PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 13:11:28 +00:00
Code Issues Projects Releases Wiki Activity

Display EC curve name in ssl-enum-ciphers

Browse Source 
Closes #173. See http://seclists.org/nmap-dev/2015/q3/254
This commit is contained in:
dmiller
2015-09-17 13:00:23 +00:00
parent e783fbb4b5
commit e2bbf289d4
3 changed files with 72 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG
View File

@@ -1,5 +1,9 @@
# Nmap Changelog ($Id$); -*-text-*- # Nmap Changelog ($Id$); -*-text-*-
o [NSE] Enhanced reporting of elliptic curve names and strengths in
ssl-enum-ciphers. The name of the curve is now reported instead of just "ec"
[Brandon Paulsen]
o [NSE] Added knx-gateway-discover and knx-gateway-info scripts for gathering o [NSE] Added knx-gateway-discover and knx-gateway-info scripts for gathering
information from multicast and unicast KNX gateways, which connect home information from multicast and unicast KNX gateways, which connect home
automation systems to IP networks. [Niklaus Schiess, Dominik Schneider] automation systems to IP networks. [Niklaus Schiess, Dominik Schneider]

51
nse_ssl_cert.cc
View File

@@ -426,6 +426,50 @@ static const char *pkey_type_to_string(int type)
} }
} }
void lua_push_ecdhparams(lua_State *L, EVP_PKEY *pubkey) {
#ifdef EC_KEY
EC_KEY *ec_key = EVP_PKEY_get1_EC_KEY(pubkey);
const EC_GROUP *group = EC_KEY_get0_group(ec_key);
int nid;
if ((nid = EC_GROUP_get_curve_name(group)) != 0) {
lua_newtable(L);
lua_newtable(L);
lua_pushstring(L, OBJ_nid2sn(nid));
lua_setfield(L, -2, "curve");
lua_pushstring(L, "namedcurve");
lua_setfield(L, -2, "ec_curve_type");
lua_setfield(L, -2, "curve_params");
lua_setfield(L, -2, "ecdhparams");
}
else {
/* According to RFC 5480 section 2.1.1, explicit curves must not be used with
X.509. This may change in the future, but for now it doesn't seem worth it
to add in code to extract the extra parameters. */
nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));
if (nid == NID_X9_62_prime_field) {
lua_newtable(L);
lua_newtable(L);
lua_pushstring(L, "explicit_prime");
lua_setfield(L, -2, "ec_curve_type");
lua_setfield(L, -2, "curve_params");
lua_setfield(L, -2, "ecdhparams");
}
else if (nid == NID_X9_62_characteristic_two_field) {
lua_newtable(L);
lua_newtable(L);
lua_pushstring(L, "explicit_char2");
lua_setfield(L, -2, "ec_curve_type");
lua_setfield(L, -2, "curve_params");
lua_setfield(L, -2, "ecdhparams");
}
else {
/* Something wierd happened. */
}
}
EC_KEY_free(ec_key);
#endif
}
static int parse_ssl_cert(lua_State *L, X509 *cert); static int parse_ssl_cert(lua_State *L, X509 *cert);
int l_parse_ssl_certificate(lua_State *L) int l_parse_ssl_certificate(lua_State *L)
@@ -467,6 +511,7 @@ static int parse_ssl_cert(lua_State *L, X509 *cert)
struct cert_userdata *udata; struct cert_userdata *udata;
X509_NAME *subject, *issuer; X509_NAME *subject, *issuer;
EVP_PKEY *pubkey; EVP_PKEY *pubkey;
int pkey_type;
udata = (struct cert_userdata *) lua_newuserdata(L, sizeof(*udata)); udata = (struct cert_userdata *) lua_newuserdata(L, sizeof(*udata));
udata->cert = cert; udata->cert = cert;
@@ -497,7 +542,11 @@ static int parse_ssl_cert(lua_State *L, X509 *cert)
pubkey = X509_get_pubkey(cert); pubkey = X509_get_pubkey(cert);
lua_newtable(L); lua_newtable(L);
lua_pushstring(L, pkey_type_to_string(pubkey->type)); pkey_type = EVP_PKEY_type(pubkey->type);
if (pkey_type == EVP_PKEY_EC) {
lua_push_ecdhparams(L, pubkey);
}
lua_pushstring(L, pkey_type_to_string(pkey_type));
lua_setfield(L, -2, "type"); lua_setfield(L, -2, "type");
lua_pushnumber(L, EVP_PKEY_bits(pubkey)); lua_pushnumber(L, EVP_PKEY_bits(pubkey));
lua_setfield(L, -2, "bits"); lua_setfield(L, -2, "bits");

20
scripts/ssl-enum-ciphers.nse
View File

@@ -526,7 +526,15 @@ local function find_ciphers_group(host, port, protocol, group, scores)
scores.warnings["Weak certificate signature: SHA1"] = true scores.warnings["Weak certificate signature: SHA1"] = true
end end
kex_strength = tls.rsa_equiv(kex.pubkey, c.pubkey.bits) kex_strength = tls.rsa_equiv(kex.pubkey, c.pubkey.bits)
extra = string.format("%s %d", kex.pubkey, c.pubkey.bits) if c.pubkey.ecdhparams then
if c.pubkey.ecdhparams.curve_params.ec_curve_type == "namedcurve" then
extra = c.pubkey.ecdhparams.curve_params.curve
else
extra = string.format("%s %d", c.pubkey.ecdhparams.curve_params.ec_curve_type, c.pubkey.bits)
end
else
extra = string.format("%s %d", kex.pubkey, c.pubkey.bits)
end
end end
end end
end end
@@ -540,7 +548,15 @@ local function find_ciphers_group(host, port, protocol, group, scores)
scores.warnings["Key exchange parameters of lower strength than certificate key"] = true scores.warnings["Key exchange parameters of lower strength than certificate key"] = true
end end
kex_strength = kex_strength or rsa_bits kex_strength = kex_strength or rsa_bits
extra = string.format("%s %d", kex.type, kex_info.strength) if kex_info.ecdhparams then
if kex_info.ecdhparams.curve_params.ec_curve_type == "namedcurve" then
extra = kex_info.ecdhparams.curve_params.curve
else
extra = string.format("%s %d", kex_info.ecdhparams.curve_params.ec_curve_type, kex_info.strength)
end
else
extra = string.format("%s %d", kex.type, kex_info.strength)
end
end end
end end
end end