Add TLSv1.2 CHACHA cipher support

CHANGELOG

@@ -6,6 +6,7 @@ Version 1.4.3 (2020-06-09)
 * Tag: https://github.com/prbinu/tls-scan/releases/tag/1.4.3
 
 * Fix the TLS version enum bug
+* Support TLSv1.2 CHACHA cipher scans
 
 Version 1.4.2 (2020-05-17)
 -----------------------------------

README.md

@@ -252,7 +252,6 @@ jq-linux64 -r 'if (.tlsVersions[] | contains("SSL")) == true then [.host, .ip, .
 
 ## Caveats
 
-* The openssl fork we use doesn't support TLS 1.2 CHACHA ciphers (tracking issue: [#38](https://github.com/PeterMosmans/openssl/issues/38)). However CHACHA ciphers works with our TLS 1.3 version scan.
 * The following ciphers are currently disabled: ```SRP:PSK```
 * Instead of escaping JSON special chars (eg. double quotes), those characters are currently removed from the JSON output. (issue #2).
 

gnutls13.c

@@ -29,8 +29,30 @@ static const char *tlsv1_3_gnutls_ciphers_str = "NONE:+CTYPE-ALL:+COMP-ALL:+GROU
 static const char *tlsv1_3_gnutls_ciphers[TLS1_3_MAX_CIPHER_COUNT] = { "AES-128-GCM", "AES-256-GCM", "CHACHA20-POLY1305", "AES-128-CCM", "AES-128-CCM-8"};
 static const char *tlsv1_3_openssl_ciphers[TLS1_3_MAX_CIPHER_COUNT] = { "TLS_AES_128_GCM_SHA256", "TLS_AES_256_GCM_SHA384", "TLS_CHACHA20_POLY1305_SHA256", "TLS_AES_128_CCM_SHA256", "TLS_AES_128_CCM_8_SHA256" };
 
+#define TLS1_2_MAX_CHACHA_CIPHER_COUNT 3
+
+static const char *tlsv1_2_gnutls_chacha_ciphers[TLS1_2_MAX_CHACHA_CIPHER_COUNT] = {
+  "NONE:+VERS-TLS1.2:-CIPHER-ALL:+CHACHA20-POLY1305:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ECDHE-ECDSA:+CURVE-ALL",
+  "NONE:+VERS-TLS1.2:-CIPHER-ALL:+CHACHA20-POLY1305:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ECDHE-RSA:+CURVE-ALL",
+  "NONE:+VERS-TLS1.2:-CIPHER-ALL:+CHACHA20-POLY1305:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-RSA:+CURVE-ALL",
+};
+
+static const char *tlsv1_2_openssl_chacha_ciphers[TLS1_2_MAX_CHACHA_CIPHER_COUNT] = { "ECDHE-RSA-CHACHA20-POLY1305-OLD", "ECDHE-ECDSA-CHACHA20-POLY1305-OLD", "DHE-RSA-CHACHA20-POLY1305-OLD" };
+
 #define CHECK(x) assert((x)>=0)
 
+// tls 1_2 chacha cipher index for gnutls
+static const char*  gnutls1_2_chacha_priority_str(const char *openssl_cipher)
+{
+  for (int i=0; i < TLS1_2_MAX_CHACHA_CIPHER_COUNT; i++) {
+    if (strcmp(tlsv1_2_openssl_chacha_ciphers[i], openssl_cipher) == 0) {
+      return tlsv1_2_gnutls_chacha_ciphers[i];
+    }
+  }
+
+  return NULL;
+}
+
 void gnutls13_init(struct options *op) {
   op->cipher1_3_enum_count = 0;
 
@@ -113,9 +135,10 @@ bool _gnutls13_session_init(client_t *cli, int sd, const char *priority)
   return true;
 }
 
