Merge pull request #889 from dcooper16/run_pfs_tls13
Add TLSv1.3 support for run_pfs()
This commit is contained in:
commit
b613f3fcf0
|
@ -60,7 +60,16 @@ c0,0d, c0,03, 00,0a, 00,63, 00,15, 00,12, 00,0f, 00,0c,
|
||||||
|
|
||||||
readonly -a TLS13_KEY_SHARES=(
|
readonly -a TLS13_KEY_SHARES=(
|
||||||
"0" "1" "2" "3" "4" "5" "6" "7" "8" "9" "a" "b" "c" "d" "e" "f"
|
"0" "1" "2" "3" "4" "5" "6" "7" "8" "9" "a" "b" "c" "d" "e" "f"
|
||||||
"10" "11" "12" "13" "14" "15" "16"
|
"10" "11" "12" "13" "14"
|
||||||
|
"-----BEGIN EC PARAMETERS-----
|
||||||
|
BgUrgQQAIQ==
|
||||||
|
-----END EC PARAMETERS-----
|
||||||
|
-----BEGIN EC PRIVATE KEY-----
|
||||||
|
MGgCAQEEHC8WEqbfOOQ1MfH86LnVfxLqdZ71D8nPZPKjruCgBwYFK4EEACGhPAM6
|
||||||
|
AAR2uBbfubYkb0UkaigsichnMJNSfeh8NB1nXMHaOkW82gKLxrydB1PZfyRZwhkU
|
||||||
|
kKeLdXY4eWKxUw==
|
||||||
|
-----END EC PRIVATE KEY-----
|
||||||
|
" "16"
|
||||||
"-----BEGIN EC PARAMETERS-----
|
"-----BEGIN EC PARAMETERS-----
|
||||||
BggqhkjOPQMBBw==
|
BggqhkjOPQMBBw==
|
||||||
-----END EC PARAMETERS-----
|
-----END EC PARAMETERS-----
|
||||||
|
@ -253,3 +262,37 @@ eeSHdeSwhqaL1XjP6JXa+IEY/wXzwIMHohtw+epFwLZhg8NFxkzHUpCKLDZrEDc8
|
||||||
Y9zPgF69gpA9VpStqLAqHxBvEm4BYFoFyfw=
|
Y9zPgF69gpA9VpStqLAqHxBvEm4BYFoFyfw=
|
||||||
-----END PRIVATE KEY-----
|
-----END PRIVATE KEY-----
|
||||||
" "105" "106" "107" "108" "109" "10a" "10b" "10c" "10d" "10e" "10f" )
|
" "105" "106" "107" "108" "109" "10a" "10b" "10c" "10d" "10e" "10f" )
|
||||||
|
|
||||||
|
# Public keys corresponding to the keys in TLS13_KEY_SHARES
|
||||||
|
readonly -a TLS13_PUBLIC_KEY_SHARES=(
|
||||||
|
"0" "1" "2" "3" "4" "5" "6" "7" "8" "9" "a" "b" "c" "d" "e" "f"
|
||||||
|
"10" "11" "12" "13" "14"
|
||||||
|
"00,15,00,39,04,76,b8,16,df,b9,b6,24,6f,45,24,6a,28,2c,89,c8,67,30,93,52,7d,e8,7c,34,1d,67,5c,c1,da,3a,45,bc,da,02,8b,c6,bc,9d,07,53,d9,7f,24,59,c2,19,14,90,a7,8b,75,76,38,79,62,b1,53"
|
||||||
|
"16"
|
||||||
|
"00,17,00,41,04,24,fd,c6,a1,9c,95,62,b6,9b,39,ab,89,31,65,19,27,13,34,3c,46,ed,8d,3c,56,ec,af,15,f8,93,03,84,96,be,53,24,50,9b,c4,df,d8,b0,e7,cc,20,22,bb,0c,c5,f2,6d,0a,85,c9,68,1c,4a,29,b4,3d,96,05,49,89,95"
|
||||||
|
"00,18,00,61,04,ff,c7,bb,4d,f2,99,44,ea,06,c0,e8,3e,08,82,9d,da,b2,1e,44,bd,9c,6f,36,a7,46,43,9d,1f,70,3a,c8,72,8f,75,c9,b6,95,96,0d,ad,76,78,19,82,ea,d3,ce,d7,be,8e,fe,e4,76,46,2b,20,b5,26,2e,75,f1,01,41,a0,e1,df,3a,c9,2b,5f,71,96,88,ac,31,01,f0,77,3d,06,02,64,14,5a,0b,4a,c5,cc,54,22,9f,a0,4a,3b,ef,b9"
|
||||||
|
"00,19,00,85,04,00,7b,81,9c,ca,50,fb,7d,25,9d,df,e0,5a,b1,f0,8c,ba,d7,43,e1,30,b7,16,33,32,34,83,91,f4,71,af,45,10,d1,8b,b3,0c,dc,ec,54,fd,1a,cf,29,42,d3,a0,54,95,c0,2f,56,08,97,fb,ad,41,89,46,a9,c3,ed,fb,10,e4,6e,01,a1,ce,96,86,f4,9e,86,e6,14,d0,fb,a5,e3,74,62,09,50,b8,17,92,76,a2,b7,71,b7,4f,fe,ef,63,7d,f1,ab,d8,7f,7d,6c,e3,49,80,ee,cb,4a,9d,39,3d,76,bb,f4,21,22,f2,cc,9d,98,a6,22,1f,5a,52,2c,0c,d1,89,09,e1"
|
||||||
|
"1a" "1b" "1c"
|
||||||
|
"00,1d,00,20,ad,da,32,b8,c8,41,c6,0a,a3,cd,37,92,f3,4f,a2,4a,97,84,b4,c9,2c,54,c5,70,ab,d1,10,ea,cd,7b,6b,42"
|
||||||
|
"1e" "1f"
|
||||||
|
"20" "21" "22" "23" "24" "25" "26" "27" "28" "29" "2a" "2b" "2c" "2d" "2e" "2f"
|
||||||
|
"30" "31" "32" "33" "34" "35" "36" "37" "38" "39" "3a" "3b" "3c" "3d" "3e" "3f"
|
||||||
|
"40" "41" "42" "43" "44" "45" "46" "47" "48" "49" "4a" "4b" "4c" "4d" "4e" "4f"
|
||||||
|
"50" "51" "52" "53" "54" "55" "56" "57" "58" "59" "5a" "5b" "5c" "5d" "5e" "5f"
|
||||||
|
"60" "61" "62" "63" "64" "65" "66" "67" "68" "69" "6a" "6b" "6c" "6d" "6e" "6f"
|
||||||
|
"70" "71" "72" "73" "74" "75" "76" "77" "78" "79" "7a" "7b" "7c" "7d" "7e" "7f"
|
||||||
|
"80" "81" "82" "83" "84" "85" "86" "87" "88" "89" "8a" "8b" "8c" "8d" "8e" "8f"
|
||||||
|
"90" "91" "92" "93" "94" "95" "96" "97" "98" "99" "9a" "9b" "9c" "9d" "9e" "9f"
|
||||||
|
"a0" "a1" "a2" "a3" "a4" "a5" "a6" "a7" "a8" "a9" "aa" "ab" "ac" "ad" "ae" "af"
|
||||||
|
"b0" "b1" "b2" "b3" "b4" "b5" "b6" "b7" "b8" "b9" "ba" "bb" "bc" "bd" "be" "bf"
|
||||||
|
"c0" "c1" "c2" "c3" "c4" "c5" "c6" "c7" "c8" "c9" "ca" "cb" "cc" "cd" "ce" "cf"
|
||||||
|
"d0" "d1" "d2" "d3" "d4" "d5" "d6" "d7" "d8" "d9" "da" "db" "dc" "dd" "de" "df"
|
||||||
|
"e0" "e1" "e2" "e3" "e4" "e5" "e6" "e7" "e8" "e9" "ea" "eb" "ec" "ed" "ee" "ef"
|
||||||
|
"f0" "f1" "f2" "f3" "f4" "f5" "f6" "f7" "f8" "f9" "fa" "fb" "fc" "fd" "fe" "ff"
|
||||||
|
