||||
|
# are supported. It is used to determine whether a draft 23 or pre-draft 23 ClientHello should be
|
||||||
|
# sent.
|
||||||
|
if [[ -z "$1" ]]; then
|
||||||
|
KEY_SHARE_EXTN_NR="33"
|
||||||
|
tls_sockets "04" "$TLS13_CIPHER" "" "00, 2b, 00, 03, 02, 7f,17"
|
||||||
|
if [[ $? -eq 0 ]]; then
|
||||||
|
add_tls_offered tls1_3 yes
|
||||||
|
else
|
||||||
|
KEY_SHARE_EXTN_NR="28"
|
||||||
|
tls_sockets "04" "$TLS13_CIPHER" "" "00, 2b, 00, 0b, 0a, 7f,16, 7f,15, 7f,14, 7f,13, 7f,12"
|
||||||
|
if [[ $? -eq 0 ]]; then
|
||||||
|
add_tls_offered tls1_3 yes
|
||||||
|
else
|
||||||
|
add_tls_offered tls1_3 no
|
||||||
|
KEY_SHARE_EXTN_NR="33"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
tmpfile_handle $FUNCNAME.txt
|
tmpfile_handle $FUNCNAME.txt
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user