from zschema.leaves import * from zschema.compounds import * import zschema.registry # Mostly copied from zmap/zgrab/zgrab_schema.py # Since the struct -> json mappings are defined in zcrypto, it seems like it # would make sense to have this schema defined there # For items in x509/pkix/pkix.go, there is a corresponding struct in # x509/pkix/json.go, prefixed with "aux" (e.g. Name -> auxName) # x509/pkix/pkix.go: Name distinguished_name = SubRecord({ "serial_number": ListOf(String()), "common_name": ListOf(String()), "country": ListOf(String()), "locality": ListOf(String()), "province": ListOf(String()), "street_address": ListOf(String()), "organization": ListOf(String()), "organizational_unit": ListOf(String()), "postal_code": ListOf(String()), "domain_component": ListOf(String()), }) # x509/pkix/pkix.go: Extension unknown_extension = SubRecord({ "id": String(), "critical": Boolean(), "value": Binary(), }) # x509/pkix/pkix.go: type EDIPartyName struct edi_party_name = SubRecord({ "name_assigner": AnalyzedString(es_include_raw=True), "party_name": AnalyzedString(es_include_raw=True), }) # x509/extensions.go: GeneralNames/jsonGeneralNames alternate_name = SubRecord({ "dns_names": ListOf(String()), "email_addresses": ListOf(String()), "ip_addresses": ListOf(String()), "directory_names": ListOf(distinguished_name), "edi_party_names": ListOf(SubRecord({ "name_assigner": AnalyzedString(es_include_raw=True), "party_name": AnalyzedString(es_include_raw=True), })), "other_names": ListOf(SubRecord({ "id": String(), "value": Binary(), })), "registered_ids": ListOf(String()), "uniform_resource_identifiers": ListOf(AnalyzedString(es_include_raw=True)), }) # x509/json.go (mapped from crypto.rsa) rsa_public_key = SubRecord({ "exponent": Long(), "modulus": Binary(), "length": Unsigned32BitInteger(doc="Bit-length of modulus."), }) # x509/json.go (mapped from crypto.dsa) dsa_public_key = SubRecord({ "p": Binary(), "q": Binary(), "g": Binary(), "y": Binary(), }) # x509/json.go (mapped from crypto.ecdsa) ecdsa_public_key = SubRecord({ "pub": Binary(), "b": Binary(), "gx": Binary(), "gy": Binary(), "n": Binary(), "p": Binary(), "x": Binary(), "y": Binary(), "curve": String(), "length": Unsigned16BitInteger(), "asn1_oid": String(), }) # /go/src/net/ip.go: type IPNet struct ip_net = SubRecord({ "IP": Binary(), "Mask": Binary(), }) # x509/x509.go: type GeneralSubtreeIP struct general_subtree_ip = SubRecord({ "Data": ip_net, "Max": Integer(), "Min": Integer(), }) # Generated by zcrypto/x509/extended_key_usage.sh, with a manual tweak on unknown extended_key_usage = SubRecord({ "eap_over_ppp": Boolean(), "ocsp_signing": Boolean(), "apple_software_update_signing": Boolean(), "apple_crypto_test_env": Boolean(), "microsoft_embedded_nt_crypto": Boolean(), "microsoft_drm_individualization": Boolean(), "microsoft_key_recovery_21": Boolean(), "apple_crypto_production_env": Boolean(), "apple_crypto_tier1_qos": Boolean(), "client_auth": Boolean(), "code_signing": Boolean(), "apple_crypto_development_env": Boolean(), "apple_crypto_tier0_qos": Boolean(), "apple_crypto_tier2_qos": Boolean(), "microsoft_mobile_device_software": Boolean(), "microsoft_nt5_crypto": Boolean(), "apple_code_signing_third_party": Boolean(), "microsoft_timestamp_signing": Boolean(), "microsoft_root_list_signer": Boolean(), "microsoft_system_health": Boolean(), "time_stamping": Boolean(), "apple_code_signing_development": Boolean(), "apple_crypto_qos": Boolean(), "microsoft_document_signing": Boolean(), "microsoft_encrypted_file_system": Boolean(), "microsoft_whql_crypto": Boolean(), "netscape_server_gated_crypto": Boolean(), "apple_crypto_tier3_qos": Boolean(), "microsoft_smart_display": Boolean(), "microsoft_efs_recovery": Boolean(), "microsoft_kernel_mode_code_signing": Boolean(), "server_auth