"01,00,01,00,95,c2,02,1f,12,e4,c6,a6,d4,d1,20,89,fa,8e,f0,86,d7,b3,dc,a0,d9,40,41,92,03,0e,84,96,52,4f,6b,82,0b,9c,7d,83,05,6a,f3,9e,bb,78,6b,64,84,0d,c6,cf,0d,b0,f6,d7,df,f4,c7,34,6c,31,2f,32,11,53,8f,95,8b,9b,d1,1b,84,e9,fc,76,89,53,e7,5b,dc,b9,8d,ad,99,d6,e5,7a,eb,51,37,ec,20,18,53,e7,b3,b0,ab,06,94,c3,d9,0f,c0,45,9b,73,d2,aa,89,ff,00,03,f3,c0,4b,df,c5,f8,35,53,86,67,dd,c8,dc,11,a4,4c,08,98,56,30,f1,63,4a,05,2c,a0,9d,a2,80,9e,28,84,27,ad,ad,3f,90,c1,03,40,fe,12,0a,73,bf,50,44,2e,7f,0e,0c,56,7c,bd,37,2f,2f,52,1a,35,37,d7,c4,c8,22,04,b1,97,61,5f,9a,f7,87,4a,ff,c7,c7,ef,01,90,15,4c,2e,75,56,a5,e7,94,f3,a6,71,e0,14,bd,0b,2c,f7,b6,19,a8,f8,7d,d0,23,58,b5,21,62,3d,96,f8,58,2f,e4,8c,b3,f5,62,74,05,00,80,3e,e9,ed,18,1d,ec,db,08,1b,3f,69,29,dd,5e,fa,e3,71,47,26,c5,ad,a8,eb,75"
|
||||||
|
"01,01,01,80,61,be,bc,aa,6f,e0,14,00,99,b8,4a,66,39,46,29,f8,2d,55,f9,c3,da,df,50,27,6b,b5,b7,a7,5a,b7,fa,71,72,99,d9,33,af,5e,5f,56,57,4a,4c,ff,43,5f,65,a5,29,ea,ed,87,55,38,23,06,66,6c,1b,d2,f8,dc,6d,c0,0e,d0,17,76,93,1b,e8,f8,b4,c3,52,e7,b4,a9,51,cd,fe,c8,62,b6,05,00,19,e2,f2,54,cd,a7,fd,38,5d,e6,a9,40,1b,a4,4d,08,b9,11,e0,65,22,5c,8a,88,48,44,6a,bb,51,a7,38,02,5b,69,7a,a3,8c,ce,44,82,59,ae,41,f8,e3,82,6c,db,6b,78,a3,38,67,3b,c4,b4,aa,f2,86,ab,a6,5e,96,d5,c4,8a,56,5c,38,4e,f8,35,10,8f,39,d0,39,7b,6c,d4,99,69,2e,78,2a,e7,90,0e,e0,09,e1,4a,ad,d5,0a,6f,41,d5,69,2a,ca,cd,84,9d,66,a1,28,d3,29,b4,ea,dd,5d,17,d5,e8,e4,48,9f,54,b3,ea,dd,e1,88,d9,2a,2d,08,ca,8f,a3,bd,93,64,b1,11,ce,13,60,a8,98,e8,8d,a7,2f,d4,0f,0d,cc,7d,28,be,68,1b,52,72,44,53,ca,f9,cc,da,e5,d2,79,59,91,52,8b,47,db,b2,12,8e,f8,26,3f,1d,ac,0f,fc,ef,c7,9c,c5,ad,7b,39,ba,49,99,bd,02,2a,88,bf,a6,c9,63,0e,e7,09,51,aa,94,b4,10,28,a3,ad,a1,4f,19,c0,f3,b2,68,a5,db,18,14,58,cb,88,86,73,8a,64,39,dc,f2,6f,83,7e,77,44,ef,c2,ba,95,f7,e3,65,a0,a3,ac,69,37,c2,a8,08,7c,e1,97,d8,b3,83,2b,db,1c,ec,51,88,aa,f8,e6,bb,31,d9,32,cd,08,1c,81,32,f8,e6,98,5b,e4,e2,16,25,eb,ac,bc,5a,23,b2,62,47,a2,93,e7,76,0f,a2"
|
||||||
|
"01,02,02,00,99,9f,91,16,8d,be,05,71,c1,35,f8,35,d1,b0,8c,46,a3,b6,b1,99,1b,0a,49,29,aa,5b,26,b0,9e,67,91,60,fe,e8,fd,cb,87,a3,5d,01,55,c2,76,fd,c8,2e,80,67,71,17,5b,97,55,53,fe,84,d4,53,47,63,39,20,2c,ff,8e,e0,20,00,c5,86,c5,76,2e,7b,f0,85,5b,93,0e,44,f5,38,7a,d6,c0,3a,36,57,06,45,91,de,86,eb,f0,63,01,bc,23,c0,75,4e,42,f3,02,5a,76,52,8a,98,c6,6a,11,7e,08,6f,2b,67,b2,5e,35,05,22,cc,13,51,a2,37,b3,5c,82,24,12,10,9e,61,85,a4,0b,59,91,97,4f,c3,4b,28,fa,c2,02,c6,76,36,53,1a,93,cd,ff,1a,11,dd,02,da,ec,a0,8e,83,26,02,f8,37,cc,68,bc,1e,11,ea,90,dd,47,54,02,0f,6e,ed,d6,86,cd,33,ef,a5,b3,e9,5a,dc,b5,81,64,5c,ff,16,d3,b7,d3,7f,ec,47,4e,fd,5c,ca,a3,a0,8d,6d,05,69,80,6b,fc,e4,22,21,4f,3f,cb,46,ad,a6,f3,24,11,68,69,78,71,30,8d,10,06,60,9d,91,9a,3f,8a,f1,af,4d,b9,6c,9c,9a,ac,71,78,04,fb,8d,27,de,a9,da,ac,31,7a,b8,a6,92,47,50,eb,24,43,75,c9,40,58,6e,a6,bb,98,64,40,54,1c,f2,4a,16,79,5b,62,ec,5c,78,3d,b3,91,a3,3a,a8,41,de,08,03,15,6c,92,e6,dd,47,5e,16,c6,ea,37,86,94,57,be,16,c2,c3,ea,92,e9,e8,f3,39,7a,7b,53,a8,c5,37,ae,98,1a,75,b4,01,67,e8,f0,1d,b2,77,23,e7,04,85,45,69,f3,1b,1b,1a,08,8d,03,41,a0,e0,07,6a,df,66,ac,c4,f2,03,e9,68,da,8e,c4,2a,1d,60,2f,ae,d5,87,54,a9,5e,6a,a4,da,a9,78,10,cc,9e,86,08,af,9e,8a,f7,f8,dd,b7,62,35,e5,7d,18,5c,de,63,2c,e3,d8,a3,66,25,9f,18,cb,75,5a,2d,fa,37,6e,8a,b5,3e,25,cd,4d,9f,2c,09,bc,df,a9,02,5d,a9,da,a6,14,af,58,a5,11,1f,8b,6b,b7,85,b3,42,5a,6f,6c,ed,df,68,f5,47,3e,f1,ac,47,1a,43,13,2e,7f,f4,21,f9,45,9b,e0,8d,ed,4c,06,87,60,2a,2d,42,db,9f,00,ea,c3,48,94,05,04,1e,fe,71,3e,17,61,6f,23,59,4c,33,af,3c,02,de,af,68"
|
||||||
|
"01,03,03,00,82,04,6b,a6,21,57,09,f0,84,a4,4f,1f,6d,02,70,8a,cc,ec,d9,f1,e3,59,1c,07,a0,58,88,8d,3a,86,dd,a9,34,9d,30,29,f3,a7,fa,c0,f0,79,de,6f,3f,61,a3,f8,49,3a,c5,89,fd,5e,5c,22,62,99,7c,02,c6,69,90,83,dc,c3,9f,c4,d3,8f,99,af,23,90,ba,54,fa,c2,97,8f,a0,e8,65,d2,e7,48,6d,55,2f,f4,80,d1,a6,82,2c,52,e7,a7,1e,34,99,8b,af,64,ef,e2,9e,53,12,98,28,6a,a8,22,01,34,9e,26,46,70,14,28,36,1d,c0,73,b7,cc,48,1f,a9,9c,50,e3,bf,46,c2,c8,29,e1,ab,20,2b,52,db,ec,7a,64,22,66,af,22,7c,77,ec,3d,16,00,8d,5a,0b,4c,03,52,dc,8f,61,8e,06,cc,b0,d2,48,c7,0e,4f,8a,0c,fd,6d,36,eb,a0,48,57,85,35,13,bd,c1,64,2f,d8,7a,7e,07,88,1c,e3,dd,f5,34,3c,8f,01,b0,35,df,cb,c3,b7,72,62,85,f9,74,59,e1,7f,13,17,3c,6b,06,77,30,61,1d,7d,4a,ab,9d,64,cc,ea,62,f1,22,57,dc,94,15,3e,89,61,75,14,4a,a0,de,68,07,47,f1,18,40,8e,bd,2a,c7,9d,4b,19,27,7c,67,89,af,a5,45,61,df,ef,a5,1a,79,12,6c,00,b0,91,2a,13,47,a8,24,02,a8,1e,e1,33,7a,95,b9,f5,26,86,b8,c0,46,cf,b9,18,2c,92,16,f1,3c,ca,9b,1b,be,a6,0c,ae,43,0a,80,f7,71,2d,41,ab,d6,98,98,f2,c7,f0,50,cd,34,a8,f7,6c,fe,2a,ef,ba,19,ec,5