From c1bedd952bcadd40ad37b901c09e448d862a6757 Mon Sep 17 00:00:00 2001 From: Jay Mundrawala Date: Wed, 22 May 2024 08:58:27 -0500 Subject: [PATCH] =?UTF-8?q?=F0=9F=A7=B9=20Add=20secp256r1=20to=20tls=20cli?= =?UTF-8?q?ent=20hello=20key=20share=20extension=20(#4037)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Some servers will prefer this, and respond with a `HelloRetryRequest` if its not provided --- .../network/resources/tlsshake/tlsshake.go | 25 ++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/providers/network/resources/tlsshake/tlsshake.go b/providers/network/resources/tlsshake/tlsshake.go index fb778b305d..0ce184ffff 100644 --- a/providers/network/resources/tlsshake/tlsshake.go +++ b/providers/network/resources/tlsshake/tlsshake.go @@ -717,9 +717,28 @@ func (s *Tester) helloTLSMsg(conf *ScanConfig) ([]byte, int, error) { // d9:45:92:16:ff:36:63:0d:0d:5a:3d:9d:47:ce:3e: // cd:7e - publicKey := "\xe7\x08\x71\x36\xd0\x81\xe0\x16\x19\x3a\xcb\x67\xca\xb8\x28\xd9\x45\x92\x16\xff\x36\x63\x0d\x0d\x5a\x3d\x9d\x47\xce\x3e\xcd\x7e" - extensions.WriteString("\x00\x33\x00\x26\x00\x24\x00\x1d\x00\x20") - extensions.WriteString(publicKey) + // The comment above is not how the stuff below was generated. It was taken + // from a real-world TLS 1.3 handshake and then converted to a byte array. + // It contains both x25519 and secp256r1 keys. I'm leaving the comment above + // for reference, but it's not how the keys were generated. + keyShareBytes := []byte{ + 0x00, 0x33, 0x00, 0x6b, 0x00, 0x69, 0x00, 0x1d, + 0x00, 0x20, 0x5b, 0x55, 0x18, 0x62, 0xb8, 0x87, + 0x93, 0xd2, 0xb5, 0xa3, 0xdf, 0x2d, 0xdf, 0x5a, + 0x05, 0x00, 0xaf, 0xa5, 0xde, 0xea, 0xd6, 0x3a, + 0x6e, 0x29, 0x10, 0x8e, 0x5b, 0xcf, 0xde, 0xc6, + 0x57, 0x08, 0x00, 0x17, 0x00, 0x41, 0x04, 0x6b, + 0xf2, 0x37, 0x7d, 0xf2, 0x20, 0xd5, 0x6f, 0xb0, + 0xde, 0xe7, 0x5f, 0x98, 0x79, 0x7a, 0x31, 0x54, + 0x10, 0x44, 0xde, 0xed, 0x4a, 0xfc, 0x59, 0xda, + 0x51, 0x00, 0x8a, 0xfe, 0x0a, 0xc6, 0x14, 0xea, + 0x07, 0xe3, 0x3a, 0xc5, 0x31, 0x55, 0xfb, 0x70, + 0xed, 0x4c, 0xdb, 0x84, 0x66, 0x47, 0xd2, 0x3a, + 0xd7, 0xe3, 0xf6, 0x0d, 0x72, 0x30, 0x6a, 0x73, + 0x54, 0xc1, 0x93, 0x1f, 0x97, 0x75, 0x44, + } + + extensions.Write(keyShareBytes) default: return nil, 0, errors.New("unsupported TLS/SSL version: " + conf.version)