PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 13:11:28 +00:00
Code Issues Projects Releases Wiki Activity

TLS registry number updates from IANA

Browse Source
This commit is contained in:
dmiller
2022-08-29 22:06:37 +00:00
parent c476b640bf
commit 3df8c7d79c
2 changed files with 70 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
nselib/tls.lua
View File

@@ -44,7 +44,9 @@ TLS_CONTENTTYPE_REGISTRY = {
["alert"] = 21, ["alert"] = 21,
["handshake"] = 22, ["handshake"] = 22,
["application_data"] = 23, ["application_data"] = 23,
["heartbeat"] = 24 ["heartbeat"] = 24,
["tls12_cid"] = 25,
["ACK"] = 26,
} }
local TLS_CONTENTTYPES = tableaux.invert(TLS_CONTENTTYPE_REGISTRY) local TLS_CONTENTTYPES = tableaux.invert(TLS_CONTENTTYPE_REGISTRY)
@@ -79,6 +81,7 @@ TLS_ALERT_REGISTRY = {
["access_denied"] = 49, ["access_denied"] = 49,
["decode_error"] = 50, ["decode_error"] = 50,
["decrypt_error"] = 51, ["decrypt_error"] = 51,
["too_many_cids_requested"] = 52,
["export_restriction"] = 60, ["export_restriction"] = 60,
["protocol_version"] = 70, ["protocol_version"] = 70,
["insufficient_security"] = 71, ["insufficient_security"] = 71,
@@ -109,17 +112,22 @@ TLS_HANDSHAKETYPE_REGISTRY = {
["end_of_early_data"] = 5, ["end_of_early_data"] = 5,
["hello_retry_request"] = 6, ["hello_retry_request"] = 6,
["encrypted_extensions"] = 8, ["encrypted_extensions"] = 8,
["request_connection_id"] = 9,
["new_connection_id"] = 10,
["certificate"] = 11, ["certificate"] = 11,
["server_key_exchange"] = 12, ["server_key_exchange"] = 12,
["certificate_request"] = 13, ["certificate_request"] = 13,
["server_hello_done"] = 14, ["server_hello_done"] = 14,
["certificate_verify"] = 15, ["certificate_verify"] = 15,
["client_key_exchange"] = 16, ["client_key_exchange"] = 16,
["client_certificate_request"] = 17,
["finished"] = 20, ["finished"] = 20,
["certificate_url"] = 21, ["certificate_url"] = 21,
["certificate_status"] = 22, ["certificate_status"] = 22,
["supplemental_data"] = 23, ["supplemental_data"] = 23,
["key_update"] = 24, ["key_update"] = 24,
["compressed_certificate"] = 25,
["ekt_key"] = 26,
["next_protocol"] = 67, ["next_protocol"] = 67,
["message_hash"] = 254, ["message_hash"] = 254,
} }
@@ -135,6 +143,7 @@ COMPRESSORS = {
} }
--- ---
-- TLS Supported Groups
-- RFC 4492 section 5.1.1 "Supported Elliptic Curves Extension". -- RFC 4492 section 5.1.1 "Supported Elliptic Curves Extension".
ELLIPTIC_CURVES = { ELLIPTIC_CURVES = {
sect163k1 = 1, --deprecated sect163k1 = 1, --deprecated
@@ -236,6 +245,21 @@ SignatureSchemes = {
ecdsa_secp256r1_sha256 = 0x0403, ecdsa_secp256r1_sha256 = 0x0403,
ecdsa_secp384r1_sha384 = 0x0503, ecdsa_secp384r1_sha384 = 0x0503,
ecdsa_secp521r1_sha512 = 0x0603, ecdsa_secp521r1_sha512 = 0x0603,
-- draft-wang-tls-raw-public-key-with-ibc
eccsi_sha256 = 0x0704,
iso_ibs1 = 0x0705,
iso_ibs2 = 0x0706,
iso_chinese_ibs = 0x0707,
-- RFC8998
sm2sig_sm3 = 0x0708,
-- draft-smyshlyaev-tls13-gost-suites
gostr34102012_256a = 0x0709,
gostr34102012_256b = 0x070A,
gostr34102012_256c = 0x070B,
gostr34102012_256d = 0x070C,
gostr34102012_512a = 0x070D,
gostr34102012_512b = 0x070E,
gostr34102012_512c = 0x070F,
-- RSASSA-PSS algorithms with public key OID rsaEncryption -- RSASSA-PSS algorithms with public key OID rsaEncryption
rsa_pss_rsae_sha256 = 0x0804, rsa_pss_rsae_sha256 = 0x0804,
rsa_pss_rsae_sha384 = 0x0805, rsa_pss_rsae_sha384 = 0x0805,
@@ -247,6 +271,10 @@ SignatureSchemes = {
rsa_pss_pss_sha256 = 0x0809, rsa_pss_pss_sha256 = 0x0809,
rsa_pss_pss_sha384 = 0x080a, rsa_pss_pss_sha384 = 0x080a,
rsa_pss_pss_sha512 = 0x080b, rsa_pss_pss_sha512 = 0x080b,
-- ECC Brainpool curves
ecdsa_brainpoolP256r1tls13_sha256 = 0x081a,
ecdsa_brainpoolP384r1tls13_sha384 = 0x081b,
ecdsa_brainpoolP512r1tls13_sha512 = 0x081c,
-- Legacy algorithms -- Legacy algorithms
rsa_pkcs1_sha1 = 0x0201, rsa_pkcs1_sha1 = 0x0201,
ecdsa_sha1 = 0x0203, ecdsa_sha1 = 0x0203,
@@ -284,12 +312,25 @@ EXTENSIONS = {