a,0d,df,c8,46,b3,ed,f6,0c,b1,66,12,6d,75,e1,7e,45,7f,67,07,f4,ee,1a,a0,5e,b5,b7,83,a6,d0,57,01,9c,be,11,91,7a,cd,13,92,8a,9c,34,0d,32,26,be,9a,9c,82,6f,80,84,da,01,cd,d8,74,9d,95,b2,25,8a,aa,60,7d,83,68,ba,d5,c9,23,b6,30,e4,6b,43,01,6b,41,64,d1,a1,69,53,65,8c,19,62,db,81,fe,27,2e,d3,b8,5c,a9,f6,50,95,c6,8b,61,4e,96,d2,14,a6,26,61,48,cc,5e,07,49,9a,14,89,12,18,1c,1b,12,7b,e8,59,16,62,25,29,a2,b6,5f,04,61,a8,f3,e0,f5,6c,8e,ee,c7,79,3a,8c,3b,05,54,db,47,c1,72,7c,ce,82,c1,af,94,fd,8d,67,b7,9d,c8,62,32,5e,3c,7e,61,36,77,6d,53,8b,74,f8,92,cf,ab,e3,3c,f6,56,79,81,14,a4,72,13,c8,b8,68,0d,d6,4f,0b,4e,f8,dd,ea,c9,16,be,7d,19,25,20,37,c4,b8,72,e5,46,7c,c8,7e,32,aa,5c,17,54,24,a7,00,2a,41,a4,96,c4,89,0b,fa,26,44,e2,a3,b0,48,2e,bc,bb,d6,99,11,aa,30,bc,78,9a,1f,76,71,23,e7,69,ba,c7,b0,0b,2d,fc,20,6d,b9,1d,b2,71,14,51,2f,f9,f9,d8,d7,43,58,aa,f7,03,00,e6,5f,99,4e,1f,6b,85,16,08,87,ca,e5,d3,ce,ab,ae,80,30,79,30,40,c0,68,06,ff,82,37,9b,b5,ed,53,a8,fe,36,48,10,ee,2d,d3,63,99,04,96,85,35,07,0e,58,ec,fa,b9,e0,df,0e,9c,8f,fc,ca,12,5b,99,42,dc,09,0a,97,37,c9,69,1e,7f,10,05,b3,47,b5,52,c7,bd,f6,ca,45,f6,8d,8b,3d,54,a3,de,a9,49,aa,b3,45,1b,7e,55,96,ef,48,3b,03,7e,06,62,46,45,df,c0,fe,ea,ea,b9,c3,d3,cb,89,0a,19,5a,9f,e6,e4,ef,42,52,cb,d6,a7,b3,b6,b7,d7,31,9c,66,6a,a9,58,46,ce,7c,50,e6"
|
||||||
|
"01,04,04,00,d4,27,c9,4d,2e,03,97,86,9a,85,db,05,5c,76,5f,d0,99,0f,09,32,f1,ef,ac,c8,be,c9,05,95,0d,24,39,19,ad,be,36,51,a9,da,ef,d4,2e,76,9a,50,97,7a,40,62,5f,71,94,d4,d2,b9,b9,7d,cd,ac,d0,b5,17,15,de,1b,bc,86,f8,ed,f1,56,e2,fd,f0,fe,6a,7b,99,b5,64,3c,6b,29,05,ca,34,86,74,42,42,2c,5f,e1,9e,0f,99,9c,7d,b7,34,d5,8f,a5,df,01,d8,e8,bb,fa,f7,9c,ca,82,1e,d1,17,70,b3,2e,dc,ff,03,ba,ed,b5,6c,97,6b,61,e6,97,eb,34,3a,b7,9a,32,fe,fe,96,ed,84,75,33,15,58,5b,5d,1e,7b,c7,cb,87,cf,f9,59,c8,65,7b,d4,68,4f,2a,27,ca,e7,9f,9e,54,f8,49,8f,be,51,75,05,78,f3,ae,ac,ce,1e,e3,17,14,d7,68,ea,2f,54,ae,4a,aa,d3,5d,61,63,3d,e8,3d,ff,62,45,fa,e8,10,65,22,4e,f1,6a,98,f3,a7,45,04,4a,7d,4b,67,ff,ea,d7,f4,e0,b3,28,e6,b4,9c,87,79,24,28,f0,54,bf,98,7c,39,4e,44,6f,df,ae,4b,55,e3,af,c1,54,cc,86,a9,e2,77,0f,e4,6f,40,cd,fd,bb,d0,b1,99,82,5d,b0,db,38,13,c0,91,f6,de,d0,b1,4d,da,d2,b9,b1,db,36,78,31,00,a6,42,24,c7,d4,c3,af,8e,f5,69,63,57,4a,bd,5d,b4,16,93,53,6a,32,57,93,aa,c7,fc,d2,2c,35,68,74,af,39,c9,17,11,03,a1,dd,21,22,c7,a7,72,b5,c6,b4,9d,b9,bb,30,49,eb,eb,fc,01,7e,4b,a3,c3,7c,83,8c,cd,2d,77,55,a2,3b,92,24,ef,33,d5,ca,d7,54,f5,c6,46,ba,9a,97,14,cd,b9,c1,25,61,64,1c,ca,49,8c,76,1d,ca,bf,96,a0,1a,b5,73,ea,e2,f9,df,5e,76,f0,70,5b,91,f3,d3,84,20,22,6d,50,05,64,6c,92,32,71,72,9b,55,2e,0f,b5,f7,14,d3,a1,b0,0a,36,b1,cb,f7,38,df,82,5b,1a,63,b2,d5,17,de,20,d3,76,a3,e2,de,de,0b,bd,e8,43,62,6a,0b,f1,1f,e8,76,c6,a1,ab,cd,20,08,2c,86,30,75,3e,34,ae,66,0c,87,a0,1c,7a,3b,4b,63,1c,5c,96,56,0a,e3,7f,4e,c5,60,33,85,a6,58,f1,91,5c,24,e0,e2,8f,17,0d,51,6c,4f,e9,9f,4b,23,b0,4a,f6,3c,a4,ac,d0,73,ed,0c,e6,5c,d1,94,08,1a,1b,89,dc,b0,5b,3d,d5,72,24,90,6c,c2,ca,9d,41,be,a1,85,c7,ec,e5,42,1b,d1,9b,b3,73,7b,30,67,ec,90,93,6e,06,6f,07,7b,86,30,4e,4e,90,28,2a,50,75,41,24,4f,3f,1b,52,85,24,0b,54,31,c7,37,95,8d,a4,72,b7,0d,4b,0e,6c,bf,c9,5f,e1,98,a0,e4,dd,ca,22,b6,d0,7e,2f,3b,ca,ed,3f,ea,0e,26,f2,d8,48,1a,5c,62,4d,d3,34,25,59,60,3b,97,b0,96,b8,5e,35,0a,2e,1c,e4,a3,52,64,70,57,1f,2b,2e,70,ba,09,98,63,92,9c,d2,7f,9d,e3,30,5b,90,f5,ba,94,44,ee,7e,5c,18,f3,28,6f,93,38,51,da,04,c4,d0,1a,ba,c2,9b,62,4c,86,58,02,18,40,ac,01,84,51,4a,12,75,c4,96,70,1c,ca,9d,ca,8b,58,65,63,c0,06,88,b8,4a,9b,47,eb,46,3f,6d,42,8a,5d,30,7c,82,cd,b0,85,b9,68,7b,a0,82,78,15,dd,9a,98,ee,c8,01,81,1d,4e,90,e1,63,89,cc,87,66,71,44,a9,09,ac,91,90,ee,d6,fe,85,32,be,7c,65,34,75,50,99,e0,5d,bf,0d,2c,1f,67,78,21,5d,9d,b2,43,f3,5f,7b,b2,eb,df,c0,d2,00,53,26,ce,e9,56,a3,6b,97,ac,be,1d,69,2e,e0,62,13,2e,ac,df,6a,2c,aa,c2,80,2c,19,bb,20,e7,9e,55,1e,d5,e3,3f,fb,6f,d7,92,33,75,b9,d5,57,d2,7d,48,a8,8e,7b,cf,fe,ed,8d,4c,96,d6,c2,e5,9a,93,b2,38,d5,7f,3c,f5,ca,56,a6,2f,c6,ef,a4,e8,aa,52,78,d2,20,40,3c,43,17,14,30,94,f3,22,fe,81,4f,03,eb,36,1e,e4,ea,4a,39,aa,44,70,ab,66,ce,3d,6a,f6,6a,ea,dc,e9,de,52,8b,e0,d3,cc,79,19,c3,8d,f4,d2,80,d2,18,05,7c,48,05,f8,64,94,b0,b0,06,11,95,c4,e3,70,02,24,6e,e7,38,40,99,d4,89,7d,9a,cf,71,a1,6c,05,03,1f,4a,7b,47,23,77,a3,01,93,10,77,f8,53,08,52,8d,b6,de,e7,a5,89,25,9f,a8,7f,97,5f,f2,a0,fd,a5,bb,6b,0e,ca,44,85,97,3c,88,6f,f1,71,38,ae,30,26,1c,e4,b3,bd,1c,c0,f5,6e,08,0c,6b,bb,70,26,1a,e0,9f,f8,73,fb,54,e2,fe,ed,e8,56"
|
||||||
|
"105" "106" "107" "108" "109" "10a" "10b" "10c" "10d" "10e" "10f" )
