Skip to content

Commit

Permalink
WIP: Signature algorithms for client authentication
Browse files Browse the repository at this point in the history 
This commit is a work in progress. It obtains and prints the list of signature algorithms supported by the server for client authentication. This commit is missing several critical elements:

- Commonly a server will offer a different list of algorithms for TLS 1.3 and for TLS 1.2 (or earlier). This commit only shows the list offered in the connection established by determine_optimal_proto(). For a server that supports TLS 1.3, this means that the list of algorithms for that protocol will be missed if $OPENSSL does not support TLS 1.3. If the server and $OPENSSL both support TLS 1.3, then the list of algorithms for TLS 1.2 and earlier will be missed (if the server is not TLS 1.3 only).

- The list presented is from the signature_algorithms extension, which is the list of algorithms supported for CertificateVerify messages. If the server supports a different list of algorithms for verifying signatures on client certificates, then it will send this list in the signature_algorithms_cert extension. This commit does not extract the contents of that extension.
  • Loading branch information
@dcooper16
dcooper16 committed Jun 13, 2024
1 parent c2a3224 commit 9fac86c
Showing 1 changed file with 63 additions and 9 deletions.
72 changes: 63 additions & 9 deletions testssl.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -288,6 +288,7 @@ TMPFILE=""
ERRFILE=""
CLIENT_AUTH="none"
CLIENT_AUTH_CA_LIST=""
CLIENT_AUTH_SIGALGS_LIST=""
TLS_TICKETS=false
NO_SSL_SESSIONID=true
CERT_COMPRESSION=${CERT_COMPRESSION:-false} # secret flag to set in addition to --devel for certificate compression
Expand Down Expand Up @@ -10356,6 +10357,22 @@ run_server_defaults() {
i+=1
done <<< "$CLIENT_AUTH_CA_LIST"
fi
jsonID="clientAuth_sigalgs_list"
pr_bold " Sig Alg List for Client Auth "
if [[ -z "$(sed -e 's/[A-Za-z\-]*+SHA1//g' -e 's/[A-Za-z\-]*+MD5//g' -e 's/ //g' <<< "$CLIENT_AUTH_SIGALGS_LIST")" ]]; then
prln_svrty_critical "$(out_row_aligned_max_width "$CLIENT_AUTH_SIGALGS_LIST" " " $TERM_WIDTH)"
fileout "$jsonID" "CRITICAL" "$CLIENT_AUTH_SIGALGS_LIST"
else
out_row_aligned_max_width_by_entry "$CLIENT_AUTH_SIGALGS_LIST" " " $TERM_WIDTH pr_sigalg_quality
outln
if [[ "$CLIENT_AUTH_SIGALGS_LIST" =~ MD5 ]]; then
fileout "$jsonID" "HIGH" "$CLIENT_AUTH_SIGALGS_LIST"
elif [[ "$CLIENT_AUTH_SIGALGS_LIST" =~ SHA1 ]]; then
fileout "$jsonID" "LOW" "$CLIENT_AUTH_SIGALGS_LIST"
else
fileout "$jsonID" "INFO" "$CLIENT_AUTH_SIGALGS_LIST"
fi
fi
fi


Expand Down Expand Up @@ -21597,9 +21614,9 @@ print_dn() {
extract_calist() {
local response="$1"
local is_tls12=false is_tls13=false
local certreq calist="" certtypes sigalgs dn
local calist_string=""
local -i len type
local certreq calist="" certtypes sigalgs="" dn
local calist_string="" sigalgs_string=""
local -i len len2 type

# Determine whether this is a TLS 1.2 or TLS 1.3 response, since the information
# is encoded in a different place for TLS 1.3 and the CertificateRequest message
Expand Down Expand Up @@ -21631,12 +21648,16 @@ extract_calist() {
[[ -z "$certreq" ]] && break
type=$(hex2dec "${certreq:0:4}")
len=2*$(hex2dec "${certreq:4:4}")
if [[ $type -eq 47 ]]; then
if [[ $type -eq 13 ]]; then
# This is the signature_algorithms extension
sigalgs="${certreq:8:len}"
len2=2*$(hex2dec "${sigalgs:0:4}")
sigalgs="${sigalgs:4:len2}"
elif [[ $type -eq 47 ]]; then
# This is the certificate_authorities extension
calist="${certreq:8:len}"
len=2*$(hex2dec "${calist:0:4}")
calist="${calist:4:len}"
break
len2=2*$(hex2dec "${calist:0:4}")
calist="${calist:4:len2}"
fi
certreq="${certreq:$((len+8))}"
done
Expand Down Expand Up @@ -21667,7 +21688,40 @@ extract_calist() {
calist="${calist:$((len+4))}"
done
[[ -z "$calist_string" ]] && calist_string="empty"
tm_out "$calist_string"
CLIENT_AUTH_CA_LIST="$(safe_echo "$calist_string")"
while true; do
[[ -z "$sigalgs" ]] && break
case "${sigalgs:0:4}" in
0101) sigalgs_string+=" RSA+MD5" ;;
0102) sigalgs_string+=" DSA+MD5" ;;
0103) sigalgs_string+=" ECDSA+MD5" ;;
0201) sigalgs_string+=" RSA+SHA1" ;;
0202) sigalgs_string+=" DSA+SHA1" ;;
0203) sigalgs_string+=" ECDSA+SHA1" ;;
0301) sigalgs_string+=" RSA+SHA224" ;;
0302) sigalgs_string+=" DSA+SHA224" ;;
0303) sigalgs_string+=" ECDSA+SHA224" ;;
0401|0420) sigalgs_string+=" RSA+SHA256" ;;
0402) sigalgs_string+=" DSA+SHA256" ;;
0403|081a) sigalgs_string+=" ECDSA+SHA256" ;;
0501|0520) sigalgs_string+=" RSA+SHA384" ;;
0502) sigalgs_string+=" DSA+SHA384" ;;
0503|081b) sigalgs_string+=" ECDSA+SHA384" ;;
0601|0620) sigalgs_string+=" RSA+SHA512" ;;
0602) sigalgs_string+=" DSA+SHA512" ;;
0603|081c) sigalgs_string+=" ECDSA+SHA512" ;;
0708) sigalgs_string+=" SM2+SM3" ;;
0804|0809) sigalgs_string+=" RSA-PSS+SHA256" ;;
0805|080a) sigalgs_string+=" RSA-PSS+SHA384" ;;
0806|080b) sigalgs_string+=" RSA-PSS+SHA512" ;;
0807) sigalgs_string+=" Ed25519" ;;
0808) sigalgs_string+=" Ed448" ;;
*) sigalgs_string+=" unknown(${sigalgs:0:4})";;
esac
sigalgs="${sigalgs:4}"
done
CLIENT_AUTH_SIGALGS_LIST="${sigalgs_string:1} "
[[ -z "$CLIENT_AUTH_SIGALGS_LIST" ]] && CLIENT_AUTH_SIGALGS_LIST="empty "
return 0
}

Expand Down Expand Up @@ -21698,7 +21752,7 @@ sclient_auth() {
# CertificateRequest message in -msg
CLIENT_AUTH="required"
[[ $1 -eq 0 ]] && CLIENT_AUTH="optional"
CLIENT_AUTH_CA_LIST="$(extract_calist "$server_hello")"
extract_calist "$server_hello"
return 0
fi
[[ $1 -eq 0 ]] && return 0
Expand Down

0 comments on commit 9fac86c

Please sign in to comment.