-int gnutls13_session_init(client_t *cli, int sd) {
+int gnutls13_session_init(client_t *cli, int sd)
+{
+
   if (cli->state == ST_GNUTLS_VERSION) {
-    //if ((cli->op->tls_vers_enum) && (!cli->op->ssl2) && (!cli->op->ssl3) && (!cli->op->tls1)) {
     _gnutls13_session_init(cli, sd, tlsv1_3_gnutls_ciphers_str);
   } else if (cli->state == ST_GNUTLS_CIPHER) {
     char priority[512];
@@ -125,14 +148,28 @@ int gnutls13_session_init(client_t *cli, int sd) {
     } else {
       assert(0);
     }
+  } else if (cli->state == ST_GNUTLS_1_2CHACHA_CIPHER) {
+    char priority[512];
+    if (cli->cipher1_3_index < cli->op->cipher1_3_enum_count) {
+      const char *p = gnutls1_2_chacha_priority_str(cli->op->cipher_enum_list[cli->cipher_index]);
+      if (p) {
+        snprintf(priority, 512, "%s", p);
+        _gnutls13_session_init(cli, sd, priority);
+      } else {
+        assert(0);
+      }
+    } else {
+      assert(0);
+    }
   } else {
     assert(0);
   }
 
   return 0;
 }
 
-void gnutls13_session_deinit(client_t *cli) {
+void gnutls13_session_deinit(client_t *cli)
+{
   // TODO - check err status and log to stderr
   gnutls_deinit(cli->session);
 }
@@ -182,6 +219,8 @@ ts_status_t gnutls13_handshake(client_t *cli, int sd)
     } else {
       assert(0);
     }
+  } else if (cli->state == ST_GNUTLS_1_2CHACHA_CIPHER) {
+    cli->tls_cert->cipher_suite_support[cli->cipher_index] = true;
   } else {
     assert(0);
   }

include/common.h

@@ -73,6 +73,7 @@ typedef enum {
   ST_GNUTLS_CERT,
   ST_GNUTLS_VERSION,
   ST_GNUTLS_CIPHER,
+  ST_GNUTLS_1_2CHACHA_CIPHER, // TLS1.2 with CHACHA cipher
   ST_CERT_PRINT
 } scan_type_t;
 

main.c

@@ -518,6 +518,7 @@ scan_type_t ts_scan_next(client_t *cli)
     if (cli->tls_ver_index+1 < MAX_OPENSSL_TLS_VERSION) {
       cli->tls_ver_index++;
       nanosleep(&cli->op->ts_sleep, NULL);
+      cli->scan_engine = SE_OPENSSL;
       cli->state = ST_TLS_VERSION;
       return ST_TLS_VERSION;
     }
@@ -538,8 +539,18 @@ scan_type_t ts_scan_next(client_t *cli)
   if (cli->op->cipher_enum) {
     if (cli->cipher_index+1 < cli->op->cipher_enum_count) {
       cli->cipher_index++;
+
+      // scan CHACHA ciphers using gnults
+      if (strstr(cli->op->cipher_enum_list[cli->cipher_index], "CHACHA") != NULL) {
+        nanosleep(&cli->op->ts_sleep, NULL);
+        cli->scan_engine = SE_GNUTLS;
+        cli->state = ST_GNUTLS_1_2CHACHA_CIPHER;
+        return ST_GNUTLS_1_2CHACHA_CIPHER;
+      }
+
       // continue with same host/ip, but different cipher
       nanosleep(&cli->op->ts_sleep, NULL);
+      cli->scan_engine = SE_OPENSSL;
       cli->state = ST_CIPHER;
       return ST_CIPHER;
     }
@@ -654,6 +665,7 @@ void ts_scan_disconnect(client_t * cli)
 
     case ST_GNUTLS_VERSION:
     case ST_GNUTLS_CIPHER:
+    case ST_GNUTLS_1_2CHACHA_CIPHER:
       ts_scan_connect(cli, true);
       break;
 
@@ -1239,8 +1251,16 @@ void ts_scan_parallel_host_scan(client_t *cli)
         c->tls_ver_index = MAX_TLS_VERSION;
         c->tls_cert = cli->tls_cert;
         c->tls_cert->reference_count++;
-        c->scan_engine = SE_OPENSSL;
-        c->state = ST_CIPHER;
+
+        // scan CHACHA ciphers using gnutls
+        if (strstr(cli->op->cipher_enum_list[c->cipher_index], "CHACHA") != NULL) {
+          c->scan_engine = SE_GNUTLS;
+          c->state = ST_GNUTLS_1_2CHACHA_CIPHER;
+        } else {
+          c->scan_engine = SE_OPENSSL;
+          c->state = ST_CIPHER;
+        }
+
         ts_adapter_init(c);
         ts_scan_connect(c, true);
       }