tls-map 1.0.0

data/lib/tls_map/gnutls.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+# Ruby internal
+
+# TLS map module
+module TLSmap
+  # TLS mapping
+  class App
+    GNUTLS_URL = 'https://gitlab.com/gnutls/gnutls/raw/master/lib/algorithms/ciphersuites.c'
+
+    def parse_gnutls
+      reg = /(GNUTLS_[a-zA-Z0-9_]+)\s{\s(0x[[:xdigit:]]{2},\s0x[[:xdigit:]]{2})\s}/
+      File.read(@gnutls_file.path).scan(reg).each do |alg|
+        codepoint = codepoint_iana(alg[1])
+        name = alg[0][7..]
+        @tls_map.each do |h|
+          h[:gnutls] ||= h[:codepoint] == codepoint ? name : nil
+        end
+      end
+    end
+
+    private :parse_gnutls
+  end
+end

data/lib/tls_map/iana.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+# Ruby internal
+require 'csv'
+
+# TLS map module
+module TLSmap
+  # TLS mapping
+  class App
+    IANA_URL = 'https://www.iana.org/assignments/tls-parameters/tls-parameters-4.csv'
+
+    # remove Reserved, Unassigned codepoints (those with a range: X-X or *)
+    # also works with gnutls
+    def codepoint_iana(raw_cp)
+      c1, c2 = raw_cp.split(',')
+      c2.strip!
+      return nil unless c2.size == 4
+
+      "#{c1[2..3]}#{c2[2..3]}"
+    end
+
+    # remove remaining Reserved, Unassigned codepoints
+    def desc_iana(desc)
+      return nil if /Reserved|Unassigned/.match?(desc)
+
+      desc
+    end
+
+    def parse_iana
+      CSV.foreach(@iana_file.path, **{ headers: true, header_converters: :symbol }) do |alg|
+        codepoint = codepoint_iana(alg[:value])
+        description = desc_iana(alg[:description])
+        @tls_map << { codepoint: codepoint, iana: description } unless codepoint.nil? || description.nil?
+      end
+    end
+
+    private :codepoint_iana, :desc_iana, :parse_iana
+  end
+end

data/lib/tls_map/nss.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+# Ruby internal
+
+# TLS map module
+module TLSmap
+  # TLS mapping
+  class App
+    # Timeout https://hg.mozilla.org/projects/nss/raw-file/tip/lib/ssl/sslproto.h
+    # so use github RO mirror instead.
+    NSS_URL = 'https://raw.githubusercontent.com/nss-dev/nss/master/lib/ssl/sslproto.h'
+
+    def parse_nss
+      File.read(@nss_file.path).scan(/(TLS_[a-zA-Z0-9_]+)\s+0x([[:xdigit:]]{4})/) do |alg|
+        @tls_map.each do |h|
+          h[:nss] ||= h[:codepoint] == alg[1] ? alg[0] : nil
+        end
+      end
+    end
+
+    private :parse_nss
+  end
+end

data/lib/tls_map/openssl.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+# Ruby internal
+
+# TLS map module
+module TLSmap
+  # TLS mapping
+  class App
+    OPENSSL_URL = 'https://raw.githubusercontent.com/openssl/openssl/master/include/openssl/tls1.h'
+
+    def raw_data_openssl
+      openssl_h = File.read(@openssl_file.path)
+
+      ck1 = openssl_h.scan(/(TLS1_CK_[a-zA-Z0-9_]+)\s+0x0300([[:xdigit:]]{4})/)
+      txt1 = openssl_h.scan(/(TLS1_TXT_[a-zA-Z0-9_]+)\s+"([a-zA-Z0-9-]+)"/)
+      ck2 = openssl_h.scan(/(TLS1_3_CK_[a-zA-Z0-9_]+)\s+0x0300([[:xdigit:]]{4})/)
+      rfc2 = openssl_h.scan(/(TLS1_3_RFC_[a-zA-Z0-9_]+)\s+"([a-zA-Z0-9_]+)"/)
+      { ck1: ck1, txt1: txt1, ck2: ck2, rfc2: rfc2 }
+    end
+
+    def clean_raw_data_openssl
+      ck1, txt1, ck2, rfc2 = raw_data_openssl.values
+
+      ck1.map! { |e| [e[0][8..], e[1]] }
+      txt1.map! { |e| [e[0][9..], e[1]] }
+      ck2.map! { |e| [e[0][10..], e[1]] }
+      rfc2.map! { |e| [e[0][11..], e[1]] }
+
+      { ck1: ck1, txt1: txt1, ck2: ck2, rfc2: rfc2 }
+    end
+
+    def data_openssl
+      ck1, txt1, ck2, rfc2 = clean_raw_data_openssl.values
+      data = ck1.map { |e| [e[1], txt1.select { |x| x[0] == e[0] }[0][1]] }
+      data += ck2.map { |e| [e[1], rfc2.select { |x| x[0] == e[0] }[0][1]] }
+      data
+    end
+
+    def parse_openssl
+      data_openssl.each do |alg|
+        @tls_map.each do |h|
+          h[:openssl] ||= h[:codepoint] == alg[0] ? alg[1] : nil
+        end
+      end
+    end
+
+    private :parse_openssl, :raw_data_openssl, :clean_raw_data_openssl, :data_openssl
+  end
+end

