PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 04:31:29 +00:00
Code Issues Projects Releases Wiki Activity

Localize a few functions used often

Browse Source
This commit is contained in:
dmiller
2023-05-01 17:44:41 +00:00
parent cd135ab3e8
commit 94bbdba677
1 changed files with 39 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
nselib/tls.lua
View File

@@ -21,6 +21,9 @@ _ENV = stdnse.module("tls", stdnse.seeall)
local pack = string.pack local pack = string.pack
local unpack = string.unpack local unpack = string.unpack
local tostring = tostring
local concat = table.concat
local insert = table.insert
-- Most of the values in the tables below are from: -- Most of the values in the tables below are from:
-- http://www.iana.org/assignments/tls-parameters/ -- http://www.iana.org/assignments/tls-parameters/
@@ -374,14 +377,14 @@ EXTENSION_HELPERS = {
for _, name in ipairs(elliptic_curves) do for _, name in ipairs(elliptic_curves) do
list[#list+1] = pack(">I2", ELLIPTIC_CURVES[name]) list[#list+1] = pack(">I2", ELLIPTIC_CURVES[name])
end end
return pack(">s2", table.concat(list)) return pack(">s2", concat(list))
end, end,
["ec_point_formats"] = function (ec_point_formats) ["ec_point_formats"] = function (ec_point_formats)
local list = {} local list = {}
for _, format in ipairs(ec_point_formats) do for _, format in ipairs(ec_point_formats) do
list[#list+1] = pack(">B", EC_POINT_FORMATS[format]) list[#list+1] = pack(">B", EC_POINT_FORMATS[format])
end end
return pack(">s1", table.concat(list)) return pack(">s1", concat(list))
end, end,
["signature_algorithms"] = function(signature_algorithms) ["signature_algorithms"] = function(signature_algorithms)
local list = {} local list = {}
@@ -391,21 +394,21 @@ EXTENSION_HELPERS = {
SignatureAlgorithms[pair[2]] or pair[2] SignatureAlgorithms[pair[2]] or pair[2]
) )
end end
return pack(">s2", table.concat(list)) return pack(">s2", concat(list))
end, end,
["signature_algorithms_13"] = function (signature_schemes) ["signature_algorithms_13"] = function (signature_schemes)
local list = {} local list = {}
for _, name in ipairs(signature_schemes) do for _, name in ipairs(signature_schemes) do
list[#list+1] = pack(">I2", SignatureSchemes[name]) list[#list+1] = pack(">I2", SignatureSchemes[name])
end end
return pack(">s2", table.concat(list)) return pack(">s2", concat(list))
end, end,
["application_layer_protocol_negotiation"] = function(protocols) ["application_layer_protocol_negotiation"] = function(protocols)
local list = {} local list = {}
for _, proto in ipairs(protocols) do for _, proto in ipairs(protocols) do
list[#list+1] = pack(">s1", proto) list[#list+1] = pack(">s1", proto)
end end
return pack(">s2", table.concat(list)) return pack(">s2", concat(list))
end, end,
["next_protocol_negotiation"] = tostring, ["next_protocol_negotiation"] = tostring,
["supported_versions"] = function(versions) ["supported_versions"] = function(versions)
@@ -413,7 +416,7 @@ EXTENSION_HELPERS = {
for _, name in ipairs(versions) do for _, name in ipairs(versions) do
list[#list+1] = pack(">I2", PROTOCOLS[name]) list[#list+1] = pack(">I2", PROTOCOLS[name])
end end
return pack(">s1", table.concat(list)) return pack(">s1", concat(list))
end, end,
} }
@@ -846,7 +849,7 @@ local DEFAULT_CIPHERS = {
table.unpack(DEFAULT_TLS13_CIPHERS) table.unpack(DEFAULT_TLS13_CIPHERS)
} }
for _, c in ipairs(DEFAULT_TLS12_CIPHERS) do for _, c in ipairs(DEFAULT_TLS12_CIPHERS) do
table.insert(DEFAULT_CIPHERS, c) insert(DEFAULT_CIPHERS, c)
end end
local function find_key(t, value) local function find_key(t, value)
@@ -1312,7 +1315,7 @@ function cipher_info (c)
while tokens[i] and tokens[i] ~= "WITH" do while tokens[i] and tokens[i] ~= "WITH" do
i = i + 1 i = i + 1
end end
local kex = table.concat(tokens, "_", 2, i-1) local kex = concat(tokens, "_", 2, i-1)
info = KEX_ALGORITHMS[kex] info = KEX_ALGORITHMS[kex]
if info then if info then
info = tableaux.tcopy(info) info = tableaux.tcopy(info)
@@ -1466,7 +1469,7 @@ handshake_parse = {
local cert local cert
cert, j = unpack(">s3", buffer, j) cert, j = unpack(">s3", buffer, j)
-- parse these with sslcert.parse_ssl_certificate -- parse these with sslcert.parse_ssl_certificate
table.insert(b["certificates"], cert) insert(b["certificates"], cert)
end end
return b, j return b, j
@@ -1665,7 +1668,7 @@ end
-- @param b The record body -- @param b The record body
-- @return The SSL/TLS record as a string -- @return The SSL/TLS record as a string
function record_write(type, protocol, b) function record_write(type, protocol, b)
return table.concat({ return concat({
-- Set the header as a handshake. -- Set the header as a handshake.
