Comments (11)
The run_fs()
function in https://github.com/dcooper16/testssl.sh/tree/TLS_ECDHE_HSS_WITH_AES_256_GCM_SHA384 will now detect if a server supports X25519+Kyber512 and/or X25519+Kyber768 (as long as the server also supports at least one "standard" ECDH or FFDH group). Other than the check for "Elliptic curves offered," everything else in https://github.com/dcooper16/testssl.sh/tree/TLS_ECDHE_HSS_WITH_AES_256_GCM_SHA384 only tests for "standard" elliptic curves (or FFDH groups).
from testssl.sh.
Hi Dirk,
I saw this too and was thinking about trying to add support for it. I just tried using the --devel
option and had some success, but I had to make a change to the code. The issue is that ""fe,30" and "fe,31" are not cipher suites, they are for identifiers in the supported_groups extension. Unfortunately, with the --devel
option, the TLS version and list of cipher suites can be specified at the command line, but extensions can not.
So, I created a modified version of testssl.sh in which I changed line 23742 to:
tls_sockets "$TLS_LOW_BYTE" "$HEX_CIPHER" "ephemeralkey" "00,0a, 00, 06, 00, 04, fe,30, fe,31"
and then I called testssl.sh as:
./testssl.sh --debug 4 --devel "04" "13,01, 13,02, 13,03, 13,04, 13,05" pq.cloudflareresearch.com
The result is that the server sends a HelloRetryRequest specifying the use of group "fe, 30" and then testssl.sh fails since it does not have a key share for that group.
So, the first (and biggest) step in adding support for detecting these key types is to add key shares to TLS13_PUBLIC_KEY_SHARES (defined in etc/tls_data.txt) for X25519Kyber512 and X25519Kyber768, which means finding a way to generate Kyber key pairs. Then, after coming up with short names for these key types, they can be added to prepare_tls_clienthello()
, run_fs()
, pr_ecdh_curve_quality()
, parse_tls_serverhello()
, etc.
from testssl.sh.
Ah, ok, thanks for the heads up!
I had a quick look here: https://pq.cloudflareresearch.com/ and I found not so much yet, besides references like this: https://github.com/cloudflare/boringssl-pq/search?q=KYBER768_generate_key .
from testssl.sh.
I was able to compile the reference implementation for Kyber from https://github.com/pq-crystals/kyber and used it to generate public keys for Kyber512 and Kyber768. I added public keys for 0xFE30 and 0xFE31 to etc/tls_data.txt in the https://github.com/dcooper16/testssl.sh/tree/TLS_ECDHE_HSS_WITH_AES_256_GCM_SHA384 branch. Using that version of etc/tls_data.txt and modifying line 23742 of testssl.sh as above results in the --devel
command working:
./testssl.sh --debug 4 --devel "04" "13,01, 13,02, 13,03, 13,04, 13,05" pq.cloudflareresearch.com
Next step is to assign string names to these groups (X25519+Kyber512 and X25519+Kyber768 are too long to print in the KeyExch. column output by neat_list()
) and then modify parse_tls_clienthello()
to recognize these named groups.
from testssl.sh.
very cool!
from testssl.sh.
That’s super cool !
Thank‘s a lot for your continued efforts.
from testssl.sh.
For "others convenience" this is a diff (wrong order of files) of the output:
from testssl.sh.
I haven't had a chance to look into this in detail, but I found another source for information on experimenting with post-quantum cryptography in TLS:
https://www.wolfssl.com/documentation/manuals/wolfssl/appendix07.html
https://test.openquantumsafe.org/
https://github.com/open-quantum-safe/openssl/blob/OQS-OpenSSL_1_1_1-stable/oqs-template/oqs-kem-info.md
https://github.com/open-quantum-safe/openssl/blob/OQS-OpenSSL_1_1_1-stable/oqs-template/oqs-sig-info.md
from testssl.sh.
The
run_fs()
function in https://github.com/dcooper16/testssl.sh/tree/TLS_ECDHE_HSS_WITH_AES_256_GCM_SHA384 will now detect if a server supports X25519+Kyber512 and/or X25519+Kyber768 (as long as the server also supports at least one "standard" ECDH or FFDH group). Other than the check for "Elliptic curves offered," everything else in https://github.com/dcooper16/testssl.sh/tree/TLS_ECDHE_HSS_WITH_AES_256_GCM_SHA384 only tests for "standard" elliptic curves (or FFDH groups).
Thank you for the effort, very interesting. I quickly tested your commit against the cloudflare websites and it works, however, it doesn't show the support for X25519+Kyber when testing via ./testssl.sh -f www.google.com
, although the google website communicates with that key exchange when using PQC-enabled Firefox or Chrome. Just to understand: Is that because of the way the script only tests via the "Elliptic curves offered" check?
from testssl.sh.
Hello @amran28,
At the moment, any support for options such as X25519+Kyber is just experimental, as the standards are not yet complete. So, if the google website does support X25519+Kyber, then I would need more information to understand why https://github.com/dcooper16/testssl.sh/tree/TLS_ECDHE_HSS_WITH_AES_256_GCM_SHA384 is not detecting it. I don't think it is because the script only tests via the "Elliptic curves offered" check, as the mechanism for negotiating elliptic curves is just being extended to allow allow for negotiating post-quantum algorithms.
I do have one guess. When I connect to google.com, Wireshake shows some TLS packets, but a lot of QUIC packets. testssl.sh only tests TLS, not QUIC. So, if X25519+Kyber is being negotiated in QUIC, then testssl.sh would not see it.
from testssl.sh.
Ah, that would indeed explain it; I just looked at all packets over TCP without differentiating between TLS and QUIC.
Thanks again, @dcooper16.
from testssl.sh.
Related Issues (20)
- [BUG / possible BUG] ./testssl.sh: line 8757: 2+: syntax error: operand expected (error token is "+") HOT 2
- [BUG / possible BUG] Fatal error: URI comes last HOT 2
- Censys changing their ToS. Links affected? HOT 1
- [Feature] HTML report add option to report like on terminal (dark) HOT 3
- question of cert_chain_of_trust HOT 1
- [BUG] HSTS header parsing does not accept spaces between directives
- [BUG] MongoDB identification HOT 2
- [BUG] Secure client initiated renegotiation timing bug HOT 3
- Anybody know github.com/testssl ? HOT 1
- Your account github.com/testssl
- [Feature request] query + show HTTPS DNS record (RFC 9460) HOT 4
- [Feature request] DNS CAA records: support checking for Extensions for Account URI and ACME Method Binding (RFC 8657) HOT 2
- [Feature request] Test Ciphers against Curvces
- [Feature request] Change DH_groups finding delimiter
- [Feature request] Verify support for long CilentHello messages HOT 4
- Issue Severity List HOT 1
- Why is RSA+SHA1 in the "TLS 1.2 sig.algs offered" list HOT 3
- Warnings cannot be turned off for batch testing HOT 8
- [BUG] Inconsistent bold in report HOT 2
- [BUG] Incorrectly showing TLS 1.0 and 1.1 as offered HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from testssl.sh.