From 877cbab16f7ef8e6328251213f8a674c0afa96f7 Mon Sep 17 00:00:00 2001 From: david Date: Wed, 20 Oct 2010 05:49:17 +0000 Subject: [PATCH] o [NSE] Added reporting of the type and bit size of certificate public keys to ssl-cert.nse. [Matt Selsky] --- CHANGELOG | 3 +++ nse_ssl_cert.cc | 33 +++++++++++++++++++++++++++++++++ nselib/nmap.luadoc | 1 + scripts/ssl-cert.nse | 5 +++++ 4 files changed, 42 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index 274acd2bc..7e9744d52 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,8 @@ # Nmap Changelog ($Id$); -*-text-*- +o [NSE] Added reporting of the type and bit size of certificate public + keys to ssl-cert.nse. [Matt Selsky] + o [NSE] Added the db2-discover script. This can find DB2 servers by sending a UDP broadcast. [Patrik] diff --git a/nse_ssl_cert.cc b/nse_ssl_cert.cc index 9708c8b7d..5ec14433d 100644 --- a/nse_ssl_cert.cc +++ b/nse_ssl_cert.cc @@ -372,12 +372,36 @@ static void cert_pem_to_string(lua_State *L, X509 *cert) BIO_vfree(bio); } +/* This is a helper function for l_get_ssl_certificate. It converts the + public-key type to a string on the stack. */ +static const char *pkey_type_to_string(lua_State *L, int type) +{ + switch (type) { + case EVP_PKEY_RSA: + return "rsa"; + break; + case EVP_PKEY_DSA: + return "rsa"; + break; + case EVP_PKEY_DH: + return "dh"; + break; + case EVP_PKEY_EC: + return "ec"; + break; + default: + return "unknown"; + break; + } +} + int l_get_ssl_certificate(lua_State *L) { SSL *ssl; struct cert_userdata *udata; X509 *cert; X509_NAME *subject, *issuer; + EVP_PKEY *pubkey; ssl = nse_nsock_get_ssl(L); cert = SSL_get_peer_certificate(ssl); @@ -409,6 +433,15 @@ int l_get_ssl_certificate(lua_State *L) cert_pem_to_string(L, cert); lua_setfield(L, -2, "pem"); + pubkey = X509_get_pubkey(cert); + lua_newtable(L); + lua_pushstring(L, pkey_type_to_string(L, pubkey->type)); + lua_setfield(L, -2, "type"); + lua_pushnumber(L, EVP_PKEY_bits(pubkey)); + lua_setfield(L, -2, "bits"); + lua_setfield(L, -2, "pubkey"); + EVP_PKEY_free(pubkey); + /* At this point the certificate-specific table of attributes is at the top of the stack. We give it a metatable with an __index entry that points into the global shared table of certificate functions. */ diff --git a/nselib/nmap.luadoc b/nselib/nmap.luadoc index 7655485a8..3d8ed974e 100644 --- a/nselib/nmap.luadoc +++ b/nselib/nmap.luadoc @@ -629,6 +629,7 @@ function pcap_close() -- subject = { commonName = "...", countryName = "...", -- { "2", "5", "4", "15" } = "...", ... }, -- issuer = { commonName = "...", ... }, +-- pubkey = { type = "rsa", bits = 1024 }, -- validity = { notBefore = { year = 2020, month = 5, day = 5, -- hour = 0, min = 0, sec = 0 }, -- notAfter = { year = 2021, month = 5, day = 5, diff --git a/scripts/ssl-cert.nse b/scripts/ssl-cert.nse index 9de943994..d42363b7e 100644 --- a/scripts/ssl-cert.nse +++ b/scripts/ssl-cert.nse @@ -113,6 +113,11 @@ action = function(host, port) lines[#lines + 1] = "Issuer: " .. stringify_name(cert.issuer) end + if nmap.verbosity() > 0 then + lines[#lines + 1] = "Public Key type: " .. cert.pubkey.type + lines[#lines + 1] = "Public Key bits: " .. cert.pubkey.bits + end + lines[#lines + 1] = "Not valid before: " .. date_to_string(cert.validity.notBefore) lines[#lines + 1] = "Not valid after: " ..