|
||||||
|
|
||||||
|
|
243
testssl.sh
243
testssl.sh
|
@ -1393,7 +1393,7 @@ string_to_asciihex() {
|
||||||
|
|
||||||
# Adjust options to $OPENSSL s_client based on OpenSSL version and protocol version
|
# Adjust options to $OPENSSL s_client based on OpenSSL version and protocol version
|
||||||
s_client_options() {
|
s_client_options() {
|
||||||
local options="$1"
|
local options=" $1"
|
||||||
local ciphers
|
local ciphers
|
||||||
|
|
||||||
# Don't include the -servername option for an SSLv2 or SSLv3 ClientHello.
|
# Don't include the -servername option for an SSLv2 or SSLv3 ClientHello.
|
||||||
|
@ -7084,10 +7084,11 @@ get_san_dns_from_cert() {
|
||||||
run_pfs() {
|
run_pfs() {
|
||||||
local -i sclient_success
|
local -i sclient_success
|
||||||
local pfs_offered=false ecdhe_offered=false ffdhe_offered=false
|
local pfs_offered=false ecdhe_offered=false ffdhe_offered=false
|
||||||
local hexc dash pfs_cipher sslvers auth mac export curve dhlen
|
local pfs_tls13_offered=false
|
||||||
|
local protos_to_try proto hexc dash pfs_cipher sslvers auth mac export curve dhlen
|
||||||
local -a hexcode normalized_hexcode ciph rfc_ciph kx enc ciphers_found sigalg ossl_supported
|
local -a hexcode normalized_hexcode ciph rfc_ciph kx enc ciphers_found sigalg ossl_supported
|
||||||
# generated from 'kEECDH:kEDH:!aNULL:!eNULL:!DES:!3DES:!RC4' with openssl 1.0.2i and openssl 1.1.0
|
# generated from 'kEECDH:kEDH:!aNULL:!eNULL:!DES:!3DES:!RC4' with openssl 1.0.2i and openssl 1.1.0
|
||||||
local pfs_cipher_list="DHE-DSS-AES128-GCM-SHA256:DHE-DSS-AES128-SHA256:DHE-DSS-AES128-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-DSS-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-DSS-CAMELLIA128-SHA256:DHE-DSS-CAMELLIA128-SHA:DHE-DSS-CAMELLIA256-SHA256:DHE-DSS-CAMELLIA256-SHA:DHE-DSS-SEED-SHA:DHE-RSA-AES128-CCM8:DHE-RSA-AES128-CCM:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-CCM8:DHE-RSA-AES256-CCM:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA128-SHA256:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA256:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-CHACHA20-POLY1305-OLD:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-SEED-SHA:ECDHE-ECDSA-AES128-CCM8:ECDHE-ECDSA-AES128-CCM:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-AES256-CCM:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-CAMELLIA128-SHA256:ECDHE-ECDSA-CAMELLIA256-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-CAMELLIA128-SHA256:ECDHE-RSA-CAMELLIA256-SHA384:ECDHE-RSA-CHACHA20-POLY1305-OLD:ECDHE-RSA-CHACHA20-POLY1305"
|
local pfs_cipher_list="TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-CCM-SHA256:TLS13-AES-128-CCM-8-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-DSS-AES128-SHA256:DHE-DSS-AES128-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-DSS-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-DSS-CAMELLIA128-SHA256:DHE-DSS-CAMELLIA128-SHA:DHE-DSS-CAMELLIA256-SHA256:DHE-DSS-CAMELLIA256-SHA:DHE-DSS-SEED-SHA:DHE-RSA-AES128-CCM8:DHE-RSA-AES128-CCM:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-CCM8:DHE-RSA-AES256-CCM:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA128-SHA256:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA256:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-CHACHA20-POLY1305-OLD:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-SEED-SHA:ECDHE-ECDSA-AES128-CCM8:ECDHE-ECDSA-AES128-CCM:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-AES256-CCM:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-CAMELLIA128-SHA256:ECDHE-ECDSA-CAMELLIA256-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-CAMELLIA128-SHA256:ECDHE-RSA-CAMELLIA256-SHA384:ECDHE-RSA-CHACHA20-POLY1305-OLD:ECDHE-RSA-CHACHA20-POLY1305"
|
||||||
local pfs_hex_cipher_list="" ciphers_to_test
|
local pfs_hex_cipher_list="" ciphers_to_test
|
||||||
local ecdhe_cipher_list="" ecdhe_cipher_list_hex="" ffdhe_cipher_list_hex=""
|
local ecdhe_cipher_list="" ecdhe_cipher_list_hex="" ffdhe_cipher_list_hex=""
|
||||||
local curves_hex=("00,01" "00,02" "00,03" "00,04" "00,05" "00,06" "00,07" "00,08" "00,09" "00,0a" "00,0b" "00,0c" "00,0d" "00,0e" "00,0f" "00,10" "00,11" "00,12" "00,13" "00,14" "00,15" "00,16" "00,17" "00,18" "00,19" "00,1a" "00,1b" "00,1c" "00,1d" "00,1e")
|
local curves_hex=("00,01" "00,02" "00,03" "00,04" "00,05" "00,06" "00,07" "00,08" "00,09" "00,0a" "00,0b" "00,0c" "00,0d" "00,0e" "00,0f" "00,10" "00,11" "00,12" "00,13" "00,14" "00,15" "00,16" "00,17" "00,18" "00,19" "00,1a" "00,1b" "00,1c" "00,1d" "00,1e")
