Correct conversion of DH key size to RSA bit strength equivalent

nselib/tls.lua

@@ -654,7 +654,7 @@ local cipher_info_cache = {
 local function unpack_dhparams (blob, pos)
   local p, g, y
   pos, p, g, y = bin.unpack(">PPP", blob)
-  return pos, {p=p, g=g, y=y}, rsa_equiv("dh", #p)
+  return pos, {p=p, g=g, y=y}, #p
 end
 
 local function unpack_ecdhparams (blob, pos)
@@ -665,7 +665,7 @@ local function unpack_ecdhparams (blob, pos)
   if eccurvetype == 1 then
     local p, a, b, base, order, cofactor
     pos, p, a, b, base, order, cofactor = bin.unpack("pppppp", blob, pos)
-    strength = rsa_equiv("ec", #p)
+    strength = #p
     ret.curve_params = {
       ec_curve_type = "explicit_prime",
       prime_p=p, curve={a=a, b=b}, base=base, order=order, cofactor=cofactor
@@ -674,7 +674,7 @@ local function unpack_ecdhparams (blob, pos)
     local p = {}
     local m, basis
     pos, m, basis = bin.unpack(">SC", blob, pos)
-    strength = rsa_equiv("ec", m)
+    strength = m
     if basis == 1 then -- ec_trinomial
       pos, p.k = bin.unpack("p", blob, pos)
     elseif basis == 2 then -- ec_pentanomial
@@ -695,7 +695,7 @@ local function unpack_ecdhparams (blob, pos)
     }
     local size = ret.curve_params.curve:match("(%d+)[rk]%d$")
     if size then
-      strength = rsa_equiv("ec", tonumber(size))
+      strength = tonumber(size)
     end
   end
   pos, ret.public = bin.unpack("p", blob, pos)
@@ -723,9 +723,9 @@ end
 -- @param bits Size of key in bits
 -- @return Size in bits of RSA key with equivalent strength
 function rsa_equiv (ktype, bits)
-  if ktype == "rsa" or ktype == "dsa" or ktype == "dh" then
+  if ktype == "rsa" or ktype == "dsa" then
     return bits
-  elseif ktype == "ec" then
+  elseif ktype == "ec" or ktype == "dh" then
     if bits < 160 then
       return 512 -- Possibly down to 0, but details not published
     elseif bits < 224 then
@@ -765,7 +765,7 @@ KEX_ALGORITHMS.DH_anon_EXPORT = {
 }
 KEX_ALGORITHMS.ECDH_anon = {
   anon=true,
-  type = "ecdh",
+  type = "ec",
   server_key_exchange = function (blob, protocol)
     local pos
     local ret = {}
@@ -776,7 +776,7 @@ KEX_ALGORITHMS.ECDH_anon = {
 KEX_ALGORITHMS.ECDH_anon_EXPORT = {
   anon=true,
   export=true,
-  type = "ecdh",
+  type = "ec",
   server_key_exchange = KEX_ALGORITHMS.ECDH_anon.server_key_exchange
 }
 
@@ -846,7 +846,7 @@ KEX_ALGORITHMS.DH_RSA_EXPORT={
 
 KEX_ALGORITHMS.ECDHE_RSA={
   pubkey="rsa",
-  type = "ecdh",
+  type = "dh",
   server_key_exchange = function (blob, protocol)
     local pos
     local ret = {}
@@ -857,7 +857,7 @@ KEX_ALGORITHMS.ECDHE_RSA={
 }
 KEX_ALGORITHMS.ECDHE_ECDSA={
   pubkey="ec",
-  type = "ecdh",
+  type = "dh",
   server_key_exchange = KEX_ALGORITHMS.ECDHE_RSA.server_key_exchange
 }
 KEX_ALGORITHMS.ECDH_ECDSA={
@@ -913,7 +913,7 @@ KEX_ALGORITHMS.PSK_DHE = KEX_ALGORITHMS.DHE_PSK
 
 --rfc5489
 KEX_ALGORITHMS.ECDHE_PSK={
-  type = "ecdh",
+  type = "dh",
   server_key_exchange = function (blob, protocol)
     local pos
     local ret = {}

scripts/ssl-enum-ciphers.nse

@@ -518,11 +518,12 @@ local function find_ciphers_group(host, port, protocol, group, scores)
               if kex.server_key_exchange and ske then
                 local kex_info = kex.server_key_exchange(ske.data)
                 if kex_info.strength then
-                  if kex_strength and kex_strength > kex_info.strength then
-                    kex_strength = kex_info.strength
+                  local rsa_bits = tls.rsa_equiv(kex.type, kex_info.strength)
+                  if kex_strength and kex_strength > rsa_bits then
+                    kex_strength = rsa_bits
                     scores.warnings["Key exchange parameters of lower strength than certificate key"] = true
                   end
-                  kex_strength = kex_strength or kex_info.strength
+                  kex_strength = kex_strength or rsa_bits
                   extra = string.format("%s %d", kex.type, kex_info.strength)
                 end
               end