pack("B", TLS_CONTENTTYPE_REGISTRY[type]), pack("B", TLS_CONTENTTYPE_REGISTRY[type]),
-- Set the protocol. -- Set the protocol.
@@ -1741,7 +1744,7 @@ function client_hello(t)
b = {} b = {}
-- Set the protocol. -- Set the protocol.
local protocol = t["protocol"] or HIGHEST_PROTOCOL local protocol = t["protocol"] or HIGHEST_PROTOCOL
table.insert(b, pack(">I2 I4", insert(b, pack(">I2 I4",
legacy_version(PROTOCOLS[protocol]), legacy_version(PROTOCOLS[protocol]),
-- Set the random data. -- Set the random data.
os.time() os.time()
@@ -1749,11 +1752,11 @@ function client_hello(t)
local record_proto = t.record_protocol local record_proto = t.record_protocol
-- Set the random data. -- Set the random data.
table.insert(b, rand.random_string(28)) insert(b, rand.random_string(28))
-- Set the session ID. -- Set the session ID.
local sid = t["session_id"] or "" local sid = t["session_id"] or ""
table.insert(b, pack(">s1", sid)) insert(b, pack(">s1", sid))
local eccpwd = false local eccpwd = false
local shangmi = false local shangmi = false
@@ -1776,12 +1779,12 @@ function client_hello(t)
cipher = CIPHERS[cipher] or SCSVS[cipher] cipher = CIPHERS[cipher] or SCSVS[cipher]
end end
if type(cipher) == "number" and cipher >= 0 and cipher <= 0xffff then if type(cipher) == "number" and cipher >= 0 and cipher <= 0xffff then
table.insert(ciphers, pack(">I2", cipher)) insert(ciphers, pack(">I2", cipher))
else else
stdnse.debug1("Unknown cipher in client_hello: %s", cipher) stdnse.debug1("Unknown cipher in client_hello: %s", cipher)
end end
end end
table.insert(b, pack(">s2", table.concat(ciphers))) insert(b, pack(">s2", concat(ciphers)))
-- Compression methods. -- Compression methods.
compressors = {} compressors = {}
@@ -1789,13 +1792,13 @@ function client_hello(t)
-- Add specified compressors. -- Add specified compressors.
for _, compressor in pairs(t["compressors"]) do for _, compressor in pairs(t["compressors"]) do
if compressor ~= "NULL" then if compressor ~= "NULL" then
table.insert(compressors, pack("B", COMPRESSORS[compressor])) insert(compressors, pack("B", COMPRESSORS[compressor]))
end end
end end
end end
-- Always include NULL as last choice -- Always include NULL as last choice
table.insert(compressors, pack("B", COMPRESSORS["NULL"])) insert(compressors, pack("B", COMPRESSORS["NULL"]))
table.insert(b, pack("s1", table.concat(compressors))) insert(b, pack("s1", concat(compressors)))
-- TLS extensions -- TLS extensions
local proto_ver = PROTOCOLS[protocol] local proto_ver = PROTOCOLS[protocol]
@@ -1812,7 +1815,7 @@ function client_hello(t)
if t.extensions then if t.extensions then
for extension, data in pairs(t["extensions"]) do for extension, data in pairs(t["extensions"]) do
if type(extension) == "number" then if type(extension) == "number" then
table.insert(extensions, pack(">I2", extension)) insert(extensions, pack(">I2", extension))
else else
if extension == "signature_algorithms" or extension == "signature_algorithms_13" then if extension == "signature_algorithms" or extension == "signature_algorithms_13" then
need_sigalg = false need_sigalg = false
@@ -1836,41 +1839,41 @@ function client_hello(t)
end end
end end
end end
table.insert(extensions, pack(">I2", EXTENSIONS[extension])) insert(extensions, pack(">I2", EXTENSIONS[extension]))
end end
table.insert(extensions, pack(">s2", data)) insert(extensions, pack(">s2", data))
end end
end end
if need_supported_versions then if need_supported_versions then
table.insert(extensions, pack(">I2", EXTENSIONS["supported_versions"])) insert(extensions, pack(">I2", EXTENSIONS["supported_versions"]))
-- We'd prefer TLS 1.2 or 1.1, since we've tested our scripts on those. -- We'd prefer TLS 1.2 or 1.1, since we've tested our scripts on those.