|
||||||
|
@ -7120,10 +7121,10 @@ run_pfs() {
|
||||||
if "$using_sockets" || [[ $OSSL_VER_MAJOR -lt 1 ]]; then
|
if "$using_sockets" || [[ $OSSL_VER_MAJOR -lt 1 ]]; then
|
||||||
for (( i=0; i < TLS_NR_CIPHERS; i++ )); do
|
for (( i=0; i < TLS_NR_CIPHERS; i++ )); do
|
||||||
pfs_cipher="${TLS_CIPHER_RFC_NAME[i]}"
|
pfs_cipher="${TLS_CIPHER_RFC_NAME[i]}"
|
||||||
if ( [[ "$pfs_cipher" == "TLS_DHE_"* ]] || [[ "$pfs_cipher" == "TLS_ECDHE_"* ]] ) && \
|
hexc="${TLS_CIPHER_HEXCODE[i]}"
|
||||||
|
if ( [[ "$pfs_cipher" == "TLS_DHE_"* ]] || [[ "$pfs_cipher" == "TLS_ECDHE_"* ]] || [[ "${hexc:2:2}" == "13" ]] ) && \
|
||||||
[[ ! "$pfs_cipher" =~ NULL ]] && [[ ! "$pfs_cipher" =~ DES ]] && [[ ! "$pfs_cipher" =~ RC4 ]] && \
|
[[ ! "$pfs_cipher" =~ NULL ]] && [[ ! "$pfs_cipher" =~ DES ]] && [[ ! "$pfs_cipher" =~ RC4 ]] && \
|
||||||
[[ ! "$pfs_cipher" =~ PSK ]] && ( "$using_sockets" || "${TLS_CIPHER_OSSL_SUPPORTED[i]}" ); then
|
[[ ! "$pfs_cipher" =~ PSK ]] && ( "$using_sockets" || "${TLS_CIPHER_OSSL_SUPPORTED[i]}" ); then
|
||||||
hexc="${TLS_CIPHER_HEXCODE[i]}"
|
|
||||||
pfs_hex_cipher_list+=", ${hexc:2:2},${hexc:7:2}"
|
pfs_hex_cipher_list+=", ${hexc:2:2},${hexc:7:2}"
|
||||||
ciph[nr_supported_ciphers]="${TLS_CIPHER_OSSL_NAME[i]}"
|
ciph[nr_supported_ciphers]="${TLS_CIPHER_OSSL_NAME[i]}"
|
||||||
rfc_ciph[nr_supported_ciphers]="${TLS_CIPHER_RFC_NAME[i]}"
|
rfc_ciph[nr_supported_ciphers]="${TLS_CIPHER_RFC_NAME[i]}"
|
||||||
|
@ -7157,8 +7158,11 @@ run_pfs() {
|
||||||
fi
|
fi
|
||||||
export=""
|
export=""
|
||||||
|
|
||||||
if "$using_sockets"; then
|
if [[ $(has_server_protocol "tls1_3") -eq 0 ]]; then
|
||||||
tls_sockets "03" "${pfs_hex_cipher_list:2}"
|
# All TLSv1.3 cipher suites offer robust PFS.
|
||||||
|
sclient_success=0
|
||||||
|
elif "$using_sockets"; then
|
||||||
|
tls_sockets "04" "${pfs_hex_cipher_list:2}"
|
||||||
sclient_success=$?
|
sclient_success=$?
|
||||||
[[ $sclient_success -eq 2 ]] && sclient_success=0
|
[[ $sclient_success -eq 2 ]] && sclient_success=0
|
||||||
else
|
else
|
||||||
|
@ -7192,52 +7196,75 @@ run_pfs() {
|
||||||
else
|
else
|
||||||
out " "
|
out " "
|
||||||
fi
|
fi
|
||||||
while true; do
|
if "$HAS_TLS13"; then
|
||||||
ciphers_to_test=""
|
protos_to_try="-no_ssl2 -no_tls1_3"
|
||||||
for (( i=0; i < nr_supported_ciphers; i++ )); do
|
else
|
||||||
! "${ciphers_found[i]}" && "${ossl_supported[i]}" && ciphers_to_test+=":${ciph[i]}"
|
protos_to_try="-no_ssl2"
|
||||||
done
|
fi
|
||||||
[[ -z "$ciphers_to_test" ]] && break
|
|
||||||
$OPENSSL s_client $(s_client_options "-cipher "${ciphers_to_test:1}" $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") &>$TMPFILE </dev/null
|
for proto in $protos_to_try; do
|
||||||
sclient_connect_successful $? $TMPFILE || break
|
|
||||||
pfs_cipher=$(get_cipher $TMPFILE)
|
|
||||||
[[ -z "$pfs_cipher" ]] && break
|
|
||||||
for (( i=0; i < nr_supported_ciphers; i++ )); do
|
|
||||||
[[ "$pfs_cipher" == "${ciph[i]}" ]] && break
|
|
||||||
done
|
|
||||||
ciphers_found[i]=true
|
|
||||||
if "$WIDE"; then
|
|
||||||
dhlen=$(read_dhbits_from_file "$TMPFILE" quiet)
|
|
||||||
kx[i]="${kx[i]} $dhlen"
|
|
||||||
fi
|
|
||||||
"$WIDE" && "$SHOW_SIGALGO" && grep -q "\-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-" $TMPFILE && \
|
|
||||||
sigalg[i]="$(read_sigalg_from_file "$TMPFILE")"
|
|
||||||
done
|
|
||||||
if "$using_sockets"; then
|
|
||||||
while true; do
|
while true; do
|
||||||
ciphers_to_test=""
|
ciphers_to_test=""
|
||||||
for (( i=0; i < nr_supported_ciphers; i++ )); do
|
for (( i=0; i < nr_supported_ciphers; i++ )); do
|
||||||
! "${ciphers_found[i]}" && ciphers_to_test+=", ${hexcode[i]}"
|
! "${ciphers_found[i]}" && "${ossl_supported[i]}" && ciphers_to_test+=":${ciph[i]}"
|
||||||
done
|
done
|
||||||
[[ -z "$ciphers_to_test" ]] && break
|
[[ -z "$ciphers_to_test" ]] && break
|
||||||
if "$WIDE" && "$SHOW_SIGALGO"; then
|
$OPENSSL s_client $(s_client_options "$proto -cipher "${ciphers_to_test:1}" $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") &>$TMPFILE </dev/null
|
||||||
tls_sockets "03" "${ciphers_to_test:2}, 00,ff" "all"
|
sclient_connect_successful $? $TMPFILE || break
|
||||||
else
|
pfs_cipher=$(get_cipher $TMPFILE)
|
||||||
tls_sockets "03" "${ciphers_to_test:2}, 00,ff" "ephemeralkey"
|
[[ -z "$pfs_cipher" ]] && break
|
||||||
fi
|
|
||||||
sclient_success=$?