data/lib/tls_map/output.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+# Ruby internal
+require 'json'
+
+# TLS map module
+module TLSmap
+  # TLS mapping
+  class App
+    def markdown(table)
+      output = "Codepoint | IANA | OpenSSL | GnuTLS | NSS\n"
+      output += "--- | --- | --- | --- | ---\n"
+      table.each do |alg|
+        values = alg.values.map { |x| x.nil? ? '-' : x }
+        output += "#{values.join(' | ')}\n"
+      end
+      output
+    end
+
+    def output_markdown(filename)
+      File.write(filename, markdown(@tls_map))
+    end
+
+    def output_json_pretty(filename)
+      File.write(filename, JSON.pretty_generate(@tls_map))
+    end
+
+    def output_json_compact(filename)
+      File.write(filename, JSON.generate(@tls_map))
+    end
+
+    def output_marshal(filename)
+      File.write(filename, Marshal.dump(@tls_map))
+    end
+
+    # Export the mapping to a file, supporting various formats.
+    # @param filename [String] The output file name to write to.
+    # @param format [Symbol] Supported formats: +:markdown+ (a markdown table),
+    #   +:json_pretty+ (expanded JSON), +:json_compact+ (minified JSON),
+    #   +:marshal+ (Ruby marshalized hash).
+    def export(filename, format)
+      case format
+      when :markdown      then output_markdown(filename)
+      when :json_pretty   then output_json_pretty(filename)
+      when :json_compact  then output_json_compact(filename)
+      when :marshal       then output_marshal(filename)
+      else                     raise "Wrong format: #{format}"
+      end
+    end
+
+    protected :markdown, :output_markdown, :output_json_pretty, :output_json_compact, :output_marshal
+  end
+end

data/lib/tls_map/utils.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+# Ruby internal
+require 'net/http'
+require 'tempfile'
+
+# TLS map module
+module TLSmap
+  # TLS mapping
+  class App
+    def tmpfile(name, url)
+      tmp = Tempfile.new(name)
+      tmp.write(Net::HTTP.get(URI(url)))
+      tmp
+    end
+
+    protected :tmpfile
+  end
+end

data/lib/tls_map/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module TLSmap
+  VERSION = '1.0.0'
+end

metadata

@@ -0,0 +1,189 @@
+--- !ruby/object:Gem::Specification
+name: tls-map
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Alexandre ZANNI
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2021-04-30 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: docopt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+- !ruby/object:Gem::Dependency
+  name: paint
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.1.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.1.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.3'
+- !ruby/object:Gem::Dependency
+  name: commonmarker
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.21'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.21'
+- !ruby/object:Gem::Dependency
+  name: github-markup
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+- !ruby/object:Gem::Dependency
+  name: redcarpet
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+description: 'CLI & library for mapping TLS cipher algorithm names: IANA, OpenSSL,
+  GnUTLS, NSS'
+email: alexandre.zanni@engineer.com
+executables:
+- tls-map
+- tls-map_console
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE
+- bin/tls-map
+- bin/tls-map_console
+- data/mapping.json
+- data/mapping.marshal
+- data/mapping.md
+- data/mapping.min.json
+- lib/tls_map.rb
+- lib/tls_map/cli.rb
+- lib/tls_map/gnutls.rb
+- lib/tls_map/iana.rb
+- lib/tls_map/nss.rb
+- lib/tls_map/openssl.rb
+- lib/tls_map/output.rb
+- lib/tls_map/utils.rb
+- lib/tls_map/version.rb
+homepage: https://sec-it.github.io/tls-map/
+licenses:
+- MIT
+metadata:
+  yard.run: yard
+  bug_tracker_uri: https://github.com/sec-it/tls-map/issues
+  changelog_uri: https://github.com/sec-it/tls-map/blob/master/docs/CHANGELOG.md
+  documentation_uri: https://sec-it.github.io/tls-map/yard/
+  homepage_uri: https://sec-it.github.io/tls-map/
+  source_code_uri: https://github.com/sec-it/tls-map/
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.6.0
+  - - "<"
+    - !ruby/object:Gem::Version
+      version: '3.1'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.2.15
+signing_key:
+specification_version: 4
+summary: 'CLI & library for mapping TLS cipher algorithm names: IANA, OpenSSL, GnUTLS,
+  NSS'
+test_files: []