table.insert(extensions, pack(">s2", EXTENSION_HELPERS["supported_versions"]({"TLSv1.2", "TLSv1.1", "TLSv1.3", "SSLv3"}))) insert(extensions, pack(">s2", EXTENSION_HELPERS["supported_versions"]({"TLSv1.2", "TLSv1.1", "TLSv1.3", "SSLv3"})))
end end
if need_sigalg then if need_sigalg then
table.insert(extensions, pack(">I2", EXTENSIONS["signature_algorithms"])) insert(extensions, pack(">I2", EXTENSIONS["signature_algorithms"]))
local data = proto_ver >= PROTOCOLS["TLSv1.3"] and DEFAULT_SIGSCHEMES or DEFAULT_SIGALGS local data = proto_ver >= PROTOCOLS["TLSv1.3"] and DEFAULT_SIGSCHEMES or DEFAULT_SIGALGS
if shangmi then if shangmi then
data = pack(">s2", data:sub(3) .. pack(">I2", SignatureSchemes.sm2sig_sm3)) data = pack(">s2", data:sub(3) .. pack(">I2", SignatureSchemes.sm2sig_sm3))
end end
table.insert(extensions, pack(">s2", data)) insert(extensions, pack(">s2", data))
end end
if need_key_share then if need_key_share then
-- RFC 8446: Clients MAY send an empty client_shares vector in order to request -- RFC 8446: Clients MAY send an empty client_shares vector in order to request
-- group selection from the server, at the cost of an additional round trip -- group selection from the server, at the cost of an additional round trip
table.insert(extensions, pack(">I2", EXTENSIONS["key_share"])) insert(extensions, pack(">I2", EXTENSIONS["key_share"]))
table.insert(extensions, pack(">s2", "\0\0")) insert(extensions, pack(">s2", "\0\0"))
end end
if need_elliptic_curves then if need_elliptic_curves then
local curves = {table.unpack(DEFAULT_ELLIPTIC_CURVES)} local curves = {table.unpack(DEFAULT_ELLIPTIC_CURVES)}
if shangmi then if shangmi then
curves[#curves+1] = "curveSM2" curves[#curves+1] = "curveSM2"
end end
table.insert(extensions, pack(">I2", EXTENSIONS["elliptic_curves"])) insert(extensions, pack(">I2", EXTENSIONS["elliptic_curves"]))
table.insert(extensions, pack(">s2", EXTENSION_HELPERS["elliptic_curves"](curves))) insert(extensions, pack(">s2", EXTENSION_HELPERS["elliptic_curves"](curves)))
end end
-- Extensions are optional -- Extensions are optional
if #extensions ~= 0 then if #extensions ~= 0 then
table.insert(b, pack(">s2", table.concat(extensions))) insert(b, pack(">s2", concat(extensions)))
end end
end end
@@ -1878,15 +1881,15 @@ function client_hello(t)
-- Header -- -- Header --
------------ ------------
b = table.concat(b) b = concat(b)
h = {} h = {}
-- Set type to ClientHello. -- Set type to ClientHello.
table.insert(h, pack("B", TLS_HANDSHAKETYPE_REGISTRY["client_hello"])) insert(h, pack("B", TLS_HANDSHAKETYPE_REGISTRY["client_hello"]))
-- Set the length of the body. -- Set the length of the body.
table.insert(h, pack(">s3", b)) insert(h, pack(">s3", b))
-- Record layer version should be SSLv3 (lowest compatible record version) -- Record layer version should be SSLv3 (lowest compatible record version)
-- But some implementations (OpenSSL) will not finish a handshake that could -- But some implementations (OpenSSL) will not finish a handshake that could
@@ -1902,7 +1905,7 @@ function client_hello(t)
-- purposes. -- purposes.
record_proto = "TLSv1.2" record_proto = "TLSv1.2"
end end
return record_write("handshake", record_proto, table.concat(h)) return record_write("handshake", record_proto, concat(h))
end end
local function read_atleast(s, n) local function read_atleast(s, n)
@@ -1911,12 +1914,12 @@ local function read_atleast(s, n)
while count < n do while count < n do
local status, data = s:receive_bytes(n - count) local status, data = s:receive_bytes(n - count)
if not status then if not status then
return status, data, table.concat(buf) return status, data, concat(buf)
end end
buf[#buf+1] = data buf[#buf+1] = data
count = count + #data count = count + #data
end end
return true, table.concat(buf) return true, concat(buf)
end end
--- Get an entire record into a buffer --- Get an entire record into a buffer