|
|
||||||
[[ $sclient_success -ne 0 ]] && [[ $sclient_success -ne 2 ]] && break
|
|
||||||
pfs_cipher=$(get_cipher "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt")
|
|
||||||
for (( i=0; i < nr_supported_ciphers; i++ )); do
|
for (( i=0; i < nr_supported_ciphers; i++ )); do
|
||||||
[[ "$pfs_cipher" == "${rfc_ciph[i]}" ]] && break
|
[[ "$pfs_cipher" == "${ciph[i]}" ]] && break
|
||||||
done
|
done
|
||||||
|
[[ $i -eq $nr_supported_ciphers ]] && break
|
||||||
ciphers_found[i]=true
|
ciphers_found[i]=true
|
||||||
|
if [[ "$pfs_cipher" == TLS13* ]]; then
|
||||||
|
pfs_tls13_offered=true
|
||||||
|
"$WIDE" && kx[i]="$(read_dhtype_from_file $TMPFILE)"
|
||||||
|
fi
|
||||||
if "$WIDE"; then
|
if "$WIDE"; then
|
||||||
dhlen=$(read_dhbits_from_file "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt" quiet)
|
dhlen=$(read_dhbits_from_file "$TMPFILE" quiet)
|
||||||
kx[i]="${kx[i]} $dhlen"
|
kx[i]="${kx[i]} $dhlen"
|
||||||
fi
|
fi
|
||||||
"$WIDE" && "$SHOW_SIGALGO" && [[ -r "$HOSTCERT" ]] && \
|
"$WIDE" && "$SHOW_SIGALGO" && grep -q "\-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-" $TMPFILE && \
|
||||||
sigalg[i]="$(read_sigalg_from_file "$HOSTCERT")"
|
sigalg[i]="$(read_sigalg_from_file "$TMPFILE")"
|
||||||
|
done
|
||||||
|
done
|
||||||
|
if "$using_sockets"; then
|
||||||
|
for proto in 04 03; do
|
||||||
|
while true; do
|
||||||
|
ciphers_to_test=""
|
||||||
|
for (( i=0; i < nr_supported_ciphers; i++ )); do
|
||||||
|
! "${ciphers_found[i]}" && ciphers_to_test+=", ${hexcode[i]}"
|
||||||
|
done
|
||||||
|
[[ -z "$ciphers_to_test" ]] && break
|
||||||
|
[[ "$proto" == "04" ]] && [[ ! "${ciphers_to_test:2}" =~ ,\ 13,[0-9a-f][0-9a-f] ]] && break
|
||||||
|
ciphers_to_test="$(strip_inconsistent_ciphers "$proto" "$ciphers_to_test")"
|
||||||
|
[[ -z "$ciphers_to_test" ]] && break
|
||||||
|
if "$WIDE" && "$SHOW_SIGALGO"; then
|
||||||
|
tls_sockets "$proto" "${ciphers_to_test:2}, 00,ff" "all"
|
||||||
|
else
|
||||||
|
tls_sockets "$proto" "${ciphers_to_test:2}, 00,ff" "ephemeralkey"
|
||||||
|
fi
|
||||||
|
sclient_success=$?
|
||||||
|
[[ $sclient_success -ne 0 ]] && [[ $sclient_success -ne 2 ]] && break
|
||||||
|
pfs_cipher=$(get_cipher "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt")
|
||||||
|
for (( i=0; i < nr_supported_ciphers; i++ )); do
|
||||||
|
[[ "$pfs_cipher" == "${rfc_ciph[i]}" ]] && break
|
||||||
|
done
|
||||||
|
[[ $i -eq $nr_supported_ciphers ]] && break
|
||||||
|
ciphers_found[i]=true
|
||||||
|
if [[ "${kx[i]}" == "Kx=any" ]]; then
|
||||||
|
pfs_tls13_offered=true
|
||||||
|
"$WIDE" && kx[i]="$(read_dhtype_from_file "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt")"
|
||||||
|
fi
|
||||||
|
if "$WIDE"; then
|
||||||
|
dhlen=$(read_dhbits_from_file "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt" quiet)
|
||||||
|
kx[i]="${kx[i]} $dhlen"
|
||||||
|
fi
|
||||||
|
"$WIDE" && "$SHOW_SIGALGO" && [[ -r "$HOSTCERT" ]] && \
|
||||||
|
sigalg[i]="$(read_sigalg_from_file "$HOSTCERT")"
|
||||||
|
done
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
for (( i=0; i < nr_supported_ciphers; i++ )); do
|
for (( i=0; i < nr_supported_ciphers; i++ )); do
|
||||||
|
@ -7250,12 +7277,12 @@ run_pfs() {
|
||||||
fi
|
fi
|
||||||
pfs_ciphers+="$pfs_cipher "
|
pfs_ciphers+="$pfs_cipher "
|
||||||
|
|
||||||
if [[ "${ciph[i]}" == "ECDHE-"* ]] || ( "$using_sockets" && [[ "${rfc_ciph[i]}" == "TLS_ECDHE_"* ]] ); then
|
if [[ "${ciph[i]}" == "ECDHE-"* ]] || [[ "${ciph[i]}" == TLS13* ]] || ( "$using_sockets" && [[ "${rfc_ciph[i]}" == "TLS_ECDHE_"* ]] ); then
|
||||||
ecdhe_offered=true
|
ecdhe_offered=true
|
||||||
ecdhe_cipher_list_hex+=", ${hexcode[i]}"
|
ecdhe_cipher_list_hex+=", ${hexcode[i]}"
|
||||||
[[ "${ciph[i]}" != "-" ]] && ecdhe_cipher_list+=":$pfs_cipher"
|
[[ "${ciph[i]}" != "-" ]] && ecdhe_cipher_list+=":$pfs_cipher"
|
||||||
fi
|
fi
|
||||||
if [[ "${ciph[i]}" == "DHE-"* ]] || ( "$using_sockets" && [[ "${rfc_ciph[i]}" == "TLS_DHE_"* ]] ); then
|
if [[ "${ciph[i]}" == "DHE-"* ]] || [[ "${ciph[i]}" == TLS13* ]] || ( "$using_sockets" && [[ "${rfc_ciph[i]}" == "TLS_DHE_"* ]] ); then
|
||||||
ffdhe_offered=true
|
ffdhe_offered=true
|
||||||
ffdhe_cipher_list_hex+=", ${hexcode[i]}"
|
ffdhe_cipher_list_hex+=", ${hexcode[i]}"
|
||||||
fi
|
fi
|
||||||
|
@ -7263,7 +7290,7 @@ run_pfs() {
|
||||||
if "$WIDE"; then
|
if "$WIDE"; then
|
||||||
neat_list "$(tolower "${normalized_hexcode[i]}")" "${ciph[i]}" "${kx[i]}" "${enc[i]}" "${ciphers_found[i]}"
|
neat_list "$(tolower "${normalized_hexcode[i]}")" "${ciph[i]}" "${kx[i]}" "${enc[i]}" "${ciphers_found[i]}"
|
||||||
if "$SHOW_EACH_C"; then
|
if "$SHOW_EACH_C"; then
|
||||||
if ${ciphers_found[i]}; then
|
if "${ciphers_found[i]}"; then