["signed_certificate_timestamp"] = 18, ["signed_certificate_timestamp"] = 18,
["client_certificate_type"] = 19, ["client_certificate_type"] = 19,
["server_certificate_type"] = 20, ["server_certificate_type"] = 20,
["padding"] = 21, -- Temporary, expires 2015-03-12 ["padding"] = 21, -- rfc7685
["encrypt_then_mac"] = 22, -- rfc7366 ["encrypt_then_mac"] = 22, -- rfc7366
["extended_master_secret"] = 23, -- rfc7627 ["extended_master_secret"] = 23, -- rfc7627
["token_binding"] = 24, -- Temporary, expires 2018-02-04 ["token_binding"] = 24, -- Temporary, expires 2018-02-04
["cached_info"] = 25, -- rfc7924 ["cached_info"] = 25, -- rfc7924
["SessionTicket TLS"] = 35, ["tls_lts"] = 26, -- draft-gutmann-tls-lts
["compress_certificate"] = 27, -- rfc8879
["record_size_limit"] = 28, -- rfc8449
["pwd_protect"] = 29, -- rfc8492
["pwd_clear"] = 30, -- rfc8492
["password_salt"] = 31, -- rfc8492
["ticket_pinning"] = 32,
["tls_cert_with_extern_psk"] = 33,
["delegated_credentials"] = 34,
["TLMSP"] = 35,
["TLMSP_proxying"] = 36,
["TLMSP_delegate"] = 37,
["supported_ekt_ciphers"] = 38,
["SessionTicket TLS"] = 39,
-- TLSv1.3 -- TLSv1.3
["pre_shared_key"] = 41, ["pre_shared_key"] = 41,
["early_data"] = 42, ["early_data"] = 42,
@@ -301,6 +342,14 @@ EXTENSIONS = {
["post_handshake_auth"] = 49, ["post_handshake_auth"] = 49,
["signature_algorithms_cert"] = 50, ["signature_algorithms_cert"] = 50,
["key_share"] = 51, ["key_share"] = 51,
["transparency_info"] = 52,
["connection_id-deprecated"] = 53,
["connection_id"] = 54,
["external_id_hash"] = 55,
["external_session_id"] = 56,
["quic_transport_parameters"] = 57,
["ticket_request"] = 58,
["dnssec_chain"] = 59,
-- --
["next_protocol_negotiation"] = 13172, ["next_protocol_negotiation"] = 13172,
["renegotiation_info"] = 65281, ["renegotiation_info"] = 65281,
@@ -737,8 +786,15 @@ CIPHERS = {
["TLS_ECCPWD_WITH_AES_256_GCM_SHA384"] = 0xC0B1, -- RFC8492 ["TLS_ECCPWD_WITH_AES_256_GCM_SHA384"] = 0xC0B1, -- RFC8492
["TLS_ECCPWD_WITH_AES_128_CCM_SHA256"] = 0xC0B2, -- RFC8492 ["TLS_ECCPWD_WITH_AES_128_CCM_SHA256"] = 0xC0B2, -- RFC8492
["TLS_ECCPWD_WITH_AES_256_CCM_SHA384"] = 0xC0B3, -- RFC8492 ["TLS_ECCPWD_WITH_AES_256_CCM_SHA384"] = 0xC0B3, -- RFC8492
["TLS_AKE_WITH_NULL_SHA256"] = 0xC0B4, -- draft-camwinget-tls-ts13-macciphersuites ["TLS_AKE_WITH_NULL_SHA256"] = 0xC0B4, -- RFC9150
["TLS_AKE_WITH_NULL_SHA384"] = 0xC0B5, -- draft-camwinget-tls-ts13-macciphersuites ["TLS_AKE_WITH_NULL_SHA384"] = 0xC0B5, -- RFC9150
["TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC"] = 0xC100, -- RFC9189
["TLS_GOSTR341112_256_WITH_MAGMA_CTR_OMAC"] = 0xC101, -- RFC9189
["TLS_GOSTR341112_256_WITH_28147_CNT_IMIT"] = 0xC102, -- RFC9189
["TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_L"] = 0xC103, -- draft-smyshlyaev-tls13-gost-suites
["TLS_GOSTR341112_256_WITH_MAGMA_MGM_L"] = 0xC104, -- draft-smyshlyaev-tls13-gost-suites
["TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_S"] = 0xC105, -- draft-smyshlyaev-tls13-gost-suites
["TLS_GOSTR341112_256_WITH_MAGMA_MGM_S"] = 0xC106, -- draft-smyshlyaev-tls13-gost-suites
["TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256-draft"] = 0xCC13, -- RFC7905 superseded ["TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256-draft"] = 0xCC13, -- RFC7905 superseded
["TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256-draft"] = 0xCC14, -- RFC7905 superseded ["TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256-draft"] = 0xCC14, -- RFC7905 superseded
["TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256-draft"] = 0xCC15, -- RFC7905 superseded ["TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256-draft"] = 0xCC15, -- RFC7905 superseded

9
scripts/tls-alpn.nse
View File

@@ -185,6 +185,15 @@ action = function(host, port)
"xmpp-server", "xmpp-server",
"acme-tls/1", "acme-tls/1",
"mqtt", "mqtt",
"dot",
"ntske/1",
"sunrpc",
"h3",
"smb",
"irc",
"nntp",
"nnsp",
"doq",
-- Other sources -- Other sources
"grpc-exp", -- gRPC, see grpc.io "grpc-exp", -- gRPC, see grpc.io
} }