": Boolean(), "ipsec_end_system": Boolean(), "ipsec_user": Boolean(), "microsoft_qualified_subordinate": Boolean(), "apple_resource_signing": Boolean(), "microsoft_oem_whql_crypto": Boolean(), "microsoft_smartcard_logon": Boolean(), "email_protection": Boolean(), "microsoft_server_gated_crypto": Boolean(), "microsoft_ca_exchange": Boolean(), "dvcs": Boolean(), "apple_ichat_signing": Boolean(), "apple_ichat_encryption": Boolean(), "apple_code_signing": Boolean(), "apple_crypto_env": Boolean(), "microsoft_system_health_loophole": Boolean(), "any": Boolean(), "apple_crypto_maintenance_env": Boolean(), "ipsec_tunnel": Boolean(), "microsoft_lifetime_signing": Boolean(), "microsoft_csp_signature": Boolean(), "microsoft_sgc_serialized": Boolean(), "sbgp_cert_aa_service_auth": Boolean(), "eap_over_lan": Boolean(), "microsoft_license_server": Boolean(), "microsoft_enrollment_agent": Boolean(), "apple_system_identity": Boolean(), "microsoft_key_recovery_3": Boolean(), "microsoft_cert_trust_list_signing": Boolean(), "microsoft_drm": Boolean(), "microsoft_licenses": Boolean(), "unknown": ListOf(OID()), }) # x509/extensions.go: type NoticeReference struct notice_reference = SubRecord({ "organization": String(), "notice_numbers": ListOf(Integer()), }) # x509/extensions.go: type UserNoticeData struct user_notice_data = SubRecord({ "explicit_text": String(), "notice_reference": ListOf(notice_reference), }) # x509/extensions.go: type CertificatePoliciesJSON struct certificate_policies_data = SubRecord({ "id": String(), "cps": String(), "user_notice": ListOf(user_notice_data), }) # x509/json.go jsonCertificate (mapped from x509.Certificate) parsed_certificate = SubRecord({ "subject": distinguished_name, # TODO FIXME: Added by jb 2017/12/11 "subject_dn": String(), "issuer": distinguished_name, # TODO FIXME: Added by jb 2017/12/11 "issuer_dn": String(), "version": Unsigned32BitInteger(), "serial_number": String(doc="Serial number as an unsigned decimal integer. Stored as string to support >uint lengths. Negative values are allowed."), "validity": SubRecord({ "start": DateTime(doc="Timestamp of when certificate is first valid. Timezone is UTC."), "end": DateTime(doc="Timestamp of when certificate expires. Timezone is UTC."), "length": Unsigned32BitInteger(), }), "signature_algorithm": SubRecord({ "name": String(), "oid": String(), }), "subject_key_info": SubRecord({ "fingerprint_sha256": Binary(), "key_algorithm": SubRecord({ "name": String(doc="Name of public key type, e.g., RSA or ECDSA. More information is available the named SubRecord (e.g., rsa_public_key)."), }), "rsa_public_key": rsa_public_key, "dsa_public_key": dsa_public_key, "ecdsa_public_key": ecdsa_public_key, }), "extensions": SubRecord({ "key_usage": SubRecord({ "digital_signature": Boolean(), "certificate_sign": Boolean(), "crl_sign": Boolean(), "content_commitment": Boolean(), "key_encipherment": Boolean(), "value": Unsigned32BitInteger(), "data_encipherment": Boolean(), "key_agreement": Boolean(), "decipher_only": Boolean(), "encipher_only": Boolean(), }), "basic_constraints": SubRecord({ "is_ca": Boolean(), "max_path_len": Unsigned32BitInteger(), }), "subject_alt_name": alternate_name, "issuer_alt_name": alternate_name, "crl_distribution_points": ListOf(String()), "authority_key_id": Binary(), # is this actually binary? "subject_key_id": Binary(), "extended_key_usage": extended_key_usage, "certificate_policies": ListOf(certificate_policies_data), "authority_info_access": SubRecord({ "ocsp_urls": ListOf(String()), "issuer_urls": ListOf(String()) }), "name_constraints": SubRecord({ "critical": Boolean(), "permitted_names": ListOf(String()), "permitted_email_addresses": ListOf(String()), "permitted_ip_addresses": ListOf(String()), "permitted_directory_names": ListOf(distinguished_name), "permitted_edi_party_names": ListOf(edi_party_name), "permitted_registered_ids": ListOf(String()), "excluded_names": ListOf(String()), "excluded_email_addresses": ListOf(String()), "excluded_ip_addresses": ListOf(String()), "excluded_directory_names": ListOf(distinguished_name), "excluded_edi_party_names": ListOf(edi_party_name), "excluded_registered_ids": ListOf(String()), }), "signed_certificate_timestamps": ListOf(SubRecord({ "version": Unsigned32BitInteger(), "log_id": Binary(es_index=True), "timestamp": DateTime(), "extensions": Binary(), "signature": Binary() })), "ct_poison": Boolean() }), "unknown_extensions": ListOf(unknown_extension), "signature": SubRecord({ "signature_algorithm": SubRecord({ "name": String(), "oid": String(), }), "value": Binary(), # TODO FIXME: valid was commented out...? uncommented by jb 2017/12/11 "valid": Boolean(), "self_signed": Boolean(), }), "fingerprint_md5": Binary(), "fingerprint_sha1": Binary(), "fingerprint_sha256": Binary(), "spki_subject_fingerprint": Binary(), "tbs_fingerprint": Binary(), # TODO FIXME: added by jb 2017/12/11 "tbs_noct_fingerprint": Binary(), "validation_level": String(), "redacted": Boolean(), "names": ListOf(String()), }) # ??? certificate_trust = SubRecord({ "type": String(doc="root, intermediate, or leaf certificate"), "trusted_path": Boolean(doc="Does certificate chain up to browser root store"), "valid": Boolean(doc="is this certificate currently valid in this browser"), "was_valid": Boolean(doc="was this certificate ever valid in this browser") }) lint = SubRecord({}) # ??? certificate = SubRecord({ "raw": Binary(), "parsed": parsed_certificate, "validation": SubRecord({ "nss": certificate_trust, "apple": certificate_trust, "microsoft": certificate_trust, "android": certificate_trust, "java": certificate_trust, }), "lint": lint }) # ??? server_certificate_valid = SubRecord({ "complete_chain": Boolean(doc="does server provide a chain up to a root"), "valid": Boolean(doc="is this certificate currently valid in this browser"), "error": String() }) hex_name_value = SubRecord({ "hex": String(), "name": String(), # FIXME: Integer size? "value": Integer(), }) cipher_suite = hex_name_value signature_and_hash_type = SubRecord({ "signature_algorithm": String(), "hash_algorithm": String(), }) hex_name_value = SubRecord({ "hex": String(), "name": String(), # FIXME: Integer size? "value": Integer(), }) cipher_suite = hex_name_value signature_and_hash_type = SubRecord({ "signature_algorithm": String(), "hash_algorithm": String(), }) # zcrypto/tls/tls_handshake.go: ServerHandshake tls_handshake = SubRecord({ "client_hello": SubRecord({ "cipher_suites": ListOf(cipher_suite), "compression_methods": ListOf(hex_name_value), "extended_master_secret": Boolean(), "extended_random": Binary(), "heartbeat": Boolean(), "next_protocol_negotiation": Boolean(), "ocsp_stapling": Boolean(), "random": Binary(), "sct_enabled": Boolean(), "scts": Boolean(), "secure_renegotiation": Boolean(), "signature_and_hashes": ListOf(signature_and_hash_type), "supported_curves": ListOf(hex_name_value), "supported_point_formats": ListOf(hex_name_value), "ticket": Boolean(), "version": SubRecord({ "name": String(), # FIXME: Integer size? "value": Integer() }), }), "server_hello": SubRecord({ "version": SubRecord({ "name": String(), # FIXME: Integer size? "value": Integer() }), "random": Binary(), "session_id": Binary(), "cipher_suite": cipher_suite, # FIXME: Integer size? "compression_method": Integer(), "ocsp_stapling": Boolean(), "ticket": Boolean(), "secure_renegotiation": Boolean(), "heartbeat": Boolean(), "extended_random": Binary(), "extended_master_secret": Boolean(), "scts": ListOf(SubRecord({ "parsed": SubRecord({ "version": Unsigned16BitInteger(), "log_id": IndexedBinary(), "timestamp": Signed64BitInteger(), "signature": Binary(), }), "raw": Binary() })), }), "server_certificates": SubRecord({ "certificate": certificate, "chain": ListOf(certificate), "validation": SubRecord({ "matches_domain": Boolean(), "stores": SubRecord({ "nss": server_certificate_valid, "microsoft": server_certificate_valid, "apple": server_certificate_valid, "java": server_certificate_valid, "android": server_certificate_valid, }), # TODO FIXME: ?? are the above applicable in zgrab2? I see the following # TODO FIXME: Added by jb 2017/12/11 # TODO FIXME: Added by jb 2017/12/11 "browser_trusted": Boolean(), "browser_error": String() }), }), "server_key_exchange": SubRecord({ "ecdh_params": SubRecord({ "curve_id": SubRecord({ "name": String(), # FIXME: Integer size (also -- not an OBJECT IDENTIFIER?) "id": Integer(), }), "server_public": SubRecord({ "x": SubRecord({ "value": Binary(), # FIXME: Integer size "length": Integer(), }), "y": SubRecord({ "value": Binary(), # FIXME: Integer size "length": Integer(), }), }), }), "rsa_params": SubRecord({ "exponent": Long(), "modulus": Binary(), # FIXME: Integer size "length": Integer(), }), "dh_params": SubRecord({ "prime": SubRecord({ "value": Binary(), # FIXME: Integer size "length": Integer(), }), "generator": SubRecord({ "value": Binary(), # FIXME: Integer size "length": Integer(), }), "server_public": SubRecord({ "value": Binary(), # FIXME: Integer size "length": Integer(), }), }), "signature": SubRecord({ "raw": Binary(), "type": String(), "valid": Boolean(), "signature_and_hash_type": signature_and_hash_type, "tls_version": SubRecord({ "name": String(), # FIXME: Integer size "value": Integer() }), }), "signature_error": String(), }), "server_finished": SubRecord({ "verify_data": Binary() }), "session_ticket": SubRecord({ "value": Binary(), # FIXME: Integer size "length": Integer(), "lifetime_hint": Long() }), "key_material": SubRecord({ "pre_master_secret": SubRecord({ "value": Binary(), # FIXME: Integer size "length": Integer() }), "master_secret": SubRecord({ "value": Binary(), # FIXME: Integer size "length": Integer() }), }), "client_finished": SubRecord({ "verify_data": Binary() }), "client_key_exchange": SubRecord({ "dh_params": SubRecord({ "prime": SubRecord({ "value": Binary(), # FIXME: Integer size "length": Integer() }), "generator": SubRecord({ "value": Binary(), # FIXME: Integer size "length": Integer() }), "client_public": SubRecord({ # FIXME: Integer size "value": Binary(), "length": Integer() }), "client_private": SubRecord({ # FIXME: Integer size "value": Binary(), "length": Integer() }), }), "ecdh_params": SubRecord({ "curve_id": SubRecord({ "name": String(), # FIXME: Integer size (and...not an OBJECT IDENTIFIER?) "id": Integer() }), "client_public": SubRecord({ "x": SubRecord({ "value": Binary(), # FIXME: Integer size "length": Integer() }), "y": SubRecord({ "value": Binary(), # FIXME: Integer size "length": Integer() }), }), "client_private": SubRecord({ "value": Binary(), # FIXME: Integer size "length": Integer() }), }), "rsa_params": SubRecord({ # FIXME: Integer size "length": Integer(), "encrypted_pre_master_secret": Binary() }), }), }) # zcrypto/tls/tls_heartbeat.go: Heartbleed heartbleed_log = SubRecord({ "heartbleed_enabled": Boolean(), "heartbleed_vulnerable": Boolean() }) # zcrypto/x509/chain.go: type CertificateChain []*Certificate certificate_chain = ListOf(parsed_certificate) # zcrypto/tls/common.go: ConnectionState (note: no `json` tags) tls_connection_state = SubRecord({ "Version": Unsigned16BitInteger(), "HandshakeComplete": Boolean(), "DidResume": Boolean(), "CipherSuite": Unsigned16BitInteger(), "NegotiatedProtocol": String(), "NegotiatedProtocolIsMutual": Boolean(), "ServerName": String(), "PeerCertificate": parsed_certificate, "VerifiedChains": ListOf(certificate_chain), })