|
||||||
pr_done_best "available"
|
pr_done_best "available"
|
||||||
else
|
else
|
||||||
pr_deemphasize "not a/v"
|
pr_deemphasize "not a/v"
|
||||||
|
@ -7305,53 +7332,73 @@ run_pfs() {
|
||||||
low=$nr_curves/2; high=$nr_curves
|
low=$nr_curves/2; high=$nr_curves
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
if "$HAS_TLS13"; then
|
||||||
|
if "$pfs_tls13_offered"; then
|
||||||
|
protos_to_try="-no_ssl2 -no_tls1_3"
|
||||||
|
else
|
||||||
|
protos_to_try="-no_tls1_3"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
protos_to_try="-no_ssl2"
|
||||||
|
fi
|
||||||
|
|
||||||
|
for proto in $protos_to_try; do
|
||||||
|
while true; do
|
||||||
|
curves_to_test=""
|
||||||
|
for (( i=low; i < high; i++ )); do
|
||||||
|
"${ossl_supported[i]}" && ! "${supported_curve[i]}" && curves_to_test+=":${curves_ossl[i]}"
|
||||||
|
done
|
||||||
|
[[ -z "$curves_to_test" ]] && break
|
||||||
|
$OPENSSL s_client $(s_client_options "$proto -cipher "${ecdhe_cipher_list:1}" -curves "${curves_to_test:1}" $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") &>$TMPFILE </dev/null
|
||||||
|
sclient_connect_successful $? $TMPFILE || break
|
||||||
|
temp=$(awk -F': ' '/^Server Temp Key/ { print $2 }' "$TMPFILE")
|
||||||
|
curve_found="${temp%%,*}"
|
||||||
|
if [[ "$curve_found" == "ECDH" ]]; then
|
||||||
|
curve_found="${temp#*, }"
|
||||||
|
curve_found="${curve_found%%,*}"
|
||||||
|
fi
|
||||||
|
for (( i=low; i < high; i++ )); do
|
||||||
|
! "${supported_curve[i]}" && [[ "${curves_ossl_output[i]}" == "$curve_found" ]] && break
|
||||||
|
done
|
||||||
|
[[ $i -eq $high ]] && break
|
||||||
|
supported_curve[i]=true
|
||||||
|
done
|
||||||
|
done
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
if "$ecdhe_offered" && "$using_sockets"; then
|
||||||
|
protos_to_try="03"
|
||||||
|
"$pfs_tls13_offered" && protos_to_try="04 03"
|
||||||
|
for proto in $protos_to_try; do
|
||||||
|
if [[ "$proto" == "03" ]]; then
|
||||||
|
ecdhe_cipher_list_hex="$(strip_inconsistent_ciphers "03" "$ecdhe_cipher_list_hex")"
|
||||||
|
[[ -z "$ecdhe_cipher_list_hex" ]] && continue
|
||||||
|
fi
|
||||||
while true; do
|
while true; do
|
||||||
curves_to_test=""
|
curves_to_test=""
|
||||||
for (( i=low; i < high; i++ )); do
|
for (( i=0; i < nr_curves; i++ )); do
|
||||||
"${ossl_supported[i]}" && ! "${supported_curve[i]}" && curves_to_test+=":${curves_ossl[i]}"
|
! "${supported_curve[i]}" && curves_to_test+=", ${curves_hex[i]}"
|
||||||
done
|
done
|
||||||
[[ -z "$curves_to_test" ]] && break
|
[[ -z "$curves_to_test" ]] && break
|
||||||
$OPENSSL s_client $(s_client_options "-cipher "${ecdhe_cipher_list:1}" -curves "${curves_to_test:1}" $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") &>$TMPFILE </dev/null
|
len1=$(printf "%02x" "$((2*${#curves_to_test}/7))")
|
||||||
sclient_connect_successful $? $TMPFILE || break
|
len2=$(printf "%02x" "$((2*${#curves_to_test}/7+2))")
|
||||||
temp=$(awk -F': ' '/^Server Temp Key/ { print $2 }' "$TMPFILE")
|
tls_sockets "$proto" "${ecdhe_cipher_list_hex:2}" "ephemeralkey" "00, 0a, 00, $len2, 00, $len1, ${curves_to_test:2}"
|
||||||
|
sclient_success=$?
|
||||||
|
[[ $sclient_success -ne 0 ]] && [[ $sclient_success -ne 2 ]] && break
|
||||||
|
temp=$(awk -F': ' '/^Server Temp Key/ { print $2 }' "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt")
|
||||||
curve_found="${temp%%,*}"
|
curve_found="${temp%%,*}"
|
||||||
if [[ "$curve_found" == "ECDH" ]]; then
|
if [[ "$curve_found" == "ECDH" ]]; then
|
||||||
curve_found="${temp#*, }"
|
curve_found="${temp#*, }"
|
||||||
curve_found="${curve_found%%,*}"
|
curve_found="${curve_found%%,*}"
|
||||||
fi
|
fi
|
||||||
for (( i=low; i < high; i++ )); do
|
for (( i=0; i < nr_curves; i++ )); do
|
||||||
! "${supported_curve[i]}" && [[ "${curves_ossl_output[i]}" == "$curve_found" ]] && break
|
! "${supported_curve[i]}" && [[ "${curves_ossl_output[i]}" == "$curve_found" ]] && break
|
||||||
done
|
done
|
||||||
[[ $i -eq $high ]] && break
|
[[ $i -eq $nr_curves ]] && break
|
||||||
supported_curve[i]=true
|
supported_curve[i]=true
|
||||||
done
|
done
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
if "$ecdhe_offered" && "$using_sockets"; then
|
|
||||||
while true; do
|
|
||||||
curves_to_test=""
|
|
||||||
for (( i=0; i < nr_curves; i++ )); do
|
|
||||||
! "${supported_curve[i]}" && curves_to_test+=", ${curves_hex[i]}"
|
|
||||||
done
|
|
||||||
[[ -z "$curves_to_test" ]] && break
|
|
||||||
len1=$(printf "%02x" "$((2*${#curves_to_test}/7))")
|
|
||||||
len2=$(printf "%02x" "$((2*${#curves_to_test}/7+2))")
|
|
||||||
tls_sockets "03" "${ecdhe_cipher_list_hex:2}" "ephemeralkey" "00, 0a, 00, $len2, 00, $len1, ${curves_to_test:2}"
|
|
||||||
sclient_success=$?
|
|
||||||
[[ $sclient_success -ne 0 ]] && [[ $sclient_success -ne 2 ]] && break
|
|
||||||
temp=$(awk -F': ' '/^Server Temp Key/ { print $2 }' "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt")
|
|
||||||
curve_found="${temp%%,*}"
|
|
||||||
if [[ "$curve_found" == "ECDH" ]]; then
|
|
||||||
curve_found="${temp#*, }"
|
|
||||||
curve_found="${curve_found%%,*}"
|
|
||||||
fi
|
|
||||||
for (( i=0; i < nr_curves; i++ )); do
|
|
||||||
! "${supported_curve[i]}" && [[ "${curves_ossl_output[i]}" == "$curve_found" ]] && break
|
|
||||||
done
|
|
||||||
[[ $i -eq $nr_curves ]] && break
|
|
||||||
supported_curve[i]=true
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
if "$ecdhe_offered"; then
|
if "$ecdhe_offered"; then
|
||||||
for (( i=0; i < nr_curves; i++ )); do
|
for (( i=0; i < nr_curves; i++ )); do
|
||||||
"${supported_curve[i]}" && curves_offered+="${curves_ossl[i]} "
|
"${supported_curve[i]}" && curves_offered+="${curves_ossl[i]} "
|
||||||
|
@ -7364,18 +7411,28 @@ run_pfs() {
|
||||||
fileout "ecdhe_curves" "INFO" "Elliptic curves offered $curves_offered"
|
fileout "ecdhe_curves" "INFO" "Elliptic curves offered $curves_offered"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
outln
|
if "$using_sockets" && ( "$pfs_tls13_offered" || ( "$ffdhe_offered" && "$EXPERIMENTAL" ) ); then
|
||||||
if "$ffdhe_offered" && "$using_sockets" && "$EXPERIMENTAL"; then
|
# find out what groups from RFC 7919 are supported.
|
||||||
# Check to see whether RFC 7919 is supported (see Section 4 of RFC 7919)
|
nr_curves=0
|
||||||
tls_sockets "03" "${ffdhe_cipher_list_hex:2}" "ephemeralkey" "00, 0a, 00, 04, 00, 02, 01, fb"
|
for curve in "${ffdhe_groups_output[@]}"; do
|
||||||
sclient_success=$?
|
supported_curve[nr_curves]=false
|
||||||
if [[ $sclient_success -ne 0 ]] && [[ $sclient_success -ne 2 ]]; then
|
nr_curves+=1
|
||||||
# find out what groups from RFC 7919 are supported.
|
done
|
||||||
nr_curves=0
|
protos_to_try=""
|
||||||
for curve in "${ffdhe_groups_output[@]}"; do
|
"$pfs_tls13_offered" && protos_to_try="04"
|
||||||
supported_curve[nr_curves]=false
|
if "$ffdhe_offered" && "$EXPERIMENTAL"; then
|
||||||
nr_curves+=1
|
# Check to see whether RFC 7919 is supported (see Section 4 of RFC 7919)
|
||||||
done
|
tls_sockets "03" "${ffdhe_cipher_list_hex:2}" "ephemeralkey" "00, 0a, 00, 04, 00, 02, 01, fb"
|
||||||
|
sclient_success=$?
|
||||||
|
if [[ $sclient_success -ne 0 ]] && [[ $sclient_success -ne 2 ]]; then
|
||||||
|
if "$pfs_tls13_offered"; then
|
||||||
|
protos_to_try="04 03"
|
||||||
|
else
|
||||||
|
protos_to_try="03"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
for proto in $protos_to_try; do
|
||||||
while true; do
|
while true; do
|
||||||
curves_to_test=""
|
curves_to_test=""
|
||||||
for (( i=0; i < nr_curves; i++ )); do
|
for (( i=0; i < nr_curves; i++ )); do
|
||||||
|
@ -7384,7 +7441,7 @@ run_pfs() {
|
||||||
[[ -z "$curves_to_test" ]] && break
|
[[ -z "$curves_to_test" ]] && break
|
||||||
len1=$(printf "%02x" "$((2*${#curves_to_test}/7))")
|
len1=$(printf "%02x" "$((2*${#curves_to_test}/7))")
|
||||||
len2=$(printf "%02x" "$((2*${#curves_to_test}/7+2))")
|
len2=$(printf "%02x" "$((2*${#curves_to_test}/7+2))")
|
||||||
tls_sockets "03" "${ffdhe_cipher_list_hex:2}" "ephemeralkey" "00, 0a, 00, $len2, 00, $len1, ${curves_to_test:2}"
|
tls_sockets "$proto" "${ffdhe_cipher_list_hex:2}" "ephemeralkey" "00, 0a, 00, $len2, 00, $len1, ${curves_to_test:2}"
|
||||||
sclient_success=$?
|
sclient_success=$?
|
||||||
[[ $sclient_success -ne 0 ]] && [[ $sclient_success -ne 2 ]] && break
|
[[ $sclient_success -ne 0 ]] && [[ $sclient_success -ne 2 ]] && break
|
||||||
temp=$(awk -F': ' '/^Server Temp Key/ { print $2 }' "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt")
|
temp=$(awk -F': ' '/^Server Temp Key/ { print $2 }' "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt")
|
||||||
|
@ -7406,8 +7463,9 @@ run_pfs() {
|
||||||
outln "$curves_offered"
|
outln "$curves_offered"
|
||||||
fileout "rfc7919_groups" "INFO" "RFC 7919 DH groups offered $curves_offered"
|
fileout "rfc7919_groups" "INFO" "RFC 7919 DH groups offered $curves_offered"
|
||||||
fi
|
fi
|
||||||
fi
|
done
|
||||||
fi
|
fi
|
||||||
|
outln
|
||||||
|
|
||||||
tmpfile_handle $FUNCNAME.txt
|
tmpfile_handle $FUNCNAME.txt
|
||||||
"$using_sockets" && HAS_DH_BITS="$has_dh_bits"
|
"$using_sockets" && HAS_DH_BITS="$has_dh_bits"
|
||||||
|
@ -8764,6 +8822,7 @@ parse_tls_serverhello() {
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
case $named_curve in
|
case $named_curve in
|
||||||
|
21) dh_bits=224 ; named_curve_str="P-224" ; named_curve_oid="06052b81040021" ;;
|
||||||
23) dh_bits=256 ; named_curve_str="P-256" ; named_curve_oid="06082a8648ce3d030107" ;;
|
23) dh_bits=256 ; named_curve_str="P-256" ; named_curve_oid="06082a8648ce3d030107" ;;
|
||||||
24) dh_bits=384 ; named_curve_str="P-384" ; named_curve_oid="06052b81040022" ;;
|
24) dh_bits=384 ; named_curve_str="P-384" ; named_curve_oid="06052b81040022" ;;
|
||||||
25) dh_bits=521 ; named_curve_str="P-521" ; named_curve_oid="06052b81040023" ;;
|
25) dh_bits=521 ; named_curve_str="P-521" ; named_curve_oid="06052b81040023" ;;
|
||||||
|
@ -9840,6 +9899,8 @@ resend_if_hello_retry_request() {
|
||||||
fi
|
fi
|
||||||
[[ $DEBUG -ge 3 ]] && echo " key share: 0x${tls_hello_ascii:j:4}"
|
[[ $DEBUG -ge 3 ]] && echo " key share: 0x${tls_hello_ascii:j:4}"
|
||||||
new_key_share="$(generate_key_share_extension "000a00040002${tls_hello_ascii:j:4}" "$process_full")"
|
new_key_share="$(generate_key_share_extension "000a00040002${tls_hello_ascii:j:4}" "$process_full")"
|
||||||
|
[[ $? -ne 0 ]] && return 1
|
||||||
|
[[ -z "$new_key_share" ]] && return 1
|
||||||
new_extra_extns+="${new_key_share//,/}"
|
new_extra_extns+="${new_key_share//,/}"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
Loading…
